From 773fa4420577686bf32078e3ecd9ff22773a73c4 Mon Sep 17 00:00:00 2001
From: Moran Peker <moran.peker@arm.com>
Date: Sun, 17 Feb 2019 16:18:46 +0200
Subject: [PATCH] Update attestation asymmetric sign to use deterministic alg

- Add PSA_KEY_USAGE_VERIFY to attesttaion key usage
- Set deterministic alg to attestation key policy
- Call asymmetric sign with deterministic alg
---
 .../attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c        | 2 +-
 .../COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c
index 14a476c04d..946a0d1681 100755
--- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c
+++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c
@@ -68,7 +68,7 @@ t_cose_crypto_pub_key_sign(int32_t cose_alg_id,
     }
 
     crypto_ret = psa_asymmetric_sign(handle,
-                                     PSA_ALG_ECDSA(PSA_ALG_SHA_256),
+                                     PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
                                      hash_to_sign.ptr,
                                      hash_to_sign.len,
                                      signature_buffer.ptr,
diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c
index a43ff83347..3ffb2889f3 100755
--- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c
+++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c
@@ -34,7 +34,7 @@ psa_attestation_inject_key_impl(const uint8_t *key_data,
     psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID;
     psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_PERSISTENT;
     psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
-    psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN;
+    psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY;
     psa_key_type_t public_type;
     size_t bits;
     size_t exported_size = 0;
@@ -53,7 +53,7 @@ psa_attestation_inject_key_impl(const uint8_t *key_data,
     }
 
     psa_key_policy_init();
-    psa_key_policy_set_usage(&policy, usage, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
+    psa_key_policy_set_usage(&policy, usage, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
     status = psa_set_key_policy(handle, &policy);
     if (status != PSA_SUCCESS) {
         return (status);