xref: /arm-trusted-firmware/include/lib/psa/delegated_attestation.h (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700Schasinglulu /*
2*91f16700Schasinglulu  * Copyright (c) 2022, Arm Limited. All rights reserved.
3*91f16700Schasinglulu  *
4*91f16700Schasinglulu  * SPDX-License-Identifier: BSD-3-Clause
5*91f16700Schasinglulu  *
6*91f16700Schasinglulu  */
7*91f16700Schasinglulu 
8*91f16700Schasinglulu /* This file describes the Delegated Attestation API */
9*91f16700Schasinglulu 
10*91f16700Schasinglulu #ifndef DELEGATED_ATTESTATION_H
11*91f16700Schasinglulu #define DELEGATED_ATTESTATION_H
12*91f16700Schasinglulu 
13*91f16700Schasinglulu #include <stddef.h>
14*91f16700Schasinglulu #include <stdint.h>
15*91f16700Schasinglulu 
16*91f16700Schasinglulu #include "psa/error.h"
17*91f16700Schasinglulu 
18*91f16700Schasinglulu /* RSS Delegated Attestation message types that distinguish its services. */
19*91f16700Schasinglulu #define RSS_DELEGATED_ATTEST_GET_DELEGATED_KEY      1001U
20*91f16700Schasinglulu #define RSS_DELEGATED_ATTEST_GET_PLATFORM_TOKEN     1002U
21*91f16700Schasinglulu 
22*91f16700Schasinglulu /**
23*91f16700Schasinglulu  * The aim of these APIs to get a derived signing key (private only) for the
24*91f16700Schasinglulu  * delegated attestation model and obtain the corresponding platform attestation
25*91f16700Schasinglulu  * token. In the delegated attestation model the final token consist of more
26*91f16700Schasinglulu  * than one subtokens which are signed by different entities. There is a
27*91f16700Schasinglulu  * cryptographical binding between the tokens. The derived delegated attestation
28*91f16700Schasinglulu  * key is bind to the platform token (details below).
29*91f16700Schasinglulu  *
30*91f16700Schasinglulu  * Expected usage model:
31*91f16700Schasinglulu  *  - First rss_delegated_attest_get_delegated_key() API need to be called to
32*91f16700Schasinglulu  *    obtain the private part of the delegated attestation key. The public part
33*91f16700Schasinglulu  *    of key is computed by the cryptographic library when the key is
34*91f16700Schasinglulu  *    registered.
35*91f16700Schasinglulu  *  - Secondly the rss_delegated_attest_get_token() must be called to obtain
36*91f16700Schasinglulu  *    platform attestation token. The hash of the public key (computed by
37*91f16700Schasinglulu  *    the hash_algo indicated in the rss_delegated_attest_get_delegated_key()
38*91f16700Schasinglulu  *    call) must be the input of this call. This ensures that nothing but the
39*91f16700Schasinglulu  *    previously derived delegated key is bindable to the platform token.
40*91f16700Schasinglulu  */
41*91f16700Schasinglulu 
42*91f16700Schasinglulu /**
43*91f16700Schasinglulu  * Get a delegated attestation key (DAK).
44*91f16700Schasinglulu  *
45*91f16700Schasinglulu  * The aim of the delegated attestation key is to enable other SW components
46*91f16700Schasinglulu  * within the system to sign an attestation token which is different than the
47*91f16700Schasinglulu  * initial/platform token. The initial attestation token MUST contain the hash
48*91f16700Schasinglulu  * of the public delegated key to make a cryptographical binding (hash lock)
49*91f16700Schasinglulu  * between the key and the token.
50*91f16700Schasinglulu  * The initial attestation token has two roles in this scenario:
51*91f16700Schasinglulu  *   - Attest the device boot status and security lifecycle.
52*91f16700Schasinglulu  *   - Attest the delegated attestation key.
53*91f16700Schasinglulu  * The delegated attestation key is derived from a preprovisioned seed. The
54*91f16700Schasinglulu  * input for the key derivation is the platform boot status. The system can be
55*91f16700Schasinglulu  * attestated with the two tokens together.
56*91f16700Schasinglulu  *
57*91f16700Schasinglulu  * ecc_curve     The type of the elliptic curve to which the requested
58*91f16700Schasinglulu  *               attestation key belongs. Please check the note section for
59*91f16700Schasinglulu  *               limitations.
60*91f16700Schasinglulu  * key_bits      The size of the requested attestation key, in bits.
61*91f16700Schasinglulu  * key_buf       Pointer to the buffer where the delegated attestation key will
62*91f16700Schasinglulu  *               be stored.
63*91f16700Schasinglulu  * key_buf_size  Size of allocated buffer for the key, in bytes.
64*91f16700Schasinglulu  * key_size      Size of the key that has been returned, in bytes.
65*91f16700Schasinglulu  * hash_algo     The hash algorithm that will be used later by the owner of the
66*91f16700Schasinglulu  *               requested delegated key for binding it to the platform
67*91f16700Schasinglulu  *               attestation token.
68*91f16700Schasinglulu  *
69*91f16700Schasinglulu  * Returns error code as specified in psa_status_t.
70*91f16700Schasinglulu  *
71*91f16700Schasinglulu  * Notes:
72*91f16700Schasinglulu  *   - Currently, only the PSA_ECC_FAMILY_SECP_R1 curve type is supported.
73*91f16700Schasinglulu  *   - The delegated attestation key must be derived before requesting for the
74*91f16700Schasinglulu  *     platform attestation token as they are cryptographically linked together.
75*91f16700Schasinglulu  */
76*91f16700Schasinglulu psa_status_t
77*91f16700Schasinglulu rss_delegated_attest_get_delegated_key(uint8_t   ecc_curve,
78*91f16700Schasinglulu 				       uint32_t  key_bits,
79*91f16700Schasinglulu 				       uint8_t  *key_buf,
80*91f16700Schasinglulu 				       size_t    key_buf_size,
81*91f16700Schasinglulu 				       size_t   *key_size,
82*91f16700Schasinglulu 				       uint32_t  hash_algo);
83*91f16700Schasinglulu 
84*91f16700Schasinglulu /**
85*91f16700Schasinglulu  * Get platform attestation token
86*91f16700Schasinglulu  *
87*91f16700Schasinglulu  * dak_pub_hash       Pointer to buffer where the hash of the public DAK is
88*91f16700Schasinglulu  *                    stored.
89*91f16700Schasinglulu  * dak_pub_hash_size  Size of the hash value, in bytes.
90*91f16700Schasinglulu  * token_buf          Pointer to the buffer where the platform attestation token
91*91f16700Schasinglulu  *                    will be stored.
92*91f16700Schasinglulu  * token_buf_size     Size of allocated buffer for token, in bytes.
93*91f16700Schasinglulu  * token_size         Size of the token that has been returned, in bytes.
94*91f16700Schasinglulu  *
95*91f16700Schasinglulu  * Returns error code as specified in psa_status_t.
96*91f16700Schasinglulu  *
97*91f16700Schasinglulu  * A delegated attestation key must be derived before requesting for the
98*91f16700Schasinglulu  * platform attestation token as they are cryptographically linked together.
99*91f16700Schasinglulu  * Otherwise, the token request will fail and the PSA_ERROR_INVALID_ARGUMENT
100*91f16700Schasinglulu  * code will be returned.
101*91f16700Schasinglulu  */
102*91f16700Schasinglulu psa_status_t
103*91f16700Schasinglulu rss_delegated_attest_get_token(const uint8_t *dak_pub_hash,
104*91f16700Schasinglulu 			       size_t         dak_pub_hash_size,
105*91f16700Schasinglulu 			       uint8_t       *token_buf,
106*91f16700Schasinglulu 			       size_t         token_buf_size,
107*91f16700Schasinglulu 			       size_t        *token_size);
108*91f16700Schasinglulu 
109*91f16700Schasinglulu #endif /* DELEGATED_ATTESTATION_H */
110