PSA Initial Attestation service #9668
Conversation
|
@moranpeker, thank you for your changes. |
| @@ -23,3 +23,4 @@ targets | |||
| components/802.15.4_RF | |||
| components/wifi | |||
| tools | |||
| components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl | |||
There was a problem hiding this comment.
👍 for the commit comment about this.
There was a problem hiding this comment.
One note: please revert file permissions changes 100644 → 100755 ?
Should PSOC6 also have its/their targets.json entries updated? |
|
Also, there are still some astyle issues: https://travis-ci.org/ARMmbed/mbed-os/jobs/491854379 |
| * | ||
| * SPDX-License-Identifier: BSD-3-Clause | ||
| * | ||
| */ |
There was a problem hiding this comment.
please change license for all to Apache.
- Copyright (c) 2006-2013 ARM Limited
- SPDX-License-Identifier: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
*/
There was a problem hiding this comment.
Please leave all TF-M sources license as is. only our wrappers should be under Apache.
TF-M license is handled by legal currently
| return err; | ||
| } | ||
|
|
||
| *token_size = out_vec[0].len; |
There was a problem hiding this comment.
do we need this line?
or this takes care of it psa_outvec out_vec[1] = { { token, *token_size } };
| * \brief Indicates whether shared data area was already initialized. | ||
| * | ||
| */ | ||
| static uint32_t shared_data_init_done; |
There was a problem hiding this comment.
please assign initial uninitialized value
| psa_outvec out_vec[1] = { { token_size, sizeof(*token_size) } }; | ||
|
|
||
| err = initial_attest_get_token_size(in_vec, 1, out_vec, 1); | ||
| if (err != PSA_ATTEST_ERR_SUCCESS) |
There was a problem hiding this comment.
no need, err returned anyway, unless you want additional handling
| offset = (uintptr_t)BOOT_TFM_SHARED_DATA_BASE + (uintptr_t)SHARED_DATA_HEADER_SIZE; | ||
|
|
||
| /* Add header to output buffer as well */ | ||
| if (len < SHARED_DATA_HEADER_SIZE) |
There was a problem hiding this comment.
what if len > header size?
is the idea that len must be equal?
There was a problem hiding this comment.
len its the buffer lenght. it must be bigger/equal to all boot status data.
this check in line 78:
if (len < ptr_tlv_header->tlv_tot_len + tlv_entry->tlv_len)
| if (len < SHARED_DATA_HEADER_SIZE) | ||
| { | ||
| return PSA_ATTEST_ERR_INIT_FAILED; | ||
| } else |
There was a problem hiding this comment.
why do you need else if you have return before?
| #include "tfm_plat_crypto_keys.h" | ||
| #include <string.h> | ||
|
|
||
| static psa_hash_operation_t hash_handle; |
There was a problem hiding this comment.
please init to NULL initially
| crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); | ||
| if (crypto_ret != PSA_SUCCESS) | ||
| { | ||
| return TFM_PLAT_ERR_SYSTEM_ERR; |
There was a problem hiding this comment.
I removed all calling to psa_crypto_init - we assume init called before crypto operations, if not an error will be return.
| #include "attestation.h" | ||
| #include "crypto.h" | ||
|
|
||
| extern int32_t g_caller_id; |
There was a problem hiding this comment.
no need in extern
| /* Hash of attestation public key */ | ||
| static enum tfm_plat_err_t attest_public_key_sha256(uint32_t *size, uint8_t *buf) | ||
| { | ||
| const psa_key_id_t key_id = 17; |
|
|
||
| crypto_ret = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); | ||
| if (crypto_ret != PSA_SUCCESS) { | ||
| return TFM_PLAT_ERR_SYSTEM_ERR; |
|
|
||
| status = psa_create_key(lifetime, key_id, &handle); | ||
| if (status != PSA_SUCCESS) { | ||
| return (status); |
| { | ||
| if (data_to_hash.ptr != NULL) { | ||
| psa_hash_update(&hash_handle, data_to_hash.ptr, data_to_hash.len); | ||
| } else { |
There was a problem hiding this comment.
This function caled by get attestation token and get attestation token size.
for the second purpose - data_to_hash(the payload) its null and no hash needed
| public_key_data, public_key_data_size | ||
| }; | ||
| out_vec[1] = (psa_outvec) { | ||
| public_key_data_length, sizeof(*public_key_data_length) |
There was a problem hiding this comment.
is the idea here to have sizeof member pointed to?
| psa_outvec out_vec[1] = { { token, *token_size } }; | ||
|
|
||
| handle = psa_connect(PSA_ATTEST_GET_TOKEN_ID, MINOR_VER); | ||
| if (handle <= 0) |
There was a problem hiding this comment.
[ ] Functionality change
Please set PR type
If functionality change, I believe this one yes, will require release notes addition , see https://os.mbed.com/docs/mbed-os/v5.11/contributing/workflow.html#functionality-change
| @@ -23,3 +23,4 @@ targets | |||
| components/802.15.4_RF | |||
| components/wifi | |||
| tools | |||
| components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl | |||
There was a problem hiding this comment.
One note: please revert file permissions changes 100644 → 100755 ?
TESTS/psa/attestation/main.cpp
Outdated
| @@ -0,0 +1,148 @@ | |||
| /* | |||
| * Copyright (c) 2018 ARM Limited. All rights reserved. | |||
TESTS/psa/attestation/main.cpp
Outdated
| psa_key_handle_t handle = 0; | ||
| psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); | ||
| psa_destroy_key(handle); | ||
| // mbedtls_psa_cr/ypto_free(); |
There was a problem hiding this comment.
don't leave dead code behind
| /* These APIs are still evolving and are meant as a prototype for review.*/ | ||
| /* The APIs will change depending on feedback and will be firmed up */ | ||
| /* to a stable set of APIs once all the feedback has been considered. */ | ||
| /***************************************************************************/ |
There was a problem hiding this comment.
Is this ready fro the release or kept here only during this review?
| @@ -1456,7 +1456,8 @@ | |||
| "KPSDK_CODE", | |||
| "MCU_K64F", | |||
| "Freescale_EMAC", | |||
| "PSA" | |||
| "PSA", | |||
There was a problem hiding this comment.
Same for this file, file permissions are being changed
| @@ -0,0 +1,230 @@ | |||
| // ---------------------------------- Includes --------------------------------- | |||
moranpeker
force-pushed
the
psa-init-attestation
branch
from
c84ecb3 to
b1bd662
Compare
moranpeker
force-pushed
the
psa-init-attestation
branch
from
7fb66a9 to
1808bf2
Compare
|
@moranpeker Please let us know what has been update (PR status) |
|
Hi @0xc0170 , the PR is rebased over master and ready for review. Can you please change the label to 'need: review" ? ( I can't change it ) |
TESTS/psa/attestation/main.cpp
Outdated
| { | ||
| #if (defined(COMPONENT_PSA_SRV_IPC) || defined(MBEDTLS_ENTROPY_NV_SEED)) | ||
| uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = {0}; | ||
| /* inject some a seed for test*/ |
There was a problem hiding this comment.
/* inject some seed for test*/
TESTS/psa/attestation/main.cpp
Outdated
| seed[i] = i; | ||
| } | ||
|
|
||
| /* don't really care if this succeed this is just to make crypto init pass*/ |
There was a problem hiding this comment.
/* don't really care if this succeeds this is just to make crypto init pass*/
| extern const uint32_t crypto_srv_external_sids[4]; | ||
| extern const uint32_t platform_external_sids[1]; | ||
|
|
||
| spm_partition_t g_partitions[4] = { | ||
| spm_partition_t g_partitions[5] = { |
There was a problem hiding this comment.
psa_setup is generated file by calling 'tools/psa/generate_tfm_partition_code.py' script
There was a problem hiding this comment.
That script could just omit the size, if only to avoid such comments.
| extern const uint32_t crypto_srv_external_sids[4]; | ||
| extern const uint32_t platform_external_sids[1]; | ||
|
|
||
| spm_partition_t g_partitions[5] = { | ||
| spm_partition_t g_partitions[6] = { |
There was a problem hiding this comment.
psa_setup is generated file by calling 'tools/psa/generate_tfm_partition_code.py' script
| extern const uint32_t crypto_srv_external_sids[4]; | ||
| extern const uint32_t platform_external_sids[1]; | ||
|
|
||
| spm_partition_t g_partitions[4] = { | ||
| spm_partition_t g_partitions[5] = { |
There was a problem hiding this comment.
psa_setup is generated file by calling 'tools/psa/generate_tfm_partition_code.py' script
| *size, | ||
| (size_t *) size); | ||
| if (crypto_ret != PSA_SUCCESS) { | ||
| free(public_key); |
There was a problem hiding this comment.
too many same kind of operations: free, close
please consider goto with appropriate error code
| * \param[in] p_src Pointer to the ID | ||
| * \param[in] size Length of the ID | ||
| */ | ||
| static inline void copy_id(uint8_t *p_dst, uint8_t *p_src, size_t size) |
There was a problem hiding this comment.
code duplication, copy_key can be used here also.
just name it copy_src_to_dst
And if the ptr is uint8*, why aren't you using memcpy??
|
|
||
| #include "attestation_bootloader_data.h" | ||
|
|
||
| /* Temporary Boodloader data - conatians temp mandatory claims */ |
| return PSA_ATTEST_ERR_INVALID_INPUT; | ||
| } | ||
| return PSA_ATTEST_ERR_SUCCESS; | ||
| } |
|
|
||
| status = psa_create_key(lifetime, key_id, &handle); | ||
| if (status != PSA_SUCCESS) { | ||
| return (status); |
-initialized psa_hash_operation_t to zeros -fix TF-M attestation code - increase t_cose_crypto_hash bytes to handle max psa_hash_operation_t size
from Apache-2.0 to BSD-3-Clause
| * | ||
| * Copyright (c) 2018-2019, Laurence Lundblade. All rights reserved. | ||
| * | ||
| * SPDX-License-Identifier: BSD-3-Clause |
There was a problem hiding this comment.
just checking, this attestation is already in Readme covered as non apache file and license file present in the attestation folder?
There was a problem hiding this comment.
Answer: yes, I've just checked
|
@moranpeker Can you review build failures? Latest commits are fixing these or still to do? |
last CI run failed because I asked from @NirSonnenschein to stop the running for new commits I pushed. |
Test run: FAILEDSummary: 1 of 9 test jobs failed Failed test jobs:
|
|
@cmonr was the last CI run aborted? If so can it restart? |
|
@mikisch81 It's because a new commit was added to the PR, thus changing the HEAD's sha.
|
|
CI started |
Test run: SUCCESSSummary: 13 of 13 test jobs passed |
|
@moranpeker @orenc17 I want to confirm something. https://travis-ci.org/ARMmbed/mbed-os/jobs/500094537 Does this PR modify what is generated in this test? |
|
CC @ARMmbed/mbed-os-maintainers |
|
@NirSonnenschein @cmonr @0xc0170 |
|
I can do it when I will be near a PC, but if anyone can do it earlier it's to the best |
|
Also |
|
Thanks @mikisch81 ! |
|
#9899 will fix the Travis issue |
|
@moranpeker According to @teetak01 " this breaks backwards compatibility with Nucleo F411RE entropy injection.". Can you please add this to the release notes section and change the type to breaking change rather than functionality change. |
Done |
Description
Attestation service can create a token on request, which contains a fix set of
device specific data.
Contains the implementation of ‘psa_initial_attest_get_token_size’ , ‘psa_initial_attest_get_token’ and ‘psa_attestation_inject_key’.
PSA Initial Attestation Service based on TF-M Attestation Service that taken from TF-M master.
TF-M latest attestation version is: c43181daf54f69f53de58593a50dd6a9c233eecd
Signing of token
‘psa_attestation_inject_key’ API - Device must contain an attestation key pair. The token is signed with the private part of attestation key pair. The public key is used to verify the token authenticity.
Inject attestation key by importing a given private key or generate a key pair.
Attestation key stored as a persistent key with a specific key-id.
Claims in the initial attestation token
The initial attestation token is formed of claims.
List of claims are included in the token:
https://confluence.arm.com/display/IoTBU/Claims+in+PSA+IAT+report
In the current implementation no bootloader exists in single & dual V7 .
In the current implementation temporary mandatory claims (ONLY) are given by a hard coded temp bootloader status data (attestation_bootloader_data.c).
Code structure
The PSA interface for the Initial Attestation Service is located in
components\TARGET_PSA\services\attestation.The only headers to be included by applications that want to use functions from
the PSA API are
psa_initial_attestation_api.handpsa_attest_inject_key.h(undercomponents\TARGET_PSA\inc\psa folder).Service source files
CBOR library:
qcbor: This library is used to create a proper CBOR token. It is a fork of this external QCBOR library.For now, TFM source files are part of this PR and located in
components\TARGET_PSA\services\attestation\tfm_impl+ header files ‘psa_initial_attestation_api.h’ and ‘attestation.h’.An importer needs to be created to import TFM source files.
Code checked over K64F and PSOC6.
Pass compliance tests over K64F and PSOC6.
This PR includes and depends on the security lifecycle bug fix ( PR = #9745 )
Pull request type
Reviewers
Release Notes
Add PSA Initial Attestation Service implementation.
this code is a new feature and doesn't effect existing code.
This breaks backwards compatibility with Nucleo F411RE entropy injection.