TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
attest_token_decode_symmetric.c
Go to the documentation of this file.
1 /*
2  * attest_symmetric_iat_decode.c
3  *
4  * Copyright (c) 2019, Laurence Lundblade.
5  * Copyright (c) 2020, Arm Limited. All rights reserved.
6  *
7  * SPDX-License-Identifier: BSD-3-Clause
8  *
9  * See BSD-3-Clause license in README.md
10  */
11 
12 #include "attest_token_decode.h"
13 #include "attest.h"
14 #include "psa/crypto.h"
15 #include "q_useful_buf.h"
16 #include "qcbor_util.h"
17 #include "t_cose_common.h"
18 #include "t_cose_mac0_verify.h"
19 #include "tfm_plat_crypto_keys.h"
20 
21 /* Only support HMAC as MAC algorithm in COSE_Mac0 so far */
22 #define SYMMETRIC_IAK_MAX_SIZE PSA_MAC_MAX_SIZE
23 
24 #if DOMAIN_NS == 1U
25 /*
26  * Public function. See attest_token_decode.h
27  * It is not allowed to let NS side fetch the symmetric IAK and perform the MAC
28  * verification.
29  */
32  struct q_useful_buf_c token)
33 {
34  enum t_cose_err_t t_cose_error;
35  enum attest_token_err_t return_value;
36  /* Decode only without signature verification */
37  int32_t t_cose_options = T_COSE_OPT_DECODE_ONLY;
38  struct t_cose_mac0_verify_ctx verify_ctx;
39  struct t_cose_key attest_key = T_COSE_NULL_KEY;
40 
41  t_cose_mac0_verify_init(&verify_ctx, t_cose_options);
42 
43  t_cose_mac0_set_verify_key(&verify_ctx, attest_key);
44 
45  t_cose_error = t_cose_mac0_verify(&verify_ctx,
46  token, /* COSE to verify */
47  &me->payload, /* Payload from token */
48  NULL
49  );
50 
51  return_value = map_t_cose_errors(t_cose_error);
52  me->last_error = return_value;
53 
54  return return_value;
55 }
56 #else /* DOMAIN_NS == 1U */
57 /*
58  * \note The symmetric Initial Attestation key (IAK) will be fetched for
59  * authentication tag verification in secure test cases.
60  * Authentication tag verification in tests is for debug purpose only.
61  * Do not fetch the IAK outside attestation service in real products.
62  */
63 static inline enum attest_token_err_t
64 decode_register_verify_key(psa_key_handle_t *verify_key_handle)
65 {
66  uint8_t key_buf[SYMMETRIC_IAK_MAX_SIZE];
67  psa_algorithm_t key_alg;
68  psa_key_handle_t key_handle;
69  size_t key_len;
70  enum tfm_plat_err_t plat_res;
71  psa_status_t psa_res;
73 
74  /* Get the symmetric initial attestation key for HMAC operation */
75  plat_res = tfm_plat_get_symmetric_iak(key_buf, sizeof(key_buf),
76  &key_len, &key_alg);
77  if (plat_res != TFM_PLAT_ERR_SUCCESS) {
79  }
80 
81  /*
82  * Verify if HMAC algorithm is valid.
83  * According to COSE (RFC 8152), only SHA-256, SHA-384 and SHA-512 are
84  * supported in HMAC.
85  */
86  if ((key_alg != PSA_ALG_HMAC(PSA_ALG_SHA_256)) && \
87  (key_alg != PSA_ALG_HMAC(PSA_ALG_SHA_384)) && \
88  (key_alg != PSA_ALG_HMAC(PSA_ALG_SHA_512))) {
90  }
91 
92  /* Setup the key attributes */
93  psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY);
94  psa_set_key_algorithm(&key_attributes, key_alg);
95  psa_set_key_type(&key_attributes, PSA_KEY_TYPE_HMAC);
96 
97  /* Register the symmetric key to Crypto service */
98  psa_res = psa_import_key(&key_attributes, key_buf, key_len, &key_handle);
99  if (psa_res != PSA_SUCCESS) {
101  }
102 
103  *verify_key_handle = key_handle;
104 
106 }
107 
108 static inline enum attest_token_err_t
109 decode_unregister_verify_key(psa_key_handle_t verify_key_handle)
110 {
111  psa_status_t status;
112 
113  status = psa_destroy_key(verify_key_handle);
114  if (status == PSA_SUCCESS) {
116  }
117 
119 }
120 
121 /*
122  * Public function. See attest_token_decode.h
123  * Decode the received COSE_Mac0 structure and verify the tag.
124  */
127  struct q_useful_buf_c token)
128 {
129  enum t_cose_err_t t_cose_error;
130  enum attest_token_err_t return_value;
131  int32_t t_cose_options = 0;
132  struct t_cose_mac0_verify_ctx verify_ctx;
133  struct t_cose_key attest_key;
134  psa_key_handle_t key_handle;
135 
136  return_value = decode_register_verify_key(&key_handle);
137  if (return_value != ATTEST_TOKEN_ERR_SUCCESS) {
138  return return_value;
139  }
140 
142  t_cose_options |= T_COSE_OPT_ALLOW_SHORT_CIRCUIT;
143  }
144 
145  t_cose_mac0_verify_init(&verify_ctx, t_cose_options);
146 
147  attest_key.crypto_lib = T_COSE_CRYPTO_LIB_PSA;
148  attest_key.k.key_handle = (uint64_t)key_handle;
149  t_cose_mac0_set_verify_key(&verify_ctx, attest_key);
150 
151  t_cose_error = t_cose_mac0_verify(&verify_ctx,
152  token, /* COSE to verify */
153  &me->payload, /* Payload from token */
154  NULL);
155 
156  return_value = map_t_cose_errors(t_cose_error);
157  me->last_error = return_value;
158 
159  decode_unregister_verify_key(key_handle);
160 
161  return return_value;
162 }
163 #endif /* DOMAIN_NS == 1U */
enum attest_token_err_t last_error
#define PSA_SUCCESS
Definition: crypto_values.h:35
Attestation Token Decoding Interface.
Platform Security Architecture cryptography module.
attest_token_err_t
Definition: attest_token.h:50
#define PSA_ALG_HMAC(hash_alg)
#define PSA_ALG_SHA_256
#define PSA_KEY_ATTRIBUTES_INIT
Definition: crypto.h:113
#define PSA_ALG_SHA_512
enum attest_token_err_t attest_token_decode_validate_token(struct attest_token_decode_context *me, struct q_useful_buf_c token)
Set the token to work on and validate its signature.
#define psa_import_key
Definition: crypto_spe.h:57
#define PSA_ALG_SHA_384
#define SYMMETRIC_IAK_MAX_SIZE
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:90
#define PSA_KEY_USAGE_VERIFY
Definition: crypto_compat.h:71
_unsigned_integral_type_ psa_key_handle_t
Key handle.
Definition: crypto.h:35
#define PSA_KEY_TYPE_HMAC
#define TOKEN_OPT_SHORT_CIRCUIT_SIGN
Definition: attest_token.h:117
#define psa_destroy_key
Definition: crypto_spe.h:59
struct q_useful_buf_c payload
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:43