| Tamas Ban | a71bc97 | 2024-09-16 13:57:38 +0200 | [diff] [blame] | 1 | From 543f32dc625c905ddf98222270cdc23751ad4abe Mon Sep 17 00:00:00 2001 |
| 2 | From: Tamas Ban <tamas.ban@arm.com> |
| 3 | Date: Mon, 30 Sep 2024 14:23:03 +0200 |
| 4 | Subject: [PATCH 3/3] Import EC keys with ECDSA(xxx) algo rather than ECDH |
| 5 | |
| 6 | To make the DPE certificate verification working |
| 7 | with t_cose_key_dedode() API. |
| 8 | |
| 9 | The original code registers the keys with ECDH |
| 10 | algorithm. In this case psa_has_verify() returns |
| 11 | with PSA_ERROR_NOT_PERMITTED. |
| 12 | |
| 13 | Signed-off-by: Tamas Ban <tamas.ban@arm.com> |
| 14 | --- |
| 15 | crypto_adapters/t_cose_psa_crypto.c | 8 ++++++-- |
| 16 | 1 file changed, 6 insertions(+), 2 deletions(-) |
| 17 | |
| 18 | diff --git a/crypto_adapters/t_cose_psa_crypto.c b/crypto_adapters/t_cose_psa_crypto.c |
| 19 | index 16151c6..80d1961 100644 |
| 20 | --- a/crypto_adapters/t_cose_psa_crypto.c |
| 21 | +++ b/crypto_adapters/t_cose_psa_crypto.c |
| 22 | @@ -1663,6 +1663,7 @@ t_cose_crypto_import_ec2_pubkey(int32_t cose_ec_curve_id, |
| 23 | psa_status_t status; |
| 24 | psa_key_attributes_t attributes; |
| 25 | psa_key_type_t type_public; |
| 26 | + psa_algorithm_t alg; |
| 27 | struct q_useful_buf_c import; |
| 28 | // TODO: really make sure this size is right for the curve types supported |
| 29 | UsefulOutBuf_MakeOnStack (import_form, T_COSE_EXPORT_PUBLIC_KEY_MAX_SIZE + 5); |
| 30 | @@ -1670,12 +1671,15 @@ t_cose_crypto_import_ec2_pubkey(int32_t cose_ec_curve_id, |
| 31 | switch (cose_ec_curve_id) { |
| 32 | case T_COSE_ELLIPTIC_CURVE_P_256: |
| 33 | type_public = PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1); |
| 34 | + alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256); |
| 35 | break; |
| 36 | case T_COSE_ELLIPTIC_CURVE_P_384: |
| 37 | type_public = PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1); |
| 38 | + alg = PSA_ALG_ECDSA(PSA_ALG_SHA_384); |
| 39 | break; |
| 40 | case T_COSE_ELLIPTIC_CURVE_P_521: |
| 41 | type_public = PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1); |
| 42 | + alg = PSA_ALG_ECDSA(PSA_ALG_SHA_512); |
| 43 | break; |
| 44 | |
| 45 | default: |
| 46 | @@ -1685,8 +1689,8 @@ t_cose_crypto_import_ec2_pubkey(int32_t cose_ec_curve_id, |
| 47 | |
| 48 | // TODO: are these attributes right? |
| 49 | attributes = psa_key_attributes_init(); |
| 50 | - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_COPY); |
| 51 | - psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); |
| 52 | + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); |
| 53 | + psa_set_key_algorithm(&attributes, alg); |
| 54 | psa_set_key_type(&attributes, type_public); |
| 55 | |
| 56 | /* This converts to a serialized representation of an EC Point |
| 57 | -- |
| 58 | 2.34.1 |
| 59 | |