diff options
author | David Hu <david.hu@arm.com> | 2021-05-14 17:03:14 +0800 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2021-06-02 05:00:40 +0200 |
commit | 611610c1527a1d46569b2126eaa6a396986e4623 (patch) | |
tree | 3fea30ee1c49fe47e8ca612973949e7c15b23624 /platform/ext/common | |
parent | 51546c2e8b6265838ccdc04053c528549592e804 (diff) | |
download | trusted-firmware-m-611610c1527a1d46569b2126eaa6a396986e4623.tar.gz |
Attest: Remove initial attestation get public key API function
It is overkill to implement a dedicated secure function for NS to fetch
initial attestation public key just for test purpose.
Besides, this function to get public key can be confusing as it is not
defined in PSA Initial Attestation API spec.
Remove get public key secure function from NS and S sides to simplify
TF-M initial attestation implementation and interface.
Change-Id: I8d0967698e3d2f2c684194caa9a6234585026a71
Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'platform/ext/common')
-rw-r--r-- | platform/ext/common/template/tfm_initial_attest_pub_key.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/platform/ext/common/template/tfm_initial_attest_pub_key.c b/platform/ext/common/template/tfm_initial_attest_pub_key.c new file mode 100644 index 0000000000..6a664aeddf --- /dev/null +++ b/platform/ext/common/template/tfm_initial_attest_pub_key.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <stdint.h> +#include "psa/crypto.h" + +/* + * This file contains the hard coded public key part of the ECDSA P-256 secret + * key in: platform/ext/common/template/tfm_initial_attestation_key.pem + * + * The public key is used to verify the initial attestation token (IAT) for test + * and debug purpose only. This file is built only when tests are enabled. + * + * The key is stored in raw format, without any encoding(ASN.1, COSE). + * + * ####### DO NOT USE THIS KEY IN PRODUCTION ####### + */ + +/* Type of the EC curve which the key belongs to, in PSA curve ID form */ +const psa_ecc_family_t initial_attest_curve_type = PSA_ECC_CURVE_SECP256R1; + +/* + * Initial attestation public key in raw format, without any encoding. + * It belongs to the ECDSA P-256 curve. + * + * The octet string below is the output of psa_export_public_key(), which + * consists of the following parts: + * - The byte 0x04; + * - x_P as a 32 byte string, big-endian; + * - y_P as a 32 byte string, big-endian; + * + * The octet string can be passed to psa_import_key() to create a public key + * object for IAT verification. + * + * See psa_export_public_key() in PSA Crypto API spec for more details of + * representation of the public key. + */ +const uint8_t initial_attest_pub_key[] = +{ + 0x04, 0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, + 0xA6, 0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, + 0x7A, 0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, + 0x7D, 0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, + 0x3F, 0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, + 0xBF, 0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, + 0x8D, 0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, + 0x08, 0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, + 0x64, +}; + +const uint32_t initial_attest_pub_key_size = sizeof(initial_attest_pub_key); |