From e474447ad61df9d155d7f86b17493fd960b713ca Mon Sep 17 00:00:00 2001 From: Arthur Bonnaudet Date: Wed, 2 Oct 2024 14:33:42 +0200 Subject: [PATCH] Refact: Move custom CA functions into CCA module --- include/cca_public.h | 36 ++++++++++++++++++++++++++++++++++++ include/os_customca.h | 15 --------------- include/syscalls.h | 6 +++--- src/syscalls.c | 15 +++++++++------ 4 files changed, 48 insertions(+), 24 deletions(-) create mode 100644 include/cca_public.h delete mode 100644 include/os_customca.h diff --git a/include/cca_public.h b/include/cca_public.h new file mode 100644 index 000000000..5edffeff9 --- /dev/null +++ b/include/cca_public.h @@ -0,0 +1,36 @@ +/** + * @file cca_public.h + * @brief Types and prototypes to interact with the Custom CA module from public user-land. + */ + +#ifndef CCA_PUBLIC_H_ +#define CCA_PUBLIC_H_ + +#ifdef HAVE_BOLOS_CUSTOMCA + +#include "bolos_target.h" +#include "decorators.h" + +/* ----------------------------------------------------------------------- */ +/* - CUSTOM CERTIFICATE AUTHORITY - */ +/* ----------------------------------------------------------------------- */ + +// Verify the signature is issued from the custom certificate authority + +/** + * @brief Verify hash signature with custom certificate authority + * + * @param hash Hash to be verified (32 bytes length). + * @param sign Signature to be verified + * @param sign_length Signature length + * @return bool + * @retval Verification OK + * @retval Verification not OK + * + */ +SYSCALL unsigned int cca_verify_custom_ca(unsigned char *hash PLENGTH(32), + unsigned char *sign PLENGTH(sign_length), + unsigned int sign_length); + +#endif // HAVE_BOLOS_CUSTOMCA +#endif // CCA_PUBLIC_H_ diff --git a/include/os_customca.h b/include/os_customca.h deleted file mode 100644 index dad024daf..000000000 --- a/include/os_customca.h +++ /dev/null @@ -1,15 +0,0 @@ -#pragma once - -#ifdef HAVE_BOLOS_CUSTOMCA -#include "bolos_target.h" -#include "decorators.h" - -/* ----------------------------------------------------------------------- */ -/* - CUSTOM CERTIFICATE AUTHORITY - */ -/* ----------------------------------------------------------------------- */ - -// Verify the signature is issued from the custom certificate authority -SYSCALL unsigned int os_customca_verify(unsigned char *hash PLENGTH(32), - unsigned char *sign PLENGTH(sign_length), - unsigned int sign_length); -#endif // HAVE_BOLOS_CUSTOMCA diff --git a/include/syscalls.h b/include/syscalls.h index 40ae1347a..9d4fb3b1e 100644 --- a/include/syscalls.h +++ b/include/syscalls.h @@ -201,14 +201,14 @@ #define SYSCALL_os_dashboard_mbx_ID 0x02000150 #ifdef HAVE_CUSTOM_CA_DETAILS_IN_SETTINGS -#define SYSCALL_os_bolos_custom_ca_get_info_ID 0x01000CA0 -#define SYSCALL_os_bolos_custom_ca_revoke_ID 0x00000CA1 +#define SYSCALL_cca_get_custom_ca_info_ID 0x01000CA0 +#define SYSCALL_cca_custom_ca_revoke_ID 0x00000CA1 #endif // HAVE_CUSTOM_CA_DETAILS_IN_SETTINGS #define SYSCALL_os_bolos_endorsement_revoke_ID 0x010001ED #ifdef HAVE_BOLOS_CUSTOMCA -#define SYSCALL_os_customca_verify_ID 0x03000090 +#define SYSCALL_cca_verify_custom_ca_ID 0x03000090 #endif // HAVE_BOLOS_CUSTOMCA #ifdef HAVE_AEM_PIN diff --git a/src/syscalls.c b/src/syscalls.c index 34c91dc18..95563253c 100644 --- a/src/syscalls.c +++ b/src/syscalls.c @@ -1738,13 +1738,15 @@ void os_registry_delete_all_apps(void) } #ifdef HAVE_BOLOS_CUSTOMCA -unsigned int os_customca_verify(unsigned char *hash, unsigned char *sign, unsigned int sign_length) +unsigned int cca_verify_custom_ca(unsigned char *hash, + unsigned char *sign, + unsigned int sign_length) { unsigned int parameters[3]; parameters[0] = (unsigned int) hash; parameters[1] = (unsigned int) sign; parameters[2] = (unsigned int) sign_length; - return (unsigned int) SVC_Call(SYSCALL_os_customca_verify_ID, parameters); + return (unsigned int) SVC_Call(SYSCALL_cca_verify_custom_ca_ID, parameters); } #endif // HAVE_BOLOS_CUSTOMCA @@ -1928,19 +1930,20 @@ unsigned int os_deny_protected_flash(void) } #ifdef HAVE_CUSTOM_CA_DETAILS_IN_SETTINGS -bolos_bool_t os_bolos_custom_ca_get_info(customca_data_t *custom_ca) + +bolos_bool_t cca_get_custom_ca_info(customca_data_t *custom_ca) { unsigned int parameters[2]; parameters[0] = (unsigned int) custom_ca; - bolos_bool_t ret = (bolos_bool_t) SVC_Call(SYSCALL_os_bolos_custom_ca_get_info_ID, parameters); + bolos_bool_t ret = (bolos_bool_t) SVC_Call(SYSCALL_cca_get_custom_ca_info_ID, parameters); return ret; } -void os_bolos_custom_ca_revoke(void) +void cca_custom_ca_revoke(void) { unsigned int parameters[1]; parameters[0] = 0; - SVC_Call(SYSCALL_os_bolos_custom_ca_revoke_ID, parameters); + SVC_Call(SYSCALL_cca_custom_ca_revoke_ID, parameters); return; } #endif // HAVE_CUSTOM_CA_DETAILS_IN_SETTINGS