}
}
+tz_ec toTzEc(CKM::ElipticCurve ec)
+{
+ switch(ec) {
+ case CKM::ElipticCurve::prime192v1: return EC_NIST_P192;
+ case CKM::ElipticCurve::prime256v1: return EC_NIST_P256;
+ case CKM::ElipticCurve::secp384r1: return EC_NIST_P384;
+ default: ThrowErr(CKM::Exc::Crypto::DataTypeNotSupported, "EC not supported by tz-backend");
+ }
+}
+
} // namespace
namespace CKM {
const RawBuffer &hashPub)
{
AlgoType keyType = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
- int keyBits = unpack<int>(alg, ParamName::GEN_KEY_LEN);
RawBuffer pubPwdBuf;
if (!pubPwd.empty())
switch (keyType) {
case AlgoType::RSA_GEN: {
+ int keyBits = unpack<int>(alg, ParamName::GEN_KEY_LEN);
TrustZoneContext::Instance().generateRSAKey(keyBits,
pubPwdBuf,
pubPwdIv,
break;
}
case AlgoType::DSA_GEN: {
+ int keyBits = unpack<int>(alg, ParamName::GEN_KEY_LEN);
RawBuffer prime;
RawBuffer subprime;
RawBuffer base;
hashPub);
break;
}
+ case AlgoType::ECDSA_GEN: {
+ CKM::ElipticCurve ec = unpack<CKM::ElipticCurve>(alg, ParamName::GEN_EC);
+ TrustZoneContext::Instance().generateECKey(toTzEc(ec),
+ pubPwdBuf,
+ pubPwdIv,
+ privPwdBuf,
+ privPwdIv,
+ pubTag,
+ privTag,
+ hashPriv,
+ hashPub);
+ break;
+ }
default: {
ThrowErr(Exc::Crypto::InputParam,
"Invalid algo type provided for generateAKey function");
pubType= DataType(KeyType::KEY_DSA_PUBLIC);
privType = DataType(KeyType::KEY_DSA_PRIVATE);
}
+ else if(keyType == AlgoType::ECDSA_GEN){
+ pubType= DataType(KeyType::KEY_ECDSA_PUBLIC);
+ privType = DataType(KeyType::KEY_ECDSA_PRIVATE);
+ }
return std::make_pair<Token, Token>(
Token(m_backendId, privType, pack(hashPriv, privPass, privIv, privTag)),
void TrustZoneContext::GenerateAKey(tz_command commandId,
TZSerializer &sIn,
- uint32_t keySizeBits,
+ uint32_t genParam, // key size in bits or EC type
const RawBuffer &pubPwd,
const RawBuffer &pubPwdIv,
const RawBuffer &privPwd,
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
- op.params[0].value.b = keySizeBits;
+ op.params[0].value.b = genParam;
Execute(commandId, &op);
hashPub);
}
+void TrustZoneContext::generateECKey(tz_ec ec,
+ const RawBuffer &pubPwd,
+ const RawBuffer &pubPwdIv,
+ const RawBuffer &privPwd,
+ const RawBuffer &privPwdIv,
+ RawBuffer &pubKeyTag,
+ RawBuffer &privKeyTag,
+ const RawBuffer &hashPriv,
+ const RawBuffer &hashPub)
+{
+ // command ID = CMD_GENERATE_EC_KEYPAIR
+ TZSerializer sIn;
+
+ GenerateAKey(CMD_GENERATE_EC_KEYPAIR,
+ sIn,
+ static_cast<uint32_t>(ec),
+ pubPwd,
+ pubPwdIv,
+ privPwd,
+ privPwdIv,
+ pubKeyTag,
+ privKeyTag,
+ hashPriv,
+ hashPub);
+}
+
void TrustZoneContext::executeCrypt(tz_command cmd,
tz_algo_type algo,
const RawBuffer &keyId,
RawBuffer &privKeyTag,
const RawBuffer &hashPriv,
const RawBuffer &hashPub);
+ void generateECKey(tz_ec ec,
+ const RawBuffer &pubPwd,
+ const RawBuffer &pubPwdIv,
+ const RawBuffer &privPwd,
+ const RawBuffer &privPwdIv,
+ RawBuffer &pubKeyTag,
+ RawBuffer &privKeyTag,
+ const RawBuffer &hashPriv,
+ const RawBuffer &hashPub);
void importData(uint32_t dataType,
const RawBuffer &data,
void GenerateAKey(tz_command commandID,
TZSerializer &sIn,
- uint32_t keySizeBits,
+ uint32_t genParam,
const RawBuffer &pubPwd,
const RawBuffer &pubPwdIv,
const RawBuffer &privPwd,