diff options
author | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2018-09-20 13:26:06 +0200 |
---|---|---|
committer | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2018-09-26 11:16:51 +0200 |
commit | 3cadb98befc315f3e414d38e7cf6d3cfd049b9a7 (patch) | |
tree | f4ac0a1678d5017301650b0f95b0c9ca46e462d8 | |
parent | 1cc408882ddfdafdc69492d0d728c5127835909c (diff) | |
download | key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.tar.gz key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.tar.bz2 key-manager-3cadb98befc315f3e414d38e7cf6d3cfd049b9a7.zip |
Simplify key related functions in tz-backend
- Use proper parameter for tag length
- Move default param values to TrustZoneContext where possible
- Remove unnecessary arguments
Change-Id: I00f8909ede4f80b77a937b52a5bce5698d4516a5
-rw-r--r-- | src/manager/crypto/tz-backend/internals.cpp | 6 | ||||
-rw-r--r-- | src/manager/crypto/tz-backend/tz-context.cpp | 23 | ||||
-rw-r--r-- | src/manager/crypto/tz-backend/tz-context.h | 5 |
3 files changed, 12 insertions, 22 deletions
diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp index bfb78d7a..d2753bc3 100644 --- a/src/manager/crypto/tz-backend/internals.cpp +++ b/src/manager/crypto/tz-backend/internals.cpp @@ -73,7 +73,7 @@ tz_algo_type getAlgType(KeyType keyType) RawBuffer generateIV() { RawBuffer result; - TrustZoneContext::Instance().generateIV(Params::DEFAULT_AES_IV_LEN, result); + TrustZoneContext::Instance().generateIV(result); return result; } @@ -96,7 +96,6 @@ Data generateSKey(const CryptoAlgorithm &alg, RawBuffer pwdBuf(pwd.begin(), pwd.end()); TrustZoneContext::Instance().generateSKeyPwd(getGenKeyType(keyType), pwdBuf, iv, keyBits, - Params::DEFAULT_AES_GCM_TAG_LEN_BITS, keyData.data, tag); } else { TrustZoneContext::Instance().generateSKey(getGenKeyType(keyType), keyBits, @@ -128,13 +127,10 @@ RawBuffer importKey(const Data &data, RawBuffer result; RawBuffer pwdBuf(pwd.begin(), pwd.end()); - uint32_t keySizeBits = data.data.size() * 8; TrustZoneContext::Instance().importKey(algo, data.data, pwdBuf, iv, - keySizeBits, - Params::DERIVED_KEY_LENGTH_BITS, result, tag); return result; diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp index 7a59fbea..e088163f 100644 --- a/src/manager/crypto/tz-backend/tz-context.cpp +++ b/src/manager/crypto/tz-backend/tz-context.cpp @@ -68,7 +68,7 @@ TrustZoneContext& TrustZoneContext::Instance() return instance; } -void TrustZoneContext::generateIV(uint32_t ivSize, RawBuffer& iv) +void TrustZoneContext::generateIV(RawBuffer& iv) { // command ID = CMD_GENERATE_IV // @@ -81,6 +81,7 @@ void TrustZoneContext::generateIV(uint32_t ivSize, RawBuffer& iv) // IV generation is a simple call - no need to serialize data // just provide the output buffer with size equal to iv. + uint32_t ivSize = Params::DEFAULT_AES_IV_LEN; TrustZoneMemory ivMemory(m_Context, ivSize, TEEC_MEM_OUTPUT); TEEC_Operation op; @@ -150,7 +151,6 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo, const RawBuffer &pwd, const RawBuffer &iv, const uint32_t keySizeBits, - const uint32_t pwdTagSizeBits, RawBuffer &keyId, RawBuffer &pwdTag) { @@ -176,7 +176,7 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo, memset(&bufSize, 0, sizeof(KM_BufferSizeDesc)); bufSize.out_size = KM_KEY_ID_SIZE; - bufSize.tag_size = pwdTagSizeBits / 8; + bufSize.tag_size = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES; uint32_t keyMemorySize = KM_CalcBufferSize(bufSize); TrustZoneMemory keyMemory(m_Context, keyMemorySize, TEEC_MEM_OUTPUT); @@ -188,7 +188,7 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo, ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), iv.data(), iv.size(), nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS, - Params::DERIVED_KEY_ITERATIONS, pwdTagSizeBits); + Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8); if (ret) { ThrowErr(Exc::Crypto::InternalError, "Failed to serialize password data for TZ crypto operation: ", ret); } @@ -244,8 +244,6 @@ void TrustZoneContext::importKey(tz_algo_type algo, const RawBuffer &key, const RawBuffer &pwd, const RawBuffer &iv, - const uint32_t keySizeBits, - const uint32_t pwdTagSizeBits, RawBuffer &keyId, RawBuffer &pwdTag) { @@ -274,7 +272,7 @@ void TrustZoneContext::importKey(tz_algo_type algo, memset(&bufSize, 0, sizeof(KM_BufferSizeDesc)); bufSize.out_size = KM_KEY_ID_SIZE; - bufSize.tag_size = pwdTagSizeBits / 8; + bufSize.tag_size = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES; uint32_t keyMemorySize = KM_CalcBufferSize(bufSize); TrustZoneMemory keyMemory(m_Context, keyMemorySize, TEEC_MEM_OUTPUT); @@ -292,7 +290,7 @@ void TrustZoneContext::importKey(tz_algo_type algo, if (!pwd.empty()) { ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), iv.data(), iv.size(), nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS, - Params::DERIVED_KEY_ITERATIONS, pwdTagSizeBits); + Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8); if (ret) { ThrowErr(Exc::Crypto::InternalError, "Failed to serialize key data for import: ", ret); } @@ -302,7 +300,7 @@ void TrustZoneContext::importKey(tz_algo_type algo, op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE, TEEC_MEMREF_WHOLE, TEEC_NONE); op.params[0].value.a = algo; - op.params[0].value.b = keySizeBits; + op.params[0].value.b = key.size() * 8; op.params[1].memref.parent = inMemory.Get(); op.params[1].memref.offset = 0; op.params[1].memref.size = inMemory.Get()->size; @@ -332,19 +330,18 @@ void TrustZoneContext::importKey(tz_algo_type algo, if (!pwd.empty()) { KM_TagData* tagData = nullptr; - uint32_t pwdTagSizeBytes = pwdTagSizeBits / 8; ret = KM_ParamsDeserializeTagData(output, &tagData); if (ret) { ThrowErr(Exc::Crypto::InternalError, "Failed to deserialize imported key's tag"); } - if (tagData == nullptr || tagData->data_size != pwdTagSizeBytes) { + if (tagData == nullptr || tagData->data_size != bufSize.tag_size) { ThrowErr(Exc::Crypto::InternalError, "Deserialized incorrect key tag"); } - pwdTag.resize(pwdTagSizeBytes); - memcpy(pwdTag.data(), tagData->data, pwdTagSizeBytes); + pwdTag.resize(bufSize.tag_size); + memcpy(pwdTag.data(), tagData->data, bufSize.tag_size); } } diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h index 44ad38c1..86fe08bb 100644 --- a/src/manager/crypto/tz-backend/tz-context.h +++ b/src/manager/crypto/tz-backend/tz-context.h @@ -37,7 +37,7 @@ class TrustZoneContext final public: static TrustZoneContext& Instance(); - void generateIV(uint32_t ivSize, RawBuffer &iv); + void generateIV(RawBuffer &iv); void generateSKey(tz_algo_type algo, uint32_t keySizeBits, RawBuffer &keyId); @@ -45,15 +45,12 @@ public: const RawBuffer &pwd, const RawBuffer &iv, const uint32_t pwdKeySizeBits, - const uint32_t pwdTagSizeBits, RawBuffer &keyId, RawBuffer &pwdTag); void importKey(tz_algo_type algo, const RawBuffer &key, const RawBuffer &pwd, const RawBuffer &iv, - const uint32_t keySizeBits, - const uint32_t pwdTagSizeBits, RawBuffer &keyId, RawBuffer &pwdTag); |