1*e1afc439SSumit Garg // SPDX-License-Identifier: BSD-2-Clause
2*e1afc439SSumit Garg /*
3*e1afc439SSumit Garg * Copyright (c) 2019, Linaro Limited
4*e1afc439SSumit Garg */
5*e1afc439SSumit Garg
6*e1afc439SSumit Garg #include <crypto/crypto.h>
7*e1afc439SSumit Garg #include <kernel/tee_common_otp.h>
8*e1afc439SSumit Garg #include <string_ext.h>
9*e1afc439SSumit Garg #include <tee/tee_ta_enc_manager.h>
10*e1afc439SSumit Garg #include <trace.h>
11*e1afc439SSumit Garg
tee_ta_decrypt_init(void ** enc_ctx,struct shdr_encrypted_ta * ehdr,size_t len)12*e1afc439SSumit Garg TEE_Result tee_ta_decrypt_init(void **enc_ctx, struct shdr_encrypted_ta *ehdr,
13*e1afc439SSumit Garg size_t len)
14*e1afc439SSumit Garg {
15*e1afc439SSumit Garg TEE_Result res = TEE_SUCCESS;
16*e1afc439SSumit Garg uint8_t key[TEE_TA_ENC_KEY_SIZE] = {0};
17*e1afc439SSumit Garg
18*e1afc439SSumit Garg res = crypto_authenc_alloc_ctx(enc_ctx, ehdr->enc_algo);
19*e1afc439SSumit Garg if (res != TEE_SUCCESS)
20*e1afc439SSumit Garg return res;
21*e1afc439SSumit Garg
22*e1afc439SSumit Garg res = tee_otp_get_ta_enc_key(ehdr->flags & SHDR_ENC_KEY_TYPE_MASK,
23*e1afc439SSumit Garg key, sizeof(key));
24*e1afc439SSumit Garg if (res != TEE_SUCCESS)
25*e1afc439SSumit Garg goto out_init;
26*e1afc439SSumit Garg
27*e1afc439SSumit Garg res = crypto_authenc_init(*enc_ctx, TEE_MODE_DECRYPT, key, sizeof(key),
28*e1afc439SSumit Garg SHDR_ENC_GET_IV(ehdr), ehdr->iv_size,
29*e1afc439SSumit Garg ehdr->tag_size, 0, len);
30*e1afc439SSumit Garg
31*e1afc439SSumit Garg out_init:
32*e1afc439SSumit Garg if (res != TEE_SUCCESS)
33*e1afc439SSumit Garg crypto_authenc_free_ctx(*enc_ctx);
34*e1afc439SSumit Garg
35*e1afc439SSumit Garg memzero_explicit(key, sizeof(key));
36*e1afc439SSumit Garg return res;
37*e1afc439SSumit Garg }
38*e1afc439SSumit Garg
tee_ta_decrypt_update(void * enc_ctx,uint8_t * dst,uint8_t * src,size_t len)39*e1afc439SSumit Garg TEE_Result tee_ta_decrypt_update(void *enc_ctx, uint8_t *dst, uint8_t *src,
40*e1afc439SSumit Garg size_t len)
41*e1afc439SSumit Garg {
42*e1afc439SSumit Garg TEE_Result res = TEE_SUCCESS;
43*e1afc439SSumit Garg size_t dlen = len;
44*e1afc439SSumit Garg
45*e1afc439SSumit Garg res = crypto_authenc_update_payload(enc_ctx, TEE_MODE_DECRYPT, src, len,
46*e1afc439SSumit Garg dst, &dlen);
47*e1afc439SSumit Garg if (res != TEE_SUCCESS)
48*e1afc439SSumit Garg crypto_authenc_free_ctx(enc_ctx);
49*e1afc439SSumit Garg
50*e1afc439SSumit Garg return res;
51*e1afc439SSumit Garg }
52*e1afc439SSumit Garg
tee_ta_decrypt_final(void * enc_ctx,struct shdr_encrypted_ta * ehdr,uint8_t * dst,uint8_t * src,size_t len)53*e1afc439SSumit Garg TEE_Result tee_ta_decrypt_final(void *enc_ctx, struct shdr_encrypted_ta *ehdr,
54*e1afc439SSumit Garg uint8_t *dst, uint8_t *src, size_t len)
55*e1afc439SSumit Garg {
56*e1afc439SSumit Garg TEE_Result res = TEE_SUCCESS;
57*e1afc439SSumit Garg size_t dlen = len;
58*e1afc439SSumit Garg
59*e1afc439SSumit Garg res = crypto_authenc_dec_final(enc_ctx, src, len, dst, &dlen,
60*e1afc439SSumit Garg SHDR_ENC_GET_TAG(ehdr), ehdr->tag_size);
61*e1afc439SSumit Garg
62*e1afc439SSumit Garg crypto_authenc_free_ctx(enc_ctx);
63*e1afc439SSumit Garg
64*e1afc439SSumit Garg return res;
65*e1afc439SSumit Garg }
66