summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorBartlomiej Grzelewski <b.grzelewski@samsung.com>2018-09-25 13:39:22 +0200
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>2018-10-03 14:42:29 +0000
commit78b884add004bc306a81bb79e91aacab44cb98a9 (patch)
tree98203aa1699e155d2821eb869732f33686adef85 /src
parent2e5203cfd1f18b4c86dcab6e594d66ff8d0b8c95 (diff)
downloadkey-manager-78b884add004bc306a81bb79e91aacab44cb98a9.tar.gz
key-manager-78b884add004bc306a81bb79e91aacab44cb98a9.tar.bz2
key-manager-78b884add004bc306a81bb79e91aacab44cb98a9.zip
Reduce number of import methods in tz-backend
Change-Id: I44fe9737dd34d8b61d2ab099c3f611903a5cc9a1
Diffstat (limited to 'src')
-rw-r--r--src/manager/crypto/tz-backend/internals.cpp44
-rw-r--r--src/manager/crypto/tz-backend/internals.h18
-rw-r--r--src/manager/crypto/tz-backend/store.cpp29
-rw-r--r--src/manager/crypto/tz-backend/tz-context.cpp164
-rw-r--r--src/manager/crypto/tz-backend/tz-context.h12
5 files changed, 90 insertions, 177 deletions
diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index 03189d4b..90cc9fb7 100644
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -118,42 +118,40 @@ void destroyKey(const RawBuffer &key)
TrustZoneContext::Instance().executeDestroy(key);
}
-RawBuffer importKey(const Data &data,
- const RawBuffer &encIV,
- const Password &pwd,
- const RawBuffer &pwdIV,
- RawBuffer &tag)
+RawBuffer importData(const Data &data,
+ const RawBuffer &encIV,
+ const Password &pwd,
+ const RawBuffer &pwdIV,
+ RawBuffer &tag)
{
- tz_algo_type algo = getAlgType(data.type);
+
+ uint32_t dataType;
+
+ if (data.type.isSKey()) {
+ dataType = TYPE_SKEY;
+ } else if (data.type.isBinaryData()) {
+ dataType = TYPE_GENERIC_SECRET;
+ } else {
+ ThrowErr(Exc::Crypto::DataTypeNotSupported,
+ "Data type could not be impoted by tz-backend");
+ }
+
RawBuffer result;
RawBuffer pwdBuf(pwd.begin(), pwd.end());
- TrustZoneContext::Instance().importKey(algo,
+ uint32_t keySizeBits = data.data.size() * 8;
+ TrustZoneContext::Instance().importData(dataType,
data.data,
encIV,
pwdBuf,
pwdIV,
+ keySizeBits,
+ Params::DERIVED_KEY_LENGTH_BITS,
result,
tag);
return result;
}
-
-RawBuffer importData(const Data &data,
- const Password &pwd,
- const RawBuffer &iv,
- RawBuffer &tag)
-{
- RawBuffer result;
- RawBuffer pwdBuf(pwd.begin(), pwd.end());
- TrustZoneContext::Instance().importData(data.data,
- pwdBuf,
- iv,
- result,
- tag);
- return result;
-}
-
RawBuffer getData(const RawBuffer &dataId,
const Pwd &pwd)
{
diff --git a/src/manager/crypto/tz-backend/internals.h b/src/manager/crypto/tz-backend/internals.h
index 1fed4b0f..c27933b0 100644
--- a/src/manager/crypto/tz-backend/internals.h
+++ b/src/manager/crypto/tz-backend/internals.h
@@ -38,23 +38,21 @@ using BufferPair = std::pair<RawBuffer, RawBuffer>;
using KeyIdPair = std::pair<int, RawBuffer>;
RawBuffer generateIV();
+
DataPair generateAKey(const CryptoAlgorithm &alg,
const Password &pwd,
const RawBuffer &iv);
+
Data generateSKey(const CryptoAlgorithm &alg,
const Password &pwd,
const RawBuffer &iv,
RawBuffer &tag);
-RawBuffer importKey(const Data &key,
- const RawBuffer &encIV,
- const Password &pwd,
- const RawBuffer &pwdIV,
- RawBuffer &tag);
-RawBuffer importData(const Data &data,
- const Password &pwd,
- const RawBuffer &iv,
- RawBuffer &tag);
+RawBuffer importData(const Data &key,
+ const RawBuffer &encIV,
+ const Password &pwd,
+ const RawBuffer &pwdIV,
+ RawBuffer &tag);
RawBuffer getData(const RawBuffer &dataId,
const Pwd &pwd);
@@ -68,6 +66,7 @@ RawBuffer symmetricEncrypt(
const Pwd &pwd,
const CryptoAlgorithm &alg,
const RawBuffer &data);
+
RawBuffer symmetricDecrypt(
const RawBuffer &key,
const Pwd &pwd,
@@ -79,6 +78,7 @@ RawBuffer asymmetricEncrypt(
const Pwd &pwd,
const CryptoAlgorithm &alg,
const RawBuffer &data);
+
RawBuffer asymmetricDecrypt(
const RawBuffer &key,
const Pwd &pwd,
diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp
index c688024e..a3d65c75 100644
--- a/src/manager/crypto/tz-backend/store.cpp
+++ b/src/manager/crypto/tz-backend/store.cpp
@@ -144,32 +144,19 @@ Token Store::generateSKey(const CryptoAlgorithm &alg, const Password &pass)
Token Store::import(const Data &data, const Password &pass, const RawBuffer &encIV)
{
- if (data.type.isBinaryData()) {
- RawBuffer iv;
- RawBuffer tag;
- if (!pass.empty()) {
- // IV is needed for data encryption with pwd
- iv = Internals::generateIV();
- }
- RawBuffer dataId = Internals::importData(data, pass, iv, tag);
- return Token(m_backendId, data.type, pack(dataId, pass, iv, tag));
- }
-
- if (!data.type.isKey())
- ThrowErr(Exc::Crypto::InputParam, "Invalid data provided for import");
+ if (!data.type.isBinaryData() && !data.type.isSKey())
+ ThrowErr(Exc::Crypto::DataTypeNotSupported, "Invalid data provided for import");
- if (!data.type.isSKey())
- ThrowErr(Exc::Crypto::DataTypeNotSupported, "Asymmetric keys are not supported");
-
- RawBuffer iv;
+ RawBuffer passIV;
RawBuffer tag;
+
if (!pass.empty()) {
- // IV is needed for key encryption
- iv = Internals::generateIV();
+ // IV is needed for data encryption with pwd
+ passIV = Internals::generateIV();
}
- RawBuffer keyId = Internals::importKey(data, encIV, pass, iv, tag);
- return Token(m_backendId, data.type, pack(keyId, pass, iv, tag));
+ RawBuffer dataId = Internals::importData(data, encIV, pass, passIV, tag);
+ return Token(m_backendId, data.type, pack(dataId, pass, passIV, tag));
}
void Store::destroy(const Token &token)
diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index 1387491c..859c5a2d 100644
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -254,114 +254,6 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
memcpy(pwdTag.data(), tagData->data, Params::DEFAULT_AES_GCM_TAG_LEN_BYTES);
}
-
-void TrustZoneContext::importKey(tz_algo_type algo,
- const RawBuffer &key,
- const RawBuffer &encIV,
- const RawBuffer &pwd,
- const RawBuffer &pwdIV,
- RawBuffer &keyId,
- RawBuffer &pwdTag)
-{
- (void)encIV;
- // command ID = CMD_IMPORT_KEY
- //
- // TEEC_Operation layout:
- // params:
- // [0].value.a - key type
- // [0].value.b - key size in bits
- // [1].memref - seralized key & password data
- // output:
- // [0].value.a - return code
- // [2].memref - serialized key reference ID
-
- KM_BufferSizeDesc bufSize;
-
- memset(&bufSize, 0, sizeof(KM_BufferSizeDesc));
- bufSize.input_size = static_cast<uint32_t>(key.size());
- if (!pwd.empty()) {
- bufSize.with_pwd_data = true;
- bufSize.pwd_size = static_cast<uint32_t>(pwd.size());
- bufSize.pwd_iv_size = static_cast<uint32_t>(pwdIV.size());
- }
- uint32_t inMemorySize = KM_CalcBufferSize(bufSize);
- TrustZoneMemory inMemory(m_Context, inMemorySize, TEEC_MEM_INPUT);
-
- memset(&bufSize, 0, sizeof(KM_BufferSizeDesc));
- bufSize.out_size = KM_KEY_ID_SIZE;
- bufSize.tag_size = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES;
- uint32_t keyMemorySize = KM_CalcBufferSize(bufSize);
- TrustZoneMemory keyMemory(m_Context, keyMemorySize, TEEC_MEM_OUTPUT);
-
- KM_SymmetricInput* input = nullptr;
- int ret = KM_ParamsSerializationInit(inMemory.Get()->buffer, inMemory.Get()->size, &input);
- if (ret) {
- ThrowErr(Exc::Crypto::InternalError, "Failed to initialize data serialization for key import: ", ret);
- }
-
- ret = KM_ParamsSerializeInputData(input, key.data(), key.size());
- if (ret) {
- ThrowErr(Exc::Crypto::InternalError, "Failed to serialize key to import: ", ret);
- }
-
- if (!pwd.empty()) {
- ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), pwdIV.data(), pwdIV.size(),
- nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS,
- Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8);
- if (ret) {
- ThrowErr(Exc::Crypto::InternalError, "Failed to serialize key data for import: ", ret);
- }
- }
-
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
- op.params[0].value.a = algo;
- op.params[0].value.b = key.size() * 8;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = keyMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = keyMemory.Get()->size;
- Execute(CMD_IMPORT_KEY, &op);
-
- KM_SymmetricInput* output = nullptr;
- ret = KM_ParamsDeserializationInit(keyMemory.Get()->buffer, keyMemory.Get()->size, &output);
- if (ret) {
- ThrowErr(Exc::Crypto::InternalError, "Failed to initialize deserialization for imported key ID");
- }
-
- KM_OutData* outData = nullptr;
- ret = KM_ParamsDeserializeOutData(output, &outData);
- if (ret) {
- ThrowErr(Exc::Crypto::InternalError, "Failed to deserialize imported key ID");
- }
-
- if (outData == nullptr || outData->data_size != KM_KEY_ID_SIZE) {
- ThrowErr(Exc::Crypto::InternalError, "Deserialized incorrect key ID");
- }
-
- keyId.resize(KM_KEY_ID_SIZE);
- memcpy(keyId.data(), outData->data, KM_KEY_ID_SIZE);
-
- if (!pwd.empty()) {
- KM_TagData* tagData = nullptr;
-
- ret = KM_ParamsDeserializeTagData(output, &tagData);
- if (ret) {
- ThrowErr(Exc::Crypto::InternalError, "Failed to deserialize imported key's tag");
- }
-
- if (tagData == nullptr || tagData->data_size != bufSize.tag_size) {
- ThrowErr(Exc::Crypto::InternalError, "Deserialized incorrect key tag");
- }
-
- pwdTag.resize(bufSize.tag_size);
- memcpy(pwdTag.data(), tagData->data, bufSize.tag_size);
- }
-}
-
void TrustZoneContext::executeCrypt(tz_command cmd,
tz_algo_type algo,
const RawBuffer &key,
@@ -746,29 +638,52 @@ void TrustZoneContext::executeDestroy(const RawBuffer &keyId)
Execute(CMD_DESTROY_KEY, &op);
}
-void TrustZoneContext::importData(const RawBuffer &data,
+void TrustZoneContext::importData(
+ const uint32_t dataType,
+ const RawBuffer &data,
+ const RawBuffer &encIV,
const RawBuffer &pwd,
const RawBuffer &iv,
+ const uint32_t keySizeBits,
+ const uint32_t pwdTagSizeBits,
RawBuffer &dataId,
RawBuffer &pwdTag)
{
// command ID = CMD_IMPORT_DATA
// input:
// [1].memref - reference to serialized buffer:
+ // uint32_t dataType contains information about type stored as binary data
// KM_BinaryData with binary data
- // uint32_t boolean value - true if password is provided
+ // uint32_t binary/key size in bits
+ // KM_BinaryData IV for data decryption with build in key
+ // uint32_t boolean value - true if password is provided
// KM_PwdData with password (optional)
// Output:
// [0].value.a - return code
// [2].memref - reference to serialized buffer:
// KM_BinaryData with data id
// KM_BinaryData with tag id (optional, if password was provided)
- KM_BinaryData kmTaData;
+ uint32_t inMemorySize = 0;
+
+ // place for dataType
+ inMemorySize += KM_SizeOfFlag();
+
+ KM_BinaryData ta_data;
+ ta_data.data_size = static_cast<uint32_t>(data.size());
+ ta_data.data = const_cast<unsigned char *>(data.data());
+ inMemorySize += KM_SizeOfBinaryData(&ta_data);
+
+ uint32_t keySizeBits_flags = static_cast<uint32_t>(keySizeBits);
+ inMemorySize += KM_SizeOfFlag();
+
+ KM_BinaryData ta_data_enc_iv;
+ ta_data_enc_iv.data_size = static_cast<uint32_t>(encIV.size());
+ ta_data_enc_iv.data = const_cast<unsigned char *>(encIV.data());
+ inMemorySize += KM_SizeOfBinaryData(&ta_data_enc_iv);
+
uint32_t pwd_flag = pwd.empty() ? 0 : 1;
- uint32_t pwdTagSizeBits = Params::DEFAULT_AES_GCM_TAG_LEN_BITS;
- kmTaData.data_size = static_cast<uint32_t>(data.size());
- kmTaData.data = const_cast<unsigned char *>(data.data());
- uint32_t inMemorySize = KM_SizeOfBinaryData(&kmTaData) + KM_SizeOfFlag();
+ inMemorySize += KM_SizeOfFlag();
+
KM_PwdData kmPwdData;
if (pwd_flag) {
memset(&kmPwdData, 0, sizeof(KM_PwdData));
@@ -788,14 +703,31 @@ void TrustZoneContext::importData(const RawBuffer &data,
TrustZoneMemory inMemory(m_Context, inMemorySize, TEEC_MEM_INPUT);
void *inMemoryPtr = inMemory.Get()->buffer;
- int ret = KM_SerializeBinaryData(&inMemoryPtr, &inMemorySize, &kmTaData);
+ int ret = KM_SerializeFlag(&inMemoryPtr, &inMemorySize, dataType);
+ if (ret){
+ ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret);
+ }
+
+ ret = KM_SerializeBinaryData(&inMemoryPtr, &inMemorySize, &ta_data);
+ if (ret) {
+ ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret);
+ }
+
+ ret = KM_SerializeFlag(&inMemoryPtr, &inMemorySize, keySizeBits_flags);
if (ret) {
ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret);
}
+
+ ret = KM_SerializeBinaryData(&inMemoryPtr, &inMemorySize, &ta_data_enc_iv);
+ if (ret) {
+ ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret);
+ }
+
ret = KM_SerializeFlag(&inMemoryPtr, &inMemorySize, pwd_flag);
if (ret) {
ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret);
}
+
if (pwd_flag) {
ret = KM_SerializePwdData(&inMemoryPtr, &inMemorySize, &kmPwdData);
if (ret) {
diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h
index cd7ae744..fdce3ebd 100644
--- a/src/manager/crypto/tz-backend/tz-context.h
+++ b/src/manager/crypto/tz-backend/tz-context.h
@@ -47,11 +47,13 @@ public:
const uint32_t pwdKeySizeBits,
RawBuffer &keyId,
RawBuffer &pwdTag);
- void importKey(tz_algo_type algo,
- const RawBuffer &key,
+ void importData(uint32_t dataType,
+ const RawBuffer &data,
const RawBuffer &encIV,
const RawBuffer &pwd,
const RawBuffer &pwdIV,
+ const uint32_t keySizeBits,
+ const uint32_t powTagSizeBits,
RawBuffer &keyId,
RawBuffer &pwdTag);
@@ -82,12 +84,6 @@ public:
void executeDestroy(const RawBuffer &keyId);
- void importData(const RawBuffer &data,
- const RawBuffer &pwd,
- const RawBuffer &iv,
- RawBuffer &dataId,
- RawBuffer &pwdTag);
-
void getData(const RawBuffer &dataId,
const Pwd &pwd,
RawBuffer &data);