///< [1].memref - reference to serialized buffer:
///< KM_ParamsSerializeOutData with key id
- CMD_IMPORT_KEY, ///< Key Manager TA import key from normal world
- ///< TA will encrypt key with password if provided
- ///< Parameters:
- ///< [0].value.a - algorithm type (tz_algo_type)
- ///< [0].value.b - key size in bits
- ///< [1].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeInputData with key
- ///< KM_ParamsSerializePwdData with password (optional)
- ///< Output:
- ///< [0].value.a - return code
- ///< [2].memref - reference to serialized buffer:
- ///< KM_ParamsSerializeOutData with key id
-
CMD_IMPORT_ENCRYPTED_KEY, ///< Key Manager TA import encrypted key from
///< normal world. Not implemented
return ret;
}
-TEE_Result KM_ExecCmdImportKey(TEE_Param param[4])
-{
- TEE_Result ret = TEE_SUCCESS;
- TEE_ObjectHandle key = TEE_HANDLE_NULL;
- TEE_ObjectHandle oldKey = TEE_HANDLE_NULL;
- KM_SymmetricInput *input = NULL;
- KM_SymmetricInput *output = NULL;
- KM_InputData *input_data = NULL;
- KM_PwdData *pwd_data = NULL;
-
- uint32_t type = KM_AlgoType2TeeType(param[0].value.a);
- uint32_t key_bits_size = param[0].value.b;
- uint32_t tag_size = 0;
- void *tag = NULL;
- uint32_t objId_size = KM_KEY_ID_SIZE;
- uint32_t *objId = (uint32_t*)malloc(objId_size);
- if (objId == NULL) {
- LOG("Failed to allocate object ID buffer");
- ret = TEE_ERROR_OUT_OF_MEMORY;
- goto clean;
- }
-
- if (!KM_CheckAlgoKeySize(type, key_bits_size)) {
- LOG("Unsupported key size provided: %u", key_bits_size);
- ret = TEE_ERROR_BAD_PARAMETERS;
- goto clean;
- }
-
- ret = KM_DeserializeInput(param[1].memref.buffer, param[1].memref.size,
- &input, &input_data, &pwd_data, NULL, NULL, NULL, NULL);
- if (ret != TEE_SUCCESS) {
- LOG("Failed to deserialize data from input buffer");
- ret = TEE_ERROR_BAD_PARAMETERS;
- goto clean;
- }
-
- ret = KM_CreateKey(type, key_bits_size, input_data->data, &key);
- if (ret != TEE_SUCCESS) {
- LOG("Failed to create key");
- goto clean;
- }
-
- if (pwd_data != NULL) {
- oldKey = key;
-
- tag_size = pwd_data->tag_len_bits / 8;
- tag = malloc(tag_size);
- if (tag == NULL) {
- LOG("Failed to allocate memory for key's tag");
- ret = TEE_ERROR_OUT_OF_MEMORY;
- goto clean;
- }
-
- ret = KM_EncryptKey(key, pwd_data, &key, tag, &tag_size);
- if (TEE_SUCCESS != ret) {
- LOG("Failed to encrypt new key");
- goto clean;
- }
- }
-
- TEE_GenerateRandom(objId, objId_size);
-
- if (KM_ParamsSerializationInit(param[2].memref.buffer, param[2].memref.size, &output) != 0 ||
- KM_ParamsSerializeOutData(output, objId, objId_size) != 0) {
- LOG("Failed to serialize key to output buffer");
- ret = TEE_ERROR_BAD_PARAMETERS;
- goto clean;
- }
-
- if (tag != NULL) {
- if (KM_ParamsSerializeTagData(output, tag, tag_size) != 0) {
- LOG("Failed to serialize key's tag to output buffer");
- ret = TEE_ERROR_BAD_PARAMETERS;
- goto clean;
- }
- }
-
- ret = KM_SaveKey(NULL, 0, key, objId, objId_size);
- if (TEE_SUCCESS != ret) {
- LOG("Failed to save generated key");
- goto clean;
- }
-
-clean:
- TEE_CloseObject(oldKey);
- TEE_CloseObject(key);
- free(objId);
- free(tag);
- return ret;
-}
-
TEE_Result KM_ExecCmdSymmetric(uint32_t commandID, TEE_Param param[4])
{
TEE_Result ret = TEE_SUCCESS;
projects / platform / core / security / trusted / key-manager-ta.git / commitdiff