aboutsummaryrefslogtreecommitdiff
path: root/secure_fw
diff options
context:
space:
mode:
Diffstat (limited to 'secure_fw')
-rw-r--r--secure_fw/partitions/initial_attestation/attest.h18
-rw-r--r--secure_fw/partitions/initial_attestation/attest_asymmetric_key.c30
-rw-r--r--secure_fw/partitions/initial_attestation/attest_core.c64
-rw-r--r--secure_fw/partitions/initial_attestation/attest_key.h19
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c40
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c35
-rw-r--r--secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml17
7 files changed, 8 insertions, 215 deletions
diff --git a/secure_fw/partitions/initial_attestation/attest.h b/secure_fw/partitions/initial_attestation/attest.h
index 91252cb2ed..3ee0f42459 100644
--- a/secure_fw/partitions/initial_attestation/attest.h
+++ b/secure_fw/partitions/initial_attestation/attest.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -109,22 +109,6 @@ psa_status_t
initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec);
-/**
- * \brief Get the initial attestation public key.
- *
- * \param[in] in_vec Pointer to in_vec array, which contains input data
- * to attestation service
- * \param[in] num_invec Number of elements in in_vec array
- * \param[out] out_vec Pointer to out_vec array, which contains pointer
- * where to store the output data
- * \param[in] num_outvec Number of elements in out_vec array
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-psa_status_t
-initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec);
-
#ifdef __cplusplus
}
#endif
diff --git a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
index 54dc041fe2..9c9bec07a3 100644
--- a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
* Copyright (c) 2018-2019, Laurence Lundblade.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -144,24 +144,6 @@ attest_get_signing_key_handle(psa_key_handle_t *handle)
return PSA_ATTEST_ERR_SUCCESS;
}
-enum psa_attest_err_t
-attest_get_initial_attestation_public_key(uint8_t **public_key,
- size_t *public_key_len,
- psa_ecc_family_t *public_key_curve)
-{
-
- /* If the public key length is 0 then it hasn't been loaded */
- if (attestation_public_key_len == 0) {
- return PSA_ATTEST_ERR_GENERAL;
- }
-
- *public_key = attestation_public_key;
- *public_key_len = attestation_public_key_len;
- *public_key_curve = attestation_key_curve;
-
- return PSA_ATTEST_ERR_SUCCESS;
-}
-
/*!
* \brief Static function to calculate instance id.
*
@@ -171,15 +153,10 @@ static enum psa_attest_err_t attest_calc_instance_id(void)
{
psa_status_t crypto_res;
enum psa_attest_err_t attest_res;
- uint8_t *public_key;
- size_t key_len;
psa_ecc_family_t psa_curve;
psa_hash_operation_t hash = psa_hash_operation_init();
- attest_res = attest_get_initial_attestation_public_key(&public_key,
- &key_len,
- &psa_curve);
- if (attest_res != PSA_ATTEST_ERR_SUCCESS) {
+ if (!attestation_public_key_len) {
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
@@ -188,7 +165,8 @@ static enum psa_attest_err_t attest_calc_instance_id(void)
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
- crypto_res = psa_hash_update(&hash, public_key, key_len);
+ crypto_res = psa_hash_update(&hash, attestation_public_key,
+ attestation_public_key_len);
if (crypto_res != PSA_SUCCESS) {
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c
index 7a43b00670..9d7558c1c4 100644
--- a/secure_fw/partitions/initial_attestation/attest_core.c
+++ b/secure_fw/partitions/initial_attestation/attest_core.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -904,65 +904,3 @@ initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
error:
return error_mapping_to_psa_status_t(attest_err);
}
-
-#ifdef SYMMETRIC_INITIAL_ATTESTATION
-psa_status_t
-initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec)
-{
- (void)in_vec;
- (void)num_invec;
- (void)out_vec;
- (void)num_outvec;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-#else /* SYMMETRIC_INITIAL_ATTESTATION */
-psa_status_t
-initial_attest_get_public_key(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec)
-{
- enum psa_attest_err_t attest_err = PSA_ATTEST_ERR_SUCCESS;
- struct q_useful_buf key_buffer;
- uint8_t *key_source;
- size_t key_len;
- psa_ecc_family_t curve_type;
-
- (void)in_vec;
-
- if (num_invec != 0 || num_outvec != 3) {
- attest_err = PSA_ATTEST_ERR_INVALID_INPUT;
- goto error;
- }
-
- key_buffer.ptr = out_vec[0].base;
- key_buffer.len = out_vec[0].len;
-
- if (out_vec[1].len != sizeof(curve_type) ||
- out_vec[2].len != sizeof(key_len)) {
- attest_err = PSA_ATTEST_ERR_INVALID_INPUT;
- goto error;
- }
-
- attest_err = attest_get_initial_attestation_public_key(&key_source,
- &key_len,
- &curve_type);
- if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
- goto error;
- }
-
- if (key_buffer.len < key_len) {
- attest_err = PSA_ATTEST_ERR_BUFFER_OVERFLOW;
- goto error;
- }
-
- (void)tfm_memcpy(key_buffer.ptr, key_source, key_len);
-
- *(psa_ecc_family_t *)out_vec[1].base = curve_type;
-
- *(size_t *)out_vec[2].base = key_len;
-
-error:
- return error_mapping_to_psa_status_t(attest_err);
-}
-#endif /* SYMMETRIC_INITIAL_ATTESTATION */
diff --git a/secure_fw/partitions/initial_attestation/attest_key.h b/secure_fw/partitions/initial_attestation/attest_key.h
index a1d7cd4f1d..5a4f9b5efc 100644
--- a/secure_fw/partitions/initial_attestation/attest_key.h
+++ b/secure_fw/partitions/initial_attestation/attest_key.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -68,23 +68,6 @@ attest_get_signing_key_handle(psa_key_handle_t *key_handle);
enum psa_attest_err_t
attest_get_instance_id(struct q_useful_buf_c *id_buf);
-/**
- * \brief Get the public key derived from the initial attestation private key.
- *
- * \param[out] public_key Pointer to public key buffer.
- * \param[out] public_key_len Size of public key in bytes.
- * \param[out] public_key_curve Type of the curve that is used in the public
- * key.
- *
- * \retval PSA_ATTEST_ERR_SUCCESS Public key was successfully returned.
- * \retval PSA_ATTEST_ERR_GENERAL Public key could not be returned.
- */
-
-enum psa_attest_err_t
-attest_get_initial_attestation_public_key(uint8_t **public_key,
- size_t *public_key_len,
- psa_ecc_family_t *public_key_curve);
-
#ifdef INCLUDE_COSE_KEY_ID
/**
* \brief Get the attestation key ID.
diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
index c2fdbd4b69..dc14e41434 100644
--- a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
+++ b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
@@ -98,43 +98,6 @@ static psa_status_t psa_attest_get_token_size(const psa_msg_t *msg)
return status;
}
-static psa_status_t tfm_attest_get_public_key(const psa_msg_t *msg)
-{
- psa_status_t status = PSA_SUCCESS;
- uint8_t key_buf[ECC_P256_PUBLIC_KEY_SIZE];
- size_t key_len;
- psa_ecc_family_t curve_type;
-
- psa_outvec out_vec[] = {
- {.base = key_buf, .len = sizeof(key_buf)},
- {.base = &curve_type, .len = sizeof(curve_type)},
- {.base = &key_len, .len = sizeof(key_len)}
- };
-
- if (msg->out_size[1] != out_vec[1].len ||
- msg->out_size[2] != out_vec[2].len) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- /* Store the client ID here for later use in service. */
- g_attest_caller_id = msg->client_id;
-
- status = initial_attest_get_public_key(NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
-
- if (msg->out_size[0] < key_len) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- if (status == PSA_SUCCESS) {
- psa_write(msg->handle, 0, key_buf, key_len);
- psa_write(msg->handle, 1, &curve_type, out_vec[1].len);
- psa_write(msg->handle, 2, &key_len, out_vec[2].len);
- }
-
- return status;
-}
-
/*
* Fixme: Temporarily implement abort as infinite loop,
* will replace it later.
@@ -186,9 +149,6 @@ psa_status_t attest_partition_init(void)
} else if (signals & TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL) {
attest_signal_handle(TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL,
psa_attest_get_token_size);
- } else if (signals & TFM_ATTEST_GET_PUBLIC_KEY_SIGNAL) {
- attest_signal_handle(TFM_ATTEST_GET_PUBLIC_KEY_SIGNAL,
- tfm_attest_get_public_key);
} else {
tfm_abort();
}
diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
index 8b0e6ee772..52744ed6dc 100644
--- a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
+++ b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
@@ -86,38 +86,3 @@ psa_initial_attest_get_token_size(size_t challenge_size,
return status;
}
-
-psa_status_t
-tfm_initial_attest_get_public_key(uint8_t *public_key,
- size_t public_key_buf_size,
- size_t *public_key_len,
- psa_ecc_family_t *elliptic_curve_type)
-{
- psa_status_t status;
-
- psa_outvec out_vec[] = {
- {.base = public_key, .len = public_key_buf_size},
- {.base = elliptic_curve_type, .len = sizeof(*elliptic_curve_type)},
- {.base = public_key_len, .len = sizeof(*public_key_len)}
- };
-
-#ifdef TFM_PSA_API
- psa_handle_t handle = PSA_NULL_HANDLE;
-
- handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID,
- TFM_ATTEST_GET_PUBLIC_KEY_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
- NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
-#else
- status = tfm_initial_attest_get_public_key_veneer(NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
-#endif
-
- return status;
-}
diff --git a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
index bc44f8f49c..d50bb80ed9 100644
--- a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
+++ b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -29,14 +29,6 @@
"version": 1,
"version_policy": "STRICT"
},
- {
- "name": "TFM_ATTEST_GET_PUBLIC_KEY",
- "signal": "INITIAL_ATTEST_GET_PUBLIC_KEY",
- "sid": "0x00000022",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
],
"services": [
{
@@ -53,13 +45,6 @@
"version": 1,
"version_policy": "STRICT"
},
- {
- "name": "TFM_ATTEST_GET_PUBLIC_KEY",
- "sid": "0x00000022",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
],
"dependencies": [
"TFM_CRYPTO"