aboutsummaryrefslogtreecommitdiff
path: root/secure_fw/partitions/initial_attestation/attestation_key.h
blob: ba9e8128aad4dec2deadef1b453a754d09aef4d9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/*
 * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 *
 */

#ifndef __ATTESTATION_KEY_H__
#define __ATTESTATION_KEY_H__

#include "attestation.h"
#include "psa/initial_attestation.h"
#include "psa/crypto.h"
#include "q_useful_buf.h"

#ifdef __cplusplus
extern "C" {
#endif

/**
 * \brief Register the initial attestation private key to Crypto service. Loads
 *        the public key if the key has not already been loaded.
 *
 * \note  Private key MUST be present on the device, otherwise initial
 *        attestation token cannot be signed.
 *
 * \retval  PSA_ATTEST_ERR_SUCCESS   Key(s) was registered.
 * \retval  PSA_ATTEST_ERR_GENERAL   Key(s) could not be registered.
 */
enum psa_attest_err_t
attest_register_initial_attestation_key();

/**
 * \brief Unregister the initial attestation private key from Crypto service
 *        to do not occupy key slot.
 *
 * \retval  PSA_ATTEST_ERR_SUCCESS   Key(s) was unregistered.
 * \retval  PSA_ATTEST_ERR_GENERAL   Key(s) could not be unregistered.
 */
enum psa_attest_err_t
attest_unregister_initial_attestation_key();

/**
 * \brief Get the handle of the key for signing token
 *        In asymmetric key algorithm based initial attestation, it is the
 *        handle of the initial attestation private key.
 *        In symmetric key algorithm based initial attestation, it is the
 *        handle of symmetric initial attestation key.
 *
 * \param[out] key_handle            The handle of the key for signing token.
 *
 * \retval  PSA_ATTEST_ERR_SUCCESS   Key handle was successfully returned.
 * \retval  PSA_ATTEST_ERR_GENERAL   Key handle could not be returned.
 */
enum psa_attest_err_t
attest_get_signing_key_handle(psa_key_handle_t *key_handle);

/**
 * \brief Get the buffer of Instance ID data
 *
 * \param[out] id_buf  Address and length of Instance ID buffer
 *
 * \retval  PSA_ATTEST_ERR_SUCCESS            Instance ID was successfully
 *                                            returned.
 * \retval  PSA_ATTEST_ERR_CLAIM_UNAVAILABLE  Instance ID is unavailable
 * \retval  PSA_ATTEST_ERR_GENERAL            Instance ID could not be returned.
 */
enum psa_attest_err_t
attest_get_instance_id(struct q_useful_buf_c *id_buf);

/**
 * \brief Get the public key derived from the initial attestation private key.
 *
 * \param[out] public_key       Pointer to public key buffer.
 * \param[out] public_key_len   Size of public key in bytes.
 * \param[out] public_key_curve Type of the curve that is used in the public
 *                              key.
 *
 * \retval  PSA_ATTEST_ERR_SUCCESS   Public key was successfully returned.
 * \retval  PSA_ATTEST_ERR_GENERAL   Public key could not be returned.
 */

enum psa_attest_err_t
attest_get_initial_attestation_public_key(uint8_t **public_key,
                                          size_t *public_key_len,
                                          psa_ecc_curve_t *public_key_curve);

/**
 * \brief Get the attestation key ID. It is the hash (SHA256) of the COSE_Key
 *        encoded attestation public key.
 *
 * \param[out] attest_key_id  Pointer and length of the key id.
 *
 * \retval  PSA_ATTEST_ERR_SUCCESS   Key id calculated successfully.
 * \retval  PSA_ATTEST_ERR_GENERAL   Key id calculation failed.

 */
enum psa_attest_err_t
attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id);

#ifdef __cplusplus
}
#endif

#endif /* __ATTESTATION_KEY_H__ */