projects / platform / core / security / key-manager.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix secret pwd passing in TZ backend KBKDF
[platform/core/security/key-manager.git] / src / manager / crypto / tz-backend / tz-context.cpp
diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index 1359258..ad09c65 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -50,6 +50,9 @@ namespace {
 // whatever TA will return us.
 const uint32_t CIPHER_EXTRA_PADDING_SIZE = 16;
 
+// Maximum size of GCM tag in bytes.
+const size_t MAX_GCM_TAG_SIZE = 16;
+
 // Identifier of our TA
 const TEEC_UUID KEY_MANAGER_TA_UUID = KM_TA_UUID;
 
@@ -547,7 +550,7 @@ RawBuffer TrustZoneContext::finalizeGcmCipher(uint32_t opId,
        sIn.Serialize(inMemory);
 
        TZSerializer sOut;
-       sOut.Push(new TZSerializableBinary(data.size()));
+       sOut.Push(new TZSerializableBinary(MAX_GCM_TAG_SIZE, false));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
 
        TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
@@ -887,6 +890,7 @@ void TrustZoneContext::executeEcdh(const RawBuffer &prvKeyId,
 }
 
 void TrustZoneContext::executeKbkdf(const RawBuffer& secretId,
+                                                                       const Pwd& secretPwd,
                                                                        const RawBuffer& label,
                                                                        const RawBuffer& context,
                                                                        const RawBuffer& fixed,
@@ -905,6 +909,7 @@ void TrustZoneContext::executeKbkdf(const RawBuffer& secretId,
        LogDebug("TrustZoneContext::executeKbkdf");
 
        auto sIn = makeSerializer(secretId,
+                                                         secretPwd,
                                                          label,
                                                          context,
                                                          fixed,
Domain: Security / Utilities;