1 /*
2 * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8
9 #include <psa/crypto_sizes.h>
10 #include <psa/crypto_types.h>
11 #include <psa/crypto_values.h>
12
13 #include <cca_attestation.h>
14 #include <delegated_attestation.h>
15 #include <services/rmmd_svc.h>
16
17 psa_status_t
cca_attestation_get_realm_key(uintptr_t buf,size_t * len,unsigned int type)18 cca_attestation_get_realm_key(uintptr_t buf, size_t *len, unsigned int type)
19 {
20 size_t dak_len;
21 psa_status_t ret = PSA_SUCCESS;
22
23 /*
24 * Current RMM implementations only support the public key size for
25 * ECC-P384, i.e. ATTEST_KEY_CURVE_ECC_SECP384R1 attestation key.
26 *
27 * This ECC key has following properties:
28 * ecc_curve: 0x12 (PSA_ECC_FAMILY_SECP_R1)
29 * key_bits: 384
30 * hash_alg: 0x02000009 (PSA_ALG_SHA_256)
31 */
32 assert(type == ATTEST_KEY_CURVE_ECC_SECP384R1);
33
34 ret = rse_delegated_attest_get_delegated_key(PSA_ECC_FAMILY_SECP_R1,
35 384, (uint8_t *)buf, *len,
36 &dak_len, PSA_ALG_SHA_256);
37 if (ret != PSA_SUCCESS) {
38 return ret;
39 }
40
41 if (dak_len != PSA_BITS_TO_BYTES(384)) {
42 return PSA_ERROR_INVALID_ARGUMENT;
43 }
44
45 *len = dak_len;
46
47 return ret;
48 }
49
50 psa_status_t
cca_attestation_get_plat_token(uintptr_t buf,size_t * len,uintptr_t hash,size_t hash_size)51 cca_attestation_get_plat_token(uintptr_t buf, size_t *len,
52 uintptr_t hash, size_t hash_size)
53 {
54 size_t token_len = 0;
55 psa_status_t ret = PSA_SUCCESS;
56
57 ret = rse_delegated_attest_get_token((const uint8_t *)hash, hash_size,
58 (uint8_t *)buf, *len, &token_len);
59 if (ret != PSA_SUCCESS) {
60 return ret;
61 }
62
63 *len = token_len;
64
65 return ret;
66 }
67