aboutsummaryrefslogtreecommitdiff
path: root/platform/ext/common
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2021-05-14 17:03:14 +0800
committerDavid Hu <david.hu@arm.com>2021-06-02 05:00:40 +0200
commit611610c1527a1d46569b2126eaa6a396986e4623 (patch)
tree3fea30ee1c49fe47e8ca612973949e7c15b23624 /platform/ext/common
parent51546c2e8b6265838ccdc04053c528549592e804 (diff)
downloadtrusted-firmware-m-611610c1527a1d46569b2126eaa6a396986e4623.tar.gz
Attest: Remove initial attestation get public key API function
It is overkill to implement a dedicated secure function for NS to fetch initial attestation public key just for test purpose. Besides, this function to get public key can be confusing as it is not defined in PSA Initial Attestation API spec. Remove get public key secure function from NS and S sides to simplify TF-M initial attestation implementation and interface. Change-Id: I8d0967698e3d2f2c684194caa9a6234585026a71 Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'platform/ext/common')
-rw-r--r--platform/ext/common/template/tfm_initial_attest_pub_key.c55
1 files changed, 55 insertions, 0 deletions
diff --git a/platform/ext/common/template/tfm_initial_attest_pub_key.c b/platform/ext/common/template/tfm_initial_attest_pub_key.c
new file mode 100644
index 0000000000..6a664aeddf
--- /dev/null
+++ b/platform/ext/common/template/tfm_initial_attest_pub_key.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdint.h>
+#include "psa/crypto.h"
+
+/*
+ * This file contains the hard coded public key part of the ECDSA P-256 secret
+ * key in: platform/ext/common/template/tfm_initial_attestation_key.pem
+ *
+ * The public key is used to verify the initial attestation token (IAT) for test
+ * and debug purpose only. This file is built only when tests are enabled.
+ *
+ * The key is stored in raw format, without any encoding(ASN.1, COSE).
+ *
+ * ####### DO NOT USE THIS KEY IN PRODUCTION #######
+ */
+
+/* Type of the EC curve which the key belongs to, in PSA curve ID form */
+const psa_ecc_family_t initial_attest_curve_type = PSA_ECC_CURVE_SECP256R1;
+
+/*
+ * Initial attestation public key in raw format, without any encoding.
+ * It belongs to the ECDSA P-256 curve.
+ *
+ * The octet string below is the output of psa_export_public_key(), which
+ * consists of the following parts:
+ * - The byte 0x04;
+ * - x_P as a 32 byte string, big-endian;
+ * - y_P as a 32 byte string, big-endian;
+ *
+ * The octet string can be passed to psa_import_key() to create a public key
+ * object for IAT verification.
+ *
+ * See psa_export_public_key() in PSA Crypto API spec for more details of
+ * representation of the public key.
+ */
+const uint8_t initial_attest_pub_key[] =
+{
+ 0x04, 0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50,
+ 0xA6, 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0,
+ 0x7A, 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1,
+ 0x7D, 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC,
+ 0x3F, 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68,
+ 0xBF, 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5,
+ 0x8D, 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3,
+ 0x08, 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68,
+ 0x64,
+};
+
+const uint32_t initial_attest_pub_key_size = sizeof(initial_attest_pub_key);