| Mark Horvath | bc58a68 | 2021-11-16 13:53:49 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2020-2022 Arm Limited. All rights reserved. |
| 3 | * |
| 4 | * Permission is hereby granted, free of charge, to any person obtaining a copy of |
| 5 | * this software and associated documentation files (the "Software"), to deal in |
| 6 | * the Software without restriction, including without limitation the rights to |
| 7 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of |
| 8 | * the Software, and to permit persons to whom the Software is furnished to do so, |
| 9 | * subject to the following conditions: |
| 10 | * |
| 11 | * The above copyright notice and this permission notice shall be included in all |
| 12 | * copies or substantial portions of the Software. |
| 13 | * |
| 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| 15 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS |
| 16 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR |
| 17 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER |
| 18 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
| 19 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| 20 | * |
| 21 | */ |
| 22 | |
| 23 | /* Key provisioning include. */ |
| 24 | #include "ota_provision.h" |
| 25 | |
| 26 | /* This is the public key which is derivated from TF-M's default S key: |
| 27 | * bl2/ext/mcuboot/root-rsa-2048.pem. |
| 28 | * If you used a different key to sign the image, then please replace the values here |
| 29 | * with your public key. Also please note that the OTA service only support RSA2048. |
| 30 | * (RSA3072 is not supported). |
| 31 | */ |
| 32 | static const char cOTARSAPublicKey[] = |
| 33 | "-----BEGIN PUBLIC KEY-----\n" |
| 34 | "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QYIGhhELBjo+/33DaNP\n" |
| 35 | "H7vuXvmq0ksY01rpbRiAGfnwnDQby/O8dNtC54x/EFN+Q14NVyxE0WcIDw27XO7s\n" |
| 36 | "s5nf4E2EC6p3QWDtFShJpwG0PBDmaYwvX6xBTZ5cFN/y+M89Hm/nW7q0qciIfkc8\n" |
| 37 | "lMN3Z1RLqo04NcpiYX634RXbd3PUvntyIYlpJPv4ZW5kPsgO14XVXErkUw0v/7f9\n" |
| 38 | "8xM5gz+jrtIPp2qd+f64zvoqvq+44PqCN1T0PuEr0NMIWBj2XkzIiIExrV+wghfy\n" |
| 39 | "imknI/Orhz6TGh3+6PgaJGZZ+Byr3M5oG2ZkNez6DRGdr1w6p9FnxkfvsUssYuHR\n" |
| 40 | "yQIDAQAB\n" |
| 41 | "-----END PUBLIC KEY-----"; |
| 42 | |
| 43 | /* This function can be found in amazon-freertos at libraries/3rdparty/mbedtls_utils/mbedtls_utils.c. */ |
| 44 | extern int convert_pem_to_der( const unsigned char * pucInput, |
| 45 | size_t xLen, |
| 46 | unsigned char * pucOutput, |
| 47 | size_t * pxOlen ); |
| 48 | |
| 49 | int ota_privision_code_signing_key(psa_key_handle_t * key_handle) |
| 50 | { |
| 51 | uint8_t public_key_der[310]; |
| 52 | size_t xLength = 310; |
| 53 | int result; |
| 54 | psa_status_t status; |
| 55 | psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| 56 | |
| 57 | result = convert_pem_to_der( ( const unsigned char * ) cOTARSAPublicKey, |
| 58 | sizeof( cOTARSAPublicKey ), |
| 59 | public_key_der, |
| 60 | &xLength ); |
| 61 | if( result != 0 ) |
| 62 | { |
| 63 | return result; |
| 64 | } |
| 65 | |
| 66 | psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); |
| 67 | psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PSS_ANY_SALT( PSA_ALG_SHA_256 ) ); |
| 68 | psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY ); |
| 69 | psa_set_key_bits( &attributes, 2048 ); |
| 70 | psa_set_key_lifetime( &attributes, PSA_KEY_LIFETIME_PERSISTENT ); |
| 71 | psa_set_key_id( &attributes, *key_handle ); |
| 72 | status = psa_import_key(&attributes, ( const uint8_t *)public_key_der, xLength, key_handle ); |
| 73 | |
| 74 | return status; |
| 75 | } |