summaryrefslogtreecommitdiff
path: root/srcs/crypto_service.c
diff options
context:
space:
mode:
Diffstat (limited to 'srcs/crypto_service.c')
-rw-r--r--srcs/crypto_service.c195
1 files changed, 44 insertions, 151 deletions
diff --git a/srcs/crypto_service.c b/srcs/crypto_service.c
index c28c0cd..dcc172e 100644
--- a/srcs/crypto_service.c
+++ b/srcs/crypto_service.c
@@ -35,6 +35,11 @@
#include "wae_log.h"
#define AES_256_KEY_SIZE 32
+#define KEK_IV_LEN 16
+#define PBKDF2_ITERATION 1024
+
+
+crypto_element_s *dek_kek = NULL;
static bool __initialized = false;
@@ -47,186 +52,74 @@ void _initialize()
}
}
-int encrypt_app_dek(const raw_buffer_s *pubkey, const raw_buffer_s *dek,
- raw_buffer_s **pencrypted_dek)
+int _generate_dek_kek()
{
- if (!is_buffer_valid(pubkey) || !is_buffer_valid(dek) || pencrypted_dek == NULL)
- return WAE_ERROR_INVALID_PARAMETER;
-
int ret = WAE_ERROR_NONE;
- EVP_PKEY *key = NULL;
- EVP_PKEY_CTX *ctx = NULL;
- raw_buffer_s *encrypted_dek = NULL;
- size_t len = 0;
-
- _initialize();
-
- BIO *bio = BIO_new(BIO_s_mem());
- BIO_write(bio, pubkey->buf, pubkey->size);
- key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
-
- if (key == NULL) {
- BIO_reset(bio);
- BIO_write(bio, pubkey->buf, pubkey->size);
- key = d2i_PUBKEY_bio(bio, NULL);
- }
-
- if (key == NULL) {
- ret = WAE_ERROR_FILE;
- WAE_SLOGE("Failt to convert to public key.");
- goto error;
- }
-
- ctx = EVP_PKEY_CTX_new(key, NULL);
-
- if (ctx == NULL) {
- WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_CTX_new failed");
- ret = WAE_ERROR_CRYPTO;
- goto error;
- }
+ raw_buffer_s *kek = NULL;
+ raw_buffer_s *iv = NULL;
- if (EVP_PKEY_encrypt_init(ctx) <= 0) {
- WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt_init failed");
- ret = WAE_ERROR_CRYPTO;
- goto error;
- }
-
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) {
- WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_CTX_set_rsa_padding failed");
- ret = WAE_ERROR_CRYPTO;
- goto error;
- }
-
- /* Determine buffer length */
- if (EVP_PKEY_encrypt(ctx, NULL, &len, dek->buf, dek->size) <= 0) {
- WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed");
- ret = WAE_ERROR_CRYPTO;
+ kek = buffer_create(AES_256_KEY_SIZE);
+ if (kek == NULL) {
+ ret = WAE_ERROR_MEMORY;
goto error;
}
-
- if ((encrypted_dek = buffer_create(len)) == NULL) {
- WAE_SLOGE("Encrypt APP DEK Failed. OPENSSL_malloc failed");
+ iv = buffer_create(KEK_IV_LEN);
+ if (iv == NULL) {
ret = WAE_ERROR_MEMORY;
goto error;
}
- if (EVP_PKEY_encrypt(ctx, encrypted_dek->buf, &encrypted_dek->size, dek->buf,
- dek->size) <= 0) {
- WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed");
+ ret = PKCS5_PBKDF2_HMAC_SHA1(
+ DEK_KEK_SEED, -1,
+ NULL, 0,
+ PBKDF2_ITERATION,
+ AES_256_KEY_SIZE,
+ kek->buf);
+ if (ret == 0) {
ret = WAE_ERROR_CRYPTO;
goto error;
+ } else {
+ ret = WAE_ERROR_NONE;
}
- *pencrypted_dek = encrypted_dek;
-
+ dek_kek = crypto_element_create(kek, iv);
error:
- if (bio != NULL)
- BIO_free(bio);
-
- if (key != NULL)
- EVP_PKEY_free(key);
-
- if (ctx != NULL)
- EVP_PKEY_CTX_free(ctx);
-
- if (ret != WAE_ERROR_NONE)
- buffer_destroy(encrypted_dek);
+ if (ret != WAE_ERROR_NONE) {
+ if (kek != NULL)
+ buffer_destroy(kek);
+ if (iv != NULL)
+ buffer_destroy(iv);
+ }
return ret;
}
-int decrypt_app_dek(const raw_buffer_s *prikey, const char *prikey_pass,
- const raw_buffer_s *encrypted_dek, raw_buffer_s **pdek)
+int encrypt_preloaded_app_dek(const raw_buffer_s *dek, raw_buffer_s **pencrypted_dek)
{
- if (!is_buffer_valid(prikey) || !is_buffer_valid(encrypted_dek) || pdek == NULL)
- return WAE_ERROR_INVALID_PARAMETER;
-
int ret = WAE_ERROR_NONE;
- EVP_PKEY_CTX *ctx = NULL;
- raw_buffer_s *dek = NULL;
- size_t len = 0;
-
- _initialize();
- BIO *bio = BIO_new(BIO_s_mem());
- if (bio == NULL)
- return WAE_ERROR_MEMORY;
-
- BIO_write(bio, prikey->buf, prikey->size);
- EVP_PKEY *key = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void *)prikey_pass);
-
- if (key == NULL) {
- BIO_reset(bio);
- BIO_write(bio, prikey->buf, prikey->size);
- key = d2i_PrivateKey_bio(bio, NULL);
- }
-
- if (key == NULL) {
- ret = WAE_ERROR_FILE;
- WAE_SLOGE("Failed to convert to public key.");
- goto error;
- }
-
- ctx = EVP_PKEY_CTX_new(key, NULL);
-
- if (ctx == NULL) {
- WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_CTX_new failed");
- ret = WAE_ERROR_CRYPTO;
- goto error;
+ if (dek_kek == NULL) {
+ ret = _generate_dek_kek();
+ if (ret != WAE_ERROR_NONE)
+ return ret;
}
- if (EVP_PKEY_decrypt_init(ctx) <= 0) {
- WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt_init failed");
- ret = WAE_ERROR_CRYPTO;
- goto error;
- }
-
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) {
- WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_CTX_set_rsa_padding failed");
- ret = WAE_ERROR_CRYPTO;
- goto error;
- }
-
- /* Determine buffer length */
- if (EVP_PKEY_decrypt(ctx, NULL, &len, encrypted_dek->buf, encrypted_dek->size) <= 0) {
- WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt failed");
- ret = WAE_ERROR_CRYPTO;
- goto error;
- }
+ return encrypt_aes_cbc(dek_kek, dek, pencrypted_dek);
+}
- dek = buffer_create(len);
- if (dek == NULL) {
- WAE_SLOGE("Decrypt APP DEK Failed. OPENSSL_malloc failed");
- ret = WAE_ERROR_MEMORY;
- goto error;
- }
+int decrypt_preloaded_app_dek(const raw_buffer_s *encrypted_dek, raw_buffer_s **pdek)
+{
+ int ret = WAE_ERROR_NONE;
- if (EVP_PKEY_decrypt(ctx, dek->buf, &dek->size, encrypted_dek->buf,
- encrypted_dek->size) <= 0) {
- WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_decrypt failed");
- ret = WAE_ERROR_CRYPTO;
- goto error;
+ if (dek_kek == NULL) {
+ ret = _generate_dek_kek();
+ if (ret != WAE_ERROR_NONE)
+ return ret;
}
- *pdek = dek;
-
-error:
- if (bio != NULL)
- BIO_free(bio);
-
- if (key != NULL)
- EVP_PKEY_free(key);
-
- if (ctx != NULL)
- EVP_PKEY_CTX_free(ctx);
-
- if (ret != WAE_ERROR_NONE)
- buffer_destroy(dek);
-
- return ret;
+ return decrypt_aes_cbc(dek_kek, encrypted_dek, pdek);
}
-
int encrypt_aes_cbc(const crypto_element_s *ce, const raw_buffer_s *data,
raw_buffer_s **pencrypted_data)
{