MA-15142 Support secure attestation provision

In host end, need encrypt the attestation keys and certs
by manufacture protection public key though  AES-128-ECB.
Then use below 4 set of commands to provision encrypted
RSA attestation and EC attestation:
  * $fastboot stage atte_rsa_key.bin
  * $fastboot oem set-rsa-atte-key-enc
  * $fastboot stage atte_rsa_cert.bin
  * $fastboot oem append-rsa-atte-cert-enc
  * $fastboot stage atte_ec_key.bin
  * $fastboot oem set-ec-atte-key-enc
  * $fastboot stage atte_ec_cert.bin
  * $fastboot oem append-ec-atte-cert-enc

Change-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>

1 files changed, 15 insertions, 0 deletions

diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c
index 0826002943..01828e0bd7 100644
--- a/lib/trusty/ql-tipc/keymaster.c
+++ b/lib/trusty/ql-tipc/keymaster.c
@@ -410,6 +410,21 @@ int trusty_append_attestation_cert_chain(const uint8_t *cert,
                                         cert, cert_size, algorithm);
 }
 
+int trusty_set_attestation_key_enc(const uint8_t *key, uint32_t key_size,
+                               keymaster_algorithm_t algorithm)
+{
+    return trusty_send_attestation_data(KM_SET_ATTESTATION_KEY_ENC, key, key_size,
+                                        algorithm);
+}
+
+int trusty_append_attestation_cert_chain_enc(const uint8_t *cert,
+                                         uint32_t cert_size,
+                                         keymaster_algorithm_t algorithm)
+{
+    return trusty_send_attestation_data(KM_APPEND_ATTESTATION_CERT_CHAIN_ENC,
+                                        cert, cert_size, algorithm);
+}
+
 int trusty_atap_get_ca_request(const uint8_t *operation_start,
                                uint32_t operation_start_size,
                                uint8_t **ca_request_p,