{ ALGO_DSA_SV, 4096 / 8 }
};
+struct EncPwd {
+ const RawBuffer &password;
+ const RawBuffer &iv;
+};
+
+template <typename T>
+void push(TZSerializer& ser, const T& value)
+{
+ ser.Push(new TZSerializableFlag(static_cast<uint32_t>(value)));
+}
+
+template<>
+void push<RawBuffer>(TZSerializer& ser, const RawBuffer& value)
+{
+ ser.Push(new TZSerializableBinary(value));
+}
+
+template<>
+void push<Pwd>(TZSerializer& ser, const Pwd& value)
+{
+ int32_t pwd_flag = value.getPassword().empty() ? 0 : 1;
+ ser.Push(new TZSerializableFlag(pwd_flag));
+ if (pwd_flag)
+ ser.Push(new TZSerializablePwdData(value.getPassword(),
+ value.getIV(),
+ value.getTag().size() * 8,
+ value.getTag()));
+}
+
+template<>
+void push<EncPwd>(TZSerializer& ser, const EncPwd& value)
+{
+ int32_t pwd_flag = value.password.empty() ? 0 : 1;
+ ser.Push(new TZSerializableFlag(pwd_flag));
+ if (pwd_flag)
+ ser.Push(new TZSerializablePwdData(value.password,
+ value.iv,
+ Params::DEFAULT_AES_GCM_TAG_LEN_BITS));
+}
+
+template <typename T, typename ...Args>
+void push(TZSerializer& ser, const T& first, const Args&... args)
+{
+ push<T>(ser, first);
+ push<Args...>(ser, args...);
+}
+
+template <typename ...Args>
+TZSerializer makeSerializer(const Args&... args)
+{
+ TZSerializer ser;
+ push<Args...>(ser, args...);
+ return ser;
+}
+
} // anonymous namespace
TrustZoneContext::TrustZoneContext()
return instance;
}
+TEEC_Operation makeOp(uint32_t value, TrustZoneMemory& mem1)
+{
+ TEEC_Operation op;
+
+ op.paramTypes = TEEC_PARAM_TYPES(value, TEEC_MEMREF_WHOLE, TEEC_NONE, TEEC_NONE);
+
+ op.params[1].memref.parent = mem1.Get();
+ op.params[1].memref.offset = 0;
+ op.params[1].memref.size = mem1.Get()->size;
+ return op;
+}
+
+TEEC_Operation makeOp(uint32_t value, TrustZoneMemory& mem1, TrustZoneMemory& mem2)
+{
+ TEEC_Operation op = makeOp(value, mem1);
+
+ op.paramTypes = TEEC_PARAM_TYPES(value, TEEC_MEMREF_WHOLE, TEEC_MEMREF_WHOLE, TEEC_NONE);
+
+ op.params[2].memref.parent = mem2.Get();
+ op.params[2].memref.offset = 0;
+ op.params[2].memref.size = mem2.Get()->size;
+
+ return op;
+}
+
void TrustZoneContext::generateIV(RawBuffer& iv)
{
// command ID = CMD_GENERATE_IV
uint32_t ivSize = Params::DEFAULT_AES_IV_LEN;
TrustZoneMemory ivMemory(m_Context, ivSize, TEEC_MEM_OUTPUT);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_NONE, TEEC_NONE);
- op.params[1].memref.parent = ivMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = ivMemory.Get()->size;
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, ivMemory);
+
Execute(CMD_GENERATE_IV, &op);
iv.resize(ivSize);
const RawBuffer &hash)
{
// command ID = CMD_GENERATE_KEY
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(hash));
+ auto sIn = makeSerializer(hash);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_NONE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
op.params[0].value.a = algo;
op.params[0].value.b = keySizeBits;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
+
Execute(CMD_GENERATE_KEY, &op);
}
sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
op.params[0].value.a = algo;
op.params[0].value.b = keySizeBits;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = outMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = outMemory.Get()->size;
+
Execute(CMD_GENERATE_KEY_PWD, &op);
sOut.Deserialize(outMemory);
{
uint32_t pubTagSize = 0;
uint32_t privTagSize = 0;
-
uint32_t pubPwdExists = pubPwd.empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(pubPwdExists));
if (pubPwdExists) {
- sIn.Push(new TZSerializablePwdData(pubPwd, pubPwdIv, Params::DEFAULT_AES_GCM_TAG_LEN_BITS));
- pubTagSize = (Params::DEFAULT_AES_GCM_TAG_LEN_BITS + 7) >> 3;
+ pubTagSize = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES;
}
uint32_t privPwdExists = privPwd.empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(privPwdExists));
if (privPwdExists) {
- sIn.Push(new TZSerializablePwdData(privPwd, privPwdIv, Params::DEFAULT_AES_GCM_TAG_LEN_BITS));
- privTagSize = (Params::DEFAULT_AES_GCM_TAG_LEN_BITS + 7) >> 3;
+ privTagSize = Params::DEFAULT_AES_GCM_TAG_LEN_BYTES;
}
- sIn.Push(new TZSerializableBinary(hashPriv));
- sIn.Push(new TZSerializableBinary(hashPub));
+
+ push(sIn, EncPwd{pubPwd, pubPwdIv}, EncPwd{privPwd, privPwdIv}, hashPriv, hashPub);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
op.params[0].value.b = keySizeBits;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = outMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = outMemory.Get()->size;
+
Execute(commandId, &op);
sOut.Deserialize(outMemory);
const RawBuffer &hashPub)
{
// command ID = CMD_GENERATE_DSA_KEYPAIR
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(prime));
- sIn.Push(new TZSerializableBinary(subprime));
- sIn.Push(new TZSerializableBinary(base));
+ auto sIn = makeSerializer(prime, subprime, base);
GenerateAKey(CMD_GENERATE_DSA_KEYPAIR,
sIn,
}
TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(data));
- int32_t pwd_flag = pwd.getPassword().empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(pwd_flag));
- if (pwd_flag)
- sIn.Push(new TZSerializablePwdData(pwd.getPassword(),
- pwd.getIV(),
- pwd.getTag().size() * 8,
- pwd.getTag()));
- if (algo != ALGO_RSA)
- sIn.Push(new TZSerializableBinary(iv));
- sIn.Push(new TZSerializableBinary(keyId));
+ if (algo == ALGO_RSA)
+ sIn = makeSerializer(data, pwd, keyId);
+ else
+ sIn = makeSerializer(data, pwd, iv, keyId);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
sOut.Push(new TZSerializableBinary(outMemorySize, false));
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
op.params[0].value.a = algo;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = outMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = outMemory.Get()->size;
Execute(cmd, &op);
ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer");
}
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(data));
- int32_t pwd_flag = pwd.getPassword().empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(pwd_flag));
- if (pwd_flag)
- sIn.Push(new TZSerializablePwdData(pwd.getPassword(),
- pwd.getIV(),
- pwd.getTag().size() * 8,
- pwd.getTag()));
- sIn.Push(new TZSerializableBinary(iv));
- sIn.Push(new TZSerializableBinary(keyId));
- sIn.Push(new TZSerializableBinary(aad));
- sIn.Push(new TZSerializableFlag(tagSizeBits));
-
+ auto sIn = makeSerializer(data, pwd, iv, keyId, aad, tagSizeBits);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
sOut.Push(new TZSerializableBinary(tagSizeBytes));
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
op.params[0].value.a = ALGO_AES_GCM;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = outMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = outMemory.Get()->size;
Execute(CMD_ENCRYPT, &op);
ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer");
}
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(data));
- int32_t pwd_flag = pwd.getPassword().empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(pwd_flag));
- if (pwd_flag)
- sIn.Push(new TZSerializablePwdData(pwd.getPassword(),
- pwd.getIV(),
- pwd.getTag().size() * 8,
- pwd.getTag()));
- sIn.Push(new TZSerializableBinary(iv));
- sIn.Push(new TZSerializableBinary(keyId));
- sIn.Push(new TZSerializableBinary(aad));
- sIn.Push(new TZSerializableFlag(tagSizeBits));
- sIn.Push(new TZSerializableBinary(tag));
-
+ auto sIn = makeSerializer(data, pwd, iv, keyId, aad, tagSizeBits, tag);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
sOut.Push(new TZSerializableBinary(data.size()));
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
op.params[0].value.a = ALGO_AES_GCM;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = outMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = outMemory.Get()->size;
Execute(CMD_DECRYPT, &op);
+ std::to_string(keyId.size()) + ")");
}
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(message));
- int32_t pwd_flag = pwd.getPassword().empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(pwd_flag));
- if (pwd_flag)
- sIn.Push(new TZSerializablePwdData(pwd.getPassword(),
- pwd.getIV(),
- pwd.getTag().size() * 8,
- pwd.getTag()));
- sIn.Push(new TZSerializableBinary(keyId));
+ auto sIn = makeSerializer(message, pwd, keyId);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
sOut.Push(new TZSerializableBinary(MAX_KEY_SIZE.at(algo), false));
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
op.params[0].value.a = algo;
op.params[0].value.b = hash;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = outMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = outMemory.Get()->size;
+
Execute(CMD_SIGN, &op);
sOut.Deserialize(outMemory);
+ std::to_string(keyId.size()) + ")");
}
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(message));
- sIn.Push(new TZSerializableBinary(signature));
- int32_t pwd_flag = pwd.getPassword().empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(pwd_flag));
- if (pwd_flag)
- sIn.Push(new TZSerializablePwdData(pwd.getPassword(),
- pwd.getIV(),
- pwd.getTag().size() * 8,
- pwd.getTag()));
- sIn.Push(new TZSerializableBinary(keyId));
+ auto sIn = makeSerializer(message, signature, pwd, keyId);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_NONE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
op.params[0].value.a = algo;
op.params[0].value.b = hash;
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
+
Execute(CMD_VERIFY, &op);
int opRet = op.params[0].value.a;
ThrowErr(Exc::Crypto::InternalError, "TZ Backend received incorrect key buffer");
}
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(keyId));
+ auto sIn = makeSerializer(keyId);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_OUTPUT, TEEC_MEMREF_WHOLE,
- TEEC_NONE, TEEC_NONE);
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
+ TEEC_Operation op = makeOp(TEEC_VALUE_OUTPUT, inMemory);
+
Execute(CMD_DESTROY_KEY, &op);
}
{
// command ID = CMD_IMPORT_DATA
LogDebug("TrustZoneContext::importData data size = [" << data.size() << "]");
- TZSerializer sIn;
- sIn.Push(new TZSerializableFlag(dataType));
- sIn.Push(new TZSerializableBinary(data));
- sIn.Push(new TZSerializableFlag(keySizeBits));
- sIn.Push(new TZSerializableBinary(encData.iv));
- sIn.Push(new TZSerializableBinary(encData.tag));
-
- uint32_t pwd_flag = pwd.empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(pwd_flag));
- if (pwd_flag)
- sIn.Push(new TZSerializablePwdData(pwd, iv, Params::DEFAULT_AES_GCM_TAG_LEN_BITS));
- sIn.Push(new TZSerializableBinary(hash));
+ auto sIn = makeSerializer(
+ dataType, data, keySizeBits, encData.iv, encData.tag, EncPwd{pwd, iv}, hash);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
-
TZSerializer sOut;
- if (pwd_flag) {
+ if (!pwd.empty()) {
sOut.Push(new TZSerializableBinary(Params::DEFAULT_AES_GCM_TAG_LEN_BYTES));
}
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
- TEEC_Operation op;
- if (pwd_flag) {
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
- }
- else {
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_NONE, TEEC_NONE);
- }
-
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = outMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = outMemory.Get()->size;
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory);
+ if (!pwd.empty())
+ op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
Execute(CMD_IMPORT_DATA, &op);
- if (pwd_flag) {
+ if (!pwd.empty()) {
sOut.Deserialize(outMemory);
sOut.Pull(pwdTag);
}
// command ID = CMD_GET_DATA_SIZE
LogDebug("Object ID (passed to CMD_GET_DATA_SIZE) is (hex): " << rawToHexString(dataId));
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(dataId));
-
+ auto sIn = makeSerializer(dataId);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_OUTPUT, TEEC_MEMREF_WHOLE,
- TEEC_NONE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_OUTPUT, inMemory);
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
Execute(CMD_GET_DATA_SIZE, &op);
dataSize = op.params[0].value.b;
}
// command ID = CMD_GET_DATA
LogDebug("Object ID (passed to CMD_GET_DATA) is (hex): " << rawToHexString(dataId));
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(dataId));
-
- uint32_t pwd_flag = pwd.getPassword().empty() ? 0 : 1;
- sIn.Push(new TZSerializableFlag(pwd_flag));
-
- if (pwd_flag) {
- sIn.Push(new TZSerializablePwdData(pwd.getPassword(),
- pwd.getIV(),
- Params::DEFAULT_AES_GCM_TAG_LEN_BITS,
- pwd.getTag()));
- }
-
+ auto sIn = makeSerializer(dataId, pwd);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
sOut.Serialize(outMemory);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_WHOLE,
- TEEC_MEMREF_WHOLE, TEEC_NONE);
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
- op.params[2].memref.parent = outMemory.Get();
- op.params[2].memref.offset = 0;
- op.params[2].memref.size = outMemory.Get()->size;
+ TEEC_Operation op = makeOp(TEEC_VALUE_INOUT, inMemory, outMemory);
Execute(CMD_GET_DATA, &op);
{
// command ID = CMD_DESTROY_DATA
LogDebug("Object ID (passed to CMD_GET_DATA) is (hex): " << rawToHexString(dataId));
- TZSerializer sIn;
- sIn.Push(new TZSerializableBinary(dataId));
-
+ auto sIn = makeSerializer(dataId);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
- TEEC_Operation op;
- op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_OUTPUT, TEEC_MEMREF_WHOLE,
- TEEC_NONE, TEEC_NONE);
+ TEEC_Operation op = makeOp(TEEC_VALUE_OUTPUT, inMemory);
- op.params[1].memref.parent = inMemory.Get();
- op.params[1].memref.offset = 0;
- op.params[1].memref.size = inMemory.Get()->size;
Execute(CMD_DESTROY_DATA, &op);
}
projects / platform / core / security / key-manager.git / commitdiff