const Pwd &wrappingKeyPwd,
const CryptoAlgorithm &alg,
const RawBuffer &keyToWrapId,
- const Pwd &keyToWrapPwd)
+ const Pwd &keyToWrapPwd,
+ const DataType &keyToWrapType)
{
AlgoType algo;
uint32_t ctrLenOrTagSizeBits = 0;
ctrLenOrTagSizeBits,
aad,
keyToWrapId,
- keyToWrapPwd);
+ keyToWrapPwd,
+ toTzDataType(keyToWrapType));
}
RawBuffer getData(const RawBuffer &dataId,
- const Pwd &pwd)
+ const Pwd &pwd,
+ const DataType &type)
{
RawBuffer result;
TrustZoneContext::Instance().getData(dataId,
pwd,
+ toTzDataType(type),
result);
return result;
}
const Pwd &wrappingKeyPwd,
const CryptoAlgorithm &alg,
const RawBuffer &keyToWrapId,
- const Pwd &keyToWrapPwd);
+ const Pwd &keyToWrapPwd,
+ const DataType &keyToWrapType);
RawBuffer getData(const RawBuffer &dataId,
- const Pwd &pwd);
+ const Pwd &pwd,
+ const DataType &type);
void destroyData(const RawBuffer &dataId);
getPassword(),
alg,
keyToWrapId,
- Pwd(keyToWrapPass, keyToWrapIV, keyToWrapTag));
+ Pwd(keyToWrapPass, keyToWrapIV, keyToWrapTag),
+ m_type);
}
RawBuffer SKey::encrypt(const CryptoAlgorithm &alg, const RawBuffer &data)
RawBuffer AKey::getBinary() const
{
if (m_type.isKeyPublic() && m_raw.empty())
- m_raw = Internals::getData(getId(), getPassword());
+ m_raw = Internals::getData(getId(), getPassword(), m_type);
return m_raw;
}
class Key : public BData {
public:
- Key(CryptoBackend backendId, int scheme, RawBuffer id, Pwd pwd) :
- BData(backendId, scheme, std::move(id), std::move(pwd)) {}
+ Key(CryptoBackend backendId, int scheme, RawBuffer id, Pwd pwd, DataType dataType) :
+ BData(backendId, scheme, std::move(id), std::move(pwd)), m_type(dataType) {}
Token unwrap(const CryptoAlgorithm ¶ms,
const Data &encryptedKey,
RawBuffer wrap(const CryptoAlgorithm ¶ms,
const Token &keyToWrap,
const Password &keyToWrapPass) override;
+
+protected:
+ DataType m_type;
};
class SKey : public Key {
public:
SKey(CryptoBackend backendId, int scheme, RawBuffer id, Pwd pwd) :
- Key(backendId, scheme, std::move(id), std::move(pwd)) {}
+ Key(backendId, scheme, std::move(id), std::move(pwd), DataType::KEY_AES) {}
RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &) override;
RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &) override;
RawBuffer id,
Pwd pwd,
DataType dataType) :
- Key(backendId, scheme, std::move(id), std::move(pwd)), m_type(dataType) {}
+ Key(backendId, scheme, std::move(id), std::move(pwd), dataType) {}
RawBuffer getBinary() const override;
RawBuffer sign(const CryptoAlgorithm &alg, const RawBuffer &message) override;
RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &) override;
Token derive(const CryptoAlgorithm &, const Password &, const RawBuffer &) override;
GCtxShPtr initContext(const CryptoAlgorithm &, bool) override;
-
-protected:
- DataType m_type;
};
class Cert : public AKey {
return make<Cert>(scheme, std::move(id), Pwd(pass, iv, tag), token.dataType);
auto pwd = Pwd(pass, iv, tag);
- RawBuffer raw = Internals::getData(id, pwd);
+ RawBuffer raw = Internals::getData(id, pwd, token.dataType);
if (token.dataType.isBinaryData())
return make<BData>(scheme, std::move(id), std::move(pwd), std::move(raw));
const uint32_t ctrLenOrTagSizeBits,
const RawBuffer &aad,
const RawBuffer &keyToWrapId,
- const Pwd &keyToWrapPwd)
+ const Pwd &keyToWrapPwd,
+ tz_data_type keyToWrapType)
{
// command ID = CMD_EXPORT_WRAPPED_KEY
LogDebug("TrustZoneContext::exportWrappedKey");
ctrLenOrTagSizeBits,
aad,
keyToWrapId,
- keyToWrapPwd);
+ keyToWrapPwd,
+ keyToWrapType);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
- uint32_t data_size = 0;
- GetDataSize(keyToWrapId, data_size);
+ uint32_t dataSize = 0;
+ GetDataSize(keyToWrapId, keyToWrapType, dataSize);
- LogDebug("GetData data_size = [" << data_size << "]");
+ LogDebug("GetData data_size = [" << dataSize << "]");
// encrypted data may be longer
TZSerializer sOut;
- sOut.Push(new TZSerializableBinary(data_size + KM_ENCRYPTION_OVERHEAD));
+ sOut.Push(new TZSerializableBinary(dataSize + KM_ENCRYPTION_OVERHEAD));
TrustZoneMemory outMemory(m_Context, sOut.GetSize(), TEEC_MEM_OUTPUT);
sOut.Serialize(outMemory);
return wrappedKey;
}
-void TrustZoneContext::GetDataSize(const RawBuffer &dataId, uint32_t &dataSize)
+void TrustZoneContext::GetDataSize(const RawBuffer &dataId,
+ const tz_data_type type,
+ uint32_t &dataSize)
{
// command ID = CMD_GET_DATA_SIZE
LogDebug("Object ID (passed to CMD_GET_DATA_SIZE) is (hex): " << rawToHexString(dataId));
- auto sIn = makeSerializer(dataId);
+ auto sIn = makeSerializer(dataId, type);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
void TrustZoneContext::getData(const RawBuffer &dataId,
const Pwd &pwd,
+ const tz_data_type type,
RawBuffer &data)
{
// command ID = CMD_GET_DATA
LogDebug("Object ID (passed to CMD_GET_DATA) is (hex): " << rawToHexString(dataId));
- auto sIn = makeSerializer(dataId, pwd);
+ auto sIn = makeSerializer(dataId, pwd, type);
TrustZoneMemory inMemory(m_Context, sIn.GetSize(), TEEC_MEM_INPUT);
sIn.Serialize(inMemory);
uint32_t data_size = 0;
- GetDataSize(dataId, data_size);
+ GetDataSize(dataId, type, data_size);
LogDebug("GetData data_size = [" << data_size << "]");
const uint32_t ctrLenOrTagSizeBits,
const RawBuffer &aad,
const RawBuffer &keyToWrapId,
- const Pwd &keyToWrapPwd);
+ const Pwd &keyToWrapPwd,
+ tz_data_type keyToWrapType);
void executeCrypt(tz_command cmd,
tz_algo_type algo,
void getData(const RawBuffer &dataId,
const Pwd &pwd,
+ const tz_data_type type,
RawBuffer &data);
void destroyData(const RawBuffer &dataId);
void Destroy();
void Reload();
- void GetDataSize(const RawBuffer &dataId, uint32_t &dataSize);
+ void GetDataSize(const RawBuffer &dataId, const tz_data_type type, uint32_t &dataSize);
void Execute(tz_command commandID, TEEC_Operation* op);
projects / platform / core / security / key-manager.git / commitdiff