Reduce number of import methods

author Bartlomiej Grzelewski <b.grzelewski@samsung.com>

Tue, 25 Sep 2018 12:11:38 +0000 (14:11 +0200)

committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Wed, 3 Oct 2018 14:55:28 +0000 (16:55 +0200)
author Bartlomiej Grzelewski <b.grzelewski@samsung.com>
Tue, 25 Sep 2018 12:11:38 +0000 (14:11 +0200)
committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Wed, 3 Oct 2018 14:55:28 +0000 (16:55 +0200)
diff --git a/ta/include/km_ta_defines.h b/ta/include/km_ta_defines.h

index 934acef98546fa3f8941f88463824f8a6b973e80..999879807b7765b52d083c86bc3f8e8ef546b067 100644 (file)
--- a/ta/include/km_ta_defines.h
+++ b/ta/include/km_ta_defines.h
@@ -169,8 +169,12 @@ typedef enum {
                              ///< TA will encrypt data with password if provided
                              ///< Parameters:
                              ///<    [1].memref  - reference to serialized buffer:
-                            ///<        KM_BinaryData with binary data
-                            ///<               uint32_t boolean value - true if password is provided
+                            ///<        uint32_t contains tz_algo_type. This indicates data type
+                            ///<                 stored in next buffer
+                            ///<        KM_BinaryData with binary data or symetric key
+                            ///<        uint32_t binary data size in bits
+                            ///<        KM_BinaryData IV for decryption with built-in key
+                            ///<        uint32_t boolean value - true if password is provided
                              ///<        KM_PwdData with password (optional)
                              ///< Output:
                              ///<    [0].value.a - return code
@@ -242,6 +246,11 @@ typedef enum {
         HASH_SHA512,
  } tz_hash_type;
  
+typedef enum {
+       TYPE_GENERIC_SECRET,
+       TYPE_SKEY,
+} tz_data_type;
+
  // TODO these must be somehow confronted with TEE_OBJECT_ID_MAX_LEN
  #define KM_KEY_ID_SIZE 64
  #define KM_DATA_ID_SIZE 64
diff --git a/ta/src/cmd_exec.c b/ta/src/cmd_exec.c

index fa88b145499c0c0a3b22a9aa4c399de71945ea80..3582d4da872a2ed400cdd659fc777f2a6491bedf 100644 (file)
--- a/ta/src/cmd_exec.c
+++ b/ta/src/cmd_exec.c
@@ -859,16 +859,21 @@ clean:
         return ret;
  }
  
-
  TEE_Result KM_ExecCmdSaveData(TEE_Param param[4])
  {
         TEE_Result ret = TEE_SUCCESS;
+       TEE_ObjectHandle key = TEE_HANDLE_NULL;
+       TEE_ObjectHandle oldKey = TEE_HANDLE_NULL;
         KM_BinaryData dataToSave;
-       KM_BinaryData encData;
-       KM_BinaryData objId;
+       KM_BinaryData dataEncIV;                   // IV used to decrypt dataToSave with built-in key
+       KM_BinaryData encData;                     // Used during encyption with password
+       KM_BinaryData objId;                       // Random ID of object
         KM_BinaryData tag;
         KM_PwdData pwdData;
         uint32_t with_pwd = 0;
+       uint32_t dataSizeBits_flag;
+       uint32_t dataTypeFlag;                     // representation of tz_data_type
+
         void *in_buffer = param[1].memref.buffer;
         void *out_buffer = param[2].memref.buffer;
         uint32_t in_size_guard = param[1].memref.size;
@@ -876,11 +881,30 @@ TEE_Result KM_ExecCmdSaveData(TEE_Param param[4])
  
         encData.data = objId.data = tag.data = NULL;
  
+       if (KM_DeserializeFlag(&in_buffer, &in_size_guard, &dataTypeFlag)) {
+               LOG("Error in deserialization");
+               ret = TEE_ERROR_BAD_PARAMETERS;
+               goto clean;
+       }
+
         if (KM_DeserializeBinaryData(&in_buffer, &in_size_guard, &dataToSave)) {
                 LOG("Error in deserialization");
                 ret = TEE_ERROR_BAD_PARAMETERS;
                 goto clean;
         }
+
+       if (KM_DeserializeFlag(&in_buffer, &in_size_guard, &dataSizeBits_flag)) {
+               LOG("Error in deserialization");
+               ret = TEE_ERROR_BAD_PARAMETERS;
+               goto clean;
+       }
+
+       if (KM_DeserializeBinaryData(&in_buffer, &in_size_guard, &dataEncIV)) {
+               LOG("Error in deserialization");
+               ret = TEE_ERROR_BAD_PARAMETERS;
+               goto clean;
+       }
+
         if (KM_DeserializeFlag(&in_buffer, &in_size_guard, &with_pwd)) {
                 LOG("Error in deserialization");
                 ret = TEE_ERROR_BAD_PARAMETERS;
@@ -893,41 +917,8 @@ TEE_Result KM_ExecCmdSaveData(TEE_Param param[4])
                         ret = TEE_ERROR_BAD_PARAMETERS;
                         goto clean;
                 }
-               tag.data_size = pwdData.tag_len_bits / 8;
-               tag.data = malloc(tag.data_size);
-               if (tag.data == NULL) {
-                       LOG("Failed to allocate memory for data encryption key's tag");
-                       ret = TEE_ERROR_OUT_OF_MEMORY;
-                       goto clean;
-               }
-               // Probing for needed buffer size
-               encData.data = NULL;
-               encData.data_size = 0;
-               ret = KM_EncryptDataWithPwd(&pwdData, dataToSave.data, dataToSave.data_size,
-                                                                   encData.data, &encData.data_size, tag.data, &tag.data_size);
-
-               // We should get SHORT_BUFFER, but simulator tends to return TEE_SUCCESS
-               if (ret != TEE_ERROR_SHORT_BUFFER && ret != TEE_SUCCESS) {
-                       LOG("Failed to probe for needed data size");
-                       ret = TEE_ERROR_GENERIC;
-                       goto clean;
-               }
-               encData.data = malloc(encData.data_size);
-               if (encData.data == NULL) {
-                       LOG("Failed to allocate object buffer for encrypting data");
-                       ret = TEE_ERROR_OUT_OF_MEMORY;
-                       goto clean;
-               }
-               ret = KM_EncryptDataWithPwd(&pwdData, dataToSave.data, dataToSave.data_size,
-                                                                   encData.data, &encData.data_size, tag.data, &tag.data_size);
-               if (ret != TEE_SUCCESS) {
-                       LOG("Failed to encrypt data for storage");
-                       goto clean;
-               }
-               dataToSave = encData;
         }
  
-
         objId.data_size = TEE_OBJECT_ID_MAX_LEN;
         objId.data = malloc(objId.data_size);
  
@@ -940,9 +931,87 @@ TEE_Result KM_ExecCmdSaveData(TEE_Param param[4])
         // ObjectID generation
         TEE_GenerateRandom(objId.data, objId.data_size);
  
-       ret = KM_SaveData(dataToSave.data, dataToSave.data_size, objId.data, objId.data_size);
-       if (ret != TEE_SUCCESS) {
-               LOG("Failed to save data to storage");
+       if (dataTypeFlag == TYPE_GENERIC_SECRET) {
+               // TODO support for decryption with dataEncIV
+               if (with_pwd) {
+                       tag.data_size = pwdData.tag_len_bits / 8;
+                       tag.data = malloc(tag.data_size);
+                       if (tag.data == NULL) {
+                               LOG("Failed to allocate memory for data encryption key's tag");
+                               ret = TEE_ERROR_OUT_OF_MEMORY;
+                               goto clean;
+                       }
+                       // Probing for needed buffer size
+                       encData.data = NULL;
+                       encData.data_size = 0;
+                       ret = KM_EncryptDataWithPwd(&pwdData, dataToSave.data, dataToSave.data_size,
+                                                                           encData.data, &encData.data_size, tag.data, &tag.data_size);
+
+                       // We should get SHORT_BUFFER, but simulator tends to return TEE_SUCCESS
+                       if (ret != TEE_ERROR_SHORT_BUFFER && ret != TEE_SUCCESS) {
+                               LOG("Failed to probe for needed data size");
+                               ret = TEE_ERROR_GENERIC;
+                               goto clean;
+                       }
+                       encData.data = malloc(encData.data_size);
+                       if (encData.data == NULL) {
+                               LOG("Failed to allocate object buffer for encrypting data");
+                               ret = TEE_ERROR_OUT_OF_MEMORY;
+                               goto clean;
+                       }
+                       ret = KM_EncryptDataWithPwd(&pwdData, dataToSave.data, dataToSave.data_size,
+                                                                           encData.data, &encData.data_size, tag.data, &tag.data_size);
+                       if (ret != TEE_SUCCESS) {
+                               LOG("Failed to encrypt data for storage");
+                               goto clean;
+                       }
+                       dataToSave = encData;
+               }
+               ret = KM_SaveData(dataToSave.data, dataToSave.data_size, objId.data, objId.data_size);
+               if (ret != TEE_SUCCESS) {
+                       LOG("Failed to save data to storage");
+               }
+       } else if (dataTypeFlag == TYPE_SKEY) {
+               // TODO support for decryption with dataEncIV
+               if (!KM_CheckAlgoKeySize(TEE_TYPE_AES, dataSizeBits_flag)) {
+                       LOG("Unsupported key size provided: %u", dataSizeBits_flag);
+                       ret = TEE_ERROR_BAD_PARAMETERS;
+                       goto clean;
+               }
+
+               KM_CreateKey(TEE_TYPE_AES, dataSizeBits_flag, dataToSave.data, &key);
+               if (ret != TEE_SUCCESS) {
+                       LOG("Failed to create key");
+                       goto clean;
+               }
+
+               if (with_pwd) {
+                       tag.data_size = pwdData.tag_len_bits / 8;
+                       tag.data = malloc(tag.data_size);
+                       if (tag.data == NULL) {
+                               LOG("Failed to allocate memory for key's tag");
+                               ret = TEE_ERROR_OUT_OF_MEMORY;
+                               goto clean;
+                       }
+
+                       oldKey = key;
+
+                       ret = KM_EncryptKey(key, &pwdData, &key, tag.data, &tag.data_size);
+                       if (TEE_SUCCESS != ret) {
+                               LOG("Failed to encrypt new key");
+                               goto clean;
+                       }
+               }
+
+               ret = KM_SaveKey(NULL, 0, key, objId.data, objId.data_size);
+               if (TEE_SUCCESS != ret) {
+                       LOG("Failed to save generated key");
+                       goto clean;
+               }
+       } else {
+               LOG("This data type(tz_algo_type=%u) is not supported by import methods.\n", dataTypeFlag);
+               ret = TEE_ERROR_BAD_PARAMETERS;
+               goto clean;
         }
  
         // Output data - ID of the object
@@ -951,6 +1020,7 @@ TEE_Result KM_ExecCmdSaveData(TEE_Param param[4])
                 ret = TEE_ERROR_BAD_PARAMETERS;
                 goto clean;
         }
+
         // If needed, also the tag ID
         if (with_pwd) {
                 if (KM_Serialize(&out_buffer, &out_size_guard, tag.data, tag.data_size)) {
@@ -960,6 +1030,8 @@ TEE_Result KM_ExecCmdSaveData(TEE_Param param[4])
         }
  
  clean:
+       TEE_CloseObject(oldKey);
+       TEE_CloseObject(key);
         free(objId.data);
         free(encData.data);
         free(tag.data);
author	Bartlomiej Grzelewski <b.grzelewski@samsung.com>
	Tue, 25 Sep 2018 12:11:38 +0000 (14:11 +0200)
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Wed, 3 Oct 2018 14:55:28 +0000 (16:55 +0200)
ta/include/km_ta_defines.h		patch \| blob \| history
ta/src/cmd_exec.c		patch \| blob \| history