/* * Copyright (c) 2019,2020 Linaro Limited * * SPDX-License-Identifier: Apache-2.0 */ #include #include "psa/error.h" #ifdef __cplusplus extern "C" { #endif /** Maximum buffer size for an initial attestation token instance. */ #define ATT_MAX_TOKEN_SIZE (0x240) /** * @brief Gets the public key portion of the attestation service's securely * stored key pair. This public key can be provided to external * verification services for device verification purposes. * * @return Returns error code as specified in \ref psa_status_t */ psa_status_t att_get_pub_key(void); /** * @brief Gets an initial attestation token (IAT) from the TF-M secure * processing environment (SPE). This data will be provided in CBOR * format and is encrypted using the private key held on the SPE. * * The initial attestation token (IAT) is composed of a series of 'claims' or * data points used to uniquely identify this device to an external * verification entity (the IAT consumer). * * The generated IAT should be cryptographically verifiable by the IAT consumer. * * For details on IAT see https://tools.ietf.org/html/draft-mandyam-eat-01 * * @param ch_buffer Pointer to the buffer containing the nonce or * challenge data to be validated with the private key. * @param ch_sz The number of bytes in the challenge. 32, 48 or 64. * @param token_buffer Pointer to the buffer where the IAT will be written. * Must be equal in size to the system IAT output, which * can be determined via a call to * 'psa_initial_attest_get_token_size'. * @param token_sz Pointer to the size of token_buffer, this value will be * updated in this function to contain the number of bytes * actually retrieved during the IAT request. * * @return Returns error code as specified in \ref psa_status_t */ psa_status_t att_get_iat(uint8_t *ch_buffer, uint32_t ch_sz, uint8_t *token_buffer, uint32_t *token_sz); /** * @brief TODO! * * @return Returns error code as specified in \ref psa_status_t */ psa_status_t att_test(void); #ifdef __cplusplus } #endif