/**
- * Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015-2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <permission.h>
#include <array>
#include <algorithm>
+#include <vector>
#include "CC_API.h"
#include "ssf_crypto_openssl.h"
break;
case TEE_ALG_DSA_SHA1:
- padding = 0;
- rc = handle->RSA_setKeypairForCRT(handle, padding,
- key->rsa_modulus.buffer, key->rsa_modulus.size,
- key->rsa_public.buffer, key->rsa_public.size,
- key->rsa_private.buffer, key->rsa_private.size,
+ // set prime, subprime and base
+ rc = handle->DSA_setParam(handle,
key->rsa_prime1.buffer, key->rsa_prime1.size,
key->rsa_prime2.buffer, key->rsa_prime2.size,
- key->rsa_exponent1.buffer, key->rsa_exponent1.size,
- key->rsa_exponent2.buffer, key->rsa_exponent2.size,
- key->rsa_coefficient.buffer, key->rsa_coefficient.size);
+ key->rsa_modulus.buffer, key->rsa_modulus.size);
+ if (rc != 0)
+ break;
+
+ // set private and public value
+ rc = handle->DSA_setKeyPair(handle,
+ key->rsa_public.buffer, key->rsa_public.size,
+ key->rsa_private.buffer, key->rsa_private.size);
break;
case TEE_ALG_GENERATE_SECRET_KEY:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384:
case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512:
+ case TEE_ALG_DSA_SHA1:
if (operation->info.mode == TEE_MODE_SIGN ) {
rc = handle->DS_sign(handle, src_addr, src_size, dst_addr, dst_size);
} else {
break;
case TEE_ALG_DSA_SHA1:
- goto error;
+ alg = ID_DSA;
break;
case TEE_ALG_ECDSA_P160:
return rc;
}
+class BufferProvider
+{
+public:
+ //BufferProvider() = default;
+ void PrepareBuffer(size_t size, crypto_internal_keydata& data) {
+ buffers.emplace_back(size, 0x00);
+ data.size = size;
+ data.buffer = buffers.back().data();
+ }
+
+private:
+ std::vector<std::vector<unsigned char>> buffers;
+};
+
int crypto_internal_open(crypto_internal_operation *operation)
{
if (operation->info.algorithm == TEE_ALG_AES_GCM || operation->info.algorithm == TEE_ALG_AES_CTR) {
(void)paramCount;
crypto_internal_operation *op = (crypto_internal_operation*) operation;
crypto_internal_keystruct key;
-
- unsigned char module_buf[384] = {0x0, };
- unsigned char pub_buf[384] = {0x0, };
- unsigned char priv_buf[384] = {0x0, };
-
- memset(&key, 0x00, sizeof(crypto_internal_keystruct));
- key.rsa_modulus.size = sizeof(module_buf);
- key.rsa_modulus.buffer = module_buf;
- key.rsa_public.size = sizeof(pub_buf);
- key.rsa_public.buffer = pub_buf;
- key.rsa_private.size = sizeof(priv_buf);
- key.rsa_private.buffer = priv_buf;
+ TEE_ObjectInfo info;
if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) {
CRYPTO_PANIC;
if (!(op->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) {
CRYPTO_PANIC;
}
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_MODULUS,
- (void*)key.rsa_modulus.buffer, (size_t*)&key.rsa_modulus.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
- }
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PUBLIC_EXPONENT,
- (void*)key.rsa_public.buffer, (size_t*)&key.rsa_public.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
- }
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PRIVATE_EXPONENT,
- (void*)key.rsa_private.buffer, (size_t*)&key.rsa_private.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
- }
+
+ TEE_GetObjectInfo(op->key1, &info);
+
+ // TEE_GetObjectBufferAttribute does not allow length probing
+ size_t maxAttrSize = info.objectSize / 8;
+ memset(&key, 0x00, sizeof(crypto_internal_keystruct));
+ BufferProvider bp;
+
+ switch (info.objectType) {
+ case TEE_TYPE_RSA_KEYPAIR:
+ {
+ bp.PrepareBuffer(maxAttrSize, key.rsa_modulus);
+ bp.PrepareBuffer(maxAttrSize, key.rsa_private);
+
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_MODULUS,
+ (void*) key.rsa_modulus.buffer, (size_t*) &key.rsa_modulus.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PRIVATE_EXPONENT,
+ (void*) key.rsa_private.buffer, (size_t*) &key.rsa_private.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
#if 0 /* Not Support */
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PRIME1,
- (void*)key.rsa_prime1.buffer, (size_t*)&key.rsa_prime1.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
- }
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PRIME2,
- (void*)key.rsa_prime2.buffer, (size_t*)&key.rsa_prime2.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
- }
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_EXPONENT1,
- (void*)key.rsa_exponent1.buffer, (size_t*)&key.rsa_exponent1.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
- }
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_EXPONENT2,
- (void*)key.rsa_exponent2.buffer, (size_t*)&key.rsa_exponent2.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PRIME1,
+ (void*)key.rsa_prime1.buffer, (size_t*)&key.rsa_prime1.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PRIME2,
+ (void*)key.rsa_prime2.buffer, (size_t*)&key.rsa_prime2.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_EXPONENT1,
+ (void*)key.rsa_exponent1.buffer, (size_t*)&key.rsa_exponent1.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_EXPONENT2,
+ (void*)key.rsa_exponent2.buffer, (size_t*)&key.rsa_exponent2.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_COEFFICIENT,
+ (void*)key.rsa_coefficient.buffer, (size_t*)&key.rsa_coefficient.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+#endif
+ if (!key.rsa_modulus.buffer || !key.rsa_private.buffer /*|| !key.rsa_public.buffer
+ || !key.rsa_prime1.buffer || !key.rsa_prime2.buffer || !key.rsa_exponent1.buffer
+ || !key.rsa_exponent2.buffer || !key.rsa_coefficient.buffer*/) {
+ CRYPTO_PANIC;
+ }
+ break;
}
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_COEFFICIENT,
- (void*)key.rsa_coefficient.buffer, (size_t*)&key.rsa_coefficient.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
+ case TEE_TYPE_DSA_KEYPAIR:
+ {
+ bp.PrepareBuffer(maxAttrSize, key.rsa_prime1);
+ bp.PrepareBuffer(maxAttrSize, key.rsa_prime2);
+ bp.PrepareBuffer(maxAttrSize, key.rsa_modulus);
+ bp.PrepareBuffer(maxAttrSize, key.rsa_private);
+
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_DSA_PRIME,
+ (void*) key.rsa_prime1.buffer, (size_t*) &key.rsa_prime1.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_DSA_SUBPRIME,
+ (void*) key.rsa_prime2.buffer, (size_t*) &key.rsa_prime2.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_DSA_BASE,
+ (void*) key.rsa_modulus.buffer, (size_t*) &key.rsa_modulus.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_DSA_PRIVATE_VALUE,
+ (void*) key.rsa_private.buffer, (size_t*) &key.rsa_private.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+
+ break;
}
-#endif
- if(!key.rsa_modulus.buffer || !key.rsa_public.buffer || !key.rsa_private.buffer
- /*|| !key.rsa_prime1.buffer || !key.rsa_prime2.buffer || !key.rsa_exponent1.buffer
- || !key.rsa_exponent2.buffer || !key.rsa_coefficient.buffer*/) {
+ default:
CRYPTO_PANIC;
}
+
if (crypto_internal_init(op, &key, NULL, 0)) {
CRYPTO_PANIC;
}
crypto_internal_operation *op = (crypto_internal_operation*) operation;
crypto_internal_keystruct key;
size_t sign_len=signatureLen;
-
- unsigned char module_buf[384] = {0x0, };
- unsigned char pub_buf[384] = {0x0, };
-
- memset(&key, 0x00, sizeof(crypto_internal_keystruct));
- key.rsa_modulus.size = sizeof(module_buf);
- key.rsa_modulus.buffer = module_buf;
- key.rsa_public.size = sizeof(pub_buf);
- key.rsa_public.buffer = pub_buf;
+ TEE_ObjectInfo info;
if (op->info.operationClass != TEE_OPERATION_ASYMMETRIC_SIGNATURE) {
CRYPTO_PANIC;
if (!(op->info.handleState & TEE_HANDLE_FLAG_KEY_SET)) {
CRYPTO_PANIC;
}
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_MODULUS,
- (void*)key.rsa_modulus.buffer, (size_t*)&key.rsa_modulus.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
+
+ TEE_GetObjectInfo(op->key1, &info);
+
+ // TEE_GetObjectBufferAttribute does not allow length probing
+ size_t maxAttrSize = info.objectSize / 8;
+
+ memset(&key, 0x00, sizeof(crypto_internal_keystruct));
+ BufferProvider bp;
+
+ switch (info.objectType) {
+ case TEE_TYPE_RSA_PUBLIC_KEY:
+ case TEE_TYPE_RSA_KEYPAIR:
+ {
+ bp.PrepareBuffer(maxAttrSize, key.rsa_modulus);
+ bp.PrepareBuffer(maxAttrSize, key.rsa_public);
+
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_MODULUS,
+ (void*)key.rsa_modulus.buffer, (size_t*)&key.rsa_modulus.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PUBLIC_EXPONENT,
+ (void*)key.rsa_public.buffer, (size_t*)&key.rsa_public.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if(!key.rsa_modulus.buffer || !key.rsa_public.buffer ) {
+ CRYPTO_PANIC;
+ }
+ break;
}
- if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_RSA_PUBLIC_EXPONENT,
- (void*)key.rsa_public.buffer, (size_t*)&key.rsa_public.size) != TEE_SUCCESS) {
- CRYPTO_PANIC;
+ case TEE_TYPE_DSA_PUBLIC_KEY:
+ case TEE_TYPE_DSA_KEYPAIR:
+ {
+ bp.PrepareBuffer(maxAttrSize, key.rsa_prime1);
+ bp.PrepareBuffer(maxAttrSize, key.rsa_prime2);
+ bp.PrepareBuffer(maxAttrSize, key.rsa_modulus);
+ bp.PrepareBuffer(maxAttrSize, key.rsa_public);
+
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_DSA_PRIME,
+ (void*) key.rsa_prime1.buffer, (size_t*) &key.rsa_prime1.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_DSA_SUBPRIME,
+ (void*) key.rsa_prime2.buffer, (size_t*) &key.rsa_prime2.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_DSA_BASE,
+ (void*) key.rsa_modulus.buffer, (size_t*) &key.rsa_modulus.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ if (TEE_GetObjectBufferAttribute(op->key1, TEE_ATTR_DSA_PUBLIC_VALUE,
+ (void*) key.rsa_public.buffer, (size_t*) &key.rsa_public.size) != TEE_SUCCESS) {
+ CRYPTO_PANIC;
+ }
+ break;
}
- if(!key.rsa_modulus.buffer || !key.rsa_public.buffer ) {
+ default:
CRYPTO_PANIC;
}
+
if (crypto_internal_init(op, &key, NULL, 0)) {
CRYPTO_PANIC;
}