![]() |
TF-M Reference Manual
1.2.0
TrustedFirmware-M
|
#include "attest_token_decode.h"
#include "t_cose_sign1_verify.h"
#include "q_useful_buf.h"
#include "qcbor_util.h"
#include "psa/crypto.h"
#include "attest_public_key.h"
#include "attest.h"
Go to the source code of this file.
Functions | |
enum attest_token_err_t | attest_token_decode_validate_token (struct attest_token_decode_context *me, struct q_useful_buf_c token) |
Set the token to work on and validate its signature. More... | |
enum attest_token_err_t attest_token_decode_validate_token | ( | struct attest_token_decode_context * | me, |
struct q_useful_buf_c | token | ||
) |
Set the token to work on and validate its signature.
[in] | me | The token decoder context to validate with. |
[in] | token | The CBOR-encoded token to validate and decode. |
The signature on the token is validated. If it is successful the token and its payload is remembered in the attest_token_decode_context me
so the attest_token_decode_get_xxx()
functions can be called to get the various claims out of it.
Generally, a public key has to be configured for this to work. It can however validate short-circuit signatures even if one is not set.
The code for any error that occurs during validation is remembered in decode context. The attest_token_decode_get_xxx()
functions can be called and they will just return this error. The attest_token_decode_get_xxx()
functions will generally return 0 or NULL
if the token is in error.
It is thus possible to call attest_token_decode_validate_token() and all the attest_token_decode_get_xxx()
functions to parse the token and ignore the error codes as long as attest_token_decode_get_error() is called before any of the claim data returned is used.
Definition at line 30 of file attest_token_decode_asymmetric.c.