1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <stdbool.h>
17 #include "securec.h"
18 #include "attest_error.h"
19 #include "attest_adapter.h"
20 #include "attest_utils.h"
21 #include "attest_utils_log.h"
22 #include "attest_security.h"
23
24 // g_pskKey 和 g_encryptedPsk 是psk的计算因子,通过相关算法获取解码需要的psk。
25 // psk不能直接硬编码,因此设计两个计算因子。
26 uint8_t g_pskKey[BASE64_PSK_LENGTH] = {
27 0x35, 0x4d, 0x36, 0x50, 0x42, 0x79, 0x39, 0x41, 0x71, 0x30, 0x41, 0x76,
28 0x63, 0x56, 0x77, 0x65, 0x49, 0x68, 0x48, 0x46, 0x36, 0x67, 0x3d, 0x3d
29 };
30
31 uint8_t g_encryptedPsk[BASE64_PSK_LENGTH] = {
32 0x74, 0x71, 0x57, 0x2b, 0x56, 0x6d, 0x52, 0x6b, 0x30, 0x67, 0x52, 0x5a,
33 0x48, 0x58, 0x68, 0x78, 0x53, 0x56, 0x58, 0x67, 0x6a, 0x51, 0x3d, 0x3d
34 };
35
Base64Encode(const uint8_t * srcData,size_t srcDataLen,uint8_t * base64Encode,uint16_t base64EncodeLen)36 int32_t Base64Encode(const uint8_t* srcData, size_t srcDataLen, uint8_t* base64Encode, uint16_t base64EncodeLen)
37 {
38 if ((srcData == NULL) || (base64Encode == NULL)) {
39 ATTEST_LOG_ERROR("[Base64Encode] Invalid parameter");
40 return ERR_ATTEST_SECURITY_INVALID_ARG;
41 }
42
43 size_t outLen = 0;
44 int32_t ret = mbedtls_base64_encode(NULL, 0, &outLen, srcData, srcDataLen);
45 if ((outLen == 0) || (outLen > (size_t)(base64EncodeLen + 1))) {
46 ATTEST_LOG_ERROR("[Base64Encode] Base64 encode get outLen failed, outLen = %u, ret = -0x00%x", outLen, -ret);
47 return ERR_ATTEST_SECURITY_BASE64_ENCODE;
48 }
49 uint8_t base64Data[outLen];
50 (void)memset_s(base64Data, sizeof(base64Data), 0, sizeof(base64Data));
51 ret = mbedtls_base64_encode(base64Data, sizeof(base64Data), &outLen, srcData, srcDataLen);
52 if (ret != ATTEST_OK) {
53 ATTEST_LOG_ERROR("[Base64Encode] Base64 encode failed, ret = -0x00%x", -ret);
54 return ERR_ATTEST_SECURITY_BASE64_ENCODE;
55 }
56 ret = memcpy_s(base64Encode, base64EncodeLen, base64Data, outLen);
57 if (ret != ATTEST_OK) {
58 ATTEST_LOG_ERROR("[Base64Encode] memcpy_s base64Data fail");
59 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
60 }
61 return ATTEST_OK;
62 }
63
64
GetSalt(uint8_t * salt,uint32_t saltLen)65 void GetSalt(uint8_t* salt, uint32_t saltLen)
66 {
67 if ((salt == NULL) || (saltLen != SALT_LEN)) {
68 ATTEST_LOG_ERROR("[GetSalt] Invalid parameter");
69 return;
70 }
71
72 const uint8_t randomNumBytes = 4;
73 const uint8_t offsetBits = 8;
74 uint32_t temp = 0;
75 for (uint32_t i = 0; i < saltLen; i++) {
76 if ((i % randomNumBytes) == 0) {
77 temp = (uint32_t)GetRandomNum(); // 生成的随机数为4字节
78 }
79 // temp右移8bits
80 salt[i] = (uint8_t)((temp >> ((i % randomNumBytes) * offsetBits)) & 0xff);
81 if (salt[i] == 0) {
82 salt[i]++;
83 }
84 }
85 }
86
GetPsk(uint8_t psk[],size_t pskLen)87 static int32_t GetPsk(uint8_t psk[], size_t pskLen)
88 {
89 if (pskLen != PSK_LEN) {
90 ATTEST_LOG_ERROR("[GetPsk] Invalid parameter");
91 return ERR_ATTEST_SECURITY_INVALID_ARG;
92 }
93 size_t outLen = 0;
94 (void)mbedtls_base64_decode(NULL, 0, &outLen, g_pskKey, sizeof(g_pskKey));
95 if (outLen != pskLen) {
96 ATTEST_LOG_ERROR("[GetPsk] pskKey base64 decode fail");
97 return ERR_ATTEST_SECURITY_INVALID_ARG;
98 }
99 uint8_t base64PskKey[outLen];
100 (void)memset_s(base64PskKey, sizeof(base64PskKey), 0, sizeof(base64PskKey));
101 int32_t ret = mbedtls_base64_decode(base64PskKey, outLen, &outLen, g_pskKey, sizeof(g_pskKey));
102 if (ret != ATTEST_OK) {
103 ATTEST_LOG_ERROR("[GetPsk] GetPsk Base64Decode base64PskKey failed, ret = %d", ret);
104 return ERR_ATTEST_SECURITY_BASE64_DECODE;
105 }
106 outLen = 0;
107 (void)mbedtls_base64_decode(NULL, 0, &outLen, g_encryptedPsk, sizeof(g_encryptedPsk));
108 if (outLen != pskLen) {
109 ATTEST_LOG_ERROR("[GetPsk] encryptedPsk base64 decode fail");
110 return ERR_ATTEST_SECURITY_INVALID_ARG;
111 }
112 uint8_t base64Psk[outLen];
113 (void)memset_s(base64Psk, sizeof(base64Psk), 0, sizeof(base64Psk));
114 ret = mbedtls_base64_decode(base64Psk, outLen, &outLen, g_encryptedPsk, sizeof(g_encryptedPsk));
115 if (ret != ATTEST_OK) {
116 ATTEST_LOG_ERROR("[GetPsk] GetPsk Base64Decode base64Psk failed, ret = %d", ret);
117 return ERR_ATTEST_SECURITY_BASE64_DECODE;
118 }
119 for (size_t i = 0; i < pskLen; i++) {
120 psk[i] = base64Psk[i] ^ base64PskKey[i];
121 }
122 return ATTEST_OK;
123 }
124
GetProductInfo(const char * version,SecurityParam * productInfoParam)125 static int32_t GetProductInfo(const char* version, SecurityParam* productInfoParam)
126 {
127 if (productInfoParam == NULL) {
128 return ERR_ATTEST_SECURITY_INVALID_ARG;
129 }
130 int32_t ret = AttestGetManufacturekey(productInfoParam->param, MANUFACTUREKEY_LEN);
131 if (ret != ATTEST_OK) {
132 ATTEST_LOG_ERROR("[GetProductInfo] Get AC Key failed, ret = %d", ret);
133 return ret;
134 }
135
136 if (strcmp(version, TOKEN_VER0_0) == 0) { // productInfo = Manufacturekey + productId
137 uint8_t productId[PRODUCT_ID_LEN] = {0};
138 ret = AttestGetProductId(productId, sizeof(productId));
139 if (ret != ATTEST_OK) {
140 ATTEST_LOG_ERROR("[GetProductInfo] Get product id failed, ret = %d", ret);
141 return ret;
142 }
143 if (memcpy_s(productInfoParam->param + MANUFACTUREKEY_LEN, PRODUCT_ID_LEN, productId, PRODUCT_ID_LEN) != 0) {
144 ATTEST_LOG_ERROR("[GetProductInfo] Copy product id failed");
145 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
146 }
147 } else if (strcmp(version, TOKEN_VER1_0) == 0) { // productInfo = Manufacturekey
148 productInfoParam->paramLen = MANUFACTUREKEY_LEN;
149 }
150 return ATTEST_OK;
151 }
152
GetAesKey(const SecurityParam * salt,const VersionData * versionData,const SecurityParam * aesKey)153 int32_t GetAesKey(const SecurityParam* salt, const VersionData* versionData, const SecurityParam* aesKey)
154 {
155 if ((salt == NULL) || (versionData == NULL) || (aesKey == NULL) || (versionData->versionLen == 0)) {
156 ATTEST_LOG_ERROR("[GetAesKey] Invalid parameter");
157 return ERR_ATTEST_SECURITY_INVALID_ARG;
158 }
159
160 uint8_t productInfo[MANUFACTUREKEY_LEN + PRODUCT_ID_LEN] = {0};
161 SecurityParam info = {productInfo, sizeof(productInfo)};
162 int32_t ret = GetProductInfo(versionData->version, &info);
163 if (ret != ATTEST_OK) {
164 ATTEST_LOG_ERROR("[GetAesKey] Get product info failed, ret = %d", ret);
165 return ret;
166 }
167 uint8_t psk[PSK_LEN] = {0};
168 ret = GetPsk(psk, PSK_LEN);
169 if (ret != ATTEST_OK) {
170 ATTEST_LOG_ERROR("[GetAesKey] Get psk failed, ret = %d", ret);
171 return ret;
172 }
173 SecurityParam key = {psk, sizeof(psk)};
174 const mbedtls_md_info_t *mdInfo = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
175 // 导出秘钥
176 ret = mbedtls_hkdf(mdInfo, salt->param, salt->paramLen,
177 key.param, key.paramLen,
178 info.param, info.paramLen,
179 aesKey->param, aesKey->paramLen);
180 if (ret != ATTEST_OK) {
181 ATTEST_LOG_ERROR("[GetAesKey] HKDF derive key failed, ret = -0x%x", -ret);
182 }
183 return ret;
184 }
185
186 // AES-128-CBC-PKCS#7加密
EncryptAesCbc(AesCryptBufferDatas * datas,const uint8_t * aesKey,const char * iv,size_t ivLen)187 static int32_t EncryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey,
188 const char* iv, size_t ivLen)
189 {
190 if ((datas == NULL) || (datas->input == NULL) || (datas->output == NULL) ||
191 (datas->outputLen == NULL) || (aesKey == NULL)) {
192 ATTEST_LOG_ERROR("[EncryptAesCbc] Invalid parameter");
193 return ERR_ATTEST_SECURITY_INVALID_ARG;
194 }
195 if ((iv == NULL) || (ivLen != IV_LEN)) {
196 ATTEST_LOG_ERROR("[EncryptAesCbc] iv out of range");
197 return ERR_ATTEST_SECURITY_INVALID_ARG;
198 }
199
200 if ((datas->inputLen / AES_BLOCK + 1) > (UINT_MAX / AES_BLOCK)) {
201 ATTEST_LOG_ERROR("[EncryptAesCbc] AesCryptBufferDatas inputLen overflow");
202 return ERR_ATTEST_SECURITY_INVALID_ARG;
203 }
204 *datas->outputLen = (datas->inputLen / AES_BLOCK + 1) * AES_BLOCK;
205
206 mbedtls_cipher_info_t cipherInfo;
207 (void)memset_s(&cipherInfo, sizeof(cipherInfo), 0, sizeof(cipherInfo));
208 cipherInfo.mode = MBEDTLS_MODE_CBC;
209
210 mbedtls_cipher_context_t cipherCtx;
211 mbedtls_cipher_init(&cipherCtx);
212 cipherCtx.cipher_info = &cipherInfo;
213 int32_t ret = mbedtls_cipher_set_padding_mode(&cipherCtx, MBEDTLS_PADDING_PKCS7);
214 if (ret != ATTEST_OK) {
215 ATTEST_LOG_ERROR("[EncryptAesCbc] Set padding mode failed, ret = -0x%x", ret);
216 return ret;
217 }
218 cipherCtx.add_padding(datas->input, *(datas->outputLen), datas->inputLen);
219
220 mbedtls_aes_context aesCtx;
221 mbedtls_aes_init(&aesCtx);
222 ret = mbedtls_aes_setkey_enc(&aesCtx, aesKey, AES_CIPHER_BITS);
223 if (ret != ATTEST_OK) {
224 ATTEST_LOG_ERROR("[EncryptAesCbc] Set mbedtls enc key failed, ret = -0x%x", ret);
225 return ret;
226 }
227
228 uint8_t ivTmp[IV_LEN] = {0};
229 if (memcpy_s(ivTmp, sizeof(ivTmp), iv, ivLen) != 0) {
230 ATTEST_LOG_ERROR("[EncryptAesCbc] memcpy_s iv fail");
231 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
232 }
233 // iv is updated after use, so define ivTmp
234 ret = mbedtls_aes_crypt_cbc(&aesCtx, MBEDTLS_AES_ENCRYPT, *datas->outputLen, ivTmp,
235 (const uint8_t*)datas->input, datas->output);
236 (void)memset_s(ivTmp, sizeof(ivTmp), 0, sizeof(ivTmp));
237 if (ret != ATTEST_OK) {
238 ATTEST_LOG_ERROR("[EncryptAesCbc] Encrypt failed, ret = -0x%x", ret);
239 }
240 return ret;
241 }
242
243 // AES-128-CBC-PKCS#7解密
DecryptAesCbc(AesCryptBufferDatas * datas,const uint8_t * aesKey,const uint8_t * iv,size_t ivLen)244 static int32_t DecryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey,
245 const uint8_t* iv, size_t ivLen)
246 {
247 if ((datas == NULL) || (datas->input == NULL) || (datas->output == NULL) ||
248 (datas->outputLen == NULL) || (aesKey == NULL)) {
249 ATTEST_LOG_ERROR("[DecryptAesCbc] Invalid parameter");
250 return ERR_ATTEST_SECURITY_INVALID_ARG;
251 }
252 if ((iv == NULL) || (ivLen != IV_LEN)) {
253 ATTEST_LOG_ERROR("[DecryptAesCbc] iv out of range");
254 return ERR_ATTEST_SECURITY_INVALID_ARG;
255 }
256
257 mbedtls_aes_context aesCtx;
258 mbedtls_aes_init(&aesCtx);
259 int32_t ret = mbedtls_aes_setkey_dec(&aesCtx, aesKey, AES_CIPHER_BITS);
260 if (ret != ATTEST_OK) {
261 ATTEST_LOG_ERROR("[DecryptAesCbc] Set mbedtls enc key failed, ret = -0x%x", ret);
262 return ret;
263 }
264
265 uint8_t ivTmp[IV_LEN] = {0};
266 ret = memcpy_s(ivTmp, sizeof(ivTmp), iv, ivLen);
267 if (ret != ATTEST_OK) {
268 ATTEST_LOG_ERROR("[DecryptAesCbc] memcpy_s iv fail");
269 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
270 }
271 // iv is updated after use, so define ivTmp
272 ret = mbedtls_aes_crypt_cbc(&aesCtx, MBEDTLS_AES_DECRYPT, datas->inputLen, ivTmp,
273 (const uint8_t*)datas->input, datas->output);
274 (void)memset_s(ivTmp, sizeof(ivTmp), 0, sizeof(ivTmp));
275 if (ret != ATTEST_OK) {
276 ATTEST_LOG_ERROR("[DecryptAesCbc] Encrypt failed, ret = -0x%x", ret);
277 return ret;
278 }
279
280 mbedtls_cipher_info_t cipherInfo;
281 (void)memset_s(&cipherInfo, sizeof(cipherInfo), 0, sizeof(cipherInfo));
282 cipherInfo.mode = MBEDTLS_MODE_CBC;
283
284 mbedtls_cipher_context_t cipherCtx;
285 mbedtls_cipher_init(&cipherCtx);
286 cipherCtx.cipher_info = &cipherInfo;
287 ret = mbedtls_cipher_set_padding_mode(&cipherCtx, MBEDTLS_PADDING_PKCS7);
288 if (ret != ATTEST_OK) {
289 ATTEST_LOG_ERROR("[DecryptAesCbc] Set padding mode failed, ret = -0x%x", ret);
290 return ret;
291 }
292 ret = cipherCtx.get_padding(datas->output, datas->inputLen, datas->outputLen);
293 if (ret != ATTEST_OK) {
294 ATTEST_LOG_ERROR("[DecryptAesCbc] Get padding failed, ret = -0x%x", ret);
295 }
296 return ret;
297 }
298
Encrypt(uint8_t * inputData,size_t inputDataLen,const uint8_t * aesKey,uint8_t * outputData,size_t outputDataLen)299 int32_t Encrypt(uint8_t* inputData, size_t inputDataLen, const uint8_t* aesKey,
300 uint8_t* outputData, size_t outputDataLen)
301 {
302 if ((inputData == NULL) || (inputDataLen == 0) || (aesKey == NULL) || (outputData == NULL)) {
303 ATTEST_LOG_ERROR("[Encrypt] Encrypt Invalid parameter");
304 return ERR_ATTEST_SECURITY_INVALID_ARG;
305 }
306
307 size_t aesOutLen = 0;
308 uint8_t encryptedData[ENCRYPT_LEN] = {0};
309 AesCryptBufferDatas datas = {inputData, inputDataLen, encryptedData, &aesOutLen};
310 int32_t ret = EncryptAesCbc(&datas, aesKey, (const char*)(aesKey + PSK_LEN), AES_KEY_LEN - PSK_LEN);
311 if (ret != ATTEST_OK) {
312 ATTEST_LOG_ERROR("[Encrypt] Aes CBC encrypt symbol info failed, ret = %d", ret);
313 return ret;
314 }
315
316 size_t outputLen = 0;
317 uint8_t base64Data[BASE64_LEN + 1] = {0};
318 ret = mbedtls_base64_encode(base64Data, sizeof(base64Data), &outputLen,
319 (const uint8_t*)encryptedData, aesOutLen);
320 if (ret != ATTEST_OK) {
321 ATTEST_LOG_ERROR("[Encrypt] Base64 encode symbol info failed, ret = -0x00%x", -ret);
322 return ret;
323 }
324
325 if (outputLen > outputDataLen) {
326 ATTEST_LOG_ERROR("[Encrypt] output Len is wrong length");
327 return ERR_ATTEST_SECURITY_INVALID_ARG;
328 }
329 ret = memcpy_s(outputData, outputDataLen, base64Data, outputLen);
330 if (ret != ATTEST_OK) {
331 ATTEST_LOG_ERROR("[Encrypt] Encrypt memcpy_s failed, ret = %d", ret);
332 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
333 }
334 return ATTEST_OK;
335 }
336
Decrypt(const uint8_t * inputData,size_t inputDataLen,const uint8_t * aesKey,uint8_t * outputData,size_t outputDataLen)337 int32_t Decrypt(const uint8_t* inputData, size_t inputDataLen, const uint8_t* aesKey,
338 uint8_t* outputData, size_t outputDataLen)
339 {
340 if ((inputData == NULL) || (inputDataLen == 0) || (aesKey == NULL) || (outputData == NULL)) {
341 ATTEST_LOG_ERROR("[Decrypt] Invalid parameter");
342 return ERR_ATTEST_SECURITY_INVALID_ARG;
343 }
344
345 size_t base64Len = 0;
346 uint8_t encryptData[ENCRYPT_LEN] = {0};
347 int32_t ret = mbedtls_base64_decode(encryptData, sizeof(encryptData), &base64Len, inputData, inputDataLen);
348 if (ret != ATTEST_OK) {
349 ATTEST_LOG_ERROR("[Decrypt] Base64 decode symbol info failed, ret = %d", ret);
350 return ERR_ATTEST_SECURITY_BASE64_DECODE;
351 }
352
353 size_t decryptDataLen = 0;
354 uint8_t decryptData[ENCRYPT_LEN] = {0};
355 AesCryptBufferDatas datas = {encryptData, base64Len, decryptData, &decryptDataLen};
356 if (DecryptAesCbc(&datas, aesKey, aesKey + PSK_LEN, AES_KEY_LEN - PSK_LEN) != 0) {
357 ATTEST_LOG_ERROR("[Decrypt] Aes CBC encrypt symbol info failed, ret = %d", ret);
358 return ERR_ATTEST_SECURITY_DECRYPT;
359 }
360
361 if ((decryptDataLen == 0) || (decryptDataLen > outputDataLen)) {
362 ATTEST_LOG_ERROR("[Decrypt] decryptData Len out of range");
363 return ERR_ATTEST_SECURITY_INVALID_ARG;
364 }
365 ret = memcpy_s(outputData, outputDataLen, decryptData, decryptDataLen);
366 if (ret != ATTEST_OK) {
367 ATTEST_LOG_ERROR("[Decrypt] memcpy_s decryptData fail");
368 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
369 }
370 return ATTEST_OK;
371 }