Fix bugs during exporting a wrapped key

- generous output size check
- enlarged encryption overhead for RSA
- use type of wrap to key

Change-Id: I64367edf00d58e67df62a682a05c58dae5e2327b

diff --git a/src/manager/crypto/tz-backend/obj.cpp b/src/manager/crypto/tz-backend/obj.cpp
index a811557..a1fbbb7 100644 (file)
--- a/src/manager/crypto/tz-backend/obj.cpp
+++ b/src/manager/crypto/tz-backend/obj.cpp
@@ -120,7 +120,7 @@ RawBuffer Key::wrap(const CryptoAlgorithm &alg,
                                                                           alg,
                                                                           keyToWrapId,
                                                                           Pwd(keyToWrapPass, keyToWrapIV, keyToWrapTag),
-                                                                          m_type);
+                                                                          keyToWrap.dataType);
 }
 
 RawBuffer SKey::encrypt(const CryptoAlgorithm &alg, const RawBuffer &data)

diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index 8710982..fb05e3c 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -770,9 +770,13 @@ RawBuffer TrustZoneContext::exportWrappedKey(const RawBuffer &wrappingKeyId,
 
        LogDebug("GetData data_size = [" << dataSize << "]");
 
+       uint32_t enc_overhead = KM_ENCRYPTION_OVERHEAD;
+       if (algo == ALGO_RSA)
+               enc_overhead = KM_RSA_BLOCK_SIZE;
+
        // encrypted data may be longer
        TZSerializer sOut;
-       sOut.Push(new TZSerializableBinary(dataSize + KM_ENCRYPTION_OVERHEAD));
+       sOut.Push(new TZSerializableBinary(dataSize + enc_overhead, false));
        TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
        sOut.Serialize(outMemory);