{
#endif
-/** \enum KM_ParamsMagic
- * \brief Param magic is a control value that appears before data to
- * verify data integrity.
- */
-typedef enum KM_ParamsMagic {
- PSMagic_SymmetricInput = 0x542345, ///< Control value for serialized header
- PSMagic_InputData = 0x575445, ///< Control value for serialized input data
- PSMagic_PwdData = 0x707764, ///< Control value for serialized password
- PSMagic_IVData = 0x445234, ///< Control value for serialized IV
- PSMagic_AEData = 0x810891, ///< Control value for serialized authorized
- PSMagic_OutData = 0x721513, ///< Control value for serialized output data
- PSMagic_TagData = 0x721513, ///< Control value for serialized tag
- PSMagic_KeyId = 0x946704 ///< Control value for serialized key id
-} KM_PSMagic;
-
-/** \struct KM_Data_
- * \brief KM_Data_ is a basic structure for data serialization.
- * More complex strucures extend KM_Data_.
- * \typedef KM_Data
- * Defining simple type of structure KM_Data_.
- */
-typedef struct KM_Data_ {
- uint32_t magic; ///< control value that confirms data integrity.
- uint32_t data_size; ///< size of data
- void *data; ///< pointer to data buffer
-} KM_Data;
-
-
-/** \typedef KM_InputData
- * \brief Defines structure type for data that is input to TA commands.
- * KM_InputData inherited after KM_Data
- */
-typedef struct KM_Data_ KM_InputData;
-
-/** \typedef KM_OutData
- * \brief Defines structure type for data that is output to TA commands.
- * KM_OutData inherited after KM_Data
- */
-typedef struct KM_Data_ KM_OutData;
-
-/** \typedef KM_IVData
- * \brief Defines structure type for data that is IV data needed for encryption/decryption.
- * KM_IVData inherited after KM_Data
- */
-typedef struct KM_Data_ KM_IVData;
-
-/** \typedef KM_KeyId
- * \brief Defines structure type for data that represents key object identifier.
- * Maximum length of object identifier is 64 bytes.
- * KM_KeyId inherited after KM_Data
- */
-typedef struct KM_Data_ KM_KeyId;
-
-/** \typedef KM_TagData
- * \brief Defines structure type for data that represents tag from encryption/decryption.
- * KM_TagData inherited after KM_Data
- */
-typedef struct KM_Data_ KM_TagData;
-
-/** \typedef KM_AEData
- * \brief Defines structure type for data that are necessary for authenticated
- * encryption/decryption. KM_AEData extends KM_Data with /val tag_len and /val payload_len.
- */
-typedef struct KM_AEData_ {
- KM_Data aad; ///< store additional authentication data
- uint32_t tag_len;
- uint32_t payload_len;
-} KM_AEData;
-
/** \struct KM_PwdData_
* \brief Structure contains data necessary to protect data with password.
* \typedef KM_PwdData
*
*/
typedef struct KM_PwdData_ {
- uint32_t magic;
uint32_t pwd_size;
uint32_t iv_size;
uint32_t tag_size;
void *tag;
} KM_PwdData;
-/** \struct KM_SymmetricInput_
- * \brief Serialized data header. This structure allows to find data based on KM_Data
- * in buffer.
- * \typedef KM_SymmentricInput
- * Defines type of KM_SymmetricInput_ structure.
- */
-typedef struct KM_SymmetricInput_ {
- uint32_t magic; ///< magic for testing data integrity
- uint32_t buffer_size; ///< total buffer size
- uint32_t key_id_data_offset; ///< offset of key id data in buffer
- uint32_t input_data_offset; ///< offset of input data in buffer
- uint32_t pwd_data_offset; ///< offset of pwd data in buffer
- uint32_t iv_data_offset; ///< offset of iv data in buffer
- uint32_t ae_data_offset; ///< offset of authentication encryption data in buffer
- uint32_t out_data_offset; ///< offset of output data in buffer
- uint32_t tag_data_offset; ///< offset of tag data in buffer
- uint32_t global_offset; ///< offset of free data in buffer
-} KM_SymmetricInput;
-
-/** \struct KM_BufferSizeDesc_
- * \brief Structure used to count buffer size needed to serialization.
- * \typedef KM_BufferSizeDesc
- * \bierf Defines simple type for structure KM_BufferSizeDesc_.
- */
-typedef struct KM_BufferSizeDesc_ {
- uint32_t input_size;
- uint32_t with_pwd_data;
- uint32_t pwd_size;
- uint32_t pwd_iv_size;
- uint32_t pwd_tag_size;
- uint32_t iv_size;
- uint32_t with_ae_data;
- uint32_t aad_size;
- uint32_t out_size;
- uint32_t tag_size;
- uint32_t key_id_size;
-} KM_BufferSizeDesc;
-
-/** \fn KM_ParamsDump
- * \brief Function prints all data found in serialized buffer. (offsets, sizes)
- *
- * \param[in] input reference to serialized data header \ref KM_SymmetricInput
- * \param[in] input_data reference to \ref KM_InputData structure
- * \param[in] pwd_data reference to \ref KM_PwdData structure
- * \param[in] iv_data reference to \ref KM_IVData structure
- * \param[in] key_data reference to \ref KM_KeyId structure
- * \param[in] ae_data reference to \ref KM_AEData structure
- * \param[in] out_data reference to \ref KM_OutData structure
- * \param[in] tag_data reference to \ref KM_TagData structure
- */
-void KM_ParamsDump(KM_SymmetricInput *input, KM_InputData *input_data, KM_PwdData* pwd_data,
- KM_IVData *iv_data, KM_KeyId *key_data, KM_AEData *ae_data,
- KM_OutData *out_data, KM_TagData *tag_data);
-
-/** \fn KM_GetSerializedBufferRealSize
- * \brief Function returns information about buffer size that was used.
- *
- * \param[in] buffer reference to serialized data header \ref KM_SymmetricInput
- *
- * \return 0 if failed; buffer size if successful
- */
-uint32_t KM_GetSerializedBufferRealSize(KM_SymmetricInput *buffer);
-
-/** \fn KM_CalcBufferSize
- * \brief Function calculates buffer size needed to store serialized data.
- *
- * \param[in] desc reference to /ref KM_BufferSizeDesc
- * \return buffer size needed
- */
-uint32_t KM_CalcBufferSize(KM_BufferSizeDesc desc);
-
-/** \fn KM_ParamsDeserializationInit
- * \brief Function deserializes data header in buffer
- *
- * \param[in] buffer reference to buffer with data
- * \param[in] buffer_size buffer size
- * \param[out] out reference to \ref KM_SymmetricInput reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsDeserializationInit(void *buffer, uint32_t buffer_size, KM_SymmetricInput **out);
-
-/** \fn KM_ParamsDeserializeInputData
- * \brief Function deserializes \ref KM_InputData from \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[out] out reference to \ref KM_InputData reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsDeserializeInputData(KM_SymmetricInput *self, KM_InputData **out);
-
-/** \fn KM_ParamsDeserializeIVData
- * \brief Function deserializes \ref KM_IVData from \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[out] out reference to \ref KM_IVData reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsDeserializeIVData(KM_SymmetricInput *self, KM_IVData **out);
-
-/** \fn KM_ParamsDeserializeAEData
- * \brief Function deserializes \ref KM_AEData from \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[out] out reference to \ref KM_AEData reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsDeserializeAEData(KM_SymmetricInput *self, KM_AEData **out);
-
-/** \fn KM_ParamsDeserializeOutData
- * \brief Function deserializes \ref KM_OutData from \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[out] out reference to \ref KM_OutData reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsDeserializeOutData(KM_SymmetricInput *self, KM_OutData **out);
-
-/** \fn KM_ParamsDeserializeTagData
- * \brief Function deserializes \ref KM_TagData from \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[out] out reference to \ref KM_TagData reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsDeserializeTagData(KM_SymmetricInput *self, KM_TagData **out);
-
-/** \fn KM_ParamsDeserializeKeyId
- * \brief Function deserializes \ref KM_KeyId from \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[out] out reference to \ref KM_KeyId reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsDeserializeKeyId(KM_SymmetricInput *self, KM_KeyId **out);
-
-/** \fn KM_ParamsDeserializePwdData
- * \brief Function deserializes \ref KM_PwdData from \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[out] out reference to \ref KM_PwdData reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsDeserializePwdData(KM_SymmetricInput *self, KM_PwdData **out);
-
-/** \fn KM_ParamsSerializationInit
- * \brief Function serializes \ref KM_SymmetricInput as header in buffer
- *
- * \param[in] buffer reference to buffer with data
- * \param[in] buffer_size buffer size
- * \param[out] out reference to \ref KM_SymmetricInput reference
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsSerializationInit(void *buffer, uint32_t buffer_size, KM_SymmetricInput **out);
-
-/** \fn KM_ParamsSerializeInputData
- * \brief Function serializes input data in \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[in] data reference to input data buffer
- * \param[in] data_size input data size
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsSerializeInputData(KM_SymmetricInput *self, const void *data, uint32_t data_size);
-
-/** \fn KM_ParamsSerializeIVData
- * \brief Function serializes IV data in \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[in] data reference to IV data buffer
- * \param[in] data_size IV data size
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsSerializeIVData(KM_SymmetricInput *self, const void *data, uint32_t data_size);
-
-/** \fn KM_ParamsSerializeAEData
- * \brief Function serializes authentication encryption data in \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[in] tagLen tag length
- * \param[in] payloadLen payload length
- * \param[in] aad Authentication Additional Data buffer
- * \param[in] add_sie Authentication Additional Data buffer size
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsSerializeAEData(KM_SymmetricInput *self, uint32_t tagLen, uint32_t payloadLen,
- const void *aad, uint32_t aad_size);
-
-/** \fn KM_ParamsSerializeOutData
- * \brief Function serializes output data in \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[in] data reference to output data buffer
- * \param[in] data_size output data size
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsSerializeOutData(KM_SymmetricInput *self, const void *data, uint32_t data_size);
-
-/** \fn KM_ParamsSerializeTagData
- * \brief Function serializes tag data in \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[in] data reference to tag data buffer
- * \param[in] data_size tag data size
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsSerializeTagData(KM_SymmetricInput *self, const void *data, uint32_t data_size);
-
-/** \fn KM_ParamsSerializeKeyId
- * \brief Function serializes key id data in \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[in] data reference to key id data buffer
- * \param[in] data_size key id data size (up to 64 bytes)
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsSerializeKeyId(KM_SymmetricInput *self, const void *data, uint32_t data_size);
-
-/** \fn KM_ParamsSerializePwdData
- * \brief Function serializes data needed to encrpyt/decrypt data with password
- * in \ref KM_SymmetricInput
- *
- * \param[in] self reference to \ref KM_SymmetricInput
- * \param[in] pwd reference to password buffer
- * \param[in] pwd_size password buffer size
- * \param[in] iv reference to IV buffer
- * \param[in] iv_size IV buffer size
- * \param[in] tag reference to tag bufer
- * \param[in] tag_size tag buffer size
- * \param[in] derive_len_bits length of derive key in bits
- * \param[in] it_count derive key iterations
- * \param[in] tag_len_bits tag size in bits
- *
- * \return 0 if successful; -1 if failed
- */
-int KM_ParamsSerializePwdData(KM_SymmetricInput *self, const void *pwd, uint32_t pwd_size,
- const void *iv, uint32_t iv_size, const void *tag, uint32_t tag_size,
- uint32_t derive_len_bits, uint32_t it_count, uint32_t tag_len_bits);
-
/*
* Serialization data & functions for storing arbitrary data
*/
#include <log.h>
#include "km_serialization.h"
-
-const uint32_t ALIGNMENT_BYTES = 4;
-
-// change size of structures to make the entire buffer 4-byte aligned
-// required by TEE Client API specification
-static uint32_t addAlignment(uint32_t size)
-{
- if (size == 0) return 0;
- return ((int) (size - 1) / ALIGNMENT_BYTES) * ALIGNMENT_BYTES + ALIGNMENT_BYTES;
-}
-
-
-static int KM_ParamsDeserializeData(void *self, uint32_t offset, uint32_t magic,
- uint32_t size, KM_Data **out)
-{
- size_t curr_ptr = 0;
- KM_Data *ptr = NULL;
- if (NULL == self || NULL == out) {
- LOG("Invalid input.");
- return -1;
- }
-
- if (0 == offset) {
- // There's no data so we return gently
- *out = NULL;
- return 0;
- }
-
- curr_ptr = ((size_t) self) + offset;
- ptr = (KM_Data *)curr_ptr;
-
- if (magic != ptr->magic) {
- LOG("Invalid magic.");
- return -1;
- }
-
- if (0 < ptr->data_size) {
- ptr->data = (void *) (curr_ptr + size);
- } else {
- ptr->data = NULL;
- }
- *out = ptr;
- return 0;
-}
-
-static int KM_ParamsSerializeData(KM_SymmetricInput *self, const void *data, uint32_t data_size,
- uint32_t size, uint32_t magic, KM_Data **ptr)
-{
- size_t curr_ptr = 0;
- KM_Data *tmp = NULL;
- if (self == NULL) {
- LOG("Provided NULL serialization pointer");
- return -1;
- }
-
- if (self->buffer_size < self->global_offset + size + data_size) {
- LOG("Invalid parameters. ("
- "self->buffer_size < self->global_offset + size + data_size=%d < %d",
- self->buffer_size, self->global_offset + size + data_size);
- return -1;
- }
- curr_ptr = ((size_t)self) + self->global_offset;
- tmp = (KM_Data *)curr_ptr;
-
- tmp->magic = magic;
- tmp->data_size = data_size;
- if (0 < tmp->data_size) {
- tmp->data = (void *)(curr_ptr + size);
- memcpy(tmp->data, data, data_size);
- } else {
- tmp->data = NULL;
- }
- *ptr = tmp;
-
- return 0;
-}
-
-
-// UTILITY FUNCTIONS
-
-void KM_ParamsDump(KM_SymmetricInput *input, KM_InputData *input_data, KM_PwdData *pwd_data,
- KM_IVData *iv_data, KM_KeyId *key_id_data, KM_AEData *ae_data,
- KM_OutData *out_data, KM_TagData *tag_data)
-{
- if (input) {
- LOG("buffer_size=%d key_id_data_offset=%d input_data_offset=%d "
- "pwd_data_offset=%d iv_data_offset=%d ae_data_offset=%d "
- "out_data_offset=%d tag_data_offset=%d | global_offset=%d",
- input->buffer_size, input->key_id_data_offset, input->input_data_offset,
- input->pwd_data_offset, input->iv_data_offset, input->ae_data_offset,
- input->out_data_offset, input->tag_data_offset, input->global_offset);
- }
- if (key_id_data) {
- LOG("Key_id=%p, key_id_size=%d", key_id_data->data, key_id_data->data_size);
- }
- if (iv_data) {
- LOG("IV=%p, iv_size=%d", iv_data->data, iv_data->data_size);
- }
- if (input_data) {
- LOG("Input=%p, input_size=%d", input_data->data, input_data->data_size);
- }
- if (pwd_data) {
- LOG("Pwd_size=%d, iv_size=%d, tag_size=%d, derive_len=%d",
- pwd_data->pwd_size, pwd_data->iv_size, pwd_data->tag_size, pwd_data->derive_len_bits);
- LOG("it_count=%d, tag_len=%d pwd=%p, iv=%p, tag=%p",
- pwd_data->it_count, pwd_data->tag_len_bits, pwd_data->pwd, pwd_data->iv, pwd_data->tag);
- }
- if (ae_data) {
- LOG("aad.data=%p, aad.size=%d, tag_len=%d, payload_len=%d", ae_data->aad.data,
- ae_data->aad.data_size, ae_data->tag_len, ae_data->payload_len);
- }
- if (out_data) {
- LOG("Out=%p, out_size=%d", out_data->data, out_data->data_size);
- }
- if (tag_data) {
- LOG("Tag=%p, tag_size=%d", tag_data->data, tag_data->data_size);
- }
-}
-
-uint32_t KM_GetSerializedBufferRealSize(KM_SymmetricInput *buffer)
-{
- if (buffer == NULL) {
- LOG("Incorrect buffer provided");
- return 0;
- }
-
- return buffer->global_offset;
-}
-
-uint32_t KM_CalcBufferSize(KM_BufferSizeDesc desc)
-{
- uint32_t size = sizeof(KM_SymmetricInput);
-
- if (desc.input_size > 0)
- size += addAlignment(sizeof(KM_InputData) + desc.input_size);
-
- if (desc.with_pwd_data) {
- uint32_t pwdsize = sizeof(KM_PwdData);
- if (desc.pwd_size > 0) pwdsize += desc.pwd_size;
- if (desc.pwd_iv_size > 0) pwdsize += desc.pwd_iv_size;
- if (desc.pwd_tag_size > 0) pwdsize += desc.pwd_tag_size;
- size += addAlignment(pwdsize);
- }
-
- if (desc.iv_size > 0)
- size += addAlignment(sizeof(KM_IVData) + desc.iv_size);
-
- if (desc.with_ae_data) {
- uint32_t aesize = sizeof(KM_AEData);
- if (desc.aad_size > 0) aesize += desc.aad_size;
- size += addAlignment(aesize);
- }
-
- if (desc.out_size > 0)
- size += addAlignment(sizeof(KM_OutData) + desc.out_size);
-
- if (desc.tag_size > 0)
- size += addAlignment(sizeof(KM_TagData) + desc.tag_size);
-
- if (desc.key_id_size > 0)
- size += addAlignment(sizeof(KM_KeyId) + desc.key_id_size);
-
- return size;
-}
-
-
-
-// DESERIALIZATORS
-
-int KM_ParamsDeserializationInit(void *buffer, uint32_t buffer_size, KM_SymmetricInput **out)
-{
- KM_SymmetricInput *self = (KM_SymmetricInput *)buffer;
- if (buffer == NULL) {
- LOG("Invalid input buffer");
- return -1;
- }
- if (sizeof(KM_SymmetricInput) > buffer_size) {
- LOG("Serialization buffer not big enough.");
- return -1;
- }
- if (PSMagic_SymmetricInput != self->magic) {
- LOG("Invalid magic.");
- return -1;
- }
- if (self->buffer_size > buffer_size) {
- LOG("Serialized object was bigger than input buffer.");
- return -1;
- }
-
- *out = self;
- return 0;
-}
-
-int KM_ParamsDeserializeInputData(KM_SymmetricInput *self, KM_InputData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->input_data_offset, PSMagic_InputData,
- sizeof(KM_InputData), (KM_Data**) out);
-}
-
-int KM_ParamsDeserializeIVData(KM_SymmetricInput *self, KM_IVData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->iv_data_offset, PSMagic_IVData,
- sizeof(KM_IVData), (KM_Data**) out);
-}
-
-int KM_ParamsDeserializeAEData(KM_SymmetricInput *self, KM_AEData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->ae_data_offset, PSMagic_AEData,
- sizeof(KM_AEData), (KM_Data**) out);
-}
-
-int KM_ParamsDeserializeOutData(KM_SymmetricInput *self, KM_OutData **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->out_data_offset, PSMagic_OutData,
- sizeof(KM_OutData), (KM_Data**) out);
-}
-
-int KM_ParamsDeserializeTagData(KM_SymmetricInput *self, KM_TagData **out)
-{
-
- return KM_ParamsDeserializeData((void *)self, self->tag_data_offset, PSMagic_TagData,
- sizeof(KM_TagData), (KM_Data**) out);
-}
-
-int KM_ParamsDeserializeKeyId(KM_SymmetricInput *self, KM_KeyId **out)
-{
- return KM_ParamsDeserializeData((void *)self, self->key_id_data_offset, PSMagic_KeyId,
- sizeof(KM_KeyId), (KM_Data**) out);
-}
-
-int KM_ParamsDeserializePwdData(KM_SymmetricInput *self, KM_PwdData **out)
-{
- size_t curr_ptr = 0;
- KM_PwdData *ptr = NULL;
- if (NULL == self || NULL == out) {
- LOG("Invalid input.");
- return -1;
- }
-
- if (self->pwd_data_offset == 0) {
- // There's no data so we return gently
- *out = NULL;
- return 0;
- }
-
- curr_ptr = ((size_t)self) + self->pwd_data_offset;
- ptr = (KM_PwdData *)curr_ptr;
-
- if (ptr->magic != PSMagic_PwdData) {
- LOG("Invalid magic.");
- return -1;
- }
-
- curr_ptr += sizeof(KM_PwdData);
- if (ptr->pwd_size > 0) {
- ptr->pwd = (void *)curr_ptr;
- } else {
- ptr->pwd = NULL;
- }
-
- curr_ptr += ptr->pwd_size;
- if (ptr->iv_size > 0) {
- ptr->iv = (void *)curr_ptr;
- } else {
- ptr->iv = NULL;
- }
-
- curr_ptr += ptr->iv_size;
- if (ptr->tag_size > 0) {
- ptr->tag = (void *)curr_ptr;
- } else {
- ptr->tag = NULL;
- }
-
- *out = ptr;
- return 0;
-}
-
-
-// SERIALIZATORS
-
-int KM_ParamsSerializationInit(void *buffer, uint32_t buffer_size, KM_SymmetricInput **out)
-{
- KM_SymmetricInput *self = (KM_SymmetricInput *)buffer;
- if (buffer == NULL) {
- LOG("Invalid input buffer");
- return -1;
- }
- if (sizeof(KM_SymmetricInput) > buffer_size) {
- LOG("Serialization buffer not big enough");
- return -1;
- }
-
- memset(self, 0, sizeof(KM_SymmetricInput));
- self->magic = PSMagic_SymmetricInput;
- self->buffer_size = buffer_size;
- self->global_offset = sizeof(KM_SymmetricInput);
- *out = self;
-
- return 0;
-}
-
-int KM_ParamsSerializeInputData(KM_SymmetricInput *self, const void *data, uint32_t data_size)
-{
- KM_Data *ptr = NULL;
- uint32_t ret = 0;
-
- if (data_size == 0) {
- return 0;
- }
-
- if (self->input_data_offset != 0) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->input_data_offset=%d",
- data, data_size, self->input_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KM_InputData),
- PSMagic_InputData, &ptr);
- if (ret != 0) {
- return ret;
- }
- self->input_data_offset = self->global_offset;
- self->global_offset += sizeof(KM_InputData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeIVData(KM_SymmetricInput *self, const void *data, uint32_t data_size)
-{
- KM_Data *ptr = NULL;
- uint32_t ret = 0;
-
- if (data_size == 0) {
- return 0;
- }
-
- if (self->iv_data_offset != 0) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->iv_data_offset=%d",
- data, data_size, self->iv_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KM_IVData), PSMagic_IVData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->iv_data_offset = self->global_offset;
- self->global_offset += sizeof(KM_IVData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeAEData(KM_SymmetricInput *self, uint32_t tagLen, uint32_t payloadLen,
- const void *aad, uint32_t aad_size)
-{
- KM_AEData *ptr = NULL;
- KM_Data *dataptr = (KM_Data *)ptr;
- uint32_t ret = 0;
-
- if (self->ae_data_offset != 0) {
- LOG("Invalid parameters. (self->ae_data_offset=%d", self->ae_data_offset);
- return -1;
- }
-
- ret = KM_ParamsSerializeData(self, aad, aad_size, sizeof(KM_AEData),
- PSMagic_AEData, &dataptr);
- if (ret != 0) {
- return ret;
- }
-
- ptr = (KM_AEData *)dataptr;
- ptr->tag_len = tagLen;
- ptr->payload_len = payloadLen;
-
- self->ae_data_offset = self->global_offset;
- self->global_offset += sizeof(KM_AEData) + addAlignment(aad_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeOutData(KM_SymmetricInput *self, const void *data, uint32_t data_size)
-{
- KM_Data *ptr = NULL;
- uint32_t ret = 0;
-
- if (data_size == 0) {
- return 0;
- }
-
- if (self->out_data_offset != 0) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->out_data_offset=%d",
- data, data_size, self->out_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KM_OutData), PSMagic_OutData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->out_data_offset = self->global_offset;
- self->global_offset += sizeof(KM_OutData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeTagData(KM_SymmetricInput *self, const void *data, uint32_t data_size)
-{
- KM_Data *ptr = NULL;
- uint32_t ret = 0;
-
- if (data_size == 0) {
- return 0;
- }
-
- if (self->tag_data_offset != 0) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->tag_data_offset=%d",
- data, data_size, self->tag_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KM_TagData), PSMagic_TagData,
- &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->tag_data_offset = self->global_offset;
- self->global_offset += sizeof(KM_TagData) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializeKeyId(KM_SymmetricInput *self, const void *data, uint32_t data_size)
-{
- KM_KeyId *ptr = NULL;
- uint32_t ret = 0;
-
- if (data_size == 0) {
- return 0;
- }
-
- if (self->key_id_data_offset != 0) {
- LOG("Invalid parameters. (data=%p|data_size=%d|self->key_data_offset=%d",
- data, data_size, self->key_id_data_offset);
- return -1;
- }
- ret = KM_ParamsSerializeData(self, data, data_size, sizeof(KM_KeyId), PSMagic_KeyId, &ptr);
- if (ret != 0) {
- return ret;
- }
-
- self->key_id_data_offset = self->global_offset;
- self->global_offset += sizeof(KM_KeyId) + addAlignment(data_size);
-
- return 0;
-}
-
-int KM_ParamsSerializePwdData(KM_SymmetricInput *self, const void *pwd, uint32_t pwd_size,
- const void *iv, uint32_t iv_size, const void *tag, uint32_t tag_size,
- uint32_t derive_len_bits, uint32_t it_count, uint32_t tag_len_bits)
-{
- KM_PwdData *ptr = NULL;
- size_t curr_ptr = 0;
- uint32_t pwd_data_total_size = 0;
- uint32_t new_global_offset = 0;
-
- if (pwd_size == 0) {
- return 0;
- }
-
- if (self->pwd_data_offset != 0) {
- LOG("Buffer already contains pwd data");
- return -1;
- }
-
- new_global_offset = self->global_offset + sizeof(KM_PwdData) + pwd_size + iv_size + tag_size;
- if (self->buffer_size < new_global_offset) {
- LOG("Not enough space for data. (self->buffer_size < data_size = %d < %d)",
- self->buffer_size, new_global_offset);
- return -1;
- }
-
- curr_ptr = ((size_t)self) + self->global_offset;
- ptr = (KM_PwdData *)curr_ptr;
- ptr->magic = PSMagic_PwdData;
- ptr->pwd_size = pwd_size;
- ptr->iv_size = iv_size;
- ptr->tag_size = tag_size;
- ptr->derive_len_bits = derive_len_bits;
- ptr->it_count = it_count;
- ptr->tag_len_bits = tag_len_bits;
-
- curr_ptr += sizeof(KM_PwdData);
- pwd_data_total_size += sizeof(KM_PwdData);
- if (pwd_size > 0) {
- ptr->pwd = (void *)(curr_ptr);
- memcpy(ptr->pwd, pwd, pwd_size);
- } else {
- ptr->pwd = NULL;
- }
-
- curr_ptr += pwd_size;
- pwd_data_total_size += pwd_size;
- if (iv_size > 0) {
- ptr->iv = (void *)(curr_ptr);
- memcpy(ptr->iv, iv, iv_size);
- } else {
- ptr->iv = NULL;
- }
-
- curr_ptr += iv_size;
- pwd_data_total_size += iv_size;
- if (tag_size > 0) {
- ptr->tag = (void *)(curr_ptr);
- memcpy(ptr->tag, tag, tag_size);
- } else {
- ptr->tag = NULL;
- }
-
- pwd_data_total_size += tag_size;
-
- self->pwd_data_offset = self->global_offset;
- self->global_offset += addAlignment(pwd_data_total_size);
-
- return 0;
-}
-
int KM_Serialize(void **buffer, uint32_t *size_guard, const void *data_to_serialize, uint32_t size_to_serialize)
{
unsigned char **ptr = (unsigned char **)buffer;
TEE_Result KM_DecryptKey(void *id, size_t id_size, KM_PwdData* pwd, TEE_ObjectHandle *decKeyHndl);
-TEE_Result KM_DecryptAsymKey(const KM_KeyId *id, KM_PwdData *pwd,
+TEE_Result KM_DecryptAsymKey(const KM_BinaryData *id, KM_PwdData *pwd,
TEE_ObjectHandle *decKeyHndl);
TEE_Result KM_CreateOperation(TEE_ObjectHandle op_key_hndl, uint32_t algo,
typedef enum {
CMD_NOP = 0,
CMD_GENERATE_KEY, ///< Generate random symmetric key.
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [0].value.b - key size in bits
- ///< Output:
- ///< [0].value.a - return code
- ///< [1].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeOutData with key id
-
CMD_IMPORT_ENCRYPTED_KEY, ///< Key Manager TA import encrypted key from
///< normal world. Not implemented
-
CMD_ENCRYPT, ///< TA encrypt provided data with key
///< Form of encryption depends on algorithm type
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [1].memref - reference to serialized buffer:
- ///<
- ///< For ALGO_AES_GCM:
- ///< KM_ParamsSerializeInputData with data to encrypt
- ///< KM_ParamsSerializeIVData with iv of key
- ///< KM_ParamsSerializePwdData with password to key
- ///< necessary if key is encrypted
- ///< KM_ParamsSerializeKeyId with key id
- ///<
- ///< For ALGO_RSA:
- ///< KM_ParamsSerializeInputData with data to encrypt
- ///< KM_ParamsSerializePwdData with password to key
- ///< necessary if key is encrypted
- ///< KM_ParamsSerializeKeyId with key id
- ///<
- ///< For other algorithms:
- ///< KM_ParamsSerializeInputData with data to encrypt
- ///< KM_ParamsSerializeIVData with iv of key
- ///< KM_ParamsSerializePwdData with password to key
- ///< necessary if key is encrypted
- ///< KM_ParamsSerializeKeyId with key id
- ///<
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeOutData with encrypted data
- ///< For ALGO_AES_GCM:
- ///< KM_ParamsSerializeTagData with tag
- ///<
-
CMD_DECRYPT, ///< TA decrypt provided data with key
///< Form of decryption depends on algorithm type
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [1].memref - reference to serialized buffer:
- ///< For ALGO_AES_GCM:
- ///< KM_ParamsSerializeInputData with data to decrypt
- ///< KM_ParamsSerializeIVData with iv of key
- ///< KM_ParamsSerializePwdData with password to key
- ///< necessary if key is encrypted
- ///< KM_ParamsSerializeKeyId with key id
- ///< KM_ParamsSerializeTagData with tag from encryption
- ///<
- ///< For ALGO_RSA:
- ///< KM_ParamsSerializeInputData with data to encrypt
- ///< KM_ParamsSerializePwdData with password to key
- ///< necessary if key is encrypted
- ///< KM_ParamsSerializeKeyId with key id
- ///<
- ///< For other algorithms (symmetric):
- ///< KM_ParamsSerializeInputData with data to encrypt
- ///< KM_ParamsSerializeIVData with iv of key
- ///< KM_ParamsSerializePwdData with password to key
- ///< necessary if key is encrypted
- ///< KM_ParamsSerializeKeyId with key id
- ///<
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeOutData with decrypted data
- ///<
-
CMD_SIGN, ///< TA sign data
///< Only for ALGO_RSA_SV|ALGO_DSA_SV
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [0].value.b - hash type (tz_hash_type)
- ///< [1].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeInputData with data to sign
- ///< KM_ParamsSerializePwdData with password to key
- ///< necessary if key is encrypted
- ///< KM_ParamsSerializeKeyId with key id
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeOutData with signed data
-
CMD_VERIFY, ///< TA verify signature
///< Only for ALGO_RSA_SV|ALGO_DSA_SV
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [0].value.b - hash type (tz_hash_type)
- ///< [1].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeInputData with verify data (signature hidden in Tag data)
- ///< KM_ParamsSerializePwdData with password to key
- ///< necessary if key is encrypted
- ///< KM_ParamsSerializeKeyId with key id
- ///< Output:
- ///< [0].value.a - return code
-
CMD_GENERATE_IV, ///< TA generate random IV
- ///< No parameters necessary.
- ///< Output:
- ///< [0].value.a - return code
- ///< [1].memref - reference to iv data:
-
CMD_GENERATE_KEY_PWD, ///< TA generate random key and encrypt it with password
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [0].value.b - key size in bits
- ///< [1].memref - reference to serialized buffer:
- ///< KM_ParamsSerializePwdData with password to
- ///< key enctryption
- ///<
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeOutData with key id
- ///< KM_ParamsSerializeTagData with tag from encryption
-
CMD_DESTROY_KEY, ///< Ta destroy key from storage
- ///< Parameters:
- ///< [1].memref - reference to serialized buffer:
- ///< KM_ParamsSerializePwdData with password to
- ///< key encryption
- ///<
- ///< Output:
- ///< [0].value.a - return code
-
CMD_IMPORT_DATA, ///< Key Manager binary data saving to persistent storage
///< TA will encrypt data with password if provided
- ///< Parameters:
- ///< [1].memref - reference to serialized buffer:
- ///< uint32_t contains tz_algo_type. This indicates data type
- ///< stored in next buffer
- ///< KM_BinaryData with binary data or symetric key
- ///< uint32_t binary data size in bits
- ///< KM_BinaryData IV for decryption with built-in key
- ///< KM_BinaryData tag for data verificaiton after gcm decryption
- ///< uint32_t boolean value - true if password is provided
- ///< KM_PwdData with password (optional)
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< KM_BinaryData with data id
- ///< KM_BinaryData with tag id (optional, if password was provided)
-
CMD_GET_DATA, ///< Key Manager binary data retrieving from persistent storage
///< TA will decrypt data with password if provided
- ///< Parameters:
- ///< [1].memref - reference to serialized buffer:
- ///< KM_BinaryData with object ID
- ///< uint32_t boolean value - true if password is provided
- ///< KM_PwdData with password (optional)
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< KM_BinaryData with binary data (size pre-set on CA side)
-
CMD_GET_DATA_SIZE, ///< Key Manager binary data size to be retrieved from persistent storage
- ///< Parameters:
- ///< [1].memref - reference to serialized buffer:
- ///< KM_BinaryData with object ID
- ///< Output:
- ///< [0].value.a - return code
- ///< [0].value.b - size of buffer to be passed from CA
-
CMD_DESTROY_DATA, ///< Key Manager binary data removal from persistent storage
- ///< Parameters:
- ///< [1].memref - reference to serialized buffer:
- ///< KM_BinaryData with object ID
- ///< Output:
- ///< [0].value.a - return code
-
CMD_GENERATE_RSA_KEYPAIR, ///< Generate random RSA key pair.
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [0].value.b - key size in bits
- ///< [1].memref - reference to serialized buffer:
- ///< flag marking the public key password presence
- ///< public key password data if the flag above is not 0
- ///< flag marking the private key password presence
- ///< public key private data if the flag above is not 0
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< Public key ID
- ///< public key tag if password was present
- ///< Private key ID
- ///< private key tag if password was present
-
CMD_GENERATE_DSA_KEYPAIR, ///< Generate random DSA key pair.
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [0].value.b - key size in bits
- ///< [1].memref - reference to serialized buffer:
- ///< prime, subprime, base
- ///< flag marking the public key password presence
- ///< public key password data if the flag above is not 0
- ///< flag marking the private key password presence
- ///< public key private data if the flag above is not 0
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< Public key ID
- ///< public key tag if password was present
- ///< Private key ID
- ///< private key tag if password was present
} tz_command;
/** \enum tz_algo_type
// open key and (if needed) decrypt it
if (with_pwd) {
- // KM_DecryptAsymKey requires KM_KeyId struct
- KM_KeyId keyIdData;
- keyIdData.data = key_id.data;
- keyIdData.data_size = key_id.data_size;
- keyIdData.magic = PSMagic_KeyId;
- ret = KM_DecryptAsymKey(&keyIdData, &pwd_data, &key);
+ ret = KM_DecryptAsymKey(&key_id, &pwd_data, &key);
} else {
ret = KM_OpenKey(key_id.data, key_id.data_size, &key);
}
// open key and (if needed) decrypt it
if (with_pwd) {
- // KM_DecryptAsymKey requires KM_KeyId struct
- KM_KeyId keyIdData;
- keyIdData.data = key_id.data;
- keyIdData.data_size = key_id.data_size;
- keyIdData.magic = PSMagic_KeyId;
- ret = KM_DecryptAsymKey(&keyIdData, &pwd_data, &key);
+ ret = KM_DecryptAsymKey(&key_id, &pwd_data, &key);
} else {
ret = KM_OpenKey(key_id.data, key_id.data_size, &key);
}
// open key and (if needed) decrypt it
if (with_pwd) {
- // KM_DecryptAsymKey requires KM_KeyId struct
- KM_KeyId keyIdData;
- keyIdData.data = key_id.data;
- keyIdData.data_size = key_id.data_size;
- keyIdData.magic = PSMagic_KeyId;
- ret = KM_DecryptAsymKey(&keyIdData, &pwd_data, &key);
+ ret = KM_DecryptAsymKey(&key_id, &pwd_data, &key);
} else {
ret = KM_OpenKey(key_id.data, key_id.data_size, &key);
}
return TEE_SUCCESS;
}
-static TEE_Result KM_DecryptAsymKeyData(const KM_KeyId *id,
+static TEE_Result KM_DecryptAsymKeyData(const KM_BinaryData *id,
const KM_PwdData *pwd,
KM_BinaryData *decKeyBuf)
{
return ret;
}
-TEE_Result KM_DecryptAsymKey(const KM_KeyId *id, KM_PwdData* pwd, TEE_ObjectHandle *decKeyHndl)
+TEE_Result KM_DecryptAsymKey(const KM_BinaryData *id, KM_PwdData* pwd, TEE_ObjectHandle *decKeyHndl)
{
TEE_Result ret = TEE_SUCCESS;
KM_BinaryData decKeyBuf;
projects / platform / core / security / trusted / key-manager-ta.git / commitdiff