diff options
Diffstat (limited to 'secure_fw')
7 files changed, 8 insertions, 215 deletions
diff --git a/secure_fw/partitions/initial_attestation/attest.h b/secure_fw/partitions/initial_attestation/attest.h index 91252cb2ed..3ee0f42459 100644 --- a/secure_fw/partitions/initial_attestation/attest.h +++ b/secure_fw/partitions/initial_attestation/attest.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2020, Arm Limited. All rights reserved. + * Copyright (c) 2018-2021, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -109,22 +109,6 @@ psa_status_t initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec, psa_outvec *out_vec, uint32_t num_outvec); -/** - * \brief Get the initial attestation public key. - * - * \param[in] in_vec Pointer to in_vec array, which contains input data - * to attestation service - * \param[in] num_invec Number of elements in in_vec array - * \param[out] out_vec Pointer to out_vec array, which contains pointer - * where to store the output data - * \param[in] num_outvec Number of elements in out_vec array - * - * \return Returns error code as specified in \ref psa_status_t - */ -psa_status_t -initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec, - psa_outvec *out_vec, uint32_t num_outvec); - #ifdef __cplusplus } #endif diff --git a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c index 54dc041fe2..9c9bec07a3 100644 --- a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c +++ b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2020, Arm Limited. All rights reserved. + * Copyright (c) 2019-2021, Arm Limited. All rights reserved. * Copyright (c) 2018-2019, Laurence Lundblade. * * SPDX-License-Identifier: BSD-3-Clause @@ -144,24 +144,6 @@ attest_get_signing_key_handle(psa_key_handle_t *handle) return PSA_ATTEST_ERR_SUCCESS; } -enum psa_attest_err_t -attest_get_initial_attestation_public_key(uint8_t **public_key, - size_t *public_key_len, - psa_ecc_family_t *public_key_curve) -{ - - /* If the public key length is 0 then it hasn't been loaded */ - if (attestation_public_key_len == 0) { - return PSA_ATTEST_ERR_GENERAL; - } - - *public_key = attestation_public_key; - *public_key_len = attestation_public_key_len; - *public_key_curve = attestation_key_curve; - - return PSA_ATTEST_ERR_SUCCESS; -} - /*! * \brief Static function to calculate instance id. * @@ -171,15 +153,10 @@ static enum psa_attest_err_t attest_calc_instance_id(void) { psa_status_t crypto_res; enum psa_attest_err_t attest_res; - uint8_t *public_key; - size_t key_len; psa_ecc_family_t psa_curve; psa_hash_operation_t hash = psa_hash_operation_init(); - attest_res = attest_get_initial_attestation_public_key(&public_key, - &key_len, - &psa_curve); - if (attest_res != PSA_ATTEST_ERR_SUCCESS) { + if (!attestation_public_key_len) { return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE; } @@ -188,7 +165,8 @@ static enum psa_attest_err_t attest_calc_instance_id(void) return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE; } - crypto_res = psa_hash_update(&hash, public_key, key_len); + crypto_res = psa_hash_update(&hash, attestation_public_key, + attestation_public_key_len); if (crypto_res != PSA_SUCCESS) { return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE; } diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c index 7a43b00670..9d7558c1c4 100644 --- a/secure_fw/partitions/initial_attestation/attest_core.c +++ b/secure_fw/partitions/initial_attestation/attest_core.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2020, Arm Limited. All rights reserved. + * Copyright (c) 2018-2021, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -904,65 +904,3 @@ initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec, error: return error_mapping_to_psa_status_t(attest_err); } - -#ifdef SYMMETRIC_INITIAL_ATTESTATION -psa_status_t -initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec, - psa_outvec *out_vec, uint32_t num_outvec) -{ - (void)in_vec; - (void)num_invec; - (void)out_vec; - (void)num_outvec; - - return PSA_ERROR_NOT_SUPPORTED; -} -#else /* SYMMETRIC_INITIAL_ATTESTATION */ -psa_status_t -initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec, - psa_outvec *out_vec, uint32_t num_outvec) -{ - enum psa_attest_err_t attest_err = PSA_ATTEST_ERR_SUCCESS; - struct q_useful_buf key_buffer; - uint8_t *key_source; - size_t key_len; - psa_ecc_family_t curve_type; - - (void)in_vec; - - if (num_invec != 0 || num_outvec != 3) { - attest_err = PSA_ATTEST_ERR_INVALID_INPUT; - goto error; - } - - key_buffer.ptr = out_vec[0].base; - key_buffer.len = out_vec[0].len; - - if (out_vec[1].len != sizeof(curve_type) || - out_vec[2].len != sizeof(key_len)) { - attest_err = PSA_ATTEST_ERR_INVALID_INPUT; - goto error; - } - - attest_err = attest_get_initial_attestation_public_key(&key_source, - &key_len, - &curve_type); - if (attest_err != PSA_ATTEST_ERR_SUCCESS) { - goto error; - } - - if (key_buffer.len < key_len) { - attest_err = PSA_ATTEST_ERR_BUFFER_OVERFLOW; - goto error; - } - - (void)tfm_memcpy(key_buffer.ptr, key_source, key_len); - - *(psa_ecc_family_t *)out_vec[1].base = curve_type; - - *(size_t *)out_vec[2].base = key_len; - -error: - return error_mapping_to_psa_status_t(attest_err); -} -#endif /* SYMMETRIC_INITIAL_ATTESTATION */ diff --git a/secure_fw/partitions/initial_attestation/attest_key.h b/secure_fw/partitions/initial_attestation/attest_key.h index a1d7cd4f1d..5a4f9b5efc 100644 --- a/secure_fw/partitions/initial_attestation/attest_key.h +++ b/secure_fw/partitions/initial_attestation/attest_key.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2020, Arm Limited. All rights reserved. + * Copyright (c) 2019-2021, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * @@ -68,23 +68,6 @@ attest_get_signing_key_handle(psa_key_handle_t *key_handle); enum psa_attest_err_t attest_get_instance_id(struct q_useful_buf_c *id_buf); -/** - * \brief Get the public key derived from the initial attestation private key. - * - * \param[out] public_key Pointer to public key buffer. - * \param[out] public_key_len Size of public key in bytes. - * \param[out] public_key_curve Type of the curve that is used in the public - * key. - * - * \retval PSA_ATTEST_ERR_SUCCESS Public key was successfully returned. - * \retval PSA_ATTEST_ERR_GENERAL Public key could not be returned. - */ - -enum psa_attest_err_t -attest_get_initial_attestation_public_key(uint8_t **public_key, - size_t *public_key_len, - psa_ecc_family_t *public_key_curve); - #ifdef INCLUDE_COSE_KEY_ID /** * \brief Get the attestation key ID. diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c index c2fdbd4b69..dc14e41434 100644 --- a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c +++ b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c @@ -98,43 +98,6 @@ static psa_status_t psa_attest_get_token_size(const psa_msg_t *msg) return status; } -static psa_status_t tfm_attest_get_public_key(const psa_msg_t *msg) -{ - psa_status_t status = PSA_SUCCESS; - uint8_t key_buf[ECC_P256_PUBLIC_KEY_SIZE]; - size_t key_len; - psa_ecc_family_t curve_type; - - psa_outvec out_vec[] = { - {.base = key_buf, .len = sizeof(key_buf)}, - {.base = &curve_type, .len = sizeof(curve_type)}, - {.base = &key_len, .len = sizeof(key_len)} - }; - - if (msg->out_size[1] != out_vec[1].len || - msg->out_size[2] != out_vec[2].len) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* Store the client ID here for later use in service. */ - g_attest_caller_id = msg->client_id; - - status = initial_attest_get_public_key(NULL, 0, - out_vec, IOVEC_LEN(out_vec)); - - if (msg->out_size[0] < key_len) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - - if (status == PSA_SUCCESS) { - psa_write(msg->handle, 0, key_buf, key_len); - psa_write(msg->handle, 1, &curve_type, out_vec[1].len); - psa_write(msg->handle, 2, &key_len, out_vec[2].len); - } - - return status; -} - /* * Fixme: Temporarily implement abort as infinite loop, * will replace it later. @@ -186,9 +149,6 @@ psa_status_t attest_partition_init(void) } else if (signals & TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL) { attest_signal_handle(TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL, psa_attest_get_token_size); - } else if (signals & TFM_ATTEST_GET_PUBLIC_KEY_SIGNAL) { - attest_signal_handle(TFM_ATTEST_GET_PUBLIC_KEY_SIGNAL, - tfm_attest_get_public_key); } else { tfm_abort(); } diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c index 8b0e6ee772..52744ed6dc 100644 --- a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c +++ b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c @@ -86,38 +86,3 @@ psa_initial_attest_get_token_size(size_t challenge_size, return status; } - -psa_status_t -tfm_initial_attest_get_public_key(uint8_t *public_key, - size_t public_key_buf_size, - size_t *public_key_len, - psa_ecc_family_t *elliptic_curve_type) -{ - psa_status_t status; - - psa_outvec out_vec[] = { - {.base = public_key, .len = public_key_buf_size}, - {.base = elliptic_curve_type, .len = sizeof(*elliptic_curve_type)}, - {.base = public_key_len, .len = sizeof(*public_key_len)} - }; - -#ifdef TFM_PSA_API - psa_handle_t handle = PSA_NULL_HANDLE; - - handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID, - TFM_ATTEST_GET_PUBLIC_KEY_VERSION); - if (!PSA_HANDLE_IS_VALID(handle)) { - return PSA_HANDLE_TO_ERROR(handle); - } - - status = psa_call(handle, PSA_IPC_CALL, - NULL, 0, - out_vec, IOVEC_LEN(out_vec)); - psa_close(handle); -#else - status = tfm_initial_attest_get_public_key_veneer(NULL, 0, - out_vec, IOVEC_LEN(out_vec)); -#endif - - return status; -} diff --git a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml index bc44f8f49c..d50bb80ed9 100644 --- a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml +++ b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------- -# Copyright (c) 2018-2020, Arm Limited. All rights reserved. +# Copyright (c) 2018-2021, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -29,14 +29,6 @@ "version": 1, "version_policy": "STRICT" }, - { - "name": "TFM_ATTEST_GET_PUBLIC_KEY", - "signal": "INITIAL_ATTEST_GET_PUBLIC_KEY", - "sid": "0x00000022", - "non_secure_clients": true, - "version": 1, - "version_policy": "STRICT" - } ], "services": [ { @@ -53,13 +45,6 @@ "version": 1, "version_policy": "STRICT" }, - { - "name": "TFM_ATTEST_GET_PUBLIC_KEY", - "sid": "0x00000022", - "non_secure_clients": true, - "version": 1, - "version_policy": "STRICT" - } ], "dependencies": [ "TFM_CRYPTO" |