diff options
author | Bartlomiej Grzelewski <b.grzelewski@samsung.com> | 2018-09-25 13:39:22 +0200 |
---|---|---|
committer | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2018-10-03 14:42:29 +0000 |
commit | 78b884add004bc306a81bb79e91aacab44cb98a9 (patch) | |
tree | 98203aa1699e155d2821eb869732f33686adef85 /src | |
parent | 2e5203cfd1f18b4c86dcab6e594d66ff8d0b8c95 (diff) | |
download | key-manager-78b884add004bc306a81bb79e91aacab44cb98a9.tar.gz key-manager-78b884add004bc306a81bb79e91aacab44cb98a9.tar.bz2 key-manager-78b884add004bc306a81bb79e91aacab44cb98a9.zip |
Reduce number of import methods in tz-backend
Change-Id: I44fe9737dd34d8b61d2ab099c3f611903a5cc9a1
Diffstat (limited to 'src')
-rw-r--r-- | src/manager/crypto/tz-backend/internals.cpp | 44 | ||||
-rw-r--r-- | src/manager/crypto/tz-backend/internals.h | 18 | ||||
-rw-r--r-- | src/manager/crypto/tz-backend/store.cpp | 29 | ||||
-rw-r--r-- | src/manager/crypto/tz-backend/tz-context.cpp | 164 | ||||
-rw-r--r-- | src/manager/crypto/tz-backend/tz-context.h | 12 |
5 files changed, 90 insertions, 177 deletions
diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp index 03189d4b..90cc9fb7 100644 --- a/src/manager/crypto/tz-backend/internals.cpp +++ b/src/manager/crypto/tz-backend/internals.cpp @@ -118,42 +118,40 @@ void destroyKey(const RawBuffer &key) TrustZoneContext::Instance().executeDestroy(key); } -RawBuffer importKey(const Data &data, - const RawBuffer &encIV, - const Password &pwd, - const RawBuffer &pwdIV, - RawBuffer &tag) +RawBuffer importData(const Data &data, + const RawBuffer &encIV, + const Password &pwd, + const RawBuffer &pwdIV, + RawBuffer &tag) { - tz_algo_type algo = getAlgType(data.type); + + uint32_t dataType; + + if (data.type.isSKey()) { + dataType = TYPE_SKEY; + } else if (data.type.isBinaryData()) { + dataType = TYPE_GENERIC_SECRET; + } else { + ThrowErr(Exc::Crypto::DataTypeNotSupported, + "Data type could not be impoted by tz-backend"); + } + RawBuffer result; RawBuffer pwdBuf(pwd.begin(), pwd.end()); - TrustZoneContext::Instance().importKey(algo, + uint32_t keySizeBits = data.data.size() * 8; + TrustZoneContext::Instance().importData(dataType, data.data, encIV, pwdBuf, pwdIV, + keySizeBits, + Params::DERIVED_KEY_LENGTH_BITS, result, tag); return result; } - -RawBuffer importData(const Data &data, - const Password &pwd, - const RawBuffer &iv, - RawBuffer &tag) -{ - RawBuffer result; - RawBuffer pwdBuf(pwd.begin(), pwd.end()); - TrustZoneContext::Instance().importData(data.data, - pwdBuf, - iv, - result, - tag); - return result; -} - RawBuffer getData(const RawBuffer &dataId, const Pwd &pwd) { diff --git a/src/manager/crypto/tz-backend/internals.h b/src/manager/crypto/tz-backend/internals.h index 1fed4b0f..c27933b0 100644 --- a/src/manager/crypto/tz-backend/internals.h +++ b/src/manager/crypto/tz-backend/internals.h @@ -38,23 +38,21 @@ using BufferPair = std::pair<RawBuffer, RawBuffer>; using KeyIdPair = std::pair<int, RawBuffer>; RawBuffer generateIV(); + DataPair generateAKey(const CryptoAlgorithm &alg, const Password &pwd, const RawBuffer &iv); + Data generateSKey(const CryptoAlgorithm &alg, const Password &pwd, const RawBuffer &iv, RawBuffer &tag); -RawBuffer importKey(const Data &key, - const RawBuffer &encIV, - const Password &pwd, - const RawBuffer &pwdIV, - RawBuffer &tag); -RawBuffer importData(const Data &data, - const Password &pwd, - const RawBuffer &iv, - RawBuffer &tag); +RawBuffer importData(const Data &key, + const RawBuffer &encIV, + const Password &pwd, + const RawBuffer &pwdIV, + RawBuffer &tag); RawBuffer getData(const RawBuffer &dataId, const Pwd &pwd); @@ -68,6 +66,7 @@ RawBuffer symmetricEncrypt( const Pwd &pwd, const CryptoAlgorithm &alg, const RawBuffer &data); + RawBuffer symmetricDecrypt( const RawBuffer &key, const Pwd &pwd, @@ -79,6 +78,7 @@ RawBuffer asymmetricEncrypt( const Pwd &pwd, const CryptoAlgorithm &alg, const RawBuffer &data); + RawBuffer asymmetricDecrypt( const RawBuffer &key, const Pwd &pwd, diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index c688024e..a3d65c75 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -144,32 +144,19 @@ Token Store::generateSKey(const CryptoAlgorithm &alg, const Password &pass) Token Store::import(const Data &data, const Password &pass, const RawBuffer &encIV) { - if (data.type.isBinaryData()) { - RawBuffer iv; - RawBuffer tag; - if (!pass.empty()) { - // IV is needed for data encryption with pwd - iv = Internals::generateIV(); - } - RawBuffer dataId = Internals::importData(data, pass, iv, tag); - return Token(m_backendId, data.type, pack(dataId, pass, iv, tag)); - } - - if (!data.type.isKey()) - ThrowErr(Exc::Crypto::InputParam, "Invalid data provided for import"); + if (!data.type.isBinaryData() && !data.type.isSKey()) + ThrowErr(Exc::Crypto::DataTypeNotSupported, "Invalid data provided for import"); - if (!data.type.isSKey()) - ThrowErr(Exc::Crypto::DataTypeNotSupported, "Asymmetric keys are not supported"); - - RawBuffer iv; + RawBuffer passIV; RawBuffer tag; + if (!pass.empty()) { - // IV is needed for key encryption - iv = Internals::generateIV(); + // IV is needed for data encryption with pwd + passIV = Internals::generateIV(); } - RawBuffer keyId = Internals::importKey(data, encIV, pass, iv, tag); - return Token(m_backendId, data.type, pack(keyId, pass, iv, tag)); + RawBuffer dataId = Internals::importData(data, encIV, pass, passIV, tag); + return Token(m_backendId, data.type, pack(dataId, pass, passIV, tag)); } void Store::destroy(const Token &token) diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp index 1387491c..859c5a2d 100644 --- a/src/manager/crypto/tz-backend/tz-context.cpp +++ b/src/manager/crypto/tz-backend/tz-context.cpp @@ -254,114 +254,6 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo, memcpy(pwdTag.data(), tagData->data, Params::DEFAULT_AES_GCM_TAG_LEN_BYTES); } - -void TrustZoneContext::importKey(tz_algo_type algo, - const RawBuffer &key, - const RawBuffer &encIV, - const RawBuffer &pwd, - const RawBuffer &pwdIV, - RawBuffer &keyId, - RawBuffer &pwdTag) -{ - (void)encIV; - // command ID = CMD_IMPORT_KEY - // - // TEEC_Operation layout: - // params: - // [0].value.a - key type - // [0].value.b - key size in bits - // [1].memref - seralized key & password data - // output: - // [0].value.a - return code - // [2].memref - serialized key reference ID - - KM_BufferSizeDesc bufSize; - - memset(&bufSize, 0, sizeof(KM_BufferSizeDesc)); - bufSize.input_size = static_cast<uint32_t>(key.size()); - if (!pwd.empty()) { - bufSize.with_pwd_data = true; - bufSize.pwd_size = static_cast<uint32_t>(pwd.size()); - bufSize.pwd_iv_size = static_cast<uint32_t>(pwdIV.size()); - } - uint32_t inMemorySize = KM_CalcBufferSize(bufSize); - TrustZoneMemory inMemory(m_Context, inMemorySize, TEEC_MEM_INPUT); - - memset(&bufSize, 0, sizeof(KM_BufferSizeDesc)); - bufSize.out_size = KM_KEY_ID_SIZE; - bufSize.tag_size = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES; - uint32_t keyMemorySize = KM_CalcBufferSize(bufSize); - TrustZoneMemory keyMemory(m_Context, keyMemorySize, TEEC_MEM_OUTPUT); - - KM_SymmetricInput* input = nullptr; - int ret = KM_ParamsSerializationInit(inMemory.Get()->buffer, inMemory.Get()->size, &input); - if (ret) { - ThrowErr(Exc::Crypto::InternalError, "Failed to initialize data serialization for key import: ", ret); - } - - ret = KM_ParamsSerializeInputData(input, key.data(), key.size()); - if (ret) { - ThrowErr(Exc::Crypto::InternalError, "Failed to serialize key to import: ", ret); - } - - if (!pwd.empty()) { - ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), pwdIV.data(), pwdIV.size(), - nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS, - Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8); - if (ret) { - ThrowErr(Exc::Crypto::InternalError, "Failed to serialize key data for import: ", ret); - } - } - - TEEC_Operation op; - op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE, - TEEC_MEMREF_WHOLE, TEEC_NONE); - op.params[0].value.a = algo; - op.params[0].value.b = key.size() * 8; - op.params[1].memref.parent = inMemory.Get(); - op.params[1].memref.offset = 0; - op.params[1].memref.size = inMemory.Get()->size; - op.params[2].memref.parent = keyMemory.Get(); - op.params[2].memref.offset = 0; - op.params[2].memref.size = keyMemory.Get()->size; - Execute(CMD_IMPORT_KEY, &op); - - KM_SymmetricInput* output = nullptr; - ret = KM_ParamsDeserializationInit(keyMemory.Get()->buffer, keyMemory.Get()->size, &output); - if (ret) { - ThrowErr(Exc::Crypto::InternalError, "Failed to initialize deserialization for imported key ID"); - } - - KM_OutData* outData = nullptr; - ret = KM_ParamsDeserializeOutData(output, &outData); - if (ret) { - ThrowErr(Exc::Crypto::InternalError, "Failed to deserialize imported key ID"); - } - - if (outData == nullptr || outData->data_size != KM_KEY_ID_SIZE) { - ThrowErr(Exc::Crypto::InternalError, "Deserialized incorrect key ID"); - } - - keyId.resize(KM_KEY_ID_SIZE); - memcpy(keyId.data(), outData->data, KM_KEY_ID_SIZE); - - if (!pwd.empty()) { - KM_TagData* tagData = nullptr; - - ret = KM_ParamsDeserializeTagData(output, &tagData); - if (ret) { - ThrowErr(Exc::Crypto::InternalError, "Failed to deserialize imported key's tag"); - } - - if (tagData == nullptr || tagData->data_size != bufSize.tag_size) { - ThrowErr(Exc::Crypto::InternalError, "Deserialized incorrect key tag"); - } - - pwdTag.resize(bufSize.tag_size); - memcpy(pwdTag.data(), tagData->data, bufSize.tag_size); - } -} - void TrustZoneContext::executeCrypt(tz_command cmd, tz_algo_type algo, const RawBuffer &key, @@ -746,29 +638,52 @@ void TrustZoneContext::executeDestroy(const RawBuffer &keyId) Execute(CMD_DESTROY_KEY, &op); } -void TrustZoneContext::importData(const RawBuffer &data, +void TrustZoneContext::importData( + const uint32_t dataType, + const RawBuffer &data, + const RawBuffer &encIV, const RawBuffer &pwd, const RawBuffer &iv, + const uint32_t keySizeBits, + const uint32_t pwdTagSizeBits, RawBuffer &dataId, RawBuffer &pwdTag) { // command ID = CMD_IMPORT_DATA // input: // [1].memref - reference to serialized buffer: + // uint32_t dataType contains information about type stored as binary data // KM_BinaryData with binary data - // uint32_t boolean value - true if password is provided + // uint32_t binary/key size in bits + // KM_BinaryData IV for data decryption with build in key + // uint32_t boolean value - true if password is provided // KM_PwdData with password (optional) // Output: // [0].value.a - return code // [2].memref - reference to serialized buffer: // KM_BinaryData with data id // KM_BinaryData with tag id (optional, if password was provided) - KM_BinaryData kmTaData; + uint32_t inMemorySize = 0; + + // place for dataType + inMemorySize += KM_SizeOfFlag(); + + KM_BinaryData ta_data; + ta_data.data_size = static_cast<uint32_t>(data.size()); + ta_data.data = const_cast<unsigned char *>(data.data()); + inMemorySize += KM_SizeOfBinaryData(&ta_data); + + uint32_t keySizeBits_flags = static_cast<uint32_t>(keySizeBits); + inMemorySize += KM_SizeOfFlag(); + + KM_BinaryData ta_data_enc_iv; + ta_data_enc_iv.data_size = static_cast<uint32_t>(encIV.size()); + ta_data_enc_iv.data = const_cast<unsigned char *>(encIV.data()); + inMemorySize += KM_SizeOfBinaryData(&ta_data_enc_iv); + uint32_t pwd_flag = pwd.empty() ? 0 : 1; - uint32_t pwdTagSizeBits = Params::DEFAULT_AES_GCM_TAG_LEN_BITS; - kmTaData.data_size = static_cast<uint32_t>(data.size()); - kmTaData.data = const_cast<unsigned char *>(data.data()); - uint32_t inMemorySize = KM_SizeOfBinaryData(&kmTaData) + KM_SizeOfFlag(); + inMemorySize += KM_SizeOfFlag(); + KM_PwdData kmPwdData; if (pwd_flag) { memset(&kmPwdData, 0, sizeof(KM_PwdData)); @@ -788,14 +703,31 @@ void TrustZoneContext::importData(const RawBuffer &data, TrustZoneMemory inMemory(m_Context, inMemorySize, TEEC_MEM_INPUT); void *inMemoryPtr = inMemory.Get()->buffer; - int ret = KM_SerializeBinaryData(&inMemoryPtr, &inMemorySize, &kmTaData); + int ret = KM_SerializeFlag(&inMemoryPtr, &inMemorySize, dataType); + if (ret){ + ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret); + } + + ret = KM_SerializeBinaryData(&inMemoryPtr, &inMemorySize, &ta_data); + if (ret) { + ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret); + } + + ret = KM_SerializeFlag(&inMemoryPtr, &inMemorySize, keySizeBits_flags); if (ret) { ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret); } + + ret = KM_SerializeBinaryData(&inMemoryPtr, &inMemorySize, &ta_data_enc_iv); + if (ret) { + ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret); + } + ret = KM_SerializeFlag(&inMemoryPtr, &inMemorySize, pwd_flag); if (ret) { ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret); } + if (pwd_flag) { ret = KM_SerializePwdData(&inMemoryPtr, &inMemorySize, &kmPwdData); if (ret) { diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h index cd7ae744..fdce3ebd 100644 --- a/src/manager/crypto/tz-backend/tz-context.h +++ b/src/manager/crypto/tz-backend/tz-context.h @@ -47,11 +47,13 @@ public: const uint32_t pwdKeySizeBits, RawBuffer &keyId, RawBuffer &pwdTag); - void importKey(tz_algo_type algo, - const RawBuffer &key, + void importData(uint32_t dataType, + const RawBuffer &data, const RawBuffer &encIV, const RawBuffer &pwd, const RawBuffer &pwdIV, + const uint32_t keySizeBits, + const uint32_t powTagSizeBits, RawBuffer &keyId, RawBuffer &pwdTag); @@ -82,12 +84,6 @@ public: void executeDestroy(const RawBuffer &keyId); - void importData(const RawBuffer &data, - const RawBuffer &pwd, - const RawBuffer &iv, - RawBuffer &dataId, - RawBuffer &pwdTag); - void getData(const RawBuffer &dataId, const Pwd &pwd, RawBuffer &data); |