{
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual Token import(const Data &, const Password &)
- {
- ThrowErr(Exc::Crypto::OperationNotSupported);
- }
- virtual Token importEncrypted(const Data &,
- const Password &,
- const RawBuffer & /* iv */)
+
+ /*
+ * IV parameter makes sense only on device with built in key.
+ * IV parameter is used for decryption of Data.
+ * If Data is not encrypted it's ok to pass empty IV.
+ */
+ virtual Token import(const Data &, const Password &, const RawBuffer & /* iv */)
{
ThrowErr(Exc::Crypto::OperationNotSupported);
}
return Token(m_backendId, ret.type, pack(ret.buffer, pass));
}
-Token Store::import(const Data &data, const Password &pass)
+Token Store::import(const Data &data, const Password &pass, const RawBuffer &iv)
{
+ if (!iv.empty())
+ ThrowErr(Exc::Crypto::OperationNotSupported,
+ "Encrypted import is not yet supported on software backend!");
+
return Token(m_backendId, data.type, pack(data.data, pass));
}
virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &,
const Password &);
virtual Token generateSKey(const CryptoAlgorithm &, const Password &);
- virtual Token import(const Data &data, const Password &);
+ virtual Token import(const Data &data, const Password &, const RawBuffer &);
virtual void destroy(const Token &) {}
private:
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
}
RawBuffer importKey(const Data &data,
+ const RawBuffer &encIV,
const Password &pwd,
- const RawBuffer &iv,
+ const RawBuffer &pwdIV,
RawBuffer &tag)
{
tz_algo_type algo = getAlgType(data.type);
RawBuffer pwdBuf(pwd.begin(), pwd.end());
TrustZoneContext::Instance().importKey(algo,
data.data,
+ encIV,
pwdBuf,
- iv,
+ pwdIV,
result,
tag);
return result;
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const RawBuffer &iv,
RawBuffer &tag);
RawBuffer importKey(const Data &key,
+ const RawBuffer &encIV,
const Password &pwd,
- const RawBuffer &iv,
+ const RawBuffer &pwdIV,
RawBuffer &tag);
RawBuffer importData(const Data &data,
return Token(m_backendId, ret.type, pack(ret.data, pass, iv, tag));
}
-Token Store::import(const Data &data, const Password &pass)
+Token Store::import(const Data &data, const Password &pass, const RawBuffer &encIV)
{
if (data.type.isBinaryData()) {
RawBuffer iv;
iv = Internals::generateIV();
}
- RawBuffer keyId = Internals::importKey(data, pass, iv, tag);
+ RawBuffer keyId = Internals::importKey(data, encIV, pass, iv, tag);
return Token(m_backendId, data.type, pack(keyId, pass, iv, tag));
}
-Token Store::importEncrypted(const Data &,
- const Password &,
- const RawBuffer &)
-{
- ThrowErr(Exc::Crypto::OperationNotSupported,
- "Encrypted import is not yet supported on TrustZone backend!");
-}
-
void Store::destroy(const Token &token)
{
RawBuffer id = unpackData(token.data);
virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &,
const Password &);
virtual Token generateSKey(const CryptoAlgorithm &, const Password &);
- virtual Token import(const Data &, const Password &);
- virtual Token importEncrypted(const Data &,
- const Password &,
- const RawBuffer &);
+ virtual Token import(const Data &, const Password &, const RawBuffer &);
virtual void destroy(const Token &);
// TODO device key ID is needed here to support importEncrypted
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
void TrustZoneContext::importKey(tz_algo_type algo,
const RawBuffer &key,
+ const RawBuffer &encIV,
const RawBuffer &pwd,
- const RawBuffer &iv,
+ const RawBuffer &pwdIV,
RawBuffer &keyId,
RawBuffer &pwdTag)
{
+ (void)encIV;
// command ID = CMD_IMPORT_KEY
//
// TEEC_Operation layout:
if (!pwd.empty()) {
bufSize.with_pwd_data = true;
bufSize.pwd_size = static_cast<uint32_t>(pwd.size());
- bufSize.pwd_iv_size = static_cast<uint32_t>(iv.size());
+ bufSize.pwd_iv_size = static_cast<uint32_t>(pwdIV.size());
}
uint32_t inMemorySize = KM_CalcBufferSize(bufSize);
TrustZoneMemory inMemory(m_Context, inMemorySize, TEEC_MEM_INPUT);
}
if (!pwd.empty()) {
- ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), iv.data(), iv.size(),
+ ret = KM_ParamsSerializePwdData(input, pwd.data(), pwd.size(), pwdIV.data(), pwdIV.size(),
nullptr, 0, Params::DERIVED_KEY_LENGTH_BITS,
Params::DERIVED_KEY_ITERATIONS, bufSize.tag_size * 8);
if (ret) {
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RawBuffer &pwdTag);
void importKey(tz_algo_type algo,
const RawBuffer &key,
+ const RawBuffer &encIV,
const RawBuffer &pwd,
- const RawBuffer &iv,
+ const RawBuffer &pwdIV,
RawBuffer &keyId,
RawBuffer &pwdTag);
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
return m_data;
}
- bool isEncrypted() const
- {
- if (m_encoding == EncodingType::ENCRYPTED)
- return true;
-
- return false;
- }
-
const RawBuffer &getIV() const
{
return m_IV;
// save data
Policy policy(m_password, m_exportable, m_backend);
- RawBuffer iv;
-
- if (m_bufferHandler->isEncrypted())
- iv = m_bufferHandler->getIV();
-
int ec = m_db_logic.importInitialData(m_name,
Crypto::Data(getDataType(), m_bufferHandler->getData()),
- iv,
+ m_bufferHandler->getIV(),
policy);
if (CKM_API_SUCCESS != ec) {
// do not encrypt data with password during cc_mode on
Token token = store.import(data,
- m_accessControl.isCCMode() ? "" : policy.password);
+ m_accessControl.isCCMode() ? "" : policy.password,
+ RawBuffer());
DB::Row row(std::move(token), name, owner,
static_cast<int>(policy.extractable));
crypto.encryptRow(row);
store.destroy(row);
// import it to store with new scheme: data -> pass(data)
- Token token = store.import(Crypto::Data(row.dataType, row.data), pass);
+ Token token = store.import(Crypto::Data(row.dataType, row.data), pass, RawBuffer());
// get it from the store (it can be different than the data we imported into store)
obj = store.getObject(token, pass);
Token token;
if (iv.empty()) {
+ // Data are not encrypted, let's try to verify them
Crypto::Data binaryData;
if (CKM_API_SUCCESS != (retCode = toBinaryData(data, binaryData)))
return retCode;
token = store.import(binaryData,
- m_accessControl.isCCMode() ? "" : policy.password);
+ m_accessControl.isCCMode() ? "" : policy.password,
+ iv);
} else {
- token = store.importEncrypted(data,
- m_accessControl.isCCMode() ? "" : policy.password,
- iv);
+ token = store.import(data,
+ m_accessControl.isCCMode() ? "" : policy.password,
+ iv);
}
DB::Row row(std::move(token), name, CLIENT_ID_SYSTEM,
/*
- * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Crypto::Data data(DataType(DataType::Type::BINARY_DATA), createRandom(10));
Crypto::Decider decider;
Crypto::GStore &store = decider.getStore(data.type, policy);
- Token token = store.import(data, policy.password);
+ Token token = store.import(data, policy.password, RawBuffer());
Name name = "test_data";
ClientId owner = "test_owner";
Crypto::Data data(DataType(DataType::Type::BINARY_DATA), createRandom(10));
Crypto::Decider decider;
Crypto::GStore &store = decider.getStore(data.type, policy);
- Token token = store.import(data, policy.password);
+ Token token = store.import(data, policy.password, RawBuffer());
Name name = "test_data";
ClientId owner = "test_owner";
Exc::Crypto::OperationNotSupported);
BOOST_REQUIRE_THROW(store.generateSKey(CryptoAlgorithm(), Password()),
Exc::Crypto::OperationNotSupported);
- BOOST_REQUIRE_THROW(store.import(Crypto::Data(), Password()),
- Exc::Crypto::OperationNotSupported);
- BOOST_REQUIRE_THROW(store.importEncrypted(Crypto::Data(), Password(),
- RawBuffer()),
+ BOOST_REQUIRE_THROW(store.import(Crypto::Data(), Password(), RawBuffer()),
Exc::Crypto::OperationNotSupported);
BOOST_REQUIRE_THROW(store.destroy(Token()),
Exc::Crypto::OperationNotSupported);
Exc::Crypto::OperationNotSupported);
BOOST_REQUIRE_THROW(store.generateAKey(CryptoAlgorithm(), Password(), Password()),
Exc::Crypto::OperationNotSupported);
- BOOST_REQUIRE_THROW(store.import(Data(), Password()),
- Exc::Crypto::OperationNotSupported);
- BOOST_REQUIRE_THROW(store.importEncrypted(Data(), Password(), RawBuffer()),
+ BOOST_REQUIRE_THROW(store.import(Data(), Password(), RawBuffer()),
Exc::Crypto::OperationNotSupported);
BOOST_REQUIRE_NO_THROW(store.destroy(Token()));
}
projects / platform / core / security / key-manager.git / commitdiff