13 #include "q_useful_buf.h"
53 struct q_useful_buf_c nonce,
54 struct q_useful_buf buffer,
55 struct q_useful_buf_c *completed_token)
58 size_t token_buf_size;
59 size_t completed_token_size;
60 struct q_useful_buf_c actual_nonce;
61 Q_USEFUL_BUF_MAKE_STACK_UB( actual_nonce_storage, 64);
63 if(nonce.len == 64 && q_useful_buf_is_value(nonce, 0)) {
65 actual_nonce = q_useful_buf_copy(actual_nonce_storage, nonce);
67 memcpy((uint8_t *)actual_nonce_storage.ptr,
74 token_buf_size = buffer.len;
79 &completed_token_size);
82 (
struct q_useful_buf_c){buffer.ptr, completed_token_size};
85 return (
int)return_value;
91 #ifdef INCLUDE_TEST_CODE
92 #ifdef SYMMETRIC_INITIAL_ATTESTATION
119 static const uint8_t expected_minimal_token_bytes[] = {
120 0xD1, 0x84, 0x43, 0xA1, 0x01, 0x05, 0xA0, 0x58,
121 0x48, 0xA1, 0x3A, 0x00, 0x01, 0x24, 0xFF, 0x58,
122 0x40, 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00, 0x00,
123 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
124 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
125 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
126 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
127 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
128 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
129 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
130 0x00, 0x58, 0x20, 0x96, 0x68, 0x40, 0xFC, 0x0A,
131 0x60, 0xAE, 0x96, 0x8F, 0x90, 0x6D, 0x70, 0x92,
132 0xE5, 0x7B, 0x20, 0x5D, 0x3B, 0xBE, 0x83, 0xED,
133 0x47, 0xEB, 0xBC, 0x2A, 0xD9, 0xD1, 0xCF, 0xB4,
165 static const uint8_t expected_minimal_token_bytes[] = {
166 0xD2, 0x84, 0x43, 0xA1, 0x01, 0x26, 0xA1, 0x04,
167 0x58, 0x20, 0xEF, 0x95, 0x4B, 0x4B, 0xD9, 0xBD,
168 0xF6, 0x70, 0xD0, 0x33, 0x60, 0x82, 0xF5, 0xEF,
169 0x15, 0x2A, 0xF8, 0xF3, 0x5B, 0x6A, 0x6C, 0x00,
170 0xEF, 0xA6, 0xA9, 0xA7, 0x1F, 0x49, 0x51, 0x7E,
171 0x18, 0xC6, 0x58, 0x48, 0xA1, 0x3A, 0x00, 0x01,
172 0x24, 0xFF, 0x58, 0x40, 0x00, 0x00, 0x00, 0xC0,
173 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
174 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
175 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
177 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
178 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
179 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
180 0x00, 0x00, 0x00, 0x00, 0x58, 0x40, 0x45, 0x0B,
181 0x2C, 0x09, 0x68, 0xA1, 0x92, 0xA8, 0x85, 0xBE,
182 0x59, 0xE5, 0xA0, 0x9B, 0xDA, 0x4A, 0x8B, 0xA3,
183 0xA6, 0xFC, 0x7F, 0x51, 0x90, 0x35, 0x2D, 0x3A,
184 0x16, 0xBC, 0x30, 0x7B, 0x50, 0x3D, 0x45, 0x0B,
185 0x2C, 0x09, 0x68, 0xA1, 0x92, 0xA8, 0x85, 0xBE,
186 0x59, 0xE5, 0xA0, 0x9B, 0xDA, 0x4A, 0x8B, 0xA3,
187 0xA6, 0xFC, 0x7F, 0x51, 0x90, 0x35, 0x2D, 0x3A,
188 0x16, 0xBC, 0x30, 0x7B, 0x50, 0x3D
198 int_fast16_t return_value = 0;
199 Q_USEFUL_BUF_MAKE_STACK_UB(token_storage,
200 sizeof(expected_minimal_token_bytes));
201 struct q_useful_buf_c completed_token;
202 struct q_useful_buf_c expected_token;
215 Q_USEFUL_BUF_FROM_BYTE_ARRAY_LITERAL(expected_minimal_token_bytes);
217 if(q_useful_buf_compare(completed_token, expected_token)) {
231 int_fast16_t return_value = 0;
233 struct q_useful_buf_c expected_token;
234 struct q_useful_buf_c nonce;
238 Q_USEFUL_BUF_FROM_BYTE_ARRAY_LITERAL(expected_minimal_token_bytes);
252 if(length < expected_token.len || length > 10000) {
265 int_fast16_t return_value = 0;
272 Q_USEFUL_BUF_MAKE_STACK_UB(token_storage,
273 sizeof(expected_minimal_token_bytes));
274 struct q_useful_buf_c completed_token;
275 struct q_useful_buf_c nonce;
280 token_storage.len =
sizeof(expected_minimal_token_bytes) - 1;
316 static int_fast16_t check_simple_claims(
319 int_fast16_t return_value;
321 struct q_useful_buf_c tmp;
322 struct q_useful_buf_c tail;
326 const char *tmp_string;
342 if(!q_useful_buf_c_is_null(tmp)) {
344 if(q_useful_buf_compare(simple_claims->
nonce, tmp)) {
350 tail = q_useful_buf_tail(simple_claims->
nonce, 4);
351 if(simple_claims->
nonce.len == 64 &&
352 q_useful_buf_is_value(tail, 0) == SIZE_MAX){
356 if(q_useful_buf_compare(q_useful_buf_tail(tmp, 4), tail)) {
382 if(!q_useful_buf_c_is_null(tmp) &&
383 q_useful_buf_compare(simple_claims->
ueid, tmp)) {
402 if(!q_useful_buf_c_is_null(tmp) &&
403 q_useful_buf_compare(simple_claims->
boot_seed, tmp)) {
422 if(tmp_string != NULL) {
424 if(q_useful_buf_compare(simple_claims->
hw_version, tmp)) {
443 if(!q_useful_buf_c_is_null(tmp) &&
508 if(tmp_string != NULL) {
509 tmp = Q_USEFUL_BUF_FROM_SZ_LITERAL(
531 if(tmp_string != NULL) {
533 if(q_useful_buf_compare(simple_claims->
origination, tmp)) {
565 static int_fast16_t check_sw_component_1(
568 int_fast16_t return_value;
570 struct q_useful_buf_c tmp;
574 const char *tmp_string;
590 if(tmp_string != NULL) {
591 tmp = Q_USEFUL_BUF_FROM_SZ_LITERAL(
613 if(!q_useful_buf_c_is_null(tmp) &&
633 if(tmp_string != NULL) {
635 if(q_useful_buf_compare(sw_component->
version, tmp)) {
655 if(!q_useful_buf_c_is_null(tmp) &&
656 q_useful_buf_compare(sw_component->
signer_id, tmp)) {
675 if(tmp_string != NULL) {
676 tmp = Q_USEFUL_BUF_FROM_SZ_LITERAL(
710 static int_fast16_t check_sw_component_2(
713 int_fast16_t return_value;
716 struct q_useful_buf_c tmp;
720 const char *tmp_string;
736 if(tmp_string != NULL) {
737 tmp = Q_USEFUL_BUF_FROM_SZ_LITERAL(
759 if(!q_useful_buf_c_is_null(tmp) &&
779 if(tmp_string != NULL) {
781 if(q_useful_buf_compare(sw_component->
version, tmp)) {
801 if(!q_useful_buf_c_is_null(tmp) &&
802 q_useful_buf_compare(sw_component->
signer_id, tmp)) {
821 if(tmp_string != NULL) {
822 tmp = Q_USEFUL_BUF_FROM_SZ_LITERAL(
861 int_fast16_t return_value;
863 struct q_useful_buf_c completed_token;
867 uint32_t num_sw_components;
868 int32_t num_sw_components_signed;
869 struct q_useful_buf_c tmp;
870 uint32_t token_encode_options;
871 uint32_t token_decode_options;
880 token_encode_options = 0;
881 token_decode_options = 0;
885 token_encode_options = 0;
886 token_decode_options = 0;
895 return_value = -1000;
925 return_value = check_simple_claims(&simple_claims);
942 num_sw_components_signed = (int32_t)num_sw_components;
948 if(num_sw_components >= 1) {
957 return_value = check_sw_component_1(&sw_component);
962 if(num_sw_components >= 2) {
971 return_value = check_sw_component_2(&sw_component);
984 #ifdef SYMMETRIC_INITIAL_ATTESTATION
985 int_fast16_t decode_test_symmetric_initial_attest(
void)
990 int_fast16_t decode_test_symmetric_iat_short_circuit_tag(
void)
#define IS_ITEM_FLAG_SET(item_index, item_flags)
struct q_useful_buf_c implementation_id
#define TOKEN_TEST_REQUIRE_BOOT_SEED
#define TOKEN_TEST_VALUE_SWC2_MEASUREMENT_DESC
#define TOKEN_TEST_REQUIRE_PROFILE_DEFINITION
uint32_t security_lifecycle
#define TOKEN_TEST_REQUIRE_SWC1_MEASUREMENT_VAL
#define TOKEN_TEST_VALUE_BOOT_SEED
int_fast16_t decode_test_short_circuit_sig(void)
Test by checking short-circuit signed values of claims.
#define TOKEN_TEST_REQUIRE_ORIGINATION
enum attest_token_err_t attest_token_get_sw_component(struct attest_token_decode_context *me, uint32_t requested_index, struct attest_token_sw_component_t *sw_components)
Get the nth SW component.
#define PSA_ERROR_BUFFER_TOO_SMALL
#define TOKEN_TEST_REQUIRE_CLIENT_ID
Attestation Token Decoding Interface.
int token_main_alt(uint32_t option_flags, struct q_useful_buf_c nonce, struct q_useful_buf buffer, struct q_useful_buf_c *completed_token)
An alternate token_main() that packs the option flags into the nonce.
Platform Security Architecture cryptography module.
#define TOKEN_TEST_REQUIRE_IMPLEMENTATION_ID
#define TOKEN_TEST_REQUIRE_SWC2_MEASUREMENT_TYPE
#define TOKEN_TEST_REQUIRE_SWC1_MEASUREMENT_DESC
#define TOKEN_TEST_VALUE_HW_VERSION
#define TOKEN_TEST_VALUE_SWC1_MEASUREMENT_VAL
#define TOKEN_TEST_REQUIRE_SECURITY_LIFECYCLE
enum attest_token_err_t attest_token_get_num_sw_components(struct attest_token_decode_context *me, uint32_t *num_sw_components)
Get the number of SW components in the token.
#define TOKEN_TEST_REQUIRE_SWC2_MEASUREMENT_DESC
#define TOKEN_TEST_REQUIRE_SWC2_MEASUREMENT_VAL
#define TOKEN_TEST_REQUIRE_NONCE
struct q_useful_buf_c measurement_type
#define TOKEN_OPT_OMIT_CLAIMS
#define TOKEN_TEST_VALUE_SWC1_SIGNER_ID
#define TOKEN_TEST_VALUE_SWC2_MEASUREMENT_TYPE
#define TOKEN_TEST_REQUIRE_SWC1_SIGNER_ID
int_fast16_t minimal_get_size_test(void)
Test token size calculation.
struct q_useful_buf_c version
void attest_token_decode_init(struct attest_token_decode_context *me, uint32_t options)
Initialize token decoder.
#define TOKEN_TEST_VALUE_SWC2_SIGNER_ID
#define TOKEN_TEST_VALUE_SWC2_VERSION
#define TOKEN_TEST_REQUIRE_UEID
#define TOKEN_TEST_REQUIRE_SWC1_VERSION
psa_status_t psa_initial_attest_get_token_size(size_t challenge_size, size_t *token_size)
Get the exact size of initial attestation token in bytes.
struct q_useful_buf_c hw_version
struct q_useful_buf_c origination
int_fast16_t buffer_too_small_test(void)
Pass too small a buffer and confirm correct error result.
#define TOKEN_TEST_VALUE_CLIENT_ID
#define TOKEN_TEST_REQUIRED_NUM_SWC
#define TOKEN_TEST_REQUIRE_SWC2_SIGNER_ID
Expected values for test suite.
enum attest_token_err_t attest_token_decode_validate_token(struct attest_token_decode_context *me, struct q_useful_buf_c token)
Set the token to work on and validate its signature.
#define TOKEN_TEST_VALUE_SWC1_VERSION
#define TOKEN_TEST_REQUIRE_HW_VERSION
#define TOKEN_TEST_REQUIRE_SWC1_MEASUREMENT_TYPE
Entry points for attestation token tests.
#define TOKEN_TEST_VALUE_SWC1_MEASUREMENT_DESC
#define TOKEN_TEST_VALUE_SWC1_MEASUREMENT_TYPE
int_fast16_t minimal_test(void)
Minimal token creation test using a short-circuit signature.
#define TOKEN_OPT_SHORT_CIRCUIT_SIGN
struct q_useful_buf_c signer_id
#define TOKEN_TEST_VALUE_UEID
struct q_useful_buf_c measurement_val
void * memcpy(void *dest, const void *src, size_t n)
psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge, size_t challenge_size, uint8_t *token_buf, size_t token_buf_size, size_t *token_size)
Get initial attestation token.
struct q_useful_buf_c nonce
#define TOKEN_TEST_REQUIRE_SWC2_VERSION
#define ATTEST_TOKEN_MAX_SIZE
#define TOKEN_TEST_VALUE_ORIGINATION
int_fast16_t decode_test_normal_sig(void)
Test by checking signed values of claims.
#define TOKEN_TEST_VALUE_SECURITY_LIFECYCLE
struct q_useful_buf_c ueid
enum attest_token_err_t attest_token_decode_get_iat_simple(struct attest_token_decode_context *me, struct attest_token_iat_simple_t *items)
Batch fetch of all simple data items in a token.
#define TOKEN_TEST_VALUE_SWC2_MEASUREMENT_VAL
struct q_useful_buf_c boot_seed
int32_t psa_status_t
Function return status.
struct q_useful_buf_c measurement_desc
#define TOKEN_TEST_VALUE_IMPLEMENTATION_ID
#define TOKEN_TEST_VALUE_PROFILE_DEFINITION
#define TOKEN_TEST_VALUE_NONCE
struct q_useful_buf_c profile_definition