Simplify key related functions in tz-backend

- Use proper parameter for tag length - Move default param values to TrustZoneContext where possible - Remove unnecessary arguments Change-Id: I00f8909ede4f80b77a937b52a5bce5698d4516a5
author: Krzysztof Jackiewicz <k.jackiewicz@samsung.com> 2018-09-20 13:26:06 +0200
committer: Krzysztof Jackiewicz <k.jackiewicz@samsung.com> 2018-09-26 11:16:51 +0200
commit: 3cadb98befc315f3e414d38e7cf6d3cfd049b9a7 (patch)
tree: f4ac0a1678d5017301650b0f95b0c9ca46e462d8
parent: 1cc408882ddfdafdc69492d0d728c5127835909c (diff)
download: key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.tar.gz
key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.tar.bz2
key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.zip
3 files changed, 12 insertions, 22 deletions
diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index bfb78d7a..d2753bc3 100644
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -73,7 +73,7 @@ tz_algo_type getAlgType(KeyType keyType)
 RawBuffer generateIV()
 {
 	RawBuffer result;
-	TrustZoneContext::Instance().generateIV(Params::DEFAULT_AES_IV_LEN, result);
+	TrustZoneContext::Instance().generateIV(result);
 	return result;
 }
 
@@ -96,7 +96,6 @@ Data generateSKey(const CryptoAlgorithm &alg,
 		RawBuffer pwdBuf(pwd.begin(), pwd.end());
 		TrustZoneContext::Instance().generateSKeyPwd(getGenKeyType(keyType),
 													pwdBuf, iv, keyBits,
-													Params::DEFAULT_AES_GCM_TAG_LEN_BITS,
 													keyData.data, tag);
 	} else {
 		TrustZoneContext::Instance().generateSKey(getGenKeyType(keyType), keyBits,
@@ -128,13 +127,10 @@ RawBuffer importKey(const Data &data,
 	RawBuffer result;
 
 	RawBuffer pwdBuf(pwd.begin(), pwd.end());
-	uint32_t keySizeBits = data.data.size() * 8;
 	TrustZoneContext::Instance().importKey(algo,
 										data.data,
 										pwdBuf,
 										iv,
-										keySizeBits,
-										Params::DERIVED_KEY_LENGTH_BITS,
 										result,
 										tag);
 	return result;
diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index 7a59fbea..e088163f 100644
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -68,7 +68,7 @@ TrustZoneContext& TrustZoneContext::Instance()
 	return instance;
 }
 
-void TrustZoneContext::generateIV(uint32_t ivSize, RawBuffer& iv)
+void TrustZoneContext::generateIV(RawBuffer& iv)
 {
 	// command ID = CMD_GENERATE_IV
 	//
@@ -81,6 +81,7 @@ void TrustZoneContext::generateIV(uint32_t ivSize, RawBuffer& iv)
 
 	// IV generation is a simple call - no need to serialize data
 	// just provide the output buffer with size equal to iv.
+	uint32_t ivSize = Params::DEFAULT_AES_IV_LEN;
 	TrustZoneMemory ivMemory(m_Context, ivSize, TEEC_MEM_OUTPUT);
 
 	TEEC_Operation op;
@@ -150,7 +151,6 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
 									const RawBuffer &pwd,
 									const RawBuffer &iv,
 									const uint32_t keySizeBits,
-									const uint32_t pwdTagSizeBits,
 									RawBuffer &keyId,
 									RawBuffer &pwdTag)
 {
@@ -176,7 +176,7 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
 
 	memset(&bufSize, 0, sizeof(KM_BufferSizeDesc));
 	bufSize.out_size = KM_KEY_ID_SIZE;
-	bufSize.tag_size = pwdTagSizeBits / 8;
+	bufSize.tag_size = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES;
 	uint32_t keyMemorySize = KM_CalcBufferSize(bufSize);
 	TrustZoneMemory keyMemory(m_Context, keyMemorySize, TEEC_MEM_OUTPUT);
 
@@ -188,7 +188,7 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
 
 	ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), iv.data(), iv.size(),
 									nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS,
-									Params::DERIVED_KEY_ITERATIONS, pwdTagSizeBits);
+									Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8);
 	if (ret) {
 		ThrowErr(Exc::Crypto::InternalError, "Failed to serialize password data for TZ crypto operation: ", ret);
 	}
@@ -244,8 +244,6 @@ void TrustZoneContext::importKey(tz_algo_type algo,
 								const RawBuffer &key,
 								const RawBuffer &pwd,
 								const RawBuffer &iv,
-								const uint32_t keySizeBits,
-								const uint32_t pwdTagSizeBits,
 								RawBuffer &keyId,
 								RawBuffer &pwdTag)
 {
@@ -274,7 +272,7 @@ void TrustZoneContext::importKey(tz_algo_type algo,
 
 	memset(&bufSize, 0, sizeof(KM_BufferSizeDesc));
 	bufSize.out_size = KM_KEY_ID_SIZE;
-	bufSize.tag_size = pwdTagSizeBits / 8;
+	bufSize.tag_size = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES;
 	uint32_t keyMemorySize = KM_CalcBufferSize(bufSize);
 	TrustZoneMemory keyMemory(m_Context, keyMemorySize, TEEC_MEM_OUTPUT);
 
@@ -292,7 +290,7 @@ void TrustZoneContext::importKey(tz_algo_type algo,
 	if (!pwd.empty()) {
 		ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), iv.data(), iv.size(),
 										nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS,
-										Params::DERIVED_KEY_ITERATIONS, pwdTagSizeBits);
+										Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8);
 		if (ret) {
 			ThrowErr(Exc::Crypto::InternalError, "Failed to serialize key data for import: ", ret);
 		}
@@ -302,7 +300,7 @@ void TrustZoneContext::importKey(tz_algo_type algo,
 	op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
 									TEEC_MEMREF_WHOLE, TEEC_NONE);
 	op.params[0].value.a = algo;
-	op.params[0].value.b = keySizeBits;
+	op.params[0].value.b = key.size() * 8;
 	op.params[1].memref.parent = inMemory.Get();
 	op.params[1].memref.offset = 0;
 	op.params[1].memref.size = inMemory.Get()->size;
@@ -332,19 +330,18 @@ void TrustZoneContext::importKey(tz_algo_type algo,
 
 	if (!pwd.empty()) {
 		KM_TagData* tagData = nullptr;
-		uint32_t pwdTagSizeBytes = pwdTagSizeBits / 8;
 
 		ret = KM_ParamsDeserializeTagData(output, &tagData);
 		if (ret) {
 			ThrowErr(Exc::Crypto::InternalError, "Failed to deserialize imported key's tag");
 		}
 
-		if (tagData == nullptr || tagData->data_size != pwdTagSizeBytes) {
+		if (tagData == nullptr || tagData->data_size != bufSize.tag_size) {
 			ThrowErr(Exc::Crypto::InternalError, "Deserialized incorrect key tag");
 		}
 
-		pwdTag.resize(pwdTagSizeBytes);
-		memcpy(pwdTag.data(), tagData->data, pwdTagSizeBytes);
+		pwdTag.resize(bufSize.tag_size);
+		memcpy(pwdTag.data(), tagData->data, bufSize.tag_size);
 	}
 }
 
diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h
index 44ad38c1..86fe08bb 100644
--- a/src/manager/crypto/tz-backend/tz-context.h
+++ b/src/manager/crypto/tz-backend/tz-context.h
@@ -37,7 +37,7 @@ class TrustZoneContext final
 public:
 	static TrustZoneContext& Instance();
 
-	void generateIV(uint32_t ivSize, RawBuffer &iv);
+	void generateIV(RawBuffer &iv);
 	void generateSKey(tz_algo_type algo,
 					uint32_t keySizeBits,
 					RawBuffer &keyId);
@@ -45,15 +45,12 @@ public:
 						const RawBuffer &pwd,
 						const RawBuffer &iv,
 						const uint32_t pwdKeySizeBits,
-						const uint32_t pwdTagSizeBits,
 						RawBuffer &keyId,
 						RawBuffer &pwdTag);
 	void importKey(tz_algo_type algo,
 					const RawBuffer &key,
 					const RawBuffer &pwd,
 					const RawBuffer &iv,
-					const uint32_t keySizeBits,
-					const uint32_t pwdTagSizeBits,
 					RawBuffer &keyId,
 					RawBuffer &pwdTag);
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>	2018-09-20 13:26:06 +0200
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>	2018-09-26 11:16:51 +0200
commit	3cadb98befc315f3e414d38e7cf6d3cfd049b9a7 (patch)
tree	f4ac0a1678d5017301650b0f95b0c9ca46e462d8
parent	1cc408882ddfdafdc69492d0d728c5127835909c (diff)
download	key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.tar.gz key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.tar.bz2 key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.zip