Implement EC key pair generation in TZ backend

author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Tue, 21 Mar 2023 07:34:49 +0000 (08:34 +0100)

committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Mon, 27 Mar 2023 08:50:30 +0000 (10:50 +0200)
author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 21 Mar 2023 07:34:49 +0000 (08:34 +0100)
committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Mon, 27 Mar 2023 08:50:30 +0000 (10:50 +0200)
diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp

index 61f7b60..0c8d537 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -101,6 +101,16 @@ tz_data_type toTzDataType(const CKM::DataType dataType) {
         }
  }
  
+tz_ec toTzEc(CKM::ElipticCurve ec)
+{
+       switch(ec) {
+       case CKM::ElipticCurve::prime192v1: return EC_NIST_P192;
+       case CKM::ElipticCurve::prime256v1: return EC_NIST_P256;
+       case CKM::ElipticCurve::secp384r1: return EC_NIST_P384;
+       default: ThrowErr(CKM::Exc::Crypto::DataTypeNotSupported, "EC not supported by tz-backend");
+       }
+}
+
  } // namespace
  
  namespace CKM {
@@ -189,7 +199,6 @@ AlgoType generateAKey(const CryptoAlgorithm &alg,
                                         const RawBuffer &hashPub)
  {
         AlgoType keyType = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
-       int keyBits = unpack<int>(alg, ParamName::GEN_KEY_LEN);
  
         RawBuffer pubPwdBuf;
         if (!pubPwd.empty())
@@ -201,6 +210,7 @@ AlgoType generateAKey(const CryptoAlgorithm &alg,
  
         switch (keyType) {
         case AlgoType::RSA_GEN: {
+               int keyBits = unpack<int>(alg, ParamName::GEN_KEY_LEN);
                 TrustZoneContext::Instance().generateRSAKey(keyBits,
                                                                                                         pubPwdBuf,
                                                                                                         pubPwdIv,
@@ -213,6 +223,7 @@ AlgoType generateAKey(const CryptoAlgorithm &alg,
                 break;
         }
         case AlgoType::DSA_GEN: {
+               int keyBits = unpack<int>(alg, ParamName::GEN_KEY_LEN);
                 RawBuffer prime;
                 RawBuffer subprime;
                 RawBuffer base;
@@ -231,6 +242,19 @@ AlgoType generateAKey(const CryptoAlgorithm &alg,
                                                                                                         hashPub);
                 break;
         }
+       case AlgoType::ECDSA_GEN: {
+               CKM::ElipticCurve ec = unpack<CKM::ElipticCurve>(alg, ParamName::GEN_EC);
+               TrustZoneContext::Instance().generateECKey(toTzEc(ec),
+                                                                                                  pubPwdBuf,
+                                                                                                  pubPwdIv,
+                                                                                                  privPwdBuf,
+                                                                                                  privPwdIv,
+                                                                                                  pubTag,
+                                                                                                  privTag,
+                                                                                                  hashPriv,
+                                                                                                  hashPub);
+               break;
+       }
         default: {
                 ThrowErr(Exc::Crypto::InputParam,
                         "Invalid algo type provided for generateAKey function");
diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp

index 5035f74..e7e58fb 100644 (file)
--- a/src/manager/crypto/tz-backend/store.cpp
+++ b/src/manager/crypto/tz-backend/store.cpp
@@ -149,6 +149,10 @@ TokenPair Store::generateAKey(const CryptoAlgorithm &alg, const Password &privPa
                 pubType= DataType(KeyType::KEY_DSA_PUBLIC);
                 privType = DataType(KeyType::KEY_DSA_PRIVATE);
         }
+       else if(keyType == AlgoType::ECDSA_GEN){
+               pubType= DataType(KeyType::KEY_ECDSA_PUBLIC);
+               privType = DataType(KeyType::KEY_ECDSA_PRIVATE);
+       }
  
         return std::make_pair<Token, Token>(
                 Token(m_backendId, privType, pack(hashPriv, privPass, privIv, privTag)),
diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp

index 672573f..8a054bf 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -235,7 +235,7 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo,
  
  void TrustZoneContext::GenerateAKey(tz_command commandId,
                                      TZSerializer &sIn,
-                                    uint32_t keySizeBits,
+                                    uint32_t genParam, // key size in bits or EC type
                                      const RawBuffer &pubPwd,
                                      const RawBuffer &pubPwdIv,
                                      const RawBuffer &privPwd,
@@ -267,7 +267,7 @@ void TrustZoneContext::GenerateAKey(tz_command commandId,
         TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
  
         TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
-       op.params[0].value.b = keySizeBits;
+       op.params[0].value.b = genParam;
  
         Execute(commandId, &op);
  
@@ -336,6 +336,32 @@ void TrustZoneContext::generateDSAKey(uint32_t keySizeBits,
                      hashPub);
  }
  
+void TrustZoneContext::generateECKey(tz_ec ec,
+                                                                        const RawBuffer &pubPwd,
+                                                                        const RawBuffer &pubPwdIv,
+                                                                        const RawBuffer &privPwd,
+                                                                        const RawBuffer &privPwdIv,
+                                                                        RawBuffer &pubKeyTag,
+                                                                        RawBuffer &privKeyTag,
+                                                                        const RawBuffer &hashPriv,
+                                                                        const RawBuffer &hashPub)
+{
+       // command ID = CMD_GENERATE_EC_KEYPAIR
+       TZSerializer sIn;
+
+       GenerateAKey(CMD_GENERATE_EC_KEYPAIR,
+                    sIn,
+                    static_cast<uint32_t>(ec),
+                    pubPwd,
+                    pubPwdIv,
+                    privPwd,
+                    privPwdIv,
+                    pubKeyTag,
+                    privKeyTag,
+                    hashPriv,
+                    hashPub);
+}
+
  void TrustZoneContext::executeCrypt(tz_command cmd,
                                                                         tz_algo_type algo,
                                                                         const RawBuffer &keyId,
diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h

index 4f5a69c..b85186e 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.h
+++ b/src/manager/crypto/tz-backend/tz-context.h
@@ -70,6 +70,15 @@ public:
                                                 RawBuffer &privKeyTag,
                                                 const RawBuffer &hashPriv,
                                                 const RawBuffer &hashPub);
+       void generateECKey(tz_ec ec,
+                                          const RawBuffer &pubPwd,
+                                          const RawBuffer &pubPwdIv,
+                                          const RawBuffer &privPwd,
+                                          const RawBuffer &privPwdIv,
+                                          RawBuffer &pubKeyTag,
+                                          RawBuffer &privKeyTag,
+                                          const RawBuffer &hashPriv,
+                                          const RawBuffer &hashPub);
  
         void importData(uint32_t dataType,
                                         const RawBuffer &data,
@@ -142,7 +151,7 @@ private:
  
         void GenerateAKey(tz_command commandID,
                           TZSerializer &sIn,
-                         uint32_t keySizeBits,
+                         uint32_t genParam,
                           const RawBuffer &pubPwd,
                           const RawBuffer &pubPwdIv,
                           const RawBuffer &privPwd,
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Tue, 21 Mar 2023 07:34:49 +0000 (08:34 +0100)
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Mon, 27 Mar 2023 08:50:30 +0000 (10:50 +0200)
src/manager/crypto/tz-backend/internals.cpp		patch \| blob \| history
src/manager/crypto/tz-backend/store.cpp		patch \| blob \| history
src/manager/crypto/tz-backend/tz-context.cpp		patch \| blob \| history
src/manager/crypto/tz-backend/tz-context.h		patch \| blob \| history