// whatever TA will return us.
const uint32_t CIPHER_EXTRA_PADDING_SIZE = 16;
+// Maximum size of GCM tag in bytes.
+const size_t MAX_GCM_TAG_SIZE = 16;
+
// Identifier of our TA
const TEEC_UUID KEY_MANAGER_TA_UUID = KM_TA_UUID;
const std::unordered_map<tz_algo_type, size_t> MAX_KEY_SIZE = {
{ ALGO_RSA, 4096 / 8 },
{ ALGO_RSA_SV, 4096 / 8 },
- { ALGO_DSA_SV, 4096 / 8 }
+ { ALGO_DSA_SV, 4096 / 8 },
+ { ALGO_ECDSA_SV, 1024 / 8 } // 384*2 + additional space for DERR encoding
};
struct EncPwd {
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
- TEEC_Operation op = makeOp(TEEC_VALUE_INPUT, inMemory);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
op.params[0].value.a = opId;
Execute(CMD_CIPHER_INIT_AAD, &op);
sIn.Serialize(inMemory);
TZSerializer sOut;
- sOut.Push(new TZSerializableBinary(data.size()));
+ sOut.Push(new TZSerializableBinary(MAX_GCM_TAG_SIZE, false));
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
LogDebug("Imported object ID is (hex): " << rawToHexString(hash));
}
-void TrustZoneContext::importWrappedKey(const RawBuffer &wrappingKey,
+void TrustZoneContext::importWrappedKey(const RawBuffer &wrappingKeyId,
const Pwd &wrappingKeyPwd,
tz_algo_type algo,
const RawBuffer &iv,
// command ID = CMD_IMPORT_WRAPPED_KEY
LogDebug("TrustZoneContext::importWrappedKey encryptedKey size = [" << encryptedKey.size() << "]");
- auto sIn = makeSerializer(wrappingKey,
+ auto sIn = makeSerializer(wrappingKeyId,
wrappingKeyPwd,
algo,
iv,
LogDebug("Imported object ID is (hex): " << rawToHexString(encryptedKeyId));
}
-RawBuffer TrustZoneContext::exportWrappedKey(const RawBuffer &wrappingKey,
+RawBuffer TrustZoneContext::exportWrappedKey(const RawBuffer &wrappingKeyId,
const Pwd &wrappingKeyPwd,
tz_algo_type algo,
const RawBuffer &iv,
// command ID = CMD_EXPORT_WRAPPED_KEY
LogDebug("TrustZoneContext::exportWrappedKey");
- auto sIn = makeSerializer(wrappingKey,
+ auto sIn = makeSerializer(wrappingKeyId,
wrappingKeyPwd,
algo,
iv,
LogDebug("Derived object ID is (hex): " << rawToHexString(secretHash));
}
-void TrustZoneContext::executeKbkdf(const RawBuffer& secret,
+void TrustZoneContext::executeKbkdf(const RawBuffer& secretId,
+ const Pwd& secretPwd,
const RawBuffer& label,
const RawBuffer& context,
const RawBuffer& fixed,
// command ID = CMD_DERIVE
LogDebug("TrustZoneContext::executeKbkdf");
- auto sIn = makeSerializer(secret,
+ auto sIn = makeSerializer(secretId,
+ secretPwd,
label,
context,
fixed,