Platform: Add API to get key derived from HUK
Adds the tfm_plat_get_huk_derived_key() function to get key material
that is derived from the HUK through a platform-defined implementation.
Change-Id: I307597b7c9e280cc984ccac9dcf28b627367e5b5
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
diff --git a/platform/include/tfm_plat_crypto_keys.h b/platform/include/tfm_plat_crypto_keys.h
index 81c54a7..a281b7f 100644
--- a/platform/include/tfm_plat_crypto_keys.h
+++ b/platform/include/tfm_plat_crypto_keys.h
@@ -12,6 +12,7 @@
* SoC.
*/
+#include <stddef.h>
#include <stdint.h>
#include "tfm_plat_defs.h"
#include "psa/crypto.h"
@@ -88,6 +89,26 @@
enum tfm_plat_err_t tfm_plat_get_crypto_huk(uint8_t *key, uint32_t size);
/**
+ * \brief Gets key material derived from the hardware unique key.
+ *
+ * \param[in] label Label for KDF
+ * \param[in] label_size Size of the label
+ * \param[in] context Context for KDF
+ * \param[in] context_size Size of the context
+ * \param[out] key Buffer to output the derived key material
+ * \param[in] key_size Requested size of the derived key material and
+ * minimum size of the key buffer
+ *
+ * \return Returns error code specified in \ref tfm_plat_err_t
+ */
+enum tfm_plat_err_t tfm_plat_get_huk_derived_key(const uint8_t *label,
+ size_t label_size,
+ const uint8_t *context,
+ size_t context_size,
+ uint8_t *key,
+ size_t key_size);
+
+/**
* \brief Get the initial attestation key
*
* The device MUST contain an initial attestation key, which is used to sign the