TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / dc945e90deac50fa43ec213f798338996519ae35 / . / components / service / crypto / provider / crypto_provider.c
blob: bc0e90e2af03567da552dd734904f3a529c7fe11 [file] [log] [blame]
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]1/*
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]2 * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]6#include <mbedtls/build_info.h>
7#include <mbedtls/pkcs7.h>
8#include <mbedtls/x509_crt.h>
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]9#include <protocols/rpc/common/packed-c/status.h>
10#include <protocols/service/crypto/packed-c/opcodes.h>
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]11#include <service/crypto/backend/crypto_backend.h>
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]12#include <service/crypto/provider/crypto_provider.h>
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]13#include <stdint.h>
14#include <stdlib.h>
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]15
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]16#include "crypto_partition.h"
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]17#include "crypto_uuid.h"
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]18
19/* Service request handlers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]20static rpc_status_t generate_key_handler(void *context, struct rpc_request *req);
21static rpc_status_t destroy_key_handler(void *context, struct rpc_request *req);
22static rpc_status_t export_key_handler(void *context, struct rpc_request *req);
23static rpc_status_t export_public_key_handler(void *context, struct rpc_request *req);
24static rpc_status_t import_key_handler(void *context, struct rpc_request *req);
25static rpc_status_t asymmetric_sign_handler(void *context, struct rpc_request *req);
26static rpc_status_t asymmetric_verify_handler(void *context, struct rpc_request *req);
27static rpc_status_t asymmetric_decrypt_handler(void *context, struct rpc_request *req);
28static rpc_status_t asymmetric_encrypt_handler(void *context, struct rpc_request *req);
29static rpc_status_t generate_random_handler(void *context, struct rpc_request *req);
30static rpc_status_t copy_key_handler(void *context, struct rpc_request *req);
31static rpc_status_t purge_key_handler(void *context, struct rpc_request *req);
32static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req);
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]33static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]34
35/* Handler mapping table for service */
36static const struct service_handler handler_table[] = {
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]37 { TS_CRYPTO_OPCODE_GENERATE_KEY, generate_key_handler },
38 { TS_CRYPTO_OPCODE_DESTROY_KEY, destroy_key_handler },
39 { TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler },
40 { TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler },
41 { TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler },
42 { TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler },
43 { TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler },
44 { TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler },
45 { TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler },
46 { TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler },
47 { TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler },
48 { TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler },
49 { TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler },
50 { TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler },
51 { TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler },
52 { TS_CRYPTO_OPCODE_VERIFY_PKCS7_SIGNATURE, verify_pkcs7_signature_handler },
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]53};
54
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]55struct rpc_service_interface *
56crypto_provider_init(struct crypto_provider *context, unsigned int encoding,
57 const struct crypto_provider_serializer *serializer)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]58{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]59 const struct rpc_uuid crypto_service_uuid[2] = {
60 { .uuid = TS_PSA_CRYPTO_SERVICE_UUID },
61 { .uuid = TS_PSA_CRYPTO_PROTOBUF_SERVICE_UUID },
62 };
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]63
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]64 if (encoding >= TS_RPC_ENCODING_LIMIT)
65 return NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]66
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]67 context->serializer = serializer;
68
69 service_provider_init(&context->base_provider, context, &crypto_service_uuid[encoding],
70 handler_table,
71 sizeof(handler_table) / sizeof(struct service_handler));
Julian Hall3e614542021-07-29 11:47:47 +0100[diff] [blame]72
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]73 return service_provider_get_rpc_interface(&context->base_provider);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]74}
75
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]76void crypto_provider_deinit(struct crypto_provider *context)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]77{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]78 (void)context;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]79}
80
Julian Hall9061e6c2021-06-29 14:24:20 +0100[diff] [blame]81void crypto_provider_register_serializer(struct crypto_provider *context,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]82 const struct crypto_provider_serializer *serializer)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]83{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]84 context->serializer = serializer;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]85}
86
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]87void crypto_provider_extend(struct crypto_provider *context, struct service_provider *sub_provider)
Julian Hall13e76952021-07-13 12:17:09 +0100[diff] [blame]88{
89 service_provider_extend(&context->base_provider, sub_provider);
90}
91
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]92static const struct crypto_provider_serializer *get_crypto_serializer(void *context,
93 const struct rpc_request *req)
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]94{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]95 struct crypto_provider *this_instance = (struct crypto_provider *)context;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]96
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]97 return this_instance->serializer;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]98}
99
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]100static rpc_status_t generate_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]101{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]102 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
103 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]104 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]105
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]106 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]107
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]108 if (serializer)
109 rpc_status = serializer->deserialize_generate_key_req(req_buf, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]110
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]111 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]112 psa_status_t psa_status;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]113 namespaced_key_id_t ns_key_id = NAMESPACED_KEY_ID_INIT;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]114
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]115 crypto_partition_bind_to_owner(&attributes, req->source_id);
116
117 psa_status = psa_generate_key(&attributes, &ns_key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]118
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]119 if (psa_status == PSA_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]120 psa_key_id_t key_id = namespaced_key_id_get_key_id(ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]121 struct rpc_buffer *resp_buf = &req->response;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]122 rpc_status = serializer->serialize_generate_key_resp(resp_buf, key_id);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]123 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]124
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]125 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]126 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]127
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]128 psa_reset_key_attributes(&attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]129
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]130 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]131}
132
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]133static rpc_status_t destroy_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]134{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]135 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
136 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]137 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]138
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]139 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]140
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]141 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]142 rpc_status = serializer->deserialize_destroy_key_req(req_buf, &key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]143
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]144 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]145 psa_status_t psa_status;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]146 namespaced_key_id_t ns_key_id =
147 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]148
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]149 psa_status = psa_destroy_key(ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]150 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]151 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]152
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]153 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]154}
155
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]156static rpc_status_t export_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]157{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]158 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
159 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]160 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]161
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]162 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]163
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]164 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]165 rpc_status = serializer->deserialize_export_key_req(req_buf, &key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]166
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]167 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]168 namespaced_key_id_t ns_key_id =
169 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]170 size_t max_export_size = PSA_EXPORT_KEY_PAIR_MAX_SIZE;
171 uint8_t *key_buffer = malloc(max_export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]172
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]173 if (key_buffer) {
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]174 size_t export_size;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]175 psa_status_t psa_status =
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]176 psa_export_key(ns_key_id, key_buffer, max_export_size, &export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]177
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]178 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]179 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]180
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]181 rpc_status = serializer->serialize_export_key_resp(
182 resp_buf, key_buffer, export_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]183 }
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]184
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]185 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]186 req->service_status = psa_status;
187 } else {
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]188 /* Failed to allocate key buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]189 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hall464021a2021-07-29 15:20:10 +0100[diff] [blame]190 }
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]191 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]192
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]193 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]194}
195
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]196static rpc_status_t export_public_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]197{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]198 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
199 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]200 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]201
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]202 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]203
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]204 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]205 rpc_status = serializer->deserialize_export_public_key_req(req_buf, &key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]206
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]207 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]208 namespaced_key_id_t ns_key_id =
209 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]210 size_t max_export_size = PSA_EXPORT_PUBLIC_KEY_MAX_SIZE;
211 uint8_t *key_buffer = malloc(max_export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]212
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]213 if (key_buffer) {
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]214 size_t export_size;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]215 psa_status_t psa_status = psa_export_public_key(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]216 ns_key_id, key_buffer, max_export_size, &export_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]217
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]218 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]219 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]220
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]221 rpc_status = serializer->serialize_export_public_key_resp(
222 resp_buf, key_buffer, export_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]223 }
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]224
225 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]226 req->service_status = psa_status;
227 } else {
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]228 /* Failed to allocate key buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]229 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallec81a502021-07-12 11:36:37 +0100[diff] [blame]230 }
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]231 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]232
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]233 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]234}
235
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]236static rpc_status_t import_key_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]237{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]238 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
239 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]240 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]241
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]242 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]243 size_t key_data_len = serializer->max_deserialised_parameter_size(req_buf);
244 uint8_t *key_buffer = malloc(key_data_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]245
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]246 if (key_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]247 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]248 rpc_status = serializer->deserialize_import_key_req(
249 req_buf, &attributes, key_buffer, &key_data_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]250
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]251 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]252 psa_status_t psa_status;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]253 namespaced_key_id_t ns_key_id = NAMESPACED_KEY_ID_INIT;
254
255 crypto_partition_bind_to_owner(&attributes, req->source_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]256
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]257 psa_status =
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]258 psa_import_key(&attributes, key_buffer, key_data_len, &ns_key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]259
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]260 if (psa_status == PSA_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]261 psa_key_id_t key_id =
262 namespaced_key_id_get_key_id(ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]263 struct rpc_buffer *resp_buf = &req->response;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]264
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]265 rpc_status =
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]266 serializer->serialize_import_key_resp(resp_buf, key_id);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]267 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]268
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]269 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]270 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]271
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]272 psa_reset_key_attributes(&attributes);
273 free(key_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]274 } else {
275 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]276 }
277 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]278
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]279 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]280}
281
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]282static rpc_status_t asymmetric_sign_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]283{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]284 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
285 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]286 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]287
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]288 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]289 psa_algorithm_t alg;
290 size_t hash_len = PSA_HASH_MAX_SIZE;
291 uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]292
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]293 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]294 rpc_status = serializer->deserialize_asymmetric_sign_req(req_buf, &key_id, &alg,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]295 hash_buffer, &hash_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]296
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]297 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]298 namespaced_key_id_t ns_key_id =
299 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]300 psa_status_t psa_status;
301 size_t sig_len;
302 uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]303
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]304 psa_status = (req->opcode == TS_CRYPTO_OPCODE_SIGN_HASH) ?
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]305 psa_sign_hash(ns_key_id, alg, hash_buffer, hash_len, sig_buffer, sizeof(sig_buffer), &sig_len) :
306 psa_sign_message(ns_key_id, alg, hash_buffer, hash_len, sig_buffer, sizeof(sig_buffer), &sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]307
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]308 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]309 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]310
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]311 rpc_status = serializer->serialize_asymmetric_sign_resp(
312 resp_buf, sig_buffer, sig_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]313 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]314
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]315 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]316 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]317
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]318 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]319}
320
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]321static rpc_status_t asymmetric_verify_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]322{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]323 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
324 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]325 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]326
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]327 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]328 psa_algorithm_t alg;
329 size_t hash_len = PSA_HASH_MAX_SIZE;
330 uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
331 size_t sig_len = PSA_SIGNATURE_MAX_SIZE;
332 uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]333
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]334 if (serializer)
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]335 rpc_status = serializer->deserialize_asymmetric_verify_req(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]336 req_buf, &key_id, &alg, hash_buffer, &hash_len, sig_buffer, &sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]337
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]338 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]339 psa_status_t psa_status;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]340 namespaced_key_id_t ns_key_id =
341 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]342
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]343 psa_status = (req->opcode == TS_CRYPTO_OPCODE_VERIFY_HASH) ?
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]344 psa_verify_hash(ns_key_id, alg, hash_buffer, hash_len, sig_buffer, sig_len) :
345 psa_verify_message(ns_key_id, alg, hash_buffer, hash_len, sig_buffer, sig_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]346
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]347 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]348 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]349
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]350 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]351}
352
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]353static rpc_status_t asymmetric_decrypt_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]354{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]355 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
356 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]357 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]358
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]359 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]360 size_t max_param_size = serializer->max_deserialised_parameter_size(req_buf);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]361
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]362 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]363 psa_algorithm_t alg;
364 size_t ciphertext_len = max_param_size;
365 uint8_t *ciphertext_buffer = malloc(ciphertext_len);
366 size_t salt_len = max_param_size;
367 uint8_t *salt_buffer = malloc(salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]368
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]369 if (ciphertext_buffer && salt_buffer) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]370 rpc_status = serializer->deserialize_asymmetric_decrypt_req(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]371 req_buf, &key_id, &alg, ciphertext_buffer, &ciphertext_len, salt_buffer,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]372 &salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]373
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]374 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]375 psa_status_t psa_status;
376 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]377 namespaced_key_id_t ns_key_id =
378 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]379
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]380 psa_status = psa_get_key_attributes(ns_key_id, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]381
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]382 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]383 size_t max_decrypt_size =
384 PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(
385 psa_get_key_type(&attributes),
386 psa_get_key_bits(&attributes), alg);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]387
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]388 size_t plaintext_len;
389 uint8_t *plaintext_buffer = malloc(max_decrypt_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]390
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]391 if (plaintext_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]392 /* Salt is an optional parameter */
393 uint8_t *salt = (salt_len) ? salt_buffer : NULL;
Julian Hallf688a0b2021-04-09 11:58:30 +0100[diff] [blame]394
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]395 psa_status = psa_asymmetric_decrypt(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]396 ns_key_id, alg, ciphertext_buffer, ciphertext_len,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]397 salt, salt_len, plaintext_buffer,
398 max_decrypt_size, &plaintext_len);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]399
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]400 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]401 struct rpc_buffer *resp_buf =
402 &req->response;
403 rpc_status = serializer->serialize_asymmetric_decrypt_resp(
404 resp_buf, plaintext_buffer, plaintext_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]405 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]406
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]407 free(plaintext_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]408 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]409 /* Failed to allocate ouptput buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]410 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]411 }
412 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]413
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]414 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]415 psa_reset_key_attributes(&attributes);
416 }
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]417 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]418 /* Failed to allocate buffers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]419 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]420 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]421
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]422 free(ciphertext_buffer);
423 free(salt_buffer);
424 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]425
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]426 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]427}
428
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]429static rpc_status_t asymmetric_encrypt_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]430{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]431 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
432 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]433 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]434
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]435 if (serializer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]436 size_t max_param_size = serializer->max_deserialised_parameter_size(req_buf);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]437
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]438 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]439 psa_algorithm_t alg;
440 size_t plaintext_len = max_param_size;
441 uint8_t *plaintext_buffer = malloc(plaintext_len);
442 size_t salt_len = max_param_size;
443 uint8_t *salt_buffer = malloc(salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]444
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]445 if (plaintext_buffer && salt_buffer) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]446 rpc_status = serializer->deserialize_asymmetric_encrypt_req(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]447 req_buf, &key_id, &alg, plaintext_buffer, &plaintext_len, salt_buffer,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]448 &salt_len);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]449
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]450 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]451 psa_status_t psa_status;
452 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]453 namespaced_key_id_t ns_key_id =
454 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]455
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]456 psa_status = psa_get_key_attributes(ns_key_id, &attributes);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]457
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]458 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]459 size_t max_encrypt_size =
460 PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(
461 psa_get_key_type(&attributes),
462 psa_get_key_bits(&attributes), alg);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]463
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]464 size_t ciphertext_len;
465 uint8_t *ciphertext_buffer = malloc(max_encrypt_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]466
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]467 if (ciphertext_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]468 /* Salt is an optional parameter */
469 uint8_t *salt = (salt_len) ? salt_buffer : NULL;
Julian Hallf688a0b2021-04-09 11:58:30 +0100[diff] [blame]470
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]471 psa_status = psa_asymmetric_encrypt(
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]472 ns_key_id, alg, plaintext_buffer, plaintext_len,
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]473 salt, salt_len, ciphertext_buffer,
474 max_encrypt_size, &ciphertext_len);
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]475
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]476 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]477 struct rpc_buffer *resp_buf =
478 &req->response;
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]479
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]480 rpc_status = serializer->serialize_asymmetric_encrypt_resp(
481 resp_buf, ciphertext_buffer, ciphertext_len);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]482 }
julhal01c3f4e9a2020-12-15 13:39:01 +0000[diff] [blame]483
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]484 free(ciphertext_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]485 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]486 /* Failed to allocate ouptput buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]487 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]488 }
489 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]490
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]491 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]492 psa_reset_key_attributes(&attributes);
493 }
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]494 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]495 /* Failed to allocate buffers */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]496 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]497 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]498
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]499 free(plaintext_buffer);
500 free(salt_buffer);
501 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]502
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]503 return rpc_status;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]504}
505
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]506static rpc_status_t generate_random_handler(void *context, struct rpc_request *req)
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]507{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]508 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
509 struct rpc_buffer *req_buf = &req->request;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]510 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]511
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]512 size_t output_size;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]513
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]514 if (serializer)
515 rpc_status = serializer->deserialize_generate_random_req(req_buf, &output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]516
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]517 if (rpc_status == RPC_SUCCESS) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]518 psa_status_t psa_status;
519 uint8_t *output_buffer = malloc(output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]520
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]521 if (output_buffer) {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]522 psa_status = psa_generate_random(output_buffer, output_size);
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]523
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]524 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]525 struct rpc_buffer *resp_buf = &req->response;
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]526
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]527 rpc_status = serializer->serialize_generate_random_resp(
528 resp_buf, output_buffer, output_size);
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]529 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]530
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]531 req->service_status = psa_status;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]532 free(output_buffer);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]533 } else {
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]534 /* Failed to allocate output buffer */
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]535 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]536 }
537 }
Julian Hallc02fffb2020-11-23 18:22:06 +0100[diff] [blame]538
Julian Hallf5728962021-06-24 09:40:23 +0100[diff] [blame]539 return rpc_status;
540}
541
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]542static rpc_status_t copy_key_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]543{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]544 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
545 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]546 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
547
548 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]549 psa_key_id_t source_key_id = PSA_KEY_ID_NULL;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]550
551 if (serializer)
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]552 rpc_status =
553 serializer->deserialize_copy_key_req(req_buf, &attributes, &source_key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]554
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]555 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]556 namespaced_key_id_t target_ns_key_id = NAMESPACED_KEY_ID_INIT;
557 namespaced_key_id_t source_ns_key_id =
558 crypto_partition_get_namespaced_key_id(req->source_id, source_key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]559
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]560 crypto_partition_bind_to_owner(&attributes, req->source_id);
561
562 psa_status_t psa_status = psa_copy_key(source_ns_key_id, &attributes, &target_ns_key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]563
564 if (psa_status == PSA_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]565 psa_key_id_t target_key_id = namespaced_key_id_get_key_id(target_ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]566 struct rpc_buffer *resp_buf = &req->response;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]567 rpc_status = serializer->serialize_copy_key_resp(resp_buf, target_key_id);
568 }
569
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]570 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]571 }
572
573 psa_reset_key_attributes(&attributes);
574
575 return rpc_status;
576}
577
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]578static rpc_status_t purge_key_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]579{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]580 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
581 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]582 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
583
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]584 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]585
586 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]587 rpc_status = serializer->deserialize_purge_key_req(req_buf, &key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]588
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]589 if (rpc_status == RPC_SUCCESS) {
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]590 namespaced_key_id_t ns_key_id =
591 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
592 psa_status_t psa_status = psa_purge_key(ns_key_id);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]593 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]594 }
595
596 return rpc_status;
597}
598
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]599static rpc_status_t get_key_attributes_handler(void *context, struct rpc_request *req)
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]600{
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]601 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
602 struct rpc_buffer *req_buf = &req->request;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]603 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
604
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]605 psa_key_id_t key_id = PSA_KEY_ID_NULL;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]606
607 if (serializer)
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]608 rpc_status = serializer->deserialize_get_key_attributes_req(req_buf, &key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]609
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]610 if (rpc_status == RPC_SUCCESS) {
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]611 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]612 namespaced_key_id_t ns_key_id =
613 crypto_partition_get_namespaced_key_id(req->source_id, key_id);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]614
Balint Dobszaydc945e92024-01-15 16:07:21 +0100[diff] [blame^]615 psa_status_t psa_status = psa_get_key_attributes(ns_key_id, &attributes);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]616
617 if (psa_status == PSA_SUCCESS) {
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]618 struct rpc_buffer *resp_buf = &req->response;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]619
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]620 rpc_status = serializer->serialize_get_key_attributes_resp(resp_buf,
621 &attributes);
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]622 }
623
624 psa_reset_key_attributes(&attributes);
Imre Kis6d867d82023-07-04 13:29:33 +0200[diff] [blame]625 req->service_status = psa_status;
Julian Hall8359a632021-07-08 15:10:30 +0100[diff] [blame]626 }
627
628 return rpc_status;
629}
Gabor Tothab7db212023-08-18 16:08:12 +0200[diff] [blame]630
631static rpc_status_t verify_pkcs7_signature_handler(void *context, struct rpc_request *req)
632{
633 rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
634 struct rpc_buffer *req_buf = &req->request;
635 const struct crypto_provider_serializer *serializer = get_crypto_serializer(context, req);
636
637 int mbedtls_status = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
638
639 uint8_t *signature_cert = NULL;
640 uint64_t signature_cert_len = 0;
641 uint8_t *hash = NULL;
642 uint64_t hash_len = 0;
643 uint8_t *public_key_cert = NULL;
644 uint64_t public_key_cert_len = 0;
645
646 if (serializer) {
647 /* First collect the lengths of the fields */
648 rpc_status = serializer->deserialize_verify_pkcs7_signature_req(
649 req_buf, NULL, &signature_cert_len, NULL, &hash_len, NULL,
650 &public_key_cert_len);
651
652 if (rpc_status == RPC_SUCCESS) {
653 /* Allocate the needed space and get the data */
654 signature_cert = (uint8_t *)malloc(signature_cert_len);
655 hash = (uint8_t *)malloc(hash_len);
656 public_key_cert = (uint8_t *)malloc(public_key_cert_len);
657
658 if (signature_cert && hash && public_key_cert) {
659 rpc_status = serializer->deserialize_verify_pkcs7_signature_req(
660 req_buf, signature_cert, &signature_cert_len, hash,
661 &hash_len, public_key_cert, &public_key_cert_len);
662 } else {
663 rpc_status = RPC_ERROR_RESOURCE_FAILURE;
664 }
665 }
666 }
667
668 if (rpc_status == RPC_SUCCESS) {
669 /* Parse the public key certificate */
670 mbedtls_x509_crt signer_certificate;
671
672 mbedtls_x509_crt_init(&signer_certificate);
673
674 mbedtls_status = mbedtls_x509_crt_parse_der(&signer_certificate, public_key_cert,
675 public_key_cert_len);
676
677 if (mbedtls_status == 0) {
678 /* Parse the PKCS#7 DER encoded signature block */
679 mbedtls_pkcs7 pkcs7_structure;
680
681 mbedtls_pkcs7_init(&pkcs7_structure);
682
683 mbedtls_status = mbedtls_pkcs7_parse_der(&pkcs7_structure, signature_cert,
684 signature_cert_len);
685
686 if (mbedtls_status == MBEDTLS_PKCS7_SIGNED_DATA) {
687 /* Verify hash against signed hash */
688 mbedtls_status = mbedtls_pkcs7_signed_hash_verify(
689 &pkcs7_structure, &signer_certificate, hash, hash_len);
690 }
691
692 mbedtls_pkcs7_free(&pkcs7_structure);
693 }
694
695 mbedtls_x509_crt_free(&signer_certificate);
696 }
697
698 free(signature_cert);
699 free(hash);
700 free(public_key_cert);
701
702 /* Provide the result of the verification */
703 req->service_status = mbedtls_status;
704
705 return rpc_status;
706}