Attest: Align interface to PSA API 1.0
Change the arguments to psa_initial_attest_get_token and
psa_initial_attest_get_token_size as per the PSA 1.0 spec. Update
documentation for new function signature.
Change-Id: Ied6a0bea9ab4a404c147db286584a0873f1a3bf3
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/interface/include/psa/initial_attestation.h b/interface/include/psa/initial_attestation.h
index aa4a414..c125a4d 100644
--- a/interface/include/psa/initial_attestation.h
+++ b/interface/include/psa/initial_attestation.h
@@ -27,7 +27,7 @@
/**
* \brief PSA INITIAL ATTESTATION API version
*
- * Initial attestation API version is: 1.0-beta-0
+ * Initial attestation API version is: 1.0.0
*/
#define PSA_INITIAL_ATTEST_API_VERSION_MAJOR (1)
#define PSA_INITIAL_ATTEST_API_VERSION_MINOR (0)
@@ -42,6 +42,13 @@
#define PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 (64u)
/**
+ * The maximum size of an attestation token that can be generated by the
+ * attestation service. Used to configure buffers for services that verify the
+ * produced tokens.
+ */
+#define PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE (0x400)
+
+/**
* The list of fixed claims in the initial attestation token is still evolving,
* you can expect slight changes in the future.
*
@@ -156,25 +163,26 @@
/**
* \brief Get initial attestation token
*
- * \param[in] challenge_obj Pointer to buffer where challenge input is
+ * \param[in] auth_challenge Pointer to buffer where challenge input is
* stored. Nonce and / or hash of attested data.
* Must be always
* \ref PSA_INITIAL_ATTEST_TOKEN_SIZE bytes
* long.
* \param[in] challenge_size Size of challenge object in bytes.
- * \param[out] token Pointer to the buffer where attestation token
- * must be stored.
- * \param[in,out] token_size Size of allocated buffer for token, which
- * updated by initial attestation service with
- * final token size.
+ * \param[out] token_buf Pointer to the buffer where attestation token
+ * will be stored.
+ * \param[in] token_buf_size Size of allocated buffer for token, in bytes.
+ * \param[out] token_size Size of the token that has been returned, in
+ * bytes.
*
* \return Returns error code as specified in \ref psa_status_t
*/
psa_status_t
-psa_initial_attest_get_token(const uint8_t *challenge_obj,
- uint32_t challenge_size,
- uint8_t *token,
- uint32_t *token_size);
+psa_initial_attest_get_token(const uint8_t *auth_challenge,
+ size_t challenge_size,
+ uint8_t *token_buf,
+ size_t token_buf_size,
+ size_t *token_size);
/**
* \brief Get the exact size of initial attestation token in bytes.
@@ -182,15 +190,16 @@
* It just returns with the size of the IAT token. It can be used if the caller
* dynamically allocates memory for the token buffer.
*
- * \param[in] challenge_size Size of challenge object in bytes.
+ * \param[in] challenge_size Size of challenge object in bytes. This must be
+ * a supported challenge size (as above).
* \param[out] token_size Size of the token in bytes, which is created by
* initial attestation service.
*
* \return Returns error code as specified in \ref psa_status_t
*/
psa_status_t
-psa_initial_attest_get_token_size(uint32_t challenge_size,
- uint32_t *token_size);
+psa_initial_attest_get_token_size(size_t challenge_size,
+ size_t *token_size);
/**
* \brief Get the initial attestation public key.
diff --git a/interface/src/tfm_initial_attestation_func_api.c b/interface/src/tfm_initial_attestation_func_api.c
index cf82498..7723d6a 100644
--- a/interface/src/tfm_initial_attestation_func_api.c
+++ b/interface/src/tfm_initial_attestation_func_api.c
@@ -14,19 +14,20 @@
#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
psa_status_t
-psa_initial_attest_get_token(const uint8_t *challenge_obj,
- uint32_t challenge_size,
- uint8_t *token,
- uint32_t *token_size)
+psa_initial_attest_get_token(const uint8_t *auth_challenge,
+ size_t challenge_size,
+ uint8_t *token_buf,
+ size_t token_buf_size,
+ size_t *token_size)
{
int32_t res;
psa_invec in_vec[] = {
- {challenge_obj, challenge_size}
+ {auth_challenge, challenge_size}
};
psa_outvec out_vec[] = {
- {token, *token_size}
+ {token_buf, token_buf_size}
};
res = tfm_ns_interface_dispatch(
@@ -42,14 +43,14 @@
}
psa_status_t
-psa_initial_attest_get_token_size(uint32_t challenge_size,
- uint32_t *token_size)
+psa_initial_attest_get_token_size(size_t challenge_size,
+ size_t *token_size)
{
psa_invec in_vec[] = {
{&challenge_size, sizeof(challenge_size)}
};
psa_outvec out_vec[] = {
- {token_size, sizeof(uint32_t)}
+ {token_size, sizeof(size_t)}
};
return tfm_ns_interface_dispatch(
diff --git a/interface/src/tfm_initial_attestation_ipc_api.c b/interface/src/tfm_initial_attestation_ipc_api.c
index c60f8bd..337acbe 100644
--- a/interface/src/tfm_initial_attestation_ipc_api.c
+++ b/interface/src/tfm_initial_attestation_ipc_api.c
@@ -15,19 +15,20 @@
#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
psa_status_t
-psa_initial_attest_get_token(const uint8_t *challenge_obj,
- uint32_t challenge_size,
- uint8_t *token,
- uint32_t *token_size)
+psa_initial_attest_get_token(const uint8_t *auth_challenge,
+ size_t challenge_size,
+ uint8_t *token_buf,
+ size_t token_buf_size,
+ size_t *token_size)
{
psa_handle_t handle = PSA_NULL_HANDLE;
psa_status_t status;
psa_invec in_vec[] = {
- {challenge_obj, challenge_size}
+ {auth_challenge, challenge_size}
};
psa_outvec out_vec[] = {
- {token, *token_size}
+ {token_buf, token_buf_size}
};
handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
@@ -49,8 +50,8 @@
}
psa_status_t
-psa_initial_attest_get_token_size(uint32_t challenge_size,
- uint32_t *token_size)
+psa_initial_attest_get_token_size(size_t challenge_size,
+ size_t *token_size)
{
psa_handle_t handle = PSA_NULL_HANDLE;
psa_status_t status;
@@ -58,7 +59,7 @@
{&challenge_size, sizeof(challenge_size)}
};
psa_outvec out_vec[] = {
- {token_size, sizeof(uint32_t)}
+ {token_size, sizeof(size_t)}
};
handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,