1 /*
2  * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef TFM_BUILTIN_KEY_LOADER_H
9 #define TFM_BUILTIN_KEY_LOADER_H
10 
11 #include <psa/crypto.h>
12 
13 #ifdef __cplusplus
14 extern "C" {
15 #endif
16 
17 #ifdef PLATFORM_DEFAULT_CRYPTO_KEYS
18 enum psa_drv_slot_number_t {
19     TFM_BUILTIN_KEY_SLOT_HUK = 0,
20     TFM_BUILTIN_KEY_SLOT_IAK,
21 #ifdef TFM_PARTITION_DELEGATED_ATTESTATION
22     TFM_BUILTIN_KEY_SLOT_DAK_SEED,
23 #endif /* TFM_PARTITION_DELEGATED_ATTESTATION */
24     TFM_BUILTIN_KEY_SLOT_MAX,
25 };
26 #else
27 #include "platform_builtin_key_loader_ids.h"
28 #endif
29 
30 #ifdef __DOXYGEN_ONLY__
31 /**
32  *  \brief Enables the tfm_builtin_key_loader driver in the PSA Crypto
33  *         core subsystem
34  */
35 #define PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER
36 #endif /* __DOXYGEN_ONLY__ */
37 
38 /**
39  * \brief The PSA driver location for TF-M builtin keys. Arbitrary within the
40  *        ranges documented at
41  *        https://armmbed.github.io/mbed-crypto/html/api/keys/lifetimes.html#c.psa_key_location_t
42  */
43 #define TFM_BUILTIN_KEY_LOADER_KEY_LOCATION ((psa_key_location_t)0x800001)
44 
45 /**
46  * \brief This macro defines the lifetime associated to TF-M builtin keys as
47  *        persistent and as an ad-hoc location associated to the TFM_BUILTIN_KEY_LOADER
48  *        driver. To be handled by the tfm_builtin_ker_loader driver, the lifetime of
49  *        the platform keys must be set equal to this particular lifetime value
50  */
51 #define TFM_BUILTIN_KEY_LOADER_LIFETIME PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
52                                             PSA_KEY_LIFETIME_PERSISTENT, TFM_BUILTIN_KEY_LOADER_KEY_LOCATION)
53 
54 /**
55  * \brief This is the initialisation function for the tfm_builtin_key_laoder driver,
56  *        to be called from the PSA core initialisation subsystem. It discovers the
57  *        keys available in the underlying hardware platform and loads them in
58  *        memory visible to the PSA Crypto subsystem to be used to the normal APIs
59  *
60  * \return Returns error code specified in \ref psa_status_t
61  */
62 psa_status_t tfm_builtin_key_loader_init(void);
63 
64 /**
65  * \brief Returns the length of a key from the builtin driver.
66  *
67  * \note This function is called by the psa crypto driver wrapper.
68  *
69  * \param[in]  key_id  The ID of the key to return the length of. The type of this
70  *                     must match the expected type of the underlying library that
71  *                     provides the key management for the PSA Crypto core, and
72  *                     must support encoding the owner in addition to the key_id.
73  * \param[out] len     The length of the key.
74  *
75  * \return Returns error code specified in \ref psa_status_t
76  */
77 psa_status_t tfm_builtin_key_loader_get_key_buffer_size(
78         mbedtls_svc_key_id_t key_id, size_t *len);
79 
80 /**
81  * \brief Returns the attributes and key material of a key from the builtin
82  *        driver to be used by the PSA Crypto core
83  *
84  * \note This function is called by the psa crypto driver wrapper.
85  *
86  * \param[in] slot_number        The slot of the key
87  * \param[out] attributes        The attributes of the key.
88  * \param[out] key_buffer        The buffer to output the key material into.
89  * \param[in] key_buffer_size    The size of the key material buffer.
90  * \param[out] key_buffer_length The length of the key material returned.
91  *
92  * \return Returns error code specified in \ref psa_status_t
93  */
94 psa_status_t tfm_builtin_key_loader_get_builtin_key(
95         psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes,
96         uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
97 
98 #ifdef __cplusplus
99 }
100 #endif
101 
102 #endif /* TFM_BUILTIN_KEY_LOADER_H */
103