Merge pull request #468 from MattDavis00/feature-trusted-service

Added psa_export_key & psa_generate_random to TS Provider

Author: ionut-arm

src/providers/trusted_service/context/generate_random.rs

@@ -0,0 +1,18 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+use super::error::Error;
+use super::ts_protobuf::{GenerateRandomIn, GenerateRandomOut};
+use super::Context;
+use log::info;
+use std::convert::TryInto;
+
+impl Context {
+    pub fn generate_random(&self, size: usize) -> Result<Vec<u8>, Error> {
+        info!("Handling GenerateRandom request");
+        let open_req: GenerateRandomIn = GenerateRandomIn {
+            size: size.try_into()?,
+        };
+        let result: GenerateRandomOut = self.send_request(&open_req)?;
+        Ok(result.random_bytes)
+    }
+}

src/providers/trusted_service/context/key_management.rs

@@ -2,8 +2,8 @@
 // SPDX-License-Identifier: Apache-2.0
 use super::error::Error;
 use super::ts_protobuf::{
-    DestroyKeyIn, DestroyKeyOut, ExportPublicKeyIn, GenerateKeyIn, ImportKeyIn, KeyAttributes,
-    KeyLifetime, KeyPolicy,
+    DestroyKeyIn, DestroyKeyOut, ExportKeyIn, ExportPublicKeyIn, GenerateKeyIn, ImportKeyIn,
+    KeyAttributes, KeyLifetime, KeyPolicy,
 };
 use super::Context;
 use log::info;
@@ -85,6 +85,13 @@ impl Context {
         self.send_request(&req)
     }
 
+    /// Export the key given its ID.
+    pub fn export_key(&self, id: u32) -> Result<Vec<u8>, Error> {
+        info!("Handling ExportKey request");
+        let req = ExportKeyIn { id };
+        self.send_request(&req)
+    }
+
     /// Destroy a key given its ID.
     pub fn destroy_key(&self, key_id: u32) -> Result<(), Error> {
         info!("Handling DestroyKey request");

src/providers/trusted_service/context/mod.rs

@@ -32,6 +32,7 @@ pub mod ts_binding {
 
 mod asym_sign;
 pub mod error;
+mod generate_random;
 mod key_management;
 mod ts_protobuf;
 

src/providers/trusted_service/context/ts_protobuf.rs

@@ -54,13 +54,21 @@ opcode_impl!(SignHashIn, SignHashOut, SignHash);
 opcode_impl!(VerifyHashIn, VerifyHashOut, VerifyHash);
 opcode_impl!(ImportKeyIn, ImportKeyOut, ImportKey);
 opcode_impl!(ExportPublicKeyIn, ExportPublicKeyOut, ExportPublicKey);
+opcode_impl!(ExportKeyIn, ExportKeyOut, ExportKey);
+opcode_impl!(GenerateRandomIn, GenerateRandomOut, GenerateRandom);
 
 impl Drop for ImportKeyIn {
     fn drop(&mut self) {
         self.data.zeroize();
     }
 }
 
+impl Drop for ExportKeyOut {
+    fn drop(&mut self) {
+        self.data.zeroize();
+    }
+}
+
 impl Drop for SignHashIn {
     fn drop(&mut self) {
         self.hash.zeroize();

src/providers/trusted_service/generate_random.rs

@@ -0,0 +1,24 @@
+// Copyright 2021 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+use super::Provider;
+use parsec_interface::operations::psa_generate_random;
+use parsec_interface::requests::Result;
+
+impl Provider {
+    pub(super) fn psa_generate_random_internal(
+        &self,
+        op: psa_generate_random::Operation,
+    ) -> Result<psa_generate_random::Result> {
+        let size = op.size;
+
+        match self.context.generate_random(size) {
+            Ok(random_bytes) => Ok(psa_generate_random::Result {
+                random_bytes: random_bytes.into(),
+            }),
+            Err(error) => {
+                format_error!("Generate random status: ", error);
+                Err(error.into())
+            }
+        }
+    }
+}

src/providers/trusted_service/key_management.rs

@@ -5,10 +5,11 @@ use crate::authenticators::ApplicationName;
 use crate::key_info_managers::KeyTriple;
 use log::error;
 use parsec_interface::operations::{
-    psa_destroy_key, psa_export_public_key, psa_generate_key, psa_import_key,
+    psa_destroy_key, psa_export_key, psa_export_public_key, psa_generate_key, psa_import_key,
 };
 use parsec_interface::requests::{ProviderId, ResponseStatus, Result};
 use parsec_interface::secrecy::ExposeSecret;
+use parsec_interface::secrecy::Secret;
 use psa_crypto::types::key::PSA_KEY_ID_USER_MAX;
 use std::sync::atomic::{AtomicU32, Ordering::Relaxed};
 
@@ -112,6 +113,26 @@ impl Provider {
             Ok(pub_key) => Ok(psa_export_public_key::Result {
                 data: pub_key.into(),
             }),
+            Err(error) => {
+                format_error!("Export public key status: ", error);
+                Err(error.into())
+            }
+        }
+    }
+
+    pub(super) fn psa_export_key_internal(
+        &self,
+        app_name: ApplicationName,
+        op: psa_export_key::Operation,
+    ) -> Result<psa_export_key::Result> {
+        let key_name = op.key_name;
+        let key_triple = KeyTriple::new(app_name, ProviderId::TrustedService, key_name);
+        let key_id = self.key_info_store.get_key_id(&key_triple)?;
+
+        match self.context.export_key(key_id) {
+            Ok(key) => Ok(psa_export_key::Result {
+                data: Secret::new(key),
+            }),
             Err(error) => {
                 format_error!("Export key status: ", error);
                 Err(error.into())

src/providers/trusted_service/mod.rs

@@ -11,8 +11,8 @@ use derivative::Derivative;
 use log::{error, trace};
 use parsec_interface::operations::list_providers::ProviderInfo;
 use parsec_interface::operations::{
-    list_clients, list_keys, psa_destroy_key, psa_export_public_key, psa_generate_key,
-    psa_import_key, psa_sign_hash, psa_verify_hash,
+    list_clients, list_keys, psa_destroy_key, psa_export_key, psa_export_public_key,
+    psa_generate_key, psa_generate_random, psa_import_key, psa_sign_hash, psa_verify_hash,
 };
 use parsec_interface::requests::{Opcode, ProviderId, Result};
 use psa_crypto::types::key;
@@ -22,15 +22,18 @@ use uuid::Uuid;
 mod asym_sign;
 mod context;
 mod error;
+mod generate_random;
 mod key_management;
 
-const SUPPORTED_OPCODES: [Opcode; 6] = [
+const SUPPORTED_OPCODES: [Opcode; 8] = [
     Opcode::PsaDestroyKey,
     Opcode::PsaGenerateKey,
     Opcode::PsaSignHash,
     Opcode::PsaVerifyHash,
     Opcode::PsaImportKey,
     Opcode::PsaExportPublicKey,
+    Opcode::PsaExportKey,
+    Opcode::PsaGenerateRandom,
 ];
 
 /// Trusted Service provider structure
@@ -174,6 +177,23 @@ impl Provide for Provider {
         self.psa_export_public_key_internal(app_name, op)
     }
 
+    fn psa_export_key(
+        &self,
+        app_name: ApplicationName,
+        op: psa_export_key::Operation,
+    ) -> Result<psa_export_key::Result> {
+        trace!("psa_export_key ingress");
+        self.psa_export_key_internal(app_name, op)
+    }
+
+    fn psa_generate_random(
+        &self,
+        op: psa_generate_random::Operation,
+    ) -> Result<psa_generate_random::Result> {
+        trace!("psa_generate_random ingress");
+        self.psa_generate_random_internal(op)
+    }
+
     fn psa_sign_hash(
         &self,
         app_name: ApplicationName,