projects / platform / core / security / key-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 07dc525)
Fix secret pwd passing in TZ backend KBKDF 49/296149/2
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Thu, 20 Jul 2023 12:05:22 +0000 (14:05 +0200)
committerDongsun Lee <ds73.lee@samsung.com>
Thu, 20 Jul 2023 23:58:15 +0000 (08:58 +0900)
Change-Id: I6f1a4d588a6a0679b88f967fdbc71b436329153f

src/manager/crypto/tz-backend/internals.cpp patch | blob | history
src/manager/crypto/tz-backend/internals.h patch | blob | history
src/manager/crypto/tz-backend/obj.cpp patch | blob | history
src/manager/crypto/tz-backend/tz-context.cpp patch | blob | history
src/manager/crypto/tz-backend/tz-context.h patch | blob | history

diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index ae8f9f8..d0cc232 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -802,6 +802,7 @@ void deriveECDH(const RawBuffer &prvKeyId,
 }
 
 void deriveKBKDF(const RawBuffer &secretId,
+                                const Pwd &secretPwd,
                                 const CryptoAlgorithm &alg,
                                 const Password &keyPwd,
                                 const RawBuffer &keyPwdIV,
@@ -824,6 +825,7 @@ void deriveKBKDF(const RawBuffer &secretId,
        RawBuffer keyPwdBuf(keyPwd.begin(), keyPwd.end());
 
        TrustZoneContext::Instance().executeKbkdf(secretId,
+                                                                                         secretPwd,
                                                                                          label,
                                                                                          context,
                                                                                          fixed,
diff --git a/src/manager/crypto/tz-backend/internals.h b/src/manager/crypto/tz-backend/internals.h
index bb8e444..8797065 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.h
+++ b/src/manager/crypto/tz-backend/internals.h
@@ -156,6 +156,7 @@ void deriveECDH(const RawBuffer &prvKeyId,
                                const RawBuffer &secretHash);
 
 void deriveKBKDF(const RawBuffer &secretId,
+                                const Pwd &secretPwd,
                                 const CryptoAlgorithm &alg,
                                 const Password &keyPwd,
                                 const RawBuffer &keyPwdIV,
diff --git a/src/manager/crypto/tz-backend/obj.cpp b/src/manager/crypto/tz-backend/obj.cpp
index 8d85d1a..5a8153e 100644 (file)
--- a/src/manager/crypto/tz-backend/obj.cpp
+++ b/src/manager/crypto/tz-backend/obj.cpp
@@ -66,7 +66,7 @@ Token BData::derive(const CryptoAlgorithm &alg, const Password &pass, const RawB
                iv = Internals::generateIV();
        }
 
-       Internals::deriveKBKDF(getId(), alg, pass, iv, tag, hash);
+       Internals::deriveKBKDF(getId(), getPassword(), alg, pass, iv, tag, hash);
 
        return Token(backendId(), DataType(KeyType::KEY_AES), Store::pack(hash, pass, iv, tag));
 }
diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index 3cf5702..ad09c65 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -890,6 +890,7 @@ void TrustZoneContext::executeEcdh(const RawBuffer &prvKeyId,
 }
 
 void TrustZoneContext::executeKbkdf(const RawBuffer& secretId,
+                                                                       const Pwd& secretPwd,
                                                                        const RawBuffer& label,
                                                                        const RawBuffer& context,
                                                                        const RawBuffer& fixed,
@@ -908,6 +909,7 @@ void TrustZoneContext::executeKbkdf(const RawBuffer& secretId,
        LogDebug("TrustZoneContext::executeKbkdf");
 
        auto sIn = makeSerializer(secretId,
+                                                         secretPwd,
                                                          label,
                                                          context,
                                                          fixed,
diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h
index 7233ef7..015b44b 100644 (file)
--- a/src/manager/crypto/tz-backend/tz-context.h
+++ b/src/manager/crypto/tz-backend/tz-context.h
@@ -183,6 +183,7 @@ public:
                                         const RawBuffer &secretHash);
 
        void executeKbkdf(const RawBuffer& secretId,
+                                         const Pwd& secretPwd,
                                          const RawBuffer& label,
                                          const RawBuffer& context,
                                          const RawBuffer& fixed,
Domain: Security / Utilities;