Attest: Replace crypto related size definitions
Replace hard-coded values with the PSA Crypto macros
to calculate the size of the ECC public key.
Change-Id: I613e10d67eb968bd47a3f40c014b743003c9a9ed
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/platform/include/tfm_plat_crypto_keys.h b/platform/include/tfm_plat_crypto_keys.h
index d9a21b3..82202f0 100644
--- a/platform/include/tfm_plat_crypto_keys.h
+++ b/platform/include/tfm_plat_crypto_keys.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -62,8 +62,6 @@
uint32_t puby_key_size;
};
-#define ECC_P_256_KEY_SIZE (96u) /* 3 x 32 = 96 bytes priv + pub-x + pub-y */
-
#define ROTPK_HASH_LEN (32u) /* SHA256 */
/**
diff --git a/secure_fw/services/initial_attestation/attestation_key.c b/secure_fw/services/initial_attestation/attestation_key.c
index 25f9761..2dcab02 100644
--- a/secure_fw/services/initial_attestation/attestation_key.c
+++ b/secure_fw/services/initial_attestation/attestation_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -12,6 +12,18 @@
#include "platform/include/tfm_plat_defs.h"
#include "platform/include/tfm_plat_crypto_keys.h"
+#define ECC_P256_PUBLIC_KEY_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
+
+/**
+ * The size of X and Y coordinate in 2 parameter style EC public
+ * key. Format is as defined in [COSE (RFC 8152)]
+ * (https://tools.ietf.org/html/rfc8152) and [SEC 1: Elliptic Curve
+ * Cryptography](http://www.secg.org/sec1-v2.pdf).
+ *
+ * This size is well-known and documented in public standards.
+ */
+#define ECC_P256_COORD_SIZE PSA_BITS_TO_BYTES(256) /* 256 bits -> 32 bytes */
+
/* 0 is defined as an invalid handle in the PSA spec, so it is used here to
* indicate that the key isn't loaded.
*/
@@ -27,7 +39,7 @@
* The public key is kept loaded as it is both not required to be secret (and
* hence can be kept in attestation memory) and immutable.
*/
-static uint8_t attestation_public_key[ECC_P_256_KEY_SIZE];
+static uint8_t attestation_public_key[ECC_P256_PUBLIC_KEY_SIZE]; /* 65bytes */
static size_t attestation_public_key_len = 0;
static psa_ecc_curve_t attestation_key_curve;
@@ -37,7 +49,7 @@
enum tfm_plat_err_t plat_res;
psa_ecc_curve_t psa_curve;
struct ecc_key_t attest_key = {0};
- uint8_t key_buf[ECC_P_256_KEY_SIZE];
+ uint8_t key_buf[3 * ECC_P256_COORD_SIZE]; /* priv + x_coord + y_coord */
psa_key_type_t attest_key_type;
psa_key_handle_t key_handle;
psa_status_t crypto_res;
@@ -89,7 +101,7 @@
/* If the public key length is 0 then it hasn't been loaded */
if (attestation_public_key_len == 0) {
crypto_res = psa_export_public_key(key_handle, attestation_public_key,
- ECC_P_256_KEY_SIZE,
+ ECC_P256_PUBLIC_KEY_SIZE,
&attestation_public_key_len);
if (crypto_res != PSA_SUCCESS) {
return PSA_ATTEST_ERR_GENERAL;
diff --git a/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c b/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
index 1ee9fdd..6539dcb 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -7,7 +7,7 @@
#include <string.h>
#include "psa/initial_attestation.h"
-#include "psa/crypto_types.h"
+#include "psa/crypto.h"
#include "attestation.h"
#ifdef TFM_PSA_API
@@ -15,8 +15,8 @@
#include "tfm_client.h"
#include "psa/service.h"
#include "region_defs.h"
-#include "tfm_plat_crypto_keys.h"
+#define ECC_P256_PUBLIC_KEY_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
typedef enum psa_attest_err_t (*attest_func_t)(const psa_msg_t *msg);
@@ -102,7 +102,7 @@
static enum psa_attest_err_t tfm_attest_get_public_key(const psa_msg_t *msg)
{
enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
- uint8_t key_buf[ECC_P_256_KEY_SIZE];
+ uint8_t key_buf[ECC_P256_PUBLIC_KEY_SIZE];
size_t key_len;
psa_ecc_curve_t curve_type;