Attestation#

System and configuration attestation.

API for retrieveing attestation tokens from the SE.

Functions#

sl_status_t
sl_se_attestation_get_psa_iat_token(sl_se_command_context_t *cmd_ctx, const uint8_t *auth_challenge, size_t challenge_size, uint8_t *token_buf, size_t token_buf_size, size_t *token_size)

Get the PSA initial attest token from the SE.

sl_status_t
sl_se_attestation_get_psa_iat_token_size(sl_se_command_context_t *cmd_ctx, size_t challenge_size, size_t *token_size)

Get the size of a PSA initial attest token with the given nonce.

sl_status_t
sl_se_attestation_get_config_token(sl_se_command_context_t *cmd_ctx, const uint8_t *auth_challenge, size_t challenge_size, uint8_t *token_buf, size_t token_buf_size, size_t *token_size)

Get an attested (signed) security configuration token from the SE.

sl_status_t
sl_se_attestation_get_config_token_size(sl_se_command_context_t *cmd_ctx, size_t challenge_size, size_t *token_size)

Get the size of a security configuration token.

Macros#

#define
SL_SE_ATTESTATION_CHALLENGE_SIZE_32 (32U)

32 byte challenge size

#define
SL_SE_ATTESTATION_CHALLENGE_SIZE_48 (48U)

48 byte challenge size

#define
SL_SE_ATTESTATION_CHALLENGE_SIZE_64 (64U)

64 byte challenge size

Function Documentation#

sl_se_attestation_get_psa_iat_token#

sl_status_t sl_se_attestation_get_psa_iat_token (sl_se_command_context_t * cmd_ctx, const uint8_t * auth_challenge, size_t challenge_size, uint8_t * token_buf, size_t token_buf_size, size_t * token_size)

Get the PSA initial attest token from the SE.

Parameters
[in]cmd_ctx

Pointer to an SE command context object.

[in]auth_challenge

Buffer with a challenge object selected by the caller.

[in]challenge_size

Size of the challenge object in bytes. Must be either 32, 48 or 64.

[out]token_buf

Buffer where the output token will be stored.

[in]token_buf_size

Size of token_buf in bytes. Must be at least the size found by calling sl_se_attestation_get_psa_iat_token_size with equivalent arguments, and padded to word alignment.

[out]token_size

Number of bytes actually used in token_buf.

Warnings

  • Once a nonce/challenge has been used, the same challenge should not be used ever again, to prevent replay attacks.

  • The output will be length-extended to the next word-multiple.

Returns

  • Status code, sl_status.h.


Definition at line 112 of file platform/security/sl_component/se_manager/inc/sl_se_manager_attestation.h

sl_se_attestation_get_psa_iat_token_size#

sl_status_t sl_se_attestation_get_psa_iat_token_size (sl_se_command_context_t * cmd_ctx, size_t challenge_size, size_t * token_size)

Get the size of a PSA initial attest token with the given nonce.

Parameters
[in]cmd_ctx

Pointer to an SE command context object.

[in]challenge_size

Size of the challenge object in bytes. Must be either 32, 48 or 64.

[out]token_size

Pointer to output word. Result is stored here.

Returns

  • Status code, sl_status.h.


Definition at line 135 of file platform/security/sl_component/se_manager/inc/sl_se_manager_attestation.h

sl_se_attestation_get_config_token#

sl_status_t sl_se_attestation_get_config_token (sl_se_command_context_t * cmd_ctx, const uint8_t * auth_challenge, size_t challenge_size, uint8_t * token_buf, size_t token_buf_size, size_t * token_size)

Get an attested (signed) security configuration token from the SE.

Parameters
[in]cmd_ctx

Pointer to an SE command context object.

[in]auth_challenge

Buffer with a challenge object selected by the caller.

[in]challenge_size

Size of the challenge object in bytes. Must be 32.

[out]token_buf

Buffer where the output token will be stored.

[in]token_buf_size

Size of token_buf in bytes. Must be at least the size found by calling sl_se_attestation_get_config_token_size with equivalent arguments, and padded to word alignment.

[out]token_size

Number of bytes actually used in token_buf.

Warnings

  • Once a nonce/challenge has been used, the same challenge should not be used ever again, to prevent replay attacks.

  • The output will be length-extended to the next word-multiple.

Returns

  • Status code, sl_status.h.


Definition at line 173 of file platform/security/sl_component/se_manager/inc/sl_se_manager_attestation.h

sl_se_attestation_get_config_token_size#

sl_status_t sl_se_attestation_get_config_token_size (sl_se_command_context_t * cmd_ctx, size_t challenge_size, size_t * token_size)

Get the size of a security configuration token.

Parameters
[in]cmd_ctx

Pointer to an SE command context object.

[in]challenge_size

Size of the challenge object in bytes. Must be 32.

[out]token_size

Pointer to output word. Result is stored here.

Returns

  • Status code, sl_status.h.


Definition at line 196 of file platform/security/sl_component/se_manager/inc/sl_se_manager_attestation.h

Macro Definition Documentation#

SL_SE_ATTESTATION_CHALLENGE_SIZE_32#

#define SL_SE_ATTESTATION_CHALLENGE_SIZE_32
Value:
(32U)

32 byte challenge size


Definition at line 69 of file platform/security/sl_component/se_manager/inc/sl_se_manager_attestation.h

SL_SE_ATTESTATION_CHALLENGE_SIZE_48#

#define SL_SE_ATTESTATION_CHALLENGE_SIZE_48
Value:
(48U)

48 byte challenge size


Definition at line 71 of file platform/security/sl_component/se_manager/inc/sl_se_manager_attestation.h

SL_SE_ATTESTATION_CHALLENGE_SIZE_64#

#define SL_SE_ATTESTATION_CHALLENGE_SIZE_64
Value:
(64U)

64 byte challenge size


Definition at line 73 of file platform/security/sl_component/se_manager/inc/sl_se_manager_attestation.h