Add ML-KEM keypair creation tz-backend implementation

Change-Id: If3d92ed99ff4dffd5cea930354b8463246880b8a

diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index cb89002633cbc9fb2bff2b8d8579594f454c3576..6e6cf69cf02efe1fa151c92b8cb2cda2d677f307 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -96,9 +96,11 @@ tz_data_type toTzDataType(const CKM::DataType dataType) {
        case CKM::DataType::KEY_DSA_PRIVATE:   return TYPE_AKEY_PRIVATE_DSA;
        case CKM::DataType::KEY_RSA_PRIVATE:   return TYPE_AKEY_PRIVATE_RSA;
        case CKM::DataType::KEY_ECDSA_PRIVATE: return TYPE_AKEY_PRIVATE_EC;
+       case CKM::DataType::KEY_KEM_PRIVATE:   return TYPE_AKEY_PRIVATE_KEM;
        case CKM::DataType::KEY_DSA_PUBLIC:    return TYPE_AKEY_PUBLIC_DSA;
        case CKM::DataType::KEY_RSA_PUBLIC:    return TYPE_AKEY_PUBLIC_RSA;
        case CKM::DataType::KEY_ECDSA_PUBLIC:  return TYPE_AKEY_PUBLIC_EC;
+       case CKM::DataType::KEY_KEM_PUBLIC:    return TYPE_AKEY_PUBLIC_KEM;
        default:
                ThrowErr(CKM::Exc::Crypto::DataTypeNotSupported,
                        "Data type could not be imported by tz-backend");
@@ -115,6 +117,15 @@ tz_ec toTzEc(CKM::ElipticCurve ec)
        }
 }
 
+tz_kem toTzKem(CKM::KemType kem)
+{
+       switch(kem) {
+       case CKM::KemType::ML_KEM_768: return ML_KEM_768;
+       case CKM::KemType::ML_KEM_1024: return ML_KEM_1024;
+       default: ThrowErr(CKM::Exc::Crypto::InputParam, "KEM not supported by tz-backend");
+       }
+}
+
 tz_prf toTzPrf(CKM::KdfPrf prf)
 {
        switch(prf) {
@@ -337,6 +348,19 @@ AlgoType generateAKey(const CryptoAlgorithm &alg,
                                                                                                   hashPub);
                break;
        }
+       case AlgoType::KEM_GEN: {
+               CKM::KemType kt = unpack<CKM::KemType>(alg, ParamName::GEN_KEM_TYPE);
+               TrustZoneContext::Instance().generateKEMKey(toTzKem(kt),
+                                                                                                       pubPwdBuf,
+                                                                                                       pubPwdIv,
+                                                                                                       privPwdBuf,
+                                                                                                       privPwdIv,
+                                                                                                       pubTag,
+                                                                                                       privTag,
+                                                                                                       hashPriv,
+                                                                                                       hashPub);
+               break;
+       }
        default: {
                ThrowErr(Exc::Crypto::InputParam,
                        "Invalid algo type provided for generateAKey function");

diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp
index e4752cff5c89d6910e5ac52f6da7958d7e903401..87360f5c7b9cb87e52f4db3319bc36c2b7d65b0f 100644 (file)
--- a/src/manager/crypto/tz-backend/store.cpp
+++ b/src/manager/crypto/tz-backend/store.cpp
@@ -113,6 +113,10 @@ TokenPair Store::generateAKey(const CryptoAlgorithm &alg, const Password &privPa
                pubType= DataType(KeyType::KEY_ECDSA_PUBLIC);
                privType = DataType(KeyType::KEY_ECDSA_PRIVATE);
        }
+       else if(keyType == AlgoType::KEM_GEN){
+               pubType= DataType(KeyType::KEY_KEM_PUBLIC);
+               privType = DataType(KeyType::KEY_KEM_PRIVATE);
+       }
 
        return std::make_pair<Token, Token>(
                Token(m_backendId, privType, pack(hashPriv, privPass, privIv, privTag)),
@@ -156,7 +160,9 @@ Token Store::import(const Data &data, const Password &pass, const EncryptionPara
 void Store::destroy(const Token &token)
 {
        RawBuffer id = unpackData(token.data);
-       if (token.dataType.isBinaryData()) {
+       if (token.dataType.isBinaryData() ||
+               token.dataType.isKemPublicKey() ||
+               token.dataType.isKemPrivateKey()) {
                // TODO this should be a generic "destroy persistent memory object" once
                // serialization in key-manager-ta is unified
                Internals::destroyData(id);

diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index b581d87c730c27c969e1f8418b59365b9f714cbf..c04139e9138983cf478a409e8f12d329bc9a9c4b 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -365,6 +365,32 @@ void TrustZoneContext::generateECKey(tz_ec ec,
                     hashPub);
 }
 
+void TrustZoneContext::generateKEMKey(tz_kem kemType,
+                                                                         const RawBuffer &pubPwd,
+                                                                         const RawBuffer &pubPwdIv,
+                                                                         const RawBuffer &privPwd,
+                                                                         const RawBuffer &privPwdIv,
+                                                                         RawBuffer &pubKeyTag,
+                                                                         RawBuffer &privKeyTag,
+                                                                         const RawBuffer &hashPriv,
+                                                                         const RawBuffer &hashPub)
+{
+       // command ID = CMD_GENERATE_KEM_KEYPAIR
+       TZSerializer sIn;
+
+       GenerateAKey(CMD_GENERATE_KEM_KEYPAIR,
+                    sIn,
+                    static_cast<uint32_t>(kemType),
+                    pubPwd,
+                    pubPwdIv,
+                    privPwd,
+                    privPwdIv,
+                    pubKeyTag,
+                    privKeyTag,
+                    hashPriv,
+                    hashPub);
+}
+
 void TrustZoneContext::executeCrypt(tz_command cmd,
                                                                        tz_algo_type algo,
                                                                        tz_hash_type hash,

diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h
index 0b16a8822258165e9a3e338b772b0bbcb12c08dd..768604fcaa6bd3677124b1bbcc6e54de20923153 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.h
+++ b/src/manager/crypto/tz-backend/tz-context.h
@@ -79,6 +79,15 @@ public:
                                           RawBuffer &privKeyTag,
                                           const RawBuffer &hashPriv,
                                           const RawBuffer &hashPub);
+       void generateKEMKey(tz_kem kemType,
+                                               const RawBuffer &pubPwd,
+                                               const RawBuffer &pubPwdIv,
+                                               const RawBuffer &privPwd,
+                                               const RawBuffer &privPwdIv,
+                                               RawBuffer &pubKeyTag,
+                                               RawBuffer &privKeyTag,
+                                               const RawBuffer &hashPriv,
+                                               const RawBuffer &hashPub);
 
        void importData(uint32_t dataType,
                                        const RawBuffer &data,