TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 7718332573544e5b6dc627cd38d591050704ca7c / . / components / service / crypto / provider / crypto_provider.c
blob: 9cd520859996b5544077a29ef9ab2ee3395972a4 [file] [log] [blame]
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]1/*
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]2 * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]6#include <protocols/rpc/common/packed-c/status.h>
7#include <protocols/service/crypto/packed-c/opcodes.h>
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]8#include <service/crypto/backend/crypto_backend.h>
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]9#include <service/crypto/provider/crypto_provider.h>
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]10#include <stdint.h>
11#include <stdlib.h>
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]12
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]13#include "crypto_partition.h"
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]14#include "crypto_uuid.h"
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]15
16/* Service request handlers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]17static rpc_status_t generate_key_handler(void *context, struct rpc_request *req);
18static rpc_status_t destroy_key_handler(void *context, struct rpc_request *req);
19static rpc_status_t export_key_handler(void *context, struct rpc_request *req);
20static rpc_status_t export_public_key_handler(void *context, struct rpc_request *req);
21static rpc_status_t import_key_handler(void *context, struct rpc_request *req);
22static rpc_status_t asymmetric_sign_handler(void *context, struct rpc_request *req);
23static rpc_status_t asymmetric_verify_handler(void *context, struct rpc_request *req);
24static rpc_status_t asymmetric_decrypt_handler(void *context, struct rpc_request *req);
25static rpc_status_t asymmetric_encrypt_handler(void *context, struct rpc_request *req);
26static rpc_status_t generate_random_handler(void *context, struct rpc_request *req);
27static rpc_status_t copy_key_handler(void *context, struct rpc_request *req);
28static rpc_status_t purge_key_handler(void *context, struct rpc_request *req);
29static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req);
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]30static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]31
32/* Handler mapping table for service */
33static const struct service_handler handler_table[] = {
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]34 { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler },
35 { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler },
36 { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler },
37 { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler },
38 { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler },
39 { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler },
40 { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler },
41 { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler },
42 { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler },
43 { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler },
44 { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler },
45 { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler },
46 { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler },
47 { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler },
48 { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler },
49 { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler },
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]50};
51
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]52struct rpc_service_interface *
53crypto_provider_init(struct crypto_provider *context, unsigned int encoding,
54 const struct crypto_provider_serializer *serializer)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]55{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]56 const struct rpc_uuid crypto_service_uuid[2] = {
57 { .uuid = TS_PSA_CRYPTO_SERVICE_UUID },
58 { .uuid = TS_PSA_CRYPTO_PROTOBUF_SERVICE_UUID },
59 };
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]60
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]61 if (encoding >= TS_RPC_ENCODING_LIMIT)
62 return NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]63
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]64 context->serializer = serializer;
65
66 service_provider_init(&context->base_provider, context, &crypto_service_uuid[encoding],
67 handler_table,
68 sizeof(handler_table) / sizeof(struct service_handler));
Julian Hall3e614542021-07-29 11:47:47 +0100[diff] [blame]69
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]70 return service_provider_get_rpc_interface(&context->base_provider);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]71}
72
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]73void crypto_provider_deinit(struct crypto_provider *context)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]74{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]75 (void)context;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]76}
77
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]78void crypto_provider_register_serializer(struct crypto_provider *context,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]79 const struct crypto_provider_serializer *serializer)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]80{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]81 context->serializer = serializer;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]82}
83
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]84void crypto_provider_extend(struct crypto_provider *context, struct service_provider *sub_provider)
Julian Hall13e76952021-07-13 12:17:09 +0100[diff] [blame]85{
86 service_provider_extend(&context->base_provider, sub_provider);
87}
88
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]89static const struct crypto_provider_serializer *get_crypto_serializer(void *context,
90 const struct rpc_request *req)
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]91{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]92 struct crypto_provider *this_instance = (struct crypto_provider *)context;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]93
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]94 return this_instance->serializer;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]95}
96
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]97static rpc_status_t generate_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]98{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]99 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
100 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]101 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]102
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]103 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]104
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]105 if (serializer)
106 rpc_status = serializer->deserialize_generate_key_req(req_buf, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]107
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]108 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]109 psa_status_t psa_status;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]110 namespaced_key_id_t ns_key_id = NAMESPACED_KEY_ID_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]111
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]112 crypto_partition_bind_to_owner(&attributes, req->source_id);
113
114 psa_status = psa_generate_key(&attributes, &ns_key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]115
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]116 if (psa_status == PSA_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]117 psa_key_id_t key_id = namespaced_key_id_get_key_id(ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]118 struct rpc_buffer *resp_buf = &req->response;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]119 rpc_status = serializer->serialize_generate_key_resp(resp_buf, key_id);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]120 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]121
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]122 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]123 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]124
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]125 psa_reset_key_attributes(&attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]126
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]127 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]128}
129
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]130static rpc_status_t destroy_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]131{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]132 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
133 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]134 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]135
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]136 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]137
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]138 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]139 rpc_status = serializer->deserialize_destroy_key_req(req_buf, &key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]140
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]141 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]142 psa_status_t psa_status;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]143 namespaced_key_id_t ns_key_id =
144 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]145
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]146 psa_status = psa_destroy_key(ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]147 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]148 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]149
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]150 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]151}
152
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]153static rpc_status_t export_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]154{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]155 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
156 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]157 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]158
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]159 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]160
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]161 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]162 rpc_status = serializer->deserialize_export_key_req(req_buf, &key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]163
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]164 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]165 namespaced_key_id_t ns_key_id =
166 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]167 size_t max_export_size = PSA_EXPORT_KEY_PAIR_MAX_SIZE;
168 uint8_t *key_buffer = malloc(max_export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]169
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]170 if (key_buffer) {
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]171 size_t export_size;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]172 psa_status_t psa_status =
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]173 psa_export_key(ns_key_id, key_buffer, max_export_size, &export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]174
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]175 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]176 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]177
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]178 rpc_status = serializer->serialize_export_key_resp(
179 resp_buf, key_buffer, export_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]180 }
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]181
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]182 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]183 req->service_status = psa_status;
184 } else {
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]185 /* Failed to allocate key buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]186 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]187 }
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]188 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]189
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]190 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]191}
192
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]193static rpc_status_t export_public_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]194{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]195 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
196 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]197 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]198
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]199 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]200
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]201 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]202 rpc_status = serializer->deserialize_export_public_key_req(req_buf, &key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]203
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]204 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]205 namespaced_key_id_t ns_key_id =
206 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]207 size_t max_export_size = PSA_EXPORT_PUBLIC_KEY_MAX_SIZE;
208 uint8_t *key_buffer = malloc(max_export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]209
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]210 if (key_buffer) {
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]211 size_t export_size;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]212 psa_status_t psa_status = psa_export_public_key(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]213 ns_key_id, key_buffer, max_export_size, &export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]214
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]215 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]216 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]217
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]218 rpc_status = serializer->serialize_export_public_key_resp(
219 resp_buf, key_buffer, export_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]220 }
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]221
222 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]223 req->service_status = psa_status;
224 } else {
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]225 /* Failed to allocate key buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]226 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]227 }
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]228 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]229
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]230 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]231}
232
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]233static rpc_status_t import_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]234{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]235 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
236 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]237 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]238
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]239 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]240 size_t key_data_len = serializer->max_deserialised_parameter_size(req_buf);
241 uint8_t *key_buffer = malloc(key_data_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]242
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]243 if (key_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]244 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]245 rpc_status = serializer->deserialize_import_key_req(
246 req_buf, &attributes, key_buffer, &key_data_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]247
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]248 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]249 psa_status_t psa_status;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]250 namespaced_key_id_t ns_key_id = NAMESPACED_KEY_ID_INIT;
251
252 crypto_partition_bind_to_owner(&attributes, req->source_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]253
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]254 psa_status =
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]255 psa_import_key(&attributes, key_buffer, key_data_len, &ns_key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]256
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]257 if (psa_status == PSA_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]258 psa_key_id_t key_id =
259 namespaced_key_id_get_key_id(ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]260 struct rpc_buffer *resp_buf = &req->response;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]261
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]262 rpc_status =
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]263 serializer->serialize_import_key_resp(resp_buf, key_id);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]264 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]265
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]266 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]267 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]268
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]269 psa_reset_key_attributes(&attributes);
270 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]271 } else {
272 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]273 }
274 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]275
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]276 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]277}
278
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]279static rpc_status_t asymmetric_sign_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]280{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]281 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
282 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]283 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]284
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]285 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]286 psa_algorithm_t alg;
287 size_t hash_len = PSA_HASH_MAX_SIZE;
288 uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]289
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]290 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]291 rpc_status = serializer->deserialize_asymmetric_sign_req(req_buf, &key_id, &alg,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]292 hash_buffer, &hash_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]293
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]294 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]295 namespaced_key_id_t ns_key_id =
296 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]297 psa_status_t psa_status;
298 size_t sig_len;
299 uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]300
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]301 psa_status = (req->opcode == TS_CRYPTO_OPCODE_SIGN_HASH) ?
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]302 psa_sign_hash(ns_key_id, alg, hash_buffer, hash_len, sig_buffer, sizeof(sig_buffer), &sig_len) :
303 psa_sign_message(ns_key_id, alg, hash_buffer, hash_len, sig_buffer, sizeof(sig_buffer), &sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]304
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]305 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]306 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]307
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]308 rpc_status = serializer->serialize_asymmetric_sign_resp(
309 resp_buf, sig_buffer, sig_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]310 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]311
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]312 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]313 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]314
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]315 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]316}
317
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]318static rpc_status_t asymmetric_verify_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]319{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]320 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
321 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]322 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]323
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]324 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]325 psa_algorithm_t alg;
326 size_t hash_len = PSA_HASH_MAX_SIZE;
327 uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
328 size_t sig_len = PSA_SIGNATURE_MAX_SIZE;
329 uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]330
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]331 if (serializer)
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]332 rpc_status = serializer->deserialize_asymmetric_verify_req(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]333 req_buf, &key_id, &alg, hash_buffer, &hash_len, sig_buffer, &sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]334
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]335 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]336 psa_status_t psa_status;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]337 namespaced_key_id_t ns_key_id =
338 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]339
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]340 psa_status = (req->opcode == TS_CRYPTO_OPCODE_VERIFY_HASH) ?
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]341 psa_verify_hash(ns_key_id, alg, hash_buffer, hash_len, sig_buffer, sig_len) :
342 psa_verify_message(ns_key_id, alg, hash_buffer, hash_len, sig_buffer, sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]343
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]344 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]345 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]346
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]347 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]348}
349
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]350static rpc_status_t asymmetric_decrypt_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]351{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]352 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
353 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]354 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]355
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]356 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]357 size_t max_param_size = serializer->max_deserialised_parameter_size(req_buf);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]358
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]359 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]360 psa_algorithm_t alg;
361 size_t ciphertext_len = max_param_size;
362 uint8_t *ciphertext_buffer = malloc(ciphertext_len);
363 size_t salt_len = max_param_size;
364 uint8_t *salt_buffer = malloc(salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]365
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]366 if (ciphertext_buffer && salt_buffer) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]367 rpc_status = serializer->deserialize_asymmetric_decrypt_req(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]368 req_buf, &key_id, &alg, ciphertext_buffer, &ciphertext_len, salt_buffer,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]369 &salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]370
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]371 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]372 psa_status_t psa_status;
373 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]374 namespaced_key_id_t ns_key_id =
375 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]376
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]377 psa_status = psa_get_key_attributes(ns_key_id, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]378
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]379 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]380 size_t max_decrypt_size =
381 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(
382 psa_get_key_type(&attributes),
383 psa_get_key_bits(&attributes), alg);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]384
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]385 size_t plaintext_len;
386 uint8_t *plaintext_buffer = malloc(max_decrypt_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]387
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]388 if (plaintext_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]389 /* Salt is an optional parameter */
390 uint8_t *salt = (salt_len) ? salt_buffer : NULL;
Julian Hallf688a0b2021-04-09 11:58:30 +0100[diff] [blame]391
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]392 psa_status = psa_asymmetric_decrypt(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]393 ns_key_id, alg, ciphertext_buffer, ciphertext_len,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]394 salt, salt_len, plaintext_buffer,
395 max_decrypt_size, &plaintext_len);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]396
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]397 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]398 struct rpc_buffer *resp_buf =
399 &req->response;
400 rpc_status = serializer->serialize_asymmetric_decrypt_resp(
401 resp_buf, plaintext_buffer, plaintext_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]402 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]403
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]404 free(plaintext_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]405 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]406 /* Failed to allocate ouptput buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]407 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]408 }
409 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]410
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]411 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]412 psa_reset_key_attributes(&attributes);
413 }
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]414 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]415 /* Failed to allocate buffers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]416 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]417 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]418
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]419 free(ciphertext_buffer);
420 free(salt_buffer);
421 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]422
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]423 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]424}
425
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]426static rpc_status_t asymmetric_encrypt_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]427{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]428 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
429 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]430 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]431
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]432 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]433 size_t max_param_size = serializer->max_deserialised_parameter_size(req_buf);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]434
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]435 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]436 psa_algorithm_t alg;
437 size_t plaintext_len = max_param_size;
438 uint8_t *plaintext_buffer = malloc(plaintext_len);
439 size_t salt_len = max_param_size;
440 uint8_t *salt_buffer = malloc(salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]441
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]442 if (plaintext_buffer && salt_buffer) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]443 rpc_status = serializer->deserialize_asymmetric_encrypt_req(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]444 req_buf, &key_id, &alg, plaintext_buffer, &plaintext_len, salt_buffer,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]445 &salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]446
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]447 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]448 psa_status_t psa_status;
449 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]450 namespaced_key_id_t ns_key_id =
451 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]452
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]453 psa_status = psa_get_key_attributes(ns_key_id, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]454
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]455 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]456 size_t max_encrypt_size =
457 PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(
458 psa_get_key_type(&attributes),
459 psa_get_key_bits(&attributes), alg);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]460
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]461 size_t ciphertext_len;
462 uint8_t *ciphertext_buffer = malloc(max_encrypt_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]463
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]464 if (ciphertext_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]465 /* Salt is an optional parameter */
466 uint8_t *salt = (salt_len) ? salt_buffer : NULL;
Julian Hallf688a0b2021-04-09 11:58:30 +0100[diff] [blame]467
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]468 psa_status = psa_asymmetric_encrypt(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]469 ns_key_id, alg, plaintext_buffer, plaintext_len,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]470 salt, salt_len, ciphertext_buffer,
471 max_encrypt_size, &ciphertext_len);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]472
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]473 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]474 struct rpc_buffer *resp_buf =
475 &req->response;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]476
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]477 rpc_status = serializer->serialize_asymmetric_encrypt_resp(
478 resp_buf, ciphertext_buffer, ciphertext_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]479 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]480
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]481 free(ciphertext_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]482 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]483 /* Failed to allocate ouptput buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]484 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]485 }
486 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]487
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]488 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]489 psa_reset_key_attributes(&attributes);
490 }
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]491 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]492 /* Failed to allocate buffers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]493 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]494 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]495
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]496 free(plaintext_buffer);
497 free(salt_buffer);
498 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]499
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]500 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]501}
502
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]503static rpc_status_t generate_random_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]504{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]505 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
506 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]507 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]508
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]509 size_t output_size;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]510
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]511 if (serializer)
512 rpc_status = serializer->deserialize_generate_random_req(req_buf, &output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]513
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]514 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]515 psa_status_t psa_status;
516 uint8_t *output_buffer = malloc(output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]517
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]518 if (output_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]519 psa_status = psa_generate_random(output_buffer, output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]520
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]521 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]522 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]523
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]524 rpc_status = serializer->serialize_generate_random_resp(
525 resp_buf, output_buffer, output_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]526 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]527
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]528 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]529 free(output_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]530 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]531 /* Failed to allocate output buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]532 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]533 }
534 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]535
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]536 return rpc_status;
537}
538
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]539static rpc_status_t copy_key_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]540{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]541 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
542 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]543 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
544
545 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]546 psa_key_id_t source_key_id = PSA_KEY_ID_NULL;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]547
548 if (serializer)
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]549 rpc_status =
550 serializer->deserialize_copy_key_req(req_buf, &attributes, &source_key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]551
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]552 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]553 namespaced_key_id_t target_ns_key_id = NAMESPACED_KEY_ID_INIT;
554 namespaced_key_id_t source_ns_key_id =
555 crypto_partition_get_namespaced_key_id(req->source_id, source_key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]556
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]557 crypto_partition_bind_to_owner(&attributes, req->source_id);
558
559 psa_status_t psa_status = psa_copy_key(source_ns_key_id, &attributes, &target_ns_key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]560
561 if (psa_status == PSA_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]562 psa_key_id_t target_key_id = namespaced_key_id_get_key_id(target_ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]563 struct rpc_buffer *resp_buf = &req->response;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]564 rpc_status = serializer->serialize_copy_key_resp(resp_buf, target_key_id);
565 }
566
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]567 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]568 }
569
570 psa_reset_key_attributes(&attributes);
571
572 return rpc_status;
573}
574
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]575static rpc_status_t purge_key_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]576{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]577 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
578 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]579 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
580
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]581 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]582
583 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]584 rpc_status = serializer->deserialize_purge_key_req(req_buf, &key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]585
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]586 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]587 namespaced_key_id_t ns_key_id =
588 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
589 psa_status_t psa_status = psa_purge_key(ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]590 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]591 }
592
593 return rpc_status;
594}
595
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]596static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]597{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]598 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
599 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]600 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
601
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]602 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]603
604 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]605 rpc_status = serializer->deserialize_get_key_attributes_req(req_buf, &key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]606
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]607 if (rpc_status == RPC_SUCCESS) {
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]608 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]609 namespaced_key_id_t ns_key_id =
610 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]611
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame]612 psa_status_t psa_status = psa_get_key_attributes(ns_key_id, &attributes);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]613
614 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]615 struct rpc_buffer *resp_buf = &req->response;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]616
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]617 rpc_status = serializer->serialize_get_key_attributes_resp(resp_buf,
618 &attributes);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]619 }
620
621 psa_reset_key_attributes(&attributes);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]622 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]623 }
624
625 return rpc_status;
626}
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]627
Balint Dobszay77183322024-01-25 16:17:16 +0100[diff] [blame^]628#if defined(MBEDTLS_PKCS7_C) && defined(MBEDTLS_X509_CRT_PARSE_C)
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]629static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req)
630{
631 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
632 struct rpc_buffer *req_buf = &req->request;
633 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
634
635 int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
636
637 uint8_t *signature_cert = NULL;
638 uint64_t signature_cert_len = 0;
639 uint8_t *hash = NULL;
640 uint64_t hash_len = 0;
641 uint8_t *public_key_cert = NULL;
642 uint64_t public_key_cert_len = 0;
643
644 if (serializer) {
645 /* First collect the lengths of the fields */
646 rpc_status = serializer->deserialize_verify_pkcs7_signature_req(
647 req_buf, NULL, &signature_cert_len, NULL, &hash_len, NULL,
648 &public_key_cert_len);
649
650 if (rpc_status == RPC_SUCCESS) {
651 /* Allocate the needed space and get the data */
652 signature_cert = (uint8_t *)malloc(signature_cert_len);
653 hash = (uint8_t *)malloc(hash_len);
654 public_key_cert = (uint8_t *)malloc(public_key_cert_len);
655
656 if (signature_cert && hash && public_key_cert) {
657 rpc_status = serializer->deserialize_verify_pkcs7_signature_req(
658 req_buf, signature_cert, &signature_cert_len, hash,
659 &hash_len, public_key_cert, &public_key_cert_len);
660 } else {
661 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
662 }
663 }
664 }
665
666 if (rpc_status == RPC_SUCCESS) {
667 /* Parse the public key certificate */
668 mbedtls_x509_crt signer_certificate;
669
670 mbedtls_x509_crt_init(&signer_certificate);
671
672 mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert,
673 public_key_cert_len);
674
675 if (mbedtls_status == 0) {
676 /* Parse the PKCS#7 DER encoded signature block */
677 mbedtls_pkcs7 pkcs7_structure;
678
679 mbedtls_pkcs7_init(&pkcs7_structure);
680
681 mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert,
682 signature_cert_len);
683
684 if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) {
685 /* Verify hash against signed hash */
686 mbedtls_status = mbedtls_pkcs7_signed_hash_verify(
687 &pkcs7_structure, &signer_certificate, hash, hash_len);
688 }
689
690 mbedtls_pkcs7_free(&pkcs7_structure);
691 }
692
693 mbedtls_x509_crt_free(&signer_certificate);
694 }
695
696 free(signature_cert);
697 free(hash);
698 free(public_key_cert);
699
700 /* Provide the result of the verification */
701 req->service_status = mbedtls_status;
702
703 return rpc_status;
704}
Balint Dobszay77183322024-01-25 16:17:16 +0100[diff] [blame^]705#else
706static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req)
707{
708 (void)context;
709 (void)req;
710
711 return RPC_ERROR_INTERNAL;
712}
713#endif