1 /*
2  * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #include <psa/error.h>
9 #include <stddef.h>
10 #include <stdint.h>
11 
12 #ifndef ATTEST_PROVISION_H
13 #define ATTEST_PROVISION_H
14 
15 /**
16  * A provisioning client API for perfoming one-off provisioning
17  * operations related to the attestation service.  This API will typically
18  * be used by a special factory application during device manufacture.
19  */
20 
21 #ifdef __cplusplus
22 extern "C" {
23 #endif
24 
25 #ifdef EXPORT_PUBLIC_INTERFACE_PSA_ATTEST
26 #define PSA_ATTEST_EXPORTED __attribute__((__visibility__("default")))
27 #else
28 #define PSA_ATTEST_EXPORTED
29 #endif
30 
31 /**
32  * \brief Export IAK public key
33  *
34  * Used to retrieve the IAK public key that corresponds to the key-pair
35  * that was generated or provisioned for the device.  The public key
36  * may be used by a remote verifier as an identifier for the device.
37  *
38  * \param[out] data         Buffer where the key data is to be written.
39  * \param data_size         Size of the \p data buffer in bytes.
40  * \param[out] data_length  On success, the number of bytes
41  *                          that make up the key data.
42  *
43  * \return Returns error code as specified in \ref psa_status_t
44  */
45 PSA_ATTEST_EXPORTED psa_status_t attest_provision_export_iak_public_key(uint8_t *data,
46 									size_t data_size,
47 									size_t *data_length);
48 
49 /**
50  * \brief Import IAK
51  *
52  * Used during device manufacture to provision the IAK.  Two IAK
53  * provisioning strategies are supported 1) Externally generated
54  * key-pair that is provisioned using this interface.  2) Self
55  * generated where the IAK is generated by the device autonomously.
56  * If a key is to be imported, the operation must be performed before
57  * any other operation related to the attestation service.  This
58  * operation may only be performed once for a device.  An attempt
59  * to repeat the operation will be rejected.
60  *
61  * \param[in] data    Buffer containing the key data.
62  * \param[in] data_length Size of the \p data buffer in bytes.
63  *
64  * \return Returns error code as specified in \ref psa_status_t
65  */
66 PSA_ATTEST_EXPORTED psa_status_t attest_provision_import_iak(const uint8_t *data,
67 							     size_t data_length);
68 
69 /**
70  * \brief Check if IAK exists
71  *
72  * Checks the provisioned state of a device.
73  *
74  * \return Returns PSA_SUCCESS if IAK exists, PSA_ERROR_DOES_NOT_EXIST if not
75  */
76 PSA_ATTEST_EXPORTED psa_status_t attest_provision_iak_exists(void);
77 
78 #ifdef __cplusplus
79 }
80 #endif
81 
82 #endif /* ATTEST_PROVISION_H */
83