![]() |
TF-M Reference Manual
1.2.0
TrustedFirmware-M
|
Go to the source code of this file.
Macros | |
#define | PSA_INITIAL_ATTEST_API_VERSION_MAJOR (1) |
PSA INITIAL ATTESTATION API version. More... | |
#define | PSA_INITIAL_ATTEST_API_VERSION_MINOR (0) |
#define | PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32 (32u) |
#define | PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48 (48u) |
#define | PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 (64u) |
#define | PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE (0x400) |
Functions | |
psa_status_t | psa_initial_attest_get_token (const uint8_t *auth_challenge, size_t challenge_size, uint8_t *token_buf, size_t token_buf_size, size_t *token_size) |
Get initial attestation token. More... | |
psa_status_t | psa_initial_attest_get_token_size (size_t challenge_size, size_t *token_size) |
Get the exact size of initial attestation token in bytes. More... | |
psa_status_t | tfm_initial_attest_get_public_key (uint8_t *public_key, size_t public_key_buf_size, size_t *public_key_len, psa_ecc_family_t *elliptic_curve_type) |
Get the initial attestation public key. More... | |
#define PSA_INITIAL_ATTEST_API_VERSION_MAJOR (1) |
PSA INITIAL ATTESTATION API version.
Initial attestation API version is: 1.0.0
Definition at line 32 of file initial_attestation.h.
#define PSA_INITIAL_ATTEST_API_VERSION_MINOR (0) |
Definition at line 33 of file initial_attestation.h.
#define PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32 (32u) |
The allowed size of input challenge in bytes: 32, 48, 64 Challenge can be a nonce from server or the hash of some combined data : nonce + attested data by caller.
Definition at line 40 of file initial_attestation.h.
#define PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48 (48u) |
Definition at line 41 of file initial_attestation.h.
#define PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 (64u) |
Definition at line 42 of file initial_attestation.h.
#define PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE (0x400) |
The maximum size of an attestation token that can be generated by the attestation service. Used to configure buffers for services that verify the produced tokens.
Definition at line 49 of file initial_attestation.h.
psa_status_t psa_initial_attest_get_token | ( | const uint8_t * | auth_challenge, |
size_t | challenge_size, | ||
uint8_t * | token_buf, | ||
size_t | token_buf_size, | ||
size_t * | token_size | ||
) |
Get initial attestation token.
The list of fixed claims in the initial attestation token is still evolving, you can expect slight changes in the future.
The initial attestation token is planned to be aligned with future version of Entity Attestation Token format: https://tools.ietf.org/html/draft-mandyam-eat-01
Current list of claims:
Unknown (0x1000u),
Client ID: The partition ID of that secure partition or non-secure thread who called the initial attestation API. Custom claim with a value encoded as a signed integer. Negative number represents non-secure caller, positive numbers represents secure callers, zero is invalid.
[in] | auth_challenge | Pointer to buffer where challenge input is stored. Nonce and / or hash of attested data. Must be always PSA_INITIAL_ATTEST_TOKEN_SIZE bytes long. |
[in] | challenge_size | Size of challenge object in bytes. |
[out] | token_buf | Pointer to the buffer where attestation token will be stored. |
[in] | token_buf_size | Size of allocated buffer for token, in bytes. |
[out] | token_size | Size of the token that has been returned, in bytes. |
Definition at line 17 of file tfm_initial_attestation_func_api.c.
psa_status_t psa_initial_attest_get_token_size | ( | size_t | challenge_size, |
size_t * | token_size | ||
) |
Get the exact size of initial attestation token in bytes.
It just returns with the size of the IAT token. It can be used if the caller dynamically allocates memory for the token buffer.
[in] | challenge_size | Size of challenge object in bytes. This must be a supported challenge size (as above). |
[out] | token_size | Size of the token in bytes, which is created by initial attestation service. |
Definition at line 46 of file tfm_initial_attestation_func_api.c.
psa_status_t tfm_initial_attest_get_public_key | ( | uint8_t * | public_key, |
size_t | public_key_buf_size, | ||
size_t * | public_key_len, | ||
psa_ecc_family_t * | elliptic_curve_type | ||
) |
Get the initial attestation public key.
[out] | public_key | Pointer to the buffer where the public key will be stored. |
[in] | public_key_buf_size | Size of allocated buffer for key, in bytes. |
[out] | public_key_len | Size of public key in bytes. |
[out] | elliptic_curve_type | Type of the elliptic curve which the key belongs to. |
Definition at line 63 of file tfm_initial_attestation_func_api.c.