Mistake on this page?
Report an issue in GitHub or email us
tfm_plat_crypto_keys.h
1 /*
2  * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef __TFM_PLAT_CRYPTO_KEYS_H__
9 #define __TFM_PLAT_CRYPTO_KEYS_H__
10 /**
11  * \note The interfaces defined in this file must be implemented for each
12  * SoC.
13  */
14 
15 #include <stdint.h>
16 #include "tfm_plat_defs.h"
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif
21 
22 /**
23  * Elliptic curve key type identifiers according to RFC8152 (COSE encoding)
24  * https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
25  */
26 enum ecc_curve_t {
27  P_256 = 1, /* NIST P-256 also known as secp256r1 */
28  P_384 = 2, /* NIST P-384 also known as secp384r1 */
29  P_521 = 3, /* NIST P-521 also known as secp521r1 */
30  X25519 = 4, /* X25519 for use with ECDH only */
31  X448 = 5, /* X448 for use with ECDH only */
32  ED25519 = 6, /* Ed25519 for use with EdDSA only */
33  ED448 = 7, /* Ed448 for use with EdDSA only */
34 };
35 
36 /**
37  * Structure definition to carry pointer and size information about an Elliptic
38  * curve key which is stored in a buffer(key_buf) in raw format (without
39  * encoding):
40  * - priv_key Base address of the private key in key_buf. It must be
41  * present on the device.
42  * - priv_key_size Size of the private key in bytes.
43  * - pubx_key Base address of x-coordinate of the public key in key_buf.
44  * It can be empty, because it can be recomputed based on
45  * private key.
46  * - pubx_key_size Length of x-coordinate of the public key in key_buf.
47  * It can be empty, because it can be recomputed based on
48  * private key.
49  * - puby_key Base address of y-coordinate of the public key in key_buf.
50  * It can be empty, because either it can be recomputed based
51  * on private key or some curve type works without it.
52  * - puby_key_size Length of y-coordinate of the public key in key_buf.
53  */
54 struct ecc_key_t {
55  uint8_t *priv_key;
56  uint32_t priv_key_size;
57  uint8_t *pubx_key;
58  uint32_t pubx_key_size;
59  uint8_t *puby_key;
60  uint32_t puby_key_size;
61 };
62 
63 #define ECC_P_256_KEY_SIZE (96u) /* 3 x 32 = 96 bytes priv + pub-x + pub-y */
64 
65 /**
66  * \brief Gets hardware unique key for encryption
67  *
68  * \param[out] key Buf to store the key in
69  * \param[in] size Size of the buffer
70  *
71  * \return Returns error code specified in \ref tfm_plat_err_t
72  */
73 enum tfm_plat_err_t tfm_plat_get_crypto_huk(uint8_t *key, uint32_t size);
74 
75 /**
76  * \brief Get the initial attestation key
77  *
78  * The device MUST contain an initial attestation key, which is used to sign the
79  * token. Initial attestation service supports elliptic curve signing
80  * algorithms. Device maker can decide whether store only the private key on the
81  * device or store both (public and private) key. Public key can be recomputed
82  * based on private key. Keys must be provided in raw format, just binary data
83  * without any encoding (DER, COSE). Caller provides a buffer to copy all the
84  * available key components to there. Key components must be copied after
85  * each other to the buffer. The base address and the length of each key
86  * component must be indicating in the corresponding field of ecc_key
87  * (\ref struct ecc_key_t).
88  * Curve_type indicates to which curve belongs the key.
89  *
90  *
91  * Keys must be provided in
92  *
93  * \param[in/out] key_buf Buffer to store the initial attestation key.
94  * \param[in] size Size of the buffer.
95  * \param[out] ecc_key A structure to carry pointer and size information
96  * about the initial attestation key, which is
97  * stored in key_buf.
98  * \param[out] curve_type The type of the EC curve, which the key belongs
99  * to according to \ref ecc_curve_t
100  *
101  * \return Returns error code specified in \ref tfm_plat_err_t
102  */
103 enum tfm_plat_err_t
104 tfm_plat_get_initial_attest_key(uint8_t *key_buf,
105  uint32_t size,
106  struct ecc_key_t *ecc_key,
107  enum ecc_curve_t *curve_type);
108 
109 #ifdef __cplusplus
110 }
111 #endif
112 
113 #endif /* __TFM_PLAT_CRYPTO_KEYS_H__ */
Structure definition to carry pointer and size information about an Elliptic curve key which is store...
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.