-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add asymmetric sign and verify to TS provider
This commit adds functionality to the Trusted Service provider allowing it to sign and verify hashes. Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
- Loading branch information
Showing
6 changed files
with
228 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
// Copyright 2020 Contributors to the Parsec project. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
use super::Provider; | ||
use crate::authenticators::ApplicationName; | ||
use crate::key_info_managers::KeyTriple; | ||
use crate::providers::mbed_crypto::key_management; | ||
use parsec_interface::operations::{psa_sign_hash, psa_verify_hash}; | ||
use parsec_interface::requests::{ProviderID, Result}; | ||
|
||
impl Provider { | ||
pub(super) fn psa_sign_hash_internal( | ||
&self, | ||
app_name: ApplicationName, | ||
op: psa_sign_hash::Operation, | ||
) -> Result<psa_sign_hash::Result> { | ||
let key_triple = KeyTriple::new(app_name, ProviderID::TrustedService, op.key_name.clone()); | ||
let store_handle = self.key_info_store.read().expect("Key store lock poisoned"); | ||
let key_id = key_management::get_key_id(&key_triple, &*store_handle)?; | ||
|
||
op.validate(key_management::get_key_attributes( | ||
&key_triple, | ||
&*store_handle, | ||
)?)?; | ||
|
||
Ok(psa_sign_hash::Result { | ||
signature: self | ||
.context | ||
.asym_sign(key_id, op.hash.to_vec(), op.alg)? | ||
.into(), | ||
}) | ||
} | ||
|
||
pub(super) fn psa_verify_hash_internal( | ||
&self, | ||
app_name: ApplicationName, | ||
op: psa_verify_hash::Operation, | ||
) -> Result<psa_verify_hash::Result> { | ||
let key_triple = KeyTriple::new(app_name, ProviderID::TrustedService, op.key_name.clone()); | ||
let store_handle = self.key_info_store.read().expect("Key store lock poisoned"); | ||
let key_id = key_management::get_key_id(&key_triple, &*store_handle)?; | ||
|
||
op.validate(key_management::get_key_attributes( | ||
&key_triple, | ||
&*store_handle, | ||
)?)?; | ||
|
||
self.context | ||
.asym_verify(key_id, op.hash.to_vec(), op.signature.to_vec(), op.alg)?; | ||
|
||
Ok(psa_verify_hash::Result {}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
// Copyright 2020 Contributors to the Parsec project. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
use super::ts_protobuf::{SignHashIn, SignHashOut, VerifyHashIn}; | ||
use super::Context; | ||
use log::info; | ||
use parsec_interface::operations::psa_algorithm::AsymmetricSignature; | ||
use parsec_interface::requests::ResponseStatus; | ||
use std::convert::TryInto; | ||
|
||
impl Context { | ||
pub fn asym_sign( | ||
&self, | ||
key_id: u32, | ||
hash: Vec<u8>, | ||
algorithm: AsymmetricSignature, | ||
) -> Result<Vec<u8>, ResponseStatus> { | ||
info!("Handling GenerateKey request"); | ||
let mut proto_req = SignHashIn { | ||
handle: 0, | ||
hash, | ||
alg: algorithm.try_into()?, | ||
}; | ||
let SignHashOut { signature } = self.send_request_with_key(&mut proto_req, key_id)?; | ||
|
||
Ok(signature) | ||
} | ||
|
||
pub fn asym_verify( | ||
&self, | ||
key_id: u32, | ||
hash: Vec<u8>, | ||
signature: Vec<u8>, | ||
algorithm: AsymmetricSignature, | ||
) -> Result<(), ResponseStatus> { | ||
info!("Handling GenerateKey request"); | ||
let mut proto_req = VerifyHashIn { | ||
handle: 0, | ||
hash, | ||
signature, | ||
alg: algorithm.try_into()?, | ||
}; | ||
self.send_request_with_key(&mut proto_req, key_id)?; | ||
|
||
Ok(()) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters