aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTamas Ban <tamas.ban@arm.com>2019-09-02 20:04:25 +0100
committerTamas Ban <tamas.ban@arm.com>2019-09-23 11:24:57 +0000
commitcedee10533530f1951120898f72602aa557e3848 (patch)
tree6cfc3d681875d83f3df3ee847747b76e8713b0ba /lib
parent9a5294ed559de5024327dc364d8869c73cda08af (diff)
downloadtrusted-firmware-m-cedee10533530f1951120898f72602aa557e3848.tar.gz
Attest: Remove key-id from token header
The unprotected part of the COSE token header, which contains the key-id in not a mandatory requirement by the PSA initial attestation specification. This change remove key-id and related code as part of the code optimization activity. Change-Id: Ic22fc949d2c8070ad77c5556013d28fe4f955559 Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/t_cose/src/t_cose_psa_crypto_sign.c2
-rw-r--r--lib/t_cose/src/t_cose_sign1_sign.c19
-rw-r--r--lib/t_cose/src/t_cose_sign1_verify.c3
3 files changed, 15 insertions, 9 deletions
diff --git a/lib/t_cose/src/t_cose_psa_crypto_sign.c b/lib/t_cose/src/t_cose_psa_crypto_sign.c
index ba1bca2188..f2516442ed 100644
--- a/lib/t_cose/src/t_cose_psa_crypto_sign.c
+++ b/lib/t_cose/src/t_cose_psa_crypto_sign.c
@@ -65,6 +65,7 @@ t_cose_crypto_pub_key_sign(int32_t cose_alg_id,
return cose_ret;
}
+#ifdef INCLUDE_TEST_CODE_AND_KEY_ID /* Remove them from release build */
enum t_cose_err_t
t_cose_crypto_get_ec_pub_key(int32_t key_select,
struct q_useful_buf_c kid,
@@ -108,3 +109,4 @@ t_cose_crypto_get_ec_pub_key(int32_t key_select,
return T_COSE_SUCCESS;
}
+#endif /* INCLUDE_TEST_CODE_AND_KEY_ID */
diff --git a/lib/t_cose/src/t_cose_sign1_sign.c b/lib/t_cose/src/t_cose_sign1_sign.c
index 0dd32525a0..1e6e606a8a 100644
--- a/lib/t_cose/src/t_cose_sign1_sign.c
+++ b/lib/t_cose/src/t_cose_sign1_sign.c
@@ -103,6 +103,7 @@ Done:
(T_COSE_CRYPTO_EC_P256_COORD_SIZE + 1 + 2)
+#ifdef INCLUDE_TEST_CODE_AND_KEY_ID /* Remove them from release build */
/**
* \brief CBOR encode a public key as a \c COSE_Key
*
@@ -274,6 +275,7 @@ static inline enum t_cose_err_t get_keyid(int32_t key_select,
Done:
return return_value;
}
+#endif /* INCLUDE_TEST_CODE_AND_KEY_ID */
/**
@@ -342,11 +344,12 @@ static inline void add_unprotected_headers(QCBOREncodeContext *cbor_encode_ctx,
struct q_useful_buf_c kid)
{
QCBOREncode_OpenMap(cbor_encode_ctx);
- QCBOREncode_AddBytesToMapN(cbor_encode_ctx, COSE_HEADER_PARAM_KID, kid);
+ if(!q_useful_buf_c_is_null_or_empty(kid)) {
+ QCBOREncode_AddBytesToMapN(cbor_encode_ctx, COSE_HEADER_PARAM_KID, kid);
+ }
QCBOREncode_CloseMap(cbor_encode_ctx);
}
-
/*
* Public function. See t_cose_sign1_sign.h
*/
@@ -364,10 +367,14 @@ enum t_cose_err_t t_cose_sign1_init(struct t_cose_sign1_ctx *me,
int32_t hash_alg;
enum t_cose_err_t return_value;
- Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE);
- struct q_useful_buf_c kid;
struct q_useful_buf buffer_for_protected_header;
+#ifdef INCLUDE_TEST_CODE_AND_KEY_ID /* Remove them from release build */
+ Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_kid, T_COSE_CRYPTO_SHA256_SIZE);
+#endif
+ struct q_useful_buf_c kid = NULLUsefulBufC;
+
+
/* Check the cose_alg_id now by getting the hash alg as an early
error check even though it is not used until later. */
hash_alg = hash_alg_id_from_sig_alg_id(cose_alg_id);
@@ -387,14 +394,12 @@ enum t_cose_err_t t_cose_sign1_init(struct t_cose_sign1_ctx *me,
if(short_circuit_sign) {
return_value = get_short_circuit_kid(buffer_for_kid, &kid);
} else {
-#endif
return_value = get_keyid(key_select, buffer_for_kid, &kid);
-#ifdef INCLUDE_TEST_CODE_AND_KEY_ID /* Remove them from release build */
}
-#endif
if(return_value) {
goto Done;
}
+#endif
/* Get started with the tagged array that holds the four parts of
a cose single signed message */
diff --git a/lib/t_cose/src/t_cose_sign1_verify.c b/lib/t_cose/src/t_cose_sign1_verify.c
index d6c864e177..f8dc74832d 100644
--- a/lib/t_cose/src/t_cose_sign1_verify.c
+++ b/lib/t_cose/src/t_cose_sign1_verify.c
@@ -166,7 +166,7 @@ enum t_cose_err_t t_cose_sign1_verify(int32_t option_flags,
QCBORItem item;
struct q_useful_buf_c protected_headers;
int32_t cose_algorithm_id;
- struct q_useful_buf_c kid;
+ struct q_useful_buf_c kid = NULL_Q_USEFUL_BUF_C;
enum t_cose_err_t return_value;
int result;
/* Buffer for the tbs hash. Only big enough for SHA256 */
@@ -221,7 +221,6 @@ enum t_cose_err_t t_cose_sign1_verify(int32_t option_flags,
goto Done;
}
-
/* -- Get the payload -- */
QCBORDecode_GetNext(&decode_context, &item);
if(item.uDataType != QCBOR_TYPE_BYTE_STRING) {