![]() |
TF-M Reference Manual
1.2.0
TrustedFirmware-M
|
Implementation for attestation token tests. More...
#include "attest_token_test.h"
#include "q_useful_buf.h"
#include "psa/initial_attestation.h"
#include "attest_token_decode.h"
#include "attest_token_test_values.h"
#include "psa/crypto.h"
Go to the source code of this file.
Enumerations | |
enum | decode_test_mode_t { SHORT_CIRCUIT_SIGN, NORMAL_SIGN, COSE_MAC0, COSE_MAC0_SHORT_CIRCUIT_TAG } |
Functions | |
int | token_main_alt (uint32_t option_flags, struct q_useful_buf_c nonce, struct q_useful_buf buffer, struct q_useful_buf_c *completed_token) |
An alternate token_main() that packs the option flags into the nonce. More... | |
int_fast16_t | decode_test_short_circuit_sig (void) |
Test by checking short-circuit signed values of claims. More... | |
int_fast16_t | decode_test_normal_sig (void) |
Test by checking signed values of claims. More... | |
Implementation for attestation token tests.
This uses attest_token_decode
for the main full test case. That in turn uses t_cose_sign1_verify. These implementations of token decoding and COSE sig verification are still considered test code even though they are getting close to real implementations that could be used for other than test.
Most of the code here is for comparing the values in the token to expected good values.
Definition in file attest_token_test.c.
enum decode_test_mode_t |
Modes for decode_test_internal()
Enumerator | |
---|---|
SHORT_CIRCUIT_SIGN |
See documentation for decode_test_short_circuit_sig() |
NORMAL_SIGN |
See documentation for decode_test_normal_sig() |
COSE_MAC0 |
See documentation for decode_test_symmetric_initial_attest() |
COSE_MAC0_SHORT_CIRCUIT_TAG |
See documentation for decode_test_symmetric_iat_short_circuit_tag() |
Definition at line 839 of file attest_token_test.c.
int_fast16_t decode_test_normal_sig | ( | void | ) |
Test by checking signed values of claims.
This is an extensive test that can compare the values in the token to expected valued compiled into the test app from token_test_values.h. All the values represented in attest_token_iat_simple_t and in attest_token_sw_component_t are checked.
This uses real ECDSA keys for both signing and verificaiton. It requires that the t_cose crypto porting layer operates correctly and that all keys are present. See also decode_test_short_circuit_sig().
Definition at line 1007 of file attest_token_test.c.
int_fast16_t decode_test_short_circuit_sig | ( | void | ) |
Test by checking short-circuit signed values of claims.
This is an extensive test that can compare the values in the token to expected valued compiled into the test app from token_test_values.h. All the values represented in attest_token_iat_simple_t and in attest_token_sw_component_t are checked.
This uses a short-circuit signature rather than real ECDSA keys. This tests everything in the implementation except the final signing of the final hash with ECDSA and the converse verification. It is thorough test of everything by ECDSA integration. It can work even without ECDSA integration and without any keys configured.
Definition at line 998 of file attest_token_test.c.
int token_main_alt | ( | uint32_t | option_flags, |
struct q_useful_buf_c | nonce, | ||
struct q_useful_buf | buffer, | ||
struct q_useful_buf_c * | completed_token | ||
) |
An alternate token_main() that packs the option flags into the nonce.
[in] | option_flags | Flag bits to pack into nonce. |
[in] | nonce | Pointer and length of the nonce. |
[in] | buffer | Pointer and length of buffer to output the token into. |
[out] | completed_token | Place to put pointer and length of completed token. |
Definition at line 52 of file attest_token_test.c.