TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / cb62a8b04c16d189155a6b799d9e92d66ba369e1 / . / components / service / crypto / provider / crypto_provider.c
blob: 8992b93c6df7fd185196dc4ab1c8695787546ff7 [file] [log] [blame]
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]1/*
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]2 * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]6#include <mbedtls/build_info.h>
7#include <mbedtls/pkcs7.h>
8#include <mbedtls/x509_crt.h>
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]9#include <protocols/rpc/common/packed-c/status.h>
10#include <protocols/service/crypto/packed-c/opcodes.h>
11#include <psa/crypto.h>
12#include <service/crypto/provider/crypto_provider.h>
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]13#include <stdint.h>
14#include <stdlib.h>
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]15
16#include "crypto_uuid.h"
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]17
18/* Service request handlers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]19static rpc_status_t generate_key_handler(void *context, struct rpc_request *req);
20static rpc_status_t destroy_key_handler(void *context, struct rpc_request *req);
21static rpc_status_t export_key_handler(void *context, struct rpc_request *req);
22static rpc_status_t export_public_key_handler(void *context, struct rpc_request *req);
23static rpc_status_t import_key_handler(void *context, struct rpc_request *req);
24static rpc_status_t asymmetric_sign_handler(void *context, struct rpc_request *req);
25static rpc_status_t asymmetric_verify_handler(void *context, struct rpc_request *req);
26static rpc_status_t asymmetric_decrypt_handler(void *context, struct rpc_request *req);
27static rpc_status_t asymmetric_encrypt_handler(void *context, struct rpc_request *req);
28static rpc_status_t generate_random_handler(void *context, struct rpc_request *req);
29static rpc_status_t copy_key_handler(void *context, struct rpc_request *req);
30static rpc_status_t purge_key_handler(void *context, struct rpc_request *req);
31static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req);
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]32static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]33
34/* Handler mapping table for service */
35static const struct service_handler handler_table[] = {
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]36 { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler },
37 { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler },
38 { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler },
39 { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler },
40 { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler },
41 { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler },
42 { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler },
43 { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler },
44 { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler },
45 { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler },
46 { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler },
47 { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler },
48 { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler },
49 { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler },
50 { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler },
51 { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler },
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]52};
53
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]54struct rpc_service_interface *
55crypto_provider_init(struct crypto_provider *context, unsigned int encoding,
56 const struct crypto_provider_serializer *serializer)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]57{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]58 const struct rpc_uuid crypto_service_uuid[2] = {
59 { .uuid = TS_PSA_CRYPTO_SERVICE_UUID },
60 { .uuid = TS_PSA_CRYPTO_PROTOBUF_SERVICE_UUID },
61 };
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]62
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]63 if (encoding >= TS_RPC_ENCODING_LIMIT)
64 return NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]65
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]66 context->serializer = serializer;
67
68 service_provider_init(&context->base_provider, context, &crypto_service_uuid[encoding],
69 handler_table,
70 sizeof(handler_table) / sizeof(struct service_handler));
Julian Hall3e614542021-07-29 11:47:47 +0100[diff] [blame]71
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]72 return service_provider_get_rpc_interface(&context->base_provider);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]73}
74
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]75void crypto_provider_deinit(struct crypto_provider *context)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]76{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]77 (void)context;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]78}
79
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]80void crypto_provider_register_serializer(struct crypto_provider *context,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]81 const struct crypto_provider_serializer *serializer)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]82{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]83 context->serializer = serializer;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]84}
85
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]86void crypto_provider_extend(struct crypto_provider *context, struct service_provider *sub_provider)
Julian Hall13e76952021-07-13 12:17:09 +0100[diff] [blame]87{
88 service_provider_extend(&context->base_provider, sub_provider);
89}
90
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]91static const struct crypto_provider_serializer *get_crypto_serializer(void *context,
92 const struct rpc_request *req)
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]93{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]94 struct crypto_provider *this_instance = (struct crypto_provider *)context;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]95
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]96 return this_instance->serializer;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]97}
98
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]99static rpc_status_t generate_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]100{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]101 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
102 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]103 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]104
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]105 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]106
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]107 if (serializer)
108 rpc_status = serializer->deserialize_generate_key_req(req_buf, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]109
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]110 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]111 psa_status_t psa_status;
112 psa_key_id_t id;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]113
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]114 psa_status = psa_generate_key(&attributes, &id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]115
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]116 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]117 struct rpc_buffer *resp_buf = &req->response;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]118 rpc_status = serializer->serialize_generate_key_resp(resp_buf, id);
119 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]120
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]121 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]122 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]123
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]124 psa_reset_key_attributes(&attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]125
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]126 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]127}
128
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]129static rpc_status_t destroy_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]130{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]131 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
132 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]133 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]134
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]135 psa_key_id_t id;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]136
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]137 if (serializer)
138 rpc_status = serializer->deserialize_destroy_key_req(req_buf, &id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]139
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]140 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]141 psa_status_t psa_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]142
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]143 psa_status = psa_destroy_key(id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]144 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]145 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]146
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]147 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]148}
149
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]150static rpc_status_t export_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]151{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]152 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
153 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]154 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]155
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]156 psa_key_id_t id;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]157
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]158 if (serializer)
159 rpc_status = serializer->deserialize_export_key_req(req_buf, &id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]160
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]161 if (rpc_status == RPC_SUCCESS) {
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]162 size_t max_export_size = PSA_EXPORT_KEY_PAIR_MAX_SIZE;
163 uint8_t *key_buffer = malloc(max_export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]164
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]165 if (key_buffer) {
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]166 size_t export_size;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]167 psa_status_t psa_status =
168 psa_export_key(id, key_buffer, max_export_size, &export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]169
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]170 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]171 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]172
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]173 rpc_status = serializer->serialize_export_key_resp(
174 resp_buf, key_buffer, export_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]175 }
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]176
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]177 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]178 req->service_status = psa_status;
179 } else {
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]180 /* Failed to allocate key buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]181 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]182 }
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]183 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]184
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]185 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]186}
187
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]188static rpc_status_t export_public_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]189{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]190 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
191 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]192 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]193
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]194 psa_key_id_t id;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]195
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]196 if (serializer)
197 rpc_status = serializer->deserialize_export_public_key_req(req_buf, &id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]198
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]199 if (rpc_status == RPC_SUCCESS) {
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]200 size_t max_export_size = PSA_EXPORT_PUBLIC_KEY_MAX_SIZE;
201 uint8_t *key_buffer = malloc(max_export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]202
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]203 if (key_buffer) {
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]204 size_t export_size;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]205 psa_status_t psa_status = psa_export_public_key(
206 id, key_buffer, max_export_size, &export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]207
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]208 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]209 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]210
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]211 rpc_status = serializer->serialize_export_public_key_resp(
212 resp_buf, key_buffer, export_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]213 }
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]214
215 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]216 req->service_status = psa_status;
217 } else {
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]218 /* Failed to allocate key buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]219 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]220 }
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]221 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]222
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]223 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]224}
225
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]226static rpc_status_t import_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]227{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]228 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
229 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]230 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]231
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]232 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]233 size_t key_data_len = serializer->max_deserialised_parameter_size(req_buf);
234 uint8_t *key_buffer = malloc(key_data_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]235
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]236 if (key_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]237 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]238 rpc_status = serializer->deserialize_import_key_req(
239 req_buf, &attributes, key_buffer, &key_data_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]240
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]241 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]242 psa_status_t psa_status;
243 psa_key_id_t id;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]244
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]245 psa_status =
246 psa_import_key(&attributes, key_buffer, key_data_len, &id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]247
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]248 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]249 struct rpc_buffer *resp_buf = &req->response;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]250
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]251 rpc_status =
252 serializer->serialize_import_key_resp(resp_buf, id);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]253 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]254
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]255 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]256 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]257
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]258 psa_reset_key_attributes(&attributes);
259 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]260 } else {
261 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]262 }
263 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]264
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]265 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]266}
267
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]268static rpc_status_t asymmetric_sign_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]269{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]270 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
271 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]272 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]273
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]274 psa_key_id_t id;
275 psa_algorithm_t alg;
276 size_t hash_len = PSA_HASH_MAX_SIZE;
277 uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]278
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]279 if (serializer)
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]280 rpc_status = serializer->deserialize_asymmetric_sign_req(req_buf, &id, &alg,
281 hash_buffer, &hash_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]282
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]283 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]284 psa_status_t psa_status;
285 size_t sig_len;
286 uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]287
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]288 psa_status = (req->opcode == TS_CRYPTO_OPCODE_SIGN_HASH) ?
289 psa_sign_hash(id, alg, hash_buffer, hash_len, sig_buffer,
290 sizeof(sig_buffer), &sig_len) :
291 psa_sign_message(id, alg, hash_buffer, hash_len, sig_buffer,
292 sizeof(sig_buffer), &sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]293
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]294 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]295 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]296
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]297 rpc_status = serializer->serialize_asymmetric_sign_resp(
298 resp_buf, sig_buffer, sig_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]299 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]300
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]301 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]302 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]303
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]304 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]305}
306
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]307static rpc_status_t asymmetric_verify_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]308{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]309 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
310 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]311 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]312
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]313 psa_key_id_t id;
314 psa_algorithm_t alg;
315 size_t hash_len = PSA_HASH_MAX_SIZE;
316 uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
317 size_t sig_len = PSA_SIGNATURE_MAX_SIZE;
318 uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]319
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]320 if (serializer)
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]321 rpc_status = serializer->deserialize_asymmetric_verify_req(
322 req_buf, &id, &alg, hash_buffer, &hash_len, sig_buffer, &sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]323
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]324 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]325 psa_status_t psa_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]326
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]327 psa_status = (req->opcode == TS_CRYPTO_OPCODE_VERIFY_HASH) ?
328 psa_verify_hash(id, alg, hash_buffer, hash_len, sig_buffer,
329 sig_len) :
330 psa_verify_message(id, alg, hash_buffer, hash_len, sig_buffer,
331 sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]332
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]333 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]334 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]335
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]336 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]337}
338
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]339static rpc_status_t asymmetric_decrypt_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]340{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]341 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
342 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]343 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]344
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]345 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]346 size_t max_param_size = serializer->max_deserialised_parameter_size(req_buf);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]347
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]348 psa_key_id_t id;
349 psa_algorithm_t alg;
350 size_t ciphertext_len = max_param_size;
351 uint8_t *ciphertext_buffer = malloc(ciphertext_len);
352 size_t salt_len = max_param_size;
353 uint8_t *salt_buffer = malloc(salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]354
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]355 if (ciphertext_buffer && salt_buffer) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]356 rpc_status = serializer->deserialize_asymmetric_decrypt_req(
357 req_buf, &id, &alg, ciphertext_buffer, &ciphertext_len, salt_buffer,
358 &salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]359
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]360 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]361 psa_status_t psa_status;
362 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]363
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]364 psa_status = psa_get_key_attributes(id, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]365
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]366 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]367 size_t max_decrypt_size =
368 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(
369 psa_get_key_type(&attributes),
370 psa_get_key_bits(&attributes), alg);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]371
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]372 size_t plaintext_len;
373 uint8_t *plaintext_buffer = malloc(max_decrypt_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]374
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]375 if (plaintext_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]376 /* Salt is an optional parameter */
377 uint8_t *salt = (salt_len) ? salt_buffer : NULL;
Julian Hallf688a0b2021-04-09 11:58:30 +0100[diff] [blame]378
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]379 psa_status = psa_asymmetric_decrypt(
380 id, alg, ciphertext_buffer, ciphertext_len,
381 salt, salt_len, plaintext_buffer,
382 max_decrypt_size, &plaintext_len);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]383
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]384 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]385 struct rpc_buffer *resp_buf =
386 &req->response;
387 rpc_status = serializer->serialize_asymmetric_decrypt_resp(
388 resp_buf, plaintext_buffer, plaintext_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]389 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]390
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]391 free(plaintext_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]392 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]393 /* Failed to allocate ouptput buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]394 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]395 }
396 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]397
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]398 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]399 psa_reset_key_attributes(&attributes);
400 }
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]401 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]402 /* Failed to allocate buffers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]403 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]404 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]405
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]406 free(ciphertext_buffer);
407 free(salt_buffer);
408 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]409
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]410 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]411}
412
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]413static rpc_status_t asymmetric_encrypt_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]414{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]415 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
416 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]417 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]418
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]419 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]420 size_t max_param_size = serializer->max_deserialised_parameter_size(req_buf);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]421
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]422 psa_key_id_t id;
423 psa_algorithm_t alg;
424 size_t plaintext_len = max_param_size;
425 uint8_t *plaintext_buffer = malloc(plaintext_len);
426 size_t salt_len = max_param_size;
427 uint8_t *salt_buffer = malloc(salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]428
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]429 if (plaintext_buffer && salt_buffer) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]430 rpc_status = serializer->deserialize_asymmetric_encrypt_req(
431 req_buf, &id, &alg, plaintext_buffer, &plaintext_len, salt_buffer,
432 &salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]433
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]434 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]435 psa_status_t psa_status;
436 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]437
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]438 psa_status = psa_get_key_attributes(id, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]439
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]440 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]441 size_t max_encrypt_size =
442 PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(
443 psa_get_key_type(&attributes),
444 psa_get_key_bits(&attributes), alg);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]445
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]446 size_t ciphertext_len;
447 uint8_t *ciphertext_buffer = malloc(max_encrypt_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]448
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]449 if (ciphertext_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]450 /* Salt is an optional parameter */
451 uint8_t *salt = (salt_len) ? salt_buffer : NULL;
Julian Hallf688a0b2021-04-09 11:58:30 +0100[diff] [blame]452
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]453 psa_status = psa_asymmetric_encrypt(
454 id, alg, plaintext_buffer, plaintext_len,
455 salt, salt_len, ciphertext_buffer,
456 max_encrypt_size, &ciphertext_len);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]457
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]458 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]459 struct rpc_buffer *resp_buf =
460 &req->response;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]461
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]462 rpc_status = serializer->serialize_asymmetric_encrypt_resp(
463 resp_buf, ciphertext_buffer, ciphertext_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]464 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]465
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]466 free(ciphertext_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]467 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]468 /* Failed to allocate ouptput buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]469 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]470 }
471 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]472
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]473 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]474 psa_reset_key_attributes(&attributes);
475 }
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]476 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]477 /* Failed to allocate buffers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]478 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]479 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]480
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]481 free(plaintext_buffer);
482 free(salt_buffer);
483 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]484
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]485 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]486}
487
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]488static rpc_status_t generate_random_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]489{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]490 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
491 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]492 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]493
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]494 size_t output_size;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]495
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]496 if (serializer)
497 rpc_status = serializer->deserialize_generate_random_req(req_buf, &output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]498
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]499 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]500 psa_status_t psa_status;
501 uint8_t *output_buffer = malloc(output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]502
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]503 if (output_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]504 psa_status = psa_generate_random(output_buffer, output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]505
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]506 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]507 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]508
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]509 rpc_status = serializer->serialize_generate_random_resp(
510 resp_buf, output_buffer, output_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]511 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]512
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]513 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]514 free(output_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]515 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]516 /* Failed to allocate output buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]517 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]518 }
519 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]520
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]521 return rpc_status;
522}
523
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]524static rpc_status_t copy_key_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]525{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]526 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
527 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]528 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
529
530 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
531 psa_key_id_t source_key_id;
532
533 if (serializer)
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]534 rpc_status =
535 serializer->deserialize_copy_key_req(req_buf, &attributes, &source_key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]536
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]537 if (rpc_status == RPC_SUCCESS) {
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]538 psa_key_id_t target_key_id;
539
540 psa_status_t psa_status = psa_copy_key(source_key_id, &attributes, &target_key_id);
541
542 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]543 struct rpc_buffer *resp_buf = &req->response;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]544 rpc_status = serializer->serialize_copy_key_resp(resp_buf, target_key_id);
545 }
546
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]547 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]548 }
549
550 psa_reset_key_attributes(&attributes);
551
552 return rpc_status;
553}
554
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]555static rpc_status_t purge_key_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]556{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]557 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
558 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]559 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
560
561 psa_key_id_t id;
562
563 if (serializer)
564 rpc_status = serializer->deserialize_purge_key_req(req_buf, &id);
565
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]566 if (rpc_status == RPC_SUCCESS) {
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]567 psa_status_t psa_status = psa_purge_key(id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]568 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]569 }
570
571 return rpc_status;
572}
573
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]574static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]575{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]576 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
577 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]578 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
579
580 psa_key_id_t id;
581
582 if (serializer)
583 rpc_status = serializer->deserialize_get_key_attributes_req(req_buf, &id);
584
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]585 if (rpc_status == RPC_SUCCESS) {
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]586 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
587
588 psa_status_t psa_status = psa_get_key_attributes(id, &attributes);
589
590 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]591 struct rpc_buffer *resp_buf = &req->response;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]592
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]593 rpc_status = serializer->serialize_get_key_attributes_resp(resp_buf,
594 &attributes);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]595 }
596
597 psa_reset_key_attributes(&attributes);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]598 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]599 }
600
601 return rpc_status;
602}
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]603
604static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req)
605{
606 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
607 struct rpc_buffer *req_buf = &req->request;
608 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
609
610 int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
611
612 uint8_t *signature_cert = NULL;
613 uint64_t signature_cert_len = 0;
614 uint8_t *hash = NULL;
615 uint64_t hash_len = 0;
616 uint8_t *public_key_cert = NULL;
617 uint64_t public_key_cert_len = 0;
618
619 if (serializer) {
620 /* First collect the lengths of the fields */
621 rpc_status = serializer->deserialize_verify_pkcs7_signature_req(
622 req_buf, NULL, &signature_cert_len, NULL, &hash_len, NULL,
623 &public_key_cert_len);
624
625 if (rpc_status == RPC_SUCCESS) {
626 /* Allocate the needed space and get the data */
627 signature_cert = (uint8_t *)malloc(signature_cert_len);
628 hash = (uint8_t *)malloc(hash_len);
629 public_key_cert = (uint8_t *)malloc(public_key_cert_len);
630
631 if (signature_cert && hash && public_key_cert) {
632 rpc_status = serializer->deserialize_verify_pkcs7_signature_req(
633 req_buf, signature_cert, &signature_cert_len, hash,
634 &hash_len, public_key_cert, &public_key_cert_len);
635 } else {
636 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
637 }
638 }
639 }
640
641 if (rpc_status == RPC_SUCCESS) {
642 /* Parse the public key certificate */
643 mbedtls_x509_crt signer_certificate;
644
645 mbedtls_x509_crt_init(&signer_certificate);
646
647 mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert,
648 public_key_cert_len);
649
650 if (mbedtls_status == 0) {
651 /* Parse the PKCS#7 DER encoded signature block */
652 mbedtls_pkcs7 pkcs7_structure;
653
654 mbedtls_pkcs7_init(&pkcs7_structure);
655
656 mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert,
657 signature_cert_len);
658
659 if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) {
660 /* Verify hash against signed hash */
661 mbedtls_status = mbedtls_pkcs7_signed_hash_verify(
662 &pkcs7_structure, &signer_certificate, hash, hash_len);
663 }
664
665 mbedtls_pkcs7_free(&pkcs7_structure);
666 }
667
668 mbedtls_x509_crt_free(&signer_certificate);
669 }
670
671 free(signature_cert);
672 free(hash);
673 free(public_key_cert);
674
675 /* Provide the result of the verification */
676 req->service_status = mbedtls_status;
677
678 return rpc_status;
679}