TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
attest_asymmetric_key.c File Reference
#include "attest_key.h"
#include <stdint.h>
#include <stddef.h>
#include "tfm_plat_defs.h"
#include "tfm_plat_crypto_keys.h"
#include "tfm_plat_device_id.h"
#include "t_cose_standard_constants.h"
#include "q_useful_buf.h"
#include "qcbor.h"
#include "tfm_memory_utils.h"
Include dependency graph for attest_asymmetric_key.c:

Go to the source code of this file.

Macros

#define ECC_P256_PUBLIC_KEY_SIZE   PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
 
#define ECC_P256_COORD_SIZE   PSA_BITS_TO_BYTES(256) /* 256 bits -> 32 bytes */
 
#define ATTEST_KEY_HANDLE_NOT_LOADED   0
 

Functions

enum psa_attest_err_t attest_register_initial_attestation_key ()
 Register the initial attestation private key to Crypto service. Loads the public key if the key has not already been loaded. More...
 
enum psa_attest_err_t attest_unregister_initial_attestation_key ()
 Unregister the initial attestation private key from Crypto service to do not occupy key slot. More...
 
enum psa_attest_err_t attest_get_signing_key_handle (psa_key_handle_t *handle)
 Get the handle of the key for signing token In asymmetric key algorithm based initial attestation, it is the handle of the initial attestation private key. In symmetric key algorithm based initial attestation, it is the handle of symmetric initial attestation key. More...
 
enum psa_attest_err_t attest_get_initial_attestation_public_key (uint8_t **public_key, size_t *public_key_len, psa_ecc_family_t *public_key_curve)
 Get the public key derived from the initial attestation private key. More...
 
enum psa_attest_err_t attest_get_instance_id (struct q_useful_buf_c *id_buf)
 Get the buffer of Instance ID data. More...
 

Macro Definition Documentation

#define ATTEST_KEY_HANDLE_NOT_LOADED   0

Definition at line 35 of file attest_asymmetric_key.c.

#define ECC_P256_COORD_SIZE   PSA_BITS_TO_BYTES(256) /* 256 bits -> 32 bytes */

The size of X and Y coordinate in 2 parameter style EC public key. Format is as defined in COSE (RFC 8152) and SEC 1: Elliptic Curve Cryptography.

This size is well-known and documented in public standards.

Definition at line 30 of file attest_asymmetric_key.c.

#define ECC_P256_PUBLIC_KEY_SIZE   PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)

Definition at line 20 of file attest_asymmetric_key.c.

Function Documentation

enum psa_attest_err_t attest_get_initial_attestation_public_key ( uint8_t **  public_key,
size_t *  public_key_len,
psa_ecc_family_t public_key_curve 
)

Get the public key derived from the initial attestation private key.

Parameters
[out]public_keyPointer to public key buffer.
[out]public_key_lenSize of public key in bytes.
[out]public_key_curveType of the curve that is used in the public key.
Return values
PSA_ATTEST_ERR_SUCCESSPublic key was successfully returned.
PSA_ATTEST_ERR_GENERALPublic key could not be returned.

Definition at line 148 of file attest_asymmetric_key.c.

Here is the caller graph for this function:

enum psa_attest_err_t attest_get_instance_id ( struct q_useful_buf_c *  id_buf)

Get the buffer of Instance ID data.

Parameters
[out]id_bufAddress and length of Instance ID buffer
Return values
PSA_ATTEST_ERR_SUCCESSInstance ID was successfully returned.
PSA_ATTEST_ERR_CLAIM_UNAVAILABLEInstance ID is unavailable
PSA_ATTEST_ERR_GENERALInstance ID could not be returned.

Definition at line 212 of file attest_asymmetric_key.c.

enum psa_attest_err_t attest_get_signing_key_handle ( psa_key_handle_t key_handle)

Get the handle of the key for signing token In asymmetric key algorithm based initial attestation, it is the handle of the initial attestation private key. In symmetric key algorithm based initial attestation, it is the handle of symmetric initial attestation key.

Parameters
[out]key_handleThe handle of the key for signing token.
Return values
PSA_ATTEST_ERR_SUCCESSKey handle was successfully returned.
PSA_ATTEST_ERR_GENERALKey handle could not be returned.

Definition at line 136 of file attest_asymmetric_key.c.

Here is the caller graph for this function:

enum psa_attest_err_t attest_register_initial_attestation_key ( )

Register the initial attestation private key to Crypto service. Loads the public key if the key has not already been loaded.

Note
Private key MUST be present on the device, otherwise initial attestation token cannot be signed.
Return values
PSA_ATTEST_ERR_SUCCESSKey(s) was registered.
PSA_ATTEST_ERR_GENERALKey(s) could not be registered.

Definition at line 60 of file attest_asymmetric_key.c.

enum psa_attest_err_t attest_unregister_initial_attestation_key ( )

Unregister the initial attestation private key from Crypto service to do not occupy key slot.

Return values
PSA_ATTEST_ERR_SUCCESSKey(s) was unregistered.
PSA_ATTEST_ERR_GENERALKey(s) could not be unregistered.

Definition at line 117 of file attest_asymmetric_key.c.