aboutsummaryrefslogtreecommitdiff
path: root/secure_fw/services/initial_attestation/attestation_key.c
diff options
context:
space:
mode:
Diffstat (limited to 'secure_fw/services/initial_attestation/attestation_key.c')
-rw-r--r--secure_fw/services/initial_attestation/attestation_key.c20
1 files changed, 16 insertions, 4 deletions
diff --git a/secure_fw/services/initial_attestation/attestation_key.c b/secure_fw/services/initial_attestation/attestation_key.c
index 25f9761ff0..2dcab020cf 100644
--- a/secure_fw/services/initial_attestation/attestation_key.c
+++ b/secure_fw/services/initial_attestation/attestation_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -12,6 +12,18 @@
#include "platform/include/tfm_plat_defs.h"
#include "platform/include/tfm_plat_crypto_keys.h"
+#define ECC_P256_PUBLIC_KEY_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
+
+/**
+ * The size of X and Y coordinate in 2 parameter style EC public
+ * key. Format is as defined in [COSE (RFC 8152)]
+ * (https://tools.ietf.org/html/rfc8152) and [SEC 1: Elliptic Curve
+ * Cryptography](http://www.secg.org/sec1-v2.pdf).
+ *
+ * This size is well-known and documented in public standards.
+ */
+#define ECC_P256_COORD_SIZE PSA_BITS_TO_BYTES(256) /* 256 bits -> 32 bytes */
+
/* 0 is defined as an invalid handle in the PSA spec, so it is used here to
* indicate that the key isn't loaded.
*/
@@ -27,7 +39,7 @@ static psa_key_handle_t attestation_key_handle = ATTEST_KEY_HANDLE_NOT_LOADED;
* The public key is kept loaded as it is both not required to be secret (and
* hence can be kept in attestation memory) and immutable.
*/
-static uint8_t attestation_public_key[ECC_P_256_KEY_SIZE];
+static uint8_t attestation_public_key[ECC_P256_PUBLIC_KEY_SIZE]; /* 65bytes */
static size_t attestation_public_key_len = 0;
static psa_ecc_curve_t attestation_key_curve;
@@ -37,7 +49,7 @@ attest_register_initial_attestation_key()
enum tfm_plat_err_t plat_res;
psa_ecc_curve_t psa_curve;
struct ecc_key_t attest_key = {0};
- uint8_t key_buf[ECC_P_256_KEY_SIZE];
+ uint8_t key_buf[3 * ECC_P256_COORD_SIZE]; /* priv + x_coord + y_coord */
psa_key_type_t attest_key_type;
psa_key_handle_t key_handle;
psa_status_t crypto_res;
@@ -89,7 +101,7 @@ attest_register_initial_attestation_key()
/* If the public key length is 0 then it hasn't been loaded */
if (attestation_public_key_len == 0) {
crypto_res = psa_export_public_key(key_handle, attestation_public_key,
- ECC_P_256_KEY_SIZE,
+ ECC_P256_PUBLIC_KEY_SIZE,
&attestation_public_key_len);
if (crypto_res != PSA_SUCCESS) {
return PSA_ATTEST_ERR_GENERAL;