Merge pull request #595 from anta5010/get_random

Add generate random support into TPM provider
parallaxsecond · Apr 13, 2022 · 5f4c222 · 5f4c222
2 parents c9e8d63 + f668598
commit 5f4c222
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 7 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,7 +29,7 @@ log = { version = "0.4.14", features = ["serde"] }
 cryptoki = { version = "0.2.1", optional = true, features = ["psa-crypto-conversions"] }
 picky-asn1-der = { version = "0.2.4", optional = true }
 picky-asn1 = { version = "0.3.0", optional = true }
-tss-esapi = { version = "7.0.0", optional = true }
+tss-esapi = { git = "https://github.com/parallaxsecond/rust-tss-esapi.git", rev = "b62029d36bac27761e166ab8e063573ef8005adf", optional = true }
 bincode = "1.3.1"
 structopt = "0.3.21"
 derivative = "2.2.0"

diff --git a/e2e_tests/tests/all_providers/normal.rs b/e2e_tests/tests/all_providers/normal.rs
@@ -111,6 +111,7 @@ fn list_opcodes() {
  let mut crypto_providers_tpm = HashSet::from_iter(common_opcodes.clone());
  let _ = crypto_providers_tpm.insert(Opcode::CanDoCrypto);
  let _ = crypto_providers_tpm.insert(Opcode::AttestKey);
+ let _ = crypto_providers_tpm.insert(Opcode::PsaGenerateRandom);
  let _ = crypto_providers_tpm.insert(Opcode::PrepareKeyAttestation);
 
  let mut crypto_providers_hsm = HashSet::from_iter(common_opcodes);

diff --git a/src/providers/tpm/generate_random.rs b/src/providers/tpm/generate_random.rs
@@ -0,0 +1,31 @@
+// Copyright 2022 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+use super::utils;
+use super::Provider;
+use parsec_interface::operations::psa_generate_random;
+use parsec_interface::requests::Result;
+
+impl Provider {
+ pub(super) fn psa_generate_random_internal(
+ &self,
+ op: psa_generate_random::Operation,
+ ) -> Result<psa_generate_random::Result> {
+ let size = op.size;
+
+ let mut esapi_context = self
+ .esapi_context
+ .lock()
+ .expect("ESAPI Context lock poisoned");
+
+ let random_bytes = esapi_context
+ .as_mut()
+ .execute_without_session(|esapi_context| esapi_context.get_random(size))
+ .map_err(|e| {
+ format_error!("Failed to get random bytes", e);
+ utils::to_response_status(e)
+ })?;
+ Ok(psa_generate_random::Result {
+ random_bytes: random_bytes.value().to_vec().into(),
+ })
+ }
+}
diff --git a/src/providers/tpm/mod.rs b/src/providers/tpm/mod.rs
@@ -14,7 +14,7 @@ use log::{info, trace};
 use parsec_interface::operations::{
  attest_key, can_do_crypto, prepare_key_attestation, psa_asymmetric_decrypt,
  psa_asymmetric_encrypt, psa_destroy_key, psa_export_public_key, psa_generate_key,
- psa_import_key, psa_sign_hash, psa_verify_hash,
+ psa_generate_random, psa_import_key, psa_sign_hash, psa_verify_hash,
 };
 use parsec_interface::operations::{list_clients, list_keys, list_providers::ProviderInfo};
 use parsec_interface::requests::{Opcode, ProviderId, ResponseStatus, Result};
@@ -32,12 +32,14 @@ use zeroize::Zeroize;
 mod asym_encryption;
 mod asym_sign;
 mod capability_discovery;
+mod generate_random;
 mod key_attestation;
 mod key_management;
 mod utils;
 
-const SUPPORTED_OPCODES: [Opcode; 11] = [
+const SUPPORTED_OPCODES: [Opcode; 12] = [
  Opcode::PsaGenerateKey,
+ Opcode::PsaGenerateRandom,
  Opcode::PsaDestroyKey,
  Opcode::PsaSignHash,
  Opcode::PsaVerifyHash,
@@ -139,6 +141,14 @@ impl Provide for Provider {
  })
  }
 
+ fn psa_generate_random(
+ &self,
+ op: psa_generate_random::Operation,
+ ) -> Result<psa_generate_random::Result> {
+ trace!("psa_generate_random ingress");
+ self.psa_generate_random_internal(op)
+ }
+
  fn psa_generate_key(
  &self,
  application_identity: &ApplicationIdentity,