xref: /rk3399_ARM-atf/include/lib/psa/delegated_attestation.h (revision a1901c7d0d05ac02b254bf215fb889b9c0a9bc7d) 
14b09ffefSTamas Ban /*
24b09ffefSTamas Ban  * Copyright (c) 2022, Arm Limited. All rights reserved.
34b09ffefSTamas Ban  *
44b09ffefSTamas Ban  * SPDX-License-Identifier: BSD-3-Clause
54b09ffefSTamas Ban  *
64b09ffefSTamas Ban  */
74b09ffefSTamas Ban 
84b09ffefSTamas Ban /* This file describes the Delegated Attestation API */
94b09ffefSTamas Ban 
104b09ffefSTamas Ban #ifndef DELEGATED_ATTESTATION_H
114b09ffefSTamas Ban #define DELEGATED_ATTESTATION_H
124b09ffefSTamas Ban 
134b09ffefSTamas Ban #include <stddef.h>
144b09ffefSTamas Ban #include <stdint.h>
154b09ffefSTamas Ban 
164b09ffefSTamas Ban #include "psa/error.h"
174b09ffefSTamas Ban 
18*d797665cSTamas Ban /* RSE Delegated Attestation message types that distinguish its services. */
19*d797665cSTamas Ban #define RSE_DELEGATED_ATTEST_GET_DELEGATED_KEY      1001U
20*d797665cSTamas Ban #define RSE_DELEGATED_ATTEST_GET_PLATFORM_TOKEN     1002U
214b09ffefSTamas Ban 
224b09ffefSTamas Ban /**
234b09ffefSTamas Ban  * The aim of these APIs to get a derived signing key (private only) for the
244b09ffefSTamas Ban  * delegated attestation model and obtain the corresponding platform attestation
254b09ffefSTamas Ban  * token. In the delegated attestation model the final token consist of more
264b09ffefSTamas Ban  * than one subtokens which are signed by different entities. There is a
274b09ffefSTamas Ban  * cryptographical binding between the tokens. The derived delegated attestation
284b09ffefSTamas Ban  * key is bind to the platform token (details below).
294b09ffefSTamas Ban  *
304b09ffefSTamas Ban  * Expected usage model:
31*d797665cSTamas Ban  *  - First rse_delegated_attest_get_delegated_key() API need to be called to
324b09ffefSTamas Ban  *    obtain the private part of the delegated attestation key. The public part
334b09ffefSTamas Ban  *    of key is computed by the cryptographic library when the key is
344b09ffefSTamas Ban  *    registered.
35*d797665cSTamas Ban  *  - Secondly the rse_delegated_attest_get_token() must be called to obtain
364b09ffefSTamas Ban  *    platform attestation token. The hash of the public key (computed by
37*d797665cSTamas Ban  *    the hash_algo indicated in the rse_delegated_attest_get_delegated_key()
384b09ffefSTamas Ban  *    call) must be the input of this call. This ensures that nothing but the
394b09ffefSTamas Ban  *    previously derived delegated key is bindable to the platform token.
404b09ffefSTamas Ban  */
414b09ffefSTamas Ban 
424b09ffefSTamas Ban /**
434b09ffefSTamas Ban  * Get a delegated attestation key (DAK).
444b09ffefSTamas Ban  *
454b09ffefSTamas Ban  * The aim of the delegated attestation key is to enable other SW components
464b09ffefSTamas Ban  * within the system to sign an attestation token which is different than the
474b09ffefSTamas Ban  * initial/platform token. The initial attestation token MUST contain the hash
484b09ffefSTamas Ban  * of the public delegated key to make a cryptographical binding (hash lock)
494b09ffefSTamas Ban  * between the key and the token.
504b09ffefSTamas Ban  * The initial attestation token has two roles in this scenario:
514b09ffefSTamas Ban  *   - Attest the device boot status and security lifecycle.
524b09ffefSTamas Ban  *   - Attest the delegated attestation key.
534b09ffefSTamas Ban  * The delegated attestation key is derived from a preprovisioned seed. The
544b09ffefSTamas Ban  * input for the key derivation is the platform boot status. The system can be
554b09ffefSTamas Ban  * attestated with the two tokens together.
564b09ffefSTamas Ban  *
574b09ffefSTamas Ban  * ecc_curve     The type of the elliptic curve to which the requested
584b09ffefSTamas Ban  *               attestation key belongs. Please check the note section for
594b09ffefSTamas Ban  *               limitations.
604b09ffefSTamas Ban  * key_bits      The size of the requested attestation key, in bits.
614b09ffefSTamas Ban  * key_buf       Pointer to the buffer where the delegated attestation key will
624b09ffefSTamas Ban  *               be stored.
634b09ffefSTamas Ban  * key_buf_size  Size of allocated buffer for the key, in bytes.
644b09ffefSTamas Ban  * key_size      Size of the key that has been returned, in bytes.
654b09ffefSTamas Ban  * hash_algo     The hash algorithm that will be used later by the owner of the
664b09ffefSTamas Ban  *               requested delegated key for binding it to the platform
674b09ffefSTamas Ban  *               attestation token.
684b09ffefSTamas Ban  *
694b09ffefSTamas Ban  * Returns error code as specified in psa_status_t.
704b09ffefSTamas Ban  *
714b09ffefSTamas Ban  * Notes:
724b09ffefSTamas Ban  *   - Currently, only the PSA_ECC_FAMILY_SECP_R1 curve type is supported.
734b09ffefSTamas Ban  *   - The delegated attestation key must be derived before requesting for the
744b09ffefSTamas Ban  *     platform attestation token as they are cryptographically linked together.
754b09ffefSTamas Ban  */
764b09ffefSTamas Ban psa_status_t
77*d797665cSTamas Ban rse_delegated_attest_get_delegated_key(uint8_t   ecc_curve,
784b09ffefSTamas Ban 				       uint32_t  key_bits,
794b09ffefSTamas Ban 				       uint8_t  *key_buf,
804b09ffefSTamas Ban 				       size_t    key_buf_size,
814b09ffefSTamas Ban 				       size_t   *key_size,
824b09ffefSTamas Ban 				       uint32_t  hash_algo);
834b09ffefSTamas Ban 
844b09ffefSTamas Ban /**
854b09ffefSTamas Ban  * Get platform attestation token
864b09ffefSTamas Ban  *
874b09ffefSTamas Ban  * dak_pub_hash       Pointer to buffer where the hash of the public DAK is
884b09ffefSTamas Ban  *                    stored.
894b09ffefSTamas Ban  * dak_pub_hash_size  Size of the hash value, in bytes.
904b09ffefSTamas Ban  * token_buf          Pointer to the buffer where the platform attestation token
914b09ffefSTamas Ban  *                    will be stored.
924b09ffefSTamas Ban  * token_buf_size     Size of allocated buffer for token, in bytes.
934b09ffefSTamas Ban  * token_size         Size of the token that has been returned, in bytes.
944b09ffefSTamas Ban  *
954b09ffefSTamas Ban  * Returns error code as specified in psa_status_t.
964b09ffefSTamas Ban  *
974b09ffefSTamas Ban  * A delegated attestation key must be derived before requesting for the
984b09ffefSTamas Ban  * platform attestation token as they are cryptographically linked together.
994b09ffefSTamas Ban  * Otherwise, the token request will fail and the PSA_ERROR_INVALID_ARGUMENT
1004b09ffefSTamas Ban  * code will be returned.
1014b09ffefSTamas Ban  */
1024b09ffefSTamas Ban psa_status_t
103*d797665cSTamas Ban rse_delegated_attest_get_token(const uint8_t *dak_pub_hash,
1044b09ffefSTamas Ban 			       size_t         dak_pub_hash_size,
1054b09ffefSTamas Ban 			       uint8_t       *token_buf,
1064b09ffefSTamas Ban 			       size_t         token_buf_size,
1074b09ffefSTamas Ban 			       size_t        *token_size);
1084b09ffefSTamas Ban 
1094b09ffefSTamas Ban #endif /* DELEGATED_ATTESTATION_H */
110