static int dek_on_user_added(dek_arg_on_user_added *evt) {
int userid = evt->userid;
int key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
/*
* TODO : lock needed
*/
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
if((evt->SDPK_Rpub.len > KEK_MAX_LEN) ||
(evt->SDPK_Dpub.len > KEK_MAX_LEN)) {
DEK_LOGE("Invalid args\n");
DEK_LOGE("SDPK_Rpub.len : %d\n", evt->SDPK_Rpub.len);
DEK_LOGE("SDPK_Dpub.len : %d\n", evt->SDPK_Dpub.len);
return -EINVAL;
}
memcpy(SDPK_Rpub[key_arr_idx].buf, evt->SDPK_Rpub.buf, evt->SDPK_Rpub.len);
SDPK_Rpub[key_arr_idx].len = evt->SDPK_Rpub.len;
memcpy(SDPK_Dpub[key_arr_idx].buf, evt->SDPK_Dpub.buf, evt->SDPK_Dpub.len);
SDPK_Dpub[key_arr_idx].len = evt->SDPK_Dpub.len;
#if DEK_DEBUG
dump_all_keys(key_arr_idx);
#endif
return 0;
}
static int dek_on_device_unlocked(dek_arg_on_device_unlocked *evt) {
int key_arr_idx = PERSONA_KEY_ARR_IDX(evt->persona_id);
/*
* TODO : lock needed
*/
memcpy(mas_key[key_arr_idx].buf, evt->mas_key.buf, evt->mas_key.len);
mas_key[key_arr_idx].len = evt->mas_key.len;
memcpy(priv_key[key_arr_idx].buf, evt->priv_key.buf, evt->priv_key.len);
priv_key[key_arr_idx].len = evt->priv_key.len;
tfm[key_arr_idx] = dek_aes_key_setup(evt->mas_key.buf, evt->mas_key.len);
if (IS_ERR(tfm[key_arr_idx])) {
printk("dek: error setting up key\n");
dek_add_to_log(evt->persona_id, "error setting up key");
tfm[key_arr_idx] = NULL;
}
#if DEK_DEBUG
dump_all_keys(key_arr_idx);
#endif
return 0;
}
static int dek_on_user_removed(dek_arg_on_user_removed *evt) {
int userid = evt->userid;
int key_arr_idx;
/*
* TODO : lock needed
*/
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
zero_out((char *)&SDPK_sym[key_arr_idx], sizeof(kek_t));
zero_out((char *)&SDPK_Rpub[key_arr_idx], sizeof(kek_t));
zero_out((char *)&SDPK_Rpri[key_arr_idx], sizeof(kek_t));
zero_out((char *)&SDPK_Dpub[key_arr_idx], sizeof(kek_t));
zero_out((char *)&SDPK_Dpri[key_arr_idx], sizeof(kek_t));
zero_out((char *)&SDPK_EDpub[key_arr_idx], sizeof(kek_t));
zero_out((char *)&SDPK_EDpri[key_arr_idx], sizeof(kek_t));
#ifdef CONFIG_SDP_KEY_DUMP
if(get_sdp_sysfs_key_dump()) {
dump_all_keys(key_arr_idx);
}
#endif
dek_aes_key_free(sdp_tfm[key_arr_idx]);
sdp_tfm[key_arr_idx] = NULL;
return 0;
}
int is_kek_available(int userid, int kek_type) {
int ret;
int key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
switch(kek_type) {
case KEK_TYPE_SYM:
if (SDPK_sym[key_arr_idx].len > 0)
ret = 1;
else
ret = 0;
break;
case KEK_TYPE_RSA_PUB:
if (SDPK_Rpub[key_arr_idx].len > 0)
ret = 1;
else
ret = 0;
break;
case KEK_TYPE_RSA_PRIV:
if (SDPK_Rpri[key_arr_idx].len > 0)
ret = 1;
else
ret = 0;
break;
case KEK_TYPE_DH_PUB:
if (SDPK_Dpub[key_arr_idx].len > 0)
ret = 1;
else
ret = 0;
break;
case KEK_TYPE_DH_PRIV:
if (SDPK_Dpri[key_arr_idx].len > 0)
ret = 1;
else
ret = 0;
break;
case KEK_TYPE_ECDH256_PUB:
if (SDPK_EDpub[key_arr_idx].len > 0)
ret = 1;
else
ret = 0;
break;
case KEK_TYPE_ECDH256_PRIV:
if (SDPK_EDpri[key_arr_idx].len > 0)
ret = 1;
else
ret = 0;
break;
default:
printk("%s : unknown kek type:%d\n", __func__, kek_type);
ret = -ENOENT;
break;
}
return ret;
}
static int dek_on_user_added(dek_arg_on_user_added *evt) {
int key_arr_idx = PERSONA_KEY_ARR_IDX(evt->persona_id);
memcpy(pub_key[key_arr_idx].buf, evt->pub_key.buf, evt->pub_key.len);
pub_key[key_arr_idx].len = evt->pub_key.len;
#if DEK_DEBUG
dump_all_keys(key_arr_idx);
#endif
return 0;
}
static int dek_encrypt_dek(int userid, dek_t *plainDek, dek_t *encDek) {
int ret = 0;
int key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
#if DEK_DEBUG
DEK_LOGD("plainDek from user: "******"aes encrypt failed\n");
dek_add_to_log(userid, "aes encrypt failed");
encDek->len = 0;
} else {
encDek->len = plainDek->len;
encDek->type = DEK_TYPE_AES_ENC;
}
} else {
#ifdef CONFIG_PUB_CRYPTO
/*
* Do an asymmetric crypto
*/
if(SDPK_Dpub[key_arr_idx].len > 0) {
ret = dh_encryptDEK(plainDek, encDek, &SDPK_Dpub[key_arr_idx]);
}else{
DEK_LOGE("SDPK_Dpub for id: %d\n", userid);
dek_add_to_log(userid, "encrypt failed, no SDPK_Dpub");
return -EIO;
}
#else
DEK_LOGE("pub crypto not supported : %d\n", userid);
dek_add_to_log(userid, "encrypt failed, no key");
return -EOPNOTSUPP;
#endif
}
if (encDek->len <= 0 || encDek->len > DEK_MAXLEN) {
DEK_LOGE("dek_encrypt_dek, incorrect len=%d\n", encDek->len);
zero_out((char *)encDek, sizeof(dek_t));
return -EFAULT;
}
#if DEK_DEBUG
else {
DEK_LOGD("encDek to user: ");
dump(encDek->buf, encDek->len);
}
#endif
return ret;
}
int dek_is_persona_locked(int userid) {
int key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
if (dek_is_persona(userid)) {
if (sdp_tfm[key_arr_idx] != NULL) {
return 0;
} else {
return 1;
}
} else {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -1;
}
}
static int dek_on_device_locked(dek_arg_on_device_locked *evt) {
int key_arr_idx = PERSONA_KEY_ARR_IDX(evt->persona_id);
dek_aes_key_free(tfm[key_arr_idx]);
tfm[key_arr_idx] = NULL;
memset(&priv_key[key_arr_idx], 0, sizeof(kek));
memset(&mas_key[key_arr_idx], 0, sizeof(kek));
#if DEK_DEBUG
dump_all_keys(key_arr_idx);
#endif
return 0;
}
static int dek_decrypt_dek(int persona_id, dek *encDek, dek *plainDek, int type) {
int key_arr_idx = PERSONA_KEY_ARR_IDX(persona_id);
unsigned int i;
unsigned int bsize;
if (!dek_is_persona(persona_id)) {
return -EFAULT;
}
#if DEK_DEBUG
printk("dek: encDek from user: "******"dek: no master key for id: %d\n", persona_id);
dek_add_to_log(persona_id, "decrypt failed, persona locked");
return -EIO;
}
} else if (type == DEK_RSA_ENC) {
printk("dek: Not supported key type: %d\n", type);
dek_add_to_log(persona_id, "decrypt failed, RSA type not supported");
return -EFAULT;
} else {
printk("dek: wrong decrypt key type: %d\n", type);
dek_add_to_log(persona_id, "decrypt failed, wrong decrypt key type");
return -EFAULT;
}
if (plainDek->len <= 0 || plainDek->len > DEK_DEK_LEN) {
printk("dek: dek_decrypt_dek, incorrect len=%d\n", plainDek->len);
memset(plainDek, 0, sizeof(dek));
return -EFAULT;
} else {
#if DEK_DEBUG
printk("dek: plainDek to user: ");
dump(plainDek->buf, plainDek->len);
#endif
}
return 0;
}
static int dek_on_device_unlocked(dek_arg_on_device_unlocked *evt) {
int userid = evt->userid;
int key_arr_idx;
/*
* TODO : lock needed
*/
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
if((evt->SDPK_sym.len > KEK_MAX_LEN) ||
(evt->SDPK_Rpri.len > KEK_MAX_LEN) ||
(evt->SDPK_Dpri.len > KEK_MAX_LEN) ||
(evt->SDPK_EDpri.len > KEK_MAX_LEN)) {
DEK_LOGE("%s Invalid args\n", __func__);
DEK_LOGE("SDPK_sym.len : %d\n", evt->SDPK_sym.len);
DEK_LOGE("SDPK_Rpri.len : %d\n", evt->SDPK_Rpri.len);
DEK_LOGE("SDPK_Dpri.len : %d\n", evt->SDPK_Dpri.len);
DEK_LOGE("SDPK_EDpri.len : %d\n", evt->SDPK_EDpri.len);
return -EINVAL;
}
copy_kek(&SDPK_Rpri[key_arr_idx], &evt->SDPK_Rpri, KEK_TYPE_RSA_PRIV);
copy_kek(&SDPK_Dpri[key_arr_idx], &evt->SDPK_Dpri, KEK_TYPE_DH_PRIV);
copy_kek(&SDPK_EDpri[key_arr_idx], &evt->SDPK_EDpri, KEK_TYPE_ECDH256_PRIV);
copy_kek(&SDPK_sym[key_arr_idx], &evt->SDPK_sym, KEK_TYPE_SYM);
sdp_tfm[key_arr_idx] = dek_aes_key_setup(evt->SDPK_sym.buf, evt->SDPK_sym.len);
if (IS_ERR(sdp_tfm[key_arr_idx])) {
DEK_LOGE("error setting up key\n");
dek_add_to_log(evt->userid, "error setting up key");
sdp_tfm[key_arr_idx] = NULL;
}
#ifdef CONFIG_SDP_KEY_DUMP
if(get_sdp_sysfs_key_dump()) {
dump_all_keys(key_arr_idx);
}
#endif
return 0;
}
static int dek_on_device_unlocked(dek_arg_on_device_unlocked *evt) {
int userid = evt->userid;
int key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
/*
* TODO : lock needed
*/
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
if((evt->SDPK_sym.len > KEK_MAX_LEN) ||
(evt->SDPK_Rpri.len > KEK_MAX_LEN) ||
(evt->SDPK_Dpri.len > KEK_MAX_LEN)) {
DEK_LOGE("%s Invalid args\n", __func__);
DEK_LOGE("SDPK_Rpub.len : %d\n", evt->SDPK_sym.len);
DEK_LOGE("SDPK_Dpub.len : %d\n", evt->SDPK_Rpri.len);
DEK_LOGE("SDPK_Dpub.len : %d\n", evt->SDPK_Dpri.len);
return -EINVAL;
}
memcpy(SDPK_sym[key_arr_idx].buf, evt->SDPK_sym.buf, evt->SDPK_sym.len);
SDPK_sym[key_arr_idx].len = evt->SDPK_sym.len;
memcpy(SDPK_Rpri[key_arr_idx].buf, evt->SDPK_Rpri.buf, evt->SDPK_Rpri.len);
SDPK_Rpri[key_arr_idx].len = evt->SDPK_Rpri.len;
memcpy(SDPK_Dpri[key_arr_idx].buf, evt->SDPK_Dpri.buf, evt->SDPK_Dpri.len);
SDPK_Dpri[key_arr_idx].len = evt->SDPK_Dpri.len;
sdp_tfm[key_arr_idx] = dek_aes_key_setup(evt->SDPK_sym.buf, evt->SDPK_sym.len);
if (IS_ERR(sdp_tfm[key_arr_idx])) {
DEK_LOGE("error setting up key\n");
dek_add_to_log(evt->userid, "error setting up key");
sdp_tfm[key_arr_idx] = NULL;
}
#if DEK_DEBUG
dump_all_keys(key_arr_idx);
#endif
return 0;
}
static int dek_encrypt_dek(int persona_id, dek *plainDek, dek *encDek) {
int ret = 0;
int key_arr_idx = PERSONA_KEY_ARR_IDX(persona_id);
unsigned int i;
unsigned int bsize;
if (!dek_is_persona(persona_id)) {
return -EFAULT;
}
#if DEK_DEBUG
printk("dek: plainDek from user: "******"dek: no encryption key for id: %d\n", persona_id);
dek_add_to_log(persona_id, "encrypt failed, no key");
return -EIO;
}
if (encDek->len <= 0 || encDek->len > DEK_DEK_ENC_LEN) {
printk("dek: dek_encrypt_dek, incorrect len=%d\n", encDek->len);
memset(encDek, 0, sizeof(dek));
return -EFAULT;
}
#if DEK_DEBUG
else {
printk("dek: encDek to user: ");
dump(encDek->buf, encDek->len);
}
#endif
return ret;
}
static int dek_on_device_locked(dek_arg_on_device_locked *evt) {
int userid = evt->userid;
int key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
dek_aes_key_free(sdp_tfm[key_arr_idx]);
sdp_tfm[key_arr_idx] = NULL;
zero_out((char *)&SDPK_sym[key_arr_idx], sizeof(kek_t));
zero_out((char *)&SDPK_Rpri[key_arr_idx], sizeof(kek_t));
zero_out((char *)&SDPK_Dpri[key_arr_idx], sizeof(kek_t));
ecryptfs_mm_drop_cache(userid);
#if DEK_DEBUG
dump_all_keys(key_arr_idx);
#endif
return 0;
}
static int dek_on_boot(dek_arg_on_boot *evt) {
int ret = 0;
int userid = evt->userid;
int key_arr_idx;
/*
* TODO : lock needed
*/
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
if((evt->SDPK_Rpub.len > KEK_MAX_LEN) ||
(evt->SDPK_Dpub.len > KEK_MAX_LEN) ||
(evt->SDPK_EDpub.len > KEK_MAX_LEN)) {
DEK_LOGE("Invalid args\n");
DEK_LOGE("SDPK_Rpub.len : %d\n", evt->SDPK_Rpub.len);
DEK_LOGE("SDPK_Dpub.len : %d\n", evt->SDPK_Dpub.len);
DEK_LOGE("SDPK_EDpub.len : %d\n", evt->SDPK_EDpub.len);
return -EINVAL;
}
copy_kek(&SDPK_Rpub[key_arr_idx], &evt->SDPK_Rpub, KEK_TYPE_RSA_PUB);
copy_kek(&SDPK_Dpub[key_arr_idx], &evt->SDPK_Dpub, KEK_TYPE_DH_PUB);
copy_kek(&SDPK_EDpub[key_arr_idx], &evt->SDPK_EDpub, KEK_TYPE_ECDH256_PUB);
#ifdef CONFIG_SDP_KEY_DUMP
if(get_sdp_sysfs_key_dump()) {
dump_all_keys(key_arr_idx);
}
#endif
return ret;
}
static long dek_do_ioctl_kek(unsigned int minor, unsigned int cmd,
unsigned long arg) {
long ret = 0;
void __user *ubuf = (void __user *)arg;
int key_arr_idx = 0;
switch (cmd) {
case DEK_GET_ENC_KEK: {
dek_arg_get_enc_kek req;
printk("dek: DEK_GET_ENC_KEK\n");
if(copy_from_user(&req, ubuf, sizeof(req))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
key_arr_idx = PERSONA_KEY_ARR_IDX(req.persona_id);
if (mas_key[key_arr_idx].len > 0) {
memcpy(req.key.buf, mas_key[key_arr_idx].buf, mas_key[key_arr_idx].len);
req.key.len = mas_key[key_arr_idx].len;
req.key.type = TYPE_MAS_KEK;
printk("dek: mas_key len : %d\n", req.key.len);
} else if (pub_key[key_arr_idx].len > 0) {
memcpy(req.key.buf, pub_key[key_arr_idx].buf, pub_key[key_arr_idx].len);
req.key.len = pub_key[key_arr_idx].len;
req.key.type = TYPE_PUB_KEK;
printk("dek: pub_key len : %d\n", req.key.len);
} else {
printk("dek: KEK encryption key not available\n");
ret = -ENXIO;
goto err;
}
if(copy_to_user(ubuf, &req, sizeof(req))) {
printk("dek: can't copy to user\n");
memset(&req, 0, sizeof(dek_arg_get_enc_kek));
ret = -EFAULT;
goto err;
}
memset(&req, 0, sizeof(dek_arg_get_enc_kek));
break;
}
case DEK_GET_DEC_KEK: {
dek_arg_get_dec_kek req;
printk("dek: DEK_GET_DEC_KEK\n");
if(copy_from_user(&req, ubuf, sizeof(req))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
key_arr_idx = PERSONA_KEY_ARR_IDX(req.persona_id);
if (mas_key[key_arr_idx].len > 0) {
memcpy(req.key.buf, mas_key[key_arr_idx].buf, mas_key[key_arr_idx].len);
req.key.len = mas_key[key_arr_idx].len;
req.key.type = TYPE_MAS_KEK;
printk("dek: mas_key len : %d\n", req.key.len);
} else if (priv_key[key_arr_idx].len > 0) {
memcpy(req.key.buf, priv_key[key_arr_idx].buf, priv_key[key_arr_idx].len);
req.key.len = priv_key[key_arr_idx].len;
req.key.type = TYPE_PRIV_KEK;
printk("dek: priv_key len : %d\n", req.key.len);
} else {
printk("dek: KEK decryption key not available\n");
ret = -ENXIO;
goto err;
}
if(copy_to_user(ubuf, &req, sizeof(req))) {
printk("dek: can't copy to user\n");
memset(&req, 0, sizeof(dek_arg_get_dec_kek));
ret = -EFAULT;
goto err;
}
memset(&req, 0, sizeof(dek_arg_get_dec_kek));
break;
}
default:
printk("dek: case default\n");
ret = -EINVAL;
break;
}
return ret;
err:
return ret;
}
static long dek_do_ioctl_kek(unsigned int minor, unsigned int cmd,
unsigned long arg) {
long ret = 0;
void __user *ubuf = (void __user *)arg;
switch (cmd) {
case DEK_GET_KEK: {
dek_arg_get_kek req;
int requested_type = 0;
int userid;
int key_arr_idx;
DEK_LOGD("DEK_GET_KEK\n");
memset(&req, 0, sizeof(dek_arg_get_kek));
if(copy_from_user(&req, ubuf, sizeof(req))) {
DEK_LOGE("can't copy from user kek\n");
ret = -EFAULT;
goto err;
}
userid = req.userid;
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
requested_type = req.kek_type;
req.key.len = 0;
req.key.type = -1;
switch(requested_type) {
case KEK_TYPE_SYM:
if (SDPK_sym[key_arr_idx].len > 0) {
copy_kek(&req.key, &SDPK_sym[key_arr_idx], KEK_TYPE_SYM);
DEK_LOGD("SDPK_sym len : %d\n", req.key.len);
}else{
DEK_LOGE("SDPK_sym not-available\n");
ret = -EIO;
goto err;
}
break;
case KEK_TYPE_RSA_PUB:
if (SDPK_Rpub[key_arr_idx].len > 0) {
copy_kek(&req.key, &SDPK_Rpub[key_arr_idx], KEK_TYPE_RSA_PUB);
DEK_LOGD("SDPK_Rpub len : %d\n", req.key.len);
} else {
DEK_LOGE("SDPK_Rpub not-available\n");
ret = -EIO;
goto err;
}
break;
case KEK_TYPE_RSA_PRIV:
#ifdef CONFIG_SDP_IOCTL_PRIV
if (SDPK_Rpri[key_arr_idx].len > 0) {
copy_kek(&req.key, &SDPK_Rpri[key_arr_idx], KEK_TYPE_RSA_PRIV);
DEK_LOGD("SDPK_Rpri len : %d\n", req.key.len);
} else {
DEK_LOGE("SDPK_Rpri not-available\n");
ret = -EIO;
goto err;
}
#else
DEK_LOGE("SDPK_Rpri not exposed\n");
ret = -EOPNOTSUPP;
goto err;
#endif
break;
case KEK_TYPE_DH_PUB:
if (SDPK_Dpub[key_arr_idx].len > 0) {
copy_kek(&req.key, &SDPK_Dpub[key_arr_idx], KEK_TYPE_DH_PUB);
DEK_LOGD("SDPK_Dpub len : %d\n", req.key.len);
} else {
DEK_LOGE("SDPK_Dpub not-available\n");
ret = -EIO;
goto err;
}
break;
case KEK_TYPE_DH_PRIV:
#ifdef CONFIG_SDP_IOCTL_PRIV
if (SDPK_Dpri[key_arr_idx].len > 0) {
copy_kek(&req.key, &SDPK_Dpri[key_arr_idx], KEK_TYPE_DH_PRIV);
DEK_LOGD("SDPK_Dpri len : %d\n", req.key.len);
} else {
DEK_LOGE("SDPK_Dpri not-available\n");
ret = -EIO;
goto err;
}
#else
DEK_LOGE("SDPK_Dpri not exposed\n");
ret = -EOPNOTSUPP;
goto err;
#endif
break;
case KEK_TYPE_ECDH256_PUB:
if (SDPK_EDpub[key_arr_idx].len > 0) {
copy_kek(&req.key, &SDPK_EDpub[key_arr_idx], KEK_TYPE_ECDH256_PUB);
DEK_LOGD("SDPK_EDpub len : %d\n", req.key.len);
} else {
DEK_LOGE("SDPK_EDpub not-available\n");
ret = -EIO;
goto err;
}
break;
case KEK_TYPE_ECDH256_PRIV:
#ifdef CONFIG_SDP_IOCTL_PRIV
if (SDPK_EDpri[key_arr_idx].len > 0) {
copy_kek(&req.key, &SDPK_EDpub[key_arr_idx], KEK_TYPE_ECDH256_PRIV);
DEK_LOGD("SDPK_EDpri len : %d\n", req.key.len);
} else {
DEK_LOGE("SDPK_EDpri not-available\n");
ret = -EIO;
goto err;
}
#else
DEK_LOGE("SDPK_EDpri not exposed\n");
ret = -EOPNOTSUPP;
goto err;
#endif
break;
default:
DEK_LOGE("invalid key type\n");
ret = -EINVAL;
goto err;
break;
}
if(copy_to_user(ubuf, &req, sizeof(req))) {
DEK_LOGE("can't copy to user kek\n");
zero_out((char *)&req, sizeof(dek_arg_get_kek));
ret = -EFAULT;
goto err;
}
zero_out((char *)&req, sizeof(dek_arg_get_kek));
break;
}
default:
DEK_LOGE("%s case default\n", __func__);
ret = -EINVAL;
break;
}
return ret;
err:
return ret;
}
static int dek_decrypt_dek(int userid, dek_t *encDek, dek_t *plainDek) {
int key_arr_idx;
int dek_type = encDek->type;
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
#if DEK_DEBUG
DEK_LOGD("encDek from user: "******"aes decrypt failed\n");
dek_add_to_log(userid, "aes decrypt failed");
plainDek->len = 0;
} else {
plainDek->len = encDek->len;
plainDek->type = DEK_TYPE_PLAIN;
}
} else {
DEK_LOGE("no SDPK_sym key for id: %d\n", userid);
dek_add_to_log(userid, "decrypt failed, persona locked");
return -EIO;
}
return 0;
}
case DEK_TYPE_RSA_ENC:
{
#ifdef CONFIG_PUB_CRYPTO
if(SDPK_Rpri[key_arr_idx].len > 0) {
if(rsa_decryptByPair(encDek, plainDek, &SDPK_Rpri[key_arr_idx])){
DEK_LOGE("rsa_decryptByPair failed");
return -1;
}
}else{
DEK_LOGE("SDPK_Rpri for id: %d\n", userid);
dek_add_to_log(userid, "encrypt failed, no SDPK_Rpri");
return -EIO;
}
#else
DEK_LOGE("Not supported key type: %d\n", encDek->type);
dek_add_to_log(userid, "decrypt failed, DH type not supported");
return -EOPNOTSUPP;
#endif
return 0;
}
case DEK_TYPE_DH_ENC:
{
#ifdef CONFIG_PUB_CRYPTO
if(SDPK_Dpri[key_arr_idx].len > 0) {
if(dh_decryptEDEK(encDek, plainDek, &SDPK_Dpri[key_arr_idx])){
DEK_LOGE("dh_decryptEDEK failed");
return -1;
}
}else{
DEK_LOGE("SDPK_Dpri for id: %d\n", userid);
dek_add_to_log(userid, "encrypt failed, no SDPK_Dpri");
return -EIO;
}
#else
DEK_LOGE("Not supported key type: %d\n", encDek->type);
dek_add_to_log(userid, "decrypt failed, DH type not supported");
return -EOPNOTSUPP;
#endif
return 0;
}
case DEK_TYPE_ECDH256_ENC:
{
#ifdef CONFIG_PUB_CRYPTO
#if DEK_DEBUG
printk("DEK_TYPE_ECDH256_ENC encDek:"); dek_dump(encDek->buf, encDek->len);
#endif
if(SDPK_EDpri[key_arr_idx].len > 0) {
if(ecdh_decryptEDEK(encDek, plainDek, &SDPK_EDpri[key_arr_idx])){
DEK_LOGE("ecdh_decryptEDEK failed");
return -1;
}
}else{
DEK_LOGE("SDPK_EDpri for id: %d\n", userid);
dek_add_to_log(userid, "encrypt failed, no SDPK_EDpri");
return -EIO;
}
#else
DEK_LOGE("Not supported key type: %d\n", encDek->type);
dek_add_to_log(userid, "decrypt failed, ECDH type not supported");
return -EOPNOTSUPP;
#endif
return 0;
}
default:
{
DEK_LOGE("Unsupported edek type: %d\n", encDek->type);
dek_add_to_log(userid, "decrypt failed, unsupported key type");
return -EFAULT;
}
}
}
static int dek_decrypt_dek(int userid, dek_t *encDek, dek_t *plainDek) {
int key_arr_idx = PERSONA_KEY_ARR_IDX(userid);
if (!dek_is_persona(userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, userid);
return -EFAULT;
}
#if DEK_DEBUG
DEK_LOGD("encDek from user: "******"aes decrypt failed\n");
dek_add_to_log(userid, "aes decrypt failed");
plainDek->len = 0;
} else {
plainDek->len = encDek->len;
plainDek->type = DEK_TYPE_PLAIN;
}
} else {
DEK_LOGE("no SDPK_sym key for id: %d\n", userid);
dek_add_to_log(userid, "decrypt failed, persona locked");
return -EIO;
}
} else if (encDek->type == DEK_TYPE_RSA_ENC) {
DEK_LOGE("Not supported key type: %d\n", encDek->type);
dek_add_to_log(userid, "decrypt failed, RSA type not supported");
return -EFAULT;
} else if (encDek->type == DEK_TYPE_DH_ENC) {
#ifdef CONFIG_PUB_CRYPTO
if(SDPK_Dpri[key_arr_idx].len > 0) {
if(dh_decryptEDEK(encDek, plainDek, &SDPK_Dpri[key_arr_idx])){
DEK_LOGE("dh_decryptEDEK failed");
return -1;
}
}else{
DEK_LOGE("SDPK_Dpri for id: %d\n", userid);
dek_add_to_log(userid, "encrypt failed, no SDPK_Dpri");
return -EIO;
}
#else
DEK_LOGE("Not supported key type: %d\n", encDek->type);
dek_add_to_log(userid, "decrypt failed, DH type not supported");
return -EOPNOTSUPP;
#endif
} else {
DEK_LOGE("Unsupported decrypt key type: %d\n", encDek->type);
dek_add_to_log(userid, "decrypt failed, unsupported key type");
return -EFAULT;
}
if (plainDek->len <= 0 || plainDek->len > DEK_LEN) {
DEK_LOGE("dek_decrypt_dek, incorrect len=%d\n", plainDek->len);
zero_out((char *)plainDek, sizeof(dek_t));
return -EFAULT;
} else {
#if DEK_DEBUG
DEK_LOGD("plainDek to user: ");
dump(plainDek->buf, plainDek->len);
#endif
}
return 0;
}
