switch (algo) {
case AlgoType::AES_CTR:
iv = unpack<RawBuffer>(alg, ParamName::ED_IV);
- ctrLenOrTagSizeBits = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+ ctrLenOrTagSizeBits = Params::DEFAULT_AES_IV_LEN * 8;
+ alg.getParam(ParamName::ED_CTR_LEN, ctrLenOrTagSizeBits);
// counter length is in bits
if (ctrLenOrTagSizeBits != Params::DEFAULT_AES_IV_LEN * 8) {
LogError("CTR length invalid: " << std::to_string(ctrLenOrTagSizeBits));
break;
case AlgoType::AES_GCM:
iv = unpack<RawBuffer>(alg, ParamName::ED_IV);
+ ctrLenOrTagSizeBits = Params::DEFAULT_AES_GCM_TAG_LEN_BITS;
alg.getParam(ParamName::ED_TAG_LEN, ctrLenOrTagSizeBits);
alg.getParam(ParamName::ED_AAD, aad);
break;
const Pwd &wrappingKeyPwd,
const CryptoAlgorithm &alg,
const RawBuffer &keyToWrapId,
- const Pwd &keyToWrapPwd)
+ const Pwd &keyToWrapPwd,
+ const DataType &keyToWrapType)
{
AlgoType algo;
uint32_t ctrLenOrTagSizeBits = 0;
ctrLenOrTagSizeBits,
aad,
keyToWrapId,
- keyToWrapPwd);
+ keyToWrapPwd,
+ toTzDataType(keyToWrapType));
}
RawBuffer getData(const RawBuffer &dataId,
- const Pwd &pwd)
+ const Pwd &pwd,
+ const DataType &type)
{
RawBuffer result;
TrustZoneContext::Instance().getData(dataId,
pwd,
+ toTzDataType(type),
result);
return result;
}
const RawBuffer &data)
{
AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
- uint64_t ctrLen = 0;
+ uint64_t ctrLen = Params::DEFAULT_AES_IV_LEN * 8;
switch (algo) {
case AlgoType::AES_CTR: {
- ctrLen = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+ alg.getParam(ParamName::ED_CTR_LEN, ctrLen);
// counter length is in bits
if (ctrLen != Params::DEFAULT_AES_IV_LEN * 8) {
LogError("CTR length invalid: " << std::to_string(ctrLen));
const RawBuffer &data)
{
AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
- uint64_t ctrLen = 0;
+ uint64_t ctrLen = Params::DEFAULT_AES_IV_LEN * 8;
switch (algo) {
case AlgoType::AES_CTR: {
- ctrLen = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+ alg.getParam(ParamName::ED_CTR_LEN, ctrLen);
// counter length is in bits
if (ctrLen != Params::DEFAULT_AES_IV_LEN * 8) {
LogError("CTR length invalid: " << std::to_string(ctrLen));
return TrustZoneContext::Instance().finalizeGcmCipher(opId, data);
}
+void cleanupCipher(uint32_t opId)
+{
+ return TrustZoneContext::Instance().cleanupCipher(opId);
+}
+
RawBuffer sign(const RawBuffer &pkeyId,
const Pwd &pwd,
const CryptoAlgorithm &alg,
RawBuffer secretPwdBuf(secretPwd.begin(), secretPwd.end());
+ int pubCurve = EC_GROUP_get_curve_name(ecGroup);
+ tz_ec tzCurve;
+ switch (pubCurve)
+ {
+ case NID_X9_62_prime192v1:
+ tzCurve = EC_NIST_P192;
+ break;
+
+ case NID_X9_62_prime256v1:
+ tzCurve = EC_NIST_P256;
+ break;
+
+ case NID_secp384r1:
+ tzCurve = EC_NIST_P384;
+ break;
+
+ default:
+ ThrowErr(Exc::Crypto::InputParam, "Unsupported public key EC");
+ }
+
TrustZoneContext::Instance().executeEcdh(prvKeyId,
prvKeyPwd,
+ tzCurve,
xBuf,
yBuf,
secretPwdBuf,
const RawBuffer &keyHash)
{
RawBuffer label, context, fixed;
- alg.getParam(ParamName::KBKDF_LABEL, label);
- alg.getParam(ParamName::KBKDF_CONTEXT, context);
- alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
- auto prf = unpack<KdfPrf>(alg, ParamName::KDF_PRF);
- auto mode = unpack<KbkdfMode>(alg, ParamName::KBKDF_MODE);
- auto location = unpack<KbkdfCounterLocation>(alg, ParamName::KBKDF_COUNTER_LOCATION);
-
- size_t rlen = 32, llen = 32, dummy;
- alg.getParam(ParamName::KBKDF_RLEN, rlen);
- alg.getParam(ParamName::KBKDF_LLEN, llen);
- bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, dummy);
+ KbkdfCounterLocation counterLocation;
+ KdfPrf prf;
+ KbkdfMode mode;
+ size_t length, rlenBits = 32, llenBits = 32, tmp;
+ bool hasLabel = alg.getParam(ParamName::KBKDF_LABEL, label);
+ bool hasContext = alg.getParam(ParamName::KBKDF_CONTEXT, context);
+ bool hasFixed = alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
+ alg.getParam(ParamName::KBKDF_COUNTER_LOCATION, counterLocation);
+ alg.getParam(ParamName::KBKDF_MODE, mode);
+ alg.getParam(ParamName::KDF_PRF, prf);
+ alg.getParam(ParamName::KDF_LEN, length);
+ alg.getParam(ParamName::KBKDF_RLEN, rlenBits);
+ bool hasLLen = alg.getParam(ParamName::KBKDF_LLEN, llenBits);
+ bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, tmp);
+
+ RawBuffer key;
+ if (hasFixed) {
+ if (hasLabel || hasContext || noSeparator || hasLLen ||
+ counterLocation == KbkdfCounterLocation::MIDDLE_FIXED)
+ ThrowErr(Exc::Crypto::InputParam, "Unexpected parameters for fixed input mode.");
+ } else {
+ if (!hasLabel || !hasContext)
+ ThrowErr(Exc::Crypto::InputParam, "Missing label and/or context.");
+
+ if (llenBits != 0 && llenBits != 8 && llenBits != 16 && llenBits != 24 && llenBits != 32)
+ ThrowErr(Exc::Crypto::InputParam, "Invalid llen value");
+ }
+ if (length != 16 && length != 24 && length != 32)
+ ThrowErr(Exc::Crypto::InputParam, "Invalid key length");
+
+ if (rlenBits != 8 && rlenBits != 16 && rlenBits != 24 && rlenBits != 32)
+ ThrowErr(Exc::Crypto::InputParam, "Invalid rlen value");
RawBuffer keyPwdBuf(keyPwd.begin(), keyPwd.end());
TrustZoneContext::Instance().executeKbkdf(secretId,
secretPwd,
+ length,
label,
context,
fixed,
toTzPrf(prf),
toTzKbkdfMode(mode),
- toTzCtrLoc(location),
- rlen,
- llen,
+ toTzCtrLoc(counterLocation),
+ rlenBits,
+ llenBits,
noSeparator,
keyPwdBuf,
keyPwdIV,
keyHash);
}
+size_t maxChunkSize()
+{
+ return TrustZoneContext::Instance().getMaxChunkSize();
+}
} // namespace Internals
} // namespace TZ
projects / platform / core / security / key-manager.git / blobdiff