TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / shared / psa-adac.git / 381aa15956845b51a1e0be47a44a45d15a2bc612 / . / psa-adac / sdm / include / psa_adac_sdm.h
blob: 0395c33cd1b4eb5b105ceee69c8ff9bcad4f8c95 [file] [log] [blame]
Maulik Patel28c16e42022-11-29 15:34:23 +0000[diff] [blame]1/*
Maulik Patel6ed91802023-02-06 14:57:00 +0000[diff] [blame]2 * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
Maulik Patel28c16e42022-11-29 15:34:23 +0000[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#ifndef __PSA_ADAC_SDM_H__
9#define __PSA_ADAC_SDM_H__
10
11#if defined(MBEDTLS_CONFIG_FILE)
12#include MBEDTLS_CONFIG_FILE
13#endif
14
Maulik Patel6ed91802023-02-06 14:57:00 +0000[diff] [blame]15#include "psa_adac.h"
16
Maulik Patel28c16e42022-11-29 15:34:23 +0000[diff] [blame]17#if defined(MBEDTLS_FS_IO)
18
Maulik Patel28c16e42022-11-29 15:34:23 +0000[diff] [blame]19
20#ifdef __cplusplus
21extern "C" {
22#endif
23
24/** \addtogroup adac-sdm
25 * @{
26 */
27
28/**
29 * \brief Parses the input trust chain data into type length value format
30 *
31 * \param[in] input Pointer to input data buffer.
32 * \param[in] input_size Size of input buffer in bytes.
33 * \param[out] tlvs Double pointer to the output tlv data.
34 * \param[in] max_tlvs Maximum number of allowed extensions.
35 * \param[out] tlv_count Pointer to number of extensions in the chain.
36 *
37 * \return 0 on success, non-zero otherwise
38 *
39 */
40int split_tlv_static(uint32_t *input, size_t input_size, psa_tlv_t **tlvs,
41 size_t max_tlvs, size_t *tlv_count);
42
43/**
44 * \brief Split input chain data to individual extensions
45 *
46 * \param[in] input Pointer to the input chain data.
47 * \param[in] input_size Size of input buffer.
48 * \param[out] extensions Double pointer to output extensions.
49 * \param[out] extension_count Pointer to the number of extensions.
50 *
51 * \return 0 on success, non-zero otherwise
52 *
53 */
54int split_extensions(uint32_t *input, size_t input_size, psa_tlv_t **extensions[],
55 size_t *extension_count);
56
57/**
58 * \brief Loads the key from the input key file
59 *
60 * \param[in] key_file Pointer to input key file path.
61 * \param[out] type Pointer to the output key type.
62 * \param[out] handle Pointer to output key id.
63 *
64 * \return 0 on success, non-zero otherwise
65 *
66 */
67int import_private_key(const char *key_file, uint8_t *type, psa_key_handle_t *handle);
68
69/**
70 * \brief Loads the secret key from input file (for symmetric key authentication)
71 *
72 * \param[in] key_file Pointer to input key file path.
73 * \param[in] type Input key type.
74 * \param[out] key Double pointer to output secret key.
75 * \param[out] key_size Pointer to size of output key in bytes.
76 *
77 * \return 0 on success, non-zero otherwise
78 *
79 */
80int load_secret_key(const char *key_file, uint8_t type, uint8_t **key, size_t *key_size);
81
82/**
83 * \brief Loads the chain of trust.
84 * An example trust chain may be composed of leaf certificate, zero or more intermediary
85 * certificates, and ends in a root certificate.
86 *
87 * \param[in] chain_file Pointer to chain file path.
88 * \param[out] chain Double pointer to the decoded base64 formatted input chain data buffer.
89 * \param[out] chain_size Pointer to the size of the chain.
90 *
91 * \return 0 on success, non-zero otherwise
92 *
93 */
94int load_trust_chain(const char *chain_file, uint8_t **chain, size_t *chain_size);
95
96/**
97 * \brief Loads root of trust public key.
98 *
99 * \param[in] chain_file Pointer to chain file path.
100 * \param[in] alg Input hash algorithm type.
101 * \param[out] rotpk Pointer to output public key data buffer.
102 * \param[in] buffer_size Size of \p rotpk buffer in bytes.
103 * \param[out] rotpk_size Pointer to length of the output data buffer in bytes.
104 * \param[out] rotpk_type Pointer to root of trust public key type.
105 *
106 * \return 0 on success, non-zero otherwise
107 *
108 */
109int load_trust_rotpk(const char *chain_file, psa_algorithm_t alg, uint8_t *rotpk,
110 size_t buffer_size, size_t *rotpk_size, uint8_t *rotpk_type);
111
112/**
113 * \brief Signs the debug token for authentication
114 *
115 * \param[in] challenge Pointer to input challenge.
116 * \param[in] challenge_size Size of input challenge data.
117 * \param[in] signature_type Algorithm type used for signature .
118 * \param[in] exts Pointer to input extension data.
119 * \param[in] exts_size Size of extension data buffer.
120 * \param[out] fragment Double pointer to the output response fragment.
121 * \param[out] fragment_size Pointer to size of response fragment.
122 * \param[in] req_perms Pointer to the requested permissions data.
123 * \param[in] handle Key handle (for asymmetric key signature).
124 * \param[in] key Pointer to key to be used for signature (for symmetric key signature).
125 * \param[in] key_size Size of input key data buffer.
126 *
127 * \return A status indicating the success/failure of the operation as specified
128 * in \ref psa_status_t
129 *
130 */
131psa_status_t psa_adac_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type,
132 uint8_t exts[], size_t exts_size, uint8_t *fragment[],
133 size_t *fragment_size, uint8_t req_perms[],
134 psa_key_handle_t handle, uint8_t *key, size_t key_size);
135
136/**@}*/
137
138#ifdef __cplusplus
139}
140#endif
141
142#endif /* #if defined(MBEDTLS_FS_IO) */
143
144#endif /* __PSA_ADAC_SDM_H__ */