projects / platform / core / security / key-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: da38aa0)
Check mandatory KBKFD params in TZ 48/299348/1
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 19 Sep 2023 12:56:06 +0000 (14:56 +0200)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 26 Sep 2023 08:37:20 +0000 (10:37 +0200)
Change-Id: I151207b55b1051ac3cc870c885a33b951331bc61

src/manager/crypto/tz-backend/internals.cpp patch | blob | history

diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index b97a70f..91098a4 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -852,21 +852,29 @@ void deriveKBKDF(const RawBuffer &secretId,
                                 const RawBuffer &keyHash)
 {
        RawBuffer label, context, fixed;
-       KbkdfCounterLocation counterLocation = KbkdfCounterLocation::BEFORE_FIXED;
-       KdfPrf prf = KdfPrf::HMAC_SHA256;
-       KbkdfMode mode = KbkdfMode::COUNTER;
-       size_t length, rlenBits = 32, llenBits = 32, tmp;
+       size_t rlenBits = 32, llenBits = 32, tmp;
        bool hasLabel = alg.getParam(ParamName::KBKDF_LABEL, label);
        bool hasContext = alg.getParam(ParamName::KBKDF_CONTEXT, context);
        bool hasFixed = alg.getParam(ParamName::KBKDF_FIXED_INPUT, fixed);
-       alg.getParam(ParamName::KBKDF_COUNTER_LOCATION, counterLocation);
-       alg.getParam(ParamName::KBKDF_MODE, mode);
-       alg.getParam(ParamName::KDF_PRF, prf);
-       alg.getParam(ParamName::KDF_LEN, length);
+       auto counterLocation = unpack<KbkdfCounterLocation>(alg, ParamName::KBKDF_COUNTER_LOCATION);
+       auto mode = unpack<KbkdfMode>(alg, ParamName::KBKDF_MODE);
+       auto prf = unpack<KdfPrf>(alg, ParamName::KDF_PRF);
+       auto length = unpack<size_t>(alg, ParamName::KDF_LEN);
        alg.getParam(ParamName::KBKDF_RLEN, rlenBits);
        bool hasLLen = alg.getParam(ParamName::KBKDF_LLEN, llenBits);
        bool noSeparator = alg.getParam(ParamName::KBKDF_NO_SEPARATOR, tmp);
 
+       if (counterLocation != KbkdfCounterLocation::BEFORE_FIXED &&
+               counterLocation != KbkdfCounterLocation::MIDDLE_FIXED &&
+               counterLocation != KbkdfCounterLocation::AFTER_FIXED)
+               ThrowErr(Exc::Crypto::InputParam, "Invalid counter location");
+
+       if (mode != KbkdfMode::COUNTER)
+               ThrowErr(Exc::Crypto::InputParam, "Invalid mode");
+
+       if (prf != KdfPrf::HMAC_SHA256 && prf != KdfPrf::HMAC_SHA384 && prf != KdfPrf::HMAC_SHA512)
+               ThrowErr(Exc::Crypto::InputParam, "Invalid pseudo random function");
+
        RawBuffer key;
        if (hasFixed) {
                if (hasLabel || hasContext || noSeparator || hasLLen ||
Domain: Security / Utilities;