TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
attest_token_decode_asymmetric.c
Go to the documentation of this file.
1 /*
2  * attest_token_decode.c
3  *
4  * Copyright (c) 2019, Laurence Lundblade.
5  * Copyright (c) 2020, Arm Limited.
6  *
7  * SPDX-License-Identifier: BSD-3-Clause
8  *
9  * See BSD-3-Clause license in README.md
10  */
11 
12 #include "attest_token_decode.h"
13 #include "t_cose_sign1_verify.h"
14 #include "q_useful_buf.h"
15 #include "qcbor_util.h"
16 #include "psa/crypto.h"
17 #include "attest_public_key.h"
18 #include "attest.h"
19 
26 /*
27  * Public function. See attest_token_decode.h
28  */
31  struct q_useful_buf_c token)
32 {
33  enum t_cose_err_t t_cose_error;
34  enum attest_token_err_t return_value;
35  enum psa_attest_err_t attest_ret;
36  int32_t t_cose_options = 0;
37  struct t_cose_sign1_verify_ctx verify_ctx;
38  struct t_cose_key attest_key;
39  psa_key_handle_t public_key;
40 
41  /* Run the signature verification */
43  t_cose_options |= T_COSE_OPT_ALLOW_SHORT_CIRCUIT;
44  }
45  t_cose_sign1_verify_init(&verify_ctx, t_cose_options);
46 
47  attest_ret = attest_register_initial_attestation_public_key(&public_key);
48  if (attest_ret != PSA_ATTEST_ERR_SUCCESS) {
50  }
51 
52  attest_key.crypto_lib = T_COSE_CRYPTO_LIB_PSA;
53  attest_key.k.key_handle = public_key;
54 
55  t_cose_sign1_set_verification_key(&verify_ctx, attest_key);
56 
57  t_cose_error = t_cose_sign1_verify(&verify_ctx,
58  token, /* COSE to verify */
59  &me->payload, /* Payload from token */
60  NULL); /* Don't return parameters */
61 
62  return_value = map_t_cose_errors(t_cose_error);
63  me->last_error = return_value;
64 
65  attest_ret = attest_unregister_initial_attestation_public_key(public_key);
66  if (attest_ret != PSA_ATTEST_ERR_SUCCESS) {
68  }
69 
70  return return_value;
71 }
enum attest_token_err_t last_error
Attestation Token Decoding Interface.
Platform Security Architecture cryptography module.
attest_token_err_t
Definition: attest_token.h:50
psa_attest_err_t
Initial attestation service error types.
Definition: attest.h:25
_unsigned_integral_type_ psa_key_handle_t
Key handle.
Definition: crypto.h:35
#define TOKEN_OPT_SHORT_CIRCUIT_SIGN
Definition: attest_token.h:117
enum attest_token_err_t attest_token_decode_validate_token(struct attest_token_decode_context *me, struct q_useful_buf_c token)
Set the token to work on and validate its signature.
enum psa_attest_err_t attest_register_initial_attestation_public_key(psa_key_handle_t *public_key)
Register the initial attestation public key to Crypto service to verify the signature of the token...
struct q_useful_buf_c payload
enum psa_attest_err_t attest_unregister_initial_attestation_public_key(psa_key_handle_t public_key)
Unregister the initial attestation public key from Crypto service to do not occupy key slot...