1 /* 2 * Copyright (c) 2024, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef DICE_PROTECTION_ENVIRONMENT_H 9 #define DICE_PROTECTION_ENVIRONMENT_H 10 11 #include <stdbool.h> 12 #include <stddef.h> 13 #include <stdint.h> 14 15 #include <dice.h> 16 17 /* Additional defines for max size limit. These limits are set by DPE in RSS. */ 18 #define DICE_AUTHORITY_DESCRIPTOR_MAX_SIZE 64 19 #define DICE_CONFIG_DESCRIPTOR_MAX_SIZE 64 20 #define DICE_CODE_DESCRIPTOR_MAX_SIZE 32 21 22 typedef int32_t dpe_error_t; 23 24 #define DPE_NO_ERROR ((dpe_error_t)0) 25 #define DPE_INTERNAL_ERROR ((dpe_error_t)1) 26 #define DPE_INVALID_COMMAND ((dpe_error_t)2) 27 #define DPE_INVALID_ARGUMENT ((dpe_error_t)3) 28 #define DPE_ARGUMENT_NOT_SUPPORTED ((dpe_error_t)4) 29 #define DPE_SESSION_EXHAUSTED ((dpe_error_t)5) 30 31 /* Custom values in RSS based DPE implementation */ 32 #define DPE_INSUFFICIENT_MEMORY ((dpe_error_t)128) 33 #define DPE_ERR_CBOR_FORMATTING ((dpe_error_t)129) 34 35 /** 36 * Client facing API. Parameters are according to the DPE spec version r0.9 37 * 38 * \brief Performs the DICE computation to derive a new context and optionally 39 * creates an intermediate certificate. Software component measurement 40 * must be provided in dice_inputs. 41 * 42 * \param[in] context_handle Input context handle for the DPE 43 * context. 44 * \param[in] retain_parent_context Flag to indicate whether to retain the 45 * parent context. True only if a client 46 * will call further DPE commands on the 47 * same context. 48 * \param[in] allow_new_context_to_derive Flag to indicate whether derived context 49 * can derive further. True only if the 50 * new context will load further components. 51 * \param[in] create_certificate Flag to indicate whether to create an 52 * intermediate certificate. True only if 53 * it is the last component in the layer. 54 * \param[in] dice_inputs DICE input values. 55 * \param[in] target_locality Identifies the locality to which the 56 * derived context will be bound. Could be 57 * MHU id. 58 * \param[in] return_certificate Indicates whether to return the generated 59 * certificate when create_certificate is true. 60 * \param[in] allow_new_context_to_export Indicates whether the DPE permits export of 61 * the CDI from the newly derived context. 62 * \param[in] export_cdi Indicates whether to export derived CDI. 63 * \param[out] new_context_handle New handle for the derived context. 64 * \param[out] new_parent_context_handle New handle for the parent context. 65 * \param[out] new_certificate_buf If create_certificate and return_certificate 66 * are both true, this argument holds the new 67 * certificate generated for the new context 68 * \param[in] new_certificate_buf_size Size of the allocated buffer for 69 * new certificate. 70 * \param[out] new_certificate_actual_size Actual size of the new certificate. 71 * \param[out] exported_cdi_buf If export_cdi is true, this is the 72 * exported CDI value. 73 * \param[in] exported_cdi_buf_size Size of the allocated buffer for 74 * exported cdi. 75 * \param[out] exported_cdi_actual_size Actual size of the exported cdi. 76 * 77 * \return Returns error code of type dpe_error_t 78 */ 79 dpe_error_t dpe_derive_context(int context_handle, 80 bool retain_parent_context, 81 bool allow_new_context_to_derive, 82 bool create_certificate, 83 const DiceInputValues *dice_inputs, 84 int32_t target_locality, 85 bool return_certificate, 86 bool allow_new_context_to_export, 87 bool export_cdi, 88 int *new_context_handle, 89 int *new_parent_context_handle, 90 uint8_t *new_certificate_buf, 91 size_t new_certificate_buf_size, 92 size_t *new_certificate_actual_size, 93 uint8_t *exported_cdi_buf, 94 size_t exported_cdi_buf_size, 95 size_t *exported_cdi_actual_size); 96 97 #endif /* DICE_PROTECTION_ENVIRONMENT_H */ 98