blob: f61619a39bd8b7ec010cfb6109473ca88a628fd2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
/*
* Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef ATTEST_KEY_MNGR_H
#define ATTEST_KEY_MNGR_H
#include <psa/crypto.h>
/* Key ID for a volatile IAK (for test) */
#define ATTEST_KEY_MNGR_VOLATILE_IAK (0)
#ifdef __cplusplus
extern "C" {
#endif
/**
* The attestation key manager manages creation and access
* to the IAK. In real device deployments, the IAK will
* either be provisioned during manufacture or generated
* on first run. To accommodate both sceanrios and to support
* testing without a persistent key store, the IAK is
* genarated automatically if the corresponding persistent
* key doesn't exist.
*/
/**
* \brief Initialize the attest_key_mngr
*
* Initializes the attest_key_mngr. The provided key id should
* be used as the identifier for the IAK. If a key ID of zero
* is passed, a volatile IAK will be generated. This is useful
* for test purposes.
*
* \param[in] iak_id The key id for the IAK
*/
void attest_key_mngr_init(psa_key_id_t iak_id);
/**
* \brief De-initialize the attest_key_mngr
*/
void attest_key_mngr_deinit(void);
/**
* \brief Get the IAK key handle
*
* If an IAK doesn't exist, one will be generated. This supports the
* generate-on-first-run strategy.
*
* \param[out] iak_handle The returned key handle
* \return Status
*/
psa_status_t attest_key_mngr_get_iak_handle(psa_key_handle_t *iak_handle);
/**
* \brief Export the IAK public key
*
* \param[out] data Buffer for key data
* \param[in] data_size Size of buffer
* \param[out] data_length Length in bytes of key
*
* \return Status
*/
psa_status_t attest_key_mngr_export_iak_public_key(uint8_t *data,
size_t data_size, size_t *data_length);
/**
* \brief Return maximum size of an IAK key-pair
*
* \return Maximum size
*/
size_t attest_key_mngr_max_iak_key_size(void);
/**
* \brief Import the IAK key-pair
*
* \param[in] data The key data
* \param[out] data_length Length in bytes of the key-pair
*
* \return Status
*/
psa_status_t attest_key_mngr_import_iak(const uint8_t *data, size_t data_length);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* ATTEST_KEY_MNGR_H */
|