1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "huks_master.h"
17 #include "openssl_crypto.h"
18 #include "openssl/err.h"
19 #include <openssl/sha.h>
20 #include "storage_service_errno.h"
21 #include "storage_service_log.h"
22 #include "openssl/evp.h"
23
24 namespace OHOS {
25 namespace StorageDaemon {
AESDecrypt(const KeyBlob & preKey,KeyContext & keyContext_,KeyBlob & plainText)26 int32_t OpensslCrypto::AESDecrypt(const KeyBlob &preKey, KeyContext &keyContext_, KeyBlob &plainText)
27 {
28 LOGI("enter");
29 KeyBlob shield = HashWithPrefix(preKey, keyContext_.secDiscard, AES_256_HASH_RANDOM_SIZE);
30 if (keyContext_.rndEnc.size < GCM_NONCE_BYTES + GCM_MAC_BYTES) {
31 LOGE("GCM cipherText too small: %{public}u ", keyContext_.rndEnc.size);
32 return E_KEY_SIZE_ERROR;
33 }
34 auto ctx = std::unique_ptr<EVP_CIPHER_CTX, decltype(&::EVP_CIPHER_CTX_free)>(
35 EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
36 if (!ctx) {
37 LOGE("Openssl error: %{public}lu ", ERR_get_error());
38 return E_CIPHER_CTX_NEW;
39 }
40 if (EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, reinterpret_cast<const uint8_t*>(shield.data.get()),
41 reinterpret_cast<const uint8_t*>(keyContext_.rndEnc.data.get())) !=
42 OPENSSL_SUCCESS_FLAG) {
43 LOGE("Openssl error: %{public}lu ", ERR_get_error());
44 return E_DECRYPT_INIT_EX;
45 }
46 plainText = KeyBlob(keyContext_.rndEnc.size - GCM_NONCE_BYTES - GCM_MAC_BYTES);
47 int outlen;
48 if (EVP_DecryptUpdate(ctx.get(), reinterpret_cast<uint8_t*>(plainText.data.get()), &outlen,
49 reinterpret_cast<const uint8_t*>(keyContext_.rndEnc.data.get() + GCM_NONCE_BYTES),
50 plainText.size) != OPENSSL_SUCCESS_FLAG) {
51 LOGE("Openssl error: %{public}lu ", ERR_get_error());
52 return E_DECRYPT_UPDATE;
53 }
54 if (static_cast<int>(plainText.size) != outlen) {
55 LOGE("GCM plainText length should be %{private}u, was %{public}d", plainText.size, outlen);
56 return E_DECRYPT_UPDATE_LEN;
57 }
58 if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, GCM_MAC_BYTES,
59 const_cast<void*>(reinterpret_cast<const void*>(
60 keyContext_.rndEnc.data.get() + GCM_NONCE_BYTES + plainText.size))) !=
61 OPENSSL_SUCCESS_FLAG) {
62 LOGE("Openssl error: %{public}lu ", ERR_get_error());
63 return E_CIPHER_CTX_CTRL;
64 }
65 if (EVP_DecryptFinal_ex(ctx.get(), reinterpret_cast<uint8_t*>(plainText.data.get() + plainText.size),
66 &outlen) != OPENSSL_SUCCESS_FLAG) {
67 LOGE("Openssl error: %{public}lu ", ERR_get_error());
68 return E_DECRYPT_FINAL_EX;
69 }
70 if (outlen != 0) {
71 LOGE("GCM EncryptFinal should be 0, was %{public}d ", outlen);
72 return E_DECRYPT_FINAL_EX_LEN;
73 }
74 LOGI("Enhance decrypt key success");
75 return E_OK;
76 }
77
AESEncrypt(const KeyBlob & preKey,const KeyBlob & plainText,KeyContext & keyContext_)78 int32_t OpensslCrypto::AESEncrypt(const KeyBlob &preKey, const KeyBlob &plainText, KeyContext &keyContext_)
79 {
80 LOGI("enter");
81 KeyBlob shield = HashWithPrefix(preKey, keyContext_.secDiscard, AES_256_HASH_RANDOM_SIZE);
82 auto ctx = std::unique_ptr<EVP_CIPHER_CTX, decltype(&::EVP_CIPHER_CTX_free)>(
83 EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
84 if (!ctx) {
85 LOGE("Openssl error: %{public}lu ", ERR_get_error());
86 return E_CIPHER_CTX_NEW;
87 }
88 keyContext_.rndEnc = HuksMaster::GenerateRandomKey(GCM_NONCE_BYTES + plainText.size + GCM_MAC_BYTES);
89 if (EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL,
90 reinterpret_cast<const uint8_t*>(shield.data.get()),
91 reinterpret_cast<const uint8_t*>(keyContext_.rndEnc.data.get())) !=
92 OPENSSL_SUCCESS_FLAG) {
93 LOGE("Openssl error: %{public}lu ", ERR_get_error());
94 return E_ENCRYPT_INIT_EX;
95 }
96 int outlen;
97 if (EVP_EncryptUpdate(ctx.get(), reinterpret_cast<uint8_t*>(keyContext_.rndEnc.data.get() + GCM_NONCE_BYTES),
98 &outlen, reinterpret_cast<const uint8_t*>(plainText.data.get()), plainText.size) !=
99 OPENSSL_SUCCESS_FLAG) {
100 LOGE("Openssl error: %{public}lu ", ERR_get_error());
101 return E_ENCRYPT_UPDATE;
102 }
103 if (static_cast<int>(plainText.size) != outlen) {
104 LOGE("GCM cipherText length should be %{private}d, was %{public}u", plainText.size, outlen);
105 return E_ENCRYPT_UPDATE_LEN;
106 }
107 if (EVP_EncryptFinal_ex(ctx.get(),
108 reinterpret_cast<uint8_t*>(keyContext_.rndEnc.data.get() +
109 GCM_NONCE_BYTES + plainText.size), &outlen) != OPENSSL_SUCCESS_FLAG) {
110 LOGE("Openssl error: %{public}lu ", ERR_get_error());
111 return E_ENCRYPT_FINAL_EX;
112 }
113 if (outlen != 0) {
114 LOGE("GCM EncryptFinal should be 0 , was %{public}u", outlen);
115 return E_ENCRYPT_FINAL_EX_LEN;
116 }
117 if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, GCM_MAC_BYTES,
118 reinterpret_cast<uint8_t*> (keyContext_.rndEnc.data.get() +
119 GCM_NONCE_BYTES + plainText.size)) != OPENSSL_SUCCESS_FLAG) {
120 LOGE("Openssl error: %{public}lu ", ERR_get_error());
121 return E_CIPHER_CTX_CTRL;
122 }
123 LOGI("Enhance encrypt key success");
124 return E_OK;
125 }
126
HashWithPrefix(const KeyBlob & prefix,const KeyBlob & payload,uint32_t length)127 KeyBlob OpensslCrypto::HashWithPrefix(const KeyBlob &prefix, const KeyBlob &payload, uint32_t length)
128 {
129 KeyBlob res(SHA512_DIGEST_LENGTH);
130 SHA512_CTX c;
131 SHA512_Init(&c);
132 SHA512_Update(&c, prefix.data.get(), prefix.size);
133 if (!payload.IsEmpty()) {
134 SHA512_Update(&c, payload.data.get(), payload.size);
135 }
136 SHA512_Final(res.data.get(), &c);
137
138 res.size = length;
139 return res;
140 }
141
142 } // namespace StorageDaemon
143 } // namespace OHOS