cracen_psa_builtin_key_policy.h

Go to the documentation of this file.

/*
 * Copyright (c) 2025 Nordic Semiconductor ASA
 *
 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 */
 
#ifndef CRACEN_PSA_BUILTIN_KEY_POLICY_H
#define CRACEN_PSA_BUILTIN_KEY_POLICY_H
 
#include <psa/crypto.h>
#include <psa/crypto_values.h>
#include <cracen_psa_key_ids.h>
 
#if defined(__NRF_TFM__)
 
typedef struct {
        mbedtls_key_owner_id_t owner;      
        psa_drv_slot_number_t key_slot;    
        psa_key_usage_t usage;             
} cracen_builtin_ikg_key_policy_t;
 
typedef enum {
        KMU_ENTRY_SLOT_SINGLE,  
        KMU_ENTRY_SLOT_RANGE,   
} cracen_kmu_entry_type_t;
 
typedef struct {
        mbedtls_key_owner_id_t owner;           
        psa_drv_slot_number_t key_slot_start;   
        psa_drv_slot_number_t key_slot_end;     
        cracen_kmu_entry_type_t kmu_entry_type; 
} cracen_builtin_kmu_key_policy_t;
 
psa_key_usage_t cracen_ikg_key_user_get_usage(const psa_key_attributes_t *attributes);
 
bool cracen_kmu_key_user_allowed(const psa_key_attributes_t *attributes);
 
#else /* __NRF_TFM__ */
 
static inline psa_key_usage_t cracen_ikg_key_user_get_usage(const psa_key_attributes_t *attributes)
{
        psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(attributes));
 
        return (key_id == CRACEN_BUILTIN_IDENTITY_KEY_ID)
                ? (PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH |
                   PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH)
                : (PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_VERIFY_DERIVATION);
}
 
static inline bool cracen_kmu_key_user_allowed(const psa_key_attributes_t *attributes)
{
        (void)attributes;
        return true;
}
 
#endif /* __NRF_TFM__ */
 
#endif /* CRACEN_PSA_BUILTIN_KEY_POLICY_H */