Commit 495599cd authored by Sandrine Bailleux's avatar Sandrine Bailleux
Browse files

TBBR: Reduce size of ECDSA key buffers



The TBBR implementation extracts public keys from certificates and
stores them in static buffers. DER-encoded ECDSA keys are only 91 bytes
each but were each allocated 294 bytes instead. Reducing the size of
these buffers saves 609 bytes of BSS in BL2 (294 - 91 = 203 bytes for
each of the 3 key buffers in use).

Also add a comment claryfing that key buffers are tailored on RSA key
sizes when both ECDSA and RSA keys are used.

Change-Id: Iad332856e7af1f9814418d012fba3e1e9399f72a
Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
parent 95605938
/* /*
* Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
...@@ -18,7 +18,12 @@ ...@@ -18,7 +18,12 @@
/* /*
* Maximum key and hash sizes (in DER format) * Maximum key and hash sizes (in DER format).
*
* Both RSA and ECDSA keys may be used at the same time. In this case, the key
* buffers must be big enough to hold either. As RSA keys are bigger than ECDSA
* ones for all key sizes we support, they impose the minimum size of these
* buffers.
*/ */
#if TF_MBEDTLS_USE_RSA #if TF_MBEDTLS_USE_RSA
#if TF_MBEDTLS_KEY_SIZE == 1024 #if TF_MBEDTLS_KEY_SIZE == 1024
...@@ -32,8 +37,8 @@ ...@@ -32,8 +37,8 @@
#else #else
#error "Invalid value for TF_MBEDTLS_KEY_SIZE" #error "Invalid value for TF_MBEDTLS_KEY_SIZE"
#endif #endif
#else #else /* Only using ECDSA keys. */
#define PK_DER_LEN 294 #define PK_DER_LEN 91
#endif #endif
#define HASH_DER_LEN 83 #define HASH_DER_LEN 83
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment