Don't use objectSize in allocating temporary buffer

- In some implementations, objectSize of EC key is zero.
- Check attribute size with NULL buffer in TEE_GetObjectBufferAttribute().
- Use maxObjectSize for allocating temporary buffer.

Change-Id: Ie5f2364f13f6cf66348370935e0b7d494a011438

diff --git a/ta/include/internal.h b/ta/include/internal.h
index 6ad3f6db8c1203b81befcd7dbb448ed53d7358ec..483d117a766d260d87be37e7daea7610b10e2bc0 100644 (file)
--- a/ta/include/internal.h
+++ b/ta/include/internal.h
@@ -112,9 +112,9 @@ TEE_Result KM_GetValueAttribute(TEE_ObjectHandle keyHndl, uint32_t attrId, KM_Bi
 TEE_Result KM_GetBufferAttribute(TEE_ObjectHandle keyHndl, uint32_t attrId, KM_BinaryData *attr);
 
 // Use the 4 functions below to adjust size units (bits vs. bytes) to specific TEE implementation
-static inline uint32_t KM_ObjectSizeBytes(const TEE_ObjectInfo *info)
+static inline uint32_t KM_MaxObjectSizeBytes(const TEE_ObjectInfo *info)
 {
-       return (info->objectSize + 7)/8;
+       return (info->maxObjectSize + 7)/8;
 }
 
 static inline uint32_t KM_ObjectSizeBits(const TEE_ObjectInfo *info)

diff --git a/ta/src/cmd_exec.c b/ta/src/cmd_exec.c
index 843aec839c2a87e99c7a756729bd824adb982f94..6874ef6c92952fbf3e1518f5617f43337c9b24b6 100644 (file)
--- a/ta/src/cmd_exec.c
+++ b/ta/src/cmd_exec.c
@@ -707,7 +707,7 @@ static TEE_Result KM_GetSecretValue(KM_BinaryData *secret_id, KM_BinaryData* sec
        if (secret_info.dataSize > 0) { // data
                out_len = secret_info.dataSize;
        } else {
-               out_len = secret_info.objectSize;
+               out_len = KM_MaxObjectSizeBytes(&secret_info);
        }
 
        output.data = malloc(out_len);
@@ -1692,17 +1692,7 @@ TEE_Result KM_ExecCmdExportWrappedKey(TEE_Param param[4])
                goto clean;
        }
 
-       // Fow now, only symmetric key can be wrapped.
-       if (with_ktw_pwd)
-               ret = KM_DecryptKey(ktw_id.data, ktw_id.data_size, &ktw_pwd_data, &ktw_key);
-       else
-               ret = KM_OpenKey(ktw_id.data, ktw_id.data_size, &ktw_key);
-       if (ret != TEE_SUCCESS) {
-               LOG("Error in KM_OpenKey()");
-               goto clean;
-       }
-
-       ret = KM_GetBufferAttribute(ktw_key, TEE_ATTR_SECRET_VALUE, &ktw_data);
+       ret = KM_GetSecretValue(&ktw_id, &ktw_data, with_ktw_pwd, &ktw_pwd_data);
        if (TEE_SUCCESS != ret) {
                LOG("Failed to get TEE_ATTR_SECRET_VALUE from key to wrap.");
                goto clean;
@@ -2226,7 +2216,7 @@ TEE_Result KM_ExecCmdSign(TEE_Param param[4])
 
        TEE_GetObjectInfo(key, &info);
 
-       outSize = KM_ObjectSizeBytes(&info);
+       outSize = KM_MaxObjectSizeBytes(&info);
        if (param[0].value.a == ALGO_ECDSA_SV)
                outSize *= 2;
 

diff --git a/ta/src/internal.c b/ta/src/internal.c
index 04137537c5e9de80eea70806b8fe4add89e604b1..9dabe4b0e3fda366e830690fcbe8a5806b90a647 100644 (file)
--- a/ta/src/internal.c
+++ b/ta/src/internal.c
@@ -356,11 +356,11 @@ TEE_Result KM_EncryptKey(TEE_ObjectHandle keyHndl, KM_PwdData *pwd,
        }
 
        TEE_GetObjectInfo(keyHndl, &objInfo);
-       keyBufSize = KM_ObjectSizeBytes(&objInfo);
 
-       if (keyBufSize == 0) {
-               LOG("Key provided for encryption is not initialized");
-               return TEE_ERROR_BAD_PARAMETERS;
+       ret = TEE_GetObjectBufferAttribute(keyHndl, TEE_ATTR_SECRET_VALUE, NULL, &keyBufSize);
+       if (ret != TEE_ERROR_SHORT_BUFFER || keyBufSize == 0) {
+               LOG("Failed to acquire attribute size from object: ret=%x, keyBufSize=%d", ret, keyBufSize);
+               return TEE_ERROR_GENERIC;
        }
 
        if (tag == NULL) {
@@ -457,7 +457,7 @@ TEE_Result KM_GetBufferAttribute(TEE_ObjectHandle keyHndl, uint32_t attrId, KM_B
 {
        TEE_ObjectInfo objInfo;
        TEE_Result ret;
-       uint32_t objSize;
+       uint32_t attrSize;
 
        if (attr == NULL) {
                LOG("Attribute buffer is NULL");
@@ -469,18 +469,20 @@ TEE_Result KM_GetBufferAttribute(TEE_ObjectHandle keyHndl, uint32_t attrId, KM_B
                return TEE_ERROR_BAD_PARAMETERS;
        }
 
-       /*
-        * TODO current key size is used as maximum attribute size because prompting the size with NULL
-        * buffer in TEE_GetObjectBufferAttribute doesn't work in simulator.
-        */
        TEE_GetObjectInfo(keyHndl, &objInfo);
-       objSize = KM_ObjectSizeBytes(&objInfo);
-       if (((objInfo.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) || (objSize == 0)) {
-               LOG("Key provided for KM_GetBufferAttribute is not initialized or objSize is zero. objSize=%d, objSizeInBits=%d", objSize, objInfo.objectSize);
+
+       ret = TEE_GetObjectBufferAttribute(keyHndl, attrId, NULL, &attrSize);
+       if (ret != TEE_ERROR_SHORT_BUFFER || attrSize == 0) {
+               LOG("Failed to acquire attribute size from object: ret=%x, attrSize=%d", ret, attrSize);
+               return TEE_ERROR_GENERIC;
+       }
+
+       if ((objInfo.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) {
+               LOG("Key provided for KM_GetBufferAttribute is not initialized or objSize is zero.");
                return TEE_ERROR_BAD_PARAMETERS;
        }
 
-       attr->data_size = objSize;
+       attr->data_size = attrSize;
        attr->data = malloc(attr->data_size);
        if (attr->data == NULL) {
                LOG("Failed to allocate memory for key  attribute.");
@@ -1013,11 +1015,10 @@ TEE_Result KM_DecryptKey(void *id, size_t id_size, KM_PwdData* pwd,
 
        TEE_GetObjectInfo(objHandle, &objInfo);
 
-       keyBufSize = KM_ObjectSizeBytes(&objInfo);
-       if (keyBufSize == 0) {
-               LOG("Key provided for encryption is not initialized");
-               ret = TEE_ERROR_BAD_PARAMETERS;
-               goto out;
+       ret = TEE_GetObjectBufferAttribute(objHandle, TEE_ATTR_SECRET_VALUE, NULL, &keyBufSize);
+       if (ret != TEE_ERROR_SHORT_BUFFER || keyBufSize == 0) {
+               LOG("Failed to acquire attribute size from object: ret=%x, keyBufSize=%d", ret, keyBufSize);
+               return TEE_ERROR_GENERIC;
        }
 
        keyBuf = malloc(keyBufSize);