1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2019, Linaro Limited 4 */ 5 6 #include <crypto/crypto.h> 7 #include <kernel/tee_common_otp.h> 8 #include <string_ext.h> 9 #include <tee/tee_ta_enc_manager.h> 10 #include <trace.h> 11 12 TEE_Result tee_ta_decrypt_init(void **enc_ctx, struct shdr_encrypted_ta *ehdr, 13 size_t len) 14 { 15 TEE_Result res = TEE_SUCCESS; 16 uint8_t key[TEE_TA_ENC_KEY_SIZE] = {0}; 17 18 res = crypto_authenc_alloc_ctx(enc_ctx, ehdr->enc_algo); 19 if (res != TEE_SUCCESS) 20 return res; 21 22 res = tee_otp_get_ta_enc_key(ehdr->flags & SHDR_ENC_KEY_TYPE_MASK, 23 key, sizeof(key)); 24 if (res != TEE_SUCCESS) 25 goto out_init; 26 27 res = crypto_authenc_init(*enc_ctx, TEE_MODE_DECRYPT, key, sizeof(key), 28 SHDR_ENC_GET_IV(ehdr), ehdr->iv_size, 29 ehdr->tag_size, 0, len); 30 31 out_init: 32 if (res != TEE_SUCCESS) 33 crypto_authenc_free_ctx(*enc_ctx); 34 35 memzero_explicit(key, sizeof(key)); 36 return res; 37 } 38 39 TEE_Result tee_ta_decrypt_update(void *enc_ctx, uint8_t *dst, uint8_t *src, 40 size_t len) 41 { 42 TEE_Result res = TEE_SUCCESS; 43 size_t dlen = len; 44 45 res = crypto_authenc_update_payload(enc_ctx, TEE_MODE_DECRYPT, src, len, 46 dst, &dlen); 47 if (res != TEE_SUCCESS) 48 crypto_authenc_free_ctx(enc_ctx); 49 50 return res; 51 } 52 53 TEE_Result tee_ta_decrypt_final(void *enc_ctx, struct shdr_encrypted_ta *ehdr, 54 uint8_t *dst, uint8_t *src, size_t len) 55 { 56 TEE_Result res = TEE_SUCCESS; 57 size_t dlen = len; 58 59 res = crypto_authenc_dec_final(enc_ctx, src, len, dst, &dlen, 60 SHDR_ENC_GET_TAG(ehdr), ehdr->tag_size); 61 62 crypto_authenc_free_ctx(enc_ctx); 63 64 return res; 65 } 66