From: Krzysztof Jackiewicz Date: Tue, 1 Aug 2023 13:26:47 +0000 (+0200) Subject: Add context cleanup command for TZ X-Git-Tag: accepted/tizen/6.5/unified/20230809.042946~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7badfc11c9e54efcc1a4e4b792eef98c9e08631a;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git Add context cleanup command for TZ If encryption fails and the "finalize" is not called the context will not removed on TA side. Fix it by adding new command. Change-Id: Id6bfb6821ba2c83565eb79d825fa98c096a346fc --- diff --git a/src/manager/crypto/tz-backend/ctx.cpp b/src/manager/crypto/tz-backend/ctx.cpp index db877d8..0fd5c47 100644 --- a/src/manager/crypto/tz-backend/ctx.cpp +++ b/src/manager/crypto/tz-backend/ctx.cpp @@ -17,6 +17,7 @@ #include #include #include +#include namespace CKM { namespace Crypto { @@ -45,6 +46,16 @@ RawBuffer CipherCtx::finalize(const RawBuffer& input) return Internals::finalizeCipher(m_opId, input); } +CipherCtx::~CipherCtx() +{ + // Always try to cleanup the TA side. Ignore the results. + try { + Internals::cleanupCipher(m_opId); + } catch (...) { + LogError("Context cleanup failed"); + } +} + } // namespace TZ } // namespace Crypto } // namespace CKM diff --git a/src/manager/crypto/tz-backend/ctx.h b/src/manager/crypto/tz-backend/ctx.h index 32eba26..883feec 100644 --- a/src/manager/crypto/tz-backend/ctx.h +++ b/src/manager/crypto/tz-backend/ctx.h @@ -30,6 +30,8 @@ public: RawBuffer update(const RawBuffer& input) override; RawBuffer finalize(const RawBuffer& input) override; + ~CipherCtx(); + private: uint32_t m_opId; }; diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp index 0b3e398..9817480 100644 --- a/src/manager/crypto/tz-backend/internals.cpp +++ b/src/manager/crypto/tz-backend/internals.cpp @@ -717,6 +717,11 @@ RawBuffer finalizeCipher(uint32_t opId, return TrustZoneContext::Instance().finalizeGcmCipher(opId, data); } +void cleanupCipher(uint32_t opId) +{ + return TrustZoneContext::Instance().cleanupCipher(opId); +} + RawBuffer sign(const RawBuffer &pkeyId, const Pwd &pwd, const CryptoAlgorithm &alg, diff --git a/src/manager/crypto/tz-backend/internals.h b/src/manager/crypto/tz-backend/internals.h index 00fb25f..ad267ff 100644 --- a/src/manager/crypto/tz-backend/internals.h +++ b/src/manager/crypto/tz-backend/internals.h @@ -138,6 +138,8 @@ RawBuffer updateCipher(uint32_t opId, RawBuffer finalizeCipher(uint32_t opId, const RawBuffer &data); +void cleanupCipher(uint32_t opId); + RawBuffer sign(const RawBuffer &pkeyId, const Pwd &pwd, const CryptoAlgorithm &alg, diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index ca91c54..e4752cf 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -25,7 +25,6 @@ #include #include -#include #include namespace CKM { diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp index fb05e3c..7a6e921 100644 --- a/src/manager/crypto/tz-backend/tz-context.cpp +++ b/src/manager/crypto/tz-backend/tz-context.cpp @@ -565,6 +565,15 @@ RawBuffer TrustZoneContext::finalizeGcmCipher(uint32_t opId, return out; } +void TrustZoneContext::cleanupCipher(uint32_t opId) +{ + TEEC_Operation op; + op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); + op.params[0].value.a = opId; + + Execute(CMD_CIPHER_CLEANUP, &op); +} + void TrustZoneContext::executeSign(tz_algo_type algo, tz_hash_type hash, const RawBuffer &keyId, diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h index 342fdfe..c69299d 100644 --- a/src/manager/crypto/tz-backend/tz-context.h +++ b/src/manager/crypto/tz-backend/tz-context.h @@ -153,6 +153,8 @@ public: RawBuffer finalizeGcmCipher(uint32_t opId, const RawBuffer &data); + void cleanupCipher(uint32_t opId); + void executeSign(tz_algo_type algo, tz_hash_type hash, const RawBuffer &keyId,