TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 3a4207dc7d5be5a4723168b864e6957d526fa5e5 / . / components / service / crypto / provider / mbedcrypto / crypto_provider.c
blob: 03e0ef1a1606a2ae6fbcc1da4e226f4528f71cea [file] [log] [blame]
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]1/*
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]2 * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6#include <stdint.h>
7#include <stdlib.h>
8#include <protocols/service/crypto/packed-c/opcodes.h>
9#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
julhal012c18fbf2021-02-01 08:29:28 +0000[diff] [blame]10#include <service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h>
julhal011260f102021-02-15 17:34:08 +0000[diff] [blame]11#include <service/secure_storage/frontend/psa/its/its_frontend.h>
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]12#include <protocols/rpc/common/packed-c/status.h>
13#include <psa/crypto.h>
14
15/* Service request handlers */
16static rpc_status_t nop_handler(void *context, struct call_req* req);
17static rpc_status_t generate_key_handler(void *context, struct call_req* req);
18static rpc_status_t destroy_key_handler(void *context, struct call_req* req);
19static rpc_status_t open_key_handler(void *context, struct call_req* req);
20static rpc_status_t close_key_handler(void *context, struct call_req* req);
21static rpc_status_t export_key_handler(void *context, struct call_req* req);
22static rpc_status_t export_public_key_handler(void *context, struct call_req* req);
23static rpc_status_t import_key_handler(void *context, struct call_req* req);
24static rpc_status_t sign_hash_handler(void *context, struct call_req* req);
25static rpc_status_t verify_hash_handler(void *context, struct call_req* req);
26static rpc_status_t asymmetric_decrypt_handler(void *context, struct call_req* req);
27static rpc_status_t asymmetric_encrypt_handler(void *context, struct call_req* req);
28static rpc_status_t generate_random_handler(void *context, struct call_req* req);
29
30/* Handler mapping table for service */
31static const struct service_handler handler_table[] = {
32 {TS_CRYPTO_OPCODE_NOP, nop_handler},
33 {TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler},
34 {TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler},
35 {TS_CRYPTO_OPCODE_OPEN_KEY, open_key_handler},
36 {TS_CRYPTO_OPCODE_CLOSE_KEY, close_key_handler},
37 {TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler},
38 {TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler},
39 {TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler},
40 {TS_CRYPTO_OPCODE_SIGN_HASH, sign_hash_handler},
41 {TS_CRYPTO_OPCODE_VERIFY_HASH, verify_hash_handler},
42 {TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler},
43 {TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler},
44 {TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler}
45};
46
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]47struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context,
julhal013a4207d2021-03-08 13:32:08 +0000[diff] [blame^]48 struct storage_backend *storage_backend,
julhal012c18fbf2021-02-01 08:29:28 +0000[diff] [blame]49 int trng_instance)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]50{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]51 struct rpc_interface *rpc_interface = NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]52
julhal012c18fbf2021-02-01 08:29:28 +0000[diff] [blame]53 trng_adapter_init(trng_instance);
julhal01ffa98d82021-01-20 13:51:58 +0000[diff] [blame]54
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]55 /*
56 * A storage provider is required for persistent key storage. As this
57 * is a mandatory feature of the crypto service, insist on a storage
58 * provider being available.
59 */
julhal013a4207d2021-03-08 13:32:08 +0000[diff] [blame^]60 if (context && storage_backend) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]61
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]62 for (size_t encoding = 0; encoding < TS_RPC_ENCODING_LIMIT; ++encoding)
63 context->serializers[encoding] = NULL;
64
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]65 service_provider_init(&context->base_provider, context,
66 handler_table, sizeof(handler_table)/sizeof(struct service_handler));
67
julhal013a4207d2021-03-08 13:32:08 +0000[diff] [blame^]68 if ((psa_its_frontend_init(storage_backend) == PSA_SUCCESS) &&
julhal011260f102021-02-15 17:34:08 +0000[diff] [blame]69 (psa_crypto_init() == PSA_SUCCESS)) {
70
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]71 rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
julhal011260f102021-02-15 17:34:08 +0000[diff] [blame]72 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]73 }
74
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]75 return rpc_interface;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]76}
77
78void mbed_crypto_provider_deinit(struct mbed_crypto_provider *context)
79{
80 (void)context;
julhal012c18fbf2021-02-01 08:29:28 +0000[diff] [blame]81 trng_adapter_deinit();
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]82}
83
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]84void mbed_crypto_provider_register_serializer(struct mbed_crypto_provider *context,
85 unsigned int encoding, const struct crypto_provider_serializer *serializer)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]86{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]87 if (encoding < TS_RPC_ENCODING_LIMIT)
88 context->serializers[encoding] = serializer;
89}
90
91static const struct crypto_provider_serializer* get_crypto_serializer(void *context,
92 const struct call_req *req)
93{
94 struct mbed_crypto_provider *this_instance = (struct mbed_crypto_provider*)context;
95 const struct crypto_provider_serializer* serializer = NULL;
96 unsigned int encoding = call_req_get_encoding(req);
97
98 if (encoding < TS_RPC_ENCODING_LIMIT) serializer = this_instance->serializers[encoding];
99
100 return serializer;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]101}
102
103static rpc_status_t nop_handler(void *context, struct call_req* req)
104{
105 /* Responds to a request by returning success */
106 rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
107 psa_status_t psa_status = PSA_SUCCESS;
108
109 (void)context;
110 call_req_set_opstatus(req, psa_status);
111
112 return rpc_status;
113}
114
115static rpc_status_t generate_key_handler(void *context, struct call_req* req)
116{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]117 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]118 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]119 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]120
121 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
122
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]123 if (serializer)
124 rpc_status = serializer->deserialize_generate_key_req(req_buf, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]125
126 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
127
128 psa_status_t psa_status;
129 psa_key_handle_t handle;
130
131 psa_status = psa_generate_key(&attributes, &handle);
132
133 if (psa_status == PSA_SUCCESS) {
134
135 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
136 rpc_status = serializer->serialize_generate_key_resp(resp_buf, handle);
137 }
138
139 call_req_set_opstatus(req, psa_status);
140 }
141
142 psa_reset_key_attributes(&attributes);
143
144 return rpc_status;
145}
146
147static rpc_status_t destroy_key_handler(void *context, struct call_req* req)
148{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]149 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]150 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]151 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]152
153 psa_key_handle_t handle;
154
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]155 if (serializer)
156 rpc_status = serializer->deserialize_destroy_key_req(req_buf, &handle);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]157
158 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
159
160 psa_status_t psa_status;
161
162 psa_status = psa_destroy_key(handle);
163 call_req_set_opstatus(req, psa_status);
164 }
165
166 return rpc_status;
167}
168
169static rpc_status_t open_key_handler(void *context, struct call_req* req)
170{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]171 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]172 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]173 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]174
175 psa_key_id_t id;
176
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]177 if (serializer)
178 rpc_status = serializer->deserialize_open_key_req(req_buf, &id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]179
180 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
181
182 psa_status_t psa_status;
183 psa_key_handle_t handle;
184
185 psa_status = psa_open_key(id, &handle);
186
187 if (psa_status == PSA_SUCCESS) {
188
189 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
190 rpc_status = serializer->serialize_open_key_resp(resp_buf, handle);
191 }
192
193 call_req_set_opstatus(req, psa_status);
194 }
195
196 return rpc_status;
197}
198
199static rpc_status_t close_key_handler(void *context, struct call_req* req)
200{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]201 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]202 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]203 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]204
205 psa_key_handle_t handle;
206
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]207 if (serializer)
208 rpc_status = serializer->deserialize_close_key_req(req_buf, &handle);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]209
210 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
211
212 psa_status_t psa_status;
213
214 psa_status = psa_close_key(handle);
215 call_req_set_opstatus(req, psa_status);
216 }
217
218 return rpc_status;
219}
220
221static rpc_status_t export_key_handler(void *context, struct call_req* req)
222{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]223 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]224 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]225 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]226
227 psa_key_handle_t handle;
228
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]229 if (serializer)
230 rpc_status = serializer->deserialize_export_key_req(req_buf, &handle);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]231
232 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
233
234 psa_status_t psa_status;
235 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
236
237 psa_status = psa_get_key_attributes(handle, &attributes);
238
239 if (psa_status == PSA_SUCCESS) {
240
241 size_t max_export_size = PSA_KEY_EXPORT_MAX_SIZE(
242 psa_get_key_type(&attributes),
243 psa_get_key_bits(&attributes));
244
245 uint8_t *key_buffer = malloc(max_export_size);
246
247 if (key_buffer) {
248
249 size_t export_size;
250 psa_status = psa_export_key(handle, key_buffer, max_export_size, &export_size);
251
252 if (psa_status == PSA_SUCCESS) {
253
254 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
255 rpc_status = serializer->serialize_export_key_resp(resp_buf, key_buffer, export_size);
256 }
257
258 free(key_buffer);
259 }
260 else {
261 /* Failed to allocate key buffer */
262 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
263 }
264 }
265
266 call_req_set_opstatus(req, psa_status);
267 psa_reset_key_attributes(&attributes);
268 }
269
270 return rpc_status;
271}
272
273static rpc_status_t export_public_key_handler(void *context, struct call_req* req)
274{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]275 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]276 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]277 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]278
279 psa_key_handle_t handle;
280
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]281 if (serializer)
282 rpc_status = serializer->deserialize_export_public_key_req(req_buf, &handle);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]283
284 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
285
286 psa_status_t psa_status;
287 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
288
289 psa_status = psa_get_key_attributes(handle, &attributes);
290
291 if (psa_status == PSA_SUCCESS) {
292
293 size_t max_export_size = PSA_KEY_EXPORT_MAX_SIZE(
294 PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_get_key_type(&attributes)),
295 psa_get_key_bits(&attributes));
296
297 uint8_t *key_buffer = malloc(max_export_size);
298
299 if (key_buffer) {
300
301 size_t export_size;
302 psa_status = psa_export_public_key(handle, key_buffer, max_export_size, &export_size);
303
304 if (psa_status == PSA_SUCCESS) {
305
306 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
307 rpc_status = serializer->serialize_export_public_key_resp(resp_buf, key_buffer, export_size);
308 }
309
310 free(key_buffer);
311 }
312 else {
313 /* Failed to allocate key buffer */
314 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
315 }
316 }
317
318 call_req_set_opstatus(req, psa_status);
319 psa_reset_key_attributes(&attributes);
320 }
321
322 return rpc_status;
323}
324
325static rpc_status_t import_key_handler(void *context, struct call_req* req)
326{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]327 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]328 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]329 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]330
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]331 if (serializer) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]332
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]333 size_t key_data_len = serializer->max_deserialised_parameter_size(req_buf);
334 uint8_t *key_buffer = malloc(key_data_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]335
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]336 if (key_buffer) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]337
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]338 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
339 rpc_status = serializer->deserialize_import_key_req(req_buf, &attributes, key_buffer, &key_data_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]340
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]341 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]342
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]343 psa_status_t psa_status;
344 psa_key_handle_t handle;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]345
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]346 psa_status = psa_import_key(&attributes, key_buffer, key_data_len, &handle);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]347
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]348 if (psa_status == PSA_SUCCESS) {
349
350 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
351 rpc_status = serializer->serialize_import_key_resp(resp_buf, handle);
352 }
353
354 call_req_set_opstatus(req, psa_status);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]355 }
356
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]357 psa_reset_key_attributes(&attributes);
358 free(key_buffer);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]359 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]360 else {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]361
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]362 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
363 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]364 }
365
366 return rpc_status;
367}
368
369static rpc_status_t sign_hash_handler(void *context, struct call_req* req)
370{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]371 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]372 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]373 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]374
375 psa_key_handle_t handle;
376 psa_algorithm_t alg;
377 size_t hash_len = PSA_HASH_MAX_SIZE;
378 uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
379
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]380 if (serializer)
381 rpc_status = serializer->deserialize_sign_hash_req(req_buf, &handle, &alg, hash_buffer, &hash_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]382
383 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
384
385 psa_status_t psa_status;
386 size_t sig_len;
387 uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
388
389 psa_status = psa_sign_hash(handle, alg,
390 hash_buffer, hash_len,
391 sig_buffer, sizeof(sig_buffer), &sig_len);
392
393 if (psa_status == PSA_SUCCESS) {
394
395 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
396 rpc_status = serializer->serialize_sign_hash_resp(resp_buf, sig_buffer, sig_len);
397 }
398
399 call_req_set_opstatus(req, psa_status);
400 }
401
402 return rpc_status;
403}
404
405static rpc_status_t verify_hash_handler(void *context, struct call_req* req)
406{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]407 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]408 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]409 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]410
411 psa_key_handle_t handle;
412 psa_algorithm_t alg;
413 size_t hash_len = PSA_HASH_MAX_SIZE;
414 uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
415 size_t sig_len = PSA_SIGNATURE_MAX_SIZE;
416 uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
417
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]418 if (serializer)
419 rpc_status = serializer->deserialize_verify_hash_req(req_buf, &handle, &alg,
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]420 hash_buffer, &hash_len,
421 sig_buffer, &sig_len);
422
423 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
424
425 psa_status_t psa_status;
426
427 psa_status = psa_verify_hash(handle, alg,
428 hash_buffer, hash_len,
429 sig_buffer, sig_len);
430
431 call_req_set_opstatus(req, psa_status);
432 }
433
434 return rpc_status;
435}
436
437static rpc_status_t asymmetric_decrypt_handler(void *context, struct call_req* req)
438{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]439 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]440 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]441 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]442
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]443 if (serializer) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]444
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]445 size_t max_param_size = serializer->max_deserialised_parameter_size(req_buf);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]446
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]447 psa_key_handle_t handle;
448 psa_algorithm_t alg;
449 size_t ciphertext_len = max_param_size;
450 uint8_t *ciphertext_buffer = malloc(ciphertext_len);
451 size_t salt_len = max_param_size;
452 uint8_t *salt_buffer = malloc(salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]453
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]454 if (ciphertext_buffer && salt_buffer) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]455
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]456 rpc_status = serializer->deserialize_asymmetric_decrypt_req(req_buf,
457 &handle, &alg,
458 ciphertext_buffer, &ciphertext_len,
459 salt_buffer, &salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]460
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]461 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]462
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]463 psa_status_t psa_status;
464 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]465
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]466 psa_status = psa_get_key_attributes(handle, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]467
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]468 if (psa_status == PSA_SUCCESS) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]469
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]470 size_t max_decrypt_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(
471 psa_get_key_type(&attributes),
472 psa_get_key_bits(&attributes),
473 alg);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]474
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]475 size_t plaintext_len;
476 uint8_t *plaintext_buffer = malloc(max_decrypt_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]477
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]478 if (plaintext_buffer) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]479
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]480 psa_status = psa_asymmetric_decrypt(handle, alg,
481 ciphertext_buffer, ciphertext_len,
482 salt_buffer, salt_len,
483 plaintext_buffer, max_decrypt_size, &plaintext_len);
484
485 if (psa_status == PSA_SUCCESS) {
486
487 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
488 rpc_status = serializer->serialize_asymmetric_decrypt_resp(resp_buf,
489 plaintext_buffer, plaintext_len);
490 }
491
492 free(plaintext_buffer);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]493 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]494 else {
495 /* Failed to allocate ouptput buffer */
496 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
497 }
498 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]499
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]500 call_req_set_opstatus(req, psa_status);
501 psa_reset_key_attributes(&attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]502 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]503 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]504 else {
505 /* Failed to allocate buffers */
506 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
507 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]508
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]509 free(ciphertext_buffer);
510 free(salt_buffer);
511 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]512
513 return rpc_status;
514}
515
516static rpc_status_t asymmetric_encrypt_handler(void *context, struct call_req* req)
517{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]518 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]519 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]520 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]521
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]522 if (serializer) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]523
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]524 size_t max_param_size = serializer->max_deserialised_parameter_size(req_buf);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]525
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]526 psa_key_handle_t handle;
527 psa_algorithm_t alg;
528 size_t plaintext_len = max_param_size;
529 uint8_t *plaintext_buffer = malloc(plaintext_len);
530 size_t salt_len = max_param_size;
531 uint8_t *salt_buffer = malloc(salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]532
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]533 if (plaintext_buffer && salt_buffer) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]534
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]535 rpc_status = serializer->deserialize_asymmetric_encrypt_req(req_buf,
536 &handle, &alg,
537 plaintext_buffer, &plaintext_len,
538 salt_buffer, &salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]539
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]540 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]541
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]542 psa_status_t psa_status;
543 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]544
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]545 psa_status = psa_get_key_attributes(handle, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]546
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]547 if (psa_status == PSA_SUCCESS) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]548
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]549 size_t max_encrypt_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(
550 psa_get_key_type(&attributes),
551 psa_get_key_bits(&attributes),
552 alg);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]553
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]554 size_t ciphertext_len;
555 uint8_t *ciphertext_buffer = malloc(max_encrypt_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]556
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]557 if (ciphertext_buffer) {
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]558
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]559 psa_status = psa_asymmetric_encrypt(handle, alg,
560 plaintext_buffer, plaintext_len,
561 salt_buffer, salt_len,
562 ciphertext_buffer, max_encrypt_size, &ciphertext_len);
563
564 if (psa_status == PSA_SUCCESS) {
565
566 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
567 rpc_status = serializer->serialize_asymmetric_encrypt_resp(resp_buf,
568 ciphertext_buffer, ciphertext_len);
569 }
570
571 free(ciphertext_buffer);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]572 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]573 else {
574 /* Failed to allocate ouptput buffer */
575 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
576 }
577 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]578
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]579 call_req_set_opstatus(req, psa_status);
580 psa_reset_key_attributes(&attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]581 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]582 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]583 else {
584 /* Failed to allocate buffers */
585 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
586 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]587
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]588 free(plaintext_buffer);
589 free(salt_buffer);
590 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]591
592 return rpc_status;
593}
594
595static rpc_status_t generate_random_handler(void *context, struct call_req* req)
596{
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]597 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]598 struct call_param_buf *req_buf = call_req_get_req_buf(req);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]599 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]600
601 size_t output_size;
602
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]603 if (serializer)
604 rpc_status = serializer->deserialize_generate_random_req(req_buf, &output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]605
606 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
607
608 psa_status_t psa_status;
609 uint8_t *output_buffer = malloc(output_size);
610
611 if (output_buffer) {
612
613 psa_status = psa_generate_random(output_buffer, output_size);
614
615 if (psa_status == PSA_SUCCESS) {
616
617 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
618 rpc_status = serializer->serialize_generate_random_resp(resp_buf,
619 output_buffer, output_size);
620 }
621
622 call_req_set_opstatus(req, psa_status);
623 free(output_buffer);
624 }
625 else {
626 /* Failed to allocate output buffer */
627 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
628 }
629 }
630
631 return rpc_status;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]632}