14 #ifdef SYMMETRIC_INITIAL_ATTESTATION
15 #include "t_cose_mac0_sign.h"
17 #include "t_cose_sign1_sign.h"
19 #include "t_cose_common.h"
20 #include "q_useful_buf.h"
45 case T_COSE_ERR_UNSUPPORTED_HASH:
48 case T_COSE_ERR_TOO_SMALL:
60 #ifdef SYMMETRIC_INITIAL_ATTESTATION
99 const struct q_useful_buf *out_buf)
102 struct t_cose_key attest_key;
104 enum t_cose_err_t cose_ret;
105 int32_t t_cose_options = 0;
107 struct q_useful_buf_c attest_key_id = NULL_Q_USEFUL_BUF_C;
114 t_cose_options |= T_COSE_OPT_SHORT_CIRCUIT_TAG;
117 t_cose_mac0_sign_init(&(me->mac_ctx), t_cose_options, cose_alg_id);
123 attest_key.crypto_lib = T_COSE_CRYPTO_LIB_PSA;
124 attest_key.k.key_handle = (uint64_t)key_handle;
126 attest_ret = attest_get_initial_attestation_key_id(&attest_key_id);
129 }
else if (!attest_key_id.ptr || !attest_key_id.len) {
131 attest_key_id = NULL_Q_USEFUL_BUF_C;
134 t_cose_mac0_set_signing_key(&(me->mac_ctx),
144 cose_ret = t_cose_mac0_encode_parameters(&(me->mac_ctx),
146 if (cose_ret != T_COSE_SUCCESS) {
147 return_value = t_cose_err_to_attest_err(cose_ret);
160 struct q_useful_buf_c *completed_token)
164 struct q_useful_buf_c completed_token_ub;
165 QCBORError qcbor_result;
166 enum t_cose_err_t cose_return_value;
171 cose_return_value = t_cose_mac0_encode_tag(&(me->mac_ctx),
173 if (cose_return_value) {
175 return_value = t_cose_err_to_attest_err(cose_return_value);
182 qcbor_result = QCBOREncode_Finish(&(me->
cbor_enc_ctx), &completed_token_ub);
183 if (qcbor_result == QCBOR_ERR_BUFFER_TOO_SMALL) {
185 }
else if (qcbor_result != QCBOR_SUCCESS) {
189 *completed_token = completed_token_ub;
233 const struct q_useful_buf *out_buf)
235 enum t_cose_err_t cose_ret;
238 int32_t t_cose_options = 0;
239 struct t_cose_key attest_key;
241 struct q_useful_buf_c attest_key_id = NULL_Q_USEFUL_BUF_C;
248 if (opt_flags & TOKEN_OPT_SHORT_CIRCUIT_SIGN) {
249 t_cose_options |= T_COSE_OPT_SHORT_CIRCUIT_SIG;
251 #ifdef INCLUDE_COSE_KEY_ID
252 attest_ret = attest_get_initial_attestation_key_id(&attest_key_id);
259 t_cose_sign1_sign_init(&(me->
signer_ctx), t_cose_options, cose_alg_id);
265 attest_key.crypto_lib = T_COSE_CRYPTO_LIB_PSA;
266 attest_key.k.key_handle = private_key;
268 t_cose_sign1_set_signing_key(&(me->
signer_ctx),
278 cose_ret = t_cose_sign1_encode_parameters(&(me->
signer_ctx),
281 return_value = t_cose_err_to_attest_err(cose_ret);
294 struct q_useful_buf_c *completed_token)
298 struct q_useful_buf_c completed_token_ub;
299 QCBORError qcbor_result;
300 enum t_cose_err_t cose_return_value;
305 cose_return_value = t_cose_sign1_encode_signature(&(me->
signer_ctx),
307 if (cose_return_value) {
309 return_value = t_cose_err_to_attest_err(cose_return_value);
316 qcbor_result = QCBOREncode_Finish(&(me->
cbor_enc_ctx), &completed_token_ub);
317 if (qcbor_result == QCBOR_ERR_BUFFER_TOO_SMALL) {
319 }
else if (qcbor_result != QCBOR_SUCCESS) {
323 *completed_token = completed_token_ub;
348 QCBOREncode_AddInt64ToMapN(&(me->
cbor_enc_ctx), label, Value);
357 const struct q_useful_buf_c *bstr)
370 const struct q_useful_buf_c *tstr)
372 QCBOREncode_AddTextToMapN(&(me->
cbor_enc_ctx), label, *tstr);
381 const struct q_useful_buf_c *encoded)
383 QCBOREncode_AddEncodedToMapN(&(me->
cbor_enc_ctx), label, *encoded);
enum attest_token_err_t attest_token_encode_finish(struct attest_token_encode_ctx *me, struct q_useful_buf_c *completed_token)
Finish the token, complete the signing and get the result.
Attestation Token Creation Interface.
QCBOREncodeContext cbor_enc_ctx
Platform Security Architecture cryptography module.
psa_attest_err_t
Initial attestation service error types.
void attest_token_encode_add_tstr(struct attest_token_encode_ctx *me, int32_t label, const struct q_useful_buf_c *tstr)
Add a text string claim.
enum attest_token_err_t attest_token_encode_start(struct attest_token_encode_ctx *me, uint32_t opt_flags, int32_t key_select, int32_t cose_alg_id, const struct q_useful_buf *out_buf)
Initialize a token creation context.
void attest_token_encode_add_bstr(struct attest_token_encode_ctx *me, int32_t label, const struct q_useful_buf_c *bstr)
Add a binary string claim.
enum psa_attest_err_t attest_get_signing_key_handle(psa_key_handle_t *handle)
Get the handle of the key for signing token In asymmetric key algorithm based initial attestation...
void attest_token_encode_add_integer(struct attest_token_encode_ctx *me, int32_t label, int64_t Value)
Add a 64-bit signed integer claim.
#define TOKEN_OPT_SHORT_CIRCUIT_SIGN
QCBOREncodeContext * attest_token_encode_borrow_cbor_cntxt(struct attest_token_encode_ctx *me)
Get a copy of the CBOR encoding context.
struct t_cose_sign1_sign_ctx signer_ctx
void attest_token_encode_add_encoded(struct attest_token_encode_ctx *me, int32_t label, const struct q_useful_buf_c *encoded)