Blame - partitions/dice_protection_environment/dpe_crypto_interface.c - TF-M/tf-m-extras

blob: 8f836667a7639a4d0db4f747bab86b8cafb77c12 [file] [log] [blame]

Maulik Patel	58595d3	2023-06-22 10:08:53 +0100	[diff] [blame^]	1	/*
				2	* Copyright (c) 2023, Arm Limited. All rights reserved.
				3	*
				4	* SPDX-License-Identifier: BSD-3-Clause
				5	*
				6	*/
				7
				8	#include "dpe_crypto_interface.h"
				9	#include <stdbool.h>
				10	#include <string.h>
				11	#include "dpe_context_mngr.h"
				12	#include "dpe_crypto_config.h"
				13	#include "psa/crypto.h"
				14	#include "tfm_crypto_defs.h"
				15
				16	static const char attest_cdi_label[] = DPE_ATTEST_CDI_LABEL;
				17	static const char attest_key_pair_label[] = DPE_ATTEST_KEY_PAIR_LABEL;
				18	static const uint8_t attest_key_salt[] = DPE_ATTEST_KEY_SALT;
				19
				20	static psa_status_t perform_derivation(psa_key_id_t base_key,
				21	const psa_key_attributes_t *key_attr,
				22	const uint8_t *key_label,
				23	size_t key_label_len,
				24	const uint8_t *salt,
				25	size_t salt_len,
				26	psa_key_id_t *out_key_id)
				27	{
				28	psa_status_t status;
				29	psa_key_derivation_operation_t op = PSA_KEY_DERIVATION_OPERATION_INIT;
				30
				31	assert((key_label_len != 0) && (key_label != NULL) &&
				32	(base_key != 0) && (key_attr != NULL) &&
				33	(salt_len != 0) && (salt != NULL));
				34
				35	status = psa_key_derivation_setup(&op, PSA_ALG_HKDF(PSA_ALG_SHA_256));
				36	if (status != PSA_SUCCESS) {
				37	return status;
				38	}
				39
				40	status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_SALT,
				41	salt, salt_len);
				42	if (status != PSA_SUCCESS) {
				43	goto err_abort;
				44	}
				45
				46	status = psa_key_derivation_input_key(&op, PSA_KEY_DERIVATION_INPUT_SECRET,
				47	base_key);
				48	if (status != PSA_SUCCESS) {
				49	goto err_abort;
				50	}
				51
				52	/* Supply the key label as an input to the key derivation */
				53	status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_INFO,
				54	key_label, key_label_len);
				55	if (status != PSA_SUCCESS) {
				56	goto err_abort;
				57	}
				58
				59	status = psa_key_derivation_output_key(key_attr, &op, out_key_id);
				60	if (status != PSA_SUCCESS) {
				61	goto err_abort;
				62	}
				63
				64	/* Free resources associated with the key derivation operation */
				65	status = psa_key_derivation_abort(&op);
				66	if (status == PSA_SUCCESS) {
				67	goto done;
				68	}
				69
				70	(void)psa_destroy_key(*out_key_id);
				71
				72	err_abort:
				73	(void)psa_key_derivation_abort(&op);
				74
				75	done:
				76	return status;
				77	}
				78
				79	psa_status_t derive_attestation_cdi(struct layer_context_t *layer_ctx,
				80	const struct layer_context_t *parent_layer_ctx)
				81	{
				82	psa_key_attributes_t derive_key_attr = PSA_KEY_ATTRIBUTES_INIT;
				83
				84	/* Set key attributes for CDI key */
				85	psa_set_key_type(&derive_key_attr, DPE_CDI_KEY_TYPE);
				86	psa_set_key_algorithm(&derive_key_attr, DPE_CDI_KEY_ALG);
				87	psa_set_key_bits(&derive_key_attr, DPE_CDI_KEY_BITS);
				88	psa_set_key_usage_flags(&derive_key_attr, DPE_CDI_KEY_USAGE);
				89
				90	/* Perform CDI derivation */
				91	/* Parent layer CDI is the base key (input secret to key derivation) */
				92	return perform_derivation(parent_layer_ctx->data.cdi_key_id,
				93	&derive_key_attr,
				94	(uint8_t *) &attest_cdi_label[0],
				95	sizeof(attest_cdi_label),
				96	layer_ctx->attest_cdi_hash_input,
				97	sizeof(layer_ctx->attest_cdi_hash_input),
				98	&layer_ctx->data.cdi_key_id);
				99	}
				100
				101	psa_status_t derive_attestation_key(struct layer_context_t *layer_ctx)
				102	{
				103	psa_key_attributes_t attest_key_attr = PSA_KEY_ATTRIBUTES_INIT;
				104
				105	/* Set key attributes for Attest key pair derivation */
				106	psa_set_key_type(&attest_key_attr, DPE_ATTEST_KEY_TYPE);
				107	psa_set_key_algorithm(&attest_key_attr, DPE_ATTEST_KEY_ALG);
				108	psa_set_key_bits(&attest_key_attr, DPE_ATTEST_KEY_BITS);
				109	psa_set_key_usage_flags(&attest_key_attr, DPE_ATTEST_KEY_USAGE);
				110
				111	/* Perform key pair derivation */
				112	return perform_derivation(layer_ctx->data.cdi_key_id,
				113	&attest_key_attr,
				114	(uint8_t *)&attest_key_pair_label[0],
				115	sizeof(attest_key_pair_label),
				116	attest_key_salt,
				117	sizeof(attest_key_salt),
				118	&layer_ctx->data.attest_key_id);
				119	}
				120
				121	psa_status_t create_layer_cdi_key(struct layer_context_t *layer_ctx,
				122	const uint8_t *cdi_input,
				123	size_t cdi_input_size)
				124	{
				125	psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
				126
				127	/* Set key attributes for CDI key */
				128	psa_set_key_type(&base_attributes, DPE_CDI_KEY_TYPE);
				129	psa_set_key_algorithm(&base_attributes, DPE_CDI_KEY_ALG);
				130	psa_set_key_bits(&base_attributes, DPE_CDI_KEY_BITS);
				131	psa_set_key_usage_flags(&base_attributes, DPE_CDI_KEY_USAGE);
				132
				133	return psa_import_key(&base_attributes,
				134	cdi_input,
				135	cdi_input_size,
				136	&layer_ctx->data.cdi_key_id);
				137	}
				138
				139	psa_status_t derive_sealing_cdi(struct layer_context_t *layer_ctx)
				140	{
				141	//TODO:
				142	(void)layer_ctx;
				143	return PSA_SUCCESS;
				144	}
				145
				146	psa_status_t derive_wrapping_key(struct layer_context_t *layer_ctx)
				147	{
				148	//TODO:
				149	(void)layer_ctx;
				150	return PSA_SUCCESS;
				151	}
				152
				153	psa_status_t create_layer_certificate(struct layer_context_t *layer_ctx)
				154	{
				155	//TODO:
				156	(void)layer_ctx;
				157	return PSA_SUCCESS;
				158	}
				159
				160	psa_status_t store_layer_certificate(struct layer_context_t *layer_ctx)
				161	{
				162	//TODO:
				163	(void)layer_ctx;
				164	return PSA_SUCCESS;
				165	}