1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <stdbool.h>
17 #include <securec.h>
18 #include "mbedtls/base64.h"
19 #include "mbedtls/cipher.h"
20 #include "mbedtls/aes.h"
21 #include "mbedtls/hkdf.h"
22 #include "mbedtls/md.h"
23 #include "attest_adapter.h"
24 #include "attest_utils.h"
25 #include "attest_utils_log.h"
26 #include "hks_api.h"
27 #include "hks_param.h"
28 #include "hks_type.h"
29 #include "attest_security.h"
30
31 const uint32_t IV_SIZE = 16;
32 uint8_t IV[16] = {0};
33 static struct HksBlob g_attestKeyAlias = { sizeof("xts_device_attest"), (uint8_t *)"xts_device_attest"};
34 static struct HksParam g_genParams[] = {
35 {
36 .tag = HKS_TAG_ALGORITHM,
37 .uint32Param = HKS_ALG_AES
38 }, {
39 .tag = HKS_TAG_PURPOSE,
40 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT
41 }, {
42 .tag = HKS_TAG_KEY_SIZE,
43 .uint32Param = HKS_AES_KEY_SIZE_128
44 }, {
45 .tag = HKS_TAG_PADDING,
46 .uint32Param = HKS_PADDING_PKCS7
47 }, {
48 .tag = HKS_TAG_BLOCK_MODE,
49 .uint32Param = HKS_MODE_CBC
50 }
51 };
52 static struct HksParam g_encryptParams[] = {
53 {
54 .tag = HKS_TAG_ALGORITHM,
55 .uint32Param = HKS_ALG_AES
56 }, {
57 .tag = HKS_TAG_PURPOSE,
58 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT
59 }, {
60 .tag = HKS_TAG_KEY_SIZE,
61 .uint32Param = HKS_AES_KEY_SIZE_128
62 }, {
63 .tag = HKS_TAG_PADDING,
64 .uint32Param = HKS_PADDING_PKCS7
65 }, {
66 .tag = HKS_TAG_DIGEST,
67 .uint32Param = HKS_DIGEST_NONE
68 }, {
69 .tag = HKS_TAG_BLOCK_MODE,
70 .uint32Param = HKS_MODE_CBC
71 }, {
72 .tag = HKS_TAG_IV,
73 .blob = {
74 .size = IV_SIZE,
75 .data = (uint8_t *)IV
76 }
77 }
78 };
79 static struct HksParam g_decryptParams[] = {
80 {
81 .tag = HKS_TAG_ALGORITHM,
82 .uint32Param = HKS_ALG_AES
83 }, {
84 .tag = HKS_TAG_PURPOSE,
85 .uint32Param = HKS_KEY_PURPOSE_DECRYPT
86 }, {
87 .tag = HKS_TAG_KEY_SIZE,
88 .uint32Param = HKS_AES_KEY_SIZE_128
89 }, {
90 .tag = HKS_TAG_PADDING,
91 .uint32Param = HKS_PADDING_PKCS7
92 }, {
93 .tag = HKS_TAG_DIGEST,
94 .uint32Param = HKS_DIGEST_NONE
95 }, {
96 .tag = HKS_TAG_BLOCK_MODE,
97 .uint32Param = HKS_MODE_CBC
98 }, {
99 .tag = HKS_TAG_IV,
100 .blob = {
101 .size = IV_SIZE,
102 .data = (uint8_t *)IV
103 }
104 }
105 };
106
107 // g_pskKey 和 g_encryptedPsk 是psk的计算因子,通过相关算法获取解码需要的psk。
108 // psk不能直接硬编码,因此设计两个计算因子。
109 uint8_t g_pskKey[BASE64_PSK_LENGTH] = {
110 0x35, 0x4d, 0x36, 0x50, 0x42, 0x79, 0x39, 0x41, 0x71, 0x30, 0x41, 0x76,
111 0x63, 0x56, 0x77, 0x65, 0x49, 0x68, 0x48, 0x46, 0x36, 0x67, 0x3d, 0x3d
112 };
113
114 uint8_t g_encryptedPsk[BASE64_PSK_LENGTH] = {
115 0x74, 0x71, 0x57, 0x2b, 0x56, 0x6d, 0x52, 0x6b, 0x30, 0x67, 0x52, 0x5a,
116 0x48, 0x58, 0x68, 0x78, 0x53, 0x56, 0x58, 0x67, 0x6a, 0x51, 0x3d, 0x3d
117 };
118
Base64Encode(const uint8_t * srcData,size_t srcDataLen,uint8_t * base64Encode,uint16_t base64EncodeLen)119 int32_t Base64Encode(const uint8_t* srcData, size_t srcDataLen, uint8_t* base64Encode, uint16_t base64EncodeLen)
120 {
121 if ((srcData == NULL) || (base64Encode == NULL)) {
122 ATTEST_LOG_ERROR("[Base64Encode] Invalid parameter");
123 return ERR_ATTEST_SECURITY_INVALID_ARG;
124 }
125
126 size_t outLen = 0;
127 int32_t ret = mbedtls_base64_encode(NULL, 0, &outLen, srcData, srcDataLen);
128 if ((outLen == 0) || (outLen > (size_t)(base64EncodeLen + 1))) {
129 ATTEST_LOG_ERROR("[Base64Encode] Base64 encode get outLen failed, outLen = %u, ret = -0x00%x", outLen, -ret);
130 return ERR_ATTEST_SECURITY_BASE64_ENCODE;
131 }
132 uint8_t base64Data[outLen];
133 (void)memset_s(base64Data, sizeof(base64Data), 0, sizeof(base64Data));
134 ret = mbedtls_base64_encode(base64Data, sizeof(base64Data), &outLen, srcData, srcDataLen);
135 if (ret != ATTEST_OK) {
136 ATTEST_LOG_ERROR("[Base64Encode] Base64 encode failed, ret = -0x00%x", -ret);
137 return ERR_ATTEST_SECURITY_BASE64_ENCODE;
138 }
139 ret = memcpy_s(base64Encode, base64EncodeLen, base64Data, outLen);
140 if (ret != ATTEST_OK) {
141 ATTEST_LOG_ERROR("[Base64Encode] memcpy_s base64Data fail");
142 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
143 }
144 return ATTEST_OK;
145 }
146
GetSalt(uint8_t * salt,uint32_t saltLen)147 void GetSalt(uint8_t* salt, uint32_t saltLen)
148 {
149 if ((salt == NULL) || (saltLen != SALT_LEN)) {
150 ATTEST_LOG_ERROR("[GetSalt] Invalid parameter");
151 return;
152 }
153
154 const uint8_t randomNumBytes = 4;
155 const uint8_t offsetBits = 8;
156 uint32_t temp = 0;
157 for (uint32_t i = 0; i < saltLen; i++) {
158 if ((i % randomNumBytes) == 0) {
159 temp = (uint32_t)GetRandomNum(); // 生成的随机数为4字节
160 }
161 // temp右移8bits
162 salt[i] = (uint8_t)((temp >> ((i % randomNumBytes) * offsetBits)) & 0xff);
163 if (salt[i] == 0) {
164 salt[i]++;
165 }
166 }
167 }
168
GetPsk(uint8_t psk[],size_t pskLen)169 static int32_t GetPsk(uint8_t psk[], size_t pskLen)
170 {
171 if (pskLen != PSK_LEN) {
172 ATTEST_LOG_ERROR("[GetPsk] Invalid parameter");
173 return ERR_ATTEST_SECURITY_INVALID_ARG;
174 }
175 size_t outLen = 0;
176 (void)mbedtls_base64_decode(NULL, 0, &outLen, g_pskKey, sizeof(g_pskKey));
177 if (outLen != pskLen) {
178 ATTEST_LOG_ERROR("[GetPsk] pskKey base64 decode fail");
179 return ERR_ATTEST_SECURITY_INVALID_ARG;
180 }
181 uint8_t base64PskKey[outLen];
182 (void)memset_s(base64PskKey, sizeof(base64PskKey), 0, sizeof(base64PskKey));
183 int32_t ret = mbedtls_base64_decode(base64PskKey, outLen, &outLen, g_pskKey, sizeof(g_pskKey));
184 if (ret != ATTEST_OK) {
185 ATTEST_LOG_ERROR("[GetPsk] GetPsk Base64Decode base64PskKey failed, ret = %d", ret);
186 return ERR_ATTEST_SECURITY_BASE64_DECODE;
187 }
188 outLen = 0;
189 (void)mbedtls_base64_decode(NULL, 0, &outLen, g_encryptedPsk, sizeof(g_encryptedPsk));
190 if (outLen != pskLen) {
191 ATTEST_LOG_ERROR("[GetPsk] encryptedPsk base64 decode fail");
192 return ERR_ATTEST_SECURITY_INVALID_ARG;
193 }
194 uint8_t base64Psk[outLen];
195 (void)memset_s(base64Psk, sizeof(base64Psk), 0, sizeof(base64Psk));
196 ret = mbedtls_base64_decode(base64Psk, outLen, &outLen, g_encryptedPsk, sizeof(g_encryptedPsk));
197 if (ret != ATTEST_OK) {
198 ATTEST_LOG_ERROR("[GetPsk] GetPsk Base64Decode base64Psk failed, ret = %d", ret);
199 return ERR_ATTEST_SECURITY_BASE64_DECODE;
200 }
201 for (size_t i = 0; i < pskLen; i++) {
202 psk[i] = base64Psk[i] ^ base64PskKey[i];
203 }
204 return ATTEST_OK;
205 }
206
GetProductInfo(const char * version,SecurityParam * productInfoParam)207 static int32_t GetProductInfo(const char* version, SecurityParam* productInfoParam)
208 {
209 if (productInfoParam == NULL) {
210 return ERR_ATTEST_SECURITY_INVALID_ARG;
211 }
212 int32_t ret = AttestGetManufacturekey(productInfoParam->param, MANUFACTUREKEY_LEN);
213 if (ret != ATTEST_OK) {
214 ATTEST_LOG_ERROR("[GetProductInfo] Get AC Key failed, ret = %d", ret);
215 return ret;
216 }
217
218 if (strcmp(version, TOKEN_VER0_0) == 0) { // productInfo = Manufacturekey + productId
219 uint8_t productId[PRODUCT_ID_LEN] = {0};
220 ret = AttestGetProductId(productId, sizeof(productId));
221 if (ret != ATTEST_OK) {
222 ATTEST_LOG_ERROR("[GetProductInfo] Get product id failed, ret = %d", ret);
223 return ret;
224 }
225 if (memcpy_s(productInfoParam->param + MANUFACTUREKEY_LEN, PRODUCT_ID_LEN, productId, PRODUCT_ID_LEN) != 0) {
226 ATTEST_LOG_ERROR("[GetProductInfo] Copy product id failed");
227 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
228 }
229 } else if (strcmp(version, TOKEN_VER1_0) == 0) { // productInfo = Manufacturekey
230 productInfoParam->paramLen = MANUFACTUREKEY_LEN;
231 }
232 return ATTEST_OK;
233 }
234
InitHksParamSet(struct HksParamSet ** paramSet,const struct HksParam * params,uint32_t paramcount)235 static int32_t InitHksParamSet(struct HksParamSet** paramSet, const struct HksParam *params, uint32_t paramcount)
236 {
237 int32_t ret = HksInitParamSet(paramSet);
238 if (ret != ATTEST_OK) {
239 ATTEST_LOG_ERROR("[InitHksParamSet] HksInitParamSet failed");
240 return ATTEST_ERR;
241 }
242
243 ret = HksAddParams(*paramSet, params, paramcount);
244 if (ret != ATTEST_OK) {
245 ATTEST_LOG_ERROR("[InitHksParamSet] HksAddParams failed");
246 HksFreeParamSet(paramSet);
247 return ATTEST_ERR;
248 }
249
250 ret = HksBuildParamSet(paramSet);
251 if (ret != ATTEST_OK) {
252 ATTEST_LOG_ERROR("[InitHksParamSet] HksAddParams failed");
253 HksFreeParamSet(paramSet);
254 return ATTEST_ERR;
255 }
256 return ret;
257 }
258
DecryptHksImpl(struct HksBlob * cipherText,uint8_t * outputData,size_t outputDataLen)259 static int32_t DecryptHksImpl(struct HksBlob *cipherText, uint8_t *outputData, size_t outputDataLen)
260 {
261 struct HksParamSet *decryptParamSet = NULL;
262 int32_t ret = InitHksParamSet(&decryptParamSet, g_decryptParams, sizeof(g_decryptParams) / sizeof(struct HksParam));
263 if (ret != ATTEST_OK) {
264 ATTEST_LOG_ERROR("[DecryptHksImpl] InitHksParamSet g_decryptParams failed");
265 return ATTEST_ERR;
266 }
267 uint8_t tmpOut1[HKS_DECRYPT_LEN] = {0};
268 struct HksBlob plainText = { HKS_DECRYPT_LEN, tmpOut1 };
269 ret = HksDecrypt(&g_attestKeyAlias, decryptParamSet, cipherText, &plainText);
270 if (ret != ATTEST_OK) {
271 ATTEST_LOG_ERROR("[DecryptHksImpl] HksDecrypt failed");
272 HksFreeParamSet(&decryptParamSet);
273 return ATTEST_ERR;
274 }
275 ret = memcpy_s(outputData, outputDataLen, plainText.data, (int)plainText.size);
276 if (ret != ATTEST_OK) {
277 ATTEST_LOG_ERROR("[DecryptHksImpl] copy result failed");
278 HksFreeParamSet(&decryptParamSet);
279 return ATTEST_ERR;
280 }
281 return ret;
282 }
283
DecryptHks(const uint8_t * inputData,size_t inputDataLen,uint8_t * outputData,size_t outputDataLen)284 int32_t DecryptHks(const uint8_t *inputData, size_t inputDataLen, uint8_t *outputData, size_t outputDataLen)
285 {
286 if ((inputData == NULL) || (inputDataLen == 0) || (outputData == NULL) || (outputDataLen == 0)) {
287 ATTEST_LOG_ERROR("[DecryptHks] DecryptHks Invalid parameter");
288 return ERR_ATTEST_SECURITY_INVALID_ARG;
289 }
290 struct HksParamSet *genParamSetDecrypt = NULL;
291 int32_t ret = InitHksParamSet(&genParamSetDecrypt, g_genParams, sizeof(g_genParams) / sizeof(struct HksParam));
292 if (ret != ATTEST_OK) {
293 ATTEST_LOG_ERROR("[DecryptHks] InitHksParamSet g_genParams failed");
294 return ATTEST_ERR;
295 }
296 ret = HksKeyExist(&g_attestKeyAlias, genParamSetDecrypt);
297 if (ret != ATTEST_OK) {
298 ATTEST_LOG_ERROR("[DecryptHks] Hks key doesn't exist");
299 HksFreeParamSet(&genParamSetDecrypt);
300 return ATTEST_ERR;
301 }
302 size_t base64Len = 0;
303 uint8_t encryptData[ENCRYPT_LEN] = {0};
304 ret = mbedtls_base64_decode(encryptData, sizeof(encryptData), &base64Len, inputData, inputDataLen);
305 if (ret != ATTEST_OK) {
306 ATTEST_LOG_ERROR("[DecryptHks] Base64 decode symbol info failed, ret = %d", ret);
307 HksFreeParamSet(&genParamSetDecrypt);
308 return ERR_ATTEST_SECURITY_BASE64_DECODE;
309 }
310 struct HksBlob cipherText = { sizeof(encryptData), encryptData };
311 ret = DecryptHksImpl(&cipherText, outputData, outputDataLen);
312 if (ret != ATTEST_OK) {
313 ATTEST_LOG_ERROR("[DecryptHks] DecryptHksImpl failed");
314 HksFreeParamSet(&genParamSetDecrypt);
315 return ATTEST_ERR;
316 }
317 return ret;
318 }
319
GetAesKey(const SecurityParam * salt,const VersionData * versionData,const SecurityParam * aesKey)320 int32_t GetAesKey(const SecurityParam* salt, const VersionData* versionData, const SecurityParam* aesKey)
321 {
322 if ((salt == NULL) || (versionData == NULL) || (aesKey == NULL) || (versionData->versionLen == 0)) {
323 ATTEST_LOG_ERROR("[GetAesKey] Invalid parameter");
324 return ERR_ATTEST_SECURITY_INVALID_ARG;
325 }
326
327 uint8_t productInfo[MANUFACTUREKEY_LEN + PRODUCT_ID_LEN] = {0};
328 SecurityParam info = {productInfo, sizeof(productInfo)};
329 int32_t ret = GetProductInfo(versionData->version, &info);
330 if (ret != ATTEST_OK) {
331 ATTEST_LOG_ERROR("[GetAesKey] Get product info failed, ret = %d", ret);
332 return ret;
333 }
334 uint8_t psk[PSK_LEN] = {0};
335 ret = GetPsk(psk, PSK_LEN);
336 if (ret != ATTEST_OK) {
337 ATTEST_LOG_ERROR("[GetAesKey] Get psk failed, ret = %d", ret);
338 return ret;
339 }
340 SecurityParam key = {psk, sizeof(psk)};
341 const mbedtls_md_info_t *mdInfo = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
342 // 导出秘钥
343 ret = mbedtls_hkdf(mdInfo, salt->param, salt->paramLen,
344 key.param, key.paramLen,
345 info.param, info.paramLen,
346 aesKey->param, aesKey->paramLen);
347 if (ret != ATTEST_OK) {
348 ATTEST_LOG_ERROR("[GetAesKey] HKDF derive key failed, ret = -0x%x", -ret);
349 }
350 return ret;
351 }
352
353 // AES-128-CBC-PKCS#7解密
DecryptAesCbc(AesCryptBufferDatas * datas,const uint8_t * aesKey,const uint8_t * iv,size_t ivLen)354 static int32_t DecryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey,
355 const uint8_t* iv, size_t ivLen)
356 {
357 if ((datas == NULL) || (datas->input == NULL) || (datas->output == NULL) ||
358 (datas->outputLen == NULL) || (aesKey == NULL)) {
359 ATTEST_LOG_ERROR("[DecryptAesCbc] Invalid parameter");
360 return ERR_ATTEST_SECURITY_INVALID_ARG;
361 }
362 if ((iv == NULL) || (ivLen != IV_LEN)) {
363 ATTEST_LOG_ERROR("[DecryptAesCbc] iv out of range");
364 return ERR_ATTEST_SECURITY_INVALID_ARG;
365 }
366
367 mbedtls_aes_context aesCtx;
368 mbedtls_aes_init(&aesCtx);
369 int32_t ret = mbedtls_aes_setkey_dec(&aesCtx, aesKey, AES_CIPHER_BITS);
370 if (ret != ATTEST_OK) {
371 ATTEST_LOG_ERROR("[DecryptAesCbc] Set mbedtls enc key failed, ret = -0x%x", ret);
372 return ret;
373 }
374
375 uint8_t ivTmp[IV_LEN] = {0};
376 ret = memcpy_s(ivTmp, sizeof(ivTmp), iv, ivLen);
377 if (ret != ATTEST_OK) {
378 ATTEST_LOG_ERROR("[DecryptAesCbc] memcpy_s iv fail");
379 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
380 }
381 // iv is updated after use, so define ivTmp
382 ret = mbedtls_aes_crypt_cbc(&aesCtx, MBEDTLS_AES_DECRYPT, datas->inputLen, ivTmp,
383 (const uint8_t*)datas->input, datas->output);
384 (void)memset_s(ivTmp, sizeof(ivTmp), 0, sizeof(ivTmp));
385 if (ret != ATTEST_OK) {
386 ATTEST_LOG_ERROR("[DecryptAesCbc] Encrypt failed, ret = -0x%x", ret);
387 return ret;
388 }
389
390 mbedtls_cipher_info_t cipherInfo;
391 (void)memset_s(&cipherInfo, sizeof(cipherInfo), 0, sizeof(cipherInfo));
392 cipherInfo.mode = MBEDTLS_MODE_CBC;
393
394 mbedtls_cipher_context_t cipherCtx;
395 mbedtls_cipher_init(&cipherCtx);
396 cipherCtx.cipher_info = &cipherInfo;
397 ret = mbedtls_cipher_set_padding_mode(&cipherCtx, MBEDTLS_PADDING_PKCS7);
398 if (ret != ATTEST_OK) {
399 ATTEST_LOG_ERROR("[DecryptAesCbc] Set padding mode failed, ret = -0x%x", ret);
400 return ret;
401 }
402 ret = cipherCtx.get_padding(datas->output, datas->inputLen, datas->outputLen);
403 if (ret != ATTEST_OK) {
404 ATTEST_LOG_ERROR("[DecryptAesCbc] Get padding failed, ret = -0x%x", ret);
405 }
406 return ret;
407 }
408
EncryptHksImpl(struct HksBlob * inData,uint8_t * outputData,size_t outputDataLen)409 static int32_t EncryptHksImpl(struct HksBlob *inData, uint8_t* outputData, size_t outputDataLen)
410 {
411 struct HksParamSet *encryptParamSet = NULL;
412 int32_t ret = InitHksParamSet(&encryptParamSet, g_encryptParams, sizeof(g_encryptParams) / sizeof(struct HksParam));
413 if (ret != ATTEST_OK) {
414 ATTEST_LOG_ERROR("[EncryptHksImpl] InitHksParamSet g_encryptParams failed");
415 return ATTEST_ERR;
416 }
417 uint8_t tmpOut[HKS_ENCRYPT_LEN] = {0};
418 struct HksBlob cipherText = { HKS_ENCRYPT_LEN, tmpOut };
419 ret = HksEncrypt(&g_attestKeyAlias, encryptParamSet, inData, &cipherText);
420 if (ret != ATTEST_OK) {
421 ATTEST_LOG_ERROR("[EncryptHksImpl] HksEncrypt failed");
422 HksFreeParamSet(&encryptParamSet);
423 return ATTEST_ERR;
424 }
425 size_t outputLen = 0;
426 uint8_t base64Data[BASE64_LEN + 1] = {0};
427 ret = mbedtls_base64_encode(base64Data, sizeof(base64Data), &outputLen,
428 (const uint8_t*)cipherText.data, (size_t)cipherText.size);
429 if (ret != ATTEST_OK) {
430 ATTEST_LOG_ERROR("[EncryptHksImpl] Base64 encode symbol info failed, ret = -0x00%x", -ret);
431 HksFreeParamSet(&encryptParamSet);
432 return ret;
433 }
434 if (outputLen > outputDataLen) {
435 ATTEST_LOG_ERROR("[EncryptHksImpl] output Len is wrong length");
436 HksFreeParamSet(&encryptParamSet);
437 return ERR_ATTEST_SECURITY_INVALID_ARG;
438 }
439 ret = memcpy_s(outputData, outputDataLen, base64Data, outputLen);
440 if (ret != ATTEST_OK) {
441 ATTEST_LOG_ERROR("[EncryptHksImpl] Encrypt memcpy_s failed, ret = %d", ret);
442 HksFreeParamSet(&encryptParamSet);
443 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
444 }
445 return ret;
446 }
447
EncryptHks(uint8_t * inputData,size_t inputDataLen,uint8_t * outputData,size_t outputDataLen)448 int32_t EncryptHks(uint8_t* inputData, size_t inputDataLen, uint8_t* outputData, size_t outputDataLen)
449 {
450 if ((inputData == NULL) || (inputDataLen == 0) || (outputData == NULL) || (outputDataLen == 0)) {
451 ATTEST_LOG_ERROR("[EncryptHks] EncryptHks Invalid parameter");
452 return ERR_ATTEST_SECURITY_INVALID_ARG;
453 }
454 struct HksParamSet *genParamSetEncrypt = NULL;
455 int32_t ret = InitHksParamSet(&genParamSetEncrypt, g_genParams, sizeof(g_genParams) / sizeof(struct HksParam));
456 if (ret != ATTEST_OK) {
457 ATTEST_LOG_ERROR("[EncryptHks] InitHksParamSet g_genParams failed");
458 return ATTEST_ERR;
459 }
460 ret = HksKeyExist(&g_attestKeyAlias, genParamSetEncrypt);
461 if (ret != ATTEST_OK) {
462 ret = HksGenerateKey(&g_attestKeyAlias, genParamSetEncrypt, NULL);
463 if (ret != ATTEST_OK) {
464 ATTEST_LOG_ERROR("[EncryptHks] HksGenerateKey failed");
465 HksFreeParamSet(&genParamSetEncrypt);
466 return ATTEST_ERR;
467 }
468 }
469 ATTEST_LOG_INFO("[EncryptHks] HksKeyExist or HksGenerateKey success");
470 struct HksBlob inData = { inputDataLen, inputData };
471 ret = EncryptHksImpl(&inData, outputData, outputDataLen);
472 if (ret != ATTEST_OK) {
473 ATTEST_LOG_ERROR("[EncryptHks] EncryptHksImpl failed");
474 HksFreeParamSet(&genParamSetEncrypt);
475 return ATTEST_ERR;
476 }
477 return ret;
478 }
479
480 // AES-128-CBC-PKCS#7加密
EncryptAesCbc(AesCryptBufferDatas * datas,const uint8_t * aesKey,const char * iv,size_t ivLen)481 static int32_t EncryptAesCbc(AesCryptBufferDatas* datas, const uint8_t* aesKey,
482 const char* iv, size_t ivLen)
483 {
484 if ((datas == NULL) || (datas->input == NULL) || (datas->output == NULL) ||
485 (datas->outputLen == NULL) || (aesKey == NULL)) {
486 ATTEST_LOG_ERROR("[EncryptAesCbc] Invalid parameter");
487 return ERR_ATTEST_SECURITY_INVALID_ARG;
488 }
489 if ((iv == NULL) || (ivLen != IV_LEN)) {
490 ATTEST_LOG_ERROR("[EncryptAesCbc] iv out of range");
491 return ERR_ATTEST_SECURITY_INVALID_ARG;
492 }
493
494 if ((datas->inputLen / AES_BLOCK + 1) > (UINT_MAX / AES_BLOCK)) {
495 ATTEST_LOG_ERROR("[EncryptAesCbc] AesCryptBufferDatas inputLen overflow");
496 return ERR_ATTEST_SECURITY_INVALID_ARG;
497 }
498 *datas->outputLen = (datas->inputLen / AES_BLOCK + 1) * AES_BLOCK;
499
500 mbedtls_cipher_info_t cipherInfo;
501 (void)memset_s(&cipherInfo, sizeof(cipherInfo), 0, sizeof(cipherInfo));
502 cipherInfo.mode = MBEDTLS_MODE_CBC;
503
504 mbedtls_cipher_context_t cipherCtx;
505 mbedtls_cipher_init(&cipherCtx);
506 cipherCtx.cipher_info = &cipherInfo;
507 int32_t ret = mbedtls_cipher_set_padding_mode(&cipherCtx, MBEDTLS_PADDING_PKCS7);
508 if (ret != ATTEST_OK) {
509 ATTEST_LOG_ERROR("[EncryptAesCbc] Set padding mode failed, ret = -0x%x", ret);
510 return ret;
511 }
512 cipherCtx.add_padding(datas->input, *(datas->outputLen), datas->inputLen);
513
514 mbedtls_aes_context aesCtx;
515 mbedtls_aes_init(&aesCtx);
516 ret = mbedtls_aes_setkey_enc(&aesCtx, aesKey, AES_CIPHER_BITS);
517 if (ret != ATTEST_OK) {
518 ATTEST_LOG_ERROR("[EncryptAesCbc] Set mbedtls enc key failed, ret = -0x%x", ret);
519 return ret;
520 }
521
522 uint8_t ivTmp[IV_LEN] = {0};
523 if (memcpy_s(ivTmp, sizeof(ivTmp), iv, ivLen) != 0) {
524 ATTEST_LOG_ERROR("[EncryptAesCbc] memcpy_s iv fail");
525 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
526 }
527 // iv is updated after use, so define ivTmp
528 ret = mbedtls_aes_crypt_cbc(&aesCtx, MBEDTLS_AES_ENCRYPT, *datas->outputLen, ivTmp,
529 (const uint8_t*)datas->input, datas->output);
530 (void)memset_s(ivTmp, sizeof(ivTmp), 0, sizeof(ivTmp));
531 if (ret != ATTEST_OK) {
532 ATTEST_LOG_ERROR("[EncryptAesCbc] Encrypt failed, ret = -0x%x", ret);
533 }
534 return ret;
535 }
536
Encrypt(uint8_t * inputData,size_t inputDataLen,const uint8_t * aesKey,uint8_t * outputData,size_t outputDataLen)537 int32_t Encrypt(uint8_t* inputData, size_t inputDataLen, const uint8_t* aesKey,
538 uint8_t* outputData, size_t outputDataLen)
539 {
540 if ((inputData == NULL) || (inputDataLen == 0) || (aesKey == NULL) || (outputData == NULL)) {
541 ATTEST_LOG_ERROR("[Encrypt] Encrypt Invalid parameter");
542 return ERR_ATTEST_SECURITY_INVALID_ARG;
543 }
544
545 size_t aesOutLen = 0;
546 uint8_t encryptedData[ENCRYPT_LEN] = {0};
547 AesCryptBufferDatas datas = {inputData, inputDataLen, encryptedData, &aesOutLen};
548 int32_t ret = EncryptAesCbc(&datas, aesKey, (const char*)(aesKey + PSK_LEN), AES_KEY_LEN - PSK_LEN);
549 if (ret != ATTEST_OK) {
550 ATTEST_LOG_ERROR("[Encrypt] Aes CBC encrypt symbol info failed, ret = %d", ret);
551 return ret;
552 }
553
554 size_t outputLen = 0;
555 uint8_t base64Data[BASE64_LEN + 1] = {0};
556 ret = mbedtls_base64_encode(base64Data, sizeof(base64Data), &outputLen,
557 (const uint8_t*)encryptedData, aesOutLen);
558 if (ret != ATTEST_OK) {
559 ATTEST_LOG_ERROR("[Encrypt] Base64 encode symbol info failed, ret = -0x00%x", -ret);
560 return ret;
561 }
562
563 if (outputLen > outputDataLen) {
564 ATTEST_LOG_ERROR("[Encrypt] output Len is wrong length");
565 return ERR_ATTEST_SECURITY_INVALID_ARG;
566 }
567 ret = memcpy_s(outputData, outputDataLen, base64Data, outputLen);
568 if (ret != ATTEST_OK) {
569 ATTEST_LOG_ERROR("[Encrypt] Encrypt memcpy_s failed, ret = %d", ret);
570 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
571 }
572 return ATTEST_OK;
573 }
574
Decrypt(const uint8_t * inputData,size_t inputDataLen,const uint8_t * aesKey,uint8_t * outputData,size_t outputDataLen)575 int32_t Decrypt(const uint8_t* inputData, size_t inputDataLen, const uint8_t* aesKey,
576 uint8_t* outputData, size_t outputDataLen)
577 {
578 if ((inputData == NULL) || (inputDataLen == 0) || (aesKey == NULL) || (outputData == NULL)) {
579 ATTEST_LOG_ERROR("[Decrypt] Invalid parameter");
580 return ERR_ATTEST_SECURITY_INVALID_ARG;
581 }
582
583 size_t base64Len = 0;
584 uint8_t encryptData[ENCRYPT_LEN] = {0};
585 int32_t ret = mbedtls_base64_decode(encryptData, sizeof(encryptData), &base64Len, inputData, inputDataLen);
586 if (ret != ATTEST_OK) {
587 ATTEST_LOG_ERROR("[Decrypt] Base64 decode symbol info failed, ret = %d", ret);
588 return ERR_ATTEST_SECURITY_BASE64_DECODE;
589 }
590
591 size_t decryptDataLen = 0;
592 uint8_t decryptData[ENCRYPT_LEN] = {0};
593 AesCryptBufferDatas datas = {encryptData, base64Len, decryptData, &decryptDataLen};
594 if (DecryptAesCbc(&datas, aesKey, aesKey + PSK_LEN, AES_KEY_LEN - PSK_LEN) != 0) {
595 ATTEST_LOG_ERROR("[Decrypt] Aes CBC encrypt symbol info failed, ret = %d", ret);
596 return ERR_ATTEST_SECURITY_DECRYPT;
597 }
598
599 if ((decryptDataLen == 0) || (decryptDataLen > outputDataLen)) {
600 ATTEST_LOG_ERROR("[Decrypt] decryptData Len out of range");
601 return ERR_ATTEST_SECURITY_INVALID_ARG;
602 }
603 ret = memcpy_s(outputData, outputDataLen, decryptData, decryptDataLen);
604 if (ret != ATTEST_OK) {
605 ATTEST_LOG_ERROR("[Decrypt] memcpy_s decryptData fail");
606 return ERR_ATTEST_SECURITY_MEM_MEMCPY;
607 }
608 return ATTEST_OK;
609 }