1 /*
2  * SPDX-License-Identifier: BSD-3-Clause
3  * SPDX-FileCopyrightText: Copyright TF-RMM Contributors.
4  */
5 
6 #ifndef ATTEST_APP_H
7 #define ATTEST_APP_H
8 
9 #include <app.h>
10 #include <attest_defs.h>
11 #include <sizes.h>
12 #include <smc-rmi.h>
13 #include <stddef.h>
14 
15 
16 void attest_do_hash(unsigned int algorithm,
17 		    void *data,
18 		    size_t size,
19 		    unsigned char *out);
20 void attest_do_extend(struct app_data_cfg *app_data,
21 		      enum hash_algo algorithm,
22 		      void *current_measurement,
23 		      void *extend_measurement,
24 		      size_t extend_measurement_size,
25 		      unsigned char *out,
26 		      size_t out_size);
27 
28 /* Do the global initialisation for the attestation app
29  * This function gets the RAK from EL3, and stores it in the app keystore.
30  */
31 int attest_app_global_init(void);
32 
33 /* Init an app instance for this CPU */
34 void attest_app_init_per_cpu_instance(void);
35 
36 /* Iniialise a new app instance in the app_data object */
37 int attest_app_init(struct app_data_cfg *app_data,
38 	uintptr_t granule_pas[],
39 	size_t granule_pa_count,
40 	void *granule_va_start);
41 enum attest_token_err_t attest_realm_token_sign(
42 			struct app_data_cfg *app_data,
43 			size_t *realm_token_len);
44 enum attest_token_err_t attest_cca_token_create(
45 				struct app_data_cfg *app_data,
46 				size_t *attest_token_len);
47 enum attest_token_err_t attest_token_sign_ctx_init(
48 				struct app_data_cfg *app_data,
49 				uintptr_t cookie);
50 enum attest_token_err_t  attest_realm_token_create(struct app_data_cfg *app_data,
51 			     enum hash_algo algorithm,
52 			     unsigned char measurements[][MAX_MEASUREMENT_SIZE],
53 			     const void *rpv_buf,
54 			     const void *challenge_buf);
55 
56 /* This API is private for this rmm-stub. */
57 int attest_app_el3_token_write_response_to_ctx(struct app_data_cfg *app_data,
58 					       uint64_t req_ticket,
59 					       size_t signature_buf_len,
60 					       uint8_t signature_buf[]);
61 
62 /*
63  * Write the response from EL3 to the context. The response is written only if the context
64  * is valid and the response is for the right request. If the function returns an error
65  * the caller must treat it as a fatal error. The cookie is checked against the per cpu
66  * response buffer to ensure that the response is for the right request.
67  * The caller must ensure that the REC granule lock is held so that it cannot be deleted
68  * while the response is being written.
69  */
70 int attest_el3_token_write_response_to_ctx(struct app_data_cfg *app_data, uintptr_t cookie);
71 
72 /*
73  * Pull the response from EL3 into the per cpu response buffer. The function
74  * returns the cookie associated with the response. The response could correspond
75  * to current REC or another REC which had requested the EL3 service.
76  *
77  * Arguments:
78  * cookie		- Pointer to storage of cookie to return the value from
79  *			  response.
80  *
81  * Return code:
82  *	0		- Success
83  *	-EAGAIN		- Response not ready. Call this API again.
84  *	-ENOTSUP	- Other error including EL3_TOKEN_SIGN not supported in
85  *			  EL3 firmware.
86  */
87 int attest_el3_token_sign_pull_response_from_el3(uintptr_t *cookie);
88 
89 #endif /* ATTEST_APP_H */
90