1 /*
2  * SPDX-License-Identifier: BSD-3-Clause
3  * SPDX-FileCopyrightText: Copyright TF-RMM Contributors.
4  */
5 
6 #ifndef ATTESTATION_PRIV_H
7 #define ATTESTATION_PRIV_H
8 
9 /*
10  * A structure holding the context for generating a pseudo-random number derived
11  * from a real random seed.
12  */
13 struct attest_rng_context {
14 	int (*f_rng)(void *p_rng, unsigned char *output, size_t out_len);
15 	void *p_rng;
16 };
17 
18 /*
19  * Copy the rng_ctx for the current CPU to rng_ctx
20  *
21  * Arguments:
22  * rng_ctx - Pointer to the target context structure
23  */
24 void attest_get_cpu_rng_context(struct attest_rng_context *rng_ctx);
25 
26 /*
27  * Get a pointer to the keypair for signing realm attestation token.
28  *
29  * Arguments:
30  * keypair - Pointer to the keypair for signing token.
31 
32  * Returns 0 on success, negative error code on error.
33  */
34 int attest_get_realm_signing_key(const void **keypair);
35 
36 /*
37  * Query the attestation private key from monitor and generate the public
38  * key by using MbedCryto lib. The key is cached internally for future
39  * use. The function returns early if the key has been initialized.
40  *
41  * FPU context must be saved and FPU access should be enabled by caller.
42  *
43  * Returns 0 on success, negative error code on error.
44  */
45 int attest_init_realm_attestation_key(void);
46 
47 /*
48  * Get the hash of the realm attestation public key. The public key hash is the
49  * challenge value in the platform attestation token.
50  *
51  * Arguments:
52  * public_key_hash - Get the buffer address and size which holds
53  *                   the hash of the realm attestation public key.
54  *
55  * Returns 0 on success, negative error code on error.
56  *
57  */
58 int attest_get_realm_public_key_hash(struct q_useful_buf_c *public_key_hash);
59 
60 /*
61  * Get the realm attestation public key hash. The public key hash is the
62  * challenge value in the platform attestation token.
63  *
64  * Arguments:
65  * public_key - Get the buffer address and size which holds the realm
66  *              attestation public key.
67  *
68  * Returns 0 on success, negative error code on error.
69  */
70 int attest_get_realm_public_key(struct q_useful_buf_c *public_key);
71 
72 /*
73  * Get the platform token from monitor. This function needs to be called
74  * after the Realm attestation key has been initialized.
75  *
76  * Returns 0 on success, negative error code on error.
77  */
78 int attest_setup_platform_token(void);
79 
80 /*
81  * Get the hash algorithm to use for computing the hash of the realm public key.
82  */
83 enum hash_algo attest_get_realm_public_key_hash_algo_id(void);
84 
85 /*
86  * Initialise PRNGs for all the CPUs
87  *
88  * FPU context must be saved and FPU access should be enabled by caller.
89  *
90  * Returns 0 on success, negative error code otherwise.
91  *
92  * This function creates a separate PRNG object for all the CPUs. The PRNGs are
93  * used by Mbed TLS when it needs random data. The PRNGs are seeded with values
94  * generated by a temporary PRNG, which is in turn is seeded with a real random
95  * value.
96  */
97 int attest_rnd_prng_init(void);
98 
99 #endif /* ATTESTATION_PRIV_H */
100