From 6c28e28e2166ff291a1dd4a0eabcb5e701f0b813 Mon Sep 17 00:00:00 2001 From: Sigurd Hellesvik Date: Thu, 19 Dec 2024 14:31:01 +0100 Subject: [PATCH] sample: tfm_psa_template: Print attestation pubkey Print the public key for attestation, which can be used for verifying the attestation token. Ref: NCSDK-31111 Signed-off-by: Sigurd Hellesvik --- samples/tfm/tfm_psa_template/src/main.c | 43 +++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/samples/tfm/tfm_psa_template/src/main.c b/samples/tfm/tfm_psa_template/src/main.c index e2d60c794ad6..6f8783aee6ec 100644 --- a/samples/tfm/tfm_psa_template/src/main.c +++ b/samples/tfm/tfm_psa_template/src/main.c @@ -12,6 +12,10 @@ #include #include #include +#include +#include + +#define ATTEST_PUBKEY_LEN 65 /* Define an example stats group; approximates seconds since boot. */ STATS_SECT_START(smp_svr_stats) @@ -63,6 +67,42 @@ void dump_hex_ascii(const uint8_t *data, size_t size) printk("\n"); } + +static void print_attest_pubkey(void) +{ + psa_status_t status; + psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; + size_t data_length; + uint8_t m_pub_key[ATTEST_PUBKEY_LEN]; + psa_key_handle_t key_handle; + + key_handle = mbedtls_svc_key_id_make(0, TFM_BUILTIN_KEY_ID_IAK); + psa_key_attributes_t attr = key_attributes; + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("crypto_init failed: %d\n", status); + return; + } + + status = psa_get_key_attributes(key_handle, &attr); + if (status != 0) { + return; + } + + status = psa_export_public_key(key_handle, + m_pub_key, + sizeof(m_pub_key), + &data_length); + + if (status != PSA_SUCCESS) { + printf("psa_export_public_key failed: %d\n", status); + } else { + printf("Attestation public key:\n"); + dump_hex_ascii(m_pub_key, sizeof(m_pub_key)); + } +} + static void get_fw_info_address(uint32_t fw_address) { struct fw_info info; @@ -145,6 +185,7 @@ static void get_attestation_token(void) } else { printk("Received initial attestation token of %zu bytes.\n", token_size); + printf("Attestation token:\n"); dump_hex_ascii(token_buf, token_size); } } @@ -165,6 +206,8 @@ int main(void) get_fw_info(); get_attestation_token(); + /* Print public key so it can be used to verify attestation token. */ + print_attest_pubkey(); /* The system work queue handles all incoming mcumgr requests. Let the * main thread idle while the mcumgr server runs.