aboutsummaryrefslogtreecommitdiff
path: root/components/service/attestation/key_mngr/attest_key_mngr.h
blob: f61619a39bd8b7ec010cfb6109473ca88a628fd2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/*
 * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

#ifndef ATTEST_KEY_MNGR_H
#define ATTEST_KEY_MNGR_H

#include <psa/crypto.h>

/* Key ID for a volatile IAK (for test) */
#define ATTEST_KEY_MNGR_VOLATILE_IAK            (0)

#ifdef __cplusplus
extern "C" {
#endif

/**
 * The attestation key manager manages creation and access
 * to the IAK. In real device deployments, the IAK will
 * either be provisioned during manufacture or generated
 * on first run.  To accommodate both sceanrios and to support
 * testing without a persistent key store, the IAK is
 * genarated automatically if the corresponding persistent
 * key doesn't exist.
 */

/**
 * \brief Initialize the attest_key_mngr
 *
 * Initializes the attest_key_mngr.  The provided key id should
 * be used as the identifier for the IAK.  If a key ID of zero
 * is passed, a volatile IAK will be generated.  This is useful
 * for test purposes.
 *
 * \param[in] iak_id    The key id for the IAK
 */
void attest_key_mngr_init(psa_key_id_t iak_id);

/**
 * \brief De-initialize the attest_key_mngr
 */
void attest_key_mngr_deinit(void);

/**
 * \brief Get the IAK key handle
 *
 *  If an IAK doesn't exist, one will be generated.  This supports the
 *  generate-on-first-run strategy.
 *
 * \param[out] iak_handle  The returned key handle
 * \return Status
 */
psa_status_t attest_key_mngr_get_iak_handle(psa_key_handle_t *iak_handle);

/**
 * \brief Export the IAK public key
 *
 * \param[out] data  Buffer for key data
 * \param[in]  data_size Size of buffer
 * \param[out] data_length  Length in bytes of key
 *
 * \return Status
 */
psa_status_t attest_key_mngr_export_iak_public_key(uint8_t *data,
                                size_t data_size, size_t *data_length);

/**
 * \brief Return maximum size of an IAK key-pair
 *
 * \return Maximum size
 */
size_t attest_key_mngr_max_iak_key_size(void);

/**
 * \brief Import the IAK key-pair
 *
 * \param[in]  data  The key data
  * \param[out] data_length  Length in bytes of the key-pair
 *
 * \return Status
 */
psa_status_t attest_key_mngr_import_iak(const uint8_t *data, size_t data_length);

#ifdef __cplusplus
} /* extern "C" */
#endif

#endif /* ATTEST_KEY_MNGR_H */