commit a71bc97892f0bb9d06d45fcba7b8ea2479744ab6
author Tamas Ban <tamas.ban@arm.com> Mon Sep 16 13:57:38 2024 +0200
committer David Vincze <david.vincze@arm.com> Mon Feb 17 07:59:14 2025 +0000
tree 5f784ff1b9f1f4742302ad9c83b946d048e7a2ed
parent a2282cb6fe370b1aea74ba6c6665ab40dc57d2ac

COSE: Switch tests over to upstream t_cose

Switch from TF-M's t_cose library fork to the upstream repo
being downloaded from https://github.com/laurencelundblade/t_cose.

Change-Id: I9e2a859c67e902c6ecc1dc5ab996241e3d33e4ab
Signed-off-by: Adam Kulesza <adam.kulesza@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

lib/ext/t_cose/0003-Import-EC-keys-with-ECDSA-xxx-algo-rather-than-ECDH.patch

diff --git a/lib/ext/t_cose/0003-Import-EC-keys-with-ECDSA-xxx-algo-rather-than-ECDH.patch b/lib/ext/t_cose/0003-Import-EC-keys-with-ECDSA-xxx-algo-rather-than-ECDH.patch
new file mode 100644
index 0000000..9bec776
--- /dev/null
+++ b/lib/ext/t_cose/0003-Import-EC-keys-with-ECDSA-xxx-algo-rather-than-ECDH.patch
@@ -0,0 +1,59 @@
+From 543f32dc625c905ddf98222270cdc23751ad4abe Mon Sep 17 00:00:00 2001
+From: Tamas Ban <tamas.ban@arm.com>
+Date: Mon, 30 Sep 2024 14:23:03 +0200
+Subject: [PATCH 3/3] Import EC keys with ECDSA(xxx) algo rather than ECDH
+
+To make the DPE certificate verification working
+with t_cose_key_dedode() API.
+
+The original code registers the keys with ECDH
+algorithm. In this case psa_has_verify() returns
+with PSA_ERROR_NOT_PERMITTED.
+
+Signed-off-by: Tamas Ban <tamas.ban@arm.com>
+---
+ crypto_adapters/t_cose_psa_crypto.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/crypto_adapters/t_cose_psa_crypto.c b/crypto_adapters/t_cose_psa_crypto.c
+index 16151c6..80d1961 100644
+--- a/crypto_adapters/t_cose_psa_crypto.c
++++ b/crypto_adapters/t_cose_psa_crypto.c
+@@ -1663,6 +1663,7 @@ t_cose_crypto_import_ec2_pubkey(int32_t               cose_ec_curve_id,
+     psa_status_t          status;
+     psa_key_attributes_t  attributes;
+     psa_key_type_t        type_public;
++    psa_algorithm_t       alg;
+     struct q_useful_buf_c  import;
+     // TODO: really make sure this size is right for the curve types supported
+     UsefulOutBuf_MakeOnStack (import_form, T_COSE_EXPORT_PUBLIC_KEY_MAX_SIZE + 5);
+@@ -1670,12 +1671,15 @@ t_cose_crypto_import_ec2_pubkey(int32_t               cose_ec_curve_id,
+     switch (cose_ec_curve_id) {
+     case T_COSE_ELLIPTIC_CURVE_P_256:
+          type_public  = PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1);
++         alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
+          break;
+     case T_COSE_ELLIPTIC_CURVE_P_384:
+          type_public  = PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1);
++         alg = PSA_ALG_ECDSA(PSA_ALG_SHA_384);
+          break;
+     case T_COSE_ELLIPTIC_CURVE_P_521:
+          type_public  = PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1);
++         alg = PSA_ALG_ECDSA(PSA_ALG_SHA_512);
+          break;
+ 
+     default:
+@@ -1685,8 +1689,8 @@ t_cose_crypto_import_ec2_pubkey(int32_t               cose_ec_curve_id,
+ 
+     // TODO: are these attributes right?
+     attributes = psa_key_attributes_init();
+-    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_COPY);
+-    psa_set_key_algorithm(&attributes, PSA_ALG_ECDH);
++    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
++    psa_set_key_algorithm(&attributes, alg);
+     psa_set_key_type(&attributes, type_public);
+ 
+     /* This converts to a serialized representation of an EC Point
+-- 
+2.34.1
+