1 /* 2 * Copyright (c) 2024, NVIDIA Corporation. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <errno.h> 8 #include <string.h> 9 10 #include <plat/common/platform.h> 11 #include <services/rmm_el3_token_sign.h> 12 13 static struct el3_token_sign_request el3_req = { 0 }; 14 static bool el3_req_valid; 15 16 /* 17 * According to https://www.secg.org/sec1-v2.pdf 2.3.3 18 * the size of the ECDSA P384 public key is 97 bytes, 19 * with the first byte being 0x04. 20 */ 21 static uint8_t sample_attest_pub_key[] = { 22 0x04, 0x76, 0xf9, 0x88, 0x09, 0x1b, 0xe5, 0x85, 0xed, 0x41, 23 0x80, 0x1a, 0xec, 0xfa, 0xb8, 0x58, 0x54, 0x8c, 0x63, 0x05, 24 0x7e, 0x16, 0xb0, 0xe6, 0x76, 0x12, 0x0b, 0xbd, 0x0d, 0x2f, 25 0x9c, 0x29, 0xe0, 0x56, 0xc5, 0xd4, 0x1a, 0x01, 0x30, 0xeb, 26 0x9c, 0x21, 0x51, 0x78, 0x99, 0xdc, 0x23, 0x14, 0x6b, 0x28, 27 0xe1, 0xb0, 0x62, 0xbd, 0x3e, 0xa4, 0xb3, 0x15, 0xfd, 0x21, 28 0x9f, 0x1c, 0xbb, 0x52, 0x8c, 0xb6, 0xe7, 0x4c, 0xa4, 0x9b, 29 0xe1, 0x67, 0x73, 0x73, 0x4f, 0x61, 0xa1, 0xca, 0x61, 0x03, 30 0x1b, 0x2b, 0xbf, 0x3d, 0x91, 0x8f, 0x2f, 0x94, 0xff, 0xc4, 31 0x22, 0x8e, 0x50, 0x91, 0x95, 0x44, 0xae 32 }; 33 34 /* 35 * FVP does not support HES, so provide 0's as keys. 36 */ 37 int plat_rmmd_el3_token_sign_get_rak_pub(uintptr_t buf, size_t *len, 38 unsigned int type) 39 { 40 (void)type; 41 if (*len < sizeof(sample_attest_pub_key)) { 42 return E_RMM_INVAL; 43 } 44 45 if (type != ATTEST_KEY_CURVE_ECC_SECP384R1) { 46 ERROR("Invalid ECC curve specified\n"); 47 return E_RMM_INVAL; 48 } 49 50 *len = sizeof(sample_attest_pub_key); 51 52 (void)memcpy((void *)buf, sample_attest_pub_key, 53 sizeof(sample_attest_pub_key)); 54 55 return 0; 56 } 57 58 int plat_rmmd_el3_token_sign_push_req(const struct el3_token_sign_request *req) 59 { 60 /* 61 * TODO: Today this function is called with a lock held on the 62 * RMM<->EL3 shared buffer. In the future, we may move to a 63 * different design that may require handling multi-threaded 64 * calls to this function, for example, if we have a per CPU 65 * buffer between RMM and EL3. 66 */ 67 if (el3_req_valid) { 68 return E_RMM_AGAIN; 69 } 70 71 el3_req = *req; 72 73 if ((el3_req.hash_alg_id != EL3_TOKEN_SIGN_HASH_ALG_SHA384) || 74 (el3_req.sig_alg_id != ATTEST_KEY_CURVE_ECC_SECP384R1)) { 75 return E_RMM_INVAL; 76 } 77 78 el3_req_valid = true; 79 80 return 0; 81 } 82 83 int plat_rmmd_el3_token_sign_pull_resp(struct el3_token_sign_response *resp) 84 { 85 if (!el3_req_valid) { 86 return E_RMM_AGAIN; 87 } 88 89 resp->rec_granule = el3_req.rec_granule; 90 resp->req_ticket = el3_req.req_ticket; 91 resp->sig_len = (uint16_t)sizeof(resp->signature_buf); 92 /* TODO: Provide real signature */ 93 memset(resp->signature_buf, 0, sizeof(resp->signature_buf)); 94 95 el3_req_valid = false; 96 97 return 0; 98 } 99