static int dek_on_user_added(dek_arg_on_user_added *evt) { int userid = evt->userid; int key_arr_idx = PERSONA_KEY_ARR_IDX(userid); /* * TODO : lock needed */ if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } if((evt->SDPK_Rpub.len > KEK_MAX_LEN) || (evt->SDPK_Dpub.len > KEK_MAX_LEN)) { DEK_LOGE("Invalid args\n"); DEK_LOGE("SDPK_Rpub.len : %d\n", evt->SDPK_Rpub.len); DEK_LOGE("SDPK_Dpub.len : %d\n", evt->SDPK_Dpub.len); return -EINVAL; } memcpy(SDPK_Rpub[key_arr_idx].buf, evt->SDPK_Rpub.buf, evt->SDPK_Rpub.len); SDPK_Rpub[key_arr_idx].len = evt->SDPK_Rpub.len; memcpy(SDPK_Dpub[key_arr_idx].buf, evt->SDPK_Dpub.buf, evt->SDPK_Dpub.len); SDPK_Dpub[key_arr_idx].len = evt->SDPK_Dpub.len; #if DEK_DEBUG dump_all_keys(key_arr_idx); #endif return 0; }
static int dek_on_device_unlocked(dek_arg_on_device_unlocked *evt) { int key_arr_idx = PERSONA_KEY_ARR_IDX(evt->persona_id); /* * TODO : lock needed */ memcpy(mas_key[key_arr_idx].buf, evt->mas_key.buf, evt->mas_key.len); mas_key[key_arr_idx].len = evt->mas_key.len; memcpy(priv_key[key_arr_idx].buf, evt->priv_key.buf, evt->priv_key.len); priv_key[key_arr_idx].len = evt->priv_key.len; tfm[key_arr_idx] = dek_aes_key_setup(evt->mas_key.buf, evt->mas_key.len); if (IS_ERR(tfm[key_arr_idx])) { printk("dek: error setting up key\n"); dek_add_to_log(evt->persona_id, "error setting up key"); tfm[key_arr_idx] = NULL; } #if DEK_DEBUG dump_all_keys(key_arr_idx); #endif return 0; }
static int dek_on_user_removed(dek_arg_on_user_removed *evt) { int userid = evt->userid; int key_arr_idx; /* * TODO : lock needed */ if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } key_arr_idx = PERSONA_KEY_ARR_IDX(userid); zero_out((char *)&SDPK_sym[key_arr_idx], sizeof(kek_t)); zero_out((char *)&SDPK_Rpub[key_arr_idx], sizeof(kek_t)); zero_out((char *)&SDPK_Rpri[key_arr_idx], sizeof(kek_t)); zero_out((char *)&SDPK_Dpub[key_arr_idx], sizeof(kek_t)); zero_out((char *)&SDPK_Dpri[key_arr_idx], sizeof(kek_t)); zero_out((char *)&SDPK_EDpub[key_arr_idx], sizeof(kek_t)); zero_out((char *)&SDPK_EDpri[key_arr_idx], sizeof(kek_t)); #ifdef CONFIG_SDP_KEY_DUMP if(get_sdp_sysfs_key_dump()) { dump_all_keys(key_arr_idx); } #endif dek_aes_key_free(sdp_tfm[key_arr_idx]); sdp_tfm[key_arr_idx] = NULL; return 0; }
int is_kek_available(int userid, int kek_type) { int ret; int key_arr_idx = PERSONA_KEY_ARR_IDX(userid); switch(kek_type) { case KEK_TYPE_SYM: if (SDPK_sym[key_arr_idx].len > 0) ret = 1; else ret = 0; break; case KEK_TYPE_RSA_PUB: if (SDPK_Rpub[key_arr_idx].len > 0) ret = 1; else ret = 0; break; case KEK_TYPE_RSA_PRIV: if (SDPK_Rpri[key_arr_idx].len > 0) ret = 1; else ret = 0; break; case KEK_TYPE_DH_PUB: if (SDPK_Dpub[key_arr_idx].len > 0) ret = 1; else ret = 0; break; case KEK_TYPE_DH_PRIV: if (SDPK_Dpri[key_arr_idx].len > 0) ret = 1; else ret = 0; break; case KEK_TYPE_ECDH256_PUB: if (SDPK_EDpub[key_arr_idx].len > 0) ret = 1; else ret = 0; break; case KEK_TYPE_ECDH256_PRIV: if (SDPK_EDpri[key_arr_idx].len > 0) ret = 1; else ret = 0; break; default: printk("%s : unknown kek type:%d\n", __func__, kek_type); ret = -ENOENT; break; } return ret; }
static int dek_on_user_added(dek_arg_on_user_added *evt) { int key_arr_idx = PERSONA_KEY_ARR_IDX(evt->persona_id); memcpy(pub_key[key_arr_idx].buf, evt->pub_key.buf, evt->pub_key.len); pub_key[key_arr_idx].len = evt->pub_key.len; #if DEK_DEBUG dump_all_keys(key_arr_idx); #endif return 0; }
static int dek_encrypt_dek(int userid, dek_t *plainDek, dek_t *encDek) { int ret = 0; int key_arr_idx = PERSONA_KEY_ARR_IDX(userid); if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } #if DEK_DEBUG DEK_LOGD("plainDek from user: "******"aes encrypt failed\n"); dek_add_to_log(userid, "aes encrypt failed"); encDek->len = 0; } else { encDek->len = plainDek->len; encDek->type = DEK_TYPE_AES_ENC; } } else { #ifdef CONFIG_PUB_CRYPTO /* * Do an asymmetric crypto */ if(SDPK_Dpub[key_arr_idx].len > 0) { ret = dh_encryptDEK(plainDek, encDek, &SDPK_Dpub[key_arr_idx]); }else{ DEK_LOGE("SDPK_Dpub for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_Dpub"); return -EIO; } #else DEK_LOGE("pub crypto not supported : %d\n", userid); dek_add_to_log(userid, "encrypt failed, no key"); return -EOPNOTSUPP; #endif } if (encDek->len <= 0 || encDek->len > DEK_MAXLEN) { DEK_LOGE("dek_encrypt_dek, incorrect len=%d\n", encDek->len); zero_out((char *)encDek, sizeof(dek_t)); return -EFAULT; } #if DEK_DEBUG else { DEK_LOGD("encDek to user: "); dump(encDek->buf, encDek->len); } #endif return ret; }
int dek_is_persona_locked(int userid) { int key_arr_idx = PERSONA_KEY_ARR_IDX(userid); if (dek_is_persona(userid)) { if (sdp_tfm[key_arr_idx] != NULL) { return 0; } else { return 1; } } else { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -1; } }
static int dek_on_device_locked(dek_arg_on_device_locked *evt) { int key_arr_idx = PERSONA_KEY_ARR_IDX(evt->persona_id); dek_aes_key_free(tfm[key_arr_idx]); tfm[key_arr_idx] = NULL; memset(&priv_key[key_arr_idx], 0, sizeof(kek)); memset(&mas_key[key_arr_idx], 0, sizeof(kek)); #if DEK_DEBUG dump_all_keys(key_arr_idx); #endif return 0; }
static int dek_decrypt_dek(int persona_id, dek *encDek, dek *plainDek, int type) { int key_arr_idx = PERSONA_KEY_ARR_IDX(persona_id); unsigned int i; unsigned int bsize; if (!dek_is_persona(persona_id)) { return -EFAULT; } #if DEK_DEBUG printk("dek: encDek from user: "******"dek: no master key for id: %d\n", persona_id); dek_add_to_log(persona_id, "decrypt failed, persona locked"); return -EIO; } } else if (type == DEK_RSA_ENC) { printk("dek: Not supported key type: %d\n", type); dek_add_to_log(persona_id, "decrypt failed, RSA type not supported"); return -EFAULT; } else { printk("dek: wrong decrypt key type: %d\n", type); dek_add_to_log(persona_id, "decrypt failed, wrong decrypt key type"); return -EFAULT; } if (plainDek->len <= 0 || plainDek->len > DEK_DEK_LEN) { printk("dek: dek_decrypt_dek, incorrect len=%d\n", plainDek->len); memset(plainDek, 0, sizeof(dek)); return -EFAULT; } else { #if DEK_DEBUG printk("dek: plainDek to user: "); dump(plainDek->buf, plainDek->len); #endif } return 0; }
static int dek_on_device_unlocked(dek_arg_on_device_unlocked *evt) { int userid = evt->userid; int key_arr_idx; /* * TODO : lock needed */ if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } key_arr_idx = PERSONA_KEY_ARR_IDX(userid); if((evt->SDPK_sym.len > KEK_MAX_LEN) || (evt->SDPK_Rpri.len > KEK_MAX_LEN) || (evt->SDPK_Dpri.len > KEK_MAX_LEN) || (evt->SDPK_EDpri.len > KEK_MAX_LEN)) { DEK_LOGE("%s Invalid args\n", __func__); DEK_LOGE("SDPK_sym.len : %d\n", evt->SDPK_sym.len); DEK_LOGE("SDPK_Rpri.len : %d\n", evt->SDPK_Rpri.len); DEK_LOGE("SDPK_Dpri.len : %d\n", evt->SDPK_Dpri.len); DEK_LOGE("SDPK_EDpri.len : %d\n", evt->SDPK_EDpri.len); return -EINVAL; } copy_kek(&SDPK_Rpri[key_arr_idx], &evt->SDPK_Rpri, KEK_TYPE_RSA_PRIV); copy_kek(&SDPK_Dpri[key_arr_idx], &evt->SDPK_Dpri, KEK_TYPE_DH_PRIV); copy_kek(&SDPK_EDpri[key_arr_idx], &evt->SDPK_EDpri, KEK_TYPE_ECDH256_PRIV); copy_kek(&SDPK_sym[key_arr_idx], &evt->SDPK_sym, KEK_TYPE_SYM); sdp_tfm[key_arr_idx] = dek_aes_key_setup(evt->SDPK_sym.buf, evt->SDPK_sym.len); if (IS_ERR(sdp_tfm[key_arr_idx])) { DEK_LOGE("error setting up key\n"); dek_add_to_log(evt->userid, "error setting up key"); sdp_tfm[key_arr_idx] = NULL; } #ifdef CONFIG_SDP_KEY_DUMP if(get_sdp_sysfs_key_dump()) { dump_all_keys(key_arr_idx); } #endif return 0; }
static int dek_on_device_unlocked(dek_arg_on_device_unlocked *evt) { int userid = evt->userid; int key_arr_idx = PERSONA_KEY_ARR_IDX(userid); /* * TODO : lock needed */ if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } if((evt->SDPK_sym.len > KEK_MAX_LEN) || (evt->SDPK_Rpri.len > KEK_MAX_LEN) || (evt->SDPK_Dpri.len > KEK_MAX_LEN)) { DEK_LOGE("%s Invalid args\n", __func__); DEK_LOGE("SDPK_Rpub.len : %d\n", evt->SDPK_sym.len); DEK_LOGE("SDPK_Dpub.len : %d\n", evt->SDPK_Rpri.len); DEK_LOGE("SDPK_Dpub.len : %d\n", evt->SDPK_Dpri.len); return -EINVAL; } memcpy(SDPK_sym[key_arr_idx].buf, evt->SDPK_sym.buf, evt->SDPK_sym.len); SDPK_sym[key_arr_idx].len = evt->SDPK_sym.len; memcpy(SDPK_Rpri[key_arr_idx].buf, evt->SDPK_Rpri.buf, evt->SDPK_Rpri.len); SDPK_Rpri[key_arr_idx].len = evt->SDPK_Rpri.len; memcpy(SDPK_Dpri[key_arr_idx].buf, evt->SDPK_Dpri.buf, evt->SDPK_Dpri.len); SDPK_Dpri[key_arr_idx].len = evt->SDPK_Dpri.len; sdp_tfm[key_arr_idx] = dek_aes_key_setup(evt->SDPK_sym.buf, evt->SDPK_sym.len); if (IS_ERR(sdp_tfm[key_arr_idx])) { DEK_LOGE("error setting up key\n"); dek_add_to_log(evt->userid, "error setting up key"); sdp_tfm[key_arr_idx] = NULL; } #if DEK_DEBUG dump_all_keys(key_arr_idx); #endif return 0; }
static int dek_encrypt_dek(int persona_id, dek *plainDek, dek *encDek) { int ret = 0; int key_arr_idx = PERSONA_KEY_ARR_IDX(persona_id); unsigned int i; unsigned int bsize; if (!dek_is_persona(persona_id)) { return -EFAULT; } #if DEK_DEBUG printk("dek: plainDek from user: "******"dek: no encryption key for id: %d\n", persona_id); dek_add_to_log(persona_id, "encrypt failed, no key"); return -EIO; } if (encDek->len <= 0 || encDek->len > DEK_DEK_ENC_LEN) { printk("dek: dek_encrypt_dek, incorrect len=%d\n", encDek->len); memset(encDek, 0, sizeof(dek)); return -EFAULT; } #if DEK_DEBUG else { printk("dek: encDek to user: "); dump(encDek->buf, encDek->len); } #endif return ret; }
static int dek_on_device_locked(dek_arg_on_device_locked *evt) { int userid = evt->userid; int key_arr_idx = PERSONA_KEY_ARR_IDX(userid); if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } dek_aes_key_free(sdp_tfm[key_arr_idx]); sdp_tfm[key_arr_idx] = NULL; zero_out((char *)&SDPK_sym[key_arr_idx], sizeof(kek_t)); zero_out((char *)&SDPK_Rpri[key_arr_idx], sizeof(kek_t)); zero_out((char *)&SDPK_Dpri[key_arr_idx], sizeof(kek_t)); ecryptfs_mm_drop_cache(userid); #if DEK_DEBUG dump_all_keys(key_arr_idx); #endif return 0; }
static int dek_on_boot(dek_arg_on_boot *evt) { int ret = 0; int userid = evt->userid; int key_arr_idx; /* * TODO : lock needed */ if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } key_arr_idx = PERSONA_KEY_ARR_IDX(userid); if((evt->SDPK_Rpub.len > KEK_MAX_LEN) || (evt->SDPK_Dpub.len > KEK_MAX_LEN) || (evt->SDPK_EDpub.len > KEK_MAX_LEN)) { DEK_LOGE("Invalid args\n"); DEK_LOGE("SDPK_Rpub.len : %d\n", evt->SDPK_Rpub.len); DEK_LOGE("SDPK_Dpub.len : %d\n", evt->SDPK_Dpub.len); DEK_LOGE("SDPK_EDpub.len : %d\n", evt->SDPK_EDpub.len); return -EINVAL; } copy_kek(&SDPK_Rpub[key_arr_idx], &evt->SDPK_Rpub, KEK_TYPE_RSA_PUB); copy_kek(&SDPK_Dpub[key_arr_idx], &evt->SDPK_Dpub, KEK_TYPE_DH_PUB); copy_kek(&SDPK_EDpub[key_arr_idx], &evt->SDPK_EDpub, KEK_TYPE_ECDH256_PUB); #ifdef CONFIG_SDP_KEY_DUMP if(get_sdp_sysfs_key_dump()) { dump_all_keys(key_arr_idx); } #endif return ret; }
static long dek_do_ioctl_kek(unsigned int minor, unsigned int cmd, unsigned long arg) { long ret = 0; void __user *ubuf = (void __user *)arg; int key_arr_idx = 0; switch (cmd) { case DEK_GET_ENC_KEK: { dek_arg_get_enc_kek req; printk("dek: DEK_GET_ENC_KEK\n"); if(copy_from_user(&req, ubuf, sizeof(req))) { printk("dek: can't copy from user\n"); ret = -EFAULT; goto err; } key_arr_idx = PERSONA_KEY_ARR_IDX(req.persona_id); if (mas_key[key_arr_idx].len > 0) { memcpy(req.key.buf, mas_key[key_arr_idx].buf, mas_key[key_arr_idx].len); req.key.len = mas_key[key_arr_idx].len; req.key.type = TYPE_MAS_KEK; printk("dek: mas_key len : %d\n", req.key.len); } else if (pub_key[key_arr_idx].len > 0) { memcpy(req.key.buf, pub_key[key_arr_idx].buf, pub_key[key_arr_idx].len); req.key.len = pub_key[key_arr_idx].len; req.key.type = TYPE_PUB_KEK; printk("dek: pub_key len : %d\n", req.key.len); } else { printk("dek: KEK encryption key not available\n"); ret = -ENXIO; goto err; } if(copy_to_user(ubuf, &req, sizeof(req))) { printk("dek: can't copy to user\n"); memset(&req, 0, sizeof(dek_arg_get_enc_kek)); ret = -EFAULT; goto err; } memset(&req, 0, sizeof(dek_arg_get_enc_kek)); break; } case DEK_GET_DEC_KEK: { dek_arg_get_dec_kek req; printk("dek: DEK_GET_DEC_KEK\n"); if(copy_from_user(&req, ubuf, sizeof(req))) { printk("dek: can't copy from user\n"); ret = -EFAULT; goto err; } key_arr_idx = PERSONA_KEY_ARR_IDX(req.persona_id); if (mas_key[key_arr_idx].len > 0) { memcpy(req.key.buf, mas_key[key_arr_idx].buf, mas_key[key_arr_idx].len); req.key.len = mas_key[key_arr_idx].len; req.key.type = TYPE_MAS_KEK; printk("dek: mas_key len : %d\n", req.key.len); } else if (priv_key[key_arr_idx].len > 0) { memcpy(req.key.buf, priv_key[key_arr_idx].buf, priv_key[key_arr_idx].len); req.key.len = priv_key[key_arr_idx].len; req.key.type = TYPE_PRIV_KEK; printk("dek: priv_key len : %d\n", req.key.len); } else { printk("dek: KEK decryption key not available\n"); ret = -ENXIO; goto err; } if(copy_to_user(ubuf, &req, sizeof(req))) { printk("dek: can't copy to user\n"); memset(&req, 0, sizeof(dek_arg_get_dec_kek)); ret = -EFAULT; goto err; } memset(&req, 0, sizeof(dek_arg_get_dec_kek)); break; } default: printk("dek: case default\n"); ret = -EINVAL; break; } return ret; err: return ret; }
static long dek_do_ioctl_kek(unsigned int minor, unsigned int cmd, unsigned long arg) { long ret = 0; void __user *ubuf = (void __user *)arg; switch (cmd) { case DEK_GET_KEK: { dek_arg_get_kek req; int requested_type = 0; int userid; int key_arr_idx; DEK_LOGD("DEK_GET_KEK\n"); memset(&req, 0, sizeof(dek_arg_get_kek)); if(copy_from_user(&req, ubuf, sizeof(req))) { DEK_LOGE("can't copy from user kek\n"); ret = -EFAULT; goto err; } userid = req.userid; if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } key_arr_idx = PERSONA_KEY_ARR_IDX(userid); requested_type = req.kek_type; req.key.len = 0; req.key.type = -1; switch(requested_type) { case KEK_TYPE_SYM: if (SDPK_sym[key_arr_idx].len > 0) { copy_kek(&req.key, &SDPK_sym[key_arr_idx], KEK_TYPE_SYM); DEK_LOGD("SDPK_sym len : %d\n", req.key.len); }else{ DEK_LOGE("SDPK_sym not-available\n"); ret = -EIO; goto err; } break; case KEK_TYPE_RSA_PUB: if (SDPK_Rpub[key_arr_idx].len > 0) { copy_kek(&req.key, &SDPK_Rpub[key_arr_idx], KEK_TYPE_RSA_PUB); DEK_LOGD("SDPK_Rpub len : %d\n", req.key.len); } else { DEK_LOGE("SDPK_Rpub not-available\n"); ret = -EIO; goto err; } break; case KEK_TYPE_RSA_PRIV: #ifdef CONFIG_SDP_IOCTL_PRIV if (SDPK_Rpri[key_arr_idx].len > 0) { copy_kek(&req.key, &SDPK_Rpri[key_arr_idx], KEK_TYPE_RSA_PRIV); DEK_LOGD("SDPK_Rpri len : %d\n", req.key.len); } else { DEK_LOGE("SDPK_Rpri not-available\n"); ret = -EIO; goto err; } #else DEK_LOGE("SDPK_Rpri not exposed\n"); ret = -EOPNOTSUPP; goto err; #endif break; case KEK_TYPE_DH_PUB: if (SDPK_Dpub[key_arr_idx].len > 0) { copy_kek(&req.key, &SDPK_Dpub[key_arr_idx], KEK_TYPE_DH_PUB); DEK_LOGD("SDPK_Dpub len : %d\n", req.key.len); } else { DEK_LOGE("SDPK_Dpub not-available\n"); ret = -EIO; goto err; } break; case KEK_TYPE_DH_PRIV: #ifdef CONFIG_SDP_IOCTL_PRIV if (SDPK_Dpri[key_arr_idx].len > 0) { copy_kek(&req.key, &SDPK_Dpri[key_arr_idx], KEK_TYPE_DH_PRIV); DEK_LOGD("SDPK_Dpri len : %d\n", req.key.len); } else { DEK_LOGE("SDPK_Dpri not-available\n"); ret = -EIO; goto err; } #else DEK_LOGE("SDPK_Dpri not exposed\n"); ret = -EOPNOTSUPP; goto err; #endif break; case KEK_TYPE_ECDH256_PUB: if (SDPK_EDpub[key_arr_idx].len > 0) { copy_kek(&req.key, &SDPK_EDpub[key_arr_idx], KEK_TYPE_ECDH256_PUB); DEK_LOGD("SDPK_EDpub len : %d\n", req.key.len); } else { DEK_LOGE("SDPK_EDpub not-available\n"); ret = -EIO; goto err; } break; case KEK_TYPE_ECDH256_PRIV: #ifdef CONFIG_SDP_IOCTL_PRIV if (SDPK_EDpri[key_arr_idx].len > 0) { copy_kek(&req.key, &SDPK_EDpub[key_arr_idx], KEK_TYPE_ECDH256_PRIV); DEK_LOGD("SDPK_EDpri len : %d\n", req.key.len); } else { DEK_LOGE("SDPK_EDpri not-available\n"); ret = -EIO; goto err; } #else DEK_LOGE("SDPK_EDpri not exposed\n"); ret = -EOPNOTSUPP; goto err; #endif break; default: DEK_LOGE("invalid key type\n"); ret = -EINVAL; goto err; break; } if(copy_to_user(ubuf, &req, sizeof(req))) { DEK_LOGE("can't copy to user kek\n"); zero_out((char *)&req, sizeof(dek_arg_get_kek)); ret = -EFAULT; goto err; } zero_out((char *)&req, sizeof(dek_arg_get_kek)); break; } default: DEK_LOGE("%s case default\n", __func__); ret = -EINVAL; break; } return ret; err: return ret; }
static int dek_decrypt_dek(int userid, dek_t *encDek, dek_t *plainDek) { int key_arr_idx; int dek_type = encDek->type; if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } key_arr_idx = PERSONA_KEY_ARR_IDX(userid); #if DEK_DEBUG DEK_LOGD("encDek from user: "******"aes decrypt failed\n"); dek_add_to_log(userid, "aes decrypt failed"); plainDek->len = 0; } else { plainDek->len = encDek->len; plainDek->type = DEK_TYPE_PLAIN; } } else { DEK_LOGE("no SDPK_sym key for id: %d\n", userid); dek_add_to_log(userid, "decrypt failed, persona locked"); return -EIO; } return 0; } case DEK_TYPE_RSA_ENC: { #ifdef CONFIG_PUB_CRYPTO if(SDPK_Rpri[key_arr_idx].len > 0) { if(rsa_decryptByPair(encDek, plainDek, &SDPK_Rpri[key_arr_idx])){ DEK_LOGE("rsa_decryptByPair failed"); return -1; } }else{ DEK_LOGE("SDPK_Rpri for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_Rpri"); return -EIO; } #else DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, DH type not supported"); return -EOPNOTSUPP; #endif return 0; } case DEK_TYPE_DH_ENC: { #ifdef CONFIG_PUB_CRYPTO if(SDPK_Dpri[key_arr_idx].len > 0) { if(dh_decryptEDEK(encDek, plainDek, &SDPK_Dpri[key_arr_idx])){ DEK_LOGE("dh_decryptEDEK failed"); return -1; } }else{ DEK_LOGE("SDPK_Dpri for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_Dpri"); return -EIO; } #else DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, DH type not supported"); return -EOPNOTSUPP; #endif return 0; } case DEK_TYPE_ECDH256_ENC: { #ifdef CONFIG_PUB_CRYPTO #if DEK_DEBUG printk("DEK_TYPE_ECDH256_ENC encDek:"); dek_dump(encDek->buf, encDek->len); #endif if(SDPK_EDpri[key_arr_idx].len > 0) { if(ecdh_decryptEDEK(encDek, plainDek, &SDPK_EDpri[key_arr_idx])){ DEK_LOGE("ecdh_decryptEDEK failed"); return -1; } }else{ DEK_LOGE("SDPK_EDpri for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_EDpri"); return -EIO; } #else DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, ECDH type not supported"); return -EOPNOTSUPP; #endif return 0; } default: { DEK_LOGE("Unsupported edek type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, unsupported key type"); return -EFAULT; } } }
static int dek_decrypt_dek(int userid, dek_t *encDek, dek_t *plainDek) { int key_arr_idx = PERSONA_KEY_ARR_IDX(userid); if (!dek_is_persona(userid)) { DEK_LOGE("%s invalid userid %d\n", __func__, userid); return -EFAULT; } #if DEK_DEBUG DEK_LOGD("encDek from user: "******"aes decrypt failed\n"); dek_add_to_log(userid, "aes decrypt failed"); plainDek->len = 0; } else { plainDek->len = encDek->len; plainDek->type = DEK_TYPE_PLAIN; } } else { DEK_LOGE("no SDPK_sym key for id: %d\n", userid); dek_add_to_log(userid, "decrypt failed, persona locked"); return -EIO; } } else if (encDek->type == DEK_TYPE_RSA_ENC) { DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, RSA type not supported"); return -EFAULT; } else if (encDek->type == DEK_TYPE_DH_ENC) { #ifdef CONFIG_PUB_CRYPTO if(SDPK_Dpri[key_arr_idx].len > 0) { if(dh_decryptEDEK(encDek, plainDek, &SDPK_Dpri[key_arr_idx])){ DEK_LOGE("dh_decryptEDEK failed"); return -1; } }else{ DEK_LOGE("SDPK_Dpri for id: %d\n", userid); dek_add_to_log(userid, "encrypt failed, no SDPK_Dpri"); return -EIO; } #else DEK_LOGE("Not supported key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, DH type not supported"); return -EOPNOTSUPP; #endif } else { DEK_LOGE("Unsupported decrypt key type: %d\n", encDek->type); dek_add_to_log(userid, "decrypt failed, unsupported key type"); return -EFAULT; } if (plainDek->len <= 0 || plainDek->len > DEK_LEN) { DEK_LOGE("dek_decrypt_dek, incorrect len=%d\n", plainDek->len); zero_out((char *)plainDek, sizeof(dek_t)); return -EFAULT; } else { #if DEK_DEBUG DEK_LOGD("plainDek to user: "); dump(plainDek->buf, plainDek->len); #endif } return 0; }