[platform/core/security/key-manager.git] / src / manager / crypto / tz-backend / tz-context.cpp

/*
 *  Copyright (c) 2017-2021 Samsung Electronics Co., Ltd. All rights reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 */
/*
 * @file       tz-context.cpp
 * @author     Lukasz Kostyra (l.kostyra@samsung.com)
 * @version    1.0
 */

#pragma GCC diagnostic ignored "-Wdeprecated-declarations"

#include <tz-backend/tz-context.h>
#include <tz-backend/tz-memory.h>
#include <generic-backend/exception.h>
#include <generic-backend/crypto-params.h>
#include <generic-backend/encryption-params.h>
#include <dpl/log/log.h>

#include <km_serialization.h>
#include <km_ta_defines.h>

#include <cstdint>
#include <cstring>
#include <cassert>
#include <unordered_map>

namespace CKM {
namespace Crypto {
namespace TZ {
namespace Internals {

namespace {

// A little bit of extra memory to add to output buffers.
//
// We need this extra memory to output for padding purposes - after encryption
// we can resize the result memory back to its proper size according to
// whatever TA will return us.
const uint32_t CIPHER_EXTRA_PADDING_SIZE = 16;

// Maximum size of GCM tag in bytes.
const size_t MAX_GCM_TAG_SIZE = 16;

// Identifier of our TA
const TEEC_UUID KEY_MANAGER_TA_UUID = KM_TA_UUID;

//raw to hex string conversion to print persistent storage data ID
static std::string rawToHexString(const RawBuffer &raw)
{
        return hexDump<std::string>(raw);
}

/*
 * Maximum size for given key type in bytes according to key-manager-ta implementation.
 * Note that they are greater than TEE Internal Core API v1.1.2.50 (Table 5-9) values.
 */
const std::unordered_map<tz_algo_type, size_t> MAX_KEY_SIZE = {
        { ALGO_RSA, 4096 / 8 },
        { ALGO_RSA_SV, 4096 / 8 },
        { ALGO_DSA_SV, 4096 / 8 },
        { ALGO_ECDSA_SV, 1024 / 8 } // 384*2 + additional space for DERR encoding
};

struct EncPwd {
        const RawBuffer &password;
        const RawBuffer &iv;
};

template <typename T>
void push(TZSerializer& ser, const T& value)
{
        ser.Push(new TZSerializableFlag(static_cast<uint32_t>(value)));
}

template<>
void push<RawBuffer>(TZSerializer& ser, const RawBuffer& value)
{
        ser.Push(new TZSerializableBinary(value));
}

template<>
void push<Pwd>(TZSerializer& ser, const Pwd& value)
{
        int32_t pwd_flag = value.getPassword().empty() ? 0 : 1;
        ser.Push(new TZSerializableFlag(pwd_flag));
        if (pwd_flag)
                ser.Push(new TZSerializablePwdData(value.getPassword(),
                                                                                   value.getIV(),
                                                                                   value.getTag().size() * 8,
                                                                                   value.getTag()));
}

template<>
void push<EncPwd>(TZSerializer& ser, const EncPwd& value)
{
        int32_t pwd_flag = value.password.empty() ? 0 : 1;
        ser.Push(new TZSerializableFlag(pwd_flag));
        if (pwd_flag)
                ser.Push(new TZSerializablePwdData(value.password,
                                                                                   value.iv,
                                                                                   Params::DEFAULT_AES_GCM_TAG_LEN_BITS));
}

template <typename T, typename ...Args>
void push(TZSerializer& ser, const T& first, const Args&... args)
{
        push<T>(ser, first);
        push<Args...>(ser, args...);
}

template <typename ...Args>
TZSerializer makeSerializer(const Args&... args)
{
        TZSerializer ser;
        push<Args...>(ser, args...);
        return ser;
}

} // anonymous namespace

TrustZoneContext::TrustZoneContext()
        : m_ContextInitialized(false)
        , m_SessionInitialized(false)
{
        Initialize();
}

TrustZoneContext::~TrustZoneContext()
{
        Destroy();
}

TrustZoneContext& TrustZoneContext::Instance()
{
        static TrustZoneContext instance;
        return instance;
}

TEEC_Operation makeOp(uint32_t value, TrustZoneMemory& mem1)
{
        TEEC_Operation op;

        op.paramTypes = TEEC_PARAM_TYPES(value, TEEC_MEMREF_WHOLE, TEEC_NONE, TEEC_NONE);

        op.params[1].memref.parent = mem1.Get();
        op.params[1].memref.offset = 0;
        op.params[1].memref.size = mem1.Get()->size;
        return op;
}

TEEC_Operation makeOp(uint32_t value, TrustZoneMemory& mem1, TrustZoneMemory& mem2)
{
        TEEC_Operation op = makeOp(value, mem1);

        op.paramTypes = TEEC_PARAM_TYPES(value, TEEC_MEMREF_WHOLE, TEEC_MEMREF_WHOLE, TEEC_NONE);

        op.params[2].memref.parent = mem2.Get();
        op.params[2].memref.offset = 0;
        op.params[2].memref.size = mem2.Get()->size;

        return op;
}

void TrustZoneContext::generateIV(RawBuffer& iv)
{
        // command ID = CMD_GENERATE_IV
        // IV generation is a simple call - no need to serialize data
        // just provide the output buffer with size equal to iv.
        uint32_t ivSize = Params::DEFAULT_AES_IV_LEN;
        TrustZoneMemory ivMemory(m_Context, ivSize, TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, ivMemory);

        Execute(CMD_GENERATE_IV, &op);

        iv.resize(ivSize);
        memcpy(iv.data(), ivMemory.Get()->buffer, ivMemory.Get()->size);
}

void TrustZoneContext::generateSKey(tz_algo_type algo,
                                                                        uint32_t keySizeBits,
                                                                        const RawBuffer &hash)
{
        // command ID = CMD_GENERATE_KEY
        auto sIn = makeSerializer(hash);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
        op.params[0].value.a = algo;
        op.params[0].value.b = keySizeBits;

        Execute(CMD_GENERATE_KEY, &op);
}

void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
                                                                        const RawBuffer &pwd,
                                                                        const RawBuffer &iv,
                                                                        const uint32_t keySizeBits,
                                                                        RawBuffer &pwdTag,
                                                                        const RawBuffer &hash)
{
        // command ID = CMD_GENERATE_KEY_PWD
        TZSerializer sIn;
        sIn.Push(new TZSerializablePwdData(pwd, iv, Params::DEFAULT_AES_GCM_TAG_LEN_BITS));
        sIn.Push(new TZSerializableBinary(hash));
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = algo;
        op.params[0].value.b = keySizeBits;

        Execute(CMD_GENERATE_KEY_PWD, &op);

        sOut.Deserialize(outMemory);
        sOut.Pull(pwdTag);

        if (pwdTag.size() != Params::DEFAULT_AES_GCM_TAG_LEN_BYTES) {
                ThrowErr(Exc::Crypto::InternalError, "Deserialized incorrect key tag");
        }
}

void TrustZoneContext::GenerateAKey(tz_command commandId,
                                    TZSerializer &sIn,
                                    uint32_t genParam, // key size in bits or EC type
                                    const RawBuffer &pubPwd,
                                    const RawBuffer &pubPwdIv,
                                    const RawBuffer &privPwd,
                                    const RawBuffer &privPwdIv,
                                    RawBuffer &pubKeyTag,
                                    RawBuffer &privKeyTag,
                                    const RawBuffer &hashPriv,
                                                                        const RawBuffer &hashPub)
{
        uint32_t pubPwdExists = pubPwd.empty() ? 0 : 1;
        TZSerializer sOut;
        if (pubPwdExists)
                sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));

        uint32_t privPwdExists = privPwd.empty() ? 0 : 1;
        if (privPwdExists)
                sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));

        push(sIn, EncPwd{pubPwd, pubPwdIv}, EncPwd{privPwd, privPwdIv}, hashPriv, hashPub);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op;
        if (sOut.GetSize() == 0) {
                op = makeOp(TEEC_VALUE_INOUT, inMemory);
        } else {
                op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        }
        op.params[0].value.b = genParam;

        Execute(commandId, &op);

        sOut.Deserialize(outMemory);
        if (pubPwdExists) {
                sOut.Pull(pubKeyTag);
        }

        if (privPwdExists) {
                sOut.Pull(privKeyTag);
        }
}

void TrustZoneContext::generateRSAKey(uint32_t keySizeBits,
                                                                        const RawBuffer &pubPwd,
                                                                        const RawBuffer &pubPwdIv,
                                                                        const RawBuffer &privPwd,
                                                                        const RawBuffer &privPwdIv,
                                                                        RawBuffer &pubKeyTag,
                                                                        RawBuffer &privKeyTag,
                                                                        const RawBuffer &hashPriv,
                                                                        const RawBuffer &hashPub)
{
        // command ID = CMD_GENERATE_RSA_KEYPAIR
        TZSerializer sIn;

        GenerateAKey(CMD_GENERATE_RSA_KEYPAIR,
                     sIn,
                     keySizeBits,
                     pubPwd,
                     pubPwdIv,
                     privPwd,
                     privPwdIv,
                     pubKeyTag,
                     privKeyTag,
                     hashPriv,
                     hashPub);
}

void TrustZoneContext::generateDSAKey(uint32_t keySizeBits,
                                                                        const RawBuffer &prime,
                                                                        const RawBuffer &subprime,
                                                                        const RawBuffer &base,
                                                                        const RawBuffer &pubPwd,
                                                                        const RawBuffer &pubPwdIv,
                                                                        const RawBuffer &privPwd,
                                                                        const RawBuffer &privPwdIv,
                                                                        RawBuffer &pubKeyTag,
                                                                        RawBuffer &privKeyTag,
                                                                        const RawBuffer &hashPriv,
                                                                        const RawBuffer &hashPub)
{
        // command ID = CMD_GENERATE_DSA_KEYPAIR
        auto sIn = makeSerializer(prime, subprime, base);

        GenerateAKey(CMD_GENERATE_DSA_KEYPAIR,
                     sIn,
                     keySizeBits,
                     pubPwd,
                     pubPwdIv,
                     privPwd,
                     privPwdIv,
                     pubKeyTag,
                     privKeyTag,
                     hashPriv,
                     hashPub);
}

void TrustZoneContext::generateECKey(tz_ec ec,
                                                                         const RawBuffer &pubPwd,
                                                                         const RawBuffer &pubPwdIv,
                                                                         const RawBuffer &privPwd,
                                                                         const RawBuffer &privPwdIv,
                                                                         RawBuffer &pubKeyTag,
                                                                         RawBuffer &privKeyTag,
                                                                         const RawBuffer &hashPriv,
                                                                         const RawBuffer &hashPub)
{
        // command ID = CMD_GENERATE_EC_KEYPAIR
        TZSerializer sIn;

        GenerateAKey(CMD_GENERATE_EC_KEYPAIR,
                     sIn,
                     static_cast<uint32_t>(ec),
                     pubPwd,
                     pubPwdIv,
                     privPwd,
                     privPwdIv,
                     pubKeyTag,
                     privKeyTag,
                     hashPriv,
                     hashPub);
}

void TrustZoneContext::executeCrypt(tz_command cmd,
                                                                        tz_algo_type algo,
                                                                        const RawBuffer &keyId,
                                                                        const Pwd &pwd,
                                                                        const RawBuffer &iv,
                                                                        const RawBuffer &data,
                                                                        RawBuffer &out)
{
        // command IDs = CMD_ENCRYPT, CMD_DECRYPT (from km_ta_defines.h)
        if (keyId.size() != KM_KEY_ID_SIZE) {
                ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer (size = "
                        + std::to_string(keyId.size()) + ")");
        }

        TZSerializer sIn;
        if (algo == ALGO_RSA)
                sIn = makeSerializer(data, pwd, keyId);
        else
                sIn = makeSerializer(data, pwd, iv, keyId);

        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        // decrypt operation does not require padding
        uint32_t outMemorySize = data.size();
        if (cmd == CMD_ENCRYPT) {
                if (algo == ALGO_RSA) {
                        // We don't know the key length
                        outMemorySize = MAX_KEY_SIZE.at(ALGO_RSA);
                } else {
                        outMemorySize = static_cast<uint32_t>(data.size() + CIPHER_EXTRA_PADDING_SIZE);
                }
        }

        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(outMemorySize, false));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = algo;

        Execute(cmd, &op);

        sOut.Deserialize(outMemory);
        sOut.Pull(out);
}

void TrustZoneContext::executeEncryptAE(const RawBuffer &keyId,
                                                                                const Pwd &pwd,
                                                                                const RawBuffer &iv,
                                                                                int tagSizeBits,
                                                                                const RawBuffer &aad,
                                                                                const RawBuffer &data,
                                                                                RawBuffer &out,
                                                                                RawBuffer &tag)
{
        // command ID = CMD_ENCRYPT (from km_ta_defines.h)
        if (keyId.size() != KM_KEY_ID_SIZE) {
                ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer");
        }

        auto sIn = makeSerializer(data, pwd, iv, keyId, aad, tagSizeBits);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        uint32_t outMemorySize = static_cast<uint32_t>(data.size() + CIPHER_EXTRA_PADDING_SIZE);
        uint32_t tagSizeBytes = (tagSizeBits + 7) / 8;

        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(outMemorySize, false));
        sOut.Push(new TZSerializableBinary(tagSizeBytes));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = ALGO_AES_GCM;

        Execute(CMD_ENCRYPT, &op);

        sOut.Deserialize(outMemory);
        sOut.Pull(out);
        sOut.Pull(tag);
}

void TrustZoneContext::executeDecryptAE(const RawBuffer &keyId,
                                                                                const Pwd &pwd,
                                                                                const RawBuffer &iv,
                                                                                int  tagSizeBits,
                                                                                const RawBuffer &tag,
                                                                                const RawBuffer &aad,
                                                                                const RawBuffer &data,
                                                                                RawBuffer &out)
{
        // command ID = CMD_DECRYPT (from km_ta_defines.h)
        if (keyId.size() != KM_KEY_ID_SIZE) {
                ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer");
        }

        auto sIn = makeSerializer(data, pwd, iv, keyId, aad, tagSizeBits, tag);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(data.size()));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = ALGO_AES_GCM;

        Execute(CMD_DECRYPT, &op);

        sOut.Deserialize(outMemory);
        sOut.Pull(out);
}

uint32_t TrustZoneContext::initGcmCipher(uint32_t encrypt,
                                                                                 const RawBuffer &keyId,
                                                                                 const Pwd &pwd,
                                                                                 const RawBuffer &iv,
                                                                                 int tagSizeBits,
                                                                                 const RawBuffer &aad)
{
        // command ID = CMD_CIPHER_INIT (from km_ta_defines.h)
        if (keyId.size() != KM_KEY_ID_SIZE) {
                ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer");
        }

        auto sIn = makeSerializer(pwd, iv, keyId, aad, tagSizeBits);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
        op.params[0].value.a = ALGO_AES_GCM;
        op.params[0].value.b = encrypt;

        Execute(CMD_CIPHER_INIT, &op);

        return op.params[0].value.b;
}

void TrustZoneContext::addGcmAAD(uint32_t opId,
                                                                 const RawBuffer &aad)
{
        // command ID = CMD_CIPHER_INIT_AAD (from km_ta_defines.h)
        auto sIn = makeSerializer(aad);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
        op.params[0].value.a = opId;

        Execute(CMD_CIPHER_INIT_AAD, &op);
}

RawBuffer TrustZoneContext::updateGcmCipher(uint32_t opId,
                                                                                        const RawBuffer &data)
{
        auto sIn = makeSerializer(data);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(data.size()));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = opId;

        Execute(CMD_CIPHER_UPDATE, &op);

        sOut.Deserialize(outMemory);

        RawBuffer out;
        sOut.Pull(out);
        return out;
}

RawBuffer TrustZoneContext::finalizeGcmCipher(uint32_t opId,
                                                                                          const RawBuffer &data)
{
        auto sIn = makeSerializer(data);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(MAX_GCM_TAG_SIZE, false));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = opId;

        Execute(CMD_CIPHER_FINALIZE, &op);

        sOut.Deserialize(outMemory);

        RawBuffer out;
        sOut.Pull(out);
        return out;
}

void TrustZoneContext::cleanupCipher(uint32_t opId)
{
        TEEC_Operation op;
        op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE);
        op.params[0].value.a = opId;

        Execute(CMD_CIPHER_CLEANUP, &op);
}

void TrustZoneContext::executeSign(tz_algo_type algo,
                                                                tz_hash_type hash,
                                                                const RawBuffer &keyId,
                                                                const Pwd &pwd,
                                                                const RawBuffer &message,
                                                                RawBuffer &signature)
{
        // command ID = CMD_SIGN (from km_ta_defines.h)
        if (keyId.size() != KM_KEY_ID_SIZE) {
                ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer (size = "
                        + std::to_string(keyId.size()) + ")");
        }

        auto sIn = makeSerializer(message, pwd, keyId);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(MAX_KEY_SIZE.at(algo), false));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = algo;
        op.params[0].value.b = hash;

        Execute(CMD_SIGN, &op);

        sOut.Deserialize(outMemory);
        sOut.Pull(signature);
}

int TrustZoneContext::executeVerify(tz_algo_type algo,
                                                                        tz_hash_type hash,
                                                                        const RawBuffer &keyId,
                                                                        const Pwd &pwd,
                                                                        const RawBuffer &message,
                                                                        const RawBuffer &signature)
{
        // command ID = CMD_VERIFY (from km_ta_defines.h)
        if (keyId.size() != KM_KEY_ID_SIZE) {
                ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer (size = "
                        + std::to_string(keyId.size()) + ")");
        }

        auto sIn = makeSerializer(message, signature, pwd, keyId);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
        op.params[0].value.a = algo;
        op.params[0].value.b = hash;

        Execute(CMD_VERIFY, &op);

        int opRet = op.params[0].value.a;
        switch (opRet) {
        case KM_TA_SUCCESS:
                return CKM_API_SUCCESS;
        case KM_TA_ERROR_SIGNATURE:
                LogWarning("Signature verification failed");
                return CKM_API_ERROR_VERIFICATION_FAILED;
        default:
                assert(false); // This condition should be checked inside Execute() function
                ThrowErr(Exc::Crypto::InternalError, "Unknown TA error during operation: ", opRet);
        }
}

void TrustZoneContext::executeDestroy(const RawBuffer &keyId)
{
        // command ID = CMD_DESTROY_KEY (from km_ta_defines.h)
        if (keyId.size() != KM_KEY_ID_SIZE) {
                ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer");
        }

        auto sIn = makeSerializer(keyId);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_OUTPUT, inMemory);

        Execute(CMD_DESTROY_KEY, &op);
}

void TrustZoneContext::importData(
                                const uint32_t dataType,
                                const RawBuffer &data,
                                const Crypto::EncryptionParams &encData,
                                const RawBuffer &pwd,
                                const RawBuffer &iv,
                                const uint32_t keySizeBits,
                                RawBuffer &pwdTag,
                                const RawBuffer &hash)
{
        // command ID = CMD_IMPORT_DATA
        LogDebug("TrustZoneContext::importData data size = [" << data.size() << "]");

        auto sIn = makeSerializer(
                dataType, data, keySizeBits, encData.iv, encData.tag, EncPwd{pwd, iv}, hash);

        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        if (!pwd.empty()) {
                sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));
        }

        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
        if (!pwd.empty())
                op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);

        Execute(CMD_IMPORT_DATA, &op);

        if (!pwd.empty()) {
                sOut.Deserialize(outMemory);
                sOut.Pull(pwdTag);
        }

        LogDebug("Imported object ID is (hex): " << rawToHexString(hash));
}

void TrustZoneContext::importWrappedKey(const RawBuffer &wrappingKeyId,
                                                                                const Pwd &wrappingKeyPwd,
                                                                                tz_algo_type algo,
                                                                                const RawBuffer &iv,
                                                                                const uint32_t ctrLenOrTagSizeBits,
                                                                                const RawBuffer &aad,
                                                                                const tz_data_type encryptedKeyType,
                                                                                const RawBuffer &encryptedKey,
                                                                                const RawBuffer &encryptedKeyPwdBuf,
                                                                                const RawBuffer &encryptedKeyIV,
                                                                                RawBuffer &encryptedKeyTag,
                                                                                const RawBuffer &encryptedKeyId)
{
        // command ID = CMD_IMPORT_WRAPPED_KEY
        LogDebug("TrustZoneContext::importWrappedKey encryptedKey size = [" << encryptedKey.size() << "]");

        auto sIn = makeSerializer(wrappingKeyId,
                                                          wrappingKeyPwd,
                                                          algo,
                                                          iv,
                                                          ctrLenOrTagSizeBits,
                                                          aad,
                                                          encryptedKeyType,
                                                          encryptedKey,
                                                          EncPwd{encryptedKeyPwdBuf, encryptedKeyIV},
                                                          encryptedKeyId);

        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        if (!encryptedKeyPwdBuf.empty()) {
                sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));
        }

        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
        if (!encryptedKeyPwdBuf.empty())
                op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);

        Execute(CMD_IMPORT_WRAPPED_KEY, &op);

        if (!encryptedKeyPwdBuf.empty()) {
                sOut.Deserialize(outMemory);
                sOut.Pull(encryptedKeyTag);
        }

        LogDebug("Imported object ID is (hex): " << rawToHexString(encryptedKeyId));
}

RawBuffer TrustZoneContext::exportWrappedKey(const RawBuffer &wrappingKeyId,
                                                                                         const Pwd &wrappingKeyPwd,
                                                                                         tz_algo_type algo,
                                                                                         const RawBuffer &iv,
                                                                                         const uint32_t ctrLenOrTagSizeBits,
                                                                                         const RawBuffer &aad,
                                                                                         const RawBuffer &keyToWrapId,
                                                                                         const Pwd &keyToWrapPwd,
                                                                                         tz_data_type keyToWrapType)
{
        // command ID = CMD_EXPORT_WRAPPED_KEY
        LogDebug("TrustZoneContext::exportWrappedKey");

        auto sIn = makeSerializer(wrappingKeyId,
                                                          wrappingKeyPwd,
                                                          algo,
                                                          iv,
                                                          ctrLenOrTagSizeBits,
                                                          aad,
                                                          keyToWrapId,
                                                          keyToWrapPwd,
                                                          keyToWrapType);

        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        uint32_t dataSize = 0;
        GetDataSize(keyToWrapId, keyToWrapPwd, keyToWrapType, dataSize);

        LogDebug("GetData data_size = [" << dataSize << "]");

        uint32_t enc_overhead = KM_ENCRYPTION_OVERHEAD;
        if (algo == ALGO_RSA)
                enc_overhead = KM_RSA_BLOCK_SIZE;

        // encrypted data may be longer
        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(dataSize + enc_overhead, false));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
        sOut.Serialize(outMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);

        Execute(CMD_EXPORT_WRAPPED_KEY, &op);

        sOut.Deserialize(outMemory);

        RawBuffer wrappedKey;
        sOut.Pull(wrappedKey);

        return wrappedKey;
}

void TrustZoneContext::GetDataSize(const RawBuffer &dataId,
                                                                   const Pwd &pwd,
                                                                   const tz_data_type type,
                                                                   uint32_t &dataSize)
{
        // command ID = CMD_GET_DATA_SIZE
        LogDebug("Object ID (passed to CMD_GET_DATA_SIZE) is (hex): " << rawToHexString(dataId));

        auto sIn = makeSerializer(dataId, pwd, type);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_OUTPUT, inMemory);

        Execute(CMD_GET_DATA_SIZE, &op);
        dataSize = op.params[0].value.b;
}

void TrustZoneContext::getData(const RawBuffer &dataId,
                         const Pwd &pwd,
                         const tz_data_type type,
                         RawBuffer &data)
{
        // command ID = CMD_GET_DATA
        LogDebug("Object ID (passed to CMD_GET_DATA) is (hex): " << rawToHexString(dataId));

        auto sIn = makeSerializer(dataId, pwd, type);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        uint32_t data_size = 0;
        GetDataSize(dataId, pwd, type, data_size);

        LogDebug("GetData data_size = [" << data_size << "]");

        TZSerializer sOut;
        sOut.Push(new TZSerializableBinary(data_size));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
        sOut.Serialize(outMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);

        Execute(CMD_GET_DATA, &op);

        sOut.Deserialize(outMemory);
        sOut.Pull(data);
}


void TrustZoneContext::destroyData(const RawBuffer &dataId)
{
        //      command ID = CMD_DESTROY_DATA
        LogDebug("Object ID (passed to CMD_GET_DATA) is (hex): " << rawToHexString(dataId));
        auto sIn = makeSerializer(dataId);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TEEC_Operation op = makeOp(TEEC_VALUE_OUTPUT, inMemory);

        Execute(CMD_DESTROY_DATA, &op);
}

TZSerializablePwdData* makeSerializablePwd(const Pwd &pwd)
{
        auto &tag = pwd.getTag();
        return new TZSerializablePwdData(pwd.getPassword(), pwd.getIV(), tag.size() * 8, tag);
}

void TrustZoneContext::executeEcdh(const RawBuffer &prvKeyId,
                                                                   const Pwd &prvKeyPwd,
                                                                   const tz_ec curve,
                                                                   const RawBuffer &pubX,
                                                                   const RawBuffer &pubY,
                                                                   const RawBuffer &secretPwdBuf,
                                                                   const RawBuffer &secretPwdIV,
                                                                   RawBuffer &secretTag,
                                                                   const RawBuffer &secretHash)
{
        // command ID = CMD_DERIVE
        LogDebug("TrustZoneContext::executeEcdh");

        auto sIn = makeSerializer(
                prvKeyId, prvKeyPwd, curve, pubX, pubY, EncPwd{secretPwdBuf, secretPwdIV}, secretHash);
        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        if (!secretPwdBuf.empty()) {
                sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));
        }

        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
        if (!secretPwdBuf.empty())
                op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = ALGO_ECDH_DRV;

        Execute(CMD_DERIVE, &op);

        if (!secretPwdBuf.empty()) {
                sOut.Deserialize(outMemory);
                sOut.Pull(secretTag);
        }

        LogDebug("Derived object ID is (hex): " << rawToHexString(secretHash));
}

void TrustZoneContext::executeKbkdf(const RawBuffer& secretId,
                                                                        const Pwd& secretPwd,
                                                                        size_t length,
                                                                        const RawBuffer& label,
                                                                        const RawBuffer& context,
                                                                        const RawBuffer& fixed,
                                                                        tz_prf prf,
                                                                        tz_kbkdf_mode mode,
                                                                        tz_kbkdf_ctr_loc location,
                                                                        size_t rlen,
                                                                        size_t llen,
                                                                        bool noSeparator,
                                                                        const RawBuffer &keyPwdBuf,
                                                                        const RawBuffer &keyPwdIV,
                                                                        RawBuffer &keyTag,
                                                                        const RawBuffer &keyHash)
{
        // command ID = CMD_DERIVE
        LogDebug("TrustZoneContext::executeKbkdf");

        auto sIn = makeSerializer(secretId,
                                                          secretPwd,
                                                          length,
                                                          label,
                                                          context,
                                                          fixed,
                                                          prf,
                                                          mode,
                                                          location,
                                                          rlen,
                                                          llen,
                                                          noSeparator,
                                                          EncPwd{keyPwdBuf, keyPwdIV}, keyHash);

        TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
        sIn.Serialize(inMemory);

        TZSerializer sOut;
        if (!keyPwdBuf.empty()) {
                sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));
        }

        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);

        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
        if (!keyPwdBuf.empty())
                op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
        op.params[0].value.a = ALGO_KBKDF_DRV;

        Execute(CMD_DERIVE, &op);

        if (!keyPwdBuf.empty()) {
                sOut.Deserialize(outMemory);
                sOut.Pull(keyTag);
        }

        LogDebug("Derived object ID is (hex): " << rawToHexString(keyHash));
}

uint32_t TrustZoneContext::getMaxChunkSize()
{
        // command ID = CMD_GET_MAX_CHUNK_SIZE
        LogDebug("TrustZoneContext::getMaxChunkSize");

        TEEC_Operation op;
        op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_OUTPUT, TEEC_NONE, TEEC_NONE, TEEC_NONE);

        Execute(CMD_GET_MAX_CHUNK_SIZE, &op);

        return op.params[0].value.b;
}

void TrustZoneContext::Initialize()
{
        TEEC_Operation op;
        TEEC_Result result;
        uint32_t retOrigin;

        op.paramTypes = TEEC_PARAM_TYPES(TEEC_NONE, TEEC_NONE, TEEC_NONE, TEEC_NONE);

        result = TEEC_InitializeContext(nullptr, &m_Context);
        if (result != TEEC_SUCCESS) {
                ThrowErr(Exc::Crypto::InternalError, "Failed to initialize TEE context: ", result);
        }
        m_ContextInitialized = true;

        result = TEEC_OpenSession(&m_Context, &m_Session, &KEY_MANAGER_TA_UUID, 0, nullptr, &op, &retOrigin);
        if (result != TEEC_SUCCESS) {
                ThrowErr(Exc::Crypto::InternalError, "Failed to open session to Key Manager TA: ", result);
        }
        m_SessionInitialized = true;
}

void TrustZoneContext::Destroy()
{
        if (m_SessionInitialized) {
                TEEC_CloseSession(&m_Session);
                m_SessionInitialized = false;
        }

        if (m_ContextInitialized) {
                TEEC_FinalizeContext(&m_Context);
                m_ContextInitialized = false;
        }
}

void TrustZoneContext::Reload()
{
        Destroy();
        Initialize();
}

void TrustZoneContext::Execute(tz_command commandID, TEEC_Operation* op)
{
        uint32_t retOrigin = 0;
        LogDebug("Executing TZ operation " << commandID);

        TEEC_Result result = TEEC_InvokeCommand(&m_Session, static_cast<unsigned int>(commandID), op, &retOrigin);
        if (result != TEEC_SUCCESS) {
                switch (result) {
                case TEEC_ERROR_TARGET_DEAD:
                        Reload();
                        ThrowErr(Exc::Crypto::InternalError, "TA panicked while executing command ",
                                        static_cast<unsigned int>(commandID));
                case TEEC_ERROR_BAD_PARAMETERS:
                        ThrowErr(Exc::Crypto::InputParam, "Incorrect parameters provided to TA");
                default:
                        ThrowErr(Exc::Crypto::InternalError, "TA failed to invoke command ",
                                        static_cast<unsigned int>(commandID), " with error: ", std::hex,
                                        static_cast<unsigned int>(result), " with origin: ", std::hex,
                                        retOrigin);
                }
        }

        int ta_ret = op->params[0].value.a;
        switch (ta_ret) {
        case KM_TA_SUCCESS:
        case KM_TA_ERROR_SIGNATURE:
                break;
        case KM_TA_ERROR_AUTH_FAILED:
                // Authentication cipher failed - notify with proper exception
                ThrowErr(Exc::AuthenticationFailed, "Crypto operation authentication failed");
        default:
                ThrowErr(Exc::Crypto::InternalError, "Unknown TA error during operation: ", ta_ret);
        }
}

} // namespace Internals
} // namespace TZ
} // namespace Crypto
} // namespace CKM