mirror of https://github.com/ARMmbed/mbed-os.git
92 lines
2.8 KiB
C
92 lines
2.8 KiB
C
/* Copyright (c) 2018 ARM Limited
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
#ifndef __SECURE_TIME_CLIENT_H__
|
|
#define __SECURE_TIME_CLIENT_H__
|
|
|
|
#include <stdint.h>
|
|
#include <stdlib.h>
|
|
|
|
/** @addtogroup Secure-Time-API
|
|
* The C interface for setting and getting secure time.
|
|
* All functions are blocking.
|
|
* @{
|
|
*/
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/* Error codes */
|
|
#define SECURE_TIME_SUCCESS (0UL)
|
|
#define SECURE_TIME_BAD_PARAMS (-1L)
|
|
#define SECURE_TIME_INVALID_BLOB_SIZE (-2L)
|
|
#define SECURE_TIME_SIGNATURE_VERIFICATION_FAILED (-3L)
|
|
#define SECURE_TIME_NONCE_MISSING (-4L)
|
|
#define SECURE_TIME_NONCE_NOT_MATCH (-5L)
|
|
#define SECURE_TIME_NONCE_TIMEOUT (-6L)
|
|
#define SECURE_TIME_NOT_ALLOWED (-7L)
|
|
|
|
/**
|
|
* Initialize secure time setting from a trusted time source.
|
|
*
|
|
* The function generates 64-bit nonce that will be used in the next invocation
|
|
* of ::secure_time_set_trusted_commit() to verify the trusted time blob freshness.
|
|
*
|
|
* @param[out] nonce The generated nonce.
|
|
* @return 0 or negative error code if failed.
|
|
*/
|
|
int32_t secure_time_set_trusted_init(uint64_t *nonce);
|
|
|
|
/**
|
|
* Set the secure time from a trusted time source.
|
|
*
|
|
* The time is encapsulated inside blob which is signed with the trusted time
|
|
* sources' private key.
|
|
* The blob will be verified with the trusted time sources' public key.
|
|
* The signatuire to verify is located within the blob's data.
|
|
*
|
|
* @param[in] blob Buffer which holds the blob.
|
|
* @param[in] blob_size Size in bytes of blob.
|
|
* @return 0 or negative error code if failed.
|
|
*/
|
|
int32_t secure_time_set_trusted_commit(const void *blob, size_t blob_size);
|
|
|
|
/**
|
|
* Set the secure time from an arbitrary time source.
|
|
*
|
|
* @param[in] new_time Time value in seconds since EPOCH.
|
|
* @return 0 or negative error code if failed.
|
|
*/
|
|
int32_t secure_time_set(uint64_t new_time);
|
|
|
|
/**
|
|
* Return the current secure-time value.
|
|
*
|
|
* This function will return 0 in case secure time was never set.
|
|
*
|
|
* @return 64-bit value which can be:\n
|
|
* @a time in seconds since EPOCH.\n
|
|
* @a 0 in case of en error
|
|
*/
|
|
uint64_t secure_time_get(void);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
/** @}*/ // end of Secure-Time-API group
|
|
|
|
#endif // __SECURE_TIME_CLIENT_H__
|