Пример #1
0
static int dek_decrypt_dek(int userid, dek_t *encDek, dek_t *plainDek) {
	int key_arr_idx;
	int dek_type = encDek->type;

	if (!dek_is_persona(userid)) {
		DEK_LOGE("%s invalid userid %d\n", __func__, userid);
		return -EFAULT;
	}
	key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
#if DEK_DEBUG
	DEK_LOGD("encDek from user: "******"aes decrypt failed\n");
                dek_add_to_log(userid, "aes decrypt failed");
                plainDek->len = 0;
            } else {
                plainDek->len = encDek->len;
                plainDek->type = DEK_TYPE_PLAIN;
            }
        } else {
            DEK_LOGE("no SDPK_sym key for id: %d\n", userid);
            dek_add_to_log(userid, "decrypt failed, persona locked");
            return -EIO;
        }
        return 0;
	}
	case DEK_TYPE_RSA_ENC:
	{
#ifdef CONFIG_PUB_CRYPTO
        if(SDPK_Rpri[key_arr_idx].len > 0) {
            if(rsa_decryptByPair(encDek, plainDek, &SDPK_Rpri[key_arr_idx])){
                DEK_LOGE("rsa_decryptByPair failed");
                return -1;
            }
        }else{
            DEK_LOGE("SDPK_Rpri for id: %d\n", userid);
            dek_add_to_log(userid, "encrypt failed, no SDPK_Rpri");
            return -EIO;
        }
#else
        DEK_LOGE("Not supported key type: %d\n", encDek->type);
        dek_add_to_log(userid, "decrypt failed, DH type not supported");
        return -EOPNOTSUPP;
#endif
        return 0;
	}
	case DEK_TYPE_DH_ENC:
	{
#ifdef CONFIG_PUB_CRYPTO
        if(SDPK_Dpri[key_arr_idx].len > 0) {
            if(dh_decryptEDEK(encDek, plainDek, &SDPK_Dpri[key_arr_idx])){
                DEK_LOGE("dh_decryptEDEK failed");
                return -1;
            }
        }else{
            DEK_LOGE("SDPK_Dpri for id: %d\n", userid);
            dek_add_to_log(userid, "encrypt failed, no SDPK_Dpri");
            return -EIO;
        }
#else
        DEK_LOGE("Not supported key type: %d\n", encDek->type);
        dek_add_to_log(userid, "decrypt failed, DH type not supported");
        return -EOPNOTSUPP;
#endif
        return 0;
	}
	case DEK_TYPE_ECDH256_ENC:
	{
#ifdef CONFIG_PUB_CRYPTO
#if DEK_DEBUG
	    printk("DEK_TYPE_ECDH256_ENC encDek:"); dek_dump(encDek->buf, encDek->len);
#endif
        if(SDPK_EDpri[key_arr_idx].len > 0) {
            if(ecdh_decryptEDEK(encDek, plainDek, &SDPK_EDpri[key_arr_idx])){
                DEK_LOGE("ecdh_decryptEDEK failed");
                return -1;
            }
        }else{
            DEK_LOGE("SDPK_EDpri for id: %d\n", userid);
            dek_add_to_log(userid, "encrypt failed, no SDPK_EDpri");
            return -EIO;
        }
#else
        DEK_LOGE("Not supported key type: %d\n", encDek->type);
        dek_add_to_log(userid, "decrypt failed, ECDH type not supported");
        return -EOPNOTSUPP;
#endif
        return 0;
	}
	default:
	{
        DEK_LOGE("Unsupported edek type: %d\n", encDek->type);
        dek_add_to_log(userid, "decrypt failed, unsupported key type");
        return -EFAULT;
	}
	}
}
Пример #2
0
static int dek_decrypt_dek(int userid, dek_t *encDek, dek_t *plainDek) {
	int key_arr_idx = PERSONA_KEY_ARR_IDX(userid);

	if (!dek_is_persona(userid)) {
		DEK_LOGE("%s invalid userid %d\n", __func__, userid);
		return -EFAULT;
	}
#if DEK_DEBUG
	DEK_LOGD("encDek from user: "******"aes decrypt failed\n");
				dek_add_to_log(userid, "aes decrypt failed");
				plainDek->len = 0;
			} else {
				plainDek->len = encDek->len;
				plainDek->type = DEK_TYPE_PLAIN;
			}
		} else {
			DEK_LOGE("no SDPK_sym key for id: %d\n", userid);
			dek_add_to_log(userid, "decrypt failed, persona locked");
			return -EIO;
		}
	} else if (encDek->type == DEK_TYPE_RSA_ENC) {
		DEK_LOGE("Not supported key type: %d\n", encDek->type);
		dek_add_to_log(userid, "decrypt failed, RSA type not supported");
		return -EFAULT;
	} else if (encDek->type == DEK_TYPE_DH_ENC) {
#ifdef CONFIG_PUB_CRYPTO
		if(SDPK_Dpri[key_arr_idx].len > 0) {
			if(dh_decryptEDEK(encDek, plainDek, &SDPK_Dpri[key_arr_idx])){
			    DEK_LOGE("dh_decryptEDEK failed");
				return -1;
			}
		}else{
			DEK_LOGE("SDPK_Dpri for id: %d\n", userid);
			dek_add_to_log(userid, "encrypt failed, no SDPK_Dpri");
			return -EIO;
		}
#else
		DEK_LOGE("Not supported key type: %d\n", encDek->type);
		dek_add_to_log(userid, "decrypt failed, DH type not supported");
		return -EOPNOTSUPP;
#endif
	} else {
		DEK_LOGE("Unsupported decrypt key type: %d\n", encDek->type);
		dek_add_to_log(userid, "decrypt failed, unsupported key type");
		return -EFAULT;
	}

	if (plainDek->len <= 0 || plainDek->len > DEK_LEN) {
		DEK_LOGE("dek_decrypt_dek, incorrect len=%d\n", plainDek->len);
		zero_out((char *)plainDek, sizeof(dek_t));
		return -EFAULT;
	} else {
#if DEK_DEBUG
		DEK_LOGD("plainDek to user: ");
		dump(plainDek->buf, plainDek->len);
#endif
	}
	return 0;
}