blob: ba9e8128aad4dec2deadef1b453a754d09aef4d9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
/*
* Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#ifndef __ATTESTATION_KEY_H__
#define __ATTESTATION_KEY_H__
#include "attestation.h"
#include "psa/initial_attestation.h"
#include "psa/crypto.h"
#include "q_useful_buf.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Register the initial attestation private key to Crypto service. Loads
* the public key if the key has not already been loaded.
*
* \note Private key MUST be present on the device, otherwise initial
* attestation token cannot be signed.
*
* \retval PSA_ATTEST_ERR_SUCCESS Key(s) was registered.
* \retval PSA_ATTEST_ERR_GENERAL Key(s) could not be registered.
*/
enum psa_attest_err_t
attest_register_initial_attestation_key();
/**
* \brief Unregister the initial attestation private key from Crypto service
* to do not occupy key slot.
*
* \retval PSA_ATTEST_ERR_SUCCESS Key(s) was unregistered.
* \retval PSA_ATTEST_ERR_GENERAL Key(s) could not be unregistered.
*/
enum psa_attest_err_t
attest_unregister_initial_attestation_key();
/**
* \brief Get the handle of the key for signing token
* In asymmetric key algorithm based initial attestation, it is the
* handle of the initial attestation private key.
* In symmetric key algorithm based initial attestation, it is the
* handle of symmetric initial attestation key.
*
* \param[out] key_handle The handle of the key for signing token.
*
* \retval PSA_ATTEST_ERR_SUCCESS Key handle was successfully returned.
* \retval PSA_ATTEST_ERR_GENERAL Key handle could not be returned.
*/
enum psa_attest_err_t
attest_get_signing_key_handle(psa_key_handle_t *key_handle);
/**
* \brief Get the buffer of Instance ID data
*
* \param[out] id_buf Address and length of Instance ID buffer
*
* \retval PSA_ATTEST_ERR_SUCCESS Instance ID was successfully
* returned.
* \retval PSA_ATTEST_ERR_CLAIM_UNAVAILABLE Instance ID is unavailable
* \retval PSA_ATTEST_ERR_GENERAL Instance ID could not be returned.
*/
enum psa_attest_err_t
attest_get_instance_id(struct q_useful_buf_c *id_buf);
/**
* \brief Get the public key derived from the initial attestation private key.
*
* \param[out] public_key Pointer to public key buffer.
* \param[out] public_key_len Size of public key in bytes.
* \param[out] public_key_curve Type of the curve that is used in the public
* key.
*
* \retval PSA_ATTEST_ERR_SUCCESS Public key was successfully returned.
* \retval PSA_ATTEST_ERR_GENERAL Public key could not be returned.
*/
enum psa_attest_err_t
attest_get_initial_attestation_public_key(uint8_t **public_key,
size_t *public_key_len,
psa_ecc_curve_t *public_key_curve);
/**
* \brief Get the attestation key ID. It is the hash (SHA256) of the COSE_Key
* encoded attestation public key.
*
* \param[out] attest_key_id Pointer and length of the key id.
*
* \retval PSA_ATTEST_ERR_SUCCESS Key id calculated successfully.
* \retval PSA_ATTEST_ERR_GENERAL Key id calculation failed.
*/
enum psa_attest_err_t
attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id);
#ifdef __cplusplus
}
#endif
#endif /* __ATTESTATION_KEY_H__ */
|