Adding upstream version 2.10.0+dfsg.upstream/2.10.0+dfsg upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-21 17:43:51 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-21 17:43:51 +0000
commit: be58c81aff4cd4c0ccf43dbd7998da4a6a08c03b (patch)
tree: 779c248fb61c83f65d1f0dc867f2053d76b4e03a /lib/psa
parent: Initial commit. (diff)
download: arm-trusted-firmware-be58c81aff4cd4c0ccf43dbd7998da4a6a08c03b.tar.xz
arm-trusted-firmware-be58c81aff4cd4c0ccf43dbd7998da4a6a08c03b.zip
4 files changed, 403 insertions, 0 deletions
diff --git a/lib/psa/delegated_attestation.c b/lib/psa/delegated_attestation.c
new file mode 100644
index 0000000..81e2621
--- /dev/null
+++ b/lib/psa/delegated_attestation.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <delegated_attestation.h>
+#include <psa/client.h>
+#include <psa_manifest/sid.h>
+
+psa_status_t
+rss_delegated_attest_get_delegated_key(uint8_t   ecc_curve,
+				       uint32_t  key_bits,
+				       uint8_t  *key_buf,
+				       size_t    key_buf_size,
+				       size_t   *key_size,
+				       uint32_t  hash_algo)
+{
+	psa_status_t status;
+	psa_invec in_vec[] = {
+		{&ecc_curve, sizeof(ecc_curve)},
+		{&key_bits,  sizeof(key_bits)},
+		{&hash_algo, sizeof(hash_algo)}
+	};
+	psa_outvec out_vec[] = {
+		{key_buf, key_buf_size}
+	};
+
+	if (key_size == NULL) {
+		return PSA_ERROR_INVALID_ARGUMENT;
+	}
+
+	status = psa_call(RSS_DELEGATED_SERVICE_HANDLE,
+			  RSS_DELEGATED_ATTEST_GET_DELEGATED_KEY,
+			  in_vec,  IOVEC_LEN(in_vec),
+			  out_vec, IOVEC_LEN(out_vec));
+	if (status == PSA_SUCCESS) {
+		*key_size = out_vec[0].len;
+	}
+
+	return status;
+}
+
+psa_status_t
+rss_delegated_attest_get_token(const uint8_t *dak_pub_hash,
+			       size_t         dak_pub_hash_size,
+			       uint8_t       *token_buf,
+			       size_t         token_buf_size,
+			       size_t        *token_size)
+{
+	psa_status_t status;
+	psa_invec in_vec[] = {
+		{dak_pub_hash, dak_pub_hash_size}
+	};
+	psa_outvec out_vec[] = {
+		{token_buf, token_buf_size}
+	};
+
+	if (token_size == NULL) {
+		return PSA_ERROR_INVALID_ARGUMENT;
+	}
+
+	status = psa_call(RSS_DELEGATED_SERVICE_HANDLE,
+			  RSS_DELEGATED_ATTEST_GET_PLATFORM_TOKEN,
+			  in_vec, IOVEC_LEN(in_vec),
+			  out_vec, IOVEC_LEN(out_vec));
+	if (status == PSA_SUCCESS) {
+		*token_size = out_vec[0].len;
+	}
+
+	return status;
+}
diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c
new file mode 100644
index 0000000..c359e9f
--- /dev/null
+++ b/lib/psa/measured_boot.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <string.h>
+
+#include <common/debug.h>
+#include <measured_boot.h>
+#include <psa/client.h>
+#include <psa_manifest/sid.h>
+
+#include "measured_boot_private.h"
+
+static void print_byte_array(const uint8_t *array __unused, size_t len __unused)
+{
+#if LOG_LEVEL >= LOG_LEVEL_INFO
+	size_t i;
+
+	if (array == NULL || len == 0U) {
+		(void)printf("\n");
+	} else {
+		for (i = 0U; i < len; ++i) {
+			(void)printf(" %02x", array[i]);
+			if ((i & U(0xF)) == U(0xF)) {
+				(void)printf("\n");
+				if (i < (len - 1U)) {
+					INFO("\t\t:");
+				}
+			}
+		}
+	}
+#endif
+}
+
+static void log_measurement(uint8_t index,
+			    const uint8_t *signer_id,
+			    size_t signer_id_size,
+			    const uint8_t *version,     /* string */
+			    size_t version_size,
+			    const uint8_t *sw_type,     /* string */
+			    size_t sw_type_size,
+			    uint32_t measurement_algo,
+			    const uint8_t *measurement_value,
+			    size_t measurement_value_size,
+			    bool lock_measurement)
+{
+	INFO("Measured boot extend measurement:\n");
+	INFO(" - slot        : %u\n", index);
+	INFO(" - signer_id   :");
+	print_byte_array(signer_id, signer_id_size);
+	INFO(" - version     : %s\n",  version);
+	INFO(" - version_size: %zu\n", version_size);
+	INFO(" - sw_type     : %s\n",  sw_type);
+	INFO(" - sw_type_size: %zu\n", sw_type_size);
+	INFO(" - algorithm   : %x\n", measurement_algo);
+	INFO(" - measurement :");
+	print_byte_array(measurement_value, measurement_value_size);
+	INFO(" - locking     : %s\n", lock_measurement ? "true" : "false");
+}
+
+#if !PLAT_RSS_NOT_SUPPORTED
+psa_status_t
+rss_measured_boot_extend_measurement(uint8_t index,
+				     const uint8_t *signer_id,
+				     size_t signer_id_size,
+				     const uint8_t *version,
+				     size_t version_size,
+				     uint32_t measurement_algo,
+				     const uint8_t *sw_type,
+				     size_t sw_type_size,
+				     const uint8_t *measurement_value,
+				     size_t measurement_value_size,
+				     bool lock_measurement)
+{
+	struct measured_boot_extend_iovec_t extend_iov = {
+		.index = index,
+		.lock_measurement = lock_measurement,
+		.measurement_algo = measurement_algo,
+		.sw_type = {0},
+		.sw_type_size = sw_type_size,
+	};
+
+	if (version_size > VERSION_MAX_SIZE) {
+		return PSA_ERROR_INVALID_ARGUMENT;
+	}
+
+
+	if (version_size > 0 && version[version_size - 1] == '\0') {
+		version_size--;
+	}
+
+	psa_invec in_vec[] = {
+		{.base = &extend_iov,
+			.len = sizeof(struct measured_boot_extend_iovec_t)},
+		{.base = signer_id, .len = signer_id_size},
+		{.base = version, .len = version_size },
+		{.base = measurement_value, .len = measurement_value_size}
+	};
+
+	if (sw_type != NULL) {
+		if (extend_iov.sw_type_size > SW_TYPE_MAX_SIZE) {
+			return PSA_ERROR_INVALID_ARGUMENT;
+		}
+		if (sw_type_size > 0 && sw_type[sw_type_size - 1] == '\0') {
+			extend_iov.sw_type_size--;
+		}
+		memcpy(extend_iov.sw_type, sw_type, extend_iov.sw_type_size);
+	}
+
+	log_measurement(index, signer_id, signer_id_size,
+			version, version_size, sw_type, sw_type_size,
+			measurement_algo, measurement_value,
+			measurement_value_size, lock_measurement);
+
+	return psa_call(RSS_MEASURED_BOOT_HANDLE,
+			RSS_MEASURED_BOOT_EXTEND,
+			in_vec, IOVEC_LEN(in_vec),
+			NULL, 0);
+}
+
+psa_status_t rss_measured_boot_read_measurement(uint8_t index,
+					uint8_t *signer_id,
+					size_t signer_id_size,
+					size_t *signer_id_len,
+					uint8_t *version,
+					size_t version_size,
+					size_t *version_len,
+					uint32_t *measurement_algo,
+					uint8_t *sw_type,
+					size_t sw_type_size,
+					size_t *sw_type_len,
+					uint8_t *measurement_value,
+					size_t measurement_value_size,
+					size_t *measurement_value_len,
+					bool *is_locked)
+{
+	psa_status_t status;
+	struct measured_boot_read_iovec_in_t read_iov_in = {
+		.index = index,
+		.sw_type_size = sw_type_size,
+		.version_size = version_size,
+	};
+
+	struct measured_boot_read_iovec_out_t read_iov_out;
+
+	psa_invec in_vec[] = {
+		{.base = &read_iov_in,
+		 .len = sizeof(struct measured_boot_read_iovec_in_t)},
+	};
+
+	psa_outvec out_vec[] = {
+		{.base = &read_iov_out,
+		 .len = sizeof(struct measured_boot_read_iovec_out_t)},
+		{.base = signer_id, .len = signer_id_size},
+		{.base = measurement_value, .len = measurement_value_size}
+	};
+
+	status = psa_call(RSS_MEASURED_BOOT_HANDLE, RSS_MEASURED_BOOT_READ,
+					  in_vec, IOVEC_LEN(in_vec),
+					  out_vec, IOVEC_LEN(out_vec));
+
+	if (status == PSA_SUCCESS) {
+		*is_locked = read_iov_out.is_locked;
+		*measurement_algo = read_iov_out.measurement_algo;
+		*sw_type_len = read_iov_out.sw_type_len;
+		*version_len = read_iov_out.version_len;
+		memcpy(sw_type, read_iov_out.sw_type, read_iov_out.sw_type_len);
+		memcpy(version, read_iov_out.version, read_iov_out.version_len);
+		*signer_id_len = out_vec[1].len;
+		*measurement_value_len = out_vec[2].len;
+	}
+
+	return status;
+}
+
+#else /* !PLAT_RSS_NOT_SUPPORTED */
+
+psa_status_t
+rss_measured_boot_extend_measurement(uint8_t index,
+				     const uint8_t *signer_id,
+				     size_t signer_id_size,
+				     const uint8_t *version,
+				     size_t version_size,
+				     uint32_t measurement_algo,
+				     const uint8_t *sw_type,
+				     size_t sw_type_size,
+				     const uint8_t *measurement_value,
+				     size_t measurement_value_size,
+				     bool lock_measurement)
+{
+	log_measurement(index, signer_id, signer_id_size,
+			version, version_size, sw_type, sw_type_size,
+			measurement_algo, measurement_value,
+			measurement_value_size, lock_measurement);
+
+	return PSA_SUCCESS;
+}
+
+psa_status_t rss_measured_boot_read_measurement(uint8_t index,
+					uint8_t *signer_id,
+					size_t signer_id_size,
+					size_t *signer_id_len,
+					uint8_t *version,
+					size_t version_size,
+					size_t *version_len,
+					uint32_t *measurement_algo,
+					uint8_t *sw_type,
+					size_t sw_type_size,
+					size_t *sw_type_len,
+					uint8_t *measurement_value,
+					size_t measurement_value_size,
+					size_t *measurement_value_len,
+					bool *is_locked)
+{
+	return PSA_SUCCESS;
+}
+
+#endif /* !PLAT_RSS_NOT_SUPPORTED */
diff --git a/lib/psa/measured_boot_private.h b/lib/psa/measured_boot_private.h
new file mode 100644
index 0000000..80d2c19
--- /dev/null
+++ b/lib/psa/measured_boot_private.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef PSA_MEASURED_BOOT_PRIVATE_H
+#define PSA_MEASURED_BOOT_PRIVATE_H
+
+#include <stdint.h>
+
+/* Measured boot message types that distinguish its services */
+#define RSS_MEASURED_BOOT_READ		1001U
+#define RSS_MEASURED_BOOT_EXTEND	1002U
+
+struct measured_boot_read_iovec_in_t {
+    uint8_t index;
+    uint8_t sw_type_size;
+    uint8_t version_size;
+};
+
+struct measured_boot_read_iovec_out_t {
+    uint8_t  is_locked;
+    uint32_t measurement_algo;
+    uint8_t  sw_type[SW_TYPE_MAX_SIZE];
+    uint8_t  sw_type_len;
+    uint8_t  version[VERSION_MAX_SIZE];
+    uint8_t  version_len;
+};
+
+struct measured_boot_extend_iovec_t {
+	uint8_t  index;
+	uint8_t  lock_measurement;
+	uint32_t measurement_algo;
+	uint8_t  sw_type[SW_TYPE_MAX_SIZE];
+	uint8_t  sw_type_size;
+};
+
+#endif /* PSA_MEASURED_BOOT_PRIVATE_H */
diff --git a/lib/psa/rss_platform.c b/lib/psa/rss_platform.c
new file mode 100644
index 0000000..7d90bfc
--- /dev/null
+++ b/lib/psa/rss_platform.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <psa/client.h>
+#include <psa_manifest/sid.h>
+#include <rss_crypto_defs.h>
+#include <rss_platform_api.h>
+
+psa_status_t
+rss_platform_nv_counter_increment(uint32_t counter_id)
+{
+	struct psa_invec in_vec[1];
+
+	in_vec[0].base = &counter_id;
+	in_vec[0].len = sizeof(counter_id);
+
+	return psa_call(RSS_PLATFORM_SERVICE_HANDLE,
+			RSS_PLATFORM_API_ID_NV_INCREMENT,
+			in_vec, 1, NULL, 0);
+}
+
+psa_status_t
+rss_platform_nv_counter_read(uint32_t counter_id,
+		uint32_t size, uint8_t *val)
+{
+	struct psa_invec in_vec[1];
+	struct psa_outvec out_vec[1];
+
+	in_vec[0].base = &counter_id;
+	in_vec[0].len = sizeof(counter_id);
+
+	out_vec[0].base = val;
+	out_vec[0].len = size;
+
+	return psa_call(RSS_PLATFORM_SERVICE_HANDLE,
+			RSS_PLATFORM_API_ID_NV_READ,
+			in_vec, 1, out_vec, 1);
+}
+
+psa_status_t
+rss_platform_key_read(enum rss_key_id_builtin_t key, uint8_t *data,
+		size_t data_size, size_t *data_length)
+{
+	psa_status_t status;
+
+	struct rss_crypto_pack_iovec iov = {
+		.function_id = RSS_CRYPTO_EXPORT_PUBLIC_KEY_SID,
+		.key_id = key,
+	};
+
+	psa_invec in_vec[] = {
+		{.base = &iov, .len = sizeof(struct rss_crypto_pack_iovec)},
+	};
+	psa_outvec out_vec[] = {
+		{.base = data, .len = data_size}
+	};
+
+	status = psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL,
+			in_vec, IOVEC_LEN(in_vec),
+			out_vec, IOVEC_LEN(out_vec));
+
+	*data_length = out_vec[0].len;
+
+	return status;
+}
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-21 17:43:51 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-21 17:43:51 +0000
commit	be58c81aff4cd4c0ccf43dbd7998da4a6a08c03b (patch)
tree	779c248fb61c83f65d1f0dc867f2053d76b4e03a /lib/psa
parent	Initial commit. (diff)
download	arm-trusted-firmware-be58c81aff4cd4c0ccf43dbd7998da4a6a08c03b.tar.xz arm-trusted-firmware-be58c81aff4cd4c0ccf43dbd7998da4a6a08c03b.zip