From: Sandrine Bailleux <sandrine.bailleux@arm.com>
Date: Mon, 17 Feb 2020 12:41:59 +0000 (+0100)
Subject: TBBR: Reduce size of ECDSA key buffers
X-Git-Tag: baikal/aarch64/sdk5.9~1591^2
X-Git-Url: https://git.baikalelectronics.ru/?a=commitdiff_plain;h=495599cd0a56143f9e5159f354b5718ac84e7431;p=arm-tf.git

TBBR: Reduce size of ECDSA key buffers

The TBBR implementation extracts public keys from certificates and
stores them in static buffers. DER-encoded ECDSA keys are only 91 bytes
each but were each allocated 294 bytes instead. Reducing the size of
these buffers saves 609 bytes of BSS in BL2 (294 - 91 = 203 bytes for
each of the 3 key buffers in use).

Also add a comment claryfing that key buffers are tailored on RSA key
sizes when both ECDSA and RSA keys are used.

Change-Id: Iad332856e7af1f9814418d012fba3e1e9399f72a
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
---

diff --git a/drivers/auth/tbbr/tbbr_cot.c b/drivers/auth/tbbr/tbbr_cot.c
index 6dd4ae252..2f1f451b1 100644
--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -18,7 +18,12 @@
 
 
 /*
- * Maximum key and hash sizes (in DER format)
+ * Maximum key and hash sizes (in DER format).
+ *
+ * Both RSA and ECDSA keys may be used at the same time. In this case, the key
+ * buffers must be big enough to hold either. As RSA keys are bigger than ECDSA
+ * ones for all key sizes we support, they impose the minimum size of these
+ * buffers.
  */
 #if TF_MBEDTLS_USE_RSA
 #if TF_MBEDTLS_KEY_SIZE == 1024
@@ -32,8 +37,8 @@
 #else
 #error "Invalid value for TF_MBEDTLS_KEY_SIZE"
 #endif
-#else
-#define PK_DER_LEN			294
+#else /* Only using ECDSA keys. */
+#define PK_DER_LEN			91
 #endif
 
 #define HASH_DER_LEN			83