1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <stdbool.h>
17 #include <securec.h>
18 #include "mbedtls/base64.h"
19 #include "mbedtls/cipher.h"
20 #include "mbedtls/aes.h"
21 #include "mbedtls/hkdf.h"
22 #include "mbedtls/md.h"
23 #include "mbedtls/md5.h"
24 #include "attest_adapter.h"
25 #include "attest_utils.h"
26 #include "attest_utils_log.h"
27 #include "hks_api.h"
28 #include "hks_param.h"
29 #include "hks_type.h"
30 #include "attest_security.h"
31
32 const uint32_t IV_SIZE = 16;
33 uint8_t IV[16] = {0};
34 static struct HksBlob g_attestKeyAlias = { sizeof("xts_device_attest"), (uint8_t *)"xts_device_attest"};
35 static struct HksParam g_genParams[] = {
36 {
37 .tag = HKS_TAG_ALGORITHM,
38 .uint32Param = HKS_ALG_AES
39 }, {
40 .tag = HKS_TAG_PURPOSE,
41 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT
42 }, {
43 .tag = HKS_TAG_KEY_SIZE,
44 .uint32Param = HKS_AES_KEY_SIZE_128
45 }, {
46 .tag = HKS_TAG_PADDING,
47 .uint32Param = HKS_PADDING_PKCS7
48 }, {
49 .tag = HKS_TAG_BLOCK_MODE,
50 .uint32Param = HKS_MODE_CBC
51 }
52 };
53 static struct HksParam g_encryptParams[] = {
54 {
55 .tag = HKS_TAG_ALGORITHM,
56 .uint32Param = HKS_ALG_AES
57 }, {
58 .tag = HKS_TAG_PURPOSE,
59 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT
60 }, {
61 .tag = HKS_TAG_KEY_SIZE,
62 .uint32Param = HKS_AES_KEY_SIZE_128
63 }, {
64 .tag = HKS_TAG_PADDING,
65 .uint32Param = HKS_PADDING_PKCS7
66 }, {
67 .tag = HKS_TAG_DIGEST,
68 .uint32Param = HKS_DIGEST_NONE
69 }, {
70 .tag = HKS_TAG_BLOCK_MODE,
71 .uint32Param = HKS_MODE_CBC
72 }, {
73 .tag = HKS_TAG_IV,
74 .blob = {
75 .size = IV_SIZE,
76 .data = (uint8_t *)IV
77 }
78 }
79 };
80 static struct HksParam g_decryptParams[] = {
81 {
82 .tag = HKS_TAG_ALGORITHM,
83 .uint32Param = HKS_ALG_AES
84 }, {
85 .tag = HKS_TAG_PURPOSE,
86 .uint32Param = HKS_KEY_PURPOSE_DECRYPT
87 }, {
88 .tag = HKS_TAG_KEY_SIZE,
89 .uint32Param = HKS_AES_KEY_SIZE_128
90 }, {
91 .tag = HKS_TAG_PADDING,
92 .uint32Param = HKS_PADDING_PKCS7
93 }, {
94 .tag = HKS_TAG_DIGEST,
95 .uint32Param = HKS_DIGEST_NONE
96 }, {
97 .tag = HKS_TAG_BLOCK_MODE,
98 .uint32Param = HKS_MODE_CBC
99 }, {
100 .tag = HKS_TAG_IV,
101 .blob = {
102 .size = IV_SIZE,
103 .data = (uint8_t *)IV
104 }
105 }
106 };
107
108 // g_pskKey 和 g_encryptedPsk 是psk的计算因子,通过相关算法获取解码需要的psk。
109 // psk不能直接硬编码,因此设计两个计算因子。
110 uint8_t g_pskKey[BASE64_PSK_LENGTH] = {
111 0x35, 0x4d, 0x36, 0x50, 0x42, 0x79, 0x39, 0x41, 0x71, 0x30, 0x41, 0x76,
112 0x63, 0x56, 0x77, 0x65, 0x49, 0x68, 0x48, 0x46, 0x36, 0x67, 0x3d, 0x3d
113 };
114
115 uint8_t g_encryptedPsk[BASE64_PSK_LENGTH] = {
116 0x74, 0x71, 0x57, 0x2b, 0x56, 0x6d, 0x52, 0x6b, 0x30, 0x67, 0x52, 0x5a,
117 0x48, 0x58, 0x68, 0x78, 0x53, 0x56, 0x58, 0x67, 0x6a, 0x51, 0x3d, 0x3d
118 };
119
Base64Encode(const uint8_t * srcData,size_t srcDataLen,uint8_t * base64Encode,uint16_t base64EncodeLen)120 int32_t Base64Encode(const uint8_t* srcData, size_t srcDataLen, uint8_t* base64Encode, uint16_t base64EncodeLen)
121 {
122 if ((srcData == NULL) || (base64Encode == NULL)) {
123 ATTEST_LOG_ERROR("[Base64Encode] Invalid parameter");
124 return ERR_ATTEST_SECURITY_INVALID_ARG;
125 }
126
127 size_t outLen = 0;
128 const size_t base64EncodeMaxLen = base64EncodeLen + 1;
129 int32_t ret = mbedtls_base64_encode(NULL, 0, &outLen, srcData, srcDataLen);
130
131 if ((outLen == 0) || (outLen > base64EncodeMaxLen)) {
132 ATTEST_LOG_ERROR("[Base64Encode] Base64 encode get outLen failed, outLen = %u, ret = -0x00%x", outLen, -ret);
133 return ERR_ATTEST_SECURITY_BASE64_ENCODE;
134 }
135 uint8_t base64Data[outLen];
136 (void)memset_s(base64Data, sizeof(base64Data), 0, sizeof(base64Data));
137 ret = mbedtls_base64_encode(base64Data, sizeof(base64Data), &outLen, srcData, srcDataLen);
138 if (ret != ATTEST_OK) {
139 ATTEST_LOG_ERROR("[Base64Encode] Base64 encode failed, ret = -0x00%x", -ret);
140 return ERR_ATTEST_SECURITY_BASE64_ENCODE;
141 }
142 ret = memcpy_s(base64Encode, base64EncodeLen, base64Data, outLen);
143 if (ret != ATTEST_OK) {
144 ATTEST_LOG_ERROR("[Base64Encode] memcpy_s base64Data fail");
145 (void)memset_s(base64Data, sizeof(base64Data), 0, sizeof(base64Data));
146 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
147 }
148 (void)memset_s(base64Data, sizeof(base64Data), 0, sizeof(base64Data));
149 return ATTEST_OK;
150 }
151
GetSalt(uint8_t * salt,uint32_t saltLen)152 void GetSalt(uint8_t* salt, uint32_t saltLen)
153 {
154 if ((salt == NULL) || (saltLen != SALT_LEN)) {
155 ATTEST_LOG_ERROR("[GetSalt] Invalid parameter");
156 return;
157 }
158
159 const uint8_t randomNumBytes = 4;
160 const uint8_t offsetBits = 8;
161 uint32_t temp = 0;
162 for (uint32_t i = 0; i < saltLen; i++) {
163 if ((i % randomNumBytes) == 0) {
164 temp = (uint32_t)GetRandomNum(); // 生成的随机数为4字节
165 }
166 // temp右移8bits
167 salt[i] = (uint8_t)((temp >> ((i % randomNumBytes) * offsetBits)) & 0xff);
168 if (salt[i] == 0) {
169 salt[i]++;
170 }
171 }
172 }
173
GetPsk(uint8_t psk[],size_t pskLen)174 static int32_t GetPsk(uint8_t psk[], size_t pskLen)
175 {
176 if (pskLen != PSK_LEN) {
177 ATTEST_LOG_ERROR("[GetPsk] Invalid parameter");
178 return ERR_ATTEST_SECURITY_INVALID_ARG;
179 }
180 size_t outLen = 0;
181 (void)mbedtls_base64_decode(NULL, 0, &outLen, g_pskKey, sizeof(g_pskKey));
182 if (outLen != pskLen) {
183 ATTEST_LOG_ERROR("[GetPsk] pskKey base64 decode fail");
184 return ERR_ATTEST_SECURITY_INVALID_ARG;
185 }
186 uint8_t base64PskKey[outLen];
187 (void)memset_s(base64PskKey, sizeof(base64PskKey), 0, sizeof(base64PskKey));
188 int32_t ret = mbedtls_base64_decode(base64PskKey, outLen, &outLen, g_pskKey, sizeof(g_pskKey));
189 if (ret != ATTEST_OK) {
190 ATTEST_LOG_ERROR("[GetPsk] GetPsk Base64Decode base64PskKey failed, ret = %d", ret);
191 return ERR_ATTEST_SECURITY_BASE64_DECODE;
192 }
193 outLen = 0;
194 (void)mbedtls_base64_decode(NULL, 0, &outLen, g_encryptedPsk, sizeof(g_encryptedPsk));
195 if (outLen != pskLen) {
196 ATTEST_LOG_ERROR("[GetPsk] encryptedPsk base64 decode fail");
197 return ERR_ATTEST_SECURITY_INVALID_ARG;
198 }
199 uint8_t base64Psk[outLen];
200 (void)memset_s(base64Psk, sizeof(base64Psk), 0, sizeof(base64Psk));
201 ret = mbedtls_base64_decode(base64Psk, outLen, &outLen, g_encryptedPsk, sizeof(g_encryptedPsk));
202 if (ret != ATTEST_OK) {
203 ATTEST_LOG_ERROR("[GetPsk] GetPsk Base64Decode base64Psk failed, ret = %d", ret);
204 return ERR_ATTEST_SECURITY_BASE64_DECODE;
205 }
206 for (size_t i = 0; i < pskLen; i++) {
207 psk[i] = base64Psk[i] ^ base64PskKey[i];
208 }
209 (void)memset_s(base64Psk, sizeof(base64Psk), 0, sizeof(base64Psk));
210 return ATTEST_OK;
211 }
212
GetProductInfo(const char * version,SecurityParam * productInfoParam)213 static int32_t GetProductInfo(const char* version, SecurityParam* productInfoParam)
214 {
215 if (productInfoParam == NULL) {
216 return ERR_ATTEST_SECURITY_INVALID_ARG;
217 }
218 int32_t ret = AttestGetManufacturekey(productInfoParam->param, MANUFACTUREKEY_LEN);
219 if (ret != ATTEST_OK) {
220 ATTEST_LOG_ERROR("[GetProductInfo] Get AC Key failed, ret = %d", ret);
221 return ret;
222 }
223
224 if (strcmp(version, TOKEN_VER0_0) == 0) { // productInfo = Manufacturekey + productId
225 uint8_t productId[PRODUCT_ID_LEN] = {0};
226 ret = AttestGetProductId(productId, sizeof(productId));
227 if (ret != ATTEST_OK) {
228 ATTEST_LOG_ERROR("[GetProductInfo] Get product id failed, ret = %d", ret);
229 return ret;
230 }
231 if (memcpy_s(productInfoParam->param + MANUFACTUREKEY_LEN, PRODUCT_ID_LEN, productId, PRODUCT_ID_LEN) != 0) {
232 ATTEST_LOG_ERROR("[GetProductInfo] Copy product id failed");
233 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
234 }
235 (void)memset_s(productId, PRODUCT_ID_LEN, 0, PRODUCT_ID_LEN);
236 } else if (strcmp(version, TOKEN_VER1_0) == 0) { // productInfo = Manufacturekey
237 productInfoParam->paramLen = MANUFACTUREKEY_LEN;
238 }
239 return ATTEST_OK;
240 }
241
InitHksParamSet(struct HksParamSet ** paramSet,const struct HksParam * params,uint32_t paramcount)242 static int32_t InitHksParamSet(struct HksParamSet** paramSet, const struct HksParam *params, uint32_t paramcount)
243 {
244 if (paramSet == NULL || params == NULL || paramcount == 0) {
245 ATTEST_LOG_ERROR("[InitHksParamSet] Invaild param");
246 return ATTEST_ERR;
247 }
248 int32_t ret = HksInitParamSet(paramSet);
249 if (ret != ATTEST_OK) {
250 ATTEST_LOG_ERROR("[InitHksParamSet] HksInitParamSet failed");
251 return ATTEST_ERR;
252 }
253
254 ret = HksAddParams(*paramSet, params, paramcount);
255 if (ret != ATTEST_OK) {
256 ATTEST_LOG_ERROR("[InitHksParamSet] HksAddParams failed");
257 HksFreeParamSet(paramSet);
258 return ATTEST_ERR;
259 }
260
261 ret = HksBuildParamSet(paramSet);
262 if (ret != ATTEST_OK) {
263 ATTEST_LOG_ERROR("[InitHksParamSet] HksAddParams failed");
264 HksFreeParamSet(paramSet);
265 return ATTEST_ERR;
266 }
267 return ret;
268 }
269
DecryptHksImpl(struct HksBlob * cipherText,uint8_t * outputData,size_t outputDataLen)270 static int32_t DecryptHksImpl(struct HksBlob *cipherText, uint8_t *outputData, size_t outputDataLen)
271 {
272 struct HksParamSet *decryptParamSet = NULL;
273 if (sizeof(struct HksParam) == 0) {
274 ATTEST_LOG_ERROR("[DecryptHksImpl] Invaild size");
275 return ATTEST_ERR;
276 }
277 int32_t ret = InitHksParamSet(&decryptParamSet, g_decryptParams, sizeof(g_decryptParams) / sizeof(struct HksParam));
278 if (ret != ATTEST_OK) {
279 ATTEST_LOG_ERROR("[DecryptHksImpl] InitHksParamSet g_decryptParams failed");
280 return ATTEST_ERR;
281 }
282 uint8_t tmpOut1[HKS_DECRYPT_LEN] = {0};
283 struct HksBlob plainText = { HKS_DECRYPT_LEN, tmpOut1 };
284 ret = HksDecrypt(&g_attestKeyAlias, decryptParamSet, cipherText, &plainText);
285 if (ret != ATTEST_OK) {
286 ATTEST_LOG_ERROR("[DecryptHksImpl] HksDecrypt failed");
287 HksFreeParamSet(&decryptParamSet);
288 return ATTEST_ERR;
289 }
290 ret = memcpy_s(outputData, outputDataLen, plainText.data, (int)plainText.size);
291 if (ret != ATTEST_OK) {
292 ATTEST_LOG_ERROR("[DecryptHksImpl] copy result failed");
293 HksFreeParamSet(&decryptParamSet);
294 return ATTEST_ERR;
295 }
296 return ret;
297 }
298
DecryptHks(const uint8_t * inputData,size_t inputDataLen,uint8_t * outputData,size_t outputDataLen)299 int32_t DecryptHks(const uint8_t *inputData, size_t inputDataLen, uint8_t *outputData, size_t outputDataLen)
300 {
301 if ((inputData == NULL) || (inputDataLen == 0) || (outputData == NULL) || (outputDataLen == 0)) {
302 ATTEST_LOG_ERROR("[DecryptHks] DecryptHks Invalid parameter");
303 return ERR_ATTEST_SECURITY_INVALID_ARG;
304 }
305 struct HksParamSet *genParamSetDecrypt = NULL;
306 if (sizeof(struct HksParam) == 0) {
307 ATTEST_LOG_ERROR("[DecryptHks] Invaild size");
308 return ATTEST_ERR;
309 }
310 int32_t ret = InitHksParamSet(&genParamSetDecrypt, g_genParams, sizeof(g_genParams) / sizeof(struct HksParam));
311 if (ret != ATTEST_OK) {
312 ATTEST_LOG_ERROR("[DecryptHks] InitHksParamSet g_genParams failed");
313 return ATTEST_ERR;
314 }
315 ret = HksKeyExist(&g_attestKeyAlias, genParamSetDecrypt);
316 if (ret != ATTEST_OK) {
317 ATTEST_LOG_ERROR("[DecryptHks] Hks key doesn't exist");
318 HksFreeParamSet(&genParamSetDecrypt);
319 return ATTEST_ERR;
320 }
321 size_t base64Len = 0;
322 uint8_t encryptData[ENCRYPT_LEN] = {0};
323 ret = mbedtls_base64_decode(encryptData, sizeof(encryptData), &base64Len, inputData, inputDataLen);
324 if (ret != ATTEST_OK) {
325 ATTEST_LOG_ERROR("[DecryptHks] Base64 decode symbol info failed, ret = %d", ret);
326 HksFreeParamSet(&genParamSetDecrypt);
327 return ERR_ATTEST_SECURITY_BASE64_DECODE;
328 }
329 struct HksBlob cipherText = { sizeof(encryptData), encryptData };
330 ret = DecryptHksImpl(&cipherText, outputData, outputDataLen);
331 if (ret != ATTEST_OK) {
332 ATTEST_LOG_ERROR("[DecryptHks] DecryptHksImpl failed");
333 HksFreeParamSet(&genParamSetDecrypt);
334 return ATTEST_ERR;
335 }
336 return ret;
337 }
338
GetAesKey(const SecurityParam * salt,const VersionData * versionData,const SecurityParam * aesKey)339 int32_t GetAesKey(const SecurityParam* salt, const VersionData* versionData, const SecurityParam* aesKey)
340 {
341 if ((salt == NULL) || (versionData == NULL) || (aesKey == NULL) || (versionData->versionLen == 0)) {
342 ATTEST_LOG_ERROR("[GetAesKey] Invalid parameter");
343 return ERR_ATTEST_SECURITY_INVALID_ARG;
344 }
345
346 uint8_t productInfo[MANUFACTUREKEY_LEN + PRODUCT_ID_LEN] = {0};
347 SecurityParam info = {productInfo, sizeof(productInfo)};
348 int32_t ret = GetProductInfo(versionData->version, &info);
349 if (ret != ATTEST_OK) {
350 ATTEST_LOG_ERROR("[GetAesKey] Get product info failed, ret = %d", ret);
351 return ret;
352 }
353 uint8_t psk[PSK_LEN] = {0};
354 ret = GetPsk(psk, PSK_LEN);
355 if (ret != ATTEST_OK) {
356 ATTEST_LOG_ERROR("[GetAesKey] Get psk failed, ret = %d", ret);
357 return ret;
358 }
359 SecurityParam key = {psk, sizeof(psk)};
360 const mbedtls_md_info_t *mdInfo = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
361 // 导出秘钥
362 ret = mbedtls_hkdf(mdInfo, salt->param, salt->paramLen,
363 key.param, key.paramLen,
364 info.param, info.paramLen,
365 aesKey->param, aesKey->paramLen);
366 if (ret != ATTEST_OK) {
367 ATTEST_LOG_ERROR("[GetAesKey] HKDF derive key failed, ret = -0x%x", -ret);
368 }
369 memset_s(psk, PSK_LEN, 0, PSK_LEN);
370 return ret;
371 }
372
373 // AES-128-CBC-PKCS#7解密
DecryptAesCbc(AesCryptBufferDatas * datas,const uint8_t * aesKey,const uint8_t * iv,size_t ivLen)374 static int32_t DecryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey,
375 const uint8_t* iv, size_t ivLen)
376 {
377 if ((datas == NULL) || (datas->input == NULL) || (datas->output == NULL) ||
378 (datas->outputLen == NULL) || (aesKey == NULL)) {
379 ATTEST_LOG_ERROR("[DecryptAesCbc] Invalid parameter");
380 return ERR_ATTEST_SECURITY_INVALID_ARG;
381 }
382 if ((iv == NULL) || (ivLen != IV_LEN)) {
383 ATTEST_LOG_ERROR("[DecryptAesCbc] iv out of range");
384 return ERR_ATTEST_SECURITY_INVALID_ARG;
385 }
386
387 mbedtls_aes_context aesCtx;
388 mbedtls_aes_init(&aesCtx);
389 int32_t ret = mbedtls_aes_setkey_dec(&aesCtx, aesKey, AES_CIPHER_BITS);
390 if (ret != ATTEST_OK) {
391 ATTEST_LOG_ERROR("[DecryptAesCbc] Set mbedtls enc key failed, ret = -0x%x", ret);
392 return ret;
393 }
394
395 uint8_t ivTmp[IV_LEN] = {0};
396 ret = memcpy_s(ivTmp, sizeof(ivTmp), iv, ivLen);
397 if (ret != ATTEST_OK) {
398 ATTEST_LOG_ERROR("[DecryptAesCbc] memcpy_s iv fail");
399 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
400 }
401 // iv is updated after use, so define ivTmp
402 ret = mbedtls_aes_crypt_cbc(&aesCtx, MBEDTLS_AES_DECRYPT, datas->inputLen, ivTmp,
403 (const uint8_t*)datas->input, datas->output);
404 (void)memset_s(ivTmp, sizeof(ivTmp), 0, sizeof(ivTmp));
405 if (ret != ATTEST_OK) {
406 ATTEST_LOG_ERROR("[DecryptAesCbc] Encrypt failed, ret = -0x%x", ret);
407 return ret;
408 }
409
410 mbedtls_cipher_info_t cipherInfo;
411 (void)memset_s(&cipherInfo, sizeof(cipherInfo), 0, sizeof(cipherInfo));
412 cipherInfo.mode = MBEDTLS_MODE_CBC;
413
414 mbedtls_cipher_context_t cipherCtx;
415 mbedtls_cipher_init(&cipherCtx);
416 cipherCtx.cipher_info = &cipherInfo;
417 ret = mbedtls_cipher_set_padding_mode(&cipherCtx, MBEDTLS_PADDING_PKCS7);
418 if (ret != ATTEST_OK) {
419 ATTEST_LOG_ERROR("[DecryptAesCbc] Set padding mode failed, ret = -0x%x", ret);
420 return ret;
421 }
422 ret = cipherCtx.get_padding(datas->output, datas->inputLen, datas->outputLen);
423 if (ret != ATTEST_OK) {
424 ATTEST_LOG_ERROR("[DecryptAesCbc] Get padding failed, ret = -0x%x", ret);
425 }
426 return ret;
427 }
428
EncryptHksImpl(struct HksBlob * inData,uint8_t * outputData,size_t outputDataLen)429 static int32_t EncryptHksImpl(struct HksBlob *inData, uint8_t* outputData, size_t outputDataLen)
430 {
431 struct HksParamSet *encryptParamSet = NULL;
432 if (sizeof(struct HksParam) == 0) {
433 ATTEST_LOG_ERROR("[EncryptHksImpl] Invaild size");
434 return ATTEST_ERR;
435 }
436 int32_t ret = InitHksParamSet(&encryptParamSet, g_encryptParams, sizeof(g_encryptParams) / sizeof(struct HksParam));
437 if (ret != ATTEST_OK) {
438 ATTEST_LOG_ERROR("[EncryptHksImpl] InitHksParamSet g_encryptParams failed");
439 return ATTEST_ERR;
440 }
441 uint8_t tmpOut[HKS_ENCRYPT_LEN] = {0};
442 struct HksBlob cipherText = { HKS_ENCRYPT_LEN, tmpOut };
443 ret = HksEncrypt(&g_attestKeyAlias, encryptParamSet, inData, &cipherText);
444 if (ret != ATTEST_OK) {
445 ATTEST_LOG_ERROR("[EncryptHksImpl] HksEncrypt failed");
446 HksFreeParamSet(&encryptParamSet);
447 return ATTEST_ERR;
448 }
449 size_t outputLen = 0;
450 uint8_t base64Data[BASE64_LEN + 1] = {0};
451 ret = mbedtls_base64_encode(base64Data, sizeof(base64Data), &outputLen,
452 (const uint8_t*)cipherText.data, (size_t)cipherText.size);
453 if (ret != ATTEST_OK) {
454 ATTEST_LOG_ERROR("[EncryptHksImpl] Base64 encode symbol info failed, ret = -0x00%x", -ret);
455 HksFreeParamSet(&encryptParamSet);
456 return ret;
457 }
458 if (outputLen > outputDataLen) {
459 ATTEST_LOG_ERROR("[EncryptHksImpl] output Len is wrong length");
460 HksFreeParamSet(&encryptParamSet);
461 return ERR_ATTEST_SECURITY_INVALID_ARG;
462 }
463 ret = memcpy_s(outputData, outputDataLen, base64Data, outputLen);
464 if (ret != ATTEST_OK) {
465 ATTEST_LOG_ERROR("[EncryptHksImpl] Encrypt memcpy_s failed, ret = %d", ret);
466 HksFreeParamSet(&encryptParamSet);
467 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
468 }
469 return ret;
470 }
471
EncryptHks(uint8_t * inputData,size_t inputDataLen,uint8_t * outputData,size_t outputDataLen)472 int32_t EncryptHks(uint8_t* inputData, size_t inputDataLen, uint8_t* outputData, size_t outputDataLen)
473 {
474 if ((inputData == NULL) || (inputDataLen == 0) || (outputData == NULL) || (outputDataLen == 0)) {
475 ATTEST_LOG_ERROR("[EncryptHks] EncryptHks Invalid parameter");
476 return ERR_ATTEST_SECURITY_INVALID_ARG;
477 }
478 struct HksParamSet *genParamSetEncrypt = NULL;
479 if (sizeof(struct HksParam) == 0) {
480 ATTEST_LOG_ERROR("[EncryptHks] Invaild size");
481 return ATTEST_ERR;
482 }
483 int32_t ret = InitHksParamSet(&genParamSetEncrypt, g_genParams, sizeof(g_genParams) / sizeof(struct HksParam));
484 if (ret != ATTEST_OK) {
485 ATTEST_LOG_ERROR("[EncryptHks] InitHksParamSet g_genParams failed");
486 return ATTEST_ERR;
487 }
488 ret = HksKeyExist(&g_attestKeyAlias, genParamSetEncrypt);
489 if (ret != ATTEST_OK) {
490 ret = HksGenerateKey(&g_attestKeyAlias, genParamSetEncrypt, NULL);
491 if (ret != ATTEST_OK) {
492 ATTEST_LOG_ERROR("[EncryptHks] HksGenerateKey failed");
493 HksFreeParamSet(&genParamSetEncrypt);
494 return ATTEST_ERR;
495 }
496 }
497 ATTEST_LOG_INFO("[EncryptHks] HksKeyExist or HksGenerateKey success");
498 struct HksBlob inData = { inputDataLen, inputData };
499 ret = EncryptHksImpl(&inData, outputData, outputDataLen);
500 if (ret != ATTEST_OK) {
501 ATTEST_LOG_ERROR("[EncryptHks] EncryptHksImpl failed");
502 HksFreeParamSet(&genParamSetEncrypt);
503 return ATTEST_ERR;
504 }
505 return ret;
506 }
507
508 // AES-128-CBC-PKCS#7加密
EncryptAesCbc(AesCryptBufferDatas * datas,const uint8_t * aesKey,const char * iv,size_t ivLen)509 static int32_t EncryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey,
510 const char* iv, size_t ivLen)
511 {
512 if ((datas == NULL) || (datas->input == NULL) || (datas->output == NULL) ||
513 (datas->outputLen == NULL) || (aesKey == NULL)) {
514 ATTEST_LOG_ERROR("[EncryptAesCbc] Invalid parameter");
515 return ERR_ATTEST_SECURITY_INVALID_ARG;
516 }
517 if ((iv == NULL) || (ivLen != IV_LEN)) {
518 ATTEST_LOG_ERROR("[EncryptAesCbc] iv out of range");
519 return ERR_ATTEST_SECURITY_INVALID_ARG;
520 }
521
522 if ((datas->inputLen / AES_BLOCK + 1) > (UINT_MAX / AES_BLOCK)) {
523 ATTEST_LOG_ERROR("[EncryptAesCbc] AesCryptBufferDatas inputLen overflow");
524 return ERR_ATTEST_SECURITY_INVALID_ARG;
525 }
526 *datas->outputLen = (datas->inputLen / AES_BLOCK + 1) * AES_BLOCK;
527
528 mbedtls_cipher_info_t cipherInfo;
529 (void)memset_s(&cipherInfo, sizeof(cipherInfo), 0, sizeof(cipherInfo));
530 cipherInfo.mode = MBEDTLS_MODE_CBC;
531
532 mbedtls_cipher_context_t cipherCtx;
533 mbedtls_cipher_init(&cipherCtx);
534 cipherCtx.cipher_info = &cipherInfo;
535 int32_t ret = mbedtls_cipher_set_padding_mode(&cipherCtx, MBEDTLS_PADDING_PKCS7);
536 if (ret != ATTEST_OK) {
537 ATTEST_LOG_ERROR("[EncryptAesCbc] Set padding mode failed, ret = -0x%x", ret);
538 return ret;
539 }
540 cipherCtx.add_padding(datas->input, *(datas->outputLen), datas->inputLen);
541
542 mbedtls_aes_context aesCtx;
543 mbedtls_aes_init(&aesCtx);
544 ret = mbedtls_aes_setkey_enc(&aesCtx, aesKey, AES_CIPHER_BITS);
545 if (ret != ATTEST_OK) {
546 ATTEST_LOG_ERROR("[EncryptAesCbc] Set mbedtls enc key failed, ret = -0x%x", ret);
547 return ret;
548 }
549
550 uint8_t ivTmp[IV_LEN] = {0};
551 if (memcpy_s(ivTmp, sizeof(ivTmp), iv, ivLen) != 0) {
552 ATTEST_LOG_ERROR("[EncryptAesCbc] memcpy_s iv fail");
553 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
554 }
555 // iv is updated after use, so define ivTmp
556 ret = mbedtls_aes_crypt_cbc(&aesCtx, MBEDTLS_AES_ENCRYPT, *datas->outputLen, ivTmp,
557 (const uint8_t*)datas->input, datas->output);
558 (void)memset_s(ivTmp, sizeof(ivTmp), 0, sizeof(ivTmp));
559 if (ret != ATTEST_OK) {
560 ATTEST_LOG_ERROR("[EncryptAesCbc] Encrypt failed, ret = -0x%x", ret);
561 }
562 return ret;
563 }
564
Encrypt(uint8_t * inputData,size_t inputDataLen,const uint8_t * aesKey,uint8_t * outputData,size_t outputDataLen)565 int32_t Encrypt(uint8_t* inputData, size_t inputDataLen, const uint8_t* aesKey,
566 uint8_t* outputData, size_t outputDataLen)
567 {
568 if ((inputData == NULL) || (inputDataLen == 0) || (aesKey == NULL) || (outputData == NULL)) {
569 ATTEST_LOG_ERROR("[Encrypt] Encrypt Invalid parameter");
570 return ERR_ATTEST_SECURITY_INVALID_ARG;
571 }
572
573 size_t aesOutLen = 0;
574 uint8_t encryptedData[ENCRYPT_LEN] = {0};
575 AesCryptBufferDatas datas = {inputData, inputDataLen, encryptedData, &aesOutLen};
576 int32_t ret = EncryptAesCbc(&datas, aesKey, (const char*)(aesKey + PSK_LEN), AES_KEY_LEN - PSK_LEN);
577 if (ret != ATTEST_OK) {
578 ATTEST_LOG_ERROR("[Encrypt] Aes CBC encrypt symbol info failed, ret = %d", ret);
579 return ret;
580 }
581
582 size_t outputLen = 0;
583 uint8_t base64Data[BASE64_LEN + 1] = {0};
584 ret = mbedtls_base64_encode(base64Data, sizeof(base64Data), &outputLen,
585 (const uint8_t*)encryptedData, aesOutLen);
586 if (ret != ATTEST_OK) {
587 ATTEST_LOG_ERROR("[Encrypt] Base64 encode symbol info failed, ret = -0x00%x", -ret);
588 return ret;
589 }
590
591 if (outputLen > outputDataLen) {
592 ATTEST_LOG_ERROR("[Encrypt] output Len is wrong length");
593 return ERR_ATTEST_SECURITY_INVALID_ARG;
594 }
595 ret = memcpy_s(outputData, outputDataLen, base64Data, outputLen);
596 if (ret != ATTEST_OK) {
597 ATTEST_LOG_ERROR("[Encrypt] Encrypt memcpy_s failed, ret = %d", ret);
598 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
599 }
600 (void)memset_s(base64Data, BASE64_LEN + 1, 0, BASE64_LEN + 1);
601 return ATTEST_OK;
602 }
603
Decrypt(const uint8_t * inputData,size_t inputDataLen,const uint8_t * aesKey,uint8_t * outputData,size_t outputDataLen)604 int32_t Decrypt(const uint8_t* inputData, size_t inputDataLen, const uint8_t* aesKey,
605 uint8_t* outputData, size_t outputDataLen)
606 {
607 if ((inputData == NULL) || (inputDataLen == 0) || (aesKey == NULL) || (outputData == NULL)) {
608 ATTEST_LOG_ERROR("[Decrypt] Invalid parameter");
609 return ERR_ATTEST_SECURITY_INVALID_ARG;
610 }
611
612 size_t base64Len = 0;
613 uint8_t encryptData[ENCRYPT_LEN] = {0};
614 int32_t ret = mbedtls_base64_decode(encryptData, sizeof(encryptData), &base64Len, inputData, inputDataLen);
615 if (ret != ATTEST_OK) {
616 ATTEST_LOG_ERROR("[Decrypt] Base64 decode symbol info failed, ret = %d", ret);
617 return ERR_ATTEST_SECURITY_BASE64_DECODE;
618 }
619
620 size_t decryptDataLen = 0;
621 uint8_t decryptData[ENCRYPT_LEN] = {0};
622 AesCryptBufferDatas datas = {encryptData, base64Len, decryptData, &decryptDataLen};
623 if (DecryptAesCbc(&datas, aesKey, aesKey + PSK_LEN, AES_KEY_LEN - PSK_LEN) != 0) {
624 ATTEST_LOG_ERROR("[Decrypt] Aes CBC encrypt symbol info failed, ret = %d", ret);
625 return ERR_ATTEST_SECURITY_DECRYPT;
626 }
627
628 if ((decryptDataLen == 0) || (decryptDataLen > outputDataLen)) {
629 ATTEST_LOG_ERROR("[Decrypt] decryptData Len out of range");
630 return ERR_ATTEST_SECURITY_INVALID_ARG;
631 }
632 ret = memcpy_s(outputData, outputDataLen, decryptData, decryptDataLen);
633 if (ret != ATTEST_OK) {
634 ATTEST_LOG_ERROR("[Decrypt] memcpy_s decryptData fail");
635 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
636 }
637 (void)memset_s(decryptData, ENCRYPT_LEN, 0, ENCRYPT_LEN);
638 return ATTEST_OK;
639 }
640
MD5Encode(const uint8_t * srcData,size_t srcDataLen,uint8_t * outputStr,int outputLen)641 int32_t MD5Encode(const uint8_t* srcData, size_t srcDataLen, uint8_t* outputStr, int outputLen)
642 {
643 if (srcData == NULL || srcDataLen == 0 || outputStr == NULL) {
644 ATTEST_LOG_ERROR("[MD5Encode] Invalid parameter");
645 return ATTEST_ERR;
646 }
647
648 uint8_t hash[MD5_LEN] = {0};
649 char buf[DEV_BUF_LENGTH] = {0};
650
651 mbedtls_md5_context md5_ctx;
652 mbedtls_md5_init(&md5_ctx);
653 mbedtls_md5_starts(&md5_ctx);
654 mbedtls_md5_update(&md5_ctx, srcData, srcDataLen);
655 mbedtls_md5_finish(&md5_ctx, hash);
656 mbedtls_md5_free(&md5_ctx);
657
658 int32_t ret = ATTEST_OK;
659 for (size_t i = 0; i < MD5_LEN; i++) {
660 uint8_t value = hash[i];
661 (void)memset_s(buf, DEV_BUF_LENGTH, 0, DEV_BUF_LENGTH);
662 if (sprintf_s(buf, sizeof(buf), "%02x", value) < 0) {
663 ATTEST_LOG_ERROR("[MD5Encode] Failed to sprintf");
664 ret = ATTEST_ERR;
665 break;
666 }
667
668 if (strcat_s((char*)outputStr, outputLen, buf) != 0) {
669 ATTEST_LOG_ERROR("[MD5Encode] Failed to strcat");
670 ret = ATTEST_ERR;
671 break;
672 }
673 }
674 (void)memset_s(buf, DEV_BUF_LENGTH, 0, DEV_BUF_LENGTH);
675 (void)memset_s(hash, MD5_LEN, 0, MD5_LEN);
676 return ret;
677 }
678