From f3f7d305fa4ccdd1d302f157497ebec76129bb41 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Sat, 29 Jul 2023 16:26:10 +0900 Subject: [PATCH] Fix bugs during exporting a wrapped key - generous output size check - enlarged encryption overhead for RSA - use type of wrap to key Change-Id: I64367edf00d58e67df62a682a05c58dae5e2327b --- src/manager/crypto/tz-backend/obj.cpp | 2 +- src/manager/crypto/tz-backend/tz-context.cpp | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/manager/crypto/tz-backend/obj.cpp b/src/manager/crypto/tz-backend/obj.cpp index a811557..a1fbbb7 100644 --- a/src/manager/crypto/tz-backend/obj.cpp +++ b/src/manager/crypto/tz-backend/obj.cpp @@ -120,7 +120,7 @@ RawBuffer Key::wrap(const CryptoAlgorithm &alg, alg, keyToWrapId, Pwd(keyToWrapPass, keyToWrapIV, keyToWrapTag), - m_type); + keyToWrap.dataType); } RawBuffer SKey::encrypt(const CryptoAlgorithm &alg, const RawBuffer &data) diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp index 8710982..fb05e3c 100644 --- a/src/manager/crypto/tz-backend/tz-context.cpp +++ b/src/manager/crypto/tz-backend/tz-context.cpp @@ -770,9 +770,13 @@ RawBuffer TrustZoneContext::exportWrappedKey(const RawBuffer &wrappingKeyId, LogDebug("GetData data_size = [" << dataSize << "]"); + uint32_t enc_overhead = KM_ENCRYPTION_OVERHEAD; + if (algo == ALGO_RSA) + enc_overhead = KM_RSA_BLOCK_SIZE; + // encrypted data may be longer TZSerializer sOut; - sOut.Push(new TZSerializableBinary(dataSize + KM_ENCRYPTION_OVERHEAD)); + sOut.Push(new TZSerializableBinary(dataSize + enc_overhead, false)); TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT); sOut.Serialize(outMemory); -- 2.7.4