Attest: Align interface to PSA API 1.0
Change the arguments to psa_initial_attest_get_token and
psa_initial_attest_get_token_size as per the PSA 1.0 spec. Update
documentation for new function signature.
Change-Id: Ied6a0bea9ab4a404c147db286584a0873f1a3bf3
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/interface/include/psa/initial_attestation.h b/interface/include/psa/initial_attestation.h
index aa4a414..c125a4d 100644
--- a/interface/include/psa/initial_attestation.h
+++ b/interface/include/psa/initial_attestation.h
@@ -27,7 +27,7 @@
/**
* \brief PSA INITIAL ATTESTATION API version
*
- * Initial attestation API version is: 1.0-beta-0
+ * Initial attestation API version is: 1.0.0
*/
#define PSA_INITIAL_ATTEST_API_VERSION_MAJOR (1)
#define PSA_INITIAL_ATTEST_API_VERSION_MINOR (0)
@@ -42,6 +42,13 @@
#define PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 (64u)
/**
+ * The maximum size of an attestation token that can be generated by the
+ * attestation service. Used to configure buffers for services that verify the
+ * produced tokens.
+ */
+#define PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE (0x400)
+
+/**
* The list of fixed claims in the initial attestation token is still evolving,
* you can expect slight changes in the future.
*
@@ -156,25 +163,26 @@
/**
* \brief Get initial attestation token
*
- * \param[in] challenge_obj Pointer to buffer where challenge input is
+ * \param[in] auth_challenge Pointer to buffer where challenge input is
* stored. Nonce and / or hash of attested data.
* Must be always
* \ref PSA_INITIAL_ATTEST_TOKEN_SIZE bytes
* long.
* \param[in] challenge_size Size of challenge object in bytes.
- * \param[out] token Pointer to the buffer where attestation token
- * must be stored.
- * \param[in,out] token_size Size of allocated buffer for token, which
- * updated by initial attestation service with
- * final token size.
+ * \param[out] token_buf Pointer to the buffer where attestation token
+ * will be stored.
+ * \param[in] token_buf_size Size of allocated buffer for token, in bytes.
+ * \param[out] token_size Size of the token that has been returned, in
+ * bytes.
*
* \return Returns error code as specified in \ref psa_status_t
*/
psa_status_t
-psa_initial_attest_get_token(const uint8_t *challenge_obj,
- uint32_t challenge_size,
- uint8_t *token,
- uint32_t *token_size);
+psa_initial_attest_get_token(const uint8_t *auth_challenge,
+ size_t challenge_size,
+ uint8_t *token_buf,
+ size_t token_buf_size,
+ size_t *token_size);
/**
* \brief Get the exact size of initial attestation token in bytes.
@@ -182,15 +190,16 @@
* It just returns with the size of the IAT token. It can be used if the caller
* dynamically allocates memory for the token buffer.
*
- * \param[in] challenge_size Size of challenge object in bytes.
+ * \param[in] challenge_size Size of challenge object in bytes. This must be
+ * a supported challenge size (as above).
* \param[out] token_size Size of the token in bytes, which is created by
* initial attestation service.
*
* \return Returns error code as specified in \ref psa_status_t
*/
psa_status_t
-psa_initial_attest_get_token_size(uint32_t challenge_size,
- uint32_t *token_size);
+psa_initial_attest_get_token_size(size_t challenge_size,
+ size_t *token_size);
/**
* \brief Get the initial attestation public key.