feat(arm): ecdsa p384/p256 full key support

Add full key support for ECDSA P384 and P256. New .S files and p384 pem file created along with new plat_get_rotpk_info() flag ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID. Change-Id: I578b257eca41070bb4f4791ef429f2b8a66b1eb3 Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
author: laurenw-arm <lauren.wehrmeister@arm.com> 2023-08-15 14:57:56 -0500
committer: laurenw-arm <lauren.wehrmeister@arm.com> 2023-10-13 09:59:25 -0500
commit: b8ae68908de5560436c565ac22d59c0cbfc9a7df (patch)
tree: fbed95f0cbfd58254e5bf3da4c4e330d04a64552 /plat
parent: c1ec23dd60954582a9b5dd49e85b092e9ece0680 (diff)
5 files changed, 108 insertions, 15 deletions
diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c
index 24d88eec2..c4f15ddd9 100644
--- a/plat/arm/board/common/board_arm_trusted_boot.c
+++ b/plat/arm/board/common/board_arm_trusted_boot.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -94,20 +94,25 @@ int arm_get_rotpk_info_regs(void **key_ptr, unsigned int *key_len,
 #endif
 
 #if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
-    (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) || \
-    (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID)
+    (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
 int arm_get_rotpk_info_dev(void **key_ptr, unsigned int *key_len,
 			unsigned int *flags)
 {
-	if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID) {
-		*key_ptr = arm_rotpk_key;
-		*key_len = arm_rotpk_key_end - arm_rotpk_key;
-		*flags = 0;
-	} else {
-		*key_ptr = arm_rotpk_header;
-		*key_len = arm_rotpk_hash_end - arm_rotpk_header;
-		*flags = ROTPK_IS_HASH;
-	}
+	*key_ptr = arm_rotpk_header;
+	*key_len = arm_rotpk_hash_end - arm_rotpk_header;
+	*flags = ROTPK_IS_HASH;
+	return 0;
+}
+#endif
+
+#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID) || \
+    (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID)
+int arm_get_rotpk_info_dev(void **key_ptr, unsigned int *key_len,
+			unsigned int *flags)
+{
+	*key_ptr = arm_rotpk_key;
+	*key_len = arm_rotpk_key_end - arm_rotpk_key;
+	*flags = 0;
 	return 0;
 }
 #endif
@@ -144,9 +149,7 @@ static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
 	return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
 #else
 
-#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
-    (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) || \
-    (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID)
+#if ARM_USE_DEVEL_ROTPK
 	return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
 #elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
 	return arm_get_rotpk_info_regs(key_ptr, key_len, flags);
diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk
index 466582790..cbdbf7096 100644
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
@@ -39,6 +39,16 @@ else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_rsa_key)
 	ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S
 $(warning Development keys support for FVP is deprecated. Use `regs` \
 option instead)
+else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_ecdsa_key)
+	CRYPTO_ALG=ec
+	ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID
+ifeq (${KEY_SIZE},384)
+	ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S
+else
+	ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S
+endif
+$(warning Development keys support for FVP is deprecated. Use `regs` \
+option instead)
 else
 $(error "Unsupported ARM_ROTPK_LOCATION value")
 endif
diff --git a/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S b/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S
new file mode 100644
index 000000000..44f49bbd2
--- /dev/null
+++ b/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/* corstone1000 platform provides custom values for the macros defined in
+ * arm_def.h , so only platform_def.h needs to be included
+ */
+#if !defined(TARGET_PLATFORM_FVP) && !defined(TARGET_PLATFORM_FPGA)
+#include "plat/arm/common/arm_def.h"
+#else
+#include <platform_def.h>
+#endif
+
+	.global arm_rotpk_key
+	.global arm_rotpk_key_end
+
+	.section .rodata.arm_rotpk_key, "a"
+
+/* Derived from arm_rotprivk_ecdsa.pem private key file. */
+arm_rotpk_key:
+	.byte 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D
+	.byte 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01
+	.byte 0x07, 0x03, 0x42, 0x00, 0x04, 0x9B, 0xE6, 0x48, 0xBD, 0x34, 0x38
+	.byte 0xE1, 0xA2, 0xA4, 0xF3, 0x70, 0xE1, 0x54, 0xBB, 0x2F, 0xB0, 0x5A
+	.byte 0x4A, 0x0C, 0xFF, 0xC2, 0x87, 0xDB, 0xC0, 0xFB, 0x81, 0xE9, 0xF9
+	.byte 0xF9, 0x95, 0x7D, 0x7E, 0xA0, 0x0C, 0x7F, 0x0A, 0xD4, 0xE0, 0x62
+	.byte 0x4A, 0x94, 0x5F, 0xEC, 0x52, 0x7D, 0x44, 0x63, 0xC8, 0x9F, 0x61
+	.byte 0xFA, 0xC6, 0xCB, 0x7E, 0x6B, 0x53, 0xAD, 0x2C, 0xC5, 0x94, 0x0D
+	.byte 0x1A, 0x86, 0x91
+arm_rotpk_key_end:
+
+.if ARM_ROTPK_KEY_LEN != arm_rotpk_key_end - arm_rotpk_key
+.error "Invalid ROTPK length."
+.endif
diff --git a/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S b/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S
new file mode 100644
index 000000000..89ff9a2f2
--- /dev/null
+++ b/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/* corstone1000 platform provides custom values for the macros defined in
+ * arm_def.h , so only platform_def.h needs to be included
+ */
+#if !defined(TARGET_PLATFORM_FVP) && !defined(TARGET_PLATFORM_FPGA)
+#include "plat/arm/common/arm_def.h"
+#else
+#include <platform_def.h>
+#endif
+
+	.global arm_rotpk_key
+	.global arm_rotpk_key_end
+
+	.section .rodata.arm_rotpk_key, "a"
+
+/* Derived from arm_rotprivk_ecdsa_secp384r1.pem private key file. */
+arm_rotpk_key:
+	.byte 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D
+	.byte 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62
+	.byte 0x00, 0x04, 0xB8, 0xB0, 0xC7, 0xC4, 0x57, 0x19, 0xB7, 0x5A, 0x06
+	.byte 0x36, 0xC5, 0xD8, 0x3C, 0x4E, 0xC3, 0xB5, 0xE1, 0x15, 0x60, 0x0E
+	.byte 0x63, 0xD8, 0xAF, 0x22, 0x2C, 0x6D, 0x79, 0x29, 0xDF, 0x46, 0xA9
+	.byte 0x30, 0x12, 0x16, 0x2D, 0x4F, 0x0F, 0x96, 0x6B, 0x1F, 0x87, 0x06
+	.byte 0xDB, 0x8F, 0xD7, 0x08, 0x46, 0xE4, 0x4C, 0x22, 0xF3, 0xDE, 0xCE
+	.byte 0x0F, 0x72, 0x27, 0x00, 0xAA, 0xD8, 0xC3, 0x79, 0x80, 0x5E, 0xF1
+	.byte 0x35, 0x1B, 0x33, 0xB6, 0x31, 0xC4, 0x59, 0xD4, 0xE9, 0x65, 0x91
+	.byte 0x22, 0x58, 0x2F, 0x87, 0xF1, 0x6C, 0x27, 0xBE, 0x99, 0x6F, 0x5F
+	.byte 0x6C, 0x14, 0xC5, 0x37, 0x0C, 0x73, 0xB4, 0xE4, 0x8A, 0x63
+arm_rotpk_key_end:
+
+.if ARM_ROTPK_KEY_LEN != arm_rotpk_key_end - arm_rotpk_key
+.error "Invalid ROTPK length."
+.endif
diff --git a/plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem b/plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem
new file mode 100644
index 000000000..d40fc0523
--- /dev/null
+++ b/plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAWrGXulAoVCrH3oRMC
+/AGvn2LA6+VI0xtd9eCWCzIcOSt+AC+/kULZnypuC8bdGJOhZANiAAS4sMfEVxm3
+WgY2xdg8TsO14RVgDmPYryIsbXkp30apMBIWLU8Plmsfhwbbj9cIRuRMIvPezg9y
+JwCq2MN5gF7xNRsztjHEWdTpZZEiWC+H8WwnvplvX2wUxTcMc7TkimM=
+-----END PRIVATE KEY-----
author	laurenw-arm <lauren.wehrmeister@arm.com>	2023-08-15 14:57:56 -0500
committer	laurenw-arm <lauren.wehrmeister@arm.com>	2023-10-13 09:59:25 -0500
commit	b8ae68908de5560436c565ac22d59c0cbfc9a7df (patch)
tree	fbed95f0cbfd58254e5bf3da4c4e330d04a64552 /plat
parent	c1ec23dd60954582a9b5dd49e85b092e9ece0680 (diff)