switch (algo) {
case AlgoType::AES_CTR:
iv = unpack<RawBuffer>(alg, ParamName::ED_IV);
- ctrLenOrTagSizeBits = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+ ctrLenOrTagSizeBits = Params::DEFAULT_AES_IV_LEN * 8;
+ alg.getParam(ParamName::ED_CTR_LEN, ctrLenOrTagSizeBits);
// counter length is in bits
if (ctrLenOrTagSizeBits != Params::DEFAULT_AES_IV_LEN * 8) {
LogError("CTR length invalid: " << std::to_string(ctrLenOrTagSizeBits));
const RawBuffer &data)
{
AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
- uint64_t ctrLen = 0;
+ uint64_t ctrLen = Params::DEFAULT_AES_IV_LEN * 8;
switch (algo) {
case AlgoType::AES_CTR: {
- ctrLen = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+ alg.getParam(ParamName::ED_CTR_LEN, ctrLen);
// counter length is in bits
if (ctrLen != Params::DEFAULT_AES_IV_LEN * 8) {
LogError("CTR length invalid: " << std::to_string(ctrLen));
const RawBuffer &data)
{
AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
- uint64_t ctrLen = 0;
+ uint64_t ctrLen = Params::DEFAULT_AES_IV_LEN * 8;
switch (algo) {
case AlgoType::AES_CTR: {
- ctrLen = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+ alg.getParam(ParamName::ED_CTR_LEN, ctrLen);
// counter length is in bits
if (ctrLen != Params::DEFAULT_AES_IV_LEN * 8) {
LogError("CTR length invalid: " << std::to_string(ctrLen));
RawBuffer secretPwdBuf(secretPwd.begin(), secretPwd.end());
+ int pubCurve = EC_GROUP_get_curve_name(ecGroup);
+ tz_ec tzCurve;
+ switch (pubCurve)
+ {
+ case NID_X9_62_prime192v1:
+ tzCurve = EC_NIST_P192;
+ break;
+
+ case NID_X9_62_prime256v1:
+ tzCurve = EC_NIST_P256;
+ break;
+
+ case NID_secp384r1:
+ tzCurve = EC_NIST_P384;
+ break;
+
+ default:
+ ThrowErr(Exc::Crypto::InputParam, "Unsupported public key EC");
+ }
+
TrustZoneContext::Instance().executeEcdh(prvKeyId,
prvKeyPwd,
+ tzCurve,
xBuf,
yBuf,
secretPwdBuf,
const RawBuffer &keyHash)
{
RawBuffer label, context, fixed;
- size_t length;
+ KbkdfCounterLocation counterLocation;
+ KdfPrf prf;
+ KbkdfMode mode;
+ size_t length, rlenBits = 32, llenBits = 32, tmp;
+ bool hasLabel = alg.getParam(ParamName::KBKDF_LABEL, label);
+ bool hasContext = alg.getParam(ParamName::KBKDF_CONTEXT, context);
+ bool hasFixed = alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
+ alg.getParam(ParamName::KBKDF_COUNTER_LOCATION, counterLocation);
+ alg.getParam(ParamName::KBKDF_MODE, mode);
+ alg.getParam(ParamName::KDF_PRF, prf);
alg.getParam(ParamName::KDF_LEN, length);
- alg.getParam(ParamName::KBKDF_LABEL, label);
- alg.getParam(ParamName::KBKDF_CONTEXT, context);
- alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
- auto prf = unpack<KdfPrf>(alg, ParamName::KDF_PRF);
- auto mode = unpack<KbkdfMode>(alg, ParamName::KBKDF_MODE);
- auto location = unpack<KbkdfCounterLocation>(alg, ParamName::KBKDF_COUNTER_LOCATION);
-
- size_t rlen = 32, llen = 32, dummy;
- alg.getParam(ParamName::KBKDF_RLEN, rlen);
- alg.getParam(ParamName::KBKDF_LLEN, llen);
- bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, dummy);
+ alg.getParam(ParamName::KBKDF_RLEN, rlenBits);
+ bool hasLLen = alg.getParam(ParamName::KBKDF_LLEN, llenBits);
+ bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, tmp);
+
+ RawBuffer key;
+ if (hasFixed) {
+ if (hasLabel || hasContext || noSeparator || hasLLen ||
+ counterLocation == KbkdfCounterLocation::MIDDLE_FIXED)
+ ThrowErr(Exc::Crypto::InputParam, "Unexpected parameters for fixed input mode.");
+ } else {
+ if (!hasLabel || !hasContext)
+ ThrowErr(Exc::Crypto::InputParam, "Missing label and/or context.");
+
+ if (llenBits != 0 && llenBits != 8 && llenBits != 16 && llenBits != 24 && llenBits != 32)
+ ThrowErr(Exc::Crypto::InputParam, "Invalid llen value");
+ }
+ if (length != 16 && length != 24 && length != 32)
+ ThrowErr(Exc::Crypto::InputParam, "Invalid key length");
+
+ if (rlenBits != 8 && rlenBits != 16 && rlenBits != 24 && rlenBits != 32)
+ ThrowErr(Exc::Crypto::InputParam, "Invalid rlen value");
RawBuffer keyPwdBuf(keyPwd.begin(), keyPwd.end());
fixed,
toTzPrf(prf),
toTzKbkdfMode(mode),
- toTzCtrLoc(location),
- rlen,
- llen,
+ toTzCtrLoc(counterLocation),
+ rlenBits,
+ llenBits,
noSeparator,
keyPwdBuf,
keyPwdIV,
projects / platform / core / security / key-manager.git / blobdiff