attest: Add attest_len & attest ops.

app/lpc55xpresso/app-sprot.toml

@@ -183,7 +183,7 @@ task-slots = ["swd"]
 [tasks.sprot]
 name = "drv-lpc55-sprot-server"
 priority = 6
-max-sizes = {flash = 46592, ram = 32768}
+max-sizes = {flash = 47328, ram = 32768}
 uses = ["flexcomm8", "bootrom"]
 features = ["spi0"]
 start = true
@@ -211,8 +211,8 @@ pins = [
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 14528, ram = 16384}
-stacksize = 11264
+max-sizes = {flash = 33904, ram = 16384}
+stacksize = 12304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

app/lpc55xpresso/app.toml

@@ -142,8 +142,8 @@ extern-regions = ["sram2"]
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 14800, ram = 16384}
-stacksize = 11264
+max-sizes = {flash = 33904, ram = 16384}
+stacksize = 12304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

app/oxide-rot-1/app-dev.toml

@@ -77,7 +77,7 @@ task-slots = ["syscon_driver"]
 [tasks.sprot]
 name = "drv-lpc55-sprot-server"
 priority = 6
-max-sizes = {flash = 46592, ram = 32768}
+max-sizes = {flash = 47328, ram = 32768}
 uses = ["flexcomm8", "bootrom"]
 features = ["spi0"]
 start = true
@@ -158,8 +158,8 @@ binary_path = "../../target/gimlet-c/dist/default/final.bin"
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 14800, ram = 16384}
-stacksize = 11264
+max-sizes = {flash = 33904, ram = 16384}
+stacksize = 12304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

app/oxide-rot-1/app.toml

@@ -68,7 +68,7 @@ task-slots = ["syscon_driver"]
 [tasks.sprot]
 name = "drv-lpc55-sprot-server"
 priority = 6
-max-sizes = {flash = 46592, ram = 32768}
+max-sizes = {flash = 47328, ram = 32768}
 uses = ["flexcomm8", "bootrom"]
 features = ["spi0"]
 start = true
@@ -137,8 +137,8 @@ task-slots = ["swd"]
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 14800, ram = 16384}
-stacksize = 11264
+max-sizes = {flash = 33904, ram = 16384}
+stacksize = 12304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

app/rot-carrier/app.toml

@@ -108,7 +108,7 @@ task-slots = ["syscon_driver"]
 [tasks.sprot]
 name = "drv-lpc55-sprot-server"
 priority = 6
-max-sizes = {flash = 46592, ram = 32768}
+max-sizes = {flash = 47328, ram = 32768}
 uses = ["flexcomm8", "bootrom"]
 features = ["spi0"]
 start = true
@@ -204,8 +204,8 @@ binary_path = "../../target/gemini-bu/dist/final.bin"
 [tasks.attest]
 name = "task-attest"
 priority = 5
-max-sizes = {flash = 14800, ram = 16384}
-stacksize = 11264
+max-sizes = {flash = 33904, ram = 16384}
+stacksize = 12304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 

drv/lpc55-sprot-server/src/handler.rs

@@ -43,10 +43,11 @@ pub struct StartupState {
 }
 
 /// Marker for data which should be copied after the packet is encoded
-pub enum TrailingData {
+pub enum TrailingData<'a> {
     Caboose { slot: SlotId, start: u32, size: u32 },
     AttestCert { index: u32, offset: u32, size: u32 },
     AttestLog { offset: u32, size: u32 },
+    Attest { nonce: &'a [u8], write_size: u32 },
     RotPage { page: RotPage },
 }
 
@@ -57,7 +58,7 @@ pub struct Handler {
     attest: Attest,
 }
 
-impl Handler {
+impl<'a> Handler {
     pub fn new() -> Handler {
         Handler {
             sprocket: crate::handler::sprockets::init(),
@@ -198,15 +199,35 @@ impl Handler {
                     }
                 }
             }
+            Some(TrailingData::Attest { nonce, write_size }) => {
+                if write_size as usize > drv_sprot_api::MAX_BLOB_SIZE {
+                    Response::pack(
+                        &Err(SprotError::Protocol(
+                            SprotProtocolError::BadMessageLength,
+                        )),
+                        tx_buf,
+                    )
+                } else {
+                    match Response::pack_with_cb(&rsp_body, tx_buf, |buf| {
+                        self.attest
+                            .attest(nonce, &mut buf[..write_size as usize])
+                            .map_err(|e| RspBody::Attest(Err(e)))?;
+                        Ok(write_size as usize)
+                    }) {
+                        Ok(size) => size,
+                        Err(e) => Response::pack(&Ok(e), tx_buf),
+                    }
+                }
+            }
             _ => Response::pack(&rsp_body, tx_buf),
         }
     }
 
     pub fn handle_request(
         &mut self,
-        req: Request<'_>,
+        req: Request<'a>,
         stats: &mut RotIoStats,
-    ) -> Result<(RspBody, Option<TrailingData>), SprotError> {
+    ) -> Result<(RspBody, Option<TrailingData<'a>>), SprotError> {
         match req.body {
             ReqBody::Status => {
                 let status = RotStatus {
@@ -367,6 +388,23 @@ impl Handler {
                 };
                 Ok((RspBody::Attest(rsp), None))
             }
+            ReqBody::Attest(AttestReq::Attest {
+                nonce_size,
+                write_size,
+            }) => Ok((
+                RspBody::Attest(Ok(AttestRsp::Attest)),
+                Some(TrailingData::Attest {
+                    nonce: &req.blob[..nonce_size as usize],
+                    write_size,
+                }),
+            )),
+            ReqBody::Attest(AttestReq::AttestLen) => {
+                let rsp = match self.attest.attest_len() {
+                    Ok(l) => Ok(AttestRsp::AttestLen(l)),
+                    Err(e) => Err(e),
+                };
+                Ok((RspBody::Attest(rsp), None))
+            }
         }
     }
 }

drv/sprot-api/src/lib.rs

@@ -387,6 +387,8 @@ pub enum AttestReq {
     Record { algorithm: HashAlgorithm },
     Log { offset: u32, size: u32 },
     LogLen,
+    Attest { nonce_size: u32, write_size: u32 },
+    AttestLen,
 }
 
 /// A response used for RoT updates
@@ -414,6 +416,8 @@ pub enum AttestRsp {
     Record,
     Log,
     LogLen(u32),
+    Attest,
+    AttestLen(u32),
 }
 
 /// The body of a sprot response.

drv/stm32h7-sprot-server/src/main.rs

@@ -6,7 +6,7 @@
 #![no_main]
 #![deny(elided_lifetimes_in_paths)]
 
-use attest_api::HashAlgorithm;
+use attest_api::{AttestError, HashAlgorithm, NONCE_MAX_SIZE, NONCE_MIN_SIZE};
 use core::convert::Into;
 use drv_lpc55_update_api::{
     RotBootInfo, RotPage, SlotId, SwitchDuration, UpdateTarget,
@@ -1010,6 +1010,89 @@ impl<S: SpiServer> idl::InOrderSpRotImpl for ServerImpl<S> {
             Err(e) => Err(AttestOrSprotError::Sprot(e).into()),
         }
     }
+
+    fn attest(
+        &mut self,
+        _msg: &userlib::RecvMessage,
+        nonce: idol_runtime::LenLimit<
+            idol_runtime::Leased<idol_runtime::R, [u8]>,
+            NONCE_MAX_SIZE,
+        >,
+        dest: idol_runtime::Leased<idol_runtime::W, [u8]>,
+    ) -> Result<(), idol_runtime::RequestError<AttestOrSprotError>>
+    where
+        AttestOrSprotError: From<idol_runtime::ServerDeath>,
+    {
+        if nonce.len() < NONCE_MIN_SIZE {
+            return Err(
+                AttestOrSprotError::Attest(AttestError::BadLease).into()
+            );
+        }
+
+        let nonce_size = u32::try_from(nonce.len()).unwrap_lite();
+        let write_size = u32::try_from(dest.len()).unwrap_lite();
+
+        let body = ReqBody::Attest(AttestReq::Attest {
+            nonce_size,
+            write_size,
+        });
+        let tx_size = Request::pack_with_cb(&body, self.tx_buf, |buf| {
+            nonce
+                .read_range(0..nonce.len(), buf)
+                .map_err(|_| SprotProtocolError::TaskRestarted)?;
+            Ok::<usize, idol_runtime::RequestError<AttestOrSprotError>>(
+                nonce.len(),
+            )
+        })?;
+
+        let rsp = self.do_send_recv_retries(tx_size, TIMEOUT_MEDIUM, 1)?;
+
+        match rsp.body {
+            Ok(RspBody::Attest(Ok(AttestRsp::Attest))) => {
+                // Copy response data into the lease
+                if rsp.blob.len() < dest.len() {
+                    return Err(idol_runtime::RequestError::Fail(
+                        idol_runtime::ClientError::BadLease,
+                    ));
+                }
+                dest.write_range(0..dest.len(), &rsp.blob[..dest.len()])
+                    .map_err(|()| {
+                        idol_runtime::RequestError::Fail(
+                            idol_runtime::ClientError::WentAway,
+                        )
+                    })?;
+                Ok(())
+            }
+            Ok(RspBody::Attest(Err(e))) => {
+                Err(AttestOrSprotError::Attest(e).into())
+            }
+            Ok(RspBody::Attest(_)) | Ok(_) => Err(AttestOrSprotError::Sprot(
+                SprotError::Protocol(SprotProtocolError::UnexpectedResponse),
+            )
+            .into()),
+            Err(e) => Err(AttestOrSprotError::Sprot(e).into()),
+        }
+    }
+
+    fn attest_len(
+        &mut self,
+        _msg: &userlib::RecvMessage,
+    ) -> Result<u32, idol_runtime::RequestError<AttestOrSprotError>> {
+        let body = ReqBody::Attest(AttestReq::AttestLen);
+        let tx_size = Request::pack(&body, self.tx_buf);
+        let rsp = self.do_send_recv_retries(tx_size, TIMEOUT_QUICK, 1)?;
+        match rsp.body {
+            Ok(RspBody::Attest(Ok(AttestRsp::AttestLen(s)))) => Ok(s),
+            Ok(RspBody::Attest(Err(e))) => {
+                Err(AttestOrSprotError::Attest(e).into())
+            }
+            Ok(RspBody::Attest(_)) | Ok(_) => Err(AttestOrSprotError::Sprot(
+                SprotError::Protocol(SprotProtocolError::UnexpectedResponse),
+            )
+            .into()),
+            Err(e) => Err(AttestOrSprotError::Sprot(e).into()),
+        }
+    }
 }
 
 mod idl {

idl/attest.idol

@@ -78,5 +78,26 @@ Interface(
             encoding: Hubpack,
             idempotent: true,
         ),
+        "attest": (
+            doc: "Get an attestation",
+            leases: {
+                "nonce": (type: "[u8]", read: true, max_len: Some(128)),
+                "dest": (type: "[u8]", write: true),
+            },
+            reply: Result(
+                ok: "()",
+                err: Complex("AttestError"),
+            ),
+            encoding: Hubpack,
+        ),
+        "attest_len": (
+            doc: "Get the length of an attestation",
+            reply: Result(
+                ok: "u32",
+                err: Complex("AttestError"),
+            ),
+            encoding: Hubpack,
+            idempotent: true,
+        ),
     }
 )

idl/sprot.idol

@@ -257,5 +257,27 @@ Interface(
             encoding: Hubpack,
             idempotent: true,
         ),
+        "attest": (
+            doc: "Get an attestation",
+            args: {},
+            leases: {
+                "nonce": (type: "[u8]", read: true, max_len: Some(128)),
+                "dest": (type: "[u8]", write: true),
+            },
+             reply: Result(
+                ok: "()",
+                err: Complex("AttestOrSprotError"),
+            ),
+            encoding: Hubpack,
+        ),
+        "attest_len": (
+            doc: "Get length of a serialized attestation",
+            reply: Result(
+                ok: "u32",
+                err: Complex("AttestOrSprotError"),
+            ),
+            encoding: Hubpack,
+            idempotent: true,
+        ),
     }
 )

task/attest-api/src/lib.rs

@@ -24,6 +24,8 @@ pub enum AttestError {
     BadLease,
     UnsupportedAlgorithm,
     SerializeLog,
+    SerializeSignature,
+    SignatureTooBig,
 }
 
 impl From<idol_runtime::ServerDeath> for AttestError {
@@ -39,4 +41,7 @@ pub enum HashAlgorithm {
     Sha3_256,
 }
 
+pub const NONCE_MIN_SIZE: usize = 32;
+pub const NONCE_MAX_SIZE: usize = 128;
+
 include!(concat!(env!("OUT_DIR"), "/client_stub.rs"));

task/attest/Cargo.toml

@@ -11,11 +11,13 @@ idol-runtime = { workspace = true }
 mutable-statics = { path = "../../lib/mutable-statics" }
 num-traits = { workspace = true }
 ringbuf = { path = "../../lib/ringbuf" }
+salty.workspace = true
 serde = { workspace = true }
 serde_with = { version = "3.3.0", default-features = false, features = ["macros"] }
 stage0-handoff = { path = "../../lib/stage0-handoff" }
 attest-api = { path = "../attest-api" }
 attest-data.workspace = true
+sha3.workspace = true
 unwrap-lite = { path = "../../lib/unwrap-lite" }
 userlib = { path = "../../sys/userlib", features = ["panic-messages"] }
 zerocopy = { workspace = true }