From 4c0940faf922b9301b3ff3c83a2e00ecffeab62f Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 21 Mar 2023 08:34:49 +0100 Subject: [PATCH] Implement EC key pair generation in TZ backend Change-Id: Id1199d174146dfeb7b75081783dca90624fe12de --- src/manager/crypto/tz-backend/internals.cpp | 26 +++++++++++++++++++++++- src/manager/crypto/tz-backend/store.cpp | 4 ++++ src/manager/crypto/tz-backend/tz-context.cpp | 30 ++++++++++++++++++++++++++-- src/manager/crypto/tz-backend/tz-context.h | 11 +++++++++- 4 files changed, 67 insertions(+), 4 deletions(-) diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp index 61f7b60..0c8d537 100644 --- a/src/manager/crypto/tz-backend/internals.cpp +++ b/src/manager/crypto/tz-backend/internals.cpp @@ -101,6 +101,16 @@ tz_data_type toTzDataType(const CKM::DataType dataType) { } } +tz_ec toTzEc(CKM::ElipticCurve ec) +{ + switch(ec) { + case CKM::ElipticCurve::prime192v1: return EC_NIST_P192; + case CKM::ElipticCurve::prime256v1: return EC_NIST_P256; + case CKM::ElipticCurve::secp384r1: return EC_NIST_P384; + default: ThrowErr(CKM::Exc::Crypto::DataTypeNotSupported, "EC not supported by tz-backend"); + } +} + } // namespace namespace CKM { @@ -189,7 +199,6 @@ AlgoType generateAKey(const CryptoAlgorithm &alg, const RawBuffer &hashPub) { AlgoType keyType = unpack(alg, ParamName::ALGO_TYPE); - int keyBits = unpack(alg, ParamName::GEN_KEY_LEN); RawBuffer pubPwdBuf; if (!pubPwd.empty()) @@ -201,6 +210,7 @@ AlgoType generateAKey(const CryptoAlgorithm &alg, switch (keyType) { case AlgoType::RSA_GEN: { + int keyBits = unpack(alg, ParamName::GEN_KEY_LEN); TrustZoneContext::Instance().generateRSAKey(keyBits, pubPwdBuf, pubPwdIv, @@ -213,6 +223,7 @@ AlgoType generateAKey(const CryptoAlgorithm &alg, break; } case AlgoType::DSA_GEN: { + int keyBits = unpack(alg, ParamName::GEN_KEY_LEN); RawBuffer prime; RawBuffer subprime; RawBuffer base; @@ -231,6 +242,19 @@ AlgoType generateAKey(const CryptoAlgorithm &alg, hashPub); break; } + case AlgoType::ECDSA_GEN: { + CKM::ElipticCurve ec = unpack(alg, ParamName::GEN_EC); + TrustZoneContext::Instance().generateECKey(toTzEc(ec), + pubPwdBuf, + pubPwdIv, + privPwdBuf, + privPwdIv, + pubTag, + privTag, + hashPriv, + hashPub); + break; + } default: { ThrowErr(Exc::Crypto::InputParam, "Invalid algo type provided for generateAKey function"); diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index 5035f74..e7e58fb 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -149,6 +149,10 @@ TokenPair Store::generateAKey(const CryptoAlgorithm &alg, const Password &privPa pubType= DataType(KeyType::KEY_DSA_PUBLIC); privType = DataType(KeyType::KEY_DSA_PRIVATE); } + else if(keyType == AlgoType::ECDSA_GEN){ + pubType= DataType(KeyType::KEY_ECDSA_PUBLIC); + privType = DataType(KeyType::KEY_ECDSA_PRIVATE); + } return std::make_pair( Token(m_backendId, privType, pack(hashPriv, privPass, privIv, privTag)), diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp index 672573f..8a054bf 100644 --- a/src/manager/crypto/tz-backend/tz-context.cpp +++ b/src/manager/crypto/tz-backend/tz-context.cpp @@ -235,7 +235,7 @@ void TrustZoneContext::generateSKeyPwd(tz_algo_type algo, void TrustZoneContext::GenerateAKey(tz_command commandId, TZSerializer &sIn, - uint32_t keySizeBits, + uint32_t genParam, // key size in bits or EC type const RawBuffer &pubPwd, const RawBuffer &pubPwdIv, const RawBuffer &privPwd, @@ -267,7 +267,7 @@ void TrustZoneContext::GenerateAKey(tz_command commandId, TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT); TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory); - op.params[0].value.b = keySizeBits; + op.params[0].value.b = genParam; Execute(commandId, &op); @@ -336,6 +336,32 @@ void TrustZoneContext::generateDSAKey(uint32_t keySizeBits, hashPub); } +void TrustZoneContext::generateECKey(tz_ec ec, + const RawBuffer &pubPwd, + const RawBuffer &pubPwdIv, + const RawBuffer &privPwd, + const RawBuffer &privPwdIv, + RawBuffer &pubKeyTag, + RawBuffer &privKeyTag, + const RawBuffer &hashPriv, + const RawBuffer &hashPub) +{ + // command ID = CMD_GENERATE_EC_KEYPAIR + TZSerializer sIn; + + GenerateAKey(CMD_GENERATE_EC_KEYPAIR, + sIn, + static_cast(ec), + pubPwd, + pubPwdIv, + privPwd, + privPwdIv, + pubKeyTag, + privKeyTag, + hashPriv, + hashPub); +} + void TrustZoneContext::executeCrypt(tz_command cmd, tz_algo_type algo, const RawBuffer &keyId, diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h index 4f5a69c..b85186e 100644 --- a/src/manager/crypto/tz-backend/tz-context.h +++ b/src/manager/crypto/tz-backend/tz-context.h @@ -70,6 +70,15 @@ public: RawBuffer &privKeyTag, const RawBuffer &hashPriv, const RawBuffer &hashPub); + void generateECKey(tz_ec ec, + const RawBuffer &pubPwd, + const RawBuffer &pubPwdIv, + const RawBuffer &privPwd, + const RawBuffer &privPwdIv, + RawBuffer &pubKeyTag, + RawBuffer &privKeyTag, + const RawBuffer &hashPriv, + const RawBuffer &hashPub); void importData(uint32_t dataType, const RawBuffer &data, @@ -142,7 +151,7 @@ private: void GenerateAKey(tz_command commandID, TZSerializer &sIn, - uint32_t keySizeBits, + uint32_t genParam, const RawBuffer &pubPwd, const RawBuffer &pubPwdIv, const RawBuffer &privPwd, -- 2.7.4