blob: 5a4f9b5efce4e1fc34e9831ac21f70a2c0f89f05 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
/*
* Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#ifndef __ATTEST_KEY_H__
#define __ATTEST_KEY_H__
#include "attest.h"
#include "psa/initial_attestation.h"
#include "psa/crypto.h"
#include "q_useful_buf.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Register the initial attestation private key to Crypto service. Loads
* the public key if the key has not already been loaded.
*
* \note Private key MUST be present on the device, otherwise initial
* attestation token cannot be signed.
*
* \retval PSA_ATTEST_ERR_SUCCESS Key(s) was registered.
* \retval PSA_ATTEST_ERR_GENERAL Key(s) could not be registered.
*/
enum psa_attest_err_t
attest_register_initial_attestation_key();
/**
* \brief Unregister the initial attestation private key from Crypto service
* to do not occupy key slot.
*
* \retval PSA_ATTEST_ERR_SUCCESS Key(s) was unregistered.
* \retval PSA_ATTEST_ERR_GENERAL Key(s) could not be unregistered.
*/
enum psa_attest_err_t
attest_unregister_initial_attestation_key();
/**
* \brief Get the handle of the key for signing token
* In asymmetric key algorithm based initial attestation, it is the
* handle of the initial attestation private key.
* In symmetric key algorithm based initial attestation, it is the
* handle of symmetric initial attestation key.
*
* \param[out] key_handle The handle of the key for signing token.
*
* \retval PSA_ATTEST_ERR_SUCCESS Key handle was successfully returned.
* \retval PSA_ATTEST_ERR_GENERAL Key handle could not be returned.
*/
enum psa_attest_err_t
attest_get_signing_key_handle(psa_key_handle_t *key_handle);
/**
* \brief Get the buffer of Instance ID data
*
* \param[out] id_buf Address and length of Instance ID buffer
*
* \retval PSA_ATTEST_ERR_SUCCESS Instance ID was successfully
* returned.
* \retval PSA_ATTEST_ERR_CLAIM_UNAVAILABLE Instance ID is unavailable
* \retval PSA_ATTEST_ERR_GENERAL Instance ID could not be returned.
*/
enum psa_attest_err_t
attest_get_instance_id(struct q_useful_buf_c *id_buf);
#ifdef INCLUDE_COSE_KEY_ID
/**
* \brief Get the attestation key ID.
* In asymmetric key algorithm based Initial Attestation, it is the hash
* (SHA256) of the COSE_Key encoded attestation public key.
* In symmetric key algorithm based Initial Attestation, the key ID raw
* data is fetched from from device.
*
* \param[out] attest_key_id Pointer and length of the key id.
*
* \retval PSA_ATTEST_ERR_SUCCESS Got key id successfully.
* \retval PSA_ATTEST_ERR_GENERAL Failed to get key id.
*/
enum psa_attest_err_t
attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id);
#else /* INCLUDE_COSE_KEY_ID */
static inline enum psa_attest_err_t
attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id)
{
(void)attest_key_id;
return PSA_ATTEST_ERR_SUCCESS;
}
#endif /* INCLUDE_COSE_KEY_ID */
#ifdef __cplusplus
}
#endif
#endif /* __ATTEST_KEY_H__ */
|