Skip to content

Commit

Permalink
TRUSTED APPLICATION SOURCE CODE
Browse files Browse the repository at this point in the history
  • Loading branch information
@ROMAINPC
ROMAINPC committed Jul 21, 2023
1 parent 560bd5c commit 02e8320
Show file tree
Hide file tree
Showing 2 changed files with 150 additions and 0 deletions.
140 changes: 140 additions & 0 deletions ta/TLS_signature.c
View file
Expand Up @@ -40,23 +40,163 @@ void TA_CloseSessionEntryPoint(void __maybe_unused *sess_ctx) {
DMSG("has been called");
}

// Creates new RSA key
static TEE_ObjectHandle create_rsa_key(rsa_pkey_t *key) {
TEE_ObjectHandle obj = TEE_HANDLE_NULL;
TEE_Result res =
TEE_AllocateTransientObject(TEE_TYPE_RSA_KEYPAIR, key->n_s * 8, &obj);
if (res != TEE_SUCCESS) {
EMSG("E: TEE_AllocateTransientObject failed");
TEE_FreeTransientObject(obj);
return TEE_HANDLE_NULL;
}

TEE_Attribute attrs[3];
TEE_InitRefAttribute(&attrs[0], TEE_ATTR_RSA_MODULUS, key->n,
key->n_s); // n
TEE_InitRefAttribute(&attrs[1], TEE_ATTR_RSA_PUBLIC_EXPONENT, key->e,
key->e_s); // e
TEE_InitRefAttribute(&attrs[2], TEE_ATTR_RSA_PRIVATE_EXPONENT, key->d,
key->d_s); // d
res = TEE_PopulateTransientObject(obj, attrs, 3);
if (res != TEE_SUCCESS) {
EMSG("E: TEE_PopulateTransientObject failed");
TEE_FreeTransientObject(obj);
return TEE_HANDLE_NULL;
}
return obj;
}

// Puts the key to the storage
static TEE_Result install_key(uint32_t param_types, TEE_Param params[4]) {
TEE_ObjectHandle transient_obj = TEE_HANDLE_NULL;
TEE_ObjectHandle persistant_obj = TEE_HANDLE_NULL;

IMSG("Storing a key");
uint32_t exp_param_types = TEE_PARAM_TYPES(
TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_INPUT,
TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE);
if (param_types != exp_param_types) {
EMSG("E: bad parameters");
return TEE_ERROR_BAD_PARAMETERS;
}

rsa_pkey_t *key = (rsa_pkey_t *)params[1].memref.buffer;
if (sizeof(*key) != params[1].memref.size) {
EMSG("E: wrong size of rsa_pkey_t struct");
return TEE_ERROR_BAD_PARAMETERS;
}

transient_obj = create_rsa_key(key);
if (transient_obj == TEE_HANDLE_NULL) {
EMSG("E: Can't create transient object");
return TEE_ERROR_BAD_PARAMETERS;
}

// Create object
uint8_t client_id[32]; // SHA256
memcpy(client_id, params[0].memref.buffer,
params[0].memref.size); // must be local
TEE_Result ret = TEE_CreatePersistentObject(
TEE_STORAGE_PRIVATE, // Private storage
client_id, sizeof(client_id), // Object ID and ID length
TEE_DATA_FLAG_ACCESS_WRITE, // flags
transient_obj, // RSA key
NULL, 0, // data
&persistant_obj // handle
);
if (ret) {
EMSG("E: Create");
return ret;
}
TEE_FreeTransientObject(transient_obj);
TEE_CloseObject(persistant_obj);
return TEE_SUCCESS;
}

// Checks if key exists in the storage
static TEE_Result has_key(uint32_t param_types, TEE_Param params[4]) {
uint32_t exp_param_types =
TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_NONE,
TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE);
if (param_types != exp_param_types) return TEE_ERROR_BAD_PARAMETERS;

TEE_ObjectHandle obj = TEE_HANDLE_NULL;
uint8_t client_id[32]; // SHA256
memcpy(client_id, params[0].memref.buffer,
params[0].memref.size); // must be local
TEE_Result res = TEE_OpenPersistentObject(TEE_STORAGE_PRIVATE, client_id,
params[0].memref.size,
TEE_DATA_FLAG_ACCESS_READ, &obj);
if (res) {
EMSG("E: Open 0x%X", res);
return res;
}
TEE_CloseObject(obj);
return TEE_SUCCESS;
}

// Performs key deletion from the secure storage
static TEE_Result del_key(uint32_t param_types, TEE_Param params[4]) {
uint32_t exp_param_types =
TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_NONE,
TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE);
if (param_types != exp_param_types) return TEE_ERROR_BAD_PARAMETERS;

TEE_ObjectHandle obj = TEE_HANDLE_NULL;
uint8_t client_id[32]; // SHA256
memcpy(client_id, params[0].memref.buffer,
params[0].memref.size); // must be local

TEE_Result res = TEE_OpenPersistentObject(
TEE_STORAGE_PRIVATE, client_id, params[0].memref.size,
TEE_DATA_FLAG_ACCESS_WRITE_META, &obj);
if (res) {
EMSG("E: Can't open");
return res;
}
TEE_CloseAndDeletePersistentObject(obj);
return TEE_SUCCESS;
}

// Performs RSA signing with a key from secure storage
static TEE_Result sign_rsa(uint32_t param_types, TEE_Param params[4]) {
TEE_OperationHandle op = TEE_HANDLE_NULL;
TEE_ObjectHandle key = TEE_HANDLE_NULL;
uint32_t exp_param_types = TEE_PARAM_TYPES(
TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_INPUT,
TEE_PARAM_TYPE_MEMREF_INOUT, TEE_PARAM_TYPE_NONE);
if (param_types != exp_param_types) return TEE_ERROR_BAD_PARAMETERS;

uint8_t client_id[32]; // SHA256
memcpy(client_id, params[0].memref.buffer,
params[0].memref.size); // must be local
TEE_Result res = TEE_OpenPersistentObject(
TEE_STORAGE_PRIVATE, client_id, 32, TEE_DATA_FLAG_ACCESS_READ, &key);
if (res) {
EMSG("E: Can't open");
return res;
}

// perform RSA sigining
IMSG("RSA signing");
res = TEE_AllocateOperation(&op, TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256,
TEE_MODE_SIGN, MAX_RSA_KEY_SIZE * 8);
if (res) {
EMSG("E: Can't allocate signature operation");
return res;
}
TEE_SetOperationKey(op, key);
res = TEE_AsymmetricSignDigest(
op, NULL, 0, params[1].memref.buffer, params[1].memref.size,
params[2].memref.buffer, &params[2].memref.size);
if (res) {
EMSG("E: Can't sign with RSA key");
return res;
}

TEE_CloseObject(key);
TEE_FreeOperation(op);
return TEE_SUCCESS;
}

Expand Down
10 changes: 10 additions & 0 deletions ta/user_ta_header_defines.h
View file
Expand Up @@ -19,6 +19,16 @@
#define TA_HAS_KEYS 1
#define TA_DEL_KEYS 2
#define TA_SIGN_RSA 4
/* Structure used as parameter */
#define MAX_RSA_KEY_SIZE 512 // bytes
typedef struct {
uint8_t n[MAX_RSA_KEY_SIZE];
uint32_t n_s;
uint8_t e[MAX_RSA_KEY_SIZE];
uint32_t e_s;
uint8_t d[MAX_RSA_KEY_SIZE];
uint32_t d_s;
} rsa_pkey_t;

/*
* TA properties: multi-instance TA, no specific attribute
Expand Down

0 comments on commit 02e8320

Please sign in to comment.