| From b160f734006f4959d92377dc3aa8eabc3ac7c1da Mon Sep 17 00:00:00 2001 |
| From: Julian Hall <julian.hall@arm.com> |
| Date: Fri, 11 Feb 2022 14:08:13 +0000 |
| Subject: [PATCH] Separate sign/verify message and hash operations |
| |
| Previous versions of mbedtls didn't distinguish between |
| asymmetric sign and verify operations on a hash or message. |
| They are now treated as separate operations from a usage |
| control perspective. This change makes the corresponding |
| hash/message sepration in client and service provider |
| components. |
| |
| Signed-off-by: Julian Hall <julian.hall@arm.com> |
| Change-Id: Ic0041c694c026522c9b00c974d22261e9e2feadd |
| |
| Upstream-Status: Pending [Not submitted to upstream yet] |
| Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> |
| |
| |
| --- |
| .../caller/packed-c/crypto_caller_sign_hash.h | 29 +++++++- |
| .../packed-c/crypto_caller_verify_hash.h | 33 ++++++++- |
| .../caller/stub/crypto_caller_sign_hash.h | 11 ++- |
| .../caller/stub/crypto_caller_verify_hash.h | 11 ++- |
| .../service/crypto/client/cpp/crypto_client.h | 17 ++++- |
| .../packed-c/packedc_crypto_client.cpp | 22 +++++- |
| .../protocol/packed-c/packedc_crypto_client.h | 17 ++++- |
| .../protobuf/protobuf_crypto_client.cpp | 43 ++++++++++- |
| .../protobuf/protobuf_crypto_client.h | 27 ++++++- |
| .../crypto/client/psa/psa_sign_message.c | 24 +++--- |
| .../crypto/client/psa/psa_verify_message.c | 24 +++--- |
| .../service/crypto/provider/crypto_provider.c | 40 ++++++---- |
| .../serializer/crypto_provider_serializer.h | 6 +- |
| .../packedc_crypto_provider_serializer.c | 12 +-- |
| .../protobuf/pb_crypto_provider_serializer.c | 74 +++++++++---------- |
| .../check_crypto_opcode_alignment.cpp | 25 ++++--- |
| .../test/service/crypto_service_scenarios.cpp | 56 +++++++++++++- |
| .../test/service/crypto_service_scenarios.h | 3 +- |
| .../packed-c/crypto_service_packedc_tests.cpp | 7 +- |
| .../crypto_service_protobuf_tests.cpp | 7 +- |
| protocols/service/crypto/packed-c/opcodes.h | 4 +- |
| .../service/crypto/protobuf/opcodes.proto | 4 +- |
| 22 files changed, 366 insertions(+), 130 deletions(-) |
| |
| diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h |
| index e807773e..4a9ed20d 100644 |
| --- a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h |
| +++ b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -20,7 +20,8 @@ |
| extern "C" { |
| #endif |
| |
| -static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, |
| +static inline psa_status_t crypto_caller_asym_sign_commom(struct service_client *context, |
| + uint32_t opcode, |
| psa_key_id_t id, |
| psa_algorithm_t alg, |
| const uint8_t *hash, size_t hash_length, |
| @@ -60,7 +61,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex |
| |
| context->rpc_status = |
| rpc_caller_invoke(context->caller, call_handle, |
| - TS_CRYPTO_OPCODE_SIGN_HASH, &opstatus, &resp_buf, &resp_len); |
| + opcode, &opstatus, &resp_buf, &resp_len); |
| |
| if (context->rpc_status == TS_RPC_CALL_ACCEPTED) { |
| |
| @@ -98,6 +99,28 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex |
| return psa_status; |
| } |
| |
| +static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *hash, size_t hash_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| +{ |
| + return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_HASH, |
| + id, alg, hash, hash_length, |
| + signature, signature_size, signature_length); |
| +} |
| + |
| +static inline psa_status_t crypto_caller_sign_message(struct service_client *context, |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *hash, size_t hash_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| +{ |
| + return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_MESSAGE, |
| + id, alg, hash, hash_length, |
| + signature, signature_size, signature_length); |
| +} |
| + |
| #ifdef __cplusplus |
| } |
| #endif |
| diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h |
| index 47152946..daa11330 100644 |
| --- a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h |
| +++ b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -20,7 +20,8 @@ |
| extern "C" { |
| #endif |
| |
| -static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, |
| +static inline psa_status_t crypto_caller_asym_verify_common(struct service_client *context, |
| + uint32_t opcode, |
| psa_key_id_t id, |
| psa_algorithm_t alg, |
| const uint8_t *hash, size_t hash_length, |
| @@ -65,7 +66,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont |
| |
| context->rpc_status = |
| rpc_caller_invoke(context->caller, call_handle, |
| - TS_CRYPTO_OPCODE_VERIFY_HASH, &opstatus, &resp_buf, &resp_len); |
| + opcode, &opstatus, &resp_buf, &resp_len); |
| |
| if (context->rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus; |
| |
| @@ -75,6 +76,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont |
| return psa_status; |
| } |
| |
| +static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *hash, size_t hash_length, |
| + const uint8_t *signature, size_t signature_length) |
| +{ |
| + return crypto_caller_asym_verify_common(context, |
| + TS_CRYPTO_OPCODE_VERIFY_HASH, |
| + id, alg, |
| + hash, hash_length, |
| + signature, signature_length); |
| +} |
| + |
| +static inline psa_status_t crypto_caller_verify_message(struct service_client *context, |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *input, size_t input_length, |
| + const uint8_t *signature, size_t signature_length) |
| +{ |
| + return crypto_caller_asym_verify_common(context, |
| + TS_CRYPTO_OPCODE_VERIFY_MESSAGE, |
| + id, alg, |
| + input, input_length, |
| + signature, signature_length); |
| +} |
| + |
| #ifdef __cplusplus |
| } |
| #endif |
| diff --git a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h |
| index d09369a2..09049f5c 100644 |
| --- a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h |
| +++ b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex |
| return PSA_ERROR_NOT_SUPPORTED; |
| } |
| |
| +static inline psa_status_t crypto_caller_sign_message(struct service_client *context, |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *hash, size_t hash_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| +{ |
| + return PSA_ERROR_NOT_SUPPORTED; |
| +} |
| + |
| #ifdef __cplusplus |
| } |
| #endif |
| diff --git a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h |
| index 20d11dcf..3f3eb878 100644 |
| --- a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h |
| +++ b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont |
| return PSA_ERROR_NOT_SUPPORTED; |
| } |
| |
| +static inline psa_status_t crypto_caller_verify_message(struct service_client *context, |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *input, size_t input_length, |
| + const uint8_t *signature, size_t signature_length) |
| +{ |
| + return PSA_ERROR_NOT_SUPPORTED; |
| +} |
| + |
| #ifdef __cplusplus |
| } |
| #endif |
| diff --git a/components/service/crypto/client/cpp/crypto_client.h b/components/service/crypto/client/cpp/crypto_client.h |
| index 2a5e5b99..ccb0714a 100644 |
| --- a/components/service/crypto/client/cpp/crypto_client.h |
| +++ b/components/service/crypto/client/cpp/crypto_client.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -57,7 +57,7 @@ public: |
| psa_key_id_t id, |
| uint8_t *data, size_t data_size, size_t *data_length) = 0; |
| |
| - /* Sign/verify methods */ |
| + /* Sign/verify hash methods */ |
| virtual psa_status_t sign_hash( |
| psa_key_id_t id, |
| psa_algorithm_t alg, |
| @@ -70,6 +70,19 @@ public: |
| const uint8_t *hash, size_t hash_length, |
| const uint8_t *signature, size_t signature_length) = 0; |
| |
| + /* Sign/verify message methods */ |
| + virtual psa_status_t sign_message( |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length) = 0; |
| + |
| + virtual psa_status_t verify_message( |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + const uint8_t *signature, size_t signature_length) = 0; |
| + |
| /* Asymmetric encrypt/decrypt */ |
| virtual psa_status_t asymmetric_encrypt( |
| psa_key_id_t id, |
| diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp |
| index 4d9d8f41..4e10f9be 100644 |
| --- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp |
| +++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -107,6 +107,26 @@ psa_status_t packedc_crypto_client::verify_hash( |
| signature, signature_length); |
| } |
| |
| +psa_status_t packedc_crypto_client::sign_message( |
| + psa_key_id_t id, psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| +{ |
| + return crypto_caller_sign_message(&m_client, id, alg, |
| + message, message_length, |
| + signature, signature_size, signature_length); |
| +} |
| + |
| +psa_status_t packedc_crypto_client::verify_message( |
| + psa_key_id_t id, psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + const uint8_t *signature, size_t signature_length) |
| +{ |
| + return crypto_caller_verify_message(&m_client, id, alg, |
| + message, message_length, |
| + signature, signature_length); |
| +} |
| + |
| psa_status_t packedc_crypto_client::asymmetric_encrypt( |
| psa_key_id_t id, psa_algorithm_t alg, |
| const uint8_t *input, size_t input_length, |
| diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h |
| index 377b51d1..d74ba609 100644 |
| --- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h |
| +++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -54,7 +54,7 @@ public: |
| psa_key_id_t id, |
| uint8_t *data, size_t data_size, size_t *data_length); |
| |
| - /* Sign/verify methods */ |
| + /* Sign/verify hash methods */ |
| psa_status_t sign_hash( |
| psa_key_id_t id, |
| psa_algorithm_t alg, |
| @@ -67,6 +67,19 @@ public: |
| const uint8_t *hash, size_t hash_length, |
| const uint8_t *signature, size_t signature_length); |
| |
| + /* Sign/verify message methods */ |
| + psa_status_t sign_message( |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length); |
| + |
| + psa_status_t verify_message( |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + const uint8_t *signature, size_t signature_length); |
| + |
| /* Asymmetric encrypt/decrypt */ |
| psa_status_t asymmetric_encrypt( |
| psa_key_id_t id, |
| diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp |
| index 17780351..28c8f6fb 100644 |
| --- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp |
| +++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp |
| @@ -386,6 +386,25 @@ psa_status_t protobuf_crypto_client::export_public_key(psa_key_id_t id, |
| psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t alg, |
| const uint8_t *hash, size_t hash_length, |
| uint8_t *signature, size_t signature_size, size_t *signature_length) |
| +{ |
| + return asym_sign(ts_crypto_Opcode_SIGN_HASH, id, alg, |
| + hash, hash_length, |
| + signature, signature_size, signature_length); |
| +} |
| + |
| +psa_status_t protobuf_crypto_client::sign_message(psa_key_id_t id, psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| +{ |
| + return asym_sign(ts_crypto_Opcode_SIGN_MESSAGE, id, alg, |
| + message, message_length, |
| + signature, signature_size, signature_length); |
| +} |
| + |
| +psa_status_t protobuf_crypto_client::asym_sign(uint32_t opcode, |
| + psa_key_id_t id, psa_algorithm_t alg, |
| + const uint8_t *hash, size_t hash_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| { |
| size_t req_len; |
| pb_bytes_array_t *hash_byte_array = |
| @@ -416,7 +435,7 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t |
| pb_encode(&ostream, ts_crypto_SignHashIn_fields, &req_msg); |
| |
| m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle, |
| - ts_crypto_Opcode_SIGN_HASH, &opstatus, &resp_buf, &resp_len); |
| + opcode, &opstatus, &resp_buf, &resp_len); |
| |
| if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) { |
| |
| @@ -462,10 +481,28 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t |
| return psa_status; |
| } |
| |
| - |
| psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_t alg, |
| const uint8_t *hash, size_t hash_length, |
| const uint8_t *signature, size_t signature_length) |
| +{ |
| + return asym_verify(ts_crypto_Opcode_VERIFY_HASH, id, alg, |
| + hash, hash_length, |
| + signature, signature_length); |
| +} |
| + |
| +psa_status_t protobuf_crypto_client::verify_message(psa_key_id_t id, psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + const uint8_t *signature, size_t signature_length) |
| +{ |
| + return asym_verify(ts_crypto_Opcode_VERIFY_MESSAGE, id, alg, |
| + message, message_length, |
| + signature, signature_length); |
| +} |
| + |
| +psa_status_t protobuf_crypto_client::asym_verify(uint32_t opcode, |
| + psa_key_id_t id, psa_algorithm_t alg, |
| + const uint8_t *hash, size_t hash_length, |
| + const uint8_t *signature, size_t signature_length) |
| { |
| size_t req_len; |
| pb_bytes_array_t *hash_byte_array = |
| @@ -497,7 +534,7 @@ psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_ |
| pb_encode(&ostream, ts_crypto_VerifyHashIn_fields, &req_msg); |
| |
| m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle, |
| - ts_crypto_Opcode_VERIFY_HASH, &opstatus, &resp_buf, &resp_len); |
| + opcode, &opstatus, &resp_buf, &resp_len); |
| |
| if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus; |
| |
| diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h |
| index 085d9cfa..abe4439e 100644 |
| --- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h |
| +++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -54,7 +54,7 @@ public: |
| psa_key_id_t id, |
| uint8_t *data, size_t data_size, size_t *data_length); |
| |
| - /* Sign/verify methods */ |
| + /* Sign/verify hash methods */ |
| psa_status_t sign_hash( |
| psa_key_id_t id, |
| psa_algorithm_t alg, |
| @@ -67,6 +67,19 @@ public: |
| const uint8_t *hash, size_t hash_length, |
| const uint8_t *signature, size_t signature_length); |
| |
| + /* Sign/verify message methods */ |
| + psa_status_t sign_message( |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length); |
| + |
| + psa_status_t verify_message( |
| + psa_key_id_t id, |
| + psa_algorithm_t alg, |
| + const uint8_t *message, size_t message_length, |
| + const uint8_t *signature, size_t signature_length); |
| + |
| /* Asymmetric encrypt/decrypt */ |
| psa_status_t asymmetric_encrypt( |
| psa_key_id_t id, |
| @@ -221,6 +234,16 @@ public: |
| |
| private: |
| |
| + psa_status_t asym_sign(uint32_t opcode, |
| + psa_key_id_t id, psa_algorithm_t alg, |
| + const uint8_t *hash, size_t hash_length, |
| + uint8_t *signature, size_t signature_size, size_t *signature_length); |
| + |
| + psa_status_t asym_verify(uint32_t opcode, |
| + psa_key_id_t id, psa_algorithm_t alg, |
| + const uint8_t *hash, size_t hash_length, |
| + const uint8_t *signature, size_t signature_length); |
| + |
| void translate_key_attributes( |
| ts_crypto_KeyAttributes &proto_attributes, |
| const psa_key_attributes_t &psa_attributes); |
| diff --git a/components/service/crypto/client/psa/psa_sign_message.c b/components/service/crypto/client/psa/psa_sign_message.c |
| index dc2f7e80..b6446253 100644 |
| --- a/components/service/crypto/client/psa/psa_sign_message.c |
| +++ b/components/service/crypto/client/psa/psa_sign_message.c |
| @@ -1,13 +1,15 @@ |
| /* |
| - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| |
| #include <psa/crypto.h> |
| +#include "psa_crypto_client.h" |
| +#include "crypto_caller_selector.h" |
| |
| psa_status_t psa_sign_message( |
| - psa_key_id_t key, |
| + psa_key_id_t id, |
| psa_algorithm_t alg, |
| const uint8_t *input, |
| size_t input_length, |
| @@ -15,19 +17,11 @@ psa_status_t psa_sign_message( |
| size_t signature_size, |
| size_t *signature_length) |
| { |
| - size_t hash_len; |
| - uint8_t hash[PSA_HASH_MAX_SIZE]; |
| + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) |
| + return psa_crypto_client_instance.init_status; |
| |
| - psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), |
| + return crypto_caller_sign_message(&psa_crypto_client_instance.base, |
| + id, alg, |
| input, input_length, |
| - hash, sizeof(hash), &hash_len); |
| - |
| - if (psa_status == PSA_SUCCESS) { |
| - |
| - psa_status = psa_sign_hash(key, alg, |
| - hash, hash_len, |
| - signature, signature_size, signature_length); |
| - } |
| - |
| - return psa_status; |
| + signature, signature_size, signature_length); |
| } |
| diff --git a/components/service/crypto/client/psa/psa_verify_message.c b/components/service/crypto/client/psa/psa_verify_message.c |
| index d0fbc7c8..57c2c5e8 100644 |
| --- a/components/service/crypto/client/psa/psa_verify_message.c |
| +++ b/components/service/crypto/client/psa/psa_verify_message.c |
| @@ -1,32 +1,26 @@ |
| /* |
| - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| |
| #include <psa/crypto.h> |
| +#include "psa_crypto_client.h" |
| +#include "crypto_caller_selector.h" |
| |
| psa_status_t psa_verify_message( |
| - psa_key_id_t key, |
| + psa_key_id_t id, |
| psa_algorithm_t alg, |
| const uint8_t *input, |
| size_t input_length, |
| const uint8_t * signature, |
| size_t signature_length) |
| { |
| - size_t hash_len; |
| - uint8_t hash[PSA_HASH_MAX_SIZE]; |
| + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) |
| + return psa_crypto_client_instance.init_status; |
| |
| - psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), |
| + return crypto_caller_verify_message(&psa_crypto_client_instance.base, |
| + id, alg, |
| input, input_length, |
| - hash, sizeof(hash), &hash_len); |
| - |
| - if (psa_status == PSA_SUCCESS) { |
| - |
| - psa_status = psa_verify_hash(key, alg, |
| - hash, hash_len, |
| - signature, signature_length); |
| - } |
| - |
| - return psa_status; |
| + signature, signature_length); |
| } |
| diff --git a/components/service/crypto/provider/crypto_provider.c b/components/service/crypto/provider/crypto_provider.c |
| index d0fc7cac..67a5b340 100644 |
| --- a/components/service/crypto/provider/crypto_provider.c |
| +++ b/components/service/crypto/provider/crypto_provider.c |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -16,8 +16,8 @@ static rpc_status_t destroy_key_handler(void *context, struct call_req* req); |
| static rpc_status_t export_key_handler(void *context, struct call_req* req); |
| static rpc_status_t export_public_key_handler(void *context, struct call_req* req); |
| static rpc_status_t import_key_handler(void *context, struct call_req* req); |
| -static rpc_status_t sign_hash_handler(void *context, struct call_req* req); |
| -static rpc_status_t verify_hash_handler(void *context, struct call_req* req); |
| +static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req); |
| +static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req); |
| static rpc_status_t asymmetric_decrypt_handler(void *context, struct call_req* req); |
| static rpc_status_t asymmetric_encrypt_handler(void *context, struct call_req* req); |
| static rpc_status_t generate_random_handler(void *context, struct call_req* req); |
| @@ -32,14 +32,16 @@ static const struct service_handler handler_table[] = { |
| {TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler}, |
| {TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler}, |
| {TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler}, |
| - {TS_CRYPTO_OPCODE_SIGN_HASH, sign_hash_handler}, |
| - {TS_CRYPTO_OPCODE_VERIFY_HASH, verify_hash_handler}, |
| + {TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler}, |
| + {TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler}, |
| {TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler}, |
| {TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler}, |
| {TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler}, |
| {TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler}, |
| {TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler}, |
| {TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler}, |
| + {TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler}, |
| + {TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler}, |
| }; |
| |
| struct rpc_interface *crypto_provider_init(struct crypto_provider *context) |
| @@ -272,7 +274,7 @@ static rpc_status_t import_key_handler(void *context, struct call_req* req) |
| return rpc_status; |
| } |
| |
| -static rpc_status_t sign_hash_handler(void *context, struct call_req* req) |
| +static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req) |
| { |
| rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED; |
| struct call_param_buf *req_buf = call_req_get_req_buf(req); |
| @@ -284,7 +286,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) |
| uint8_t hash_buffer[PSA_HASH_MAX_SIZE]; |
| |
| if (serializer) |
| - rpc_status = serializer->deserialize_sign_hash_req(req_buf, &id, &alg, hash_buffer, &hash_len); |
| + rpc_status = serializer->deserialize_asymmetric_sign_req(req_buf, &id, &alg, hash_buffer, &hash_len); |
| |
| if (rpc_status == TS_RPC_CALL_ACCEPTED) { |
| |
| @@ -292,14 +294,16 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) |
| size_t sig_len; |
| uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE]; |
| |
| - psa_status = psa_sign_hash(id, alg, |
| - hash_buffer, hash_len, |
| - sig_buffer, sizeof(sig_buffer), &sig_len); |
| + psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_SIGN_HASH) ? |
| + psa_sign_hash(id, alg, hash_buffer, hash_len, |
| + sig_buffer, sizeof(sig_buffer), &sig_len) : |
| + psa_sign_message(id, alg, hash_buffer, hash_len, |
| + sig_buffer, sizeof(sig_buffer), &sig_len); |
| |
| if (psa_status == PSA_SUCCESS) { |
| |
| struct call_param_buf *resp_buf = call_req_get_resp_buf(req); |
| - rpc_status = serializer->serialize_sign_hash_resp(resp_buf, sig_buffer, sig_len); |
| + rpc_status = serializer->serialize_asymmetric_sign_resp(resp_buf, sig_buffer, sig_len); |
| } |
| |
| call_req_set_opstatus(req, psa_status); |
| @@ -308,7 +312,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) |
| return rpc_status; |
| } |
| |
| -static rpc_status_t verify_hash_handler(void *context, struct call_req* req) |
| +static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req) |
| { |
| rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED; |
| struct call_param_buf *req_buf = call_req_get_req_buf(req); |
| @@ -322,7 +326,7 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req) |
| uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE]; |
| |
| if (serializer) |
| - rpc_status = serializer->deserialize_verify_hash_req(req_buf, &id, &alg, |
| + rpc_status = serializer->deserialize_asymmetric_verify_req(req_buf, &id, &alg, |
| hash_buffer, &hash_len, |
| sig_buffer, &sig_len); |
| |
| @@ -330,9 +334,13 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req) |
| |
| psa_status_t psa_status; |
| |
| - psa_status = psa_verify_hash(id, alg, |
| - hash_buffer, hash_len, |
| - sig_buffer, sig_len); |
| + psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_VERIFY_HASH) ? |
| + psa_verify_hash(id, alg, |
| + hash_buffer, hash_len, |
| + sig_buffer, sig_len) : |
| + psa_verify_message(id, alg, |
| + hash_buffer, hash_len, |
| + sig_buffer, sig_len); |
| |
| call_req_set_opstatus(req, psa_status); |
| } |
| diff --git a/components/service/crypto/provider/serializer/crypto_provider_serializer.h b/components/service/crypto/provider/serializer/crypto_provider_serializer.h |
| index 68940cae..57364f24 100644 |
| --- a/components/service/crypto/provider/serializer/crypto_provider_serializer.h |
| +++ b/components/service/crypto/provider/serializer/crypto_provider_serializer.h |
| @@ -79,15 +79,15 @@ struct crypto_provider_serializer { |
| const psa_key_attributes_t *attributes); |
| |
| /* Operation: sign_hash */ |
| - rpc_status_t (*deserialize_sign_hash_req)(const struct call_param_buf *req_buf, |
| + rpc_status_t (*deserialize_asymmetric_sign_req)(const struct call_param_buf *req_buf, |
| psa_key_id_t *id, psa_algorithm_t *alg, |
| uint8_t *hash, size_t *hash_len); |
| |
| - rpc_status_t (*serialize_sign_hash_resp)(struct call_param_buf *resp_buf, |
| + rpc_status_t (*serialize_asymmetric_sign_resp)(struct call_param_buf *resp_buf, |
| const uint8_t *sig, size_t sig_len); |
| |
| /* Operation: verify_hash */ |
| - rpc_status_t (*deserialize_verify_hash_req)(const struct call_param_buf *req_buf, |
| + rpc_status_t (*deserialize_asymmetric_verify_req)(const struct call_param_buf *req_buf, |
| psa_key_id_t *id, psa_algorithm_t *alg, |
| uint8_t *hash, size_t *hash_len, |
| uint8_t *sig, size_t *sig_len); |
| diff --git a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c |
| index c70db865..4a7e59f0 100644 |
| --- a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c |
| +++ b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c |
| @@ -333,7 +333,7 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res |
| } |
| |
| /* Operation: sign_hash */ |
| -static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf, |
| +static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf, |
| psa_key_id_t *id, psa_algorithm_t *alg, |
| uint8_t *hash, size_t *hash_len) |
| { |
| @@ -378,7 +378,7 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b |
| return rpc_status; |
| } |
| |
| -static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, |
| +static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf, |
| const uint8_t *sig, size_t sig_len) |
| { |
| rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; |
| @@ -401,7 +401,7 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, |
| } |
| |
| /* Operation: verify_hash */ |
| -static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf, |
| +static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf, |
| psa_key_id_t *id, psa_algorithm_t *alg, |
| uint8_t *hash, size_t *hash_len, |
| uint8_t *sig, size_t *sig_len) |
| @@ -695,9 +695,9 @@ const struct crypto_provider_serializer *packedc_crypto_provider_serializer_inst |
| deserialize_purge_key_req, |
| deserialize_get_key_attributes_req, |
| serialize_get_key_attributes_resp, |
| - deserialize_sign_hash_req, |
| - serialize_sign_hash_resp, |
| - deserialize_verify_hash_req, |
| + deserialize_asymmetric_sign_req, |
| + serialize_asymmetric_sign_resp, |
| + deserialize_asymmetric_verify_req, |
| deserialize_asymmetric_decrypt_req, |
| serialize_asymmetric_decrypt_resp, |
| deserialize_asymmetric_encrypt_req, |
| diff --git a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c |
| index 7767d20a..083a581a 100644 |
| --- a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c |
| +++ b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c |
| @@ -267,9 +267,9 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res |
| } |
| |
| /* Operation: sign_hash */ |
| -static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf, |
| - psa_key_id_t *id, psa_algorithm_t *alg, |
| - uint8_t *hash, size_t *hash_len) |
| +static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf, |
| + psa_key_id_t *id, psa_algorithm_t *alg, |
| + uint8_t *hash, size_t *hash_len) |
| { |
| rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; |
| ts_crypto_SignHashIn recv_msg = ts_crypto_SignHashIn_init_default; |
| @@ -295,8 +295,8 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b |
| return rpc_status; |
| } |
| |
| -static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, |
| - const uint8_t *sig, size_t sig_len) |
| +static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf, |
| + const uint8_t *sig, size_t sig_len) |
| { |
| size_t packed_resp_size; |
| rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; |
| @@ -323,10 +323,10 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, |
| } |
| |
| /* Operation: verify_hash */ |
| -static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf, |
| - psa_key_id_t *id, psa_algorithm_t *alg, |
| - uint8_t *hash, size_t *hash_len, |
| - uint8_t *sig, size_t *sig_len) |
| +static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf, |
| + psa_key_id_t *id, psa_algorithm_t *alg, |
| + uint8_t *hash, size_t *hash_len, |
| + uint8_t *sig, size_t *sig_len) |
| { |
| rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; |
| ts_crypto_VerifyHashIn recv_msg = ts_crypto_VerifyHashIn_init_default; |
| @@ -538,32 +538,32 @@ static rpc_status_t serialize_generate_random_resp(struct call_param_buf *resp_b |
| /* Singleton method to provide access to the serializer instance */ |
| const struct crypto_provider_serializer *pb_crypto_provider_serializer_instance(void) |
| { |
| - static const struct crypto_provider_serializer instance = { |
| - max_deserialised_parameter_size, |
| - deserialize_generate_key_req, |
| - serialize_generate_key_resp, |
| - deserialize_destroy_key_req, |
| - deserialize_export_key_req, |
| - serialize_export_key_resp, |
| - deserialize_export_public_key_req, |
| - serialize_export_public_key_resp, |
| - deserialize_import_key_req, |
| - serialize_import_key_resp, |
| - deserialize_copy_key_req, |
| - serialize_copy_key_resp, |
| - deserialize_purge_key_req, |
| - deserialize_get_key_attributes_req, |
| - serialize_get_key_attributes_resp, |
| - deserialize_sign_hash_req, |
| - serialize_sign_hash_resp, |
| - deserialize_verify_hash_req, |
| - deserialize_asymmetric_decrypt_req, |
| - serialize_asymmetric_decrypt_resp, |
| - deserialize_asymmetric_encrypt_req, |
| - serialize_asymmetric_encrypt_resp, |
| - deserialize_generate_random_req, |
| - serialize_generate_random_resp |
| - }; |
| - |
| - return &instance; |
| + static const struct crypto_provider_serializer instance = { |
| + max_deserialised_parameter_size, |
| + deserialize_generate_key_req, |
| + serialize_generate_key_resp, |
| + deserialize_destroy_key_req, |
| + deserialize_export_key_req, |
| + serialize_export_key_resp, |
| + deserialize_export_public_key_req, |
| + serialize_export_public_key_resp, |
| + deserialize_import_key_req, |
| + serialize_import_key_resp, |
| + deserialize_copy_key_req, |
| + serialize_copy_key_resp, |
| + deserialize_purge_key_req, |
| + deserialize_get_key_attributes_req, |
| + serialize_get_key_attributes_resp, |
| + deserialize_asymmetric_sign_req, |
| + serialize_asymmetric_sign_resp, |
| + deserialize_asymmetric_verify_req, |
| + deserialize_asymmetric_decrypt_req, |
| + serialize_asymmetric_decrypt_resp, |
| + deserialize_asymmetric_encrypt_req, |
| + serialize_asymmetric_encrypt_resp, |
| + deserialize_generate_random_req, |
| + serialize_generate_random_resp |
| + }; |
| + |
| + return &instance; |
| } |
| diff --git a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp |
| index bd6c66ee..da01abf4 100644 |
| --- a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp |
| +++ b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -18,15 +18,16 @@ TEST_GROUP(CryptoProtocolOpcodeChecks) |
| |
| TEST(CryptoProtocolOpcodeChecks, checkPackedcToProtobuf) |
| { |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT); |
| - CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_MESSAGE, ts_crypto_Opcode_SIGN_MESSAGE); |
| + CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_MESSAGE, ts_crypto_Opcode_VERIFY_MESSAGE); |
| } |
| - |
| diff --git a/components/service/crypto/test/service/crypto_service_scenarios.cpp b/components/service/crypto/test/service/crypto_service_scenarios.cpp |
| index ec2c6736..b3345551 100644 |
| --- a/components/service/crypto/test/service/crypto_service_scenarios.cpp |
| +++ b/components/service/crypto/test/service/crypto_service_scenarios.cpp |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -290,6 +290,56 @@ void crypto_service_scenarios::signAndVerifyHash() |
| CHECK_EQUAL(PSA_SUCCESS, status); |
| } |
| |
| +void crypto_service_scenarios::signAndVerifyMessage() |
| +{ |
| + psa_status_t status; |
| + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| + psa_key_id_t key_id; |
| + |
| + psa_set_key_id(&attributes, 14); |
| + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE); |
| + psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); |
| + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); |
| + psa_set_key_bits(&attributes, 256); |
| + |
| + /* Generate a key */ |
| + status = m_crypto_client->generate_key(&attributes, &key_id); |
| + CHECK_EQUAL(PSA_SUCCESS, status); |
| + |
| + psa_reset_key_attributes(&attributes); |
| + |
| + /* Sign a message */ |
| + uint8_t message[21]; |
| + uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; |
| + size_t signature_length; |
| + |
| + memset(message, 0x99, sizeof(message)); |
| + |
| + status = m_crypto_client->sign_message(key_id, |
| + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), |
| + signature, sizeof(signature), &signature_length); |
| + |
| + CHECK_EQUAL(PSA_SUCCESS, status); |
| + CHECK(signature_length > 0); |
| + |
| + /* Verify the signature */ |
| + status = m_crypto_client->verify_message(key_id, |
| + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), |
| + signature, signature_length); |
| + CHECK_EQUAL(PSA_SUCCESS, status); |
| + |
| + /* Change the message and expect verify to fail */ |
| + message[0] = 0x72; |
| + status = m_crypto_client->verify_message(key_id, |
| + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), |
| + signature, signature_length); |
| + CHECK_EQUAL(PSA_ERROR_INVALID_SIGNATURE, status); |
| + |
| + /* Remove the key */ |
| + status = m_crypto_client->destroy_key(key_id); |
| + CHECK_EQUAL(PSA_SUCCESS, status); |
| +} |
| + |
| void crypto_service_scenarios::signAndVerifyEat() |
| { |
| /* Sign and verify a hash using EAT key type and algorithm */ |
| @@ -348,7 +398,7 @@ void crypto_service_scenarios::asymEncryptDecrypt() |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_key_id_t key_id; |
| |
| - psa_set_key_id(&attributes, 14); |
| + psa_set_key_id(&attributes, 15); |
| psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); |
| psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); |
| psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); |
| @@ -394,7 +444,7 @@ void crypto_service_scenarios::asymEncryptDecryptWithSalt() |
| psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| psa_key_id_t key_id; |
| |
| - psa_set_key_id(&attributes, 15); |
| + psa_set_key_id(&attributes, 16); |
| psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); |
| psa_set_key_algorithm(&attributes, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)); |
| psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); |
| diff --git a/components/service/crypto/test/service/crypto_service_scenarios.h b/components/service/crypto/test/service/crypto_service_scenarios.h |
| index c65eba26..23671644 100644 |
| --- a/components/service/crypto/test/service/crypto_service_scenarios.h |
| +++ b/components/service/crypto/test/service/crypto_service_scenarios.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -24,6 +24,7 @@ public: |
| void asymEncryptDecrypt(); |
| void asymEncryptDecryptWithSalt(); |
| void signAndVerifyHash(); |
| + void signAndVerifyMessage(); |
| void signAndVerifyEat(); |
| void exportAndImportKeyPair(); |
| void exportPublicKey(); |
| diff --git a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp |
| index 79eddfbb..ea238432 100644 |
| --- a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp |
| +++ b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -87,6 +87,11 @@ TEST(CryptoServicePackedcTests, signAndVerifyHash) |
| m_scenarios->signAndVerifyHash(); |
| } |
| |
| +TEST(CryptoServicePackedcTests, signAndVerifyMessage) |
| +{ |
| + m_scenarios->signAndVerifyMessage(); |
| +} |
| + |
| TEST(CryptoServicePackedcTests, signAndVerifyEat) |
| { |
| m_scenarios->signAndVerifyEat(); |
| diff --git a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp |
| index 1230752c..c172ad4a 100644 |
| --- a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp |
| +++ b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -77,6 +77,11 @@ TEST(CryptoServiceProtobufTests, signAndVerifyHash) |
| m_scenarios->signAndVerifyHash(); |
| } |
| |
| +TEST(CryptoServiceProtobufTests, signAndVerifyMessage) |
| +{ |
| + m_scenarios->signAndVerifyMessage(); |
| +} |
| + |
| TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) |
| { |
| m_scenarios->asymEncryptDecrypt(); |
| diff --git a/protocols/service/crypto/packed-c/opcodes.h b/protocols/service/crypto/packed-c/opcodes.h |
| index a07bd57e..5aebf2fa 100644 |
| --- a/protocols/service/crypto/packed-c/opcodes.h |
| +++ b/protocols/service/crypto/packed-c/opcodes.h |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| @@ -25,6 +25,8 @@ |
| #define TS_CRYPTO_OPCODE_COPY_KEY (TS_CRYPTO_OPCODE_BASE + 13) |
| #define TS_CRYPTO_OPCODE_PURGE_KEY (TS_CRYPTO_OPCODE_BASE + 14) |
| #define TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES (TS_CRYPTO_OPCODE_BASE + 15) |
| +#define TS_CRYPTO_OPCODE_SIGN_MESSAGE (TS_CRYPTO_OPCODE_BASE + 16) |
| +#define TS_CRYPTO_OPCODE_VERIFY_MESSAGE (TS_CRYPTO_OPCODE_BASE + 17) |
| |
| /* Hash operations */ |
| #define TS_CRYPTO_OPCODE_HASH_BASE (0x0200) |
| diff --git a/protocols/service/crypto/protobuf/opcodes.proto b/protocols/service/crypto/protobuf/opcodes.proto |
| index 094d3a02..ef64d044 100644 |
| --- a/protocols/service/crypto/protobuf/opcodes.proto |
| +++ b/protocols/service/crypto/protobuf/opcodes.proto |
| @@ -1,5 +1,5 @@ |
| /* |
| - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| syntax = "proto3"; |
| @@ -18,4 +18,6 @@ enum Opcode { |
| ASYMMETRIC_DECRYPT = 0x010a; |
| ASYMMETRIC_ENCRYPT = 0x010b; |
| GENERATE_RANDOM = 0x010c; |
| + SIGN_MESSAGE = 0x0110; |
| + VERIFY_MESSAGE = 0x0111; |
| } |