#include <hal/hal-common-interface.h>
#include <hal/hal-security-keys-interface.h>
#include <hal/hal-security-keys-types.h>
+#include <openssl/aes.h>
#include <tee_client_api.h>
#include "crypto-params.h"
// Identifier of our key-manager TA
const TEEC_UUID KEY_MANAGER_TA_UUID = KM_TA_UUID;
+static unsigned char* DBP_KEY = NULL;
+
tz_algo_type to_tz_algo_type(hal_security_keys_algo_type_e type)
{
switch (type) {
EXCEPTION_GUARD_END
}
+int security_keys_create_key_dbp(const bool destroy_old)
+{
+ EXCEPTION_GUARD_START
+
+ if (!destroy_old && DBP_KEY)
+ return HAL_SECURITY_KEYS_ERROR_NOT_PERMITTED;
+
+ if (!DBP_KEY) {
+ DBP_KEY = (unsigned char*)calloc(Params::DBP_KEY_SIZE, sizeof(unsigned char));
+ if (!DBP_KEY)
+ return HAL_SECURITY_KEYS_ERROR_OUT_OF_MEMORY;
+ } else {
+ memset(DBP_KEY, 0, Params::DBP_KEY_SIZE);
+ }
+
+ memset(DBP_KEY, 1, Params::DBP_KEY_SIZE);
+
+ return 0;
+
+ EXCEPTION_GUARD_END
+}
+
+int security_keys_encrypt_data_dbp(const hal_security_keys_dbp_scheme_version_e dbp_scheme_version,
+ const hal_security_keys_data_s data,
+ const hal_security_keys_data_s iv,
+ hal_security_keys_data_s* out)
+{
+ EXCEPTION_GUARD_START
+
+ if (dbp_scheme_version != HAL_SECURITY_KEYS_DBP_SCHEME_VERSION_1)
+ return HAL_SECURITY_KEYS_ERROR_INVALID_PARAMETER;
+
+ if (!DBP_KEY)
+ return HAL_SECURITY_KEYS_ERROR_NO_KEY;
+
+ if (!data.buffer || data.length == 0 || data.length % AES_BLOCK_SIZE != 0 ||
+ !iv.buffer || iv.length != AES_BLOCK_SIZE)
+ return HAL_SECURITY_KEYS_ERROR_INVALID_PARAMETER;
+
+ AES_KEY aes_key;
+ int ret = AES_set_encrypt_key(DBP_KEY, Params::DBP_KEY_SIZE * 8, &aes_key);
+ if (ret != 0) {
+ LOGE("Failed setting AES encryption key: " << ret);
+ return HAL_SECURITY_KEYS_ERROR_INTERNAL_ERROR;
+ }
+
+ unsigned char* iv_temp = (unsigned char*)malloc(iv.length);
+ if (!iv_temp)
+ return HAL_SECURITY_KEYS_ERROR_OUT_OF_MEMORY;
+ memcpy(iv_temp, iv.buffer, iv.length);
+
+ out->buffer = (unsigned char*)malloc(data.length);
+ if (!(out->buffer)) {
+ free(iv_temp);
+ return HAL_SECURITY_KEYS_ERROR_OUT_OF_MEMORY;
+ }
+ out->length = data.length;
+
+ AES_cbc_encrypt(data.buffer,
+ out->buffer,
+ data.length,
+ &aes_key,
+ iv_temp,
+ AES_ENCRYPT);
+
+ free(iv_temp);
+
+ return 0;
+
+ EXCEPTION_GUARD_END
+}
+
static int security_keys_backend_init(void **data)
{
hal_backend_security_keys_funcs *security_keys_funcs;
security_keys_funcs->derive_kbkdf = security_keys_derive_kbkdf;
security_keys_funcs->derive_hybrid_kbkdf = security_keys_derive_hybrid_kbkdf;
security_keys_funcs->get_max_chunk_size = security_keys_get_max_chunk_size;
+ security_keys_funcs->create_key_dbp = security_keys_create_key_dbp;
+ security_keys_funcs->encrypt_data_dbp = security_keys_encrypt_data_dbp;
return 0;
}
projects / platform / hal / backend / emulator / security-keys.git / commitdiff