1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12 #include <openssl/aes.h>
13 #include <securec.h>
14 #include <tee_log.h>
15 #include "crypto_wrapper.h"
16
17 #define AES_KEY_128 16
18 #define AES_KEY_256 32
19 #define BYTE_TO_BIT 8
20 #define MIN_IV_LEN 8
21
aes_key_wrap(struct cdrm_params * params)22 TEE_Result aes_key_wrap(struct cdrm_params *params)
23 {
24 AES_KEY aes_key = { { 0 }, 0 };
25
26 bool check = ((params == NULL) ||
27 (params->pkey == NULL) || (params->input_buffer == NULL) ||
28 (params->output_buffer == NULL) || (params->output_len == NULL) ||
29 ((params->pkey_len != AES_KEY_128) && (params->pkey_len != AES_KEY_256)));
30 if (check) {
31 tloge("input buffer is invalid");
32 return TEE_ERROR_BAD_PARAMETERS;
33 }
34 if ((params->iv != NULL) && (params->iv_len < MIN_IV_LEN)) {
35 tloge("iv is not NULL but iv len is invalid\n");
36 return TEE_ERROR_GENERIC;
37 }
38
39 int32_t rc = AES_set_encrypt_key(params->pkey, params->pkey_len * BYTE_TO_BIT, &aes_key);
40 if (rc != 0) {
41 tloge("set KEK error, rc = %d\n", rc);
42 return TEE_ERROR_GENERIC;
43 }
44
45 rc = AES_wrap_key(&aes_key, params->iv, params->output_buffer, params->input_buffer, params->input_len);
46 (void)memset_s(&aes_key, sizeof(aes_key), 0, sizeof(aes_key));
47 if (rc == -1) {
48 tloge("do aes wrap key failed\n");
49 return TEE_ERROR_GENERIC;
50 }
51 *(params->output_len) = rc;
52 return TEE_SUCCESS;
53 }
54
aes_key_unwrap(struct cdrm_params * params)55 TEE_Result aes_key_unwrap(struct cdrm_params *params)
56 {
57 bool check = ((params == NULL) || (params->pkey == NULL) ||
58 ((params->pkey_len != AES_KEY_128) && (params->pkey_len != AES_KEY_256)) ||
59 (params->input_buffer == NULL) || (params->output_buffer == NULL) || (params->output_len == NULL));
60 if (check) {
61 tloge("input is invalid");
62 return TEE_ERROR_BAD_PARAMETERS;
63 }
64 if ((params->iv != NULL) && (params->iv_len < MIN_IV_LEN)) {
65 tloge("iv is not NULL but iv len is invalid\n");
66 return TEE_ERROR_GENERIC;
67 }
68
69 AES_KEY aes_key = { { 0 }, 0 };
70 int32_t rc = AES_set_decrypt_key(params->pkey, params->pkey_len * BYTE_TO_BIT, &aes_key);
71 if (rc != 0) {
72 tloge("set KEK error, rc = %d\n", rc);
73 return TEE_ERROR_GENERIC;
74 }
75
76 rc = AES_unwrap_key(&aes_key, params->iv, params->output_buffer, params->input_buffer, params->input_len);
77 (void)memset_s(&aes_key, sizeof(aes_key), 0, sizeof(aes_key));
78 if (rc == -1) {
79 tloge("do aes unwrap key failed\n");
80 return TEE_ERROR_GENERIC;
81 }
82 *(params->output_len) = rc;
83 return TEE_SUCCESS;
84 }
85