Brad Bishop | bec4ebc | 2022-08-03 09:55:16 -0400 | [diff] [blame] | 1 | From b160f734006f4959d92377dc3aa8eabc3ac7c1da Mon Sep 17 00:00:00 2001 |
| 2 | From: Julian Hall <julian.hall@arm.com> |
| 3 | Date: Fri, 11 Feb 2022 14:08:13 +0000 |
| 4 | Subject: [PATCH] Separate sign/verify message and hash operations |
| 5 | |
| 6 | Previous versions of mbedtls didn't distinguish between |
| 7 | asymmetric sign and verify operations on a hash or message. |
| 8 | They are now treated as separate operations from a usage |
| 9 | control perspective. This change makes the corresponding |
| 10 | hash/message sepration in client and service provider |
| 11 | components. |
| 12 | |
| 13 | Signed-off-by: Julian Hall <julian.hall@arm.com> |
| 14 | Change-Id: Ic0041c694c026522c9b00c974d22261e9e2feadd |
| 15 | |
| 16 | Upstream-Status: Pending [Not submitted to upstream yet] |
| 17 | Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> |
| 18 | |
| 19 | |
| 20 | --- |
| 21 | .../caller/packed-c/crypto_caller_sign_hash.h | 29 +++++++- |
| 22 | .../packed-c/crypto_caller_verify_hash.h | 33 ++++++++- |
| 23 | .../caller/stub/crypto_caller_sign_hash.h | 11 ++- |
| 24 | .../caller/stub/crypto_caller_verify_hash.h | 11 ++- |
| 25 | .../service/crypto/client/cpp/crypto_client.h | 17 ++++- |
| 26 | .../packed-c/packedc_crypto_client.cpp | 22 +++++- |
| 27 | .../protocol/packed-c/packedc_crypto_client.h | 17 ++++- |
| 28 | .../protobuf/protobuf_crypto_client.cpp | 43 ++++++++++- |
| 29 | .../protobuf/protobuf_crypto_client.h | 27 ++++++- |
| 30 | .../crypto/client/psa/psa_sign_message.c | 24 +++--- |
| 31 | .../crypto/client/psa/psa_verify_message.c | 24 +++--- |
| 32 | .../service/crypto/provider/crypto_provider.c | 40 ++++++---- |
| 33 | .../serializer/crypto_provider_serializer.h | 6 +- |
| 34 | .../packedc_crypto_provider_serializer.c | 12 +-- |
| 35 | .../protobuf/pb_crypto_provider_serializer.c | 74 +++++++++---------- |
| 36 | .../check_crypto_opcode_alignment.cpp | 25 ++++--- |
| 37 | .../test/service/crypto_service_scenarios.cpp | 56 +++++++++++++- |
| 38 | .../test/service/crypto_service_scenarios.h | 3 +- |
| 39 | .../packed-c/crypto_service_packedc_tests.cpp | 7 +- |
| 40 | .../crypto_service_protobuf_tests.cpp | 7 +- |
| 41 | protocols/service/crypto/packed-c/opcodes.h | 4 +- |
| 42 | .../service/crypto/protobuf/opcodes.proto | 4 +- |
| 43 | 22 files changed, 366 insertions(+), 130 deletions(-) |
| 44 | |
| 45 | diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h |
| 46 | index e807773e..4a9ed20d 100644 |
| 47 | --- a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h |
| 48 | +++ b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h |
| 49 | @@ -1,5 +1,5 @@ |
| 50 | /* |
| 51 | - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| 52 | + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| 53 | * |
| 54 | * SPDX-License-Identifier: BSD-3-Clause |
| 55 | */ |
| 56 | @@ -20,7 +20,8 @@ |
| 57 | extern "C" { |
| 58 | #endif |
| 59 | |
| 60 | -static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, |
| 61 | +static inline psa_status_t crypto_caller_asym_sign_commom(struct service_client *context, |
| 62 | + uint32_t opcode, |
| 63 | psa_key_id_t id, |
| 64 | psa_algorithm_t alg, |
| 65 | const uint8_t *hash, size_t hash_length, |
| 66 | @@ -60,7 +61,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex |
| 67 | |
| 68 | context->rpc_status = |
| 69 | rpc_caller_invoke(context->caller, call_handle, |
| 70 | - TS_CRYPTO_OPCODE_SIGN_HASH, &opstatus, &resp_buf, &resp_len); |
| 71 | + opcode, &opstatus, &resp_buf, &resp_len); |
| 72 | |
| 73 | if (context->rpc_status == TS_RPC_CALL_ACCEPTED) { |
| 74 | |
| 75 | @@ -98,6 +99,28 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex |
| 76 | return psa_status; |
| 77 | } |
| 78 | |
| 79 | +static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, |
| 80 | + psa_key_id_t id, |
| 81 | + psa_algorithm_t alg, |
| 82 | + const uint8_t *hash, size_t hash_length, |
| 83 | + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| 84 | +{ |
| 85 | + return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_HASH, |
| 86 | + id, alg, hash, hash_length, |
| 87 | + signature, signature_size, signature_length); |
| 88 | +} |
| 89 | + |
| 90 | +static inline psa_status_t crypto_caller_sign_message(struct service_client *context, |
| 91 | + psa_key_id_t id, |
| 92 | + psa_algorithm_t alg, |
| 93 | + const uint8_t *hash, size_t hash_length, |
| 94 | + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| 95 | +{ |
| 96 | + return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_MESSAGE, |
| 97 | + id, alg, hash, hash_length, |
| 98 | + signature, signature_size, signature_length); |
| 99 | +} |
| 100 | + |
| 101 | #ifdef __cplusplus |
| 102 | } |
| 103 | #endif |
| 104 | diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h |
| 105 | index 47152946..daa11330 100644 |
| 106 | --- a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h |
| 107 | +++ b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h |
| 108 | @@ -1,5 +1,5 @@ |
| 109 | /* |
| 110 | - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| 111 | + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| 112 | * |
| 113 | * SPDX-License-Identifier: BSD-3-Clause |
| 114 | */ |
| 115 | @@ -20,7 +20,8 @@ |
| 116 | extern "C" { |
| 117 | #endif |
| 118 | |
| 119 | -static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, |
| 120 | +static inline psa_status_t crypto_caller_asym_verify_common(struct service_client *context, |
| 121 | + uint32_t opcode, |
| 122 | psa_key_id_t id, |
| 123 | psa_algorithm_t alg, |
| 124 | const uint8_t *hash, size_t hash_length, |
| 125 | @@ -65,7 +66,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont |
| 126 | |
| 127 | context->rpc_status = |
| 128 | rpc_caller_invoke(context->caller, call_handle, |
| 129 | - TS_CRYPTO_OPCODE_VERIFY_HASH, &opstatus, &resp_buf, &resp_len); |
| 130 | + opcode, &opstatus, &resp_buf, &resp_len); |
| 131 | |
| 132 | if (context->rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus; |
| 133 | |
| 134 | @@ -75,6 +76,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont |
| 135 | return psa_status; |
| 136 | } |
| 137 | |
| 138 | +static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, |
| 139 | + psa_key_id_t id, |
| 140 | + psa_algorithm_t alg, |
| 141 | + const uint8_t *hash, size_t hash_length, |
| 142 | + const uint8_t *signature, size_t signature_length) |
| 143 | +{ |
| 144 | + return crypto_caller_asym_verify_common(context, |
| 145 | + TS_CRYPTO_OPCODE_VERIFY_HASH, |
| 146 | + id, alg, |
| 147 | + hash, hash_length, |
| 148 | + signature, signature_length); |
| 149 | +} |
| 150 | + |
| 151 | +static inline psa_status_t crypto_caller_verify_message(struct service_client *context, |
| 152 | + psa_key_id_t id, |
| 153 | + psa_algorithm_t alg, |
| 154 | + const uint8_t *input, size_t input_length, |
| 155 | + const uint8_t *signature, size_t signature_length) |
| 156 | +{ |
| 157 | + return crypto_caller_asym_verify_common(context, |
| 158 | + TS_CRYPTO_OPCODE_VERIFY_MESSAGE, |
| 159 | + id, alg, |
| 160 | + input, input_length, |
| 161 | + signature, signature_length); |
| 162 | +} |
| 163 | + |
| 164 | #ifdef __cplusplus |
| 165 | } |
| 166 | #endif |
| 167 | diff --git a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h |
| 168 | index d09369a2..09049f5c 100644 |
| 169 | --- a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h |
| 170 | +++ b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h |
| 171 | @@ -1,5 +1,5 @@ |
| 172 | /* |
| 173 | - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| 174 | + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| 175 | * |
| 176 | * SPDX-License-Identifier: BSD-3-Clause |
| 177 | */ |
| 178 | @@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex |
| 179 | return PSA_ERROR_NOT_SUPPORTED; |
| 180 | } |
| 181 | |
| 182 | +static inline psa_status_t crypto_caller_sign_message(struct service_client *context, |
| 183 | + psa_key_id_t id, |
| 184 | + psa_algorithm_t alg, |
| 185 | + const uint8_t *hash, size_t hash_length, |
| 186 | + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| 187 | +{ |
| 188 | + return PSA_ERROR_NOT_SUPPORTED; |
| 189 | +} |
| 190 | + |
| 191 | #ifdef __cplusplus |
| 192 | } |
| 193 | #endif |
| 194 | diff --git a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h |
| 195 | index 20d11dcf..3f3eb878 100644 |
| 196 | --- a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h |
| 197 | +++ b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h |
| 198 | @@ -1,5 +1,5 @@ |
| 199 | /* |
| 200 | - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| 201 | + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| 202 | * |
| 203 | * SPDX-License-Identifier: BSD-3-Clause |
| 204 | */ |
| 205 | @@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont |
| 206 | return PSA_ERROR_NOT_SUPPORTED; |
| 207 | } |
| 208 | |
| 209 | +static inline psa_status_t crypto_caller_verify_message(struct service_client *context, |
| 210 | + psa_key_id_t id, |
| 211 | + psa_algorithm_t alg, |
| 212 | + const uint8_t *input, size_t input_length, |
| 213 | + const uint8_t *signature, size_t signature_length) |
| 214 | +{ |
| 215 | + return PSA_ERROR_NOT_SUPPORTED; |
| 216 | +} |
| 217 | + |
| 218 | #ifdef __cplusplus |
| 219 | } |
| 220 | #endif |
| 221 | diff --git a/components/service/crypto/client/cpp/crypto_client.h b/components/service/crypto/client/cpp/crypto_client.h |
| 222 | index 2a5e5b99..ccb0714a 100644 |
| 223 | --- a/components/service/crypto/client/cpp/crypto_client.h |
| 224 | +++ b/components/service/crypto/client/cpp/crypto_client.h |
| 225 | @@ -1,5 +1,5 @@ |
| 226 | /* |
| 227 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 228 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 229 | * |
| 230 | * SPDX-License-Identifier: BSD-3-Clause |
| 231 | */ |
| 232 | @@ -57,7 +57,7 @@ public: |
| 233 | psa_key_id_t id, |
| 234 | uint8_t *data, size_t data_size, size_t *data_length) = 0; |
| 235 | |
| 236 | - /* Sign/verify methods */ |
| 237 | + /* Sign/verify hash methods */ |
| 238 | virtual psa_status_t sign_hash( |
| 239 | psa_key_id_t id, |
| 240 | psa_algorithm_t alg, |
| 241 | @@ -70,6 +70,19 @@ public: |
| 242 | const uint8_t *hash, size_t hash_length, |
| 243 | const uint8_t *signature, size_t signature_length) = 0; |
| 244 | |
| 245 | + /* Sign/verify message methods */ |
| 246 | + virtual psa_status_t sign_message( |
| 247 | + psa_key_id_t id, |
| 248 | + psa_algorithm_t alg, |
| 249 | + const uint8_t *message, size_t message_length, |
| 250 | + uint8_t *signature, size_t signature_size, size_t *signature_length) = 0; |
| 251 | + |
| 252 | + virtual psa_status_t verify_message( |
| 253 | + psa_key_id_t id, |
| 254 | + psa_algorithm_t alg, |
| 255 | + const uint8_t *message, size_t message_length, |
| 256 | + const uint8_t *signature, size_t signature_length) = 0; |
| 257 | + |
| 258 | /* Asymmetric encrypt/decrypt */ |
| 259 | virtual psa_status_t asymmetric_encrypt( |
| 260 | psa_key_id_t id, |
| 261 | diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp |
| 262 | index 4d9d8f41..4e10f9be 100644 |
| 263 | --- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp |
| 264 | +++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp |
| 265 | @@ -1,5 +1,5 @@ |
| 266 | /* |
| 267 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 268 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 269 | * |
| 270 | * SPDX-License-Identifier: BSD-3-Clause |
| 271 | */ |
| 272 | @@ -107,6 +107,26 @@ psa_status_t packedc_crypto_client::verify_hash( |
| 273 | signature, signature_length); |
| 274 | } |
| 275 | |
| 276 | +psa_status_t packedc_crypto_client::sign_message( |
| 277 | + psa_key_id_t id, psa_algorithm_t alg, |
| 278 | + const uint8_t *message, size_t message_length, |
| 279 | + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| 280 | +{ |
| 281 | + return crypto_caller_sign_message(&m_client, id, alg, |
| 282 | + message, message_length, |
| 283 | + signature, signature_size, signature_length); |
| 284 | +} |
| 285 | + |
| 286 | +psa_status_t packedc_crypto_client::verify_message( |
| 287 | + psa_key_id_t id, psa_algorithm_t alg, |
| 288 | + const uint8_t *message, size_t message_length, |
| 289 | + const uint8_t *signature, size_t signature_length) |
| 290 | +{ |
| 291 | + return crypto_caller_verify_message(&m_client, id, alg, |
| 292 | + message, message_length, |
| 293 | + signature, signature_length); |
| 294 | +} |
| 295 | + |
| 296 | psa_status_t packedc_crypto_client::asymmetric_encrypt( |
| 297 | psa_key_id_t id, psa_algorithm_t alg, |
| 298 | const uint8_t *input, size_t input_length, |
| 299 | diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h |
| 300 | index 377b51d1..d74ba609 100644 |
| 301 | --- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h |
| 302 | +++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h |
| 303 | @@ -1,5 +1,5 @@ |
| 304 | /* |
| 305 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 306 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 307 | * |
| 308 | * SPDX-License-Identifier: BSD-3-Clause |
| 309 | */ |
| 310 | @@ -54,7 +54,7 @@ public: |
| 311 | psa_key_id_t id, |
| 312 | uint8_t *data, size_t data_size, size_t *data_length); |
| 313 | |
| 314 | - /* Sign/verify methods */ |
| 315 | + /* Sign/verify hash methods */ |
| 316 | psa_status_t sign_hash( |
| 317 | psa_key_id_t id, |
| 318 | psa_algorithm_t alg, |
| 319 | @@ -67,6 +67,19 @@ public: |
| 320 | const uint8_t *hash, size_t hash_length, |
| 321 | const uint8_t *signature, size_t signature_length); |
| 322 | |
| 323 | + /* Sign/verify message methods */ |
| 324 | + psa_status_t sign_message( |
| 325 | + psa_key_id_t id, |
| 326 | + psa_algorithm_t alg, |
| 327 | + const uint8_t *message, size_t message_length, |
| 328 | + uint8_t *signature, size_t signature_size, size_t *signature_length); |
| 329 | + |
| 330 | + psa_status_t verify_message( |
| 331 | + psa_key_id_t id, |
| 332 | + psa_algorithm_t alg, |
| 333 | + const uint8_t *message, size_t message_length, |
| 334 | + const uint8_t *signature, size_t signature_length); |
| 335 | + |
| 336 | /* Asymmetric encrypt/decrypt */ |
| 337 | psa_status_t asymmetric_encrypt( |
| 338 | psa_key_id_t id, |
| 339 | diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp |
| 340 | index 17780351..28c8f6fb 100644 |
| 341 | --- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp |
| 342 | +++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp |
| 343 | @@ -386,6 +386,25 @@ psa_status_t protobuf_crypto_client::export_public_key(psa_key_id_t id, |
| 344 | psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t alg, |
| 345 | const uint8_t *hash, size_t hash_length, |
| 346 | uint8_t *signature, size_t signature_size, size_t *signature_length) |
| 347 | +{ |
| 348 | + return asym_sign(ts_crypto_Opcode_SIGN_HASH, id, alg, |
| 349 | + hash, hash_length, |
| 350 | + signature, signature_size, signature_length); |
| 351 | +} |
| 352 | + |
| 353 | +psa_status_t protobuf_crypto_client::sign_message(psa_key_id_t id, psa_algorithm_t alg, |
| 354 | + const uint8_t *message, size_t message_length, |
| 355 | + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| 356 | +{ |
| 357 | + return asym_sign(ts_crypto_Opcode_SIGN_MESSAGE, id, alg, |
| 358 | + message, message_length, |
| 359 | + signature, signature_size, signature_length); |
| 360 | +} |
| 361 | + |
| 362 | +psa_status_t protobuf_crypto_client::asym_sign(uint32_t opcode, |
| 363 | + psa_key_id_t id, psa_algorithm_t alg, |
| 364 | + const uint8_t *hash, size_t hash_length, |
| 365 | + uint8_t *signature, size_t signature_size, size_t *signature_length) |
| 366 | { |
| 367 | size_t req_len; |
| 368 | pb_bytes_array_t *hash_byte_array = |
| 369 | @@ -416,7 +435,7 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t |
| 370 | pb_encode(&ostream, ts_crypto_SignHashIn_fields, &req_msg); |
| 371 | |
| 372 | m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle, |
| 373 | - ts_crypto_Opcode_SIGN_HASH, &opstatus, &resp_buf, &resp_len); |
| 374 | + opcode, &opstatus, &resp_buf, &resp_len); |
| 375 | |
| 376 | if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) { |
| 377 | |
| 378 | @@ -462,10 +481,28 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t |
| 379 | return psa_status; |
| 380 | } |
| 381 | |
| 382 | - |
| 383 | psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_t alg, |
| 384 | const uint8_t *hash, size_t hash_length, |
| 385 | const uint8_t *signature, size_t signature_length) |
| 386 | +{ |
| 387 | + return asym_verify(ts_crypto_Opcode_VERIFY_HASH, id, alg, |
| 388 | + hash, hash_length, |
| 389 | + signature, signature_length); |
| 390 | +} |
| 391 | + |
| 392 | +psa_status_t protobuf_crypto_client::verify_message(psa_key_id_t id, psa_algorithm_t alg, |
| 393 | + const uint8_t *message, size_t message_length, |
| 394 | + const uint8_t *signature, size_t signature_length) |
| 395 | +{ |
| 396 | + return asym_verify(ts_crypto_Opcode_VERIFY_MESSAGE, id, alg, |
| 397 | + message, message_length, |
| 398 | + signature, signature_length); |
| 399 | +} |
| 400 | + |
| 401 | +psa_status_t protobuf_crypto_client::asym_verify(uint32_t opcode, |
| 402 | + psa_key_id_t id, psa_algorithm_t alg, |
| 403 | + const uint8_t *hash, size_t hash_length, |
| 404 | + const uint8_t *signature, size_t signature_length) |
| 405 | { |
| 406 | size_t req_len; |
| 407 | pb_bytes_array_t *hash_byte_array = |
| 408 | @@ -497,7 +534,7 @@ psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_ |
| 409 | pb_encode(&ostream, ts_crypto_VerifyHashIn_fields, &req_msg); |
| 410 | |
| 411 | m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle, |
| 412 | - ts_crypto_Opcode_VERIFY_HASH, &opstatus, &resp_buf, &resp_len); |
| 413 | + opcode, &opstatus, &resp_buf, &resp_len); |
| 414 | |
| 415 | if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus; |
| 416 | |
| 417 | diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h |
| 418 | index 085d9cfa..abe4439e 100644 |
| 419 | --- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h |
| 420 | +++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h |
| 421 | @@ -1,5 +1,5 @@ |
| 422 | /* |
| 423 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 424 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 425 | * |
| 426 | * SPDX-License-Identifier: BSD-3-Clause |
| 427 | */ |
| 428 | @@ -54,7 +54,7 @@ public: |
| 429 | psa_key_id_t id, |
| 430 | uint8_t *data, size_t data_size, size_t *data_length); |
| 431 | |
| 432 | - /* Sign/verify methods */ |
| 433 | + /* Sign/verify hash methods */ |
| 434 | psa_status_t sign_hash( |
| 435 | psa_key_id_t id, |
| 436 | psa_algorithm_t alg, |
| 437 | @@ -67,6 +67,19 @@ public: |
| 438 | const uint8_t *hash, size_t hash_length, |
| 439 | const uint8_t *signature, size_t signature_length); |
| 440 | |
| 441 | + /* Sign/verify message methods */ |
| 442 | + psa_status_t sign_message( |
| 443 | + psa_key_id_t id, |
| 444 | + psa_algorithm_t alg, |
| 445 | + const uint8_t *message, size_t message_length, |
| 446 | + uint8_t *signature, size_t signature_size, size_t *signature_length); |
| 447 | + |
| 448 | + psa_status_t verify_message( |
| 449 | + psa_key_id_t id, |
| 450 | + psa_algorithm_t alg, |
| 451 | + const uint8_t *message, size_t message_length, |
| 452 | + const uint8_t *signature, size_t signature_length); |
| 453 | + |
| 454 | /* Asymmetric encrypt/decrypt */ |
| 455 | psa_status_t asymmetric_encrypt( |
| 456 | psa_key_id_t id, |
| 457 | @@ -221,6 +234,16 @@ public: |
| 458 | |
| 459 | private: |
| 460 | |
| 461 | + psa_status_t asym_sign(uint32_t opcode, |
| 462 | + psa_key_id_t id, psa_algorithm_t alg, |
| 463 | + const uint8_t *hash, size_t hash_length, |
| 464 | + uint8_t *signature, size_t signature_size, size_t *signature_length); |
| 465 | + |
| 466 | + psa_status_t asym_verify(uint32_t opcode, |
| 467 | + psa_key_id_t id, psa_algorithm_t alg, |
| 468 | + const uint8_t *hash, size_t hash_length, |
| 469 | + const uint8_t *signature, size_t signature_length); |
| 470 | + |
| 471 | void translate_key_attributes( |
| 472 | ts_crypto_KeyAttributes &proto_attributes, |
| 473 | const psa_key_attributes_t &psa_attributes); |
| 474 | diff --git a/components/service/crypto/client/psa/psa_sign_message.c b/components/service/crypto/client/psa/psa_sign_message.c |
| 475 | index dc2f7e80..b6446253 100644 |
| 476 | --- a/components/service/crypto/client/psa/psa_sign_message.c |
| 477 | +++ b/components/service/crypto/client/psa/psa_sign_message.c |
| 478 | @@ -1,13 +1,15 @@ |
| 479 | /* |
| 480 | - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| 481 | + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| 482 | * |
| 483 | * SPDX-License-Identifier: BSD-3-Clause |
| 484 | */ |
| 485 | |
| 486 | #include <psa/crypto.h> |
| 487 | +#include "psa_crypto_client.h" |
| 488 | +#include "crypto_caller_selector.h" |
| 489 | |
| 490 | psa_status_t psa_sign_message( |
| 491 | - psa_key_id_t key, |
| 492 | + psa_key_id_t id, |
| 493 | psa_algorithm_t alg, |
| 494 | const uint8_t *input, |
| 495 | size_t input_length, |
| 496 | @@ -15,19 +17,11 @@ psa_status_t psa_sign_message( |
| 497 | size_t signature_size, |
| 498 | size_t *signature_length) |
| 499 | { |
| 500 | - size_t hash_len; |
| 501 | - uint8_t hash[PSA_HASH_MAX_SIZE]; |
| 502 | + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) |
| 503 | + return psa_crypto_client_instance.init_status; |
| 504 | |
| 505 | - psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), |
| 506 | + return crypto_caller_sign_message(&psa_crypto_client_instance.base, |
| 507 | + id, alg, |
| 508 | input, input_length, |
| 509 | - hash, sizeof(hash), &hash_len); |
| 510 | - |
| 511 | - if (psa_status == PSA_SUCCESS) { |
| 512 | - |
| 513 | - psa_status = psa_sign_hash(key, alg, |
| 514 | - hash, hash_len, |
| 515 | - signature, signature_size, signature_length); |
| 516 | - } |
| 517 | - |
| 518 | - return psa_status; |
| 519 | + signature, signature_size, signature_length); |
| 520 | } |
| 521 | diff --git a/components/service/crypto/client/psa/psa_verify_message.c b/components/service/crypto/client/psa/psa_verify_message.c |
| 522 | index d0fbc7c8..57c2c5e8 100644 |
| 523 | --- a/components/service/crypto/client/psa/psa_verify_message.c |
| 524 | +++ b/components/service/crypto/client/psa/psa_verify_message.c |
| 525 | @@ -1,32 +1,26 @@ |
| 526 | /* |
| 527 | - * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. |
| 528 | + * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. |
| 529 | * |
| 530 | * SPDX-License-Identifier: BSD-3-Clause |
| 531 | */ |
| 532 | |
| 533 | #include <psa/crypto.h> |
| 534 | +#include "psa_crypto_client.h" |
| 535 | +#include "crypto_caller_selector.h" |
| 536 | |
| 537 | psa_status_t psa_verify_message( |
| 538 | - psa_key_id_t key, |
| 539 | + psa_key_id_t id, |
| 540 | psa_algorithm_t alg, |
| 541 | const uint8_t *input, |
| 542 | size_t input_length, |
| 543 | const uint8_t * signature, |
| 544 | size_t signature_length) |
| 545 | { |
| 546 | - size_t hash_len; |
| 547 | - uint8_t hash[PSA_HASH_MAX_SIZE]; |
| 548 | + if (psa_crypto_client_instance.init_status != PSA_SUCCESS) |
| 549 | + return psa_crypto_client_instance.init_status; |
| 550 | |
| 551 | - psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), |
| 552 | + return crypto_caller_verify_message(&psa_crypto_client_instance.base, |
| 553 | + id, alg, |
| 554 | input, input_length, |
| 555 | - hash, sizeof(hash), &hash_len); |
| 556 | - |
| 557 | - if (psa_status == PSA_SUCCESS) { |
| 558 | - |
| 559 | - psa_status = psa_verify_hash(key, alg, |
| 560 | - hash, hash_len, |
| 561 | - signature, signature_length); |
| 562 | - } |
| 563 | - |
| 564 | - return psa_status; |
| 565 | + signature, signature_length); |
| 566 | } |
| 567 | diff --git a/components/service/crypto/provider/crypto_provider.c b/components/service/crypto/provider/crypto_provider.c |
| 568 | index d0fc7cac..67a5b340 100644 |
| 569 | --- a/components/service/crypto/provider/crypto_provider.c |
| 570 | +++ b/components/service/crypto/provider/crypto_provider.c |
| 571 | @@ -1,5 +1,5 @@ |
| 572 | /* |
| 573 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 574 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 575 | * |
| 576 | * SPDX-License-Identifier: BSD-3-Clause |
| 577 | */ |
| 578 | @@ -16,8 +16,8 @@ static rpc_status_t destroy_key_handler(void *context, struct call_req* req); |
| 579 | static rpc_status_t export_key_handler(void *context, struct call_req* req); |
| 580 | static rpc_status_t export_public_key_handler(void *context, struct call_req* req); |
| 581 | static rpc_status_t import_key_handler(void *context, struct call_req* req); |
| 582 | -static rpc_status_t sign_hash_handler(void *context, struct call_req* req); |
| 583 | -static rpc_status_t verify_hash_handler(void *context, struct call_req* req); |
| 584 | +static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req); |
| 585 | +static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req); |
| 586 | static rpc_status_t asymmetric_decrypt_handler(void *context, struct call_req* req); |
| 587 | static rpc_status_t asymmetric_encrypt_handler(void *context, struct call_req* req); |
| 588 | static rpc_status_t generate_random_handler(void *context, struct call_req* req); |
| 589 | @@ -32,14 +32,16 @@ static const struct service_handler handler_table[] = { |
| 590 | {TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler}, |
| 591 | {TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler}, |
| 592 | {TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler}, |
| 593 | - {TS_CRYPTO_OPCODE_SIGN_HASH, sign_hash_handler}, |
| 594 | - {TS_CRYPTO_OPCODE_VERIFY_HASH, verify_hash_handler}, |
| 595 | + {TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler}, |
| 596 | + {TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler}, |
| 597 | {TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler}, |
| 598 | {TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler}, |
| 599 | {TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler}, |
| 600 | {TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler}, |
| 601 | {TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler}, |
| 602 | {TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler}, |
| 603 | + {TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler}, |
| 604 | + {TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler}, |
| 605 | }; |
| 606 | |
| 607 | struct rpc_interface *crypto_provider_init(struct crypto_provider *context) |
| 608 | @@ -272,7 +274,7 @@ static rpc_status_t import_key_handler(void *context, struct call_req* req) |
| 609 | return rpc_status; |
| 610 | } |
| 611 | |
| 612 | -static rpc_status_t sign_hash_handler(void *context, struct call_req* req) |
| 613 | +static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req) |
| 614 | { |
| 615 | rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED; |
| 616 | struct call_param_buf *req_buf = call_req_get_req_buf(req); |
| 617 | @@ -284,7 +286,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) |
| 618 | uint8_t hash_buffer[PSA_HASH_MAX_SIZE]; |
| 619 | |
| 620 | if (serializer) |
| 621 | - rpc_status = serializer->deserialize_sign_hash_req(req_buf, &id, &alg, hash_buffer, &hash_len); |
| 622 | + rpc_status = serializer->deserialize_asymmetric_sign_req(req_buf, &id, &alg, hash_buffer, &hash_len); |
| 623 | |
| 624 | if (rpc_status == TS_RPC_CALL_ACCEPTED) { |
| 625 | |
| 626 | @@ -292,14 +294,16 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) |
| 627 | size_t sig_len; |
| 628 | uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE]; |
| 629 | |
| 630 | - psa_status = psa_sign_hash(id, alg, |
| 631 | - hash_buffer, hash_len, |
| 632 | - sig_buffer, sizeof(sig_buffer), &sig_len); |
| 633 | + psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_SIGN_HASH) ? |
| 634 | + psa_sign_hash(id, alg, hash_buffer, hash_len, |
| 635 | + sig_buffer, sizeof(sig_buffer), &sig_len) : |
| 636 | + psa_sign_message(id, alg, hash_buffer, hash_len, |
| 637 | + sig_buffer, sizeof(sig_buffer), &sig_len); |
| 638 | |
| 639 | if (psa_status == PSA_SUCCESS) { |
| 640 | |
| 641 | struct call_param_buf *resp_buf = call_req_get_resp_buf(req); |
| 642 | - rpc_status = serializer->serialize_sign_hash_resp(resp_buf, sig_buffer, sig_len); |
| 643 | + rpc_status = serializer->serialize_asymmetric_sign_resp(resp_buf, sig_buffer, sig_len); |
| 644 | } |
| 645 | |
| 646 | call_req_set_opstatus(req, psa_status); |
| 647 | @@ -308,7 +312,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) |
| 648 | return rpc_status; |
| 649 | } |
| 650 | |
| 651 | -static rpc_status_t verify_hash_handler(void *context, struct call_req* req) |
| 652 | +static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req) |
| 653 | { |
| 654 | rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED; |
| 655 | struct call_param_buf *req_buf = call_req_get_req_buf(req); |
| 656 | @@ -322,7 +326,7 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req) |
| 657 | uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE]; |
| 658 | |
| 659 | if (serializer) |
| 660 | - rpc_status = serializer->deserialize_verify_hash_req(req_buf, &id, &alg, |
| 661 | + rpc_status = serializer->deserialize_asymmetric_verify_req(req_buf, &id, &alg, |
| 662 | hash_buffer, &hash_len, |
| 663 | sig_buffer, &sig_len); |
| 664 | |
| 665 | @@ -330,9 +334,13 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req) |
| 666 | |
| 667 | psa_status_t psa_status; |
| 668 | |
| 669 | - psa_status = psa_verify_hash(id, alg, |
| 670 | - hash_buffer, hash_len, |
| 671 | - sig_buffer, sig_len); |
| 672 | + psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_VERIFY_HASH) ? |
| 673 | + psa_verify_hash(id, alg, |
| 674 | + hash_buffer, hash_len, |
| 675 | + sig_buffer, sig_len) : |
| 676 | + psa_verify_message(id, alg, |
| 677 | + hash_buffer, hash_len, |
| 678 | + sig_buffer, sig_len); |
| 679 | |
| 680 | call_req_set_opstatus(req, psa_status); |
| 681 | } |
| 682 | diff --git a/components/service/crypto/provider/serializer/crypto_provider_serializer.h b/components/service/crypto/provider/serializer/crypto_provider_serializer.h |
| 683 | index 68940cae..57364f24 100644 |
| 684 | --- a/components/service/crypto/provider/serializer/crypto_provider_serializer.h |
| 685 | +++ b/components/service/crypto/provider/serializer/crypto_provider_serializer.h |
| 686 | @@ -79,15 +79,15 @@ struct crypto_provider_serializer { |
| 687 | const psa_key_attributes_t *attributes); |
| 688 | |
| 689 | /* Operation: sign_hash */ |
| 690 | - rpc_status_t (*deserialize_sign_hash_req)(const struct call_param_buf *req_buf, |
| 691 | + rpc_status_t (*deserialize_asymmetric_sign_req)(const struct call_param_buf *req_buf, |
| 692 | psa_key_id_t *id, psa_algorithm_t *alg, |
| 693 | uint8_t *hash, size_t *hash_len); |
| 694 | |
| 695 | - rpc_status_t (*serialize_sign_hash_resp)(struct call_param_buf *resp_buf, |
| 696 | + rpc_status_t (*serialize_asymmetric_sign_resp)(struct call_param_buf *resp_buf, |
| 697 | const uint8_t *sig, size_t sig_len); |
| 698 | |
| 699 | /* Operation: verify_hash */ |
| 700 | - rpc_status_t (*deserialize_verify_hash_req)(const struct call_param_buf *req_buf, |
| 701 | + rpc_status_t (*deserialize_asymmetric_verify_req)(const struct call_param_buf *req_buf, |
| 702 | psa_key_id_t *id, psa_algorithm_t *alg, |
| 703 | uint8_t *hash, size_t *hash_len, |
| 704 | uint8_t *sig, size_t *sig_len); |
| 705 | diff --git a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c |
| 706 | index c70db865..4a7e59f0 100644 |
| 707 | --- a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c |
| 708 | +++ b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c |
| 709 | @@ -333,7 +333,7 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res |
| 710 | } |
| 711 | |
| 712 | /* Operation: sign_hash */ |
| 713 | -static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf, |
| 714 | +static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf, |
| 715 | psa_key_id_t *id, psa_algorithm_t *alg, |
| 716 | uint8_t *hash, size_t *hash_len) |
| 717 | { |
| 718 | @@ -378,7 +378,7 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b |
| 719 | return rpc_status; |
| 720 | } |
| 721 | |
| 722 | -static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, |
| 723 | +static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf, |
| 724 | const uint8_t *sig, size_t sig_len) |
| 725 | { |
| 726 | rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; |
| 727 | @@ -401,7 +401,7 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, |
| 728 | } |
| 729 | |
| 730 | /* Operation: verify_hash */ |
| 731 | -static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf, |
| 732 | +static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf, |
| 733 | psa_key_id_t *id, psa_algorithm_t *alg, |
| 734 | uint8_t *hash, size_t *hash_len, |
| 735 | uint8_t *sig, size_t *sig_len) |
| 736 | @@ -695,9 +695,9 @@ const struct crypto_provider_serializer *packedc_crypto_provider_serializer_inst |
| 737 | deserialize_purge_key_req, |
| 738 | deserialize_get_key_attributes_req, |
| 739 | serialize_get_key_attributes_resp, |
| 740 | - deserialize_sign_hash_req, |
| 741 | - serialize_sign_hash_resp, |
| 742 | - deserialize_verify_hash_req, |
| 743 | + deserialize_asymmetric_sign_req, |
| 744 | + serialize_asymmetric_sign_resp, |
| 745 | + deserialize_asymmetric_verify_req, |
| 746 | deserialize_asymmetric_decrypt_req, |
| 747 | serialize_asymmetric_decrypt_resp, |
| 748 | deserialize_asymmetric_encrypt_req, |
| 749 | diff --git a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c |
| 750 | index 7767d20a..083a581a 100644 |
| 751 | --- a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c |
| 752 | +++ b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c |
| 753 | @@ -267,9 +267,9 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res |
| 754 | } |
| 755 | |
| 756 | /* Operation: sign_hash */ |
| 757 | -static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf, |
| 758 | - psa_key_id_t *id, psa_algorithm_t *alg, |
| 759 | - uint8_t *hash, size_t *hash_len) |
| 760 | +static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf, |
| 761 | + psa_key_id_t *id, psa_algorithm_t *alg, |
| 762 | + uint8_t *hash, size_t *hash_len) |
| 763 | { |
| 764 | rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; |
| 765 | ts_crypto_SignHashIn recv_msg = ts_crypto_SignHashIn_init_default; |
| 766 | @@ -295,8 +295,8 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b |
| 767 | return rpc_status; |
| 768 | } |
| 769 | |
| 770 | -static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, |
| 771 | - const uint8_t *sig, size_t sig_len) |
| 772 | +static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf, |
| 773 | + const uint8_t *sig, size_t sig_len) |
| 774 | { |
| 775 | size_t packed_resp_size; |
| 776 | rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; |
| 777 | @@ -323,10 +323,10 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, |
| 778 | } |
| 779 | |
| 780 | /* Operation: verify_hash */ |
| 781 | -static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf, |
| 782 | - psa_key_id_t *id, psa_algorithm_t *alg, |
| 783 | - uint8_t *hash, size_t *hash_len, |
| 784 | - uint8_t *sig, size_t *sig_len) |
| 785 | +static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf, |
| 786 | + psa_key_id_t *id, psa_algorithm_t *alg, |
| 787 | + uint8_t *hash, size_t *hash_len, |
| 788 | + uint8_t *sig, size_t *sig_len) |
| 789 | { |
| 790 | rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; |
| 791 | ts_crypto_VerifyHashIn recv_msg = ts_crypto_VerifyHashIn_init_default; |
| 792 | @@ -538,32 +538,32 @@ static rpc_status_t serialize_generate_random_resp(struct call_param_buf *resp_b |
| 793 | /* Singleton method to provide access to the serializer instance */ |
| 794 | const struct crypto_provider_serializer *pb_crypto_provider_serializer_instance(void) |
| 795 | { |
| 796 | - static const struct crypto_provider_serializer instance = { |
| 797 | - max_deserialised_parameter_size, |
| 798 | - deserialize_generate_key_req, |
| 799 | - serialize_generate_key_resp, |
| 800 | - deserialize_destroy_key_req, |
| 801 | - deserialize_export_key_req, |
| 802 | - serialize_export_key_resp, |
| 803 | - deserialize_export_public_key_req, |
| 804 | - serialize_export_public_key_resp, |
| 805 | - deserialize_import_key_req, |
| 806 | - serialize_import_key_resp, |
| 807 | - deserialize_copy_key_req, |
| 808 | - serialize_copy_key_resp, |
| 809 | - deserialize_purge_key_req, |
| 810 | - deserialize_get_key_attributes_req, |
| 811 | - serialize_get_key_attributes_resp, |
| 812 | - deserialize_sign_hash_req, |
| 813 | - serialize_sign_hash_resp, |
| 814 | - deserialize_verify_hash_req, |
| 815 | - deserialize_asymmetric_decrypt_req, |
| 816 | - serialize_asymmetric_decrypt_resp, |
| 817 | - deserialize_asymmetric_encrypt_req, |
| 818 | - serialize_asymmetric_encrypt_resp, |
| 819 | - deserialize_generate_random_req, |
| 820 | - serialize_generate_random_resp |
| 821 | - }; |
| 822 | - |
| 823 | - return &instance; |
| 824 | + static const struct crypto_provider_serializer instance = { |
| 825 | + max_deserialised_parameter_size, |
| 826 | + deserialize_generate_key_req, |
| 827 | + serialize_generate_key_resp, |
| 828 | + deserialize_destroy_key_req, |
| 829 | + deserialize_export_key_req, |
| 830 | + serialize_export_key_resp, |
| 831 | + deserialize_export_public_key_req, |
| 832 | + serialize_export_public_key_resp, |
| 833 | + deserialize_import_key_req, |
| 834 | + serialize_import_key_resp, |
| 835 | + deserialize_copy_key_req, |
| 836 | + serialize_copy_key_resp, |
| 837 | + deserialize_purge_key_req, |
| 838 | + deserialize_get_key_attributes_req, |
| 839 | + serialize_get_key_attributes_resp, |
| 840 | + deserialize_asymmetric_sign_req, |
| 841 | + serialize_asymmetric_sign_resp, |
| 842 | + deserialize_asymmetric_verify_req, |
| 843 | + deserialize_asymmetric_decrypt_req, |
| 844 | + serialize_asymmetric_decrypt_resp, |
| 845 | + deserialize_asymmetric_encrypt_req, |
| 846 | + serialize_asymmetric_encrypt_resp, |
| 847 | + deserialize_generate_random_req, |
| 848 | + serialize_generate_random_resp |
| 849 | + }; |
| 850 | + |
| 851 | + return &instance; |
| 852 | } |
| 853 | diff --git a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp |
| 854 | index bd6c66ee..da01abf4 100644 |
| 855 | --- a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp |
| 856 | +++ b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp |
| 857 | @@ -1,5 +1,5 @@ |
| 858 | /* |
| 859 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 860 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 861 | * |
| 862 | * SPDX-License-Identifier: BSD-3-Clause |
| 863 | */ |
| 864 | @@ -18,15 +18,16 @@ TEST_GROUP(CryptoProtocolOpcodeChecks) |
| 865 | |
| 866 | TEST(CryptoProtocolOpcodeChecks, checkPackedcToProtobuf) |
| 867 | { |
| 868 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY); |
| 869 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY); |
| 870 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY); |
| 871 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY); |
| 872 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY); |
| 873 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH); |
| 874 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH); |
| 875 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT); |
| 876 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT); |
| 877 | - CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM); |
| 878 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY); |
| 879 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY); |
| 880 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY); |
| 881 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY); |
| 882 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY); |
| 883 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH); |
| 884 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH); |
| 885 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT); |
| 886 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT); |
| 887 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM); |
| 888 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_MESSAGE, ts_crypto_Opcode_SIGN_MESSAGE); |
| 889 | + CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_MESSAGE, ts_crypto_Opcode_VERIFY_MESSAGE); |
| 890 | } |
| 891 | - |
| 892 | diff --git a/components/service/crypto/test/service/crypto_service_scenarios.cpp b/components/service/crypto/test/service/crypto_service_scenarios.cpp |
| 893 | index ec2c6736..b3345551 100644 |
| 894 | --- a/components/service/crypto/test/service/crypto_service_scenarios.cpp |
| 895 | +++ b/components/service/crypto/test/service/crypto_service_scenarios.cpp |
| 896 | @@ -1,5 +1,5 @@ |
| 897 | /* |
| 898 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 899 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 900 | * |
| 901 | * SPDX-License-Identifier: BSD-3-Clause |
| 902 | */ |
| 903 | @@ -290,6 +290,56 @@ void crypto_service_scenarios::signAndVerifyHash() |
| 904 | CHECK_EQUAL(PSA_SUCCESS, status); |
| 905 | } |
| 906 | |
| 907 | +void crypto_service_scenarios::signAndVerifyMessage() |
| 908 | +{ |
| 909 | + psa_status_t status; |
| 910 | + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| 911 | + psa_key_id_t key_id; |
| 912 | + |
| 913 | + psa_set_key_id(&attributes, 14); |
| 914 | + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE); |
| 915 | + psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); |
| 916 | + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); |
| 917 | + psa_set_key_bits(&attributes, 256); |
| 918 | + |
| 919 | + /* Generate a key */ |
| 920 | + status = m_crypto_client->generate_key(&attributes, &key_id); |
| 921 | + CHECK_EQUAL(PSA_SUCCESS, status); |
| 922 | + |
| 923 | + psa_reset_key_attributes(&attributes); |
| 924 | + |
| 925 | + /* Sign a message */ |
| 926 | + uint8_t message[21]; |
| 927 | + uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; |
| 928 | + size_t signature_length; |
| 929 | + |
| 930 | + memset(message, 0x99, sizeof(message)); |
| 931 | + |
| 932 | + status = m_crypto_client->sign_message(key_id, |
| 933 | + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), |
| 934 | + signature, sizeof(signature), &signature_length); |
| 935 | + |
| 936 | + CHECK_EQUAL(PSA_SUCCESS, status); |
| 937 | + CHECK(signature_length > 0); |
| 938 | + |
| 939 | + /* Verify the signature */ |
| 940 | + status = m_crypto_client->verify_message(key_id, |
| 941 | + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), |
| 942 | + signature, signature_length); |
| 943 | + CHECK_EQUAL(PSA_SUCCESS, status); |
| 944 | + |
| 945 | + /* Change the message and expect verify to fail */ |
| 946 | + message[0] = 0x72; |
| 947 | + status = m_crypto_client->verify_message(key_id, |
| 948 | + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), |
| 949 | + signature, signature_length); |
| 950 | + CHECK_EQUAL(PSA_ERROR_INVALID_SIGNATURE, status); |
| 951 | + |
| 952 | + /* Remove the key */ |
| 953 | + status = m_crypto_client->destroy_key(key_id); |
| 954 | + CHECK_EQUAL(PSA_SUCCESS, status); |
| 955 | +} |
| 956 | + |
| 957 | void crypto_service_scenarios::signAndVerifyEat() |
| 958 | { |
| 959 | /* Sign and verify a hash using EAT key type and algorithm */ |
| 960 | @@ -348,7 +398,7 @@ void crypto_service_scenarios::asymEncryptDecrypt() |
| 961 | psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| 962 | psa_key_id_t key_id; |
| 963 | |
| 964 | - psa_set_key_id(&attributes, 14); |
| 965 | + psa_set_key_id(&attributes, 15); |
| 966 | psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); |
| 967 | psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); |
| 968 | psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); |
| 969 | @@ -394,7 +444,7 @@ void crypto_service_scenarios::asymEncryptDecryptWithSalt() |
| 970 | psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; |
| 971 | psa_key_id_t key_id; |
| 972 | |
| 973 | - psa_set_key_id(&attributes, 15); |
| 974 | + psa_set_key_id(&attributes, 16); |
| 975 | psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); |
| 976 | psa_set_key_algorithm(&attributes, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)); |
| 977 | psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); |
| 978 | diff --git a/components/service/crypto/test/service/crypto_service_scenarios.h b/components/service/crypto/test/service/crypto_service_scenarios.h |
| 979 | index c65eba26..23671644 100644 |
| 980 | --- a/components/service/crypto/test/service/crypto_service_scenarios.h |
| 981 | +++ b/components/service/crypto/test/service/crypto_service_scenarios.h |
| 982 | @@ -1,5 +1,5 @@ |
| 983 | /* |
| 984 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 985 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 986 | * |
| 987 | * SPDX-License-Identifier: BSD-3-Clause |
| 988 | */ |
| 989 | @@ -24,6 +24,7 @@ public: |
| 990 | void asymEncryptDecrypt(); |
| 991 | void asymEncryptDecryptWithSalt(); |
| 992 | void signAndVerifyHash(); |
| 993 | + void signAndVerifyMessage(); |
| 994 | void signAndVerifyEat(); |
| 995 | void exportAndImportKeyPair(); |
| 996 | void exportPublicKey(); |
| 997 | diff --git a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp |
| 998 | index 79eddfbb..ea238432 100644 |
| 999 | --- a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp |
| 1000 | +++ b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp |
| 1001 | @@ -1,5 +1,5 @@ |
| 1002 | /* |
| 1003 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 1004 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 1005 | * |
| 1006 | * SPDX-License-Identifier: BSD-3-Clause |
| 1007 | */ |
| 1008 | @@ -87,6 +87,11 @@ TEST(CryptoServicePackedcTests, signAndVerifyHash) |
| 1009 | m_scenarios->signAndVerifyHash(); |
| 1010 | } |
| 1011 | |
| 1012 | +TEST(CryptoServicePackedcTests, signAndVerifyMessage) |
| 1013 | +{ |
| 1014 | + m_scenarios->signAndVerifyMessage(); |
| 1015 | +} |
| 1016 | + |
| 1017 | TEST(CryptoServicePackedcTests, signAndVerifyEat) |
| 1018 | { |
| 1019 | m_scenarios->signAndVerifyEat(); |
| 1020 | diff --git a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp |
| 1021 | index 1230752c..c172ad4a 100644 |
| 1022 | --- a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp |
| 1023 | +++ b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp |
| 1024 | @@ -1,5 +1,5 @@ |
| 1025 | /* |
| 1026 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 1027 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 1028 | * |
| 1029 | * SPDX-License-Identifier: BSD-3-Clause |
| 1030 | */ |
| 1031 | @@ -77,6 +77,11 @@ TEST(CryptoServiceProtobufTests, signAndVerifyHash) |
| 1032 | m_scenarios->signAndVerifyHash(); |
| 1033 | } |
| 1034 | |
| 1035 | +TEST(CryptoServiceProtobufTests, signAndVerifyMessage) |
| 1036 | +{ |
| 1037 | + m_scenarios->signAndVerifyMessage(); |
| 1038 | +} |
| 1039 | + |
| 1040 | TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) |
| 1041 | { |
| 1042 | m_scenarios->asymEncryptDecrypt(); |
| 1043 | diff --git a/protocols/service/crypto/packed-c/opcodes.h b/protocols/service/crypto/packed-c/opcodes.h |
| 1044 | index a07bd57e..5aebf2fa 100644 |
| 1045 | --- a/protocols/service/crypto/packed-c/opcodes.h |
| 1046 | +++ b/protocols/service/crypto/packed-c/opcodes.h |
| 1047 | @@ -1,5 +1,5 @@ |
| 1048 | /* |
| 1049 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 1050 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 1051 | * |
| 1052 | * SPDX-License-Identifier: BSD-3-Clause |
| 1053 | */ |
| 1054 | @@ -25,6 +25,8 @@ |
| 1055 | #define TS_CRYPTO_OPCODE_COPY_KEY (TS_CRYPTO_OPCODE_BASE + 13) |
| 1056 | #define TS_CRYPTO_OPCODE_PURGE_KEY (TS_CRYPTO_OPCODE_BASE + 14) |
| 1057 | #define TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES (TS_CRYPTO_OPCODE_BASE + 15) |
| 1058 | +#define TS_CRYPTO_OPCODE_SIGN_MESSAGE (TS_CRYPTO_OPCODE_BASE + 16) |
| 1059 | +#define TS_CRYPTO_OPCODE_VERIFY_MESSAGE (TS_CRYPTO_OPCODE_BASE + 17) |
| 1060 | |
| 1061 | /* Hash operations */ |
| 1062 | #define TS_CRYPTO_OPCODE_HASH_BASE (0x0200) |
| 1063 | diff --git a/protocols/service/crypto/protobuf/opcodes.proto b/protocols/service/crypto/protobuf/opcodes.proto |
| 1064 | index 094d3a02..ef64d044 100644 |
| 1065 | --- a/protocols/service/crypto/protobuf/opcodes.proto |
| 1066 | +++ b/protocols/service/crypto/protobuf/opcodes.proto |
| 1067 | @@ -1,5 +1,5 @@ |
| 1068 | /* |
| 1069 | - * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. |
| 1070 | + * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. |
| 1071 | * SPDX-License-Identifier: BSD-3-Clause |
| 1072 | */ |
| 1073 | syntax = "proto3"; |
| 1074 | @@ -18,4 +18,6 @@ enum Opcode { |
| 1075 | ASYMMETRIC_DECRYPT = 0x010a; |
| 1076 | ASYMMETRIC_ENCRYPT = 0x010b; |
| 1077 | GENERATE_RANDOM = 0x010c; |
| 1078 | + SIGN_MESSAGE = 0x0110; |
| 1079 | + VERIFY_MESSAGE = 0x0111; |
| 1080 | } |