fix(core): add missing optiga_sign syscall

[no changelog]
2024-12-17 20:08:12 +00:00 · 2024-10-02 16:53:18 +02:00 · 2024-10-02 16:53:18 +02:00 · 976867d7d8
commit 976867d7d8
parent 63f5f72804
3 changed files with 38 additions and 0 deletions
--- a/core/embed/trezorhal/stm32f4/syscall_dispatch.c
+++ b/core/embed/trezorhal/stm32f4/syscall_dispatch.c
@ -443,6 +443,17 @@ __attribute((no_stack_protector)) void syscall_handler(uint32_t *args,
 #endif

 #ifdef USE_OPTIGA
+    case SYSCALL_OPTIGA_SIGN: {
+      uint8_t index = args[0];
+      const uint8_t *digest = (const uint8_t *)args[1];
+      size_t digest_size = args[2];
+      uint8_t *signature = (uint8_t *)args[3];
+      size_t max_sig_size = args[4];
+      size_t *sig_size = (size_t *)args[5];
+      args[0] = optiga_sign__verified(index, digest, digest_size, signature,
+                                      max_sig_size, sig_size);
+    } break;
+
    case SYSCALL_OPTIGA_CERT_SIZE: {
      uint8_t index = args[0];
      size_t *cert_size = (size_t *)args[1];
--- a/core/embed/trezorhal/stm32f4/syscall_verifiers.c
+++ b/core/embed/trezorhal/stm32f4/syscall_verifiers.c
@ -389,6 +389,29 @@ access_violation:

 // ---------------------------------------------------------------------

+optiga_sign_result __wur optiga_sign__verified(
+    uint8_t index, const uint8_t *digest, size_t digest_size,
+    uint8_t *signature, size_t max_sig_size, size_t *sig_size) {
+  if (!probe_read_access(digest, digest_size)) {
+    goto access_violation;
+  }
+
+  if (!probe_write_access(signature, max_sig_size)) {
+    goto access_violation;
+  }
+
+  if (!probe_write_access(sig_size, sizeof(*sig_size))) {
+    goto access_violation;
+  }
+
+  return optiga_sign(index, digest, digest_size, signature, max_sig_size,
+                     sig_size);
+
+access_violation:
+  apptask_access_violation();
+  return (optiga_sign_result){0};
+}
+
 bool __wur optiga_cert_size__verified(uint8_t index, size_t *cert_size) {
  if (!probe_write_access(cert_size, sizeof(*cert_size))) {
    goto access_violation;
--- a/core/embed/trezorhal/stm32f4/syscall_verifiers.h
+++ b/core/embed/trezorhal/stm32f4/syscall_verifiers.h
@ -102,6 +102,10 @@ secbool __wur sdcard_write_blocks__verified(const uint32_t *src,
 // ---------------------------------------------------------------------
 #include "optiga.h"

+optiga_sign_result __wur optiga_sign__verified(
+    uint8_t index, const uint8_t *digest, size_t digest_size,
+    uint8_t *signature, size_t max_sig_size, size_t *sig_size);
+
 bool __wur optiga_cert_size__verified(uint8_t index, size_t *cert_size);

 bool __wur optiga_read_cert__verified(uint8_t index, uint8_t *cert,