arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-17 20:08:12 +00:00
Code Issues Releases Wiki Activity

fix(core): add missing optiga_sign syscall

Browse Source 
[no changelog]
This commit is contained in:
cepetr 2024-10-02 16:53:18 +02:00 committed by cepetr
parent 63f5f72804
commit 976867d7d8
3 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/embed/trezorhal/stm32f4/syscall_dispatch.c
View File

@ -443,6 +443,17 @@ __attribute((no_stack_protector)) void syscall_handler(uint32_t *args,
#endif #endif
#ifdef USE_OPTIGA #ifdef USE_OPTIGA
case SYSCALL_OPTIGA_SIGN: {
uint8_t index = args[0];
const uint8_t *digest = (const uint8_t *)args[1];
size_t digest_size = args[2];
uint8_t *signature = (uint8_t *)args[3];
size_t max_sig_size = args[4];
size_t *sig_size = (size_t *)args[5];
args[0] = optiga_sign__verified(index, digest, digest_size, signature,
max_sig_size, sig_size);
} break;
case SYSCALL_OPTIGA_CERT_SIZE: { case SYSCALL_OPTIGA_CERT_SIZE: {
uint8_t index = args[0]; uint8_t index = args[0];
size_t *cert_size = (size_t *)args[1]; size_t *cert_size = (size_t *)args[1];

23
core/embed/trezorhal/stm32f4/syscall_verifiers.c
View File

@ -389,6 +389,29 @@ access_violation:
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
optiga_sign_result __wur optiga_sign__verified(
uint8_t index, const uint8_t *digest, size_t digest_size,
uint8_t *signature, size_t max_sig_size, size_t *sig_size) {
if (!probe_read_access(digest, digest_size)) {
goto access_violation;
}
if (!probe_write_access(signature, max_sig_size)) {
goto access_violation;
}
if (!probe_write_access(sig_size, sizeof(*sig_size))) {
goto access_violation;
}
return optiga_sign(index, digest, digest_size, signature, max_sig_size,
sig_size);
access_violation:
apptask_access_violation();
return (optiga_sign_result){0};
}
bool __wur optiga_cert_size__verified(uint8_t index, size_t *cert_size) { bool __wur optiga_cert_size__verified(uint8_t index, size_t *cert_size) {
if (!probe_write_access(cert_size, sizeof(*cert_size))) { if (!probe_write_access(cert_size, sizeof(*cert_size))) {
goto access_violation; goto access_violation;

4
core/embed/trezorhal/stm32f4/syscall_verifiers.h
View File

@ -102,6 +102,10 @@ secbool __wur sdcard_write_blocks__verified(const uint32_t *src,
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
#include "optiga.h" #include "optiga.h"
optiga_sign_result __wur optiga_sign__verified(
uint8_t index, const uint8_t *digest, size_t digest_size,
uint8_t *signature, size_t max_sig_size, size_t *sig_size);
bool __wur optiga_cert_size__verified(uint8_t index, size_t *cert_size); bool __wur optiga_cert_size__verified(uint8_t index, size_t *cert_size);
bool __wur optiga_read_cert__verified(uint8_t index, uint8_t *cert, bool __wur optiga_read_cert__verified(uint8_t index, uint8_t *cert,