Attest: Support kid parameter in COSE_Mac0 structure header
Add a HAL API tfm_plat_get_symmetric_iak_id() to fetch kid from
platform.
Implement an example of this HAL API.
Add attest_get_symmetric_iak_id() to pass the kid value to token
generation of symmetric key algorithm based Initial Attestation.
Change-Id: I642f7a03f1738c8fe77f11fc2ae91652fc01df29
Signed-off-by: David Hu <david.hu@arm.com>
diff --git a/platform/ext/common/template/crypto_keys.c b/platform/ext/common/template/crypto_keys.c
index e005205..d4d755c 100644
--- a/platform/ext/common/template/crypto_keys.c
+++ b/platform/ext/common/template/crypto_keys.c
@@ -14,9 +14,11 @@
* limitations under the License.
*/
-#include "tfm_plat_crypto_keys.h"
#include <stddef.h>
+#include <string.h>
+
#include "psa/crypto_types.h"
+#include "tfm_plat_crypto_keys.h"
/* FIXME: Functions in this file should be implemented by platform vendor. For
* the security of the storage system, it is critical to use a hardware unique
@@ -34,6 +36,7 @@
extern const psa_algorithm_t tfm_attest_hmac_sign_alg;
extern const uint8_t initial_attestation_hmac_sha256_key[];
extern const size_t initial_attestation_hmac_sha256_key_size;
+extern const char *initial_attestation_kid;
#else /* SYMMETRIC_INITIAL_ATTESTATION */
extern const psa_ecc_curve_t initial_attestation_curve_type;
extern const uint8_t initial_attestation_private_key[];
@@ -109,6 +112,23 @@
return TFM_PLAT_ERR_SUCCESS;
}
+
+enum tfm_plat_err_t tfm_plat_get_symmetric_iak_id(void *kid_buf,
+ size_t buf_len,
+ size_t *kid_len)
+{
+ /* kid is string in this example. '\0' is ignore. */
+ size_t len = strlen(initial_attestation_kid);
+
+ if (!kid_buf || !kid_len || (buf_len < len)) {
+ return TFM_PLAT_ERR_INVALID_INPUT;
+ }
+
+ copy_key(kid_buf, (const uint8_t *)initial_attestation_kid, len);
+ *kid_len = len;
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
#else /* SYMMETRIC_INITIAL_ATTESTATION */
enum tfm_plat_err_t
tfm_plat_get_initial_attest_key(uint8_t *key_buf,