Use max object size for EC keys

TEE_ObjectInfo::objectSize may be 0 in some circumstances. It seems to
happen when TEE_Allocate/PopulateTransientObject is used to create EC
key.

TEE_ObjectInfo::maxObjectSize depends on the curve type so it seems
suitable for creating key-based operations as well as creating a
temporary ECDH key from an ECDSA one.

Change-Id: I71a915dbe0b6978cd810f4e4cd8db4a24c3eb03a

diff --git a/ta/src/cmd_exec.c b/ta/src/cmd_exec.c
index 6874ef6c92952fbf3e1518f5617f43337c9b24b6..9ed0ece6410183054d04731911e709ca2b0b3856 100644 (file)
--- a/ta/src/cmd_exec.c
+++ b/ta/src/cmd_exec.c
@@ -998,9 +998,12 @@ static TEE_Result KM_DeriveEcdhSecret(const TEE_ObjectHandle prv_key,
        TEE_ObjectHandle tmp_secret_handl = TEE_HANDLE_NULL;
        TEE_Attribute ecdhParams[2];
        uint32_t priv_curve = 0, pub_curve = 0, b = 0;
+       uint32_t maxKeySizeBits = 0;
 
        TEE_GetObjectInfo(prv_key, &info);
 
+       maxKeySizeBits = KM_MaxObjectSizeBits(&info);
+
        if(info.objectType != TEE_TYPE_ECDSA_KEYPAIR && info.objectType != TEE_TYPE_ECDH_KEYPAIR) {
                LOG("Invalid objectType of private key. objectType=%x.", info.objectType);
                return TEE_ERROR_BAD_PARAMETERS;
@@ -1021,19 +1024,19 @@ static TEE_Result KM_DeriveEcdhSecret(const TEE_ObjectHandle prv_key,
                return TEE_ERROR_BAD_PARAMETERS;
        }
 
-       ret = TEE_AllocateTransientObject(TEE_TYPE_GENERIC_SECRET, info.objectSize, &tmp_secret_handl);
+       ret = TEE_AllocateTransientObject(TEE_TYPE_GENERIC_SECRET, maxKeySizeBits, &tmp_secret_handl);
        if (TEE_SUCCESS != ret) {
-               LOG("TEE_AllocateTransientObject has failed with=%x. key_type = %x size_bits = %u",
-                       ret, TEE_TYPE_GENERIC_SECRET, info.objectSize);
+               LOG("TEE_AllocateTransientObject has failed with=%x. key_type = %x max_key_bits_size = %u",
+                       ret, TEE_TYPE_GENERIC_SECRET, maxKeySizeBits);
                goto clean;
        }
 
        // Change type from TEE_TYPE_ECDSA_KEYPAIR to TEE_TYPE_ECDH_KEYPAIR
        if(info.objectType == TEE_TYPE_ECDSA_KEYPAIR) {
-               ret = TEE_AllocateTransientObject(TEE_TYPE_ECDH_KEYPAIR, info.objectSize, &ecdh_key);
+               ret = TEE_AllocateTransientObject(TEE_TYPE_ECDH_KEYPAIR, maxKeySizeBits, &ecdh_key);
                if (TEE_SUCCESS != ret) {
                        LOG("TEE_AllocateTransientObject has failed with=%x. Arguments=(tee_key_type=%X, "
-                               "key_bits_size=%d.", ret, TEE_TYPE_ECDH_KEYPAIR, info.objectSize);
+                               "max_key_bits_size=%d.", ret, TEE_TYPE_ECDH_KEYPAIR, maxKeySizeBits);
                        goto clean;
                }
                ret = KM_CopyEcdhPrivateAttributes(ecdh_key, prv_key);

diff --git a/ta/src/internal.c b/ta/src/internal.c
index 9dabe4b0e3fda366e830690fcbe8a5806b90a647..f24368630034e34b0a6682001abeacdb422c5105 100644 (file)
--- a/ta/src/internal.c
+++ b/ta/src/internal.c
@@ -1143,7 +1143,8 @@ TEE_Result KM_CreateOperation(TEE_ObjectHandle op_key_hndl, uint32_t algo,
 
        TEE_GetObjectInfo(op_key_hndl, &info);
 
-       bits = KM_ObjectSizeBits(&info);
+       bits = KM_MaxObjectSizeBits(&info);
+
        LOGD("Operation key size: %d alg: %x mode: %x", bits, algo, mode);
        ret = TEE_AllocateOperation(hndl, algo, mode, bits);
        if (TEE_SUCCESS != ret) {