[nrf noup] attestation: Sign message instead of hash

For attestation, sign the full token instead of the hash of the token. Signed-off-by: Sigurd Hellesvik <[email protected]>
nrfconnect · Nov 22, 2024 · dc8b931 · dc8b931
1 parent 62b7864
commit dc8b931
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 1 deletion.
diff --git a/config/config_base.cmake b/config/config_base.cmake
@@ -146,6 +146,7 @@ set(SYMMETRIC_INITIAL_ATTESTATION       OFF         CACHE BOOL      "Use symmetr
 set(ATTEST_INCLUDE_TEST_CODE            OFF         CACHE BOOL      "Include minimal development tests in the initial attestation regression test suite")
 set(ATTEST_KEY_BITS                     256         CACHE STRING    "The size of the initial attestation key in bits")
 set(PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE   0x250       CACHE STRING    "The maximum possible size of a token")
+set(ATTEST_SIGN_MESSAGE                 OFF         CACHE BOOL      "Sign message instead of hash")
 
 set(TFM_PARTITION_PLATFORM              OFF         CACHE BOOL      "Enable Platform partition")
 

diff --git a/docs/integration_guide/services/tfm_attestation_integration_guide.rst b/docs/integration_guide/services/tfm_attestation_integration_guide.rst
@@ -412,7 +412,8 @@ device. System integrators might need to re-implement the following functions
 if they want to use initial attestation service with a different cryptographic
 library than Crypto service:
 
-- ``t_cose_crypto_pub_key_sign()``: Calculates the signature over a hash value.
+- ``t_cose_crypto_pub_key_sign_hash()``: Calculates the signature over a hash value.
+- ``t_cose_crypto_pub_key_sign_message()``: Calculates the signature over a message.
 - ``t_cose_crypto_get_ec_pub_key()``: Get the public key to create the key
   identifier.
 - ``t_cose_crypto_hash_start()``: Start a multipart hash operation.

diff --git a/secure_fw/partitions/initial_attestation/Kconfig b/secure_fw/partitions/initial_attestation/Kconfig
@@ -32,6 +32,14 @@ config ATTEST_KEY_BITS
     help
       The size of the initial attestation key in bits
 
+config ATTEST_SIGN_MESSAGE
+    bool "Sign message instead of hash"
+    default n
+    help
+        By default attestation calculates a hash of the payload and signs that.
+        Use this to instead sign the payload/message directly.
+
+
 config PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE
     hex  "The maximum possible size of a token"
     default 0x250

diff --git a/secure_fw/partitions/initial_attestation/attest_token_encode.c b/secure_fw/partitions/initial_attestation/attest_token_encode.c
@@ -241,6 +241,9 @@ attest_token_encode_start(struct attest_token_encode_ctx *me,
     me->opt_flags  = opt_flags;
     me->key_select = key_select;
 
+#ifdef ATTEST_SIGN_MESSAGE
+    t_cose_options |= T_COSE_OPT_SIGN_MESSAGE;
+#endif
 
     if (opt_flags & TOKEN_OPT_SHORT_CIRCUIT_SIGN) {
         t_cose_options |= T_COSE_OPT_SHORT_CIRCUIT_SIG;