aboutsummaryrefslogtreecommitdiff
path: root/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
blob: b134224334f2762edc1dc0ee36abe734cc6ed3a6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/*
 * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 *
 */

#include "psa/initial_attestation.h"
#include "tfm_veneers.h"
#include "tfm_memory_utils.h"
#include "tfm_client.h"
#include "tfm_secure_api.h"
#ifdef TFM_PSA_API
#include "psa_manifest/sid.h"
#endif
#include <string.h>

#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))

__attribute__((section("SFN")))
enum psa_attest_err_t
psa_initial_attest_get_token(const uint8_t *challenge_obj,
                             uint32_t       challenge_size,
                             uint8_t       *token,
                             uint32_t      *token_size)
{
    psa_status_t status;
    psa_invec in_vec[] = {
        {challenge_obj, challenge_size}
    };
    psa_outvec out_vec[] = {
        {token, *token_size}
    };

#ifdef TFM_PSA_API
    psa_handle_t handle = PSA_NULL_HANDLE;
    handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
                         TFM_ATTEST_GET_TOKEN_VERSION);
    if (handle <= 0) {
        return PSA_ATTEST_ERR_GENERAL;
    }

    status = psa_call(handle, PSA_IPC_CALL,
                      in_vec, IOVEC_LEN(in_vec),
                      out_vec, IOVEC_LEN(out_vec));
    psa_close(handle);

    if (status < PSA_SUCCESS) {
        return PSA_ATTEST_ERR_GENERAL;
    }
#else
    status = tfm_initial_attest_get_token_veneer(in_vec, IOVEC_LEN(in_vec),
                                                 out_vec, IOVEC_LEN(out_vec));
#endif

    if (status == PSA_SUCCESS) {
        *token_size = out_vec[0].len;
    }

    return (enum psa_attest_err_t)status;
}

__attribute__((section("SFN")))
enum psa_attest_err_t
psa_initial_attest_get_token_size(uint32_t challenge_size,
                                  uint32_t *token_size)
{
    psa_status_t status;
    psa_invec in_vec[] = {
        {&challenge_size, sizeof(challenge_size) }
    };
    psa_outvec out_vec[] = {
        {token_size, sizeof(uint32_t)}
    };

#ifdef TFM_PSA_API
    psa_handle_t handle = PSA_NULL_HANDLE;
    handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
                         TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
    if (handle <= 0) {
        return PSA_ATTEST_ERR_GENERAL;
    }

    status = psa_call(handle, PSA_IPC_CALL,
                      in_vec, IOVEC_LEN(in_vec),
                      out_vec, IOVEC_LEN(out_vec));
    psa_close(handle);

    if (status < PSA_SUCCESS) {
        return PSA_ATTEST_ERR_GENERAL;
    }
#else

    status = tfm_initial_attest_get_token_size_veneer(in_vec, IOVEC_LEN(in_vec),
                                                   out_vec, IOVEC_LEN(out_vec));
#endif

    return (enum psa_attest_err_t)status;
}

__attribute__((section("SFN")))
enum psa_attest_err_t
tfm_initial_attest_get_public_key(uint8_t         *public_key,
                                  size_t           public_key_buf_size,
                                  size_t          *public_key_len,
                                  psa_ecc_curve_t *elliptic_curve_type)
{
    psa_status_t status;

    psa_outvec out_vec[] = {
        {.base = public_key,          .len = public_key_buf_size},
        {.base = elliptic_curve_type, .len = sizeof(*elliptic_curve_type)},
        {.base = public_key_len,      .len = sizeof(*public_key_len)}
    };

#ifdef TFM_PSA_API
    psa_handle_t handle = PSA_NULL_HANDLE;

    handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID,
                         TFM_ATTEST_GET_PUBLIC_KEY_VERSION);
    if (!PSA_HANDLE_IS_VALID(handle)) {
        return PSA_ATTEST_ERR_GENERAL;
    }

    status = psa_call(handle, PSA_IPC_CALL,
                      NULL, 0,
                      out_vec, IOVEC_LEN(out_vec));
    psa_close(handle);
#else
    status = tfm_initial_attest_get_public_key_veneer(NULL, 0,
                                                out_vec, IOVEC_LEN(out_vec));
#endif

    return (enum psa_attest_err_t)status;
}