-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add generate and destroy key to TS provider
This commit adds functionality for generating and destroying keys in the Trusted Service provider. Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
- Loading branch information
Showing
8 changed files
with
321 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,26 @@ | ||
# Cargo build directory | ||
/target | ||
|
||
# Mbed Crypto key files | ||
*.psa_its | ||
|
||
# Editor swap files | ||
*.swp | ||
|
||
|
||
tags | ||
|
||
# MacOS folder attributes file | ||
*DS_Store | ||
|
||
# VS Code config folder | ||
*vscode | ||
|
||
# Git patch files | ||
*.patch | ||
|
||
# Parsec key info mappings directory | ||
mappings/ | ||
|
||
# TPM simulator state file | ||
NVChip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
// Copyright 2020 Contributors to the Parsec project. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
use super::ts_protobuf::{ | ||
CloseKeyIn, DestroyKeyIn, DestroyKeyOut, GenerateKeyIn, GenerateKeyOut, KeyAttributes, | ||
KeyLifetime, KeyPolicy, Opcode, OpenKeyIn, OpenKeyOut, | ||
}; | ||
use super::Context; | ||
use log::info; | ||
use parsec_interface::operations::psa_key_attributes::Attributes; | ||
use parsec_interface::requests::ResponseStatus; | ||
use psa_crypto::types::status::Error; | ||
use std::convert::{TryFrom, TryInto}; | ||
|
||
impl Context { | ||
pub fn generate_key(&self, key_attrs: Attributes, id: u32) -> Result<u32, ResponseStatus> { | ||
info!("Handling GenerateKey request"); | ||
let proto_req = GenerateKeyIn { | ||
attributes: Some(KeyAttributes { | ||
r#type: u16::try_from(key_attrs.key_type)? as u32, | ||
key_bits: key_attrs.bits.try_into()?, | ||
lifetime: KeyLifetime::Persistent as u32, | ||
id, | ||
policy: Some(KeyPolicy { | ||
usage: key_attrs.policy.usage_flags.try_into()?, | ||
alg: key_attrs.policy.permitted_algorithms.try_into()?, | ||
}), | ||
}), | ||
}; | ||
let GenerateKeyOut { handle } = | ||
self.send_request(&proto_req, Opcode::GenerateKey, self.rpc_caller)?; | ||
|
||
let proto_req = CloseKeyIn { handle }; | ||
self.send_request(&proto_req, Opcode::CloseKey, self.rpc_caller)?; | ||
|
||
Ok(0) | ||
} | ||
|
||
pub fn destroy_key(&self, id: u32) -> Result<(), ResponseStatus> { | ||
info!("Handling DestroyKey request"); | ||
if !self.check_key_exists(id)? { | ||
return Err(ResponseStatus::PsaErrorDoesNotExist); | ||
} | ||
let proto_req = OpenKeyIn { id }; | ||
let OpenKeyOut { handle } = | ||
self.send_request(&proto_req, Opcode::OpenKey, self.rpc_caller)?; | ||
|
||
let proto_req = DestroyKeyIn { handle }; | ||
let _proto_resp: DestroyKeyOut = | ||
self.send_request(&proto_req, Opcode::DestroyKey, self.rpc_caller)?; | ||
Ok(()) | ||
} | ||
|
||
pub fn check_key_exists(&self, id: u32) -> Result<bool, Error> { | ||
info!("Handling CheckKey request"); | ||
let proto_req = OpenKeyIn { id }; | ||
match self.send_request(&proto_req, Opcode::OpenKey, self.rpc_caller) { | ||
Ok(OpenKeyOut { handle }) => { | ||
let proto_req = CloseKeyIn { handle }; | ||
self.send_request(&proto_req, Opcode::CloseKey, self.rpc_caller)?; | ||
Ok(true) | ||
} | ||
Err(e) => { | ||
if e == Error::DoesNotExist { | ||
Ok(false) | ||
} else { | ||
Err(e) | ||
} | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
// Copyright 2020 Contributors to the Parsec project. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
use super::Provider; | ||
use crate::authenticators::ApplicationName; | ||
use crate::key_info_managers::KeyTriple; | ||
use crate::providers::mbed_crypto::key_management::{ | ||
create_key_id, get_key_id, key_info_exists, remove_key_id, | ||
}; | ||
use parsec_interface::operations::{psa_destroy_key, psa_generate_key}; | ||
use parsec_interface::requests::{ProviderID, ResponseStatus, Result}; | ||
|
||
impl Provider { | ||
pub(super) fn psa_generate_key_internal( | ||
&self, | ||
app_name: ApplicationName, | ||
op: psa_generate_key::Operation, | ||
) -> Result<psa_generate_key::Result> { | ||
let key_name = op.key_name; | ||
let key_attributes = op.attributes; | ||
let key_triple = KeyTriple::new(app_name, ProviderID::TrustedService, key_name); | ||
let mut store_handle = self | ||
.key_info_store | ||
.write() | ||
.expect("Key store lock poisoned"); | ||
if key_info_exists(&key_triple, &*store_handle)? { | ||
return Err(ResponseStatus::PsaErrorAlreadyExists); | ||
} | ||
let key_id = create_key_id( | ||
key_triple.clone(), | ||
key_attributes, | ||
&mut *store_handle, | ||
&self.id_counter, | ||
)?; | ||
|
||
match self.context.generate_key(key_attributes, key_id) { | ||
Ok(_) => Ok(psa_generate_key::Result {}), | ||
Err(error) => { | ||
remove_key_id(&key_triple, &mut *store_handle)?; | ||
let error = ResponseStatus::from(error); | ||
format_error!("Generate key error", error); | ||
Err(error) | ||
} | ||
} | ||
} | ||
|
||
pub(super) fn psa_destroy_key_internal( | ||
&self, | ||
app_name: ApplicationName, | ||
op: psa_destroy_key::Operation, | ||
) -> Result<psa_destroy_key::Result> { | ||
let key_name = op.key_name; | ||
let key_triple = KeyTriple::new(app_name, ProviderID::TrustedService, key_name); | ||
let mut store_handle = self | ||
.key_info_store | ||
.write() | ||
.expect("Key store lock poisoned"); | ||
let key_id = get_key_id(&key_triple, &*store_handle)?; | ||
|
||
match self.context.destroy_key(key_id) { | ||
Ok(()) => { | ||
remove_key_id(&key_triple, &mut *store_handle)?; | ||
Ok(psa_destroy_key::Result {}) | ||
} | ||
Err(error) => { | ||
let error = ResponseStatus::from(error); | ||
format_error!("Destroy key status: ", error); | ||
Err(error) | ||
} | ||
} | ||
} | ||
} |
Oops, something went wrong.