• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2020-2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21 
22 #include "hks_mbedtls_common.h"
23 
24 #include <mbedtls/entropy.h>
25 #include <mbedtls/md.h>
26 
27 #include "hks_log.h"
28 #include "hks_template.h"
29 
30 #ifndef _HARDWARE_ROOT_KEY_
31 #include "hks_rkc.h"
32 #endif
33 
34 /* the custom data of random seed */
35 const unsigned char g_hksRandomSeedCustom[] = {
36     /* H     K     S */
37     0x48, 0x4B, 0x53
38 };
39 
HksToMbedtlsDigestAlg(const uint32_t hksAlg,uint32_t * mbedtlsAlg)40 int32_t HksToMbedtlsDigestAlg(const uint32_t hksAlg, uint32_t *mbedtlsAlg)
41 {
42     switch (hksAlg) {
43         case HKS_DIGEST_MD5:
44             *mbedtlsAlg = MBEDTLS_MD_MD5;
45             break;
46         case HKS_DIGEST_SHA1:
47             *mbedtlsAlg = MBEDTLS_MD_SHA1;
48             break;
49         case HKS_DIGEST_SHA224:
50             *mbedtlsAlg = MBEDTLS_MD_SHA224;
51             break;
52         case HKS_DIGEST_SHA256:
53             *mbedtlsAlg = MBEDTLS_MD_SHA256;
54             break;
55         case HKS_DIGEST_SHA384:
56             *mbedtlsAlg = MBEDTLS_MD_SHA384;
57             break;
58         case HKS_DIGEST_SHA512:
59             *mbedtlsAlg = MBEDTLS_MD_SHA512;
60             break;
61         case HKS_DIGEST_NONE:
62             *mbedtlsAlg = MBEDTLS_MD_NONE;
63             break;
64         default:
65             HKS_LOG_E("Unsupported digest algorithm! digestAlg: 0x%" LOG_PUBLIC "X", hksAlg);
66             return HKS_ERROR_INVALID_DIGEST;
67     }
68     return HKS_SUCCESS;
69 }
70 
HksCtrDrbgSeed(mbedtls_ctr_drbg_context * ctrDrbg,mbedtls_entropy_context * entropy)71 int32_t HksCtrDrbgSeed(mbedtls_ctr_drbg_context *ctrDrbg, mbedtls_entropy_context *entropy)
72 {
73     mbedtls_ctr_drbg_init(ctrDrbg);
74     mbedtls_entropy_init(entropy);
75 
76     /* use the g_hksRandomSeedCustom without string terminator */
77     int32_t ret = mbedtls_ctr_drbg_seed(ctrDrbg, mbedtls_entropy_func,
78         entropy, g_hksRandomSeedCustom, sizeof(g_hksRandomSeedCustom));
79     if (ret != HKS_MBEDTLS_SUCCESS) {
80         HKS_LOG_E("Ctr drbg seed failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
81         mbedtls_ctr_drbg_free(ctrDrbg);
82         mbedtls_entropy_free(entropy);
83         return ret;
84     }
85 
86     return HKS_SUCCESS;
87 }
88 
HksMbedtlsFillRandom(struct HksBlob * randomData)89 int32_t HksMbedtlsFillRandom(struct HksBlob *randomData)
90 {
91     mbedtls_entropy_context entropy;
92     mbedtls_ctr_drbg_context ctrDrbg;
93     (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
94     (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
95     int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
96     HKS_IF_NOT_SUCC_RETURN(ret, ret)
97 
98     do {
99         ret = mbedtls_ctr_drbg_random(&ctrDrbg, randomData->data, randomData->size);
100         if (ret != HKS_MBEDTLS_SUCCESS) {
101             HKS_LOG_E("Mbedtls random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
102             (void)memset_s(randomData->data, randomData->size, 0, randomData->size);
103         }
104     } while (0);
105 
106     mbedtls_ctr_drbg_free(&ctrDrbg);
107     mbedtls_entropy_free(&entropy);
108     return ret;
109 }
110 
HksMbedtlsGetMainKey(const struct HksBlob * message,struct HksBlob * mainKey)111 int32_t HksMbedtlsGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey)
112 {
113     (void)message;
114 
115 #ifndef _HARDWARE_ROOT_KEY_
116     return HksRkcGetMainKey(mainKey);
117 #else
118     /*
119     * Currently, root key is implemented using stubs.
120     * Product adaptation needs to be performed based on hardware capabilities.
121     */
122     uint8_t stubBuf[] = {
123         0x0c, 0xb4, 0x29, 0x39, 0xb7, 0x46, 0xa6, 0x4b,
124         0xdd, 0xf3, 0x75, 0x4c, 0xe0, 0x73, 0x91, 0x51,
125         0xc4, 0x88, 0xbe, 0xa4, 0xe1, 0x87, 0xb5, 0x42,
126         0x06, 0x27, 0x08, 0x21, 0xe2, 0x8f, 0x9b, 0xc1,
127     };
128 
129     if (memcpy_s(mainKey->data, mainKey->size, stubBuf, sizeof(stubBuf)) != EOK) {
130         HKS_LOG_E("memcpy failed, get stub main key failed");
131         return HKS_ERROR_INSUFFICIENT_MEMORY;
132     }
133     return HKS_SUCCESS;
134 #endif
135 }