Platform: Use PSA ECC ID for attestation key
Change from using a COSE curve ID to a PSA curve ID to simplify the
loading of keys into the crypto service.
Change-Id: Id67816810107ecd2e5f5be768363091dda7a9615
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/platform/ext/common/tfm_initial_attestation_key_material.c b/platform/ext/common/tfm_initial_attestation_key_material.c
index 11eb35f..794eb71 100644
--- a/platform/ext/common/tfm_initial_attestation_key_material.c
+++ b/platform/ext/common/tfm_initial_attestation_key_material.c
@@ -8,6 +8,8 @@
#include <stdint.h>
#include "platform/include/tfm_plat_defs.h"
#include "platform/include/tfm_plat_crypto_keys.h"
+#include "psa/crypto_types.h"
+#include "psa/crypto_values.h"
/*
* This file contains the hard coded version of the ECDSA P-256 secret key in:
@@ -23,7 +25,7 @@
/* Type of the EC curve which the key belongs to, in PSA curve ID form */
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
-const enum ecc_curve_t initial_attestation_curve_type = P_256;
+const psa_ecc_curve_t initial_attestation_curve_type = PSA_ECC_CURVE_SECP256R1;
/* Initial attestation private key in raw format, without any encoding.
* It belongs to the ECDSA P-256 curve.
diff --git a/platform/ext/target/mps2/an519/dummy_crypto_keys.c b/platform/ext/target/mps2/an519/dummy_crypto_keys.c
index 4e24ce0..9cb21e0 100644
--- a/platform/ext/target/mps2/an519/dummy_crypto_keys.c
+++ b/platform/ext/target/mps2/an519/dummy_crypto_keys.c
@@ -16,6 +16,7 @@
#include "platform/include/tfm_plat_crypto_keys.h"
#include <stddef.h>
+#include "psa/crypto_types.h"
/* FIXME: Functions in this file should be implemented by platform vendor. For
* the security of the storage system, it is critical to use a hardware unique
@@ -32,7 +33,7 @@
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-extern const enum ecc_curve_t initial_attestation_curve_type;
+extern const psa_ecc_curve_t initial_attestation_curve_type;
extern const uint8_t initial_attestation_private_key[];
extern const uint32_t initial_attestation_private_key_size;
@@ -72,7 +73,7 @@
tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint32_t size,
struct ecc_key_t *ecc_key,
- enum ecc_curve_t *curve_type)
+ psa_ecc_curve_t *curve_type)
{
uint8_t *key_dst;
const uint8_t *key_src;
diff --git a/platform/ext/target/mps2/an521/dummy_crypto_keys.c b/platform/ext/target/mps2/an521/dummy_crypto_keys.c
index 0a4ba79..66d2c36 100644
--- a/platform/ext/target/mps2/an521/dummy_crypto_keys.c
+++ b/platform/ext/target/mps2/an521/dummy_crypto_keys.c
@@ -16,6 +16,7 @@
#include "platform/include/tfm_plat_crypto_keys.h"
#include <stddef.h>
+#include "psa/crypto_types.h"
/* FIXME: Functions in this file should be implemented by platform vendor. For
* the security of the storage system, it is critical to use a hardware unique
@@ -32,7 +33,7 @@
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-extern const enum ecc_curve_t initial_attestation_curve_type;
+extern const psa_ecc_curve_t initial_attestation_curve_type;
extern const uint8_t initial_attestation_private_key[];
extern const uint32_t initial_attestation_private_key_size;
@@ -72,7 +73,7 @@
tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint32_t size,
struct ecc_key_t *ecc_key,
- enum ecc_curve_t *curve_type)
+ psa_ecc_curve_t *curve_type)
{
uint8_t *key_dst;
const uint8_t *key_src;
diff --git a/platform/ext/target/mps2/an539/dummy_crypto_keys.c b/platform/ext/target/mps2/an539/dummy_crypto_keys.c
index 1b2fa0b..ba7c860 100644
--- a/platform/ext/target/mps2/an539/dummy_crypto_keys.c
+++ b/platform/ext/target/mps2/an539/dummy_crypto_keys.c
@@ -16,6 +16,7 @@
#include "platform/include/tfm_plat_crypto_keys.h"
#include <stddef.h>
+#include "psa/crypto_types.h"
/* FIXME: Functions in this file should be implemented by platform vendor. For
* the security of the storage system, it is critical to use a hardware unique
@@ -29,7 +30,7 @@
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-extern const enum ecc_curve_t initial_attestation_curve_type;
+extern const psa_ecc_curve_t initial_attestation_curve_type;
extern const uint8_t initial_attestation_private_key[];
extern const uint32_t initial_attestation_private_key_size;
@@ -69,7 +70,7 @@
tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint32_t size,
struct ecc_key_t *ecc_key,
- enum ecc_curve_t *curve_type)
+ psa_ecc_curve_t *curve_type)
{
uint8_t *key_dst;
const uint8_t *key_src;
diff --git a/platform/ext/target/mps3/an524/dummy_crypto_keys.c b/platform/ext/target/mps3/an524/dummy_crypto_keys.c
index 6de71e8..83cbd1c 100644
--- a/platform/ext/target/mps3/an524/dummy_crypto_keys.c
+++ b/platform/ext/target/mps3/an524/dummy_crypto_keys.c
@@ -16,6 +16,7 @@
#include "platform/include/tfm_plat_crypto_keys.h"
#include <stddef.h>
+#include "psa/crypto_types.h"
/* FIXME: Functions in this file should be implemented by platform vendor. For
* the security of the storage system, it is critical to use a hardware unique
@@ -29,7 +30,7 @@
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-extern const enum ecc_curve_t initial_attestation_curve_type;
+extern const psa_ecc_curve_t initial_attestation_curve_type;
extern const uint8_t initial_attestation_private_key[];
extern const uint32_t initial_attestation_private_key_size;
@@ -69,7 +70,7 @@
tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint32_t size,
struct ecc_key_t *ecc_key,
- enum ecc_curve_t *curve_type)
+ psa_ecc_curve_t *curve_type)
{
uint8_t *key_dst;
const uint8_t *key_src;
diff --git a/platform/ext/target/musca_a/dummy_crypto_keys.c b/platform/ext/target/musca_a/dummy_crypto_keys.c
index c9f820b..3bf1f99 100644
--- a/platform/ext/target/musca_a/dummy_crypto_keys.c
+++ b/platform/ext/target/musca_a/dummy_crypto_keys.c
@@ -16,6 +16,7 @@
#include "platform/include/tfm_plat_crypto_keys.h"
#include <stddef.h>
+#include "psa/crypto_types.h"
/* FIXME: Functions in this file should be implemented by platform vendor. For
* the security of the storage system, it is critical to use a hardware unique
@@ -32,7 +33,7 @@
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-extern const enum ecc_curve_t initial_attestation_curve_type;
+extern const psa_ecc_curve_t initial_attestation_curve_type;
extern const uint8_t initial_attestation_private_key[];
extern const uint32_t initial_attestation_private_key_size;
@@ -72,7 +73,7 @@
tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint32_t size,
struct ecc_key_t *ecc_key,
- enum ecc_curve_t *curve_type)
+ psa_ecc_curve_t *curve_type)
{
uint8_t *key_dst;
const uint8_t *key_src;
diff --git a/platform/ext/target/musca_b1/dummy_crypto_keys.c b/platform/ext/target/musca_b1/dummy_crypto_keys.c
index 6de71e8..83cbd1c 100644
--- a/platform/ext/target/musca_b1/dummy_crypto_keys.c
+++ b/platform/ext/target/musca_b1/dummy_crypto_keys.c
@@ -16,6 +16,7 @@
#include "platform/include/tfm_plat_crypto_keys.h"
#include <stddef.h>
+#include "psa/crypto_types.h"
/* FIXME: Functions in this file should be implemented by platform vendor. For
* the security of the storage system, it is critical to use a hardware unique
@@ -29,7 +30,7 @@
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-extern const enum ecc_curve_t initial_attestation_curve_type;
+extern const psa_ecc_curve_t initial_attestation_curve_type;
extern const uint8_t initial_attestation_private_key[];
extern const uint32_t initial_attestation_private_key_size;
@@ -69,7 +70,7 @@
tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint32_t size,
struct ecc_key_t *ecc_key,
- enum ecc_curve_t *curve_type)
+ psa_ecc_curve_t *curve_type)
{
uint8_t *key_dst;
const uint8_t *key_src;
diff --git a/platform/include/tfm_plat_crypto_keys.h b/platform/include/tfm_plat_crypto_keys.h
index 59b438b..81c54a7 100644
--- a/platform/include/tfm_plat_crypto_keys.h
+++ b/platform/include/tfm_plat_crypto_keys.h
@@ -14,6 +14,7 @@
#include <stdint.h>
#include "tfm_plat_defs.h"
+#include "psa/crypto.h"
#ifdef __cplusplus
extern "C" {
@@ -23,7 +24,7 @@
* Elliptic curve key type identifiers according to RFC8152 (COSE encoding)
* https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
*/
-enum ecc_curve_t {
+enum cose_ecc_curve_t {
P_256 = 1, /* NIST P-256 also known as secp256r1 */
P_384 = 2, /* NIST P-384 also known as secp384r1 */
P_521 = 3, /* NIST P-521 also known as secp521r1 */
@@ -110,7 +111,7 @@
* about the initial attestation key, which is
* stored in key_buf.
* \param[out] curve_type The type of the EC curve, which the key belongs
- * to according to \ref ecc_curve_t
+ * to according to \ref psa_ecc_curve_t
*
* \return Returns error code specified in \ref tfm_plat_err_t
*/
@@ -118,7 +119,7 @@
tfm_plat_get_initial_attest_key(uint8_t *key_buf,
uint32_t size,
struct ecc_key_t *ecc_key,
- enum ecc_curve_t *curve_type);
+ psa_ecc_curve_t *curve_type);
/**
* \brief Get the hash of the corresponding Root of Trust Public Key for