1 /* 2 * Copyright (c) 2024, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef DICE_PROTECTION_ENVIRONMENT_H 9 #define DICE_PROTECTION_ENVIRONMENT_H 10 11 #include <stdbool.h> 12 #include <stddef.h> 13 #include <stdint.h> 14 15 #include <dice.h> 16 17 /* Additional defines for max size limit. These limits are set by DPE in RSE. */ 18 #define DICE_AUTHORITY_DESCRIPTOR_MAX_SIZE 64 19 #define DICE_CONFIG_DESCRIPTOR_MAX_SIZE 64 20 #define DICE_CODE_DESCRIPTOR_MAX_SIZE 32 21 22 typedef int32_t dpe_error_t; 23 24 #define DPE_NO_ERROR ((dpe_error_t)0) 25 #define DPE_INTERNAL_ERROR ((dpe_error_t)1) 26 #define DPE_INVALID_COMMAND ((dpe_error_t)2) 27 #define DPE_INVALID_ARGUMENT ((dpe_error_t)3) 28 #define DPE_ARGUMENT_NOT_SUPPORTED ((dpe_error_t)4) 29 #define DPE_SESSION_EXHAUSTED ((dpe_error_t)5) 30 31 /* Custom values in RSE based DPE implementation */ 32 #define DPE_INSUFFICIENT_MEMORY ((dpe_error_t)128) 33 #define DPE_ERR_CBOR_FORMATTING ((dpe_error_t)129) 34 35 /** 36 * Client facing API. Parameters are according to the DPE spec version r0.9 37 * 38 * \brief Performs the DICE computation to derive a new context and optionally 39 * creates an intermediate certificate. Software component measurement 40 * must be provided in dice_inputs. 41 * 42 * \param[in] context_handle Input context handle for the DPE 43 * context. 44 * \param[in] cert_id Logical certificate id to which derived 45 * context belongs to. 46 * \param[in] retain_parent_context Flag to indicate whether to retain the 47 * parent context. True only if a client 48 * will call further DPE commands on the 49 * same context. 50 * \param[in] allow_new_context_to_derive Flag to indicate whether derived context 51 * can derive further. True only if the 52 * new context will load further components. 53 * \param[in] create_certificate Flag to indicate whether to create an 54 * intermediate certificate. True only if 55 * it is the last component in the layer. 56 * \param[in] dice_inputs DICE input values. 57 * \param[in] target_locality Identifies the locality to which the 58 * derived context will be bound. Could be 59 * MHU id. 60 * \param[in] return_certificate Indicates whether to return the generated 61 * certificate when create_certificate is true. 62 * \param[in] allow_new_context_to_export Indicates whether the DPE permits export of 63 * the CDI from the newly derived context. 64 * \param[in] export_cdi Indicates whether to export derived CDI. 65 * \param[out] new_context_handle New handle for the derived context. 66 * \param[out] new_parent_context_handle New handle for the parent context. 67 * \param[out] new_certificate_buf If create_certificate and return_certificate 68 * are both true, this argument holds the new 69 * certificate generated for the new context 70 * \param[in] new_certificate_buf_size Size of the allocated buffer for 71 * new certificate. 72 * \param[out] new_certificate_actual_size Actual size of the new certificate. 73 * \param[out] exported_cdi_buf If export_cdi is true, this is the 74 * exported CDI value. 75 * \param[in] exported_cdi_buf_size Size of the allocated buffer for 76 * exported cdi. 77 * \param[out] exported_cdi_actual_size Actual size of the exported cdi. 78 * 79 * \return Returns error code of type dpe_error_t 80 */ 81 dpe_error_t dpe_derive_context(int context_handle, 82 uint32_t cert_id, 83 bool retain_parent_context, 84 bool allow_new_context_to_derive, 85 bool create_certificate, 86 const DiceInputValues *dice_inputs, 87 int32_t target_locality, 88 bool return_certificate, 89 bool allow_new_context_to_export, 90 bool export_cdi, 91 int *new_context_handle, 92 int *new_parent_context_handle, 93 uint8_t *new_certificate_buf, 94 size_t new_certificate_buf_size, 95 size_t *new_certificate_actual_size, 96 uint8_t *exported_cdi_buf, 97 size_t exported_cdi_buf_size, 98 size_t *exported_cdi_actual_size); 99 100 #endif /* DICE_PROTECTION_ENVIRONMENT_H */ 101