TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
attest_token_encode.c File Reference

Attestation token creation implementation. More...

#include "attest_token.h"
#include "qcbor.h"
#include "t_cose_sign1_sign.h"
#include "t_cose_common.h"
#include "q_useful_buf.h"
#include "psa/crypto.h"
#include "attest_key.h"
Include dependency graph for attest_token_encode.c:

Go to the source code of this file.

Functions

enum attest_token_err_t attest_token_encode_start (struct attest_token_encode_ctx *me, uint32_t opt_flags, int32_t key_select, int32_t cose_alg_id, const struct q_useful_buf *out_buf)
 Initialize a token creation context. More...
 
enum attest_token_err_t attest_token_encode_finish (struct attest_token_encode_ctx *me, struct q_useful_buf_c *completed_token)
 Finish the token, complete the signing and get the result. More...
 
QCBOREncodeContext * attest_token_encode_borrow_cbor_cntxt (struct attest_token_encode_ctx *me)
 Get a copy of the CBOR encoding context. More...
 
void attest_token_encode_add_integer (struct attest_token_encode_ctx *me, int32_t label, int64_t Value)
 Add a 64-bit signed integer claim. More...
 
void attest_token_encode_add_bstr (struct attest_token_encode_ctx *me, int32_t label, const struct q_useful_buf_c *bstr)
 Add a binary string claim. More...
 
void attest_token_encode_add_tstr (struct attest_token_encode_ctx *me, int32_t label, const struct q_useful_buf_c *tstr)
 Add a text string claim. More...
 
void attest_token_encode_add_encoded (struct attest_token_encode_ctx *me, int32_t label, const struct q_useful_buf_c *encoded)
 

Detailed Description

Attestation token creation implementation.

Definition in file attest_token_encode.c.

Function Documentation

void attest_token_encode_add_bstr ( struct attest_token_encode_ctx me,
int32_t  label,
const struct q_useful_buf_c *  value 
)

Add a binary string claim.

Parameters
[in]meToken creation context.
[in]labelInteger label for claim.
[in]valueThe binary claim data.

Definition at line 355 of file attest_token_encode.c.

void attest_token_encode_add_encoded ( struct attest_token_encode_ctx me,
int32_t  label,
const struct q_useful_buf_c *  encoded 
)

Definition at line 379 of file attest_token_encode.c.

void attest_token_encode_add_integer ( struct attest_token_encode_ctx me,
int32_t  label,
int64_t  value 
)

Add a 64-bit signed integer claim.

Parameters
[in]meToken creation context.
[in]labelInteger label for claim.
[in]valueThe integer claim data.

Definition at line 344 of file attest_token_encode.c.

void attest_token_encode_add_tstr ( struct attest_token_encode_ctx me,
int32_t  label,
const struct q_useful_buf_c *  value 
)

Add a text string claim.

Parameters
[in]meToken creation context.
[in]labelInteger label for claim.
[in]valueThe text claim data.

Definition at line 368 of file attest_token_encode.c.

QCBOREncodeContext* attest_token_encode_borrow_cbor_cntxt ( struct attest_token_encode_ctx me)

Get a copy of the CBOR encoding context.

Parameters
[in]meToken creation context.
Returns
The CBOR encoding context

Allows the caller to encode CBOR right into the output buffer using any of the QCBOREncode_AddXXXX() methods. Anything added here will be part of the payload that gets hashed. This can be used to make complex CBOR structures. All open arrays and maps must be close before calling any other attest_token_encode methods. QCBOREncode_Finish() should not be closed on this context.

Definition at line 335 of file attest_token_encode.c.

enum attest_token_err_t attest_token_encode_finish ( struct attest_token_encode_ctx me,
struct q_useful_buf_c *  completed_token 
)

Finish the token, complete the signing and get the result.

Parameters
[in]meToken Creation Context.
[out]completed_tokenPointer and length to completed token.
Returns
one of the attest_token_err_t errors.

This completes the token after the payload has been added. When this is called the signing algorithm is run and the final formatting of the token is completed.

Definition at line 293 of file attest_token_encode.c.

enum attest_token_err_t attest_token_encode_start ( struct attest_token_encode_ctx me,
uint32_t  opt_flags,
int32_t  key_select,
int32_t  cose_alg_id,
const struct q_useful_buf *  out_buffer 
)

Initialize a token creation context.

Parameters
[in]meThe token creation context to be initialized.
[in]opt_flagsFlags to select different custom options, for example TOKEN_OPT_OMIT_CLAIMS.
[in]key_selectSelects which attestation key to sign with.
[in]cose_alg_idThe algorithm to sign with. The IDs are defined in COSE (RFC 8152) or in the IANA COSE Registry.
[out]out_bufferThe output buffer to write the encoded token into.
Returns
one of the attest_token_err_t errors.

The size of the buffer in out_buffer->len determines the size of the token that can be created. It must be able to hold the final encoded and signed token. The data encoding overhead is just that of CBOR. The signing overhead depends on the signing key size. It is about 150 bytes for 256-bit ECDSA.

If out_buffer->ptr is NULL and out_buffer_ptr->len is large like UINT32_MAX no token will be created but the length of the token that would be created will be in completed_token as returned by attest_token_encode_finish(). None of the cryptographic functions run during this, but the sizes of what they would output is taken into account.

Definition at line 229 of file attest_token_encode.c.

Here is the call graph for this function: