encryptedKeyId);
}
+RawBuffer exportWrappedKey(const RawBuffer &wrappingKey,
+ const Pwd &wrappingKeyPwd,
+ const CryptoAlgorithm &alg,
+ const RawBuffer &keyToWrapId,
+ const Pwd &keyToWrapPwd)
+{
+ AlgoType algo;
+ uint32_t ctrLenOrTagSizeBits = 0;
+ RawBuffer iv;
+ RawBuffer aad;
+ decompose(alg, algo, ctrLenOrTagSizeBits, iv, aad);
+
+ // TODO it is awful!
+ return TrustZoneContext::Instance().exportWrappedKey(wrappingKey,
+ wrappingKeyPwd,
+ getAlgType(algo),
+ iv,
+ ctrLenOrTagSizeBits,
+ aad,
+ keyToWrapId,
+ keyToWrapPwd);
+}
+
RawBuffer getData(const RawBuffer &dataId,
const Pwd &pwd)
{
RawBuffer &encryptedKeyTag,
const RawBuffer &encryptedKeyId);
+RawBuffer exportWrappedKey(const RawBuffer &wrappingKey,
+ const Pwd &wrappingKeyPwd,
+ const CryptoAlgorithm &alg,
+ const RawBuffer &keyToWrapId,
+ const Pwd &keyToWrapPwd);
+
RawBuffer getData(const RawBuffer &dataId,
const Pwd &pwd);
return Token(backendId(), encryptedKey.type, Store::pack(hash, pass, passIV, tag));
}
+RawBuffer Key::wrap(const CryptoAlgorithm &alg,
+ const Token &keyToWrap,
+ const Password &keyToWrapPass)
+{
+ int keyToWrapScheme;
+ RawBuffer keyToWrapId;
+ RawBuffer keyToWrapIV;
+ RawBuffer keyToWrapTag;
+ Store::unpack(keyToWrap.data,
+ keyToWrapPass,
+ keyToWrapScheme,
+ keyToWrapId,
+ keyToWrapIV,
+ keyToWrapTag);
+
+ return Internals::exportWrappedKey(getBinary(),
+ getPassword(),
+ alg,
+ keyToWrapId,
+ Pwd(keyToWrapPass, keyToWrapIV, keyToWrapTag));
+}
+
RawBuffer SKey::encrypt(const CryptoAlgorithm &alg, const RawBuffer &data)
{
return Internals::symmetricEncrypt(getBinary(), getPassword(), alg, data);
ThrowErr(Exc::Crypto::OperationNotSupported);
}
+RawBuffer Cert::wrap(const CryptoAlgorithm &,
+ const Token &,
+ const Password &)
+{
+ ThrowErr(Exc::Crypto::OperationNotSupported);
+}
+
} // namespace TZ
} // namespace Crypto
} // namespace CKM
const Password &pass,
const RawBuffer &hash) override;
+ RawBuffer wrap(const CryptoAlgorithm ¶ms,
+ const Token &keyToWrap,
+ const Password &keyToWrapPass) override;
+
protected:
int m_scheme;
Pwd m_password;
const Data &,
const Password &,
const RawBuffer &) override;
+
+ RawBuffer wrap(const CryptoAlgorithm ¶ms,
+ const Token &keyToWrap,
+ const Password &keyToWrapPass) override;
};
} // namespace TZ
LogDebug("Imported object ID is (hex): " << rawToHexString(encryptedKeyId));
}
+RawBuffer TrustZoneContext::exportWrappedKey(const RawBuffer &wrappingKey,
+ const Pwd &wrappingKeyPwd,
+ tz_algo_type algo,
+ const RawBuffer &iv,
+ const uint32_t ctrLenOrTagSizeBits,
+ const RawBuffer &aad,
+ const RawBuffer &keyToWrapId,
+ const Pwd &keyToWrapPwd)
+{
+ // command ID = CMD_EXPORT_WRAPPED_KEY
+ LogDebug("TrustZoneContext::exportWrappedKey");
+
+ auto sIn = makeSerializer(wrappingKey,
+ wrappingKeyPwd,
+ algo,
+ iv,
+ ctrLenOrTagSizeBits,
+ aad,
+ keyToWrapId,
+ keyToWrapPwd);
+
+ TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
+ sIn.Serialize(inMemory);
+
+ uint32_t data_size = 0;
+ GetDataSize(keyToWrapId, data_size);
+
+ LogDebug("GetData data_size = [" << data_size << "]");
+
+ // encrypted data may be longer
+ TZSerializer sOut;
+ sOut.Push(new TZSerializableBinary(data_size + KM_ENCRYPTION_OVERHEAD));
+ TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
+ sOut.Serialize(outMemory);
+
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
+
+ Execute(CMD_EXPORT_WRAPPED_KEY, &op);
+
+ sOut.Deserialize(outMemory);
+
+ RawBuffer wrappedKey;
+ sOut.Pull(wrappedKey);
+
+ return wrappedKey;
+}
+
void TrustZoneContext::GetDataSize(const RawBuffer &dataId, uint32_t &dataSize)
{
// command ID = CMD_GET_DATA_SIZE
RawBuffer &encryptedKeyTag,
const RawBuffer &encryptedKeyHash);
+ RawBuffer exportWrappedKey(const RawBuffer &wrappingKey,
+ const Pwd &wrappingKeyPwd,
+ tz_algo_type algo,
+ const RawBuffer &iv,
+ const uint32_t ctrLenOrTagSizeBits,
+ const RawBuffer &aad,
+ const RawBuffer &keyToWrapId,
+ const Pwd &keyToWrapPwd);
+
void executeCrypt(tz_command cmd,
tz_algo_type algo,
const RawBuffer &keyId,