1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <interface/hwbcc/hwbcc.h>
20 #include <lk/compiler.h>
21 #include <stddef.h>
22 #include <stdint.h>
23 
24 __BEGIN_CDECLS
25 
26 /**
27  * hwbcc_get_protected_data() - Retrieves protected data.
28  * @test_mode:           Whether or not a to return test values.
29  * @cose_algorithm:      COSE encoding of which signing algorithm to use.
30  * @data:                Pointer to data.
31  * @data_size:           Size of @data.
32  * @aad:                 Pointer to AAD.
33  * @aad_size:            Size of @aad.
34  * @cose_sign1:          Buffer to push the formatted Sign1 msg into.
35  * @cose_sign1_buf_size: Size of the buffer.
36  * @cose_sign1_size:     Out parameter for actual size of the buffer used.
37  * @bcc:                 Pointer to a buffer to store the BCC in.
38  * @bcc_buf_size:        Size of the @bcc buffer.
39  * @bcc_size:            Actual size of the buffer used.
40  *
41  * Protected data returned to the client is comprised of two parts:
42  * 1. Boot certificate chain (BCC). Client may request test values.
43  * 2. COSE_Sign1 message containing the input data signed with either device
44  * private key or test key, which is also the leaf in the BCC.
45  *
46  * Return: 0 on success, or an error code < 0 on failure.
47  */
48 int hwbcc_get_protected_data(uint8_t test_mode,
49                              int32_t cose_algorithm,
50                              const uint8_t* data,
51                              uint32_t data_size,
52                              const uint8_t* aad,
53                              size_t aad_size,
54                              uint8_t* cose_sign1,
55                              size_t cose_sign1_buf_size,
56                              size_t* cose_sign1_size,
57                              uint8_t* bcc,
58                              size_t bcc_buf_size,
59                              size_t* bcc_size);
60 
61 /**
62  * hwbcc_get_dice_artifacts() - Retrieves DICE artifacts for a child node in the
63  * DICE chain/tree.
64  * @context:                    Device specific context information passed
65  *                              in by the client.
66  * @dice_artifacts:             Pointer to a buffer to store the CBOR encoded
67  *                              DICE artifacts.
68  * @dice_artifacts_buf_size:    Size of the buffer pointed by @dice_artifacts.
69  * @dice_artifacts_size:        Actual size of the buffer used.
70  *
71  * Return: 0 on success, or an error code < 0 on failure.
72  */
73 int hwbcc_get_dice_artifacts(uint64_t context,
74                              uint8_t* dice_artifacts,
75                              size_t dice_artifacts_buf_size,
76                              size_t* dice_artifacts_size);
77 
78 /**
79  * hwbcc_ns_deprivilege() - Deprivileges hwbcc from serving calls to non-secure
80  * clients.
81  *
82  * Return: 0 on success, or an error code < 0 on failure.
83  */
84 int hwbcc_ns_deprivilege(void);
85 
86 __END_CDECLS
87