From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Thu, 18 May 2023 11:50:04 +0000 (+0200)
Subject: Add missing KBKDF params in TZ backend
X-Git-Tag: accepted/tizen/7.0/unified/20230620.164235~1^2~15
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=478c26b4861d643caa6552ccb2de433ac31d563c;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git

Add missing KBKDF params in TZ backend

Change-Id: I4cadca649889190c30868c55a2e91c9f49252d84
---

diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index d732c4cd..51bce1dd 100644
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -755,6 +755,10 @@ void deriveKBKDF(const RawBuffer &secret,
 				 RawBuffer &keyTag,
 				 const RawBuffer &keyHash)
 {
+	RawBuffer label, context, fixed;
+	alg.getParam(ParamName::KBKDF_LABEL, label);
+	alg.getParam(ParamName::KBKDF_CONTEXT, context);
+	alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
 	auto prf = unpack<KdfPrf>(alg, ParamName::KDF_PRF);
 	auto mode = unpack<KbkdfMode>(alg, ParamName::KBKDF_MODE);
 	auto location = unpack<KbkdfCounterLocation>(alg, ParamName::KBKDF_COUNTER_LOCATION);
@@ -767,6 +771,9 @@ void deriveKBKDF(const RawBuffer &secret,
 	RawBuffer keyPwdBuf(keyPwd.begin(), keyPwd.end());
 
 	TrustZoneContext::Instance().executeKbkdf(secret,
+											  label,
+											  context,
+											  fixed,
 											  toTzPrf(prf),
 											  toTzKbkdfMode(mode),
 											  toTzCtrLoc(location),
diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index bf603c9f..06e9706b 100644
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -801,6 +801,9 @@ void TrustZoneContext::executeEcdh(const RawBuffer &prvKeyId,
 }
 
 void TrustZoneContext::executeKbkdf(const RawBuffer& secret,
+									const RawBuffer& label,
+									const RawBuffer& context,
+									const RawBuffer& fixed,
 									tz_prf prf,
 									tz_kbkdf_mode mode,
 									tz_kbkdf_ctr_loc location,
@@ -815,8 +818,18 @@ void TrustZoneContext::executeKbkdf(const RawBuffer& secret,
 	// command ID = CMD_DERIVE
 	LogDebug("TrustZoneContext::executeKbkdf");
 
-	auto sIn = makeSerializer(
-		secret, prf, mode, location, rlen, llen, noSeparator, EncPwd{keyPwdBuf, keyPwdIV}, keyHash);
+	auto sIn = makeSerializer(secret,
+							  label,
+							  context,
+							  fixed,
+							  prf,
+							  mode,
+							  location,
+							  rlen,
+							  llen,
+							  noSeparator,
+							  EncPwd{keyPwdBuf, keyPwdIV}, keyHash);
+
 	TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
 	sIn.Serialize(inMemory);
 
diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h
index e48e6423..bee3dd5a 100644
--- a/src/manager/crypto/tz-backend/tz-context.h
+++ b/src/manager/crypto/tz-backend/tz-context.h
@@ -167,6 +167,9 @@ public:
 					 const RawBuffer &secretHash);
 
 	void executeKbkdf(const RawBuffer& secret,
+					  const RawBuffer& label,
+					  const RawBuffer& context,
+					  const RawBuffer& fixed,
 					  tz_prf prf,
 					  tz_kbkdf_mode mode,
 					  tz_kbkdf_ctr_loc location,