Skip to content

Commit

Permalink
fix(core): add missing optiga_sign syscall
Browse files Browse the repository at this point in the history 
[no changelog]
  • Loading branch information
@cepetr
cepetr committed Oct 21, 2024
1 parent 15042fe commit 7d90b60
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 0 deletions.
11 changes: 11 additions & 0 deletions core/embed/trezorhal/stm32f4/syscall_dispatch.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -443,6 +443,17 @@ __attribute((no_stack_protector)) void syscall_handler(uint32_t *args,
#endif

#ifdef USE_OPTIGA
case SYSCALL_OPTIGA_SIGN: {
uint8_t index = args[0];
const uint8_t *digest = (const uint8_t *)args[1];
size_t digest_size = args[2];
uint8_t *signature = (uint8_t *)args[3];
size_t max_sig_size = args[4];
size_t *sig_size = (size_t *)args[5];
args[0] = optiga_sign__verified(index, digest, digest_size, signature,
max_sig_size, sig_size);
} break;

case SYSCALL_OPTIGA_CERT_SIZE: {
uint8_t index = args[0];
size_t *cert_size = (size_t *)args[1];
Expand Down
23 changes: 23 additions & 0 deletions core/embed/trezorhal/stm32f4/syscall_verifiers.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,29 @@ secbool __wur sdcard_write_blocks__verified(const uint32_t *src,

// ---------------------------------------------------------------------

optiga_sign_result __wur optiga_sign__verified(
uint8_t index, const uint8_t *digest, size_t digest_size,
uint8_t *signature, size_t max_sig_size, size_t *sig_size) {
if (!probe_read_access(digest, digest_size)) {
goto access_violation;
}

if (!probe_write_access(signature, max_sig_size)) {
goto access_violation;
}

if (!probe_write_access(sig_size, sizeof(*sig_size))) {
goto access_violation;
}

return optiga_sign(index, digest, digest_size, signature, max_sig_size,
sig_size);

access_violation:
apptask_access_violation();
return (optiga_sign_result){0};
}

bool __wur optiga_cert_size__verified(uint8_t index, size_t *cert_size) {
if (!probe_write_access(cert_size, sizeof(*cert_size))) {
goto access_violation;
Expand Down
4 changes: 4 additions & 0 deletions core/embed/trezorhal/stm32f4/syscall_verifiers.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,10 @@ secbool __wur sdcard_write_blocks__verified(const uint32_t *src,
// ---------------------------------------------------------------------
#include "optiga.h"

optiga_sign_result __wur optiga_sign__verified(
uint8_t index, const uint8_t *digest, size_t digest_size,
uint8_t *signature, size_t max_sig_size, size_t *sig_size);

bool __wur optiga_cert_size__verified(uint8_t index, size_t *cert_size);

bool __wur optiga_read_cert__verified(uint8_t index, uint8_t *cert,
Expand Down

0 comments on commit 7d90b60

Please sign in to comment.