projects / platform / core / security / key-manager.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Check KBKDF parameters on key-manager side
[platform/core/security/key-manager.git] / src / manager / crypto / tz-backend / internals.cpp
diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index d732c4c..2a5d83c 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -95,8 +95,10 @@ tz_data_type toTzDataType(const CKM::DataType dataType) {
        case CKM::DataType::KEY_AES:           return TYPE_SKEY;
        case CKM::DataType::KEY_DSA_PRIVATE:   return TYPE_AKEY_PRIVATE_DSA;
        case CKM::DataType::KEY_RSA_PRIVATE:   return TYPE_AKEY_PRIVATE_RSA;
+       case CKM::DataType::KEY_ECDSA_PRIVATE: return TYPE_AKEY_PRIVATE_EC;
        case CKM::DataType::KEY_DSA_PUBLIC:    return TYPE_AKEY_PUBLIC_DSA;
        case CKM::DataType::KEY_RSA_PUBLIC:    return TYPE_AKEY_PUBLIC_RSA;
+       case CKM::DataType::KEY_ECDSA_PUBLIC:  return TYPE_AKEY_PUBLIC_EC;
        default:
                ThrowErr(CKM::Exc::Crypto::DataTypeNotSupported,
                        "Data type could not be imported by tz-backend");
@@ -201,7 +203,8 @@ void decompose(const CryptoAlgorithm &alg,
        switch (algo) {
                case AlgoType::AES_CTR:
                        iv = unpack<RawBuffer>(alg, ParamName::ED_IV);
-                       ctrLenOrTagSizeBits = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+                       ctrLenOrTagSizeBits = Params::DEFAULT_AES_IV_LEN * 8;
+                       alg.getParam(ParamName::ED_CTR_LEN, ctrLenOrTagSizeBits);
                        // counter length is in bits
                        if (ctrLenOrTagSizeBits != Params::DEFAULT_AES_IV_LEN * 8) {
                                LogError("CTR length invalid: " << std::to_string(ctrLenOrTagSizeBits));
@@ -216,6 +219,7 @@ void decompose(const CryptoAlgorithm &alg,
                        break;
                case AlgoType::AES_GCM:
                        iv = unpack<RawBuffer>(alg, ParamName::ED_IV);
+                       ctrLenOrTagSizeBits = Params::DEFAULT_AES_GCM_TAG_LEN_BITS;
                        alg.getParam(ParamName::ED_TAG_LEN, ctrLenOrTagSizeBits);
                        alg.getParam(ParamName::ED_AAD, aad);
                        break;
@@ -337,9 +341,9 @@ AlgoType generateAKey(const CryptoAlgorithm &alg,
        return keyType;
 }
 
-void destroyKey(const RawBuffer &key)
+void destroyKey(const RawBuffer &keyId)
 {
-       TrustZoneContext::Instance().executeDestroy(key);
+       TrustZoneContext::Instance().executeDestroy(keyId);
 }
 
 void importData(const Data &data,
@@ -364,7 +368,7 @@ void importData(const Data &data,
                                                                                hash);
 }
 
-void importWrappedKey(const RawBuffer &wrappingKey,
+void importWrappedKey(const RawBuffer &wrappingKeyId,
                                          const Pwd &wrappingKeyPwd,
                                          const CryptoAlgorithm &alg,
                                          const Data &encryptedKey,
@@ -382,7 +386,7 @@ void importWrappedKey(const RawBuffer &wrappingKey,
        decompose(alg, algo, ctrLenOrTagSizeBits, iv, aad);
 
        // TODO it is awful!
-       TrustZoneContext::Instance().importWrappedKey(wrappingKey,
+       TrustZoneContext::Instance().importWrappedKey(wrappingKeyId,
                                                                                                  wrappingKeyPwd,
                                                                                                  getAlgType(algo),
                                                                                                  iv,
@@ -396,11 +400,12 @@ void importWrappedKey(const RawBuffer &wrappingKey,
                                                                                                  encryptedKeyId);
 }
 
-RawBuffer exportWrappedKey(const RawBuffer &wrappingKey,
+RawBuffer exportWrappedKey(const RawBuffer &wrappingKeyId,
                                                   const Pwd &wrappingKeyPwd,
                                                   const CryptoAlgorithm &alg,
                                                   const RawBuffer &keyToWrapId,
-                                                  const Pwd &keyToWrapPwd)
+                                                  const Pwd &keyToWrapPwd,
+                                                  const DataType &keyToWrapType)
 {
        AlgoType algo;
        uint32_t ctrLenOrTagSizeBits = 0;
@@ -409,22 +414,25 @@ RawBuffer exportWrappedKey(const RawBuffer &wrappingKey,
        decompose(alg, algo, ctrLenOrTagSizeBits, iv, aad);
 
        // TODO it is awful!
-       return TrustZoneContext::Instance().exportWrappedKey(wrappingKey,
+       return TrustZoneContext::Instance().exportWrappedKey(wrappingKeyId,
                                                                                                                 wrappingKeyPwd,
                                                                                                                 getAlgType(algo),
                                                                                                                 iv,
                                                                                                                 ctrLenOrTagSizeBits,
                                                                                                                 aad,
                                                                                                                 keyToWrapId,
-                                                                                                                keyToWrapPwd);
+                                                                                                                keyToWrapPwd,
+                                                                                                                toTzDataType(keyToWrapType));
 }
 
 RawBuffer getData(const RawBuffer &dataId,
-                                 const Pwd &pwd)
+                                 const Pwd &pwd,
+                                 const DataType &type)
 {
        RawBuffer result;
        TrustZoneContext::Instance().getData(dataId,
                                 pwd,
+                                toTzDataType(type),
                                 result);
        return result;
 }
@@ -434,7 +442,7 @@ void destroyData(const RawBuffer &dataId)
        TrustZoneContext::Instance().destroyData(dataId);
 }
 
-BufferPair encryptDataAesGcm(const RawBuffer &key,
+BufferPair encryptDataAesGcm(const RawBuffer &keyId,
                                                        const Pwd &pwd,
                                                        const RawBuffer &iv,
                                                        int tagSize,
@@ -444,26 +452,26 @@ BufferPair encryptDataAesGcm(const RawBuffer &key,
        RawBuffer result;
        RawBuffer tag;
 
-       TrustZoneContext::Instance().executeEncryptAE(key, pwd, iv, tagSize,
+       TrustZoneContext::Instance().executeEncryptAE(keyId, pwd, iv, tagSize,
                                                                                                aad, data, result, tag);
 
        return std::make_pair(result, tag);
 }
 
-RawBuffer encryptDataAesGcmPacked(const RawBuffer &key,
+RawBuffer encryptDataAesGcmPacked(const RawBuffer &keyId,
                                                                const Pwd &pwd,
                                                                const RawBuffer &iv,
                                                                int tagSize,
                                                                const RawBuffer &data,
                                                                const RawBuffer &aad)
 {
-       auto pair = encryptDataAesGcm(key, pwd, iv, tagSize, data, aad);
+       auto pair = encryptDataAesGcm(keyId, pwd, iv, tagSize, data, aad);
        std::copy(pair.second.begin(), pair.second.end(),
                        std::back_inserter(pair.first));
        return pair.first;
 }
 
-RawBuffer decryptDataAesGcm(const RawBuffer &key,
+RawBuffer decryptDataAesGcm(const RawBuffer &keyId,
                                                        const Pwd &pwd,
                                                        const RawBuffer &iv,
                                                        int tagSizeBits,
@@ -473,13 +481,13 @@ RawBuffer decryptDataAesGcm(const RawBuffer &key,
 {
        RawBuffer result;
 
-       TrustZoneContext::Instance().executeDecryptAE(key, pwd, iv, tagSizeBits,
+       TrustZoneContext::Instance().executeDecryptAE(keyId, pwd, iv, tagSizeBits,
                                                                                                tag, aad, data, result);
 
        return result;
 }
 
-RawBuffer decryptDataAesGcmPacked(const RawBuffer &key,
+RawBuffer decryptDataAesGcmPacked(const RawBuffer &keyId,
                                                                const Pwd &pwd,
                                                                const RawBuffer &iv,
                                                                int tagSizeBits,
@@ -491,7 +499,7 @@ RawBuffer decryptDataAesGcmPacked(const RawBuffer &key,
                ThrowErr(Exc::Crypto::InputParam, "Wrong size of tag");
 
        auto tagPos = data.data() + data.size() - tagSizeBytes;
-       return decryptDataAesGcm(key,
+       return decryptDataAesGcm(keyId,
                                                        pwd,
                                                        iv,
                                                        tagSizeBits,
@@ -501,17 +509,17 @@ RawBuffer decryptDataAesGcmPacked(const RawBuffer &key,
 }
 
 
-RawBuffer symmetricEncrypt(const RawBuffer &key,
+RawBuffer symmetricEncrypt(const RawBuffer &keyId,
                                                const Pwd &pwd,
                                                const CryptoAlgorithm &alg,
                                                const RawBuffer &data)
 {
        AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
-       uint64_t ctrLen = 0;
+       uint64_t ctrLen = Params::DEFAULT_AES_IV_LEN * 8;
 
        switch (algo) {
                case AlgoType::AES_CTR: {
-                       ctrLen = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+                       alg.getParam(ParamName::ED_CTR_LEN, ctrLen);
                        // counter length is in bits
                        if (ctrLen != Params::DEFAULT_AES_IV_LEN * 8) {
                                LogError("CTR length invalid: " << std::to_string(ctrLen));
@@ -525,7 +533,7 @@ RawBuffer symmetricEncrypt(const RawBuffer &key,
                        RawBuffer result;
                        TrustZoneContext::Instance().executeCrypt(CMD_ENCRYPT,
                                                                                                        getAlgType(algo),
-                                                                                                       key,
+                                                                                                       keyId,
                                                                                                        pwd,
                                                                                                        unpack<RawBuffer>(alg, ParamName::ED_IV),
                                                                                                        data,
@@ -537,7 +545,7 @@ RawBuffer symmetricEncrypt(const RawBuffer &key,
                        alg.getParam(ParamName::ED_TAG_LEN, tagLenBits);
                        RawBuffer aad;
                        alg.getParam(ParamName::ED_AAD, aad);
-                       return encryptDataAesGcmPacked(key,
+                       return encryptDataAesGcmPacked(keyId,
                                                                                pwd,
                                                                                unpack<RawBuffer>(alg, ParamName::ED_IV),
                                                                                tagLenBits,
@@ -552,17 +560,17 @@ RawBuffer symmetricEncrypt(const RawBuffer &key,
                                "Incorrect algorithm provided for symmetric crypto operation");
 }
 
-RawBuffer symmetricDecrypt(const RawBuffer &key,
+RawBuffer symmetricDecrypt(const RawBuffer &keyId,
                                                const Pwd &pwd,
                                                const CryptoAlgorithm &alg,
                                                const RawBuffer &data)
 {
        AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
-       uint64_t ctrLen = 0;
+       uint64_t ctrLen = Params::DEFAULT_AES_IV_LEN * 8;
 
        switch (algo) {
                case AlgoType::AES_CTR: {
-                       ctrLen = unpack<uint64_t>(alg, ParamName::ED_CTR_LEN);
+                       alg.getParam(ParamName::ED_CTR_LEN, ctrLen);
                        // counter length is in bits
                        if (ctrLen != Params::DEFAULT_AES_IV_LEN * 8) {
                                LogError("CTR length invalid: " << std::to_string(ctrLen));
@@ -576,7 +584,7 @@ RawBuffer symmetricDecrypt(const RawBuffer &key,
                        RawBuffer result;
                        TrustZoneContext::Instance().executeCrypt(CMD_DECRYPT,
                                                                                                        getAlgType(algo),
-                                                                                                       key,
+                                                                                                       keyId,
                                                                                                        pwd,
                                                                                                        unpack<RawBuffer>(alg, ParamName::ED_IV),
                                                                                                        data,
@@ -588,7 +596,7 @@ RawBuffer symmetricDecrypt(const RawBuffer &key,
                        alg.getParam(ParamName::ED_TAG_LEN, tagSizeBits);
                        RawBuffer aad;
                        alg.getParam(ParamName::ED_AAD, aad);
-                       return decryptDataAesGcmPacked(key,
+                       return decryptDataAesGcmPacked(keyId,
                                                                                pwd,
                                                                                unpack<RawBuffer>(alg, ParamName::ED_IV),
                                                                                tagSizeBits,
@@ -603,7 +611,7 @@ RawBuffer symmetricDecrypt(const RawBuffer &key,
                                "Incorrect algorithm provided for symmetric crypto operation");
 }
 
-RawBuffer asymmetricEncrypt(const RawBuffer &key,
+RawBuffer asymmetricEncrypt(const RawBuffer &keyId,
                                                        const Pwd &pwd,
                                                        const CryptoAlgorithm &alg,
                                                        const RawBuffer &data)
@@ -616,7 +624,7 @@ RawBuffer asymmetricEncrypt(const RawBuffer &key,
        case AlgoType::RSA_OAEP: {
                TrustZoneContext::Instance().executeCrypt(CMD_ENCRYPT,
                                                                                                getAlgType(algo),
-                                                                                               key,
+                                                                                               keyId,
                                                                                                pwd,
                                                                                                result, // unused dummy
                                                                                                data,
@@ -631,7 +639,7 @@ RawBuffer asymmetricEncrypt(const RawBuffer &key,
                                "Incorrect algorithm provided for asymmetric crypto operation");
 }
 
-RawBuffer asymmetricDecrypt(const RawBuffer &key,
+RawBuffer asymmetricDecrypt(const RawBuffer &keyId,
                                                        const Pwd &pwd,
                                                        const CryptoAlgorithm &alg,
                                                        const RawBuffer &cipher)
@@ -644,7 +652,7 @@ RawBuffer asymmetricDecrypt(const RawBuffer &key,
        case AlgoType::RSA_OAEP: {
                TrustZoneContext::Instance().executeCrypt(CMD_DECRYPT,
                                                                                                getAlgType(algo),
-                                                                                               key,
+                                                                                               keyId,
                                                                                                pwd,
                                                                                                result, // unused dummy
                                                                                                cipher,
@@ -659,7 +667,63 @@ RawBuffer asymmetricDecrypt(const RawBuffer &key,
                                "Incorrect algorithm provided for asymmetric crypto operation");
 }
 
-RawBuffer sign(const RawBuffer &pkey,
+uint32_t initCipher(const RawBuffer &keyId,
+                                       const Pwd &pwd,
+                                       const CryptoAlgorithm &alg,
+                                       bool encrypt)
+{
+       AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
+
+       switch (algo)
+       {
+       case AlgoType::AES_GCM: {
+               int tagSizeBits = Params::DEFAULT_AES_GCM_TAG_LEN_BITS;
+               alg.getParam(ParamName::ED_TAG_LEN, tagSizeBits);
+               RawBuffer aad;
+               alg.getParam(ParamName::ED_AAD, aad);
+               return TrustZoneContext::Instance().initGcmCipher(encrypt ? CIPHER_ENCRYPT : CIPHER_DECRYPT,
+                                                                                                                 keyId,
+                                                                                                                 pwd,
+                                                                                                                 unpack<RawBuffer>(alg, ParamName::ED_IV),
+                                                                                                                 tagSizeBits,
+                                                                                                                 aad);
+       }
+       case AlgoType::AES_CBC:
+       case AlgoType::AES_CTR:
+       case AlgoType::AES_CFB:
+               // TODO optionally implement above modes as well
+       default:
+               break;
+       };
+
+       ThrowErr(Exc::Crypto::OperationNotSupported,
+                        "Incorrect algorithm provided for symmetric crypto operation");
+}
+
+void addAAD(uint32_t opId,
+                       const RawBuffer &aad)
+{
+       TrustZoneContext::Instance().addGcmAAD(opId, aad);
+}
+
+RawBuffer updateCipher(uint32_t opId,
+                                          const RawBuffer &data)
+{
+       return TrustZoneContext::Instance().updateGcmCipher(opId, data);
+}
+
+RawBuffer finalizeCipher(uint32_t opId,
+                                                const RawBuffer &data)
+{
+       return TrustZoneContext::Instance().finalizeGcmCipher(opId, data);
+}
+
+void cleanupCipher(uint32_t opId)
+{
+       return TrustZoneContext::Instance().cleanupCipher(opId);
+}
+
+RawBuffer sign(const RawBuffer &pkeyId,
                        const Pwd &pwd,
                        const CryptoAlgorithm &alg,
                        const RawBuffer &message)
@@ -672,14 +736,14 @@ RawBuffer sign(const RawBuffer &pkey,
        RawBuffer signature;
        TrustZoneContext::Instance().executeSign(getAlgType(algo),
                                                                                        getHashType(hash),
-                                                                                       pkey,
+                                                                                       pkeyId,
                                                                                        pwd,
                                                                                        message,
                                                                                        signature);
        return signature;
 }
 
-int verify(const RawBuffer &pkey,
+int verify(const RawBuffer &pkeyId,
                const Pwd &pwd,
                const CryptoAlgorithm &alg,
                const RawBuffer &message,
@@ -692,13 +756,13 @@ int verify(const RawBuffer &pkey,
 
        return TrustZoneContext::Instance().executeVerify(getAlgType(algo),
                                                                                                        getHashType(hash),
-                                                                                                       pkey,
+                                                                                                       pkeyId,
                                                                                                        pwd,
                                                                                                        message,
                                                                                                        signature);
 }
 
-void deriveECDH(const RawBuffer &prvKey,
+void deriveECDH(const RawBuffer &prvKeyId,
                                const Pwd &prvKeyPwd,
                                const RawBuffer &pubKey,
                                const Password &secretPwd,
@@ -738,8 +802,29 @@ void deriveECDH(const RawBuffer &prvKey,
 
        RawBuffer secretPwdBuf(secretPwd.begin(), secretPwd.end());
 
-       TrustZoneContext::Instance().executeEcdh(prvKey,
+       int pubCurve = EC_GROUP_get_curve_name(ecGroup);
+       tz_ec tzCurve;
+       switch (pubCurve)
+       {
+       case NID_X9_62_prime192v1:
+               tzCurve = EC_NIST_P192;
+               break;
+
+       case NID_X9_62_prime256v1:
+               tzCurve = EC_NIST_P256;
+               break;
+
+       case NID_secp384r1:
+               tzCurve = EC_NIST_P384;
+               break;
+
+       default:
+               ThrowErr(Exc::Crypto::InputParam, "Unsupported public key EC");
+       }
+
+       TrustZoneContext::Instance().executeEcdh(prvKeyId,
                                                                                         prvKeyPwd,
+                                                                                        tzCurve,
                                                                                         xBuf,
                                                                                         yBuf,
                                                                                         secretPwdBuf,
@@ -748,30 +833,61 @@ void deriveECDH(const RawBuffer &prvKey,
                                                                                         secretHash);
 }
 
-void deriveKBKDF(const RawBuffer &secret,
+void deriveKBKDF(const RawBuffer &secretId,
+                                const Pwd &secretPwd,
                                 const CryptoAlgorithm &alg,
                                 const Password &keyPwd,
                                 const RawBuffer &keyPwdIV,
                                 RawBuffer &keyTag,
                                 const RawBuffer &keyHash)
 {
-       auto prf = unpack<KdfPrf>(alg, ParamName::KDF_PRF);
-       auto mode = unpack<KbkdfMode>(alg, ParamName::KBKDF_MODE);
-       auto location = unpack<KbkdfCounterLocation>(alg, ParamName::KBKDF_COUNTER_LOCATION);
+       RawBuffer label, context, fixed;
+       KbkdfCounterLocation counterLocation;
+       KdfPrf prf;
+       KbkdfMode mode;
+       size_t length, rlenBits = 32, llenBits = 32, tmp;
+       bool hasLabel = alg.getParam(ParamName::KBKDF_LABEL, label);
+       bool hasContext = alg.getParam(ParamName::KBKDF_CONTEXT, context);
+       bool hasFixed = alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
+       alg.getParam(ParamName::KBKDF_COUNTER_LOCATION, counterLocation);
+       alg.getParam(ParamName::KBKDF_MODE, mode);
+       alg.getParam(ParamName::KDF_PRF, prf);
+       alg.getParam(ParamName::KDF_LEN, length);
+       alg.getParam(ParamName::KBKDF_RLEN, rlenBits);
+       bool hasLLen = alg.getParam(ParamName::KBKDF_LLEN, llenBits);
+       bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, tmp);
+
+       RawBuffer key;
+       if (hasFixed) {
+               if (hasLabel || hasContext || noSeparator || hasLLen ||
+                       counterLocation == KbkdfCounterLocation::MIDDLE_FIXED)
+                       ThrowErr(Exc::Crypto::InputParam, "Unexpected parameters for fixed input mode.");
+       } else {
+               if (!hasLabel || !hasContext)
+                       ThrowErr(Exc::Crypto::InputParam, "Missing label and/or context.");
+
+               if (llenBits != 0 && llenBits != 8 && llenBits != 16 && llenBits != 24 && llenBits != 32)
+                       ThrowErr(Exc::Crypto::InputParam, "Invalid llen value");
+       }
+       if (length != 16 && length != 24 && length != 32)
+               ThrowErr(Exc::Crypto::InputParam, "Invalid key length");
 
-       size_t rlen = 32, llen = 32, dummy;
-       alg.getParam(ParamName::KBKDF_RLEN, rlen);
-       alg.getParam(ParamName::KBKDF_LLEN, llen);
-       bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, dummy);
+       if (rlenBits != 8 && rlenBits != 16 && rlenBits != 24 && rlenBits != 32)
+               ThrowErr(Exc::Crypto::InputParam, "Invalid rlen value");
 
        RawBuffer keyPwdBuf(keyPwd.begin(), keyPwd.end());
 
-       TrustZoneContext::Instance().executeKbkdf(secret,
+       TrustZoneContext::Instance().executeKbkdf(secretId,
+                                                                                         secretPwd,
+                                                                                         length,
+                                                                                         label,
+                                                                                         context,
+                                                                                         fixed,
                                                                                          toTzPrf(prf),
                                                                                          toTzKbkdfMode(mode),
-                                                                                         toTzCtrLoc(location),
-                                                                                         rlen,
-                                                                                         llen,
+                                                                                         toTzCtrLoc(counterLocation),
+                                                                                         rlenBits,
+                                                                                         llenBits,
                                                                                          noSeparator,
                                                                                          keyPwdBuf,
                                                                                          keyPwdIV,
@@ -779,6 +895,10 @@ void deriveKBKDF(const RawBuffer &secret,
                                                                                          keyHash);
 }
 
+size_t maxChunkSize()
+{
+       return TrustZoneContext::Instance().getMaxChunkSize();
+}
 
 } // namespace Internals
 } // namespace TZ
Domain: Security / Utilities;