}
}
-static uint32_t KM_AlgoHash2SignVerifyAlgo(int algo, int hash)
+static uint32_t KM_AlgoHash2SignVerifyAlgo(int algo, int hash, uint32_t key_size_in_bits)
{
switch (algo) {
case ALGO_RSA_SV: {
}
}
case ALGO_ECDSA_SV: {
- switch (hash) {
- case HASH_SHA1: return TEE_ALG_ECDSA_P192;
- case HASH_SHA256: return TEE_ALG_ECDSA_P256;
- case HASH_SHA384: return TEE_ALG_ECDSA_P384;
- case HASH_SHA512: return TEE_ALG_ECDSA_P521;
+ switch (key_size_in_bits) {
+ case 192: return TEE_ALG_ECDSA_P192;
+ case 256: return TEE_ALG_ECDSA_P256;
+ case 384: return TEE_ALG_ECDSA_P384;
+ case 521: return TEE_ALG_ECDSA_P521;
default: return 0;
}
}
uint32_t outSize = 0;
void *digest = NULL;
uint32_t digestSize = 0;
- uint32_t algo = KM_AlgoHash2SignVerifyAlgo(param[0].value.a, param[0].value.b);
+ uint32_t algo = 0;
+ uint32_t key_size_in_bits = 0;
void *in_buffer = param[1].memref.buffer;
void *out_buffer = param[2].memref.buffer;
uint32_t in_size_guard = param[1].memref.size;
uint32_t out_size_guard = param[2].memref.size;
- if (algo == 0) {
- LOG("Unsupported algorithm provided: %u", algo);
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
if (KM_DeserializeBinaryData(&in_buffer, &in_size_guard, &input_data)) {
LOG("Error in deserialization");
ret = TEE_ERROR_BAD_PARAMETERS;
goto clean;
}
+ TEE_GetObjectInfo(key, &info);
+ key_size_in_bits = KM_MaxObjectSizeBits(&info);
+ if (key_size_in_bits == 0) {
+ // In some implementations, objectSize of key is 0. In such case, use maxObjectSize.
+ key_size_in_bits = KM_MaxObjectSizeBits(&info);
+ }
+
+ algo = KM_AlgoHash2SignVerifyAlgo(param[0].value.a, param[0].value.b, key_size_in_bits);
+ if (algo == 0) {
+ LOG("Unsupported algorithm provided: %u", algo);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
// calculate digest
ret = KM_InputDataDigest(param[0].value.b, &input_data, &digest, &digestSize);
if (ret != TEE_SUCCESS)
goto clean;
}
- TEE_GetObjectInfo(key, &info);
-
outSize = KM_MaxObjectSizeBytes(&info);
if (param[0].value.a == ALGO_ECDSA_SV)
outSize *= 2;
TEE_Result ret = TEE_SUCCESS;
TEE_ObjectHandle key = TEE_HANDLE_NULL;
TEE_OperationHandle operation = TEE_HANDLE_NULL;
+ TEE_ObjectInfo info;
KM_BinaryData input_data;
KM_BinaryData signature;
void *digest = NULL;
uint32_t digestSize = 0;
- uint32_t algo = KM_AlgoHash2SignVerifyAlgo(param[0].value.a, param[0].value.b);
+ uint32_t algo = 0;
+ uint32_t key_size_in_bits = 0;
void *in_buffer = param[1].memref.buffer;
uint32_t in_size_guard = param[1].memref.size;
- if (algo == 0) {
- LOG("Unsupported algorithm provided: %u", algo);
- return TEE_ERROR_BAD_PARAMETERS;
- }
-
if (KM_DeserializeBinaryData(&in_buffer, &in_size_guard, &input_data)) {
LOG("Error in deserialization");
ret = TEE_ERROR_BAD_PARAMETERS;
goto clean;
}
+ TEE_GetObjectInfo(key, &info);
+ key_size_in_bits = KM_MaxObjectSizeBits(&info);
+ if (key_size_in_bits == 0) {
+ // In some implementations, objectSize of key is 0. In such case, use maxObjectSize.
+ key_size_in_bits = KM_MaxObjectSizeBits(&info);
+ }
+
+ algo = KM_AlgoHash2SignVerifyAlgo(param[0].value.a, param[0].value.b, key_size_in_bits);
+ if (algo == 0) {
+ LOG("Unsupported algorithm provided: %u", algo);
+ return TEE_ERROR_BAD_PARAMETERS;
+ }
+
// calculate digest
ret = KM_InputDataDigest(param[0].value.b, &input_data, &digest, &digestSize);
if (ret != TEE_SUCCESS)
projects / platform / core / security / trusted / key-manager-ta.git / commitdiff