From 366f8a64fb58cc4fc1d4e5be56257e843d13ff7f Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Wed, 15 Feb 2017 15:26:32 +0100 Subject: core: provide tee_fs_fek_crypt() FS key manager provides tee_fs_fek_crypt(). Reviewed-by: Jerome Forissier Signed-off-by: Jens Wiklander --- core/include/tee/tee_fs_key_manager.h | 6 ++++++ core/tee/tee_fs_key_manager.c | 27 +++++++++++++-------------- 2 files changed, 19 insertions(+), 14 deletions(-) (limited to 'core') diff --git a/core/include/tee/tee_fs_key_manager.h b/core/include/tee/tee_fs_key_manager.h index 7f26d262..d25c9165 100644 --- a/core/include/tee/tee_fs_key_manager.h +++ b/core/include/tee/tee_fs_key_manager.h @@ -91,4 +91,10 @@ TEE_Result tee_fs_decrypt_file(enum tee_fs_file_type file_type, TEE_Result tee_fs_crypt_block(uint8_t *out, const uint8_t *in, size_t size, uint16_t blk_idx, const uint8_t *encrypted_fek, TEE_OperationMode mode); + + + +TEE_Result tee_fs_fek_crypt(TEE_OperationMode mode, const uint8_t *in_key, + size_t size, uint8_t *out_key); + #endif diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c index c827cef6..f59dc062 100644 --- a/core/tee/tee_fs_key_manager.c +++ b/core/tee/tee_fs_key_manager.c @@ -109,17 +109,17 @@ exit: return res; } -static TEE_Result fek_crypt(TEE_OperationMode mode, - uint8_t *key, int size) +TEE_Result tee_fs_fek_crypt(TEE_OperationMode mode, const uint8_t *in_key, + size_t size, uint8_t *out_key) { TEE_Result res; uint8_t *ctx = NULL; size_t ctx_size; uint8_t tsk[TEE_FS_KM_TSK_SIZE]; - uint8_t dst_key[TEE_FS_KM_FEK_SIZE]; + uint8_t dst_key[size]; struct tee_ta_session *sess; - if (!key) + if (!in_key || !out_key) return TEE_ERROR_BAD_PARAMETERS; if (size != TEE_FS_KM_FEK_SIZE) @@ -151,13 +151,13 @@ static TEE_Result fek_crypt(TEE_OperationMode mode, goto exit; res = crypto_ops.cipher.update(ctx, TEE_FS_KM_ENC_FEK_ALG, - mode, true, key, size, dst_key); + mode, true, in_key, size, dst_key); if (res != TEE_SUCCESS) goto exit; crypto_ops.cipher.final(ctx, TEE_FS_KM_ENC_FEK_ALG); - memcpy(key, dst_key, sizeof(dst_key)); + memcpy(out_key, dst_key, sizeof(dst_key)); exit: free(ctx); @@ -303,8 +303,7 @@ TEE_Result tee_fs_generate_fek(uint8_t *buf, int buf_size) if (res != TEE_SUCCESS) return res; - return fek_crypt(TEE_MODE_ENCRYPT, buf, - TEE_FS_KM_FEK_SIZE); + return tee_fs_fek_crypt(TEE_MODE_ENCRYPT, buf, TEE_FS_KM_FEK_SIZE, buf); } TEE_Result tee_fs_encrypt_file(enum tee_fs_file_type file_type, @@ -341,8 +340,8 @@ TEE_Result tee_fs_encrypt_file(enum tee_fs_file_type file_type, if (res != TEE_SUCCESS) goto fail; - memcpy(fek, encrypted_fek, TEE_FS_KM_FEK_SIZE); - res = fek_crypt(TEE_MODE_DECRYPT, fek, TEE_FS_KM_FEK_SIZE); + res = tee_fs_fek_crypt(TEE_MODE_DECRYPT, encrypted_fek, + TEE_FS_KM_FEK_SIZE, fek); if (res != TEE_SUCCESS) goto fail; @@ -405,8 +404,8 @@ TEE_Result tee_fs_decrypt_file(enum tee_fs_file_type file_type, km_hdr.tag = hdr->common.tag; } - memcpy(fek, km_hdr.aad.encrypted_key, TEE_FS_KM_FEK_SIZE); - res = fek_crypt(TEE_MODE_DECRYPT, fek, TEE_FS_KM_FEK_SIZE); + res = tee_fs_fek_crypt(TEE_MODE_DECRYPT, km_hdr.aad.encrypted_key, + TEE_FS_KM_FEK_SIZE, fek); if (res != TEE_SUCCESS) { EMSG("Failed to decrypt FEK, res=0x%x", res); return res; @@ -518,8 +517,8 @@ TEE_Result tee_fs_crypt_block(uint8_t *out, const uint8_t *in, size_t size, blk_idx); /* Decrypt FEK */ - memcpy(fek, encrypted_fek, TEE_FS_KM_FEK_SIZE); - res = fek_crypt(TEE_MODE_DECRYPT, fek, TEE_FS_KM_FEK_SIZE); + res = tee_fs_fek_crypt(TEE_MODE_DECRYPT, encrypted_fek, + TEE_FS_KM_FEK_SIZE, fek); if (res != TEE_SUCCESS) return res; -- cgit v1.2.3