From b8ae68908de5560436c565ac22d59c0cbfc9a7df Mon Sep 17 00:00:00 2001 From: laurenw-arm Date: Tue, 15 Aug 2023 14:57:56 -0500 Subject: feat(arm): ecdsa p384/p256 full key support Add full key support for ECDSA P384 and P256. New .S files and p384 pem file created along with new plat_get_rotpk_info() flag ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID. Change-Id: I578b257eca41070bb4f4791ef429f2b8a66b1eb3 Signed-off-by: Lauren Wehrmeister --- plat/arm/board/common/board_arm_trusted_boot.c | 33 ++++++++++--------- plat/arm/board/common/board_common.mk | 10 ++++++ .../common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S | 36 ++++++++++++++++++++ .../common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S | 38 ++++++++++++++++++++++ .../common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem | 6 ++++ 5 files changed, 108 insertions(+), 15 deletions(-) create mode 100644 plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S create mode 100644 plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S create mode 100644 plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem (limited to 'plat') diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c index 24d88eec2..c4f15ddd9 100644 --- a/plat/arm/board/common/board_arm_trusted_boot.c +++ b/plat/arm/board/common/board_arm_trusted_boot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -94,20 +94,25 @@ int arm_get_rotpk_info_regs(void **key_ptr, unsigned int *key_len, #endif #if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \ - (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) || \ - (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID) + (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) int arm_get_rotpk_info_dev(void **key_ptr, unsigned int *key_len, unsigned int *flags) { - if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID) { - *key_ptr = arm_rotpk_key; - *key_len = arm_rotpk_key_end - arm_rotpk_key; - *flags = 0; - } else { - *key_ptr = arm_rotpk_header; - *key_len = arm_rotpk_hash_end - arm_rotpk_header; - *flags = ROTPK_IS_HASH; - } + *key_ptr = arm_rotpk_header; + *key_len = arm_rotpk_hash_end - arm_rotpk_header; + *flags = ROTPK_IS_HASH; + return 0; +} +#endif + +#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID) || \ + (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID) +int arm_get_rotpk_info_dev(void **key_ptr, unsigned int *key_len, + unsigned int *flags) +{ + *key_ptr = arm_rotpk_key; + *key_len = arm_rotpk_key_end - arm_rotpk_key; + *flags = 0; return 0; } #endif @@ -144,9 +149,7 @@ static int get_rotpk_info(void **key_ptr, unsigned int *key_len, return arm_get_rotpk_info_cc(key_ptr, key_len, flags); #else -#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \ - (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) || \ - (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID) +#if ARM_USE_DEVEL_ROTPK return arm_get_rotpk_info_dev(key_ptr, key_len, flags); #elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) return arm_get_rotpk_info_regs(key_ptr, key_len, flags); diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk index 466582790..cbdbf7096 100644 --- a/plat/arm/board/common/board_common.mk +++ b/plat/arm/board/common/board_common.mk @@ -39,6 +39,16 @@ else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_rsa_key) ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_rsa_rotpk.S $(warning Development keys support for FVP is deprecated. Use `regs` \ option instead) +else ifeq (${ARM_ROTPK_LOCATION}, devel_full_dev_ecdsa_key) + CRYPTO_ALG=ec + ARM_ROTPK_LOCATION_ID = ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID +ifeq (${KEY_SIZE},384) + ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S +else + ARM_ROTPK_S = plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S +endif +$(warning Development keys support for FVP is deprecated. Use `regs` \ +option instead) else $(error "Unsupported ARM_ROTPK_LOCATION value") endif diff --git a/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S b/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S new file mode 100644 index 000000000..44f49bbd2 --- /dev/null +++ b/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p256_rotpk.S @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2023, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/* corstone1000 platform provides custom values for the macros defined in + * arm_def.h , so only platform_def.h needs to be included + */ +#if !defined(TARGET_PLATFORM_FVP) && !defined(TARGET_PLATFORM_FPGA) +#include "plat/arm/common/arm_def.h" +#else +#include +#endif + + .global arm_rotpk_key + .global arm_rotpk_key_end + + .section .rodata.arm_rotpk_key, "a" + +/* Derived from arm_rotprivk_ecdsa.pem private key file. */ +arm_rotpk_key: + .byte 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D + .byte 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01 + .byte 0x07, 0x03, 0x42, 0x00, 0x04, 0x9B, 0xE6, 0x48, 0xBD, 0x34, 0x38 + .byte 0xE1, 0xA2, 0xA4, 0xF3, 0x70, 0xE1, 0x54, 0xBB, 0x2F, 0xB0, 0x5A + .byte 0x4A, 0x0C, 0xFF, 0xC2, 0x87, 0xDB, 0xC0, 0xFB, 0x81, 0xE9, 0xF9 + .byte 0xF9, 0x95, 0x7D, 0x7E, 0xA0, 0x0C, 0x7F, 0x0A, 0xD4, 0xE0, 0x62 + .byte 0x4A, 0x94, 0x5F, 0xEC, 0x52, 0x7D, 0x44, 0x63, 0xC8, 0x9F, 0x61 + .byte 0xFA, 0xC6, 0xCB, 0x7E, 0x6B, 0x53, 0xAD, 0x2C, 0xC5, 0x94, 0x0D + .byte 0x1A, 0x86, 0x91 +arm_rotpk_key_end: + +.if ARM_ROTPK_KEY_LEN != arm_rotpk_key_end - arm_rotpk_key +.error "Invalid ROTPK length." +.endif diff --git a/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S b/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S new file mode 100644 index 000000000..89ff9a2f2 --- /dev/null +++ b/plat/arm/board/common/rotpk/arm_full_dev_ecdsa_p384_rotpk.S @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2023, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/* corstone1000 platform provides custom values for the macros defined in + * arm_def.h , so only platform_def.h needs to be included + */ +#if !defined(TARGET_PLATFORM_FVP) && !defined(TARGET_PLATFORM_FPGA) +#include "plat/arm/common/arm_def.h" +#else +#include +#endif + + .global arm_rotpk_key + .global arm_rotpk_key_end + + .section .rodata.arm_rotpk_key, "a" + +/* Derived from arm_rotprivk_ecdsa_secp384r1.pem private key file. */ +arm_rotpk_key: + .byte 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D + .byte 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62 + .byte 0x00, 0x04, 0xB8, 0xB0, 0xC7, 0xC4, 0x57, 0x19, 0xB7, 0x5A, 0x06 + .byte 0x36, 0xC5, 0xD8, 0x3C, 0x4E, 0xC3, 0xB5, 0xE1, 0x15, 0x60, 0x0E + .byte 0x63, 0xD8, 0xAF, 0x22, 0x2C, 0x6D, 0x79, 0x29, 0xDF, 0x46, 0xA9 + .byte 0x30, 0x12, 0x16, 0x2D, 0x4F, 0x0F, 0x96, 0x6B, 0x1F, 0x87, 0x06 + .byte 0xDB, 0x8F, 0xD7, 0x08, 0x46, 0xE4, 0x4C, 0x22, 0xF3, 0xDE, 0xCE + .byte 0x0F, 0x72, 0x27, 0x00, 0xAA, 0xD8, 0xC3, 0x79, 0x80, 0x5E, 0xF1 + .byte 0x35, 0x1B, 0x33, 0xB6, 0x31, 0xC4, 0x59, 0xD4, 0xE9, 0x65, 0x91 + .byte 0x22, 0x58, 0x2F, 0x87, 0xF1, 0x6C, 0x27, 0xBE, 0x99, 0x6F, 0x5F + .byte 0x6C, 0x14, 0xC5, 0x37, 0x0C, 0x73, 0xB4, 0xE4, 0x8A, 0x63 +arm_rotpk_key_end: + +.if ARM_ROTPK_KEY_LEN != arm_rotpk_key_end - arm_rotpk_key +.error "Invalid ROTPK length." +.endif diff --git a/plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem b/plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem new file mode 100644 index 000000000..d40fc0523 --- /dev/null +++ b/plat/arm/board/common/rotpk/arm_rotprivk_ecdsa_secp384r1.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAWrGXulAoVCrH3oRMC +/AGvn2LA6+VI0xtd9eCWCzIcOSt+AC+/kULZnypuC8bdGJOhZANiAAS4sMfEVxm3 +WgY2xdg8TsO14RVgDmPYryIsbXkp30apMBIWLU8Plmsfhwbbj9cIRuRMIvPezg9y +JwCq2MN5gF7xNRsztjHEWdTpZZEiWC+H8WwnvplvX2wUxTcMc7TkimM= +-----END PRIVATE KEY----- -- cgit v1.2.3