13 #include "tfm_plat_crypto_keys.h"
18 #define SYMMETRIC_IAK_MAX_SIZE PSA_MAC_MAX_SIZE
21 #define INSTANCE_ID_HASH_ALG PSA_ALG_SHA_256
24 #define KID_BUF_LEN 32
31 static size_t instance_id_len = 0;
33 #ifdef INCLUDE_COSE_KEY_ID
37 static size_t kid_len = 0;
61 static psa_status_t symmetric_iak_hash(
const uint8_t *iak_buf,
70 if (!iak_buf || !hash_buf || !hash_len) {
97 static psa_status_t calc_instance_id(uint8_t *iak_buf,
size_t iak_len)
101 uint8_t *id_ptr = instance_id_buf + 1;
102 size_t id_len =
sizeof(instance_id_buf) - 1;
108 status = symmetric_iak_hash(iak_buf, iak_len, id_ptr, id_len,
121 status = symmetric_iak_hash(iak_buf, instance_id_len, id_ptr, id_len,
125 instance_id_buf[0] = 0x01;
140 enum tfm_plat_err_t plat_res;
144 if (symmetric_iak_handle) {
149 plat_res = tfm_plat_get_symmetric_iak(key_buf,
sizeof(key_buf),
152 if (
sizeof(key_buf) < key_len) {
164 if (plat_res != TFM_PLAT_ERR_SUCCESS) {
181 psa_set_key_algorithm(&key_attributes, key_alg);
185 psa_res =
psa_import_key(&key_attributes, key_buf, key_len, &key_handle);
190 symmetric_iak_handle = key_handle;
199 psa_res = calc_instance_id(key_buf, key_len);
201 destroy_iak(&symmetric_iak_handle);
210 if (!symmetric_iak_handle) {
214 destroy_iak(&symmetric_iak_handle);
219 #ifdef INCLUDE_COSE_KEY_ID
230 if (!symmetric_iak_handle) {
234 *key_handle = symmetric_iak_handle;
246 if (!instance_id_len) {
250 id_buf->ptr = instance_id_buf;
251 id_buf->len = instance_id_len;
256 #ifdef INCLUDE_COSE_KEY_ID
258 attest_get_initial_attestation_key_id(
struct q_useful_buf_c *attest_key_id)
260 enum tfm_plat_err_t plat_res;
262 if (!attest_key_id) {
268 plat_res = tfm_plat_get_symmetric_iak_id(kid_buf,
272 if (
sizeof(kid_buf) < kid_len) {
285 if (plat_res != TFM_PLAT_ERR_SUCCESS) {
290 attest_key_id->ptr = (
const void *)&kid_buf;
291 attest_key_id->len = kid_len;
#define PSA_HASH_SIZE(alg)
#define INSTANCE_ID_HASH_ALG
Platform Security Architecture cryptography module.
psa_attest_err_t
Initial attestation service error types.
enum psa_attest_err_t attest_register_initial_attestation_key(void)
Register the initial attestation private key to Crypto service. Loads the public key if the key has n...
#define PSA_ALG_HMAC(hash_alg)
#define PSA_KEY_ATTRIBUTES_INIT
enum psa_attest_err_t attest_get_instance_id(struct q_useful_buf_c *id_buf)
Get the buffer of Instance ID data.
enum psa_attest_err_t attest_get_signing_key_handle(psa_key_handle_t *key_handle)
Get the handle of the key for signing token In asymmetric key algorithm based initial attestation...
#define PSA_ERROR_INVALID_ARGUMENT
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
#define PSA_KEY_USAGE_SIGN
enum psa_attest_err_t attest_unregister_initial_attestation_key(void)
Unregister the initial attestation private key from Crypto service to do not occupy key slot...
#define psa_hash_operation_init
#define PSA_KEY_TYPE_HMAC
__STATIC_INLINE void * tfm_memcpy(void *dest, const void *src, size_t num)
int32_t psa_status_t
Function return status.
#define SYMMETRIC_IAK_MAX_SIZE