Merge pull request #36 from veraison/draft-ffm-rats-cca-token-00

kevinzs2048 · web-flow · commit daba0148a95d · 2024-12-06T20:13:19.000+08:00
feat: decode and verify draft-ffm-rats-cca-token-00 formatted tokens
diff --git a/Cargo.toml b/Cargo.toml
@@ -13,7 +13,7 @@ readme = "README.md"
 
 [dependencies]
 base64 = "0.21.5"
-ciborium = "0.2.0"
+ciborium = "0.2.2"
 multimap = "0.9.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = { version = "1.0", features = ["raw_value"] }
diff --git a/deny.toml b/deny.toml
@@ -108,10 +108,13 @@ allow = [
     "Apache-2.0",
     "ISC",
     "OpenSSL",
+    # Superseded by Unicode-3.0
+    # See https://opensource.org/license/unicode-inc-license-agreement-data-files-and-software
     "Unicode-DFS-2016",
     #"Apache-2.0 WITH LLVM-exception",
     # Considered Copyleft, but permitted in this project
     "MPL-2.0",
+    "Unicode-3.0",
 ]
 # List of explicitly disallowed licenses
 # See https://spdx.org/licenses/ for list of possible licenses
diff --git a/src/token/base64.rs b/src/token/base64.rs
@@ -75,6 +75,7 @@ impl<'de> Deserialize<'de> for Bytes {
 
 struct BytesVisitor;
 
+#[allow(clippy::needless_lifetimes)]
 impl<'de> Visitor<'de> for BytesVisitor {
     type Value = Bytes;
 
diff --git a/src/token/errors.rs b/src/token/errors.rs
@@ -16,6 +16,8 @@ pub enum Error {
     #[error("Claim type mismatch: {0}")]
     TypeMismatch(String),
     #[error("Missing Platform Token: {0}")]
+    UnknownProfile(String),
+    #[error("Unknown profile: {0}")]
     MissingPlatformToken(String),
     #[error("Missing Realm Token: {0}")]
     MissingRealmToken(String),
@@ -50,6 +52,7 @@ impl std::fmt::Debug for Error {
             | Error::MissingClaim(e)
             | Error::DuplicatedClaim(e)
             | Error::TypeMismatch(e)
+            | Error::UnknownProfile(e)
             | Error::MissingPlatformToken(e)
             | Error::MissingRealmToken(e)
             | Error::NotFoundTA(e)
diff --git a/src/token/evidence.rs b/src/token/evidence.rs
@@ -6,6 +6,7 @@ use super::common::*;
 use super::errors::Error;
 use super::platform::Platform;
 use super::realm::Realm;
+use super::realm::REALM_PROFILE;
 use crate::store::PlatformRefValue;
 use crate::store::RealmRefValue;
 use crate::store::{Cpak, IRefValueStore, ITrustAnchorStore};
@@ -361,15 +362,29 @@ impl Evidence {
     pub fn verify_realm_token(&mut self) -> Result<(), Error> {
         let realm_pub_key = self.realm_claims.get_realm_key()?;
 
-        // re-format RAK into a COSE_Key
-        let mut cose_key = self
-            .ecdsa_public_key_from_raw(&realm_pub_key)
-            .map_err(|e| {
-                // a failure to reformat should happen only if the rak claim is malformed
+        let mut cose_key: CoseKey;
+
+        if self.realm_claims.profile == REALM_PROFILE {
+            // it is already a COSE_Key, it just need decoding
+            cose_key = CoseKey::new();
+            cose_key.bytes = realm_pub_key;
+            cose_key.decode().map_err(|e| {
+                // a failure to decode should happen only if the rak claim is malformed
                 self.realm_tvec.set_all(UNEXPECTED_EVIDENCE);
 
-                Error::Syntax(format!("formatting the rak claim into ECDSA failed: {e:?}"))
+                Error::Syntax(format!("decoding the rak claim as COSE_Key failed: {e:?}"))
             })?;
+        } else {
+            // re-format RAK into a COSE_Key
+            cose_key = self
+                .ecdsa_public_key_from_raw(&realm_pub_key)
+                .map_err(|e| {
+                    // a failure to reformat should happen only if the rak claim is malformed
+                    self.realm_tvec.set_all(UNEXPECTED_EVIDENCE);
+
+                    Error::Syntax(format!("formatting the rak claim into ECDSA failed: {e:?}"))
+                })?;
+        }
 
         // explicitly set key-ops to verify
         cose_key.key_ops(vec![cose::keys::KEY_OPS_VERIFY]);
@@ -607,6 +622,8 @@ mod tests {
     const TEST_CCA_TOKEN_1_OK: &[u8; 1222] = include_bytes!("../../testdata/cca-token-01.cbor");
     const TEST_CCA_TOKEN_2_OK: &[u8; 1125] = include_bytes!("../../testdata/cca-token-02.cbor");
     const TEST_CCA_TOKEN_BUG_33: &[u8; 2507] = include_bytes!("../../testdata/bug-33-repro.cbor");
+    const TEST_CCA_TOKEN_DRAFT_FFM_00: &[u8; 2124] =
+        include_bytes!("../../testdata/cca-token-draft-ffm-00.cbor");
     const TEST_CCA_RVS_OK: &str = include_str!("../../testdata/rv.json");
     const TEST_TA_2_OK: &str = include_str!("../../testdata/ta-02-ok.json");
     const TEST_TA_2_BAD: &str = include_str!("../../testdata/ta-02-bad.json");
@@ -652,7 +669,7 @@ mod tests {
     // - non-matching personalisation value
 
     #[test]
-    fn verify_token_ok() {
+    fn verify_legacy_token_ok() {
         let mut evidence =
             Evidence::decode(&TEST_CCA_TOKEN_2_OK.to_vec()).expect("decoding TEST_CCA_TOKEN_2_OK");
 
@@ -674,7 +691,7 @@ mod tests {
     }
 
     #[test]
-    fn verify_token_error() {
+    fn verify_legacy_token_error() {
         let mut evidence =
             Evidence::decode(&TEST_CCA_TOKEN_2_OK.to_vec()).expect("decoding TEST_CCA_TOKEN_2_OK");
 
@@ -717,4 +734,29 @@ mod tests {
         assert!(evidence.realm_tvec.instance_identity.get() == CRYPTO_VALIDATION_FAILED);
         assert!(evidence.platform_tvec.instance_identity.get() == TRUSTWORTHY_INSTANCE);
     }
+
+    #[test]
+    fn verify_draft_ffm_00_token_ok() {
+        let mut evidence = Evidence::decode(&TEST_CCA_TOKEN_DRAFT_FFM_00.to_vec())
+            .expect("decoding TEST_CCA_TOKEN_DRAFT_FFM_00");
+
+        let mut tas = MemoTrustAnchorStore::new();
+        tas.load_json(TEST_TA_TFA).expect("loading trust anchors");
+
+        let r = evidence.verify(&tas);
+
+        assert!(r.is_ok());
+
+        assert!(evidence.realm_tvec.instance_identity.get() == TRUSTWORTHY_INSTANCE);
+        assert!(evidence.platform_tvec.instance_identity.get() == TRUSTWORTHY_INSTANCE);
+
+        println!(
+            "platform trust vector: {}",
+            serde_json::to_string_pretty(&evidence.platform_tvec).unwrap()
+        );
+        println!(
+            "realm trust vector: {}",
+            serde_json::to_string_pretty(&evidence.realm_tvec).unwrap()
+        );
+    }
 }
diff --git a/src/token/platform.rs b/src/token/platform.rs
@@ -166,7 +166,8 @@ impl SwComponent {
     }
 }
 
-const PLATFORM_PROFILE: &str = "http://arm.com/CCA-SSD/1.0.0";
+const PLATFORM_PROFILE_LEGACY: &str = "http://arm.com/CCA-SSD/1.0.0";
+const PLATFORM_PROFILE: &str = "tag:arm.com,2023:cca_platform#1.0.0";
 
 const PLATFORM_PROFILE_LABEL: i128 = 265;
 const PLATFORM_CHALLENGE_LABEL: i128 = 10;
@@ -303,8 +304,12 @@ impl Platform {
 
         let p = to_tstr(v, "profile")?;
 
-        if p != PLATFORM_PROFILE {
-            return Err(Error::Sema(format!("unknown profile {p}")));
+        // There is not material difference between the two profiles regarding
+        // the platform claims-set arrangement.
+        // However, if p == PLATFORM_PROFILE, then the realm token shall also
+        // have a profile claim.
+        if p != PLATFORM_PROFILE && p != PLATFORM_PROFILE_LEGACY {
+            return Err(Error::UnknownProfile(p.to_string()));
         }
 
         self.profile = p;
diff --git a/src/token/realm.rs b/src/token/realm.rs
@@ -7,7 +7,10 @@ use bitmask::*;
 use ciborium::de::from_reader;
 use ciborium::Value;
 
+pub const REALM_PROFILE: &str = "tag:arm.com,2023:realm#1.0.0";
+
 const REALM_CHALLENGE_LABEL: i128 = 10;
+const REALM_PROFILE_LABEL: i128 = 265;
 const REALM_PERSO_LABEL: i128 = 44235;
 const REALM_RIM_LABEL: i128 = 44238;
 const REALM_REM_LABEL: i128 = 44239;
@@ -25,6 +28,7 @@ bitmask! {
         HashAlg    = 0x10,
         Rak        = 0x20,
         RakHashAlg = 0x40,
+        Profile    = 0x80,
     }
 }
 
@@ -33,11 +37,13 @@ bitmask! {
 #[derive(Debug)]
 pub struct Realm {
     pub challenge: [u8; 64],  //    10 => bytes .size 64
+    pub profile: String,      //   265 => text
     pub perso: [u8; 64],      // 44235 => bytes .size 64
     pub rim: Vec<u8>,         // 44238 => bytes .size {32,48,64}
     pub rem: [Vec<u8>; 4],    // 44239 => [ 4*4 bytes .size {32,48,64} ]
     pub hash_alg: String,     // 44236 => text
-    pub rak: [u8; 97],        // 44237 => bytes .size 97
+    pub raw_rak: [u8; 97],    // 44237 => bytes .size 97 (profile=="")
+    pub cose_rak: Vec<u8>,    // 44237 => bytes .cbor COSE_Key (profile==REALM_PROFILE)
     pub rak_hash_alg: String, // 44240 => text
 
     claims_set: ClaimsSet,
@@ -53,11 +59,13 @@ impl Realm {
     pub fn new() -> Self {
         Self {
             challenge: [0; 64],
+            profile: String::from(""),
             perso: [0; 64],
             rim: vec![0, 64],
             rem: Default::default(),
             hash_alg: String::from(""),
-            rak: [0; 97],
+            raw_rak: [0; 97],
+            cose_rak: Default::default(),
             rak_hash_alg: String::from(""),
             claims_set: ClaimsSet::none(),
         }
@@ -81,6 +89,17 @@ impl Realm {
     }
 
     fn parse(&mut self, contents: Vec<(Value, Value)>) -> Result<(), Error> {
+        // Extract the profile claim first.  This is because the RAK claim
+        // (44237) has different encodings depending on the profile value.
+        for (k, v) in contents.iter() {
+            if let Value::Integer(i) = k {
+                match (*i).into() {
+                    REALM_PROFILE_LABEL => self.set_profile(v)?,
+                    _ => continue,
+                }
+            }
+        }
+
         for (k, v) in contents.iter() {
             if let Value::Integer(i) = k {
                 match (*i).into() {
@@ -98,6 +117,7 @@ impl Realm {
                 continue;
             }
         }
+
         Ok(())
     }
 
@@ -119,11 +139,38 @@ impl Realm {
             }
         }
 
+        // RAK format depends on the token profile
+        if self.profile == REALM_PROFILE {
+            if self.cose_rak.is_empty() {
+                return Err(Error::Sema("RAK COSE_Key not set".to_string()));
+            }
+        } else if self.raw_rak == [0; 97] {
+            return Err(Error::Sema("RAK raw public key not set".to_string()));
+        }
+
         // TODO: hash-type'd measurements are compatible with hash-alg
 
         Ok(())
     }
 
+    fn set_profile(&mut self, v: &Value) -> Result<(), Error> {
+        if self.claims_set.contains(Claims::Profile) {
+            return Err(Error::DuplicatedClaim("profile".to_string()));
+        }
+
+        let p = to_tstr(v, "profile")?;
+
+        if p != REALM_PROFILE {
+            return Err(Error::UnknownProfile(p.to_string()));
+        }
+
+        self.profile = p;
+
+        self.claims_set.set(Claims::Profile);
+
+        Ok(())
+    }
+
     fn set_challenge(&mut self, v: &Value) -> Result<(), Error> {
         if self.claims_set.contains(Claims::Challenge) {
             return Err(Error::DuplicatedClaim("challenge".to_string()));
@@ -203,15 +250,19 @@ impl Realm {
         let x = v.as_bytes().unwrap().clone();
         let x_len = x.len();
 
-        if x_len != 97 {
-            return Err(Error::Sema(format!(
-                "public-key: expecting 97 bytes, got {}",
-                x_len
-            )));
+        // Backwards compatibility with the previous "raw key" format.
+        if self.profile.is_empty() {
+            if x_len != 97 {
+                return Err(Error::Sema(format!(
+                    "public-key: expecting 97 bytes, got {}",
+                    x_len
+                )));
+            }
+            self.raw_rak[..].clone_from_slice(&x);
+        } else {
+            self.cose_rak = x
         }
 
-        self.rak[..].clone_from_slice(&x);
-
         self.claims_set.set(Claims::Rak);
 
         Ok(())
@@ -279,19 +330,28 @@ impl Realm {
 
         Ok(())
     }
-    pub fn get_realm_key(&self) -> Result<[u8; 97], Error> {
-        let rak = self.rak;
+
+    pub fn get_realm_key(&self) -> Result<Vec<u8>, Error> {
+        let rak = if self.profile == REALM_PROFILE {
+            self.cose_rak.clone()
+        } else {
+            self.raw_rak.clone().to_vec()
+        };
+
         if rak.is_empty() {
             return Err(Error::MissingClaim("No realm Key".to_string()));
         }
+
         Ok(rak)
     }
 
     pub fn get_rak_hash_alg(&self) -> Result<String, Error> {
         let rak_hash_alg = self.rak_hash_alg.clone();
+
         if rak_hash_alg.is_empty() {
             return Err(Error::MissingClaim("No realm hash alg".to_string()));
         }
+
         Ok(rak_hash_alg)
     }
 }
diff --git a/testdata/cca-token-draft-ffm-00.cbor b/testdata/cca-token-draft-ffm-00.cbor

Original file line number	Diff line number	Diff line change
`@@ -166,7 +166,8 @@ impl SwComponent {`
`166`	`166`	`}`
`167`	`167`	`}`
`168`	`168`
`169`		`-const PLATFORM_PROFILE: &str = "http://arm.com/CCA-SSD/1.0.0";`
	`169`	`+const PLATFORM_PROFILE_LEGACY: &str = "http://arm.com/CCA-SSD/1.0.0";`
	`170`	`+const PLATFORM_PROFILE: &str = "tag:arm.com,2023:cca_platform#1.0.0";`
`170`	`171`
`171`	`172`	`const PLATFORM_PROFILE_LABEL: i128 = 265;`
`172`	`173`	`const PLATFORM_CHALLENGE_LABEL: i128 = 10;`
`@@ -303,8 +304,12 @@ impl Platform {`
`303`	`304`
`304`	`305`	`let p = to_tstr(v, "profile")?;`
`305`	`306`
`306`		`- if p != PLATFORM_PROFILE {`
`307`		`- return Err(Error::Sema(format!("unknown profile {p}")));`
	`307`	`+ // There is not material difference between the two profiles regarding`
	`308`	`+ // the platform claims-set arrangement.`
	`309`	`+ // However, if p == PLATFORM_PROFILE, then the realm token shall also`
	`310`	`+ // have a profile claim.`
	`311`	`+ if p != PLATFORM_PROFILE && p != PLATFORM_PROFILE_LEGACY {`
	`312`	`+ return Err(Error::UnknownProfile(p.to_string()));`
`308`	`313`	`}`
`309`	`314`
`310`	`315`	`self.profile = p;`