diff options
author | Raef Coles <raef.coles@arm.com> | 2019-10-09 11:32:04 +0100 |
---|---|---|
committer | Tamas Ban <tamas.ban@arm.com> | 2020-02-19 09:19:43 +0000 |
commit | 70a02daa6dc2823af21aa5f9a2e5a27e1a819474 (patch) | |
tree | b383e849a853ee4897080bf3efd3d972490a010b /interface | |
parent | 793574c4f6bf42cbaad8b86a4122ab8e0f9d1714 (diff) | |
download | trusted-firmware-m-70a02daa6dc2823af21aa5f9a2e5a27e1a819474.tar.gz |
Attest: Align interface to PSA API 1.0
Change the arguments to psa_initial_attest_get_token and
psa_initial_attest_get_token_size as per the PSA 1.0 spec. Update
documentation for new function signature.
Change-Id: Ied6a0bea9ab4a404c147db286584a0873f1a3bf3
Signed-off-by: Raef Coles <raef.coles@arm.com>
Diffstat (limited to 'interface')
-rw-r--r-- | interface/include/psa/initial_attestation.h | 37 | ||||
-rw-r--r-- | interface/src/tfm_initial_attestation_func_api.c | 19 | ||||
-rw-r--r-- | interface/src/tfm_initial_attestation_ipc_api.c | 19 |
3 files changed, 43 insertions, 32 deletions
diff --git a/interface/include/psa/initial_attestation.h b/interface/include/psa/initial_attestation.h index aa4a414da4..c125a4d6f4 100644 --- a/interface/include/psa/initial_attestation.h +++ b/interface/include/psa/initial_attestation.h @@ -27,7 +27,7 @@ extern "C" { /** * \brief PSA INITIAL ATTESTATION API version * - * Initial attestation API version is: 1.0-beta-0 + * Initial attestation API version is: 1.0.0 */ #define PSA_INITIAL_ATTEST_API_VERSION_MAJOR (1) #define PSA_INITIAL_ATTEST_API_VERSION_MINOR (0) @@ -42,6 +42,13 @@ extern "C" { #define PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 (64u) /** + * The maximum size of an attestation token that can be generated by the + * attestation service. Used to configure buffers for services that verify the + * produced tokens. + */ +#define PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE (0x400) + +/** * The list of fixed claims in the initial attestation token is still evolving, * you can expect slight changes in the future. * @@ -156,25 +163,26 @@ extern "C" { /** * \brief Get initial attestation token * - * \param[in] challenge_obj Pointer to buffer where challenge input is + * \param[in] auth_challenge Pointer to buffer where challenge input is * stored. Nonce and / or hash of attested data. * Must be always * \ref PSA_INITIAL_ATTEST_TOKEN_SIZE bytes * long. * \param[in] challenge_size Size of challenge object in bytes. - * \param[out] token Pointer to the buffer where attestation token - * must be stored. - * \param[in,out] token_size Size of allocated buffer for token, which - * updated by initial attestation service with - * final token size. + * \param[out] token_buf Pointer to the buffer where attestation token + * will be stored. + * \param[in] token_buf_size Size of allocated buffer for token, in bytes. + * \param[out] token_size Size of the token that has been returned, in + * bytes. * * \return Returns error code as specified in \ref psa_status_t */ psa_status_t -psa_initial_attest_get_token(const uint8_t *challenge_obj, - uint32_t challenge_size, - uint8_t *token, - uint32_t *token_size); +psa_initial_attest_get_token(const uint8_t *auth_challenge, + size_t challenge_size, + uint8_t *token_buf, + size_t token_buf_size, + size_t *token_size); /** * \brief Get the exact size of initial attestation token in bytes. @@ -182,15 +190,16 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, * It just returns with the size of the IAT token. It can be used if the caller * dynamically allocates memory for the token buffer. * - * \param[in] challenge_size Size of challenge object in bytes. + * \param[in] challenge_size Size of challenge object in bytes. This must be + * a supported challenge size (as above). * \param[out] token_size Size of the token in bytes, which is created by * initial attestation service. * * \return Returns error code as specified in \ref psa_status_t */ psa_status_t -psa_initial_attest_get_token_size(uint32_t challenge_size, - uint32_t *token_size); +psa_initial_attest_get_token_size(size_t challenge_size, + size_t *token_size); /** * \brief Get the initial attestation public key. diff --git a/interface/src/tfm_initial_attestation_func_api.c b/interface/src/tfm_initial_attestation_func_api.c index cf82498c53..7723d6a514 100644 --- a/interface/src/tfm_initial_attestation_func_api.c +++ b/interface/src/tfm_initial_attestation_func_api.c @@ -14,19 +14,20 @@ #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0])) psa_status_t -psa_initial_attest_get_token(const uint8_t *challenge_obj, - uint32_t challenge_size, - uint8_t *token, - uint32_t *token_size) +psa_initial_attest_get_token(const uint8_t *auth_challenge, + size_t challenge_size, + uint8_t *token_buf, + size_t token_buf_size, + size_t *token_size) { int32_t res; psa_invec in_vec[] = { - {challenge_obj, challenge_size} + {auth_challenge, challenge_size} }; psa_outvec out_vec[] = { - {token, *token_size} + {token_buf, token_buf_size} }; res = tfm_ns_interface_dispatch( @@ -42,14 +43,14 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, } psa_status_t -psa_initial_attest_get_token_size(uint32_t challenge_size, - uint32_t *token_size) +psa_initial_attest_get_token_size(size_t challenge_size, + size_t *token_size) { psa_invec in_vec[] = { {&challenge_size, sizeof(challenge_size)} }; psa_outvec out_vec[] = { - {token_size, sizeof(uint32_t)} + {token_size, sizeof(size_t)} }; return tfm_ns_interface_dispatch( diff --git a/interface/src/tfm_initial_attestation_ipc_api.c b/interface/src/tfm_initial_attestation_ipc_api.c index c60f8bd905..337acbe1bd 100644 --- a/interface/src/tfm_initial_attestation_ipc_api.c +++ b/interface/src/tfm_initial_attestation_ipc_api.c @@ -15,19 +15,20 @@ #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0])) psa_status_t -psa_initial_attest_get_token(const uint8_t *challenge_obj, - uint32_t challenge_size, - uint8_t *token, - uint32_t *token_size) +psa_initial_attest_get_token(const uint8_t *auth_challenge, + size_t challenge_size, + uint8_t *token_buf, + size_t token_buf_size, + size_t *token_size) { psa_handle_t handle = PSA_NULL_HANDLE; psa_status_t status; psa_invec in_vec[] = { - {challenge_obj, challenge_size} + {auth_challenge, challenge_size} }; psa_outvec out_vec[] = { - {token, *token_size} + {token_buf, token_buf_size} }; handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID, @@ -49,8 +50,8 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, } psa_status_t -psa_initial_attest_get_token_size(uint32_t challenge_size, - uint32_t *token_size) +psa_initial_attest_get_token_size(size_t challenge_size, + size_t *token_size) { psa_handle_t handle = PSA_NULL_HANDLE; psa_status_t status; @@ -58,7 +59,7 @@ psa_initial_attest_get_token_size(uint32_t challenge_size, {&challenge_size, sizeof(challenge_size)} }; psa_outvec out_vec[] = { - {token_size, sizeof(uint32_t)} + {token_size, sizeof(size_t)} }; handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID, |