TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
attest_token_decode.h
Go to the documentation of this file.
1 /*
2  * attest_token_decode.h
3  *
4  * Copyright (c) 2019, Laurence Lundblade.
5  * Copyright (c) 2020, Arm Limited. All rights reserved.
6  *
7  * SPDX-License-Identifier: BSD-3-Clause
8  *
9  * See BSD-3-Clause license in README.md
10  */
11 #ifndef __ATTEST_TOKEN_DECODE_H__
12 #define __ATTEST_TOKEN_DECODE_H__
13 
14 #include "q_useful_buf.h"
15 #include <stdbool.h>
16 #include "attest_token.h"
17 #include "attest_eat_defines.h"
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif
22 
103  /* PRIVATE DATA STRUCTURE. USE ACCESSOR FUNCTIONS. */
104  struct q_useful_buf_c payload;
105  uint32_t options;
107  /* FIXME: This will have to expand when the pub key
108  handling functions are implemented */
109 };
110 
111 
123  uint32_t options);
124 
125 
126 
155  struct q_useful_buf cose_pub_key);
156 
157 
183  int32_t key_select);
184 
185 
218  struct q_useful_buf_c token);
219 
220 
228 static enum attest_token_err_t
229 attest_token_decode_get_error(struct attest_token_decode_context *me);
230 
231 
250  struct q_useful_buf_c *payload);
251 
252 
266 };
267 
268 
276  struct q_useful_buf_c nonce; /* byte string */
277  struct q_useful_buf_c ueid; /* byte string */
278  struct q_useful_buf_c boot_seed; /* byte string */
279  struct q_useful_buf_c hw_version; /* text string */
280  struct q_useful_buf_c implementation_id; /* byte string */
282  int32_t client_id;
283  struct q_useful_buf_c profile_definition; /* text string */
284  struct q_useful_buf_c origination; /* text string */
285  uint32_t item_flags;
286 };
287 
288 
293  #define IS_ITEM_FLAG_SET(item_index, item_flags) \
294  (((0x01U << (item_index))) & (item_flags))
295 
296 
320  struct attest_token_iat_simple_t *items);
321 
322 
334 static enum attest_token_err_t
335 attest_token_decode_get_nonce(struct attest_token_decode_context *me,
336  struct q_useful_buf_c *nonce);
337 
338 
349 static enum attest_token_err_t
350 attest_token_decode_get_boot_seed(struct attest_token_decode_context *me,
351  struct q_useful_buf_c *boot_seed);
352 
353 
364 static enum attest_token_err_t
365 attest_token_decode_get_ueid(struct attest_token_decode_context *me,
366  struct q_useful_buf_c *ueid);
367 
368 
369 
384 static enum attest_token_err_t
385 attest_token_decode_get_hw_version(struct attest_token_decode_context *me,
386  struct q_useful_buf_c *hw_version);
387 
388 
400 static enum attest_token_err_t
401 attest_token_decode_get_implementation_id(struct attest_token_decode_context*me,
402  struct q_useful_buf_c *implementation_id);
403 
404 
418 static enum attest_token_err_t
419 attest_token_decode_get_origination(struct attest_token_decode_context *me,
420  struct q_useful_buf_c *origination);
421 
422 
435 static enum attest_token_err_t
436 attest_token_decode_get_profile_definition(
437  struct attest_token_decode_context *me,
438  struct q_useful_buf_c *profile_definition);
439 
440 
455 static enum attest_token_err_t
456 attest_token_decode_get_client_id(struct attest_token_decode_context *me,
457  int32_t *client_id);
458 
459 
472 static enum attest_token_err_t
473 attest_token_decode_get_security_lifecycle(
474  struct attest_token_decode_context *me,
475  uint32_t *lifecycle);
476 
477 
489  /* Reserved: 2 */
493 };
494 
505  struct q_useful_buf_c measurement_type; /* text string */
506  struct q_useful_buf_c measurement_val; /* binary string */
507  struct q_useful_buf_c version; /* text string */
508  struct q_useful_buf_c signer_id; /* binary string */
509  struct q_useful_buf_c measurement_desc; /* text string */
510  uint32_t item_flags;
511 };
512 
513 
535  uint32_t *num_sw_components);
536 
537 
555  uint32_t requested_index,
556  struct attest_token_sw_component_t *sw_components);
557 
558 
589  int32_t label,
590  struct q_useful_buf_c *claim);
591 
592 
624  int32_t label,
625  struct q_useful_buf_c *claim);
626 
627 
628 
667  int32_t label,
668  int64_t *claim);
669 
670 
708  int32_t label,
709  uint64_t *claim);
710 
711 
712 
713 
714 /* ====================================================================
715  * Inline Implementations
716  * Typically, these are small and called only once.
717  * ==================================================================== */
718 
719 static inline enum attest_token_err_t
720 attest_token_decode_get_error(struct attest_token_decode_context *me)
721 {
722  return me->last_error;
723 }
724 
725 
726 static inline enum attest_token_err_t
727 attest_token_decode_get_nonce(struct attest_token_decode_context *me,
728  struct q_useful_buf_c *nonce)
729 {
732  nonce);
733 }
734 
735 
736 static inline enum attest_token_err_t
737 attest_token_decode_get_ueid(struct attest_token_decode_context *me,
738  struct q_useful_buf_c *ueid)
739 {
741 }
742 
743 
744 static inline enum attest_token_err_t
745 attest_token_decode_get_boot_seed(struct attest_token_decode_context *me,
746  struct q_useful_buf_c *boot_seed)
747 {
750  boot_seed);
751 }
752 
753 
754 static inline enum attest_token_err_t
755 attest_token_decode_get_hw_version(struct attest_token_decode_context *me,
756  struct q_useful_buf_c *hw_version)
757 {
760  hw_version);
761 }
762 
763 
764 static inline enum attest_token_err_t
765 attest_token_decode_get_implementation_id(
766  struct attest_token_decode_context *me,
767  struct q_useful_buf_c*implementation_id)
768 {
771  implementation_id);
772 }
773 
774 
775 static inline enum attest_token_err_t
776 attest_token_decode_get_client_id(struct attest_token_decode_context *me,
777  int32_t *caller_id)
778 {
779  enum attest_token_err_t return_value;
780  int64_t caller_id_64;
781 
782  return_value = attest_token_decode_get_int(me,
784  &caller_id_64);
785  if(return_value != ATTEST_TOKEN_ERR_SUCCESS) {
786  goto Done;
787  }
788  if(caller_id_64 > INT32_MAX || caller_id_64 < INT32_MIN) {
789  return_value = ATTEST_TOKEN_ERR_INTEGER_VALUE;
790  goto Done;
791  }
792  *caller_id = (int32_t)caller_id_64;
793 
794 Done:
795  return return_value;
796 }
797 
798 
799 static inline enum attest_token_err_t
800 attest_token_decode_get_security_lifecycle(
801  struct attest_token_decode_context *me,
802  uint32_t *security_lifecycle)
803 {
804  enum attest_token_err_t return_value;
805  uint64_t security_lifecycle_64;
806 
807  return_value = attest_token_decode_get_uint(me,
809  &security_lifecycle_64);
810  if(security_lifecycle_64 > UINT32_MAX) {
811  return_value = ATTEST_TOKEN_ERR_INTEGER_VALUE;
812  goto Done;
813  }
814 
815  *security_lifecycle = (uint32_t)security_lifecycle_64;
816 
817 Done:
818  return return_value;
819 }
820 
821 static inline enum attest_token_err_t
822 attest_token_decode_get_profile_definition(
823  struct attest_token_decode_context *me,
824  struct q_useful_buf_c *profile_definition)
825 {
828  profile_definition);
829 }
830 
831 static inline enum attest_token_err_t
832 attest_token_decode_get_origination(struct attest_token_decode_context*me,
833  struct q_useful_buf_c *origination)
834 {
837  origination);
838 }
839 
848 static inline enum attest_token_err_t
849 map_t_cose_errors(enum t_cose_err_t t_cose_error)
850 {
851  switch (t_cose_error) {
852  case T_COSE_SUCCESS:
854  break;
855  case T_COSE_ERR_UNSUPPORTED_SIGNING_ALG:
857  break;
858  case T_COSE_ERR_UNSUPPORTED_HASH:
860  break;
861  case T_COSE_ERR_CBOR_NOT_WELL_FORMED:
863  break;
864  case T_COSE_ERR_INSUFFICIENT_MEMORY:
866  break;
867  case T_COSE_ERR_TAMPERING_DETECTED:
869  break;
870  case T_COSE_ERR_CBOR_FORMATTING:
872  break;
873  case T_COSE_ERR_TOO_SMALL:
875  break;
876 
877  case T_COSE_ERR_PARAMETER_CBOR:
878  case T_COSE_ERR_NON_INTEGER_ALG_ID:
880  break;
881 
882  case T_COSE_ERR_SIG_VERIFY:
883  case T_COSE_ERR_SHORT_CIRCUIT_SIG:
885  break;
886 
887  case T_COSE_ERR_SIGN1_FORMAT:
889  break;
890 
891  case T_COSE_ERR_MAC0_FORMAT:
893  break;
894 
895  case T_COSE_ERR_NO_ALG_ID:
896  case T_COSE_ERR_NO_KID:
897  case T_COSE_ERR_BAD_SHORT_CIRCUIT_KID:
898  case T_COSE_ERR_SIG_STRUCT:
900  break;
901 
902  case T_COSE_ERR_UNKNOWN_KEY:
903  case T_COSE_ERR_WRONG_TYPE_OF_KEY:
905  break;
906 
907  case T_COSE_ERR_MAKING_PROTECTED:
908  case T_COSE_ERR_HASH_GENERAL_FAIL:
909  case T_COSE_ERR_HASH_BUFFER_SIZE:
910  case T_COSE_ERR_SIG_BUFFER_SIZE:
911  case T_COSE_ERR_INVALID_ARGUMENT:
912  case T_COSE_ERR_FAIL:
913  case T_COSE_ERR_SIG_FAIL:
914  case T_COSE_ERR_TOO_MANY_PARAMETERS:
915  case T_COSE_ERR_UNKNOWN_CRITICAL_PARAMETER:
916  case T_COSE_ERR_SHORT_CIRCUIT_SIG_DISABLED:
917  case T_COSE_ERR_INCORRECT_KEY_FOR_LIB:
918  case T_COSE_ERR_BAD_CONTENT_TYPE:
919  case T_COSE_ERR_INCORRECTLY_TAGGED:
920  case T_COSE_ERR_EMPTY_KEY:
921  case T_COSE_ERR_DUPLICATE_PARAMETER:
922  case T_COSE_ERR_PARAMETER_NOT_PROTECTED:
923  case T_COSE_ERR_CRIT_PARAMETER:
924  default:
926  }
927 }
928 
929 #ifdef __cplusplus
930 }
931 #endif
932 
933 
934 #endif /* __ATTEST_TOKEN_DECODE_H__ */
enum attest_token_err_t last_error
struct q_useful_buf_c implementation_id
enum attest_token_err_t attest_token_decode_get_payload(struct attest_token_decode_context *me, struct q_useful_buf_c *payload)
Get undecoded CBOR payload from the token.
#define EAT_CBOR_ARM_LABEL_SECURITY_LIFECYCLE
enum attest_token_err_t attest_token_decode_get_bstr(struct attest_token_decode_context *me, int32_t label, struct q_useful_buf_c *claim)
Get a top-level claim, by integer label that is a byte string.
enum attest_token_err_t attest_token_get_sw_component(struct attest_token_decode_context *me, uint32_t requested_index, struct attest_token_sw_component_t *sw_components)
Get the nth SW component.
Attestation Token Creation Interface.
attest_token_err_t
Definition: attest_token.h:50
enum attest_token_err_t attest_token_get_num_sw_components(struct attest_token_decode_context *me, uint32_t *num_sw_components)
Get the number of SW components in the token.
enum attest_token_err_t attest_token_decode_get_int(struct attest_token_decode_context *me, int32_t label, int64_t *claim)
Get a top-level claim by integer label who's value is a signed integer.
struct q_useful_buf_c measurement_type
struct q_useful_buf_c version
void attest_token_decode_init(struct attest_token_decode_context *me, uint32_t options)
Initialize token decoder.
enum attest_token_err_t attest_token_decode_get_tstr(struct attest_token_decode_context *me, int32_t label, struct q_useful_buf_c *claim)
Get a top-level claim, by integer label that is a text string.
#define EAT_CBOR_ARM_LABEL_UEID
struct q_useful_buf_c hw_version
struct q_useful_buf_c origination
#define EAT_CBOR_ARM_LABEL_CLIENT_ID
enum attest_token_err_t attest_token_decode_validate_token(struct attest_token_decode_context *me, struct q_useful_buf_c token)
Set the token to work on and validate its signature.
#define EAT_CBOR_ARM_LABEL_ORIGINATION
enum attest_token_err_t attest_token_decode_set_pub_key_select(struct attest_token_decode_context *me, int32_t key_select)
Set specific public key to use for verification.
attest_token_item_index_t
#define EAT_CBOR_ARM_LABEL_IMPLEMENTATION_ID
attest_token_sw_index_t
struct q_useful_buf_c signer_id
enum attest_token_err_t attest_token_decode_set_cose_pub_key(struct attest_token_decode_context *me, struct q_useful_buf cose_pub_key)
Set specific public key to use for verification.
struct q_useful_buf_c measurement_val
struct q_useful_buf_c nonce
struct q_useful_buf_c payload
struct q_useful_buf_c ueid
enum attest_token_err_t attest_token_decode_get_iat_simple(struct attest_token_decode_context *me, struct attest_token_iat_simple_t *items)
Batch fetch of all simple data items in a token.
struct q_useful_buf_c boot_seed
#define EAT_CBOR_ARM_LABEL_PROFILE_DEFINITION
struct q_useful_buf_c measurement_desc
enum attest_token_err_t attest_token_decode_get_uint(struct attest_token_decode_context *me, int32_t label, uint64_t *claim)
Get a top-level claim by integer label who's value is an unsigned integer.
#define EAT_CBOR_ARM_LABEL_HW_VERSION
#define EAT_CBOR_ARM_LABEL_CHALLENGE
struct q_useful_buf_c profile_definition
#define EAT_CBOR_ARM_LABEL_BOOT_SEED