diff options
author | Tamas Ban <tamas.ban@arm.com> | 2019-09-02 20:04:25 +0100 |
---|---|---|
committer | Tamas Ban <tamas.ban@arm.com> | 2019-09-23 11:24:57 +0000 |
commit | cedee10533530f1951120898f72602aa557e3848 (patch) | |
tree | 6cfc3d681875d83f3df3ee847747b76e8713b0ba /lib | |
parent | 9a5294ed559de5024327dc364d8869c73cda08af (diff) | |
download | trusted-firmware-m-cedee10533530f1951120898f72602aa557e3848.tar.gz |
Attest: Remove key-id from token header
The unprotected part of the COSE token header, which contains
the key-id in not a mandatory requirement by the PSA initial
attestation specification. This change remove key-id and related
code as part of the code optimization activity.
Change-Id: Ic22fc949d2c8070ad77c5556013d28fe4f955559
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/t_cose/src/t_cose_psa_crypto_sign.c | 2 | ||||
-rw-r--r-- | lib/t_cose/src/t_cose_sign1_sign.c | 19 | ||||
-rw-r--r-- | lib/t_cose/src/t_cose_sign1_verify.c | 3 |
3 files changed, 15 insertions, 9 deletions
diff --git a/lib/t_cose/src/t_cose_psa_crypto_sign.c b/lib/t_cose/src/t_cose_psa_crypto_sign.c index ba1bca2188..f2516442ed 100644 --- a/lib/t_cose/src/t_cose_psa_crypto_sign.c +++ b/lib/t_cose/src/t_cose_psa_crypto_sign.c @@ -65,6 +65,7 @@ t_cose_crypto_pub_key_sign(int32_t cose_alg_id, return cose_ret; } +#ifdef INCLUDE_TEST_CODE_AND_KEY_ID /* Remove them from release build */ enum t_cose_err_t t_cose_crypto_get_ec_pub_key(int32_t key_select, struct q_useful_buf_c kid, @@ -108,3 +109,4 @@ t_cose_crypto_get_ec_pub_key(int32_t key_select, return T_COSE_SUCCESS; } +#endif /* INCLUDE_TEST_CODE_AND_KEY_ID */ diff --git a/lib/t_cose/src/t_cose_sign1_sign.c b/lib/t_cose/src/t_cose_sign1_sign.c index 0dd32525a0..1e6e606a8a 100644 --- a/lib/t_cose/src/t_cose_sign1_sign.c +++ b/lib/t_cose/src/t_cose_sign1_sign.c @@ -103,6 +103,7 @@ Done: (T_COSE_CRYPTO_EC_P256_COORD_SIZE + 1 + 2) +#ifdef INCLUDE_TEST_CODE_AND_KEY_ID /* Remove them from release build */ /** * \brief CBOR encode a public key as a \c COSE_Key * @@ -274,6 +275,7 @@ static inline enum t_cose_err_t get_keyid(int32_t key_select, Done: return return_value; } +#endif /* INCLUDE_TEST_CODE_AND_KEY_ID */ /** @@ -342,11 +344,12 @@ static inline void add_unprotected_headers(QCBOREncodeContext *cbor_encode_ctx, struct q_useful_buf_c kid) { QCBOREncode_OpenMap(cbor_encode_ctx); - QCBOREncode_AddBytesToMapN(cbor_encode_ctx, COSE_HEADER_PARAM_KID, kid); + if(!q_useful_buf_c_is_null_or_empty(kid)) { + QCBOREncode_AddBytesToMapN(cbor_encode_ctx, COSE_HEADER_PARAM_KID, kid); + } QCBOREncode_CloseMap(cbor_encode_ctx); } - /* * Public function. See t_cose_sign1_sign.h */ @@ -364,10 +367,14 @@ enum t_cose_err_t t_cose_sign1_init(struct t_cose_sign1_ctx *me, int32_t hash_alg; enum t_cose_err_t return_value; - Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE); - struct q_useful_buf_c kid; struct q_useful_buf buffer_for_protected_header; +#ifdef INCLUDE_TEST_CODE_AND_KEY_ID /* Remove them from release build */ + Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE); +#endif + struct q_useful_buf_c kid = NULLUsefulBufC; + + /* Check the cose_alg_id now by getting the hash alg as an early error check even though it is not used until later. */ hash_alg = hash_alg_id_from_sig_alg_id(cose_alg_id); @@ -387,14 +394,12 @@ enum t_cose_err_t t_cose_sign1_init(struct t_cose_sign1_ctx *me, if(short_circuit_sign) { return_value = get_short_circuit_kid(buffer_for_kid, &kid); } else { -#endif return_value = get_keyid(key_select, buffer_for_kid, &kid); -#ifdef INCLUDE_TEST_CODE_AND_KEY_ID /* Remove them from release build */ } -#endif if(return_value) { goto Done; } +#endif /* Get started with the tagged array that holds the four parts of a cose single signed message */ diff --git a/lib/t_cose/src/t_cose_sign1_verify.c b/lib/t_cose/src/t_cose_sign1_verify.c index d6c864e177..f8dc74832d 100644 --- a/lib/t_cose/src/t_cose_sign1_verify.c +++ b/lib/t_cose/src/t_cose_sign1_verify.c @@ -166,7 +166,7 @@ enum t_cose_err_t t_cose_sign1_verify(int32_t option_flags, QCBORItem item; struct q_useful_buf_c protected_headers; int32_t cose_algorithm_id; - struct q_useful_buf_c kid; + struct q_useful_buf_c kid = NULL_Q_USEFUL_BUF_C; enum t_cose_err_t return_value; int result; /* Buffer for the tbs hash. Only big enough for SHA256 */ @@ -221,7 +221,6 @@ enum t_cose_err_t t_cose_sign1_verify(int32_t option_flags, goto Done; } - /* -- Get the payload -- */ QCBORDecode_GetNext(&decode_context, &item); if(item.uDataType != QCBOR_TYPE_BYTE_STRING) { |