41  * @brief Extracts the public key from the specified persistent key id.
43  * @param key_id        The permanent identifier for the generated key.
44  * @param key           Pointer to the buffer where the public key data
46  * @param key_buf_size  Size of key buffer in bytes.
47  * @param key_len       Number of bytes written into key by this function.
50 				    uint8_t *key, size_t key_buf_size,  in crp_get_pub_key()  argument
56 	LOG_INF("Retrieving public key for key #%d", key_id);  in crp_get_pub_key()
59 	/* Now try to re-open the persisted key based on the key ID. */  in crp_get_pub_key()
64 		LOG_ERR("Failed to open persistent key #%d", key_id);  in crp_get_pub_key()
68 	/* Export the persistent key's public key part. */  in crp_get_pub_key()
70 		psa_export_public_key(key_handle, key, key_buf_size, key_len),  in crp_get_pub_key()
73 		LOG_ERR("Failed to export public key.");  in crp_get_pub_key()
77 	/* Display the binary key data for debug purposes. */  in crp_get_pub_key()
78 	sf_hex_tabulate_16(&crp_fmt, key, *key_len);  in crp_get_pub_key()
80 	/* Close the key to free up the volatile slot. */  in crp_get_pub_key()
85 		LOG_ERR("Failed to close persistent key.");  in crp_get_pub_key()
97  * @brief Stores a new persistent secp256r1 key (usage: ecdsa-with-SHA256)
98  *        in ITS, associating it with the specified unique key identifier.
100  * This function will store a new persistent secp256r1 key in internal trusted
101  * storage. Cryptographic operations can then be performed using the key
102  * identifier (key_id) associated with this persistent key. Only the 32-byte
103  * private key needs to be supplied, the public key can be derived using
104  * the supplied private key value.
106  * @param key_id        The permament identifier for the generated key.
107  * @param key_usage     The usage policy for the key.
108  * @param key_data      Pointer to the 32-byte private key data.
122 	uint8_t data_out[65] = { 0 }; /* ECDSA public key = 65 bytes. */  in crp_imp_key_secp256r1()
125 	LOG_INF("Persisting SECP256R1 key as #%d", (uint32_t)key_id);  in crp_imp_key_secp256r1()
128 	/* Setup the key's attributes before the creation request. */  in crp_imp_key_secp256r1()
135 	/* Import the private key, creating the persistent key on success */  in crp_imp_key_secp256r1()
140 		LOG_ERR("Failed to import key.");  in crp_imp_key_secp256r1()
144 	/* Close the key to free up the volatile slot. */  in crp_imp_key_secp256r1()
149 		LOG_ERR("Failed to close persistent key.");  in crp_imp_key_secp256r1()
153 	/* Try to retrieve the public key. */  in crp_imp_key_secp256r1()
156 	/* Export the private key if usage includes PSA_KEY_USAGE_EXPORT. */  in crp_imp_key_secp256r1()
158 		/* Re-open the persisted key based on the key ID. */  in crp_imp_key_secp256r1()
163 			LOG_ERR("Failed to open persistent key #%d", key_id);  in crp_imp_key_secp256r1()
167 		/* Read the original (private) key data back. */  in crp_imp_key_secp256r1()
173 			LOG_ERR("Failed to export key.");  in crp_imp_key_secp256r1()
177 		/* Check key len. */  in crp_imp_key_secp256r1()
179 			LOG_ERR("Unexpected number of bytes in exported key.");  in crp_imp_key_secp256r1()
183 		/* Verify that the exported private key matches input data. */  in crp_imp_key_secp256r1()
186 			LOG_ERR("Imported/exported private key mismatch.");  in crp_imp_key_secp256r1()
190 		/* Display the private key. */  in crp_imp_key_secp256r1()
191 		LOG_INF("Private key data:");  in crp_imp_key_secp256r1()
195 		/* Close the key to free up the volatile slot. */  in crp_imp_key_secp256r1()
200 			LOG_ERR("Failed to close persistent key.");  in crp_imp_key_secp256r1()
214  *        key in ITS, associating it with the specified unique key identifier.
216  * This function will generate a new permanent prime256v1 key in internal trusted
217  * storage. Cryptographic operations can then be performed using the key
218  * identifier (key_id) associated with this persistent key.
220  * @param key_id        The permanent identifier for the generated key.
221  * @param key_usage     The usage policy for the key.
234 	uint8_t data_out[65] = { 0 }; /* ECDSA public key = 65 bytes. */  in crp_gen_key_secp256r1()
236 	LOG_INF("Persisting SECP256R1 key as #%d", (uint32_t)key_id);  in crp_gen_key_secp256r1()
239 	/* Setup the key's attributes before the creation request. */  in crp_gen_key_secp256r1()
247 	/* Generate the private key, creating the persistent key on success */  in crp_gen_key_secp256r1()
252 		LOG_ERR("Failed to generate key.");  in crp_gen_key_secp256r1()
256 	/* Close the key to free up the volatile slot. */  in crp_gen_key_secp256r1()
261 		LOG_ERR("Failed to close persistent key.");  in crp_gen_key_secp256r1()
265 	/* Try to retrieve the public key. */  in crp_gen_key_secp256r1()
268 	/* Export the private key if usage includes PSA_KEY_USAGE_EXPORT. */  in crp_gen_key_secp256r1()
270 		/* Re-open the persisted key based on the key ID. */  in crp_gen_key_secp256r1()
275 			LOG_ERR("Failed to open persistent key #%d", key_id);  in crp_gen_key_secp256r1()
279 		/* Read the original (private) key data back. */  in crp_gen_key_secp256r1()
285 			LOG_ERR("Failed to export key.");  in crp_gen_key_secp256r1()
289 		/* Check key len. */  in crp_gen_key_secp256r1()
291 			LOG_ERR("Unexpected number of bytes in exported key.");  in crp_gen_key_secp256r1()
295 		/* Display the private key. */  in crp_gen_key_secp256r1()
296 		LOG_INF("Private key data:");  in crp_gen_key_secp256r1()
301 		/* Close the key to free up the volatile slot. */  in crp_gen_key_secp256r1()
306 			LOG_ERR("Failed to close persistent key.");  in crp_gen_key_secp256r1()
367 	/* prime256v1 (ecdsa-with-SHA256) private key. */  in crp_generate_csr()
370 	/* This value is based on the private key in user.pem,  in crp_generate_csr()
382 	/* Randomly generate the private key. */  in crp_generate_csr()
385 	LOG_INF("Generate rnadom data for private key");  in crp_generate_csr()
389 	LOG_INF("Random data generation for private key completed");  in crp_generate_csr()
394 	/* Generate persistent prime256v1 (ecdsa-with-SHA256) key w/ID #1. */  in crp_generate_csr()
403 		LOG_ERR("Failed to create persistent key #%d", key_slot);  in crp_generate_csr()
411 	 * Generate a new key:  in crp_generate_csr()
413 	 *   $ openssl ecparam -name secp256k1 -genkey -out USER.key  in crp_generate_csr()
415 	 * Generate a certificate signing request, containing the user public key  in crp_generate_csr()
417 	 * openssl req -new -key USER.key -out USER.csr \  in crp_generate_csr()
422 	/* Generate persistent prime256v1 (ecdsa-with-SHA256) key w/ID #1. */  in crp_generate_csr()
430 		LOG_ERR("Failed to create persistent key #%d", key_slot);  in crp_generate_csr()
439 		LOG_ERR("Failed to open persistent key #%d", key_slot);  in crp_generate_csr()
460 	LOG_INF("Adding EC key to PK container");  in crp_generate_csr()
469 	LOG_INF("Adding EC key to PK container completed");  in crp_generate_csr()
515 	/* Close the key to free up the volatile slot. */  in crp_generate_csr()
520 		LOG_ERR("Failed to close persistent key.");  in crp_generate_csr()
591  * @brief Signs the supplied hash using the specified persistent key.
593  * @param key_id        The identifier of the key to use when signing.
611 	/* Try to open the persisted key based on the key ID. */  in crp_sign_hash()
616 		LOG_ERR("Failed to open persistent key #%d", key_id);  in crp_sign_hash()
628 		LOG_ERR("Failed to sign hash w/persistent key #%d", key_id);  in crp_sign_hash()
640 	/* Close the key to free up the volatile slot. */  in crp_sign_hash()
645 		LOG_ERR("Failed to close persistent key.");  in crp_sign_hash()
656  * @brief Verifies the hash signature using the public key associated
659  * @param key_id        The identifier for the persistent key.
675 	/* Try to open the persisted key based on the key ID. */  in crp_verify_sign()
680 		LOG_ERR("Failed to open persistent key #%d", key_id);  in crp_verify_sign()
699 	/* Close the key to free up the volatile slot. */  in crp_verify_sign()
704 		LOG_ERR("Failed to close persistent key.");  in crp_verify_sign()
715  * @brief Destroys the specified persistent key.
717  * @param key_id        The identifier for the persistent key.
724 	/* Try to open the persisted key based on the key ID. */  in crp_dest_key()
729 		LOG_ERR("Failed to open persistent key #%d", key_id);  in crp_dest_key()
733 	/* Destroy the persistent key */  in crp_dest_key()
738 		LOG_ERR("Failed to destroy a persistent key");  in crp_dest_key()
742 	LOG_INF("Destroyed persistent key #%d", (uint32_t)key_id);  in crp_dest_key()
760 	/* secp256r1 private key. */  in crp_test()
763 	/* This value is based on the private key in user.pem,  in crp_test()
775 	/* Randomly generate the private key. */  in crp_test()
789 	/* NOTE: The same key generation, SHA256 hash, sign, and verify  in crp_test()
793 	 * Generate a new key:  in crp_test()
803 	 * Update the private key value in priv_key_data with the hexadecimal  in crp_test()
807 	 * Generate a PEM file with the public key (which will be used to  in crp_test()
808 	 * verify any data signed with the private key):  in crp_test()
812 	 * Hash the message with SHA256, and sign it with the private key:  in crp_test()
817 	 * Verify the signature using the public key and message file:  in crp_test()
825 	/* Generate persistent secp256r1 key w/ID #1. */  in crp_test()
838 	/* Hash some data with the key using SHA256. */  in crp_test()
842 	/* Sign the hash using key #1. */  in crp_test()
847 	/* Verify the hash signature using the public key. */  in crp_test()
850 	/* Destroy the key. */  in crp_test()