| Julian Hall | 482fd2f | 2021-05-17 16:34:48 +0100 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2021, Arm Limited. All rights reserved. |
| 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | * |
| 6 | */ |
| 7 | |
| 8 | #include <stddef.h> |
| 9 | #include <stdint.h> |
| 10 | #include <psa/error.h> |
| 11 | |
| 12 | #ifndef ATTEST_PROVISION_H |
| 13 | #define ATTEST_PROVISION_H |
| 14 | |
| 15 | /** |
| 16 | * A provisioning client API for perfoming one-off provisioning |
| 17 | * operations related to the attestation service. This API will typically |
| 18 | * be used by a special factory application during device manufacture. |
| 19 | */ |
| 20 | |
| 21 | #ifdef __cplusplus |
| 22 | extern "C" { |
| 23 | #endif |
| 24 | |
| 25 | /** |
| 26 | * \brief Export IAK public key |
| 27 | * |
| 28 | * Used to retrieve the IAK public key that corresponds to the key-pair |
| 29 | * that was generated or provisioned for the device. The public key |
| 30 | * may be used by a remote verifier as an identifier for the device. |
| 31 | * |
| 32 | * \param[out] data Buffer where the key data is to be written. |
| 33 | * \param data_size Size of the \p data buffer in bytes. |
| 34 | * \param[out] data_length On success, the number of bytes |
| 35 | * that make up the key data. |
| 36 | * |
| 37 | * \return Returns error code as specified in \ref psa_status_t |
| 38 | */ |
| 39 | psa_status_t attest_provision_export_iak_public_key( |
| 40 | uint8_t *data, |
| 41 | size_t data_size, |
| 42 | size_t *data_length); |
| 43 | |
| 44 | /** |
| 45 | * \brief Import IAK |
| 46 | * |
| 47 | * Used during device manufacture to provision the IAK. Two IAK |
| 48 | * provisioning strategies are supported 1) Externally generated |
| 49 | * key-pair that is provisioned using this interface. 2) Self |
| 50 | * generated where the IAK is generated by the device autonomously. |
| 51 | * If a key is to be imported, the operation must be performed before |
| 52 | * any other operation related to the attestation service. This |
| 53 | * operation may only be performed once for a device. An attempt |
| 54 | * to repeat the operation will be rejected. |
| 55 | * |
| 56 | * \param[in] data Buffer containing the key data. |
| 57 | * \param[in] data_length Size of the \p data buffer in bytes. |
| 58 | * |
| 59 | * \return Returns error code as specified in \ref psa_status_t |
| 60 | */ |
| 61 | psa_status_t attest_provision_import_iak( |
| 62 | const uint8_t *data, |
| 63 | size_t data_length); |
| 64 | |
| 65 | |
| 66 | #ifdef __cplusplus |
| 67 | } |
| 68 | #endif |
| 69 | |
| 70 | #endif /* ATTEST_PROVISION_H */ |