From: Lukasz Kostyra Date: Tue, 5 Sep 2017 12:40:03 +0000 (+0200) Subject: ssflib: Add support for 4096 bit RSA X-Git-Tag: submit/tizen/20170914.115510~9 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5b8d0c9cc69a6053eaf79ae9c321d97b513c87f7;p=platform%2Fcore%2Fsecurity%2Ftef-simulator.git ssflib: Add support for 4096 bit RSA GP API assumes that max length for RSA is 2048 bits, however it also doesn't fully enforce this limit (the implementation can support bigger RSA keys if needed). Change-Id: I7dbcd3d933ef4eb8efc5d1432111e1fdf96419fa --- diff --git a/ssflib/dep/cryptocore/include/CC_Constants.h b/ssflib/dep/cryptocore/include/CC_Constants.h index 9195fe3..672aa44 100644 --- a/ssflib/dep/cryptocore/include/CC_Constants.h +++ b/ssflib/dep/cryptocore/include/CC_Constants.h @@ -66,6 +66,7 @@ enum CryptoAlgorithm { ID_RSA1024 = 1054, ID_RSA2048 = 1055, ID_RSA3072 = 1056, + ID_RSA4096 = 1058, ID_ELGAMAL = 1052, ID_ECELGAMAL = 1053, diff --git a/ssflib/dep/cryptocore/source/CC_API.c b/ssflib/dep/cryptocore/source/CC_API.c index 7fc023e..8195568 100644 --- a/ssflib/dep/cryptocore/source/CC_API.c +++ b/ssflib/dep/cryptocore/source/CC_API.c @@ -83,7 +83,7 @@ CryptoCoreContainer *create_CryptoCoreContainer(cc_u32 algorithm) free(crt); return NULL; } - + crt->PRNG_seed = NULL; crt->PRNG_get = NULL; crt->MD_init = NULL; @@ -140,7 +140,7 @@ CryptoCoreContainer *create_CryptoCoreContainer(cc_u32 algorithm) crt->MD_update = SDRM_MD5_update; crt->MD_final = SDRM_MD5_final; crt->MD_getHASH = SDRM_MD5_hash; - break; + break; case ID_SHA1: crt->ctx->sha1ctx = (SDRM_SHA1Context*)CCMalloc(sizeof(SDRM_SHA1Context)); crt->MD_init = SDRM_SHA1_init; @@ -206,7 +206,7 @@ CryptoCoreContainer *create_CryptoCoreContainer(cc_u32 algorithm) crt->DH_Gen1stPhaseKey = SDRM_GenerateDHPrivate; crt->DH_GenAuthKey = SDRM_GetDHSharedSecret; break; - case ID_ECDH : + case ID_ECDH : crt->ctx->ecdhctx = (SDRM_ECDHContext*)SDRM_CURVE_Init(); crt->EC_setCurve = SDRM_ECC_Set_CTX; crt->EC_genKeypair = SDRM_ECC_genKeypair; @@ -321,6 +321,20 @@ CryptoCoreContainer *create_CryptoCoreContainer(cc_u32 algorithm) crt->DS_sign = SDRM_RSA_sign; crt->DS_verify = SDRM_RSA_verify; break; + case ID_RSA4096: + crt->ctx->rsactx = SDRM_RSA_InitCrt(512); + crt->RSA_genKeypair = SDRM_RSA_GenerateKey; + crt->RSA_genKeypairWithE = SDRM_RSA_GenerateND; + crt->RSA_genKeyDWithPQE = SDRM_RSA_GenerateDwithPQE; + crt->RSA_genKeypairWithEforCRT = SDRM_RSA_GenerateKeyforCRT; + crt->RSA_setKeypair = SDRM_RSA_setNED; + crt->RSA_setKeypairForCRT = SDRM_RSA_setNEDPQ; + crt->AE_encrypt = SDRM_RSA_encrypt; + crt->AE_decrypt = SDRM_RSA_decrypt; + crt->AE_decryptByCRT = SDRM_RSA_decryptByCRT; + crt->DS_sign = SDRM_RSA_sign; + crt->DS_verify = SDRM_RSA_verify; + break; case ID_DSA: crt->ctx->dsactx = (SDRM_DSAContext*)SDRM_DSA_InitCrt(); crt->DSA_genParam = SDRM_DSA_GenParam; @@ -386,7 +400,7 @@ void destroy_CryptoCoreContainer(CryptoCoreContainer* crt) break; case ID_MD5: CCFree(crt->ctx->md5ctx); - break; + break; case ID_SHA1: CCFree(crt->ctx->sha1ctx); break; @@ -438,6 +452,8 @@ void destroy_CryptoCoreContainer(CryptoCoreContainer* crt) case ID_RSA: case ID_RSA1024: case ID_RSA2048: + case ID_RSA3072: + case ID_RSA4096: CCFree(crt->ctx->rsactx); break; case ID_DSA: diff --git a/ssflib/dep/cryptocore/source/middle/cc_rsa.c b/ssflib/dep/cryptocore/source/middle/cc_rsa.c index 4c65f2d..cf6628a 100644 --- a/ssflib/dep/cryptocore/source/middle/cc_rsa.c +++ b/ssflib/dep/cryptocore/source/middle/cc_rsa.c @@ -382,9 +382,9 @@ GEN_RND: { *RSA_D_Len = RSA_KeyByteLen; } - + free(pbBuf); - + crt->ctx->rsactx->crt_operation = 0; return CRYPTO_SUCCESS; @@ -581,7 +581,7 @@ int SDRM_RSA_GenerateND(CryptoCoreContainer *crt, cc_u32 PaddingMethod, RSA_KeyByteLen = crt->ctx->rsactx->k; t1 = (RSA_KeyByteLen * 4 - 1) % 32; - + pbBuf = (cc_u8*)malloc(SDRM_RSA_ALLOC_SIZE * 5); if (pbBuf == NULL) { @@ -682,9 +682,9 @@ GEN_RND: { *RSA_D_Len = RSA_KeyByteLen; } - + free(pbBuf); - + crt->ctx->rsactx->crt_operation = 0; return CRYPTO_SUCCESS; @@ -708,9 +708,9 @@ GEN_RND: * @param RSA_Q_Data [in]d value * @param RSA_Q_Len [in]byte-length of d * @param RSA_D_P_Data [in]d mod (p-1) value - * @param RSA_D_P_Len [in]byte-length of d mod (p-1) + * @param RSA_D_P_Len [in]byte-length of d mod (p-1) * @param RSA_D_Q_Data [in]d mod (q-1) value - * @param RSA_D_Q_Len [in]byte-length of d mod (q-1) + * @param RSA_D_Q_Len [in]byte-length of d mod (q-1) * @param RSA_D_Data [out]d value * @param RSA_D_Len [out]byte-length of d * @@ -736,7 +736,7 @@ int SDRM_RSA_GenerateDwithPQE(CryptoCoreContainer *crt, cc_u32 PaddingMethod, } RSA_KeyByteLen = crt->ctx->rsactx->k; - + pbBuf = (cc_u8*)malloc(SDRM_RSA_ALLOC_SIZE * 5); if (pbBuf == NULL) { @@ -769,14 +769,14 @@ int SDRM_RSA_GenerateDwithPQE(CryptoCoreContainer *crt, cc_u32 PaddingMethod, sp = 30; } - SDRM_OS2BN((cc_u8*)RSA_P_Data, RSA_P_Len, p); + SDRM_OS2BN((cc_u8*)RSA_P_Data, RSA_P_Len, p); if (SDRM_BN_MILLER_RABIN(p, sp) != CRYPTO_ISPRIME) { free(pbBuf); return CRYPTO_INVALID_ARGUMENT; } - SDRM_OS2BN((cc_u8*)RSA_Q_Data, RSA_Q_Len, q); + SDRM_OS2BN((cc_u8*)RSA_Q_Data, RSA_Q_Len, q); if (SDRM_BN_MILLER_RABIN(q, sp) != CRYPTO_ISPRIME) { free(pbBuf); @@ -827,9 +827,9 @@ int SDRM_RSA_GenerateDwithPQE(CryptoCoreContainer *crt, cc_u32 PaddingMethod, { *RSA_D_Len = RSA_KeyByteLen; } - + free(pbBuf); - + crt->ctx->rsactx->crt_operation = 0; return CRYPTO_SUCCESS; @@ -933,10 +933,10 @@ int SDRM_RSA_GenNEDPQ(CryptoCoreContainer *crt, cc_u32 PaddingMethod, } GEN_RND: - + //Generate p p->Length = (RSA_KeyByteLen + 7) / 8; - + do { SDRM_RNG_X931((cc_u8 *)Seed, RSA_KeyByteLen * 4, (cc_u8*)p->pData); p->pData[0] |= 1L; @@ -947,7 +947,7 @@ GEN_RND: //Generate q q->Length = (RSA_KeyByteLen + 7) / 8; - + do { SDRM_RNG_X931((cc_u8 *)Seed, RSA_KeyByteLen * 4, (cc_u8*)q->pData); q->pData[0] |= 1L; @@ -958,7 +958,7 @@ GEN_RND: // SDRM_PrintBN("p", p); // SDRM_PrintBN("q", q); - + //temp1 = (p - 1), temp2 = (q - 1) SDRM_BN_Sub(temp1, p, BN_One); @@ -1025,7 +1025,7 @@ GEN_RND: { *RSA_D_Len = RSA_KeyByteLen; } - + if (RSA_P_Data != NULL) { SDRM_I2OSP(crt->ctx->rsactx->p, RSA_KeyByteLen / 2, RSA_P_Data); @@ -1077,7 +1077,7 @@ GEN_RND: } free(pbBuf); - + crt->ctx->rsactx->crt_operation = 1; return CRYPTO_SUCCESS; @@ -1227,7 +1227,7 @@ int SDRM_RSA_decrypt(CryptoCoreContainer *crt, cc_u8 *in, cc_u32 inLen, cc_u8 *o BN_Src = SDRM_BN_Alloc((cc_u8*)BN_dMsg + SDRM_RSA_ALLOC_SIZE, SDRM_RSA_BN_BUFSIZE); SDRM_OS2BN(in, inLen, BN_Src); - + //RSA Decryption by modular exponent #ifndef _OP64_NOTSUPPORTED retVal = SDRM_BN_ModExp2(BN_dMsg, BN_Src, crt->ctx->rsactx->d, crt->ctx->rsactx->n); @@ -1334,13 +1334,13 @@ int SDRM_RSA_decryptByCRT(CryptoCoreContainer *crt, cc_u8 *in, cc_u32 inLen, cc_ h = SDRM_BN_Alloc((cc_u8*)m2 + SDRM_RSA_ALLOC_SIZE, SDRM_RSA_BN_BUFSIZE); SDRM_OS2BN(in, inLen, BN_Src); - + //RSA Decryption by CRT /* dp = d mod (p - 1) dq = d mod (q - 1) qInv = (1/q) mod p where p > q - => + => m1 = c^dp mod p m2 = c^dq mod q h = qInv(m1 - m2) mod p if (m1 >= m2) or h = qInv(m1 + p - m2) mod p if (m1 < m2) @@ -1393,14 +1393,14 @@ int SDRM_RSA_decryptByCRT(CryptoCoreContainer *crt, cc_u8 *in, cc_u32 inLen, cc_ free(pbBuf); return CRYPTO_INVALID_ARGUMENT; } - + // 7. m = m2 + hq if(SDRM_BN_Mul(h, h, crt->ctx->rsactx->q)) { free(pbBuf); return CRYPTO_INVALID_ARGUMENT; } - + if(SDRM_BN_Add(BN_dMsg, m2, h)) { free(pbBuf); @@ -1526,7 +1526,7 @@ int SDRM_RSA_sign(CryptoCoreContainer *crt, cc_u8 *hash, cc_u32 hashLen, cc_u8 * retVal = SDRM_BN_ModExp(BN_Sign, BN_pMsg, crt->ctx->rsactx->d, crt->ctx->rsactx->n); #endif //_OP64_NOTSUPPORTED - if (retVal != CRYPTO_SUCCESS) + if (retVal != CRYPTO_SUCCESS) { free(pbBuf); return retVal; @@ -1591,7 +1591,7 @@ int SDRM_RSA_verify(CryptoCoreContainer *crt, cc_u8 *hash, cc_u32 hashLen, cc_u8 SDRM_OS2BN(signature, signLen, BN_Sign); // SDRM_PrintBN("Generated Sign : ", BN_Sign); - + //RSA Verification by modular exponent #ifndef _OP64_NOTSUPPORTED retVal = SDRM_BN_ModExp2(BN_dMsg, BN_Sign, crt->ctx->rsactx->e, crt->ctx->rsactx->n); @@ -1762,7 +1762,7 @@ int SDRM_Extended_GCD(SDRM_BIG_NUM* BN_v, SDRM_BIG_NUM* BN_a, SDRM_BIG_NUM* BN_b SDRM_BN_Copy(BN_b, BN_D); SDRM_BN_Mul(BN_tmp, BN_g, BN_v); SDRM_BN_Copy(BN_v, BN_tmp); - + break; } } diff --git a/ssflib/dep/uci/include/uci_type.h b/ssflib/dep/uci/include/uci_type.h index f3c8843..89bcb13 100644 --- a/ssflib/dep/uci/include/uci_type.h +++ b/ssflib/dep/uci/include/uci_type.h @@ -11,14 +11,14 @@ * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and - * limitations under the License. + * limitations under the License. */ -/** - * @file uci_type.h - * @brief UCI codec. - * @author guoxing.xu - * @version 1.0 +/** + * @file uci_type.h + * @brief UCI codec. + * @author guoxing.xu + * @version 1.0 * @date 2013.7 **/ #ifndef _UCI_TYPE_H @@ -46,7 +46,7 @@ typedef int UCI_HANDLE; #define UCI_MEM_ALLOR_ERROR -3001 /**< malloc is failed */ #define UCI_INVALID_ARGUMENT -3003 /**< argument is not correct */ #define UCI_MSG_TOO_LONG -3004 /**< length of input message is too long */ -#define UCI_INVALID_HANDLE -3005 /**< hand is not valid */ +#define UCI_INVALID_HANDLE -3005 /**< hand is not valid */ #define UCI_VALID_SIGN UCI_SUCCESS /**< valid sign */ #define UCI_INVALID_SIGN -3011 /**< invalid sign */ @@ -102,6 +102,7 @@ enum UCICryptoAlgorithm { ID_UCI_RSA1024 = 1054, ID_UCI_RSA2048 = 1055, ID_UCI_RSA3072 = 1056, + ID_UCI_RSA4096 = 1058, ID_UCI_ELGAMAL = 1052, ID_UCI_ECELGAMAL = 1053, @@ -325,7 +326,7 @@ typedef enum rsa_kparam_flag { } rsa_kparam_flag_e; /** - *@brief rsa key param structure + *@brief rsa key param structure * */ typedef struct rsa_param { diff --git a/ssflib/dep/uci/source/uci_api.c b/ssflib/dep/uci/source/uci_api.c index 52ae4f8..238cda9 100644 --- a/ssflib/dep/uci/source/uci_api.c +++ b/ssflib/dep/uci/source/uci_api.c @@ -653,6 +653,8 @@ int uci_dup_handle(UCI_HANDLE srcoh, UCI_HANDLE destoh) { case ID_UCI_RSA: case ID_UCI_RSA1024: case ID_UCI_RSA2048: + case ID_UCI_RSA3072: + case ID_UCI_RSA4096: memcpy(destctx->imp, srcctx->imp, sizeof(SDRM_RSAContext)); break; case ID_UCI_DSA: diff --git a/ssflib/dep/uci/source/uci_cryptocore.c b/ssflib/dep/uci/source/uci_cryptocore.c index db15895..573613b 100644 --- a/ssflib/dep/uci/source/uci_cryptocore.c +++ b/ssflib/dep/uci/source/uci_cryptocore.c @@ -11,14 +11,14 @@ * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and - * limitations under the License. + * limitations under the License. */ -/** - * @file uci_cryptocore.cpp - * @brief UCI codec. - * @author guoxing.xu - * @version 1.0 +/** + * @file uci_cryptocore.cpp + * @brief UCI codec. + * @author guoxing.xu + * @version 1.0 * @date 2013.9.9 **/ @@ -311,7 +311,7 @@ int cryptocore_se_final(UCI_HANDLE oh, unsigned char *input, //cts encrypt if (pctx->flag == ID_UCI_ENC_CTS) { -#if 0 +#if 0 lastblocksize = input_len % SDRM_AES_BLOCK_SIZ; if(lastblocksize == 0) { @@ -526,6 +526,7 @@ int cryptocore_ae_gen_keypair(UCI_HANDLE oh, uci_key_s *keymaterial, case ID_UCI_RSA1024: case ID_UCI_RSA2048: case ID_UCI_RSA3072: + case ID_UCI_RSA4096: pad = SDRM_LOW_HALF(uciparm->urp.padding); if (pad != ID_UCI_RSAES_PKCS15 && pad != ID_UCI_RSAES_OAEP && pad != ID_UCI_NO_PADDING && pad != ID_UCI_RSASSA_PKCS15 @@ -586,7 +587,7 @@ int cryptocore_ae_gen_keypair(UCI_HANDLE oh, uci_key_s *keymaterial, break; case ID_UCI_ECDSA: case ID_UCI_ECDH: - //set curver parameter + //set curver parameter ret = ((CryptoCoreContainer *)pctx->imp)->EC_setCurve( (CryptoCoreContainer *)pctx->imp, uciparm->uep.dimension, uciparm->uep.ecc_p_data, uciparm->uep.ecc_p_len, @@ -640,6 +641,7 @@ int cryptocore_ae_set_keypair(UCI_HANDLE oh, uci_key_s *keymaterial, case ID_UCI_RSA1024: case ID_UCI_RSA2048: case ID_UCI_RSA3072: + case ID_UCI_RSA4096: pad = SDRM_LOW_HALF(uciparm->urp.padding); if (pad != ID_UCI_RSAES_PKCS15 && pad != ID_UCI_RSAES_OAEP diff --git a/ssflib/src/ssf_crypto.cpp b/ssflib/src/ssf_crypto.cpp index acfc3bb..fc37aef 100644 --- a/ssflib/src/ssf_crypto.cpp +++ b/ssflib/src/ssf_crypto.cpp @@ -790,18 +790,24 @@ static int sw_crypto_open(crypto_internal_operation *operation) case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: - if (operation->info.keySize== 1024) { - alg=ID_RSA1024; - } - else if (operation->info.keySize== 2048) { - alg=ID_RSA2048; - } - else if (operation->info.keySize== 3072) { - alg=ID_RSA3072; - } - else { - goto error; - } + if (operation->info.keySize== 512) { + alg=ID_RSA512; + } + else if (operation->info.keySize== 1024) { + alg=ID_RSA1024; + } + else if (operation->info.keySize== 2048) { + alg=ID_RSA2048; + } + else if (operation->info.keySize== 3072) { + alg=ID_RSA3072; + } + else if (operation->info.keySize== 4096) { + alg=ID_RSA4096; + } + else { + goto error; + } break; /* TEE_OPERATION_ASYMMETRIC_SIGNATURE */ @@ -816,18 +822,24 @@ static int sw_crypto_open(crypto_internal_operation *operation) case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: - if (operation->info.keySize== 1024) { - alg=ID_RSA1024; - } - else if (operation->info.keySize== 2048) { - alg=ID_RSA2048; - } - else if (operation->info.keySize== 3072) { - alg=ID_RSA3072; - } - else { - goto error; - } + if (operation->info.keySize== 512) { + alg=ID_RSA512; + } + else if (operation->info.keySize== 1024) { + alg=ID_RSA1024; + } + else if (operation->info.keySize== 2048) { + alg=ID_RSA2048; + } + else if (operation->info.keySize== 3072) { + alg=ID_RSA3072; + } + else if (operation->info.keySize== 4096) { + alg=ID_RSA4096; + } + else { + goto error; + } break; case TEE_ALG_DSA_SHA1: @@ -861,18 +873,24 @@ static int sw_crypto_open(crypto_internal_operation *operation) break; case TEE_ALG_GENERATE_RSA_KEY: - if (operation->info.keySize== 1024) { - alg=ID_RSA1024; - } - else if (operation->info.keySize== 2048) { - alg=ID_RSA2048; - } - else if (operation->info.keySize== 3072) { - alg=ID_RSA3072; - } - else { - goto error; - } + if (operation->info.keySize== 512) { + alg=ID_RSA512; + } + else if (operation->info.keySize== 1024) { + alg=ID_RSA1024; + } + else if (operation->info.keySize== 2048) { + alg=ID_RSA2048; + } + else if (operation->info.keySize== 3072) { + alg=ID_RSA3072; + } + else if (operation->info.keySize== 4096) { + alg=ID_RSA4096; + } + else { + goto error; + } break; default: @@ -2455,8 +2473,8 @@ TEE_Result TEE_AsymmetricEncrypt( TEE_OperationHandle operation,const TEE_Attrib (void)paramCount; crypto_internal_operation *op = (crypto_internal_operation*) operation; crypto_internal_keystruct key; - unsigned char module_buf[384] = {0x0, }; - unsigned char pub_buf[384] = {0x0, }; + unsigned char module_buf[512] = {0x0, }; + unsigned char pub_buf[512] = {0x0, }; memset(&key, 0x00, sizeof(crypto_internal_keystruct)); key.rsa_modulus.size = sizeof(module_buf); @@ -2502,9 +2520,9 @@ TEE_Result TEE_AsymmetricDecrypt( TEE_OperationHandle operation, const TEE_Attri crypto_internal_operation * op = (crypto_internal_operation*) operation; crypto_internal_keystruct key; - unsigned char module_buf[384] = {0x0, }; - unsigned char pub_buf[384] = {0x0, }; - unsigned char priv_buf[384] = {0x0, }; + unsigned char module_buf[512] = {0x0, }; + unsigned char pub_buf[512] = {0x0, }; + unsigned char priv_buf[512] = {0x0, }; memset(&key, 0x00, sizeof(crypto_internal_keystruct)); key.rsa_modulus.size = sizeof(module_buf); diff --git a/ssflib/src/ssf_storage.cpp b/ssflib/src/ssf_storage.cpp index 78c8ba0..62ab538 100644 --- a/ssflib/src/ssf_storage.cpp +++ b/ssflib/src/ssf_storage.cpp @@ -243,7 +243,7 @@ TEE_Result allocate_transient_object(TransientObject* tr, uint32_t objectType, break; case TEE_TYPE_RSA_PUBLIC_KEY: case TEE_TYPE_RSA_KEYPAIR: - if (maxObjectSize < 256 || maxObjectSize > 3072) + if (maxObjectSize < 256 || maxObjectSize > 4096 || maxObjectSize % 64) return TEE_ERROR_NOT_SUPPORTED; //tr->attr.buf_len = sizeof(rsa_context); break; @@ -406,11 +406,8 @@ TEE_Result create_po(persistent_object* po, TransientObject* attr, return TEE_ERROR_OUT_OF_MEMORY; } // copy attributes -// TEE_CopyObjectAttributes((TEE_ObjectHandle) & po->attr, -// (TEE_ObjectHandle) attr); - TEE_CopyObjectAttributes((TEE_ObjectHandle)&po->attr.info, - (TEE_ObjectHandle)attr); + (TEE_ObjectHandle)attr); // get required buffer length po->po_file.attr_size = calc_attr_size(&po->attr); @@ -1220,7 +1217,7 @@ void convert_TA_UUID(char* uuid, TEE_UUID TA_UUID) { // digits 8, 9, A, or B for y. e.g. f47ac10b-58cc-4372-a567-0e02b2c3d479. char* tmp = uuid; - + snprintf(tmp, 9, "%08x", TA_UUID.timeLow); tmp[8] = '-'; tmp += 9; @@ -1567,17 +1564,17 @@ TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, TEE_Panic(0); } break; - case TEE_TYPE_RSA_PUBLIC_KEY: - case TEE_TYPE_RSA_KEYPAIR: { - // Krishna: Incorrect to check this condition - /*if ((tr->info.objectType == TEE_TYPE_RSA_KEYPAIR) - && (tr->attr.attr_number != 3) && (tr->attr.attr_number != 8)) { - TZ_ERROR("tr->attr.attr_number = %d\n", tr->attr.attr_number); + case TEE_TYPE_RSA_PUBLIC_KEY: { + if ((tr->info.objectType == TEE_TYPE_RSA_PUBLIC_KEY) + && (tr->attr.attr_number != 2)) { TZ_ERROR("operation error line = %d,%s\n", __LINE__, __func__); TEE_Panic(0); - }*/ - if ((tr->info.objectType == TEE_TYPE_RSA_PUBLIC_KEY) - && (tr->attr.attr_number != 2)) { + } + break; + } + case TEE_TYPE_RSA_KEYPAIR: { + if ((tr->info.objectType == TEE_TYPE_RSA_KEYPAIR) + && (tr->attr.attr_number != 3)) { TZ_ERROR("operation error line = %d,%s\n", __LINE__, __func__); TEE_Panic(0); } @@ -1723,6 +1720,8 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, alg = ID_UCI_RSA2048; } else if (3072 == keySize) { alg = ID_UCI_RSA3072; + } else if (4096 == keySize) { + alg = ID_UCI_RSA4096; } UCI_HANDLE uh = uci_context_alloc(alg, UCI_SW); uci_ae_gen_keypair(uh, &uci_key, &up); @@ -1733,7 +1732,7 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_InitRefAttribute(&attrs[1], TEE_ATTR_RSA_PUBLIC_EXPONENT, uci_key.ucik_rsa_e, keySize); TEE_InitRefAttribute(&attrs[2], TEE_ATTR_RSA_PRIVATE_EXPONENT, - uci_key.ucik_rsa_d, keySize); + uci_key.ucik_rsa_d, keySize); TEE_PopulateTransientObject(object, attrs, 3); OsaFree(uci_key.ucik_rsa_n);