static int dek_decrypt_dek(int userid, dek_t *encDek, dek_t *plainDek) { int key_arr_idx; int dek_type = encDek->type; if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } key_arr_idx = PERSONA_KEY_ARR_IDX(userid); #if DEK_DEBUG DEK_LOGD("encDek from user: "******"aes decrypt failed\n"); dek_add_to_log(userid, "aes decrypt failed"); plainDek->len = 0; } else { plainDek->len = encDek->len; plainDek->type = DEK_TYPE_PLAIN; } } else { DEK_LOGE("no SDPK_sym key for id: %d\n", userid); dek_add_to_log(userid, "decrypt failed, persona locked"); return -EIO; } return 0; } case DEK_TYPE_RSA_ENC: { #ifdef CONFIG_PUB_CRYPTO if(SDPK_Rpri[key_arr_idx].len > 0) { if(rsa_decryptByPair(encDek, plainDek, &SDPK_Rpri[key_arr_idx])){ DEK_LOGE("rsa_decryptByPair failed"); return -1; } }else{ DEK_LOGE("SDPK_Rpri for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_Rpri"); return -EIO; } #else DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, DH type not supported"); return -EOPNOTSUPP; #endif return 0; } case DEK_TYPE_DH_ENC: { #ifdef CONFIG_PUB_CRYPTO if(SDPK_Dpri[key_arr_idx].len > 0) { if(dh_decryptEDEK(encDek, plainDek, &SDPK_Dpri[key_arr_idx])){ DEK_LOGE("dh_decryptEDEK failed"); return -1; } }else{ DEK_LOGE("SDPK_Dpri for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_Dpri"); return -EIO; } #else DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, DH type not supported"); return -EOPNOTSUPP; #endif return 0; } case DEK_TYPE_ECDH256_ENC: { #ifdef CONFIG_PUB_CRYPTO #if DEK_DEBUG printk("DEK_TYPE_ECDH256_ENC encDek:"); dek_dump(encDek->buf, encDek->len); #endif if(SDPK_EDpri[key_arr_idx].len > 0) { if(ecdh_decryptEDEK(encDek, plainDek, &SDPK_EDpri[key_arr_idx])){ DEK_LOGE("ecdh_decryptEDEK failed"); return -1; } }else{ DEK_LOGE("SDPK_EDpri for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_EDpri"); return -EIO; } #else DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, ECDH type not supported"); return -EOPNOTSUPP; #endif return 0; } default: { DEK_LOGE("Unsupported edek type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, unsupported key type"); return -EFAULT; } } }
static int dek_decrypt_dek(int userid, dek_t *encDek, dek_t *plainDek) { int key_arr_idx = PERSONA_KEY_ARR_IDX(userid); if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } #if DEK_DEBUG DEK_LOGD("encDek from user: "******"aes decrypt failed\n"); dek_add_to_log(userid, "aes decrypt failed"); plainDek->len = 0; } else { plainDek->len = encDek->len; plainDek->type = DEK_TYPE_PLAIN; } } else { DEK_LOGE("no SDPK_sym key for id: %d\n", userid); dek_add_to_log(userid, "decrypt failed, persona locked"); return -EIO; } } else if (encDek->type == DEK_TYPE_RSA_ENC) { DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, RSA type not supported"); return -EFAULT; } else if (encDek->type == DEK_TYPE_DH_ENC) { #ifdef CONFIG_PUB_CRYPTO if(SDPK_Dpri[key_arr_idx].len > 0) { if(dh_decryptEDEK(encDek, plainDek, &SDPK_Dpri[key_arr_idx])){ DEK_LOGE("dh_decryptEDEK failed"); return -1; } }else{ DEK_LOGE("SDPK_Dpri for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_Dpri"); return -EIO; } #else DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, DH type not supported"); return -EOPNOTSUPP; #endif } else { DEK_LOGE("Unsupported decrypt key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, unsupported key type"); return -EFAULT; } if (plainDek->len <= 0 || plainDek->len > DEK_LEN) { DEK_LOGE("dek_decrypt_dek, incorrect len=%d\n", plainDek->len); zero_out((char *)plainDek, sizeof(dek_t)); return -EFAULT; } else { #if DEK_DEBUG DEK_LOGD("plainDek to user: "); dump(plainDek->buf, plainDek->len); #endif } return 0; }