aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2020-03-26 15:02:37 +0800
committerDavid Hu <david.hu@arm.com>2020-06-22 02:33:00 +0000
commit47420d923202a6a91109a472f94d08fe58f17388 (patch)
tree3d3a466ab5558c8ae585c537139148e780634825
parent0414fa1f0cacabd3331a44237c8dbda9baaf4a83 (diff)
downloadtrusted-firmware-m-47420d923202a6a91109a472f94d08fe58f17388.tar.gz
Attest: Enable Short Circuit option in symmetric Initial Attestation
Set up t_cose Short Circuit tagging flag if the associated flag is set in Initial Attestation service. Change-Id: I257fbad06f5feb396c43ffd7f838c33127116cd3 Signed-off-by: David Hu <david.hu@arm.com>
-rw-r--r--secure_fw/partitions/initial_attestation/attest_token.c4
-rw-r--r--test/suites/attestation/attest_symmetric_iat_decode.c4
2 files changed, 8 insertions, 0 deletions
diff --git a/secure_fw/partitions/initial_attestation/attest_token.c b/secure_fw/partitions/initial_attestation/attest_token.c
index 43547e6a2..31b8db53f 100644
--- a/secure_fw/partitions/initial_attestation/attest_token.c
+++ b/secure_fw/partitions/initial_attestation/attest_token.c
@@ -111,6 +111,10 @@ enum attest_token_err_t attest_token_start(struct attest_token_ctx *me,
me->opt_flags = opt_flags;
me->key_select = key_select;
+ if (opt_flags & TOKEN_OPT_SHORT_CIRCUIT_SIGN) {
+ t_cose_options |= T_COSE_OPT_SHORT_CIRCUIT_TAG;
+ }
+
t_cose_mac0_sign_init(&(me->mac_ctx), t_cose_options, cose_alg_id);
attest_ret = attest_get_signing_key_handle(&key_handle);
diff --git a/test/suites/attestation/attest_symmetric_iat_decode.c b/test/suites/attestation/attest_symmetric_iat_decode.c
index 69c32b0f7..77312a30e 100644
--- a/test/suites/attestation/attest_symmetric_iat_decode.c
+++ b/test/suites/attestation/attest_symmetric_iat_decode.c
@@ -138,6 +138,10 @@ attest_token_decode_validate_token(struct attest_token_decode_context *me,
return return_value;
}
+ if (me->options & TOKEN_OPT_SHORT_CIRCUIT_SIGN) {
+ t_cose_options |= T_COSE_OPT_ALLOW_SHORT_CIRCUIT;
+ }
+
t_cose_mac0_verify_init(&verify_ctx, t_cose_options);
attest_key.crypto_lib = T_COSE_CRYPTO_LIB_PSA;