commit 10eddf66d63a77460b33bf3fb86cccd3c8ba80eb
author David Hu <david.hu@arm.com> Fri Jan 17 15:12:13 2020 +0800
committer David Hu <david.hu@arm.com> Mon Jun 22 02:33:00 2020 +0000
tree 31e35bb58bace5caec84d464108742e007f4ddf7
parent ed4502fe935caff061174bb8e0dfb15d1f7c97cb

Attest: Fetch symmetric Initial Attestation Key

Implement attest_register_initial_attest_key() to fetch and register a
symmetric Initial Attestation Key (IAK).
Add tfm_plat_get_symmetric_iak() to receive the key raw data from
platform.

Add attest_get_signing_key_handle() to get the key handle of the
initial attestation key for signing IAT.
Replace attest_get_initial_attestation_private_key_handle() with
attest_get_signing_key_handle().

Also add a binary symmetric IAK file for token verification in
other tools.

Change-Id: Id2e3647cc85abd0eacbf2a0e53b6d2cd927acaaf
Signed-off-by: David Hu <david.hu@arm.com>

secure_fw/partitions/initial_attestation/attestation_key.h

diff --git a/secure_fw/partitions/initial_attestation/attestation_key.h b/secure_fw/partitions/initial_attestation/attestation_key.h
index cb35a94..5525479 100644
--- a/secure_fw/partitions/initial_attestation/attestation_key.h
+++ b/secure_fw/partitions/initial_attestation/attestation_key.h
@@ -8,6 +8,7 @@
 #ifndef __ATTESTATION_KEY_H__
 #define __ATTESTATION_KEY_H__
 
+#include "attestation.h"
 #include "psa/initial_attestation.h"
 #include "psa/crypto.h"
 #include "q_useful_buf.h"
@@ -40,16 +41,19 @@
 attest_unregister_initial_attestation_key();
 
 /**
- * \brief Get a handle to the attestion private key.
+ * \brief Get the handle of the key for signing token
+ *        In asymmetric key algorithm based initial attestation, it is the
+ *        handle of the initial attestation private key.
+ *        In symmetric key algorithm based initial attestation, it is the
+ *        handle of symmetric initial attestation key.
  *
- * \param[out] key_handle Key handle for private key
+ * \param[out] key_handle            The handle of the key for signing token.
  *
- * \retval  PSA_ATTEST_ERR_SUCCESS   Private key was successfully returned.
- * \retval  PSA_ATTEST_ERR_GENERAL   Private key could not be returned.
+ * \retval  PSA_ATTEST_ERR_SUCCESS   Key handle was successfully returned.
+ * \retval  PSA_ATTEST_ERR_GENERAL   Key handle could not be returned.
  */
-
 enum psa_attest_err_t
-attest_get_initial_attestation_private_key_handle(psa_key_handle_t *key_handle);
+attest_get_signing_key_handle(psa_key_handle_t *key_handle);
 
 /**
  * \brief Get the public key derived from the initial attestation private key.