blob: b9351161372e6b13c2ccab41e499921a01d847c9 [file] [log] [blame]
/*
*
* Copyright (c) 2021 Project CHIP Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#include <lib/core/CHIPError.h>
#include <lib/support/Span.h>
namespace chip {
namespace Credentials {
class DeviceAttestationCredentialsProvider
{
public:
DeviceAttestationCredentialsProvider() = default;
virtual ~DeviceAttestationCredentialsProvider() = default;
// Not copyable
DeviceAttestationCredentialsProvider(const DeviceAttestationCredentialsProvider &) = delete;
DeviceAttestationCredentialsProvider & operator=(const DeviceAttestationCredentialsProvider &) = delete;
/**
* @brief Get the Certification Declaration body. Updates `out_cd_buffer`'s size on success
* to match the data size. If no Certification Declaration is available, sets
* `out_cd_buffer` to empty.
*
* @param[inout] out_cd_buffer Buffer to receive the Certification Declaration body.
* @returns CHIP_NO_ERROR on success, CHIP_ERROR_BUFFER_TOO_SMALL if `out_cd_buffer`
* is too small, or another CHIP_ERROR from the underlying implementation
* if access fails.
*/
virtual CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & out_cd_buffer) = 0;
/**
* @brief Get the Firmware Information body. Updates `out_firmware_info_buffer`'s size
* on success to match the data size. If no Firmware Information is available,
* sets `out_firmware_info_buffer` to empty.
*
* @param[inout] out_firmware_info_buffer Buffer to receive the Firmware Information body.
* @returns CHIP_NO_ERROR on success, CHIP_ERROR_BUFFER_TOO_SMALL if `out_firmware_info_buffer`
* is too small, or another CHIP_ERROR from the underlying implementation if access fails.
*/
virtual CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) = 0;
/**
* @brief Get the Device Attestation Certificate in DER format. Updates `out_dac_buffer`'s
* size on success to match the data size. If no Device Attestation Certificate
* is available, sets `out_dac_buffer` to empty.
*
* @param[inout] out_dac_buffer Buffer to receive the Device Attestation Certificate.
* @returns CHIP_NO_ERROR on success, CHIP_ERROR_BUFFER_TOO_SMALL if `out_dac_buffer`
* is too small, or another CHIP_ERROR from the underlying implementation if
* access fails.
*/
virtual CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & out_dac_buffer) = 0;
/**
* @brief Get the PAI Certificate in DER format. Updates `out_pai_buffer`'s
* size on success to match the data size. If no PAI certificate
* is available, sets `out_pai_buffer` to empty.
*
* @param[inout] out_pai_buffer Buffer to receive the PAI certificate.
* @returns CHIP_NO_ERROR on success, CHIP_ERROR_BUFFER_TOO_SMALL if `out_pai_buffer`
* is too small, or another CHIP_ERROR from the underlying implementation if
* access fails.
*/
virtual CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & out_pai_buffer) = 0;
/**
* @brief Signs a SHA256 digest using the device attestation private key
*
* @param[in] digest_to_sign The SHA256 digest to sign using the attestation private key. Must
* be exactly chip::Crypto::kSHA256_Hash_Length.
* @param[inout] out_signature_buffer Buffer to receive the signature in raw <r,s> format.
* @returns CHIP_NO_ERROR on success, CHIP_ERROR_INVALID_ARGUMENT if `digest_to_sign` is wrong size,
* CHIP_ERROR_BUFFER_TOO_SMALL if `out_signature_buffer` is too small,
* or another CHIP_ERROR from the underlying implementation if signature fails.
*/
virtual CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & digest_to_sign, MutableByteSpan & out_signature_buffer) = 0;
};
/**
* Instance getter for the global DeviceAttestationCredentialsProvider.
*
* Callers have to externally synchronize usage of this function.
*
* @return The global device attestation credentials provider. Assume never null.
*/
DeviceAttestationCredentialsProvider * GetDeviceAttestationCredentialsProvider();
/**
* Instance setter for the global DeviceAttestationCredentialsProvider.
*
* Callers have to externally synchronize usage of this function.
*
* If the `provider` is nullptr, no change is done.
*
* @param[in] provider the DeviceAttestationCredentialsProvider to start returning with the getter
*/
void SetDeviceAttestationCredentialsProvider(DeviceAttestationCredentialsProvider * provider);
} // namespace Credentials
} // namespace chip