Attest: Support kid parameter in COSE_Mac0 structure header
Add a HAL API tfm_plat_get_symmetric_iak_id() to fetch kid from
platform.
Implement an example of this HAL API.
Add attest_get_symmetric_iak_id() to pass the kid value to token
generation of symmetric key algorithm based Initial Attestation.
Change-Id: I642f7a03f1738c8fe77f11fc2ae91652fc01df29
Signed-off-by: David Hu <david.hu@arm.com>
diff --git a/secure_fw/partitions/initial_attestation/attestation_key.h b/secure_fw/partitions/initial_attestation/attestation_key.h
index ba9e812..c0881fe 100644
--- a/secure_fw/partitions/initial_attestation/attestation_key.h
+++ b/secure_fw/partitions/initial_attestation/attestation_key.h
@@ -85,18 +85,31 @@
size_t *public_key_len,
psa_ecc_curve_t *public_key_curve);
+#ifdef INCLUDE_COSE_KEY_ID
/**
- * \brief Get the attestation key ID. It is the hash (SHA256) of the COSE_Key
- * encoded attestation public key.
+ * \brief Get the attestation key ID.
+ * In asymmetric key algorithm based Initial Attestation, it is the hash
+ * (SHA256) of the COSE_Key encoded attestation public key.
+ * In symmetric key algorithm based Initial Attestation, the key ID raw
+ * data is fetched from from device.
*
* \param[out] attest_key_id Pointer and length of the key id.
*
- * \retval PSA_ATTEST_ERR_SUCCESS Key id calculated successfully.
- * \retval PSA_ATTEST_ERR_GENERAL Key id calculation failed.
+ * \retval PSA_ATTEST_ERR_SUCCESS Got key id successfully.
+ * \retval PSA_ATTEST_ERR_GENERAL Failed to get key id.
*/
enum psa_attest_err_t
attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id);
+#else /* INCLUDE_COSE_KEY_ID */
+static inline enum psa_attest_err_t
+attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id)
+{
+ (void)attest_key_id;
+
+ return PSA_ATTEST_ERR_SUCCESS;
+}
+#endif /* INCLUDE_COSE_KEY_ID */
#ifdef __cplusplus
}