TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / 122360ffb1e7278406183714249afefcb2184488^! / .
commit122360ffb1e7278406183714249afefcb2184488[log] [tgz]
authorTamas Ban <tamas.ban@arm.com>Fri May 10 09:34:34 2019 +0100
committerTamas Ban <tamas.ban@arm.com>Fri May 24 13:56:45 2019 +0000
tree0bb8dff5707f83d8eca5e2ae719b3b527054754a
parent6c08f9ded121f80bd96de0faf437afc601b42463 [diff]
Attest: Replace example asymmetric key-pair

Generate a new key pair with openssl to has it a
standard PEM encoding to be compliant with other tools.

Change-Id: I404cb942d0c22459310c4cfcfe62f435e7e73514
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

diff --git a/platform/ext/common/tfm_initial_attestation_key.pem b/platform/ext/common/tfm_initial_attestation_key.pem
index f2c928e..e87fe56 100644
--- a/platform/ext/common/tfm_initial_attestation_key.pem
+++ b/platform/ext/common/tfm_initial_attestation_key.pem

@@ -1,5 +1,5 @@
------BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgx0ZwvLfoWzgD77Qo
-lASS5z4/6dT3taitXkgMvby1VMKhRANCAATc8ND0vNXialTuNsrWYNKD0Sq8X3MH
-3lhonnfNYEUudYy621/p+JpxB+Wi6OpE7BsJt9oqGoKgJSpMHCbuHtfP
------END PRIVATE KEY-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKm0VLJtb5Ck6jEZNWTLqR/sb5oAKn3AUEuSoZNxNFhfoAoGCCqGSM49
+AwEHoUQDQgAEeeupDov0UKZ1FXatRZmwet+TjaO7C9F9ADbtSaLQ/D+/zfqJVrVo
+v9uGc+ZI2LWNkplVsUomwwgPNBF9lx1oZA==
+-----END EC PRIVATE KEY-----
\ No newline at end of file

diff --git a/platform/ext/common/tfm_initial_attestation_key_material.c b/platform/ext/common/tfm_initial_attestation_key_material.c
index b3ef451..b13cc99 100644
--- a/platform/ext/common/tfm_initial_attestation_key_material.c
+++ b/platform/ext/common/tfm_initial_attestation_key_material.c

@@ -22,8 +22,9 @@
  *       - X-coordinate: 32 bytes
  *       - Y-coordinate: 32 bytes
  *
- * The hash of the raw public key (H(X || Y)) is also included, because it is
- * used as an instance ID. It is a unique identifier of the device instance.
+ * The hash of the raw public key (H(0x04 || X || Y)) is also included, because
+ * it is used as an instance ID. It is a unique identifier of the device
+ * instance.
  *
  * Instance ID is mapped to:
  *   - UEID in the EAT token
@@ -42,10 +43,10 @@
 TFM_LINK_SET_OBJECT_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
 const uint8_t initial_attestation_private_key[] =
 {
-    0xC7, 0x46, 0x70, 0xBC, 0xB7, 0xE8, 0x5B, 0x38,
-    0x03, 0xEF, 0xB4, 0x28, 0x94, 0x04, 0x92, 0xE7,
-    0x3E, 0x3F, 0xE9, 0xD4, 0xF7, 0xB5, 0xA8, 0xAD,
-    0x5E, 0x48, 0x0C, 0xBD, 0xBC, 0xB5, 0x54, 0xC2
+    0xA9, 0xB4, 0x54, 0xB2, 0x6D, 0x6F, 0x90, 0xA4,
+    0xEA, 0x31, 0x19, 0x35, 0x64, 0xCB, 0xA9, 0x1F,
+    0xEC, 0x6F, 0x9A, 0x00, 0x2A, 0x7D, 0xC0, 0x50,
+    0x4B, 0x92, 0xA1, 0x93, 0x71, 0x34, 0x58, 0x5F
 };
 
 TFM_LINK_SET_OBJECT_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
@@ -60,10 +61,10 @@
 TFM_LINK_SET_OBJECT_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
 const uint8_t initial_attestation_public_x_key[] =
 {
-    0xDC, 0xF0, 0xD0, 0xF4, 0xBC, 0xD5, 0xE2, 0x6A,
-    0x54, 0xEE, 0x36, 0xCA, 0xD6, 0x60, 0xD2, 0x83,
-    0xD1, 0x2A, 0xBC, 0x5F, 0x73, 0x07, 0xDE, 0x58,
-    0x68, 0x9E, 0x77, 0xCD, 0x60, 0x45, 0x2E, 0x75,
+    0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6,
+    0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A,
+    0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D,
+    0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F
 };
 
 TFM_LINK_SET_OBJECT_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
@@ -78,24 +79,28 @@
 TFM_LINK_SET_OBJECT_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
 const uint8_t initial_attestation_public_y_key[] =
 {
-    0x8C, 0xBA, 0xDB, 0x5F, 0xE9, 0xF8, 0x9A, 0x71,
-    0x07, 0xE5, 0xA2, 0xE8, 0xEA, 0x44, 0xEC, 0x1B,
-    0x09, 0xB7, 0xDA, 0x2A, 0x1A, 0x82, 0xA0, 0x25,
-    0x2A, 0x4C, 0x1C, 0x26, 0xEE, 0x1E, 0xD7, 0xCF,
+    0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF,
+    0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D,
+    0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08,
+    0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64
 };
 
 TFM_LINK_SET_OBJECT_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
 const uint32_t initial_attestation_public_y_key_size =
         sizeof(initial_attestation_public_y_key);
 
-/* Hash (SHA256) of initial attestation public key */
+/* Hash (SHA256) of initial attestation public key.
+ * Byte string representation of ECC public key according to
+ * psa_export_public_key() in interface/include/psa_crypto.h:
+ * 0x04 || X_coord || Y_coord
+ */
 TFM_LINK_SET_OBJECT_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
 const uint8_t initial_attestation_raw_public_key_hash[] =
 {
-    0xf4, 0x0c, 0x8f, 0xbf, 0x12, 0xdb, 0x78, 0x2a,
-    0xfd, 0xf4, 0x75, 0x96, 0x6a, 0x06, 0x82, 0x36,
-    0xe0, 0x32, 0xab, 0x80, 0xd1, 0xb7, 0xf1, 0xbc,
-    0x9f, 0xe7, 0xd8, 0x7a, 0x88, 0xcb, 0x26, 0xd0,
+    0xfa, 0x58, 0x75, 0x5f, 0x65, 0x86, 0x27, 0xce,
+    0x54, 0x60, 0xf2, 0x9b, 0x75, 0x29, 0x67, 0x13,
+    0x24, 0x8c, 0xae, 0x7a, 0xd9, 0xe2, 0x98, 0x4b,
+    0x90, 0x28, 0x0e, 0xfc, 0xbc, 0xb5, 0x02, 0x48
 };
 
 TFM_LINK_SET_OBJECT_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")

diff --git a/test/suites/attestation/attest_public_key.c b/test/suites/attestation/attest_public_key.c
index dc701ef..c7fc869 100644
--- a/test/suites/attestation/attest_public_key.c
+++ b/test/suites/attestation/attest_public_key.c

@@ -44,16 +44,17 @@
      /* Constant byte */
      0x04,
      /* X-coordinate */
-     {0xDC, 0xF0, 0xD0, 0xF4, 0xBC, 0xD5, 0xE2, 0x6A,
-      0x54, 0xEE, 0x36, 0xCA, 0xD6, 0x60, 0xD2, 0x83,
-      0xD1, 0x2A, 0xBC, 0x5F, 0x73, 0x07, 0xDE, 0x58,
-      0x68, 0x9E, 0x77, 0xCD, 0x60, 0x45, 0x2E, 0x75,
+     {0x79, 0xEB, 0xA9, 0x0E, 0x8B, 0xF4, 0x50, 0xA6,
+      0x75, 0x15, 0x76, 0xAD, 0x45, 0x99, 0xB0, 0x7A,
+      0xDF, 0x93, 0x8D, 0xA3, 0xBB, 0x0B, 0xD1, 0x7D,
+      0x00, 0x36, 0xED, 0x49, 0xA2, 0xD0, 0xFC, 0x3F,
      /* Y-coordinate */
-      0x8C, 0xBA, 0xDB, 0x5F, 0xE9, 0xF8, 0x9A, 0x71,
-      0x07, 0xE5, 0xA2, 0xE8, 0xEA, 0x44, 0xEC, 0x1B,
-      0x09, 0xB7, 0xDA, 0x2A, 0x1A, 0x82, 0xA0, 0x25,
-      0x2A, 0x4C, 0x1C, 0x26, 0xEE, 0x1E, 0xD7, 0xCF},
+      0xBF, 0xCD, 0xFA, 0x89, 0x56, 0xB5, 0x68, 0xBF,
+      0xDB, 0x86, 0x73, 0xE6, 0x48, 0xD8, 0xB5, 0x8D,
+      0x92, 0x99, 0x55, 0xB1, 0x4A, 0x26, 0xC3, 0x08,
+      0x0F, 0x34, 0x11, 0x7D, 0x97, 0x1D, 0x68, 0x64},
 };
+
 /*!
  * \var ecc_curve
  *

diff --git a/test/suites/attestation/attest_token_test_values.h b/test/suites/attestation/attest_token_test_values.h
index 6ece280..dc4e8e6 100644
--- a/test/suites/attestation/attest_token_test_values.h
+++ b/test/suites/attestation/attest_token_test_values.h

@@ -94,10 +94,10 @@
     (struct q_useful_buf_c) {\
         (uint8_t[]){ \
             0x01, \
-            0xf4, 0x0c, 0x8f, 0xbf, 0x12, 0xdb, 0x78, 0x2a, \
-            0xfd, 0xf4, 0x75, 0x96, 0x6a, 0x06, 0x82, 0x36, \
-            0xe0, 0x32, 0xab, 0x80, 0xd1, 0xb7, 0xf1, 0xbc, \
-            0x9f, 0xe7, 0xd8, 0x7a, 0x88, 0xcb, 0x26, 0xd0  \
+            0xfa, 0x58, 0x75, 0x5f, 0x65, 0x86, 0x27, 0xce, \
+            0x54, 0x60, 0xf2, 0x9b, 0x75, 0x29, 0x67, 0x13, \
+            0x24, 0x8c, 0xae, 0x7a, 0xd9, 0xe2, 0x98, 0x4b, \
+            0x90, 0x28, 0x0e, 0xfc, 0xbc, 0xb5, 0x02, 0x48  \
         },\
         33\
     }