aboutsummaryrefslogtreecommitdiff
path: root/test/suites/attestation/attest_token_decode.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/suites/attestation/attest_token_decode.c')
-rw-r--r--test/suites/attestation/attest_token_decode.c44
1 files changed, 33 insertions, 11 deletions
diff --git a/test/suites/attestation/attest_token_decode.c b/test/suites/attestation/attest_token_decode.c
index ffb2a6fbef..3c3fd3e111 100644
--- a/test/suites/attestation/attest_token_decode.c
+++ b/test/suites/attestation/attest_token_decode.c
@@ -2,6 +2,7 @@
* attest_token_decode.c
*
* Copyright (c) 2019, Laurence Lundblade.
+ * Copyright (c) 2020, Arm Limited.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -12,6 +13,8 @@
#include "t_cose_sign1_verify.h"
#include "q_useful_buf.h"
#include "qcbor_util.h"
+#include "psa/crypto.h"
+#include "attest_public_key.h"
/**
@@ -155,24 +158,43 @@ enum attest_token_err_t
attest_token_decode_validate_token(struct attest_token_decode_context *me,
struct q_useful_buf_c token)
{
- enum t_cose_err_t t_cose_error;
- enum attest_token_err_t return_value;
- uint32_t t_cose_options;
-
- /*
- * FIXME: check for CWT/EAT CBOR tag if requested
- * FIXME: deal with the public key per t_cose_crypto.h
- */
-
- t_cose_options = 0;
+ enum t_cose_err_t t_cose_error;
+ enum attest_token_err_t return_value;
+ enum psa_attest_err_t attest_ret;
+ int32_t t_cose_options = 0;
+ struct t_cose_sign1_verify_ctx verify_ctx;
+ struct t_cose_key attest_key;
+ psa_key_handle_t public_key;
+
+ /* Run the signature verification */
if(me->options & TOKEN_OPT_SHORT_CIRCUIT_SIGN) {
t_cose_options |= T_COSE_OPT_ALLOW_SHORT_CIRCUIT;
}
- t_cose_error = t_cose_sign1_verify(t_cose_options, 0, token, &me->payload);
+ t_cose_sign1_verify_init(&verify_ctx, t_cose_options);
+
+ attest_ret = attest_register_initial_attestation_public_key(&public_key);
+ if (attest_ret != PSA_ATTEST_ERR_SUCCESS) {
+ return ATTEST_TOKEN_ERR_VERIFICATION_KEY;
+ }
+
+ attest_key.crypto_lib = T_COSE_CRYPTO_LIB_PSA;
+ attest_key.k.key_handle = public_key;
+
+ t_cose_sign1_set_verification_key(&verify_ctx, attest_key);
+
+ t_cose_error = t_cose_sign1_verify(&verify_ctx,
+ token, /* COSE to verify */
+ &me->payload, /* Payload from token */
+ NULL); /* Don't return parameters */
return_value = map_t_cose_errors(t_cose_error);
me->last_error = return_value;
+ attest_ret = attest_unregister_initial_attestation_public_key(public_key);
+ if (attest_ret != PSA_ATTEST_ERR_SUCCESS) {
+ return ATTEST_TOKEN_ERR_GENERAL;
+ }
+
return return_value;
}