12 #include "tfm_plat_defs.h"
13 #include "tfm_plat_crypto_keys.h"
14 #include "tfm_plat_device_id.h"
15 #include "t_cose_standard_constants.h"
16 #include "q_useful_buf.h"
20 #define ECC_P256_PUBLIC_KEY_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
30 #define ECC_P256_COORD_SIZE PSA_BITS_TO_BYTES(256)
35 #define ATTEST_KEY_HANDLE_NOT_LOADED 0
48 static size_t attestation_public_key_len = 0;
51 #ifdef INCLUDE_COSE_KEY_ID
56 static uint8_t instance_id_buf[INSTANCE_ID_MAX_SIZE];
57 static size_t instance_id_len = 0U;
62 enum tfm_plat_err_t plat_res;
64 struct ecc_key_t attest_key = {0};
75 plat_res = tfm_plat_get_initial_attest_key(key_buf,
sizeof(key_buf),
76 &attest_key, &psa_curve);
79 if (plat_res != TFM_PLAT_ERR_SUCCESS || attest_key.priv_key == NULL) {
91 attest_key.priv_key_size,
99 attestation_key_handle = key_handle;
102 if (attestation_public_key_len == 0) {
105 &attestation_public_key_len);
110 attestation_key_curve = psa_curve;
142 *handle = attestation_key_handle;
149 size_t *public_key_len,
154 if (attestation_public_key_len == 0) {
158 *public_key = attestation_public_key;
159 *public_key_len = attestation_public_key_len;
160 *public_key_curve = attestation_key_curve;
198 INSTANCE_ID_MAX_SIZE - 1,
205 instance_id_buf[0] = 0x01;
206 instance_id_len = instance_id_len + 1;
214 if (instance_id_len == 0U) {
220 if (id_buf == NULL) {
224 id_buf->ptr = instance_id_buf;
225 id_buf->len = instance_id_len;
230 #ifdef INCLUDE_COSE_KEY_ID
232 #define MAX_ENCODED_COSE_KEY_SIZE \
237 (ECC_P256_COORD_SIZE + 1 + 2)
248 static inline int32_t
256 cose_curve = COSE_ELLIPTIC_CURVE_P_256;
288 struct q_useful_buf_c attest_public_key,
289 struct q_useful_buf buffer_for_cose_key,
290 struct q_useful_buf_c *cose_key)
292 QCBORError qcbor_result;
293 QCBOREncodeContext cbor_encode_ctx;
294 struct q_useful_buf_c x_coord;
295 struct q_useful_buf_c y_coord;
296 struct q_useful_buf_c encoded_key_id;
297 size_t key_coord_len;
298 int32_t cose_ecc_curve;
299 uint8_t *x_coord_ptr;
300 uint8_t *y_coord_ptr;
307 key_coord_len = (attest_public_key.len - 1) / 2;
308 x_coord_ptr = ((uint8_t *)attest_public_key.ptr) + 1;
309 y_coord_ptr = ((uint8_t *)attest_public_key.ptr) + 1 + key_coord_len;
314 x_coord = q_useful_buf_copy_ptr(buffer_for_x_coord,
318 y_coord = q_useful_buf_copy_ptr(buffer_for_y_coord,
322 if (q_useful_buf_c_is_null(x_coord) || q_useful_buf_c_is_null(y_coord)) {
326 cose_ecc_curve = attest_map_psa_ecc_curve_to_cose_ecc_curve(psa_ecc_curve);
327 if (cose_ecc_curve == -1) {
332 QCBOREncode_Init(&cbor_encode_ctx, buffer_for_cose_key);
333 QCBOREncode_OpenMap(&cbor_encode_ctx);
334 QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx,
337 QCBOREncode_AddInt64ToMapN(&cbor_encode_ctx,
340 QCBOREncode_AddBytesToMapN(&cbor_encode_ctx,
341 COSE_KEY_PARAM_X_COORDINATE,
343 QCBOREncode_AddBytesToMapN(&cbor_encode_ctx,
344 COSE_KEY_PARAM_Y_COORDINATE,
346 QCBOREncode_CloseMap(&cbor_encode_ctx);
348 qcbor_result = QCBOREncode_Finish(&cbor_encode_ctx, &encoded_key_id);
349 if (qcbor_result != QCBOR_SUCCESS) {
355 *cose_key = encoded_key_id;
377 struct q_useful_buf_c attest_public_key,
378 struct q_useful_buf buffer_for_attest_key_id,
379 struct q_useful_buf_c *attest_key_id)
383 struct q_useful_buf_c cose_key;
385 Q_USEFUL_BUF_MAKE_STACK_UB(buffer_for_cose_key, MAX_ENCODED_COSE_KEY_SIZE);
388 attest_res = attest_encode_key_to_cose_key(psa_ecc_curve,
407 buffer_for_attest_key_id.ptr,
408 buffer_for_attest_key_id.len,
409 &buffer_for_attest_key_id.len);
414 attest_key_id->ptr = buffer_for_attest_key_id.ptr;
415 attest_key_id->len = buffer_for_attest_key_id.len;
421 attest_get_initial_attestation_key_id(
struct q_useful_buf_c *attest_key_id)
424 static uint8_t attest_key_id_calculated;
425 struct q_useful_buf_c buffer_for_attest_public_key;
426 struct q_useful_buf buffer_for_attest_key_id;
428 buffer_for_attest_key_id.ptr = attestation_key_id;
432 if (attest_key_id_calculated == 0) {
433 buffer_for_attest_public_key.ptr = attestation_public_key;
434 buffer_for_attest_public_key.len = attestation_public_key_len;
436 attest_res = attest_get_cose_key_id(attestation_key_curve,
437 buffer_for_attest_public_key,
438 buffer_for_attest_key_id,
443 attest_key_id_calculated = 1;
445 attest_key_id->ptr = (
const void *)buffer_for_attest_key_id.ptr;
446 attest_key_id->len = buffer_for_attest_key_id.len;
enum psa_attest_err_t attest_register_initial_attestation_key()
Register the initial attestation private key to Crypto service. Loads the public key if the key has n...
#define PSA_HASH_SIZE(alg)
#define ECC_P256_PUBLIC_KEY_SIZE
psa_attest_err_t
Initial attestation service error types.
enum psa_attest_err_t attest_unregister_initial_attestation_key()
Unregister the initial attestation private key from Crypto service to do not occupy key slot...
enum psa_attest_err_t attest_get_initial_attestation_public_key(uint8_t **public_key, size_t *public_key_len, psa_ecc_family_t *public_key_curve)
Get the public key derived from the initial attestation private key.
#define ATTEST_KEY_HANDLE_NOT_LOADED
#define PSA_ECC_CURVE_SECP256R1
#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve)
#define PSA_KEY_USAGE_SIGN
#define psa_export_public_key
enum psa_attest_err_t attest_get_signing_key_handle(psa_key_handle_t *handle)
Get the handle of the key for signing token In asymmetric key algorithm based initial attestation...
#define ECC_P256_COORD_SIZE
#define psa_hash_operation_init
#define PSA_ALG_ECDSA(hash_alg)
enum psa_attest_err_t attest_get_instance_id(struct q_useful_buf_c *id_buf)
Get the buffer of Instance ID data.
int32_t psa_status_t
Function return status.