1*98d36e5bSVivek Gautam /* 2*98d36e5bSVivek Gautam * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved. 3*98d36e5bSVivek Gautam * 4*98d36e5bSVivek Gautam * SPDX-License-Identifier: BSD-3-Clause 5*98d36e5bSVivek Gautam */ 6*98d36e5bSVivek Gautam 7*98d36e5bSVivek Gautam #include <assert.h> 8*98d36e5bSVivek Gautam 9*98d36e5bSVivek Gautam #include <psa/crypto_sizes.h> 10*98d36e5bSVivek Gautam #include <psa/crypto_types.h> 11*98d36e5bSVivek Gautam #include <psa/crypto_values.h> 12*98d36e5bSVivek Gautam 13*98d36e5bSVivek Gautam #include <cca_attestation.h> 14*98d36e5bSVivek Gautam #include <delegated_attestation.h> 15*98d36e5bSVivek Gautam #include <services/rmmd_svc.h> 16*98d36e5bSVivek Gautam 17*98d36e5bSVivek Gautam psa_status_t 18*98d36e5bSVivek Gautam cca_attestation_get_realm_key(uintptr_t buf, size_t *len, unsigned int type) 19*98d36e5bSVivek Gautam { 20*98d36e5bSVivek Gautam size_t dak_len; 21*98d36e5bSVivek Gautam psa_status_t ret = PSA_SUCCESS; 22*98d36e5bSVivek Gautam 23*98d36e5bSVivek Gautam /* 24*98d36e5bSVivek Gautam * Current RMM implementations only support the public key size for 25*98d36e5bSVivek Gautam * ECC-P384, i.e. ATTEST_KEY_CURVE_ECC_SECP384R1 attestation key. 26*98d36e5bSVivek Gautam * 27*98d36e5bSVivek Gautam * This ECC key has following properties: 28*98d36e5bSVivek Gautam * ecc_curve: 0x12 (PSA_ECC_FAMILY_SECP_R1) 29*98d36e5bSVivek Gautam * key_bits: 384 30*98d36e5bSVivek Gautam * hash_alg: 0x02000009 (PSA_ALG_SHA_256) 31*98d36e5bSVivek Gautam */ 32*98d36e5bSVivek Gautam assert(type == ATTEST_KEY_CURVE_ECC_SECP384R1); 33*98d36e5bSVivek Gautam 34*98d36e5bSVivek Gautam ret = rse_delegated_attest_get_delegated_key(PSA_ECC_FAMILY_SECP_R1, 35*98d36e5bSVivek Gautam 384, (uint8_t *)buf, *len, 36*98d36e5bSVivek Gautam &dak_len, PSA_ALG_SHA_256); 37*98d36e5bSVivek Gautam if (ret != PSA_SUCCESS) { 38*98d36e5bSVivek Gautam return ret; 39*98d36e5bSVivek Gautam } 40*98d36e5bSVivek Gautam 41*98d36e5bSVivek Gautam if (dak_len != PSA_BITS_TO_BYTES(384)) { 42*98d36e5bSVivek Gautam return PSA_ERROR_INVALID_ARGUMENT; 43*98d36e5bSVivek Gautam } 44*98d36e5bSVivek Gautam 45*98d36e5bSVivek Gautam *len = dak_len; 46*98d36e5bSVivek Gautam 47*98d36e5bSVivek Gautam return ret; 48*98d36e5bSVivek Gautam } 49*98d36e5bSVivek Gautam 50*98d36e5bSVivek Gautam psa_status_t 51*98d36e5bSVivek Gautam cca_attestation_get_plat_token(uintptr_t buf, size_t *len, 52*98d36e5bSVivek Gautam uintptr_t hash, size_t hash_size) 53*98d36e5bSVivek Gautam { 54*98d36e5bSVivek Gautam size_t token_len = 0; 55*98d36e5bSVivek Gautam psa_status_t ret = PSA_SUCCESS; 56*98d36e5bSVivek Gautam 57*98d36e5bSVivek Gautam ret = rse_delegated_attest_get_token((const uint8_t *)hash, hash_size, 58*98d36e5bSVivek Gautam (uint8_t *)buf, *len, &token_len); 59*98d36e5bSVivek Gautam if (ret != PSA_SUCCESS) { 60*98d36e5bSVivek Gautam return ret; 61*98d36e5bSVivek Gautam } 62*98d36e5bSVivek Gautam 63*98d36e5bSVivek Gautam *len = token_len; 64*98d36e5bSVivek Gautam 65*98d36e5bSVivek Gautam return ret; 66*98d36e5bSVivek Gautam } 67