diff options
Diffstat (limited to 'include/lib/psa')
-rw-r--r-- | include/lib/psa/delegated_attestation.h | 109 | ||||
-rw-r--r-- | include/lib/psa/measured_boot.h | 77 | ||||
-rw-r--r-- | include/lib/psa/psa/client.h | 102 | ||||
-rw-r--r-- | include/lib/psa/psa/error.h | 42 | ||||
-rw-r--r-- | include/lib/psa/psa_manifest/sid.h | 17 |
5 files changed, 347 insertions, 0 deletions
diff --git a/include/lib/psa/delegated_attestation.h b/include/lib/psa/delegated_attestation.h new file mode 100644 index 0000000..7aaceb3 --- /dev/null +++ b/include/lib/psa/delegated_attestation.h @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +/* This file describes the Delegated Attestation API */ + +#ifndef DELEGATED_ATTESTATION_H +#define DELEGATED_ATTESTATION_H + +#include <stddef.h> +#include <stdint.h> + +#include "psa/error.h" + +/* RSS Delegated Attestation message types that distinguish its services. */ +#define RSS_DELEGATED_ATTEST_GET_DELEGATED_KEY 1001U +#define RSS_DELEGATED_ATTEST_GET_PLATFORM_TOKEN 1002U + +/** + * The aim of these APIs to get a derived signing key (private only) for the + * delegated attestation model and obtain the corresponding platform attestation + * token. In the delegated attestation model the final token consist of more + * than one subtokens which are signed by different entities. There is a + * cryptographical binding between the tokens. The derived delegated attestation + * key is bind to the platform token (details below). + * + * Expected usage model: + * - First rss_delegated_attest_get_delegated_key() API need to be called to + * obtain the private part of the delegated attestation key. The public part + * of key is computed by the cryptographic library when the key is + * registered. + * - Secondly the rss_delegated_attest_get_token() must be called to obtain + * platform attestation token. The hash of the public key (computed by + * the hash_algo indicated in the rss_delegated_attest_get_delegated_key() + * call) must be the input of this call. This ensures that nothing but the + * previously derived delegated key is bindable to the platform token. + */ + +/** + * Get a delegated attestation key (DAK). + * + * The aim of the delegated attestation key is to enable other SW components + * within the system to sign an attestation token which is different than the + * initial/platform token. The initial attestation token MUST contain the hash + * of the public delegated key to make a cryptographical binding (hash lock) + * between the key and the token. + * The initial attestation token has two roles in this scenario: + * - Attest the device boot status and security lifecycle. + * - Attest the delegated attestation key. + * The delegated attestation key is derived from a preprovisioned seed. The + * input for the key derivation is the platform boot status. The system can be + * attestated with the two tokens together. + * + * ecc_curve The type of the elliptic curve to which the requested + * attestation key belongs. Please check the note section for + * limitations. + * key_bits The size of the requested attestation key, in bits. + * key_buf Pointer to the buffer where the delegated attestation key will + * be stored. + * key_buf_size Size of allocated buffer for the key, in bytes. + * key_size Size of the key that has been returned, in bytes. + * hash_algo The hash algorithm that will be used later by the owner of the + * requested delegated key for binding it to the platform + * attestation token. + * + * Returns error code as specified in psa_status_t. + * + * Notes: + * - Currently, only the PSA_ECC_FAMILY_SECP_R1 curve type is supported. + * - The delegated attestation key must be derived before requesting for the + * platform attestation token as they are cryptographically linked together. + */ +psa_status_t +rss_delegated_attest_get_delegated_key(uint8_t ecc_curve, + uint32_t key_bits, + uint8_t *key_buf, + size_t key_buf_size, + size_t *key_size, + uint32_t hash_algo); + +/** + * Get platform attestation token + * + * dak_pub_hash Pointer to buffer where the hash of the public DAK is + * stored. + * dak_pub_hash_size Size of the hash value, in bytes. + * token_buf Pointer to the buffer where the platform attestation token + * will be stored. + * token_buf_size Size of allocated buffer for token, in bytes. + * token_size Size of the token that has been returned, in bytes. + * + * Returns error code as specified in psa_status_t. + * + * A delegated attestation key must be derived before requesting for the + * platform attestation token as they are cryptographically linked together. + * Otherwise, the token request will fail and the PSA_ERROR_INVALID_ARGUMENT + * code will be returned. + */ +psa_status_t +rss_delegated_attest_get_token(const uint8_t *dak_pub_hash, + size_t dak_pub_hash_size, + uint8_t *token_buf, + size_t token_buf_size, + size_t *token_size); + +#endif /* DELEGATED_ATTESTATION_H */ diff --git a/include/lib/psa/measured_boot.h b/include/lib/psa/measured_boot.h new file mode 100644 index 0000000..bdb79d5 --- /dev/null +++ b/include/lib/psa/measured_boot.h @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef PSA_MEASURED_BOOT_H +#define PSA_MEASURED_BOOT_H + +#include <stdbool.h> +#include <stddef.h> +#include <stdint.h> + +#include "psa/error.h" + +/* Minimum measurement value size that can be requested to store */ +#define MEASUREMENT_VALUE_MIN_SIZE 32U +/* Maximum measurement value size that can be requested to store */ +#define MEASUREMENT_VALUE_MAX_SIZE 64U +/* Minimum signer id size that can be requested to store */ +#define SIGNER_ID_MIN_SIZE MEASUREMENT_VALUE_MIN_SIZE +/* Maximum signer id size that can be requested to store */ +#define SIGNER_ID_MAX_SIZE MEASUREMENT_VALUE_MAX_SIZE +/* The theoretical maximum image version is: "255.255.65535\0" */ +#define VERSION_MAX_SIZE 14U +/* Example sw_type: "BL_2, BL_33, etc." */ +#define SW_TYPE_MAX_SIZE 20U +#define NUM_OF_MEASUREMENT_SLOTS 32U + + +/** + * Extends and stores a measurement to the requested slot. + * + * index Slot number in which measurement is to be stored + * signer_id Pointer to signer_id buffer. + * signer_id_size Size of the signer_id buffer in bytes. + * version Pointer to version buffer. + * version_size Size of the version buffer in bytes. + * measurement_algo Algorithm identifier used for measurement. + * sw_type Pointer to sw_type buffer. + * sw_type_size Size of the sw_type buffer in bytes. + * measurement_value Pointer to measurement_value buffer. + * measurement_value_size Size of the measurement_value buffer in bytes. + * lock_measurement Boolean flag requesting whether the measurement + * is to be locked. + * + * PSA_SUCCESS: + * - Success. + * PSA_ERROR_INVALID_ARGUMENT: + * - The size of any argument is invalid OR + * - Input Measurement value is NULL OR + * - Input Signer ID is NULL OR + * - Requested slot index is invalid. + * PSA_ERROR_BAD_STATE: + * - Request to lock, when slot is already locked. + * PSA_ERROR_NOT_PERMITTED: + * - When the requested slot is not accessible to the caller. + */ + +/* Not a standard PSA API, just an extension therefore use the 'rss_' prefix + * rather than the usual 'psa_'. + */ +psa_status_t +rss_measured_boot_extend_measurement(uint8_t index, + const uint8_t *signer_id, + size_t signer_id_size, + const uint8_t *version, + size_t version_size, + uint32_t measurement_algo, + const uint8_t *sw_type, + size_t sw_type_size, + const uint8_t *measurement_value, + size_t measurement_value_size, + bool lock_measurement); + +#endif /* PSA_MEASURED_BOOT_H */ diff --git a/include/lib/psa/psa/client.h b/include/lib/psa/psa/client.h new file mode 100644 index 0000000..56fe028 --- /dev/null +++ b/include/lib/psa/psa/client.h @@ -0,0 +1,102 @@ + +/* + * Copyright (c) 2018-2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef PSA_CLIENT_H +#define PSA_CLIENT_H + +#include <stddef.h> +#include <stdint.h> + +#include <psa/error.h> + +#ifndef IOVEC_LEN +#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0]))) +#endif +/*********************** PSA Client Macros and Types *************************/ +/** + * The version of the PSA Framework API that is being used to build the calling + * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1 + * is compatible with v1.0. + */ +#define PSA_FRAMEWORK_VERSION (0x0101u) +/** + * Return value from psa_version() if the requested RoT Service is not present + * in the system. + */ +#define PSA_VERSION_NONE (0u) +/** + * The zero-value null handle can be assigned to variables used in clients and + * RoT Services, indicating that there is no current connection or message. + */ +#define PSA_NULL_HANDLE ((psa_handle_t)0) +/** + * Tests whether a handle value returned by psa_connect() is valid. + */ +#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0) +/** + * Converts the handle value returned from a failed call psa_connect() into + * an error code. + */ +#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle)) +/** + * Maximum number of input and output vectors for a request to psa_call(). + */ +#define PSA_MAX_IOVEC (4u) +/** + * An IPC message type that indicates a generic client request. + */ +#define PSA_IPC_CALL (0) +typedef int32_t psa_handle_t; +/** + * A read-only input memory region provided to an RoT Service. + */ +typedef struct psa_invec { + const void *base; /*!< the start address of the memory buffer */ + size_t len; /*!< the size in bytes */ +} psa_invec; +/** + * A writable output memory region provided to an RoT Service. + */ +typedef struct psa_outvec { + void *base; /*!< the start address of the memory buffer */ + size_t len; /*!< the size in bytes */ +} psa_outvec; + +/** + * Call an RoT Service on an established connection. + * + * handle A handle to an established connection. + * type The request type. Must be zero(PSA_IPC_CALL) or positive. + * in_vec Array of input psa_invec structures. + * in_len Number of input psa_invec structures. + * out_vec Array of output psa_outvec structures. + * out_len Number of output psa_outvec structures. + * + * Return value >=0 RoT Service-specific status value. + * Return value <0 RoT Service-specific error code. + * + * PSA_ERROR_PROGRAMMER_ERROR: + * - The connection has been terminated by the RoT Service. + * + * The call is a PROGRAMMER ERROR if one or more of the following are true: + * - An invalid handle was passed. + * - The connection is already handling a request. + * - type < 0. + * - An invalid memory reference was provided. + * - in_len + out_len > PSA_MAX_IOVEC. + * - The message is unrecognized by the RoT. + * - Service or incorrectly formatted. + */ +psa_status_t psa_call(psa_handle_t handle, + int32_t type, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len); + +#endif /* PSA_CLIENT_H */ diff --git a/include/lib/psa/psa/error.h b/include/lib/psa/psa/error.h new file mode 100644 index 0000000..8a6eb7b --- /dev/null +++ b/include/lib/psa/psa/error.h @@ -0,0 +1,42 @@ + +/* + * Copyright (c) 2019-2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef PSA_ERROR_H +#define PSA_ERROR_H + +#include <stdint.h> + +typedef int32_t psa_status_t; + +#define PSA_SUCCESS ((psa_status_t)0) +#define PSA_SUCCESS_REBOOT ((psa_status_t)1) +#define PSA_SUCCESS_RESTART ((psa_status_t)2) +#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t)-129) +#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t)-130) +#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t)-131) +#define PSA_ERROR_GENERIC_ERROR ((psa_status_t)-132) +#define PSA_ERROR_NOT_PERMITTED ((psa_status_t)-133) +#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t)-134) +#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) +#define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) +#define PSA_ERROR_BAD_STATE ((psa_status_t)-137) +#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t)-138) +#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t)-139) +#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t)-140) +#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t)-141) +#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t)-142) +#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) +#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t)-144) +#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145) +#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t)-146) +#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t)-147) +#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t)-149) +#define PSA_ERROR_DEPENDENCY_NEEDED ((psa_status_t)-156) +#define PSA_ERROR_CURRENTLY_INSTALLING ((psa_status_t)-157) + +#endif /* PSA_ERROR_H */ diff --git a/include/lib/psa/psa_manifest/sid.h b/include/lib/psa/psa_manifest/sid.h new file mode 100644 index 0000000..0bdeed4 --- /dev/null +++ b/include/lib/psa/psa_manifest/sid.h @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2019-2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef PSA_MANIFEST_SID_H +#define PSA_MANIFEST_SID_H + +/******** PSA_SP_MEASURED_BOOT ********/ +#define RSS_MEASURED_BOOT_HANDLE (0x40000110U) + +/******** PSA_SP_DELAGATED_ATTESTATION ********/ +#define RSS_DELEGATED_SERVICE_HANDLE (0x40000111U) + +#endif /* PSA_MANIFEST_SID_H */ |