1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "base_key.h"
16 #include "err.h"
17 #include "key_manager.h"
18 #include "key_blob.h"
19 #include "openssl_crypto.h"
20 #include "openssl/err.h"
21 #include <openssl/sha.h>
22 #include "storage_service_log.h"
23 #include "third_party/openssl/include/openssl/evp.h"
24
25 namespace OHOS {
26 namespace StorageDaemon {
AESDecrypt(const KeyBlob & preKey,KeyContext & keyContext_,KeyBlob & plainText)27 bool OpensslCrypto::AESDecrypt(const KeyBlob &preKey, KeyContext &keyContext_, KeyBlob &plainText)
28 {
29 KeyBlob shield = HashAndClip(preKey, keyContext_.secDiscard, AES_256_HASH_RANDOM_SIZE);
30 if (keyContext_.encrypted.size < GCM_NONCE_BYTES + GCM_MAC_BYTES) {
31 LOGE("GCM cipherText too small: %{public}u ", keyContext_.encrypted.size);
32 return false;
33 }
34 auto ctx = std::unique_ptr<EVP_CIPHER_CTX, decltype(&::EVP_CIPHER_CTX_free)>(
35 EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
36 if (!ctx) {
37 LOGE("Openssl error: %{public}lu ", ERR_get_error());
38 return false;
39 }
40 if (EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, reinterpret_cast<const uint8_t*>(shield.data.get()),
41 reinterpret_cast<const uint8_t*>(keyContext_.encrypted.data.get())) !=
42 OPENSSL_SUCCESS_FLAG) {
43 LOGE("Openssl error: %{public}lu ", ERR_get_error());
44 return false;
45 }
46 plainText = KeyBlob(keyContext_.encrypted.size - GCM_NONCE_BYTES - GCM_MAC_BYTES);
47 int outlen;
48 if (EVP_DecryptUpdate(ctx.get(), reinterpret_cast<uint8_t*>(plainText.data.get()), &outlen,
49 reinterpret_cast<const uint8_t*>(keyContext_.encrypted.data.get() + GCM_NONCE_BYTES),
50 plainText.size) != OPENSSL_SUCCESS_FLAG) {
51 LOGE("Openssl error: %{public}lu ", ERR_get_error());
52 return false;
53 }
54 if (static_cast<int>(plainText.size) != outlen) {
55 LOGE("GCM plainText length should be %{private}u, was %{public}d", plainText.size, outlen);
56 return false;
57 }
58 if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, GCM_MAC_BYTES,
59 const_cast<void*>(reinterpret_cast<const void*>(
60 keyContext_.encrypted.data.get() + GCM_NONCE_BYTES + plainText.size))) !=
61 OPENSSL_SUCCESS_FLAG) {
62 LOGE("Openssl error: %{public}lu ", ERR_get_error());
63 return false;
64 }
65 if (EVP_DecryptFinal_ex(ctx.get(), reinterpret_cast<uint8_t*>(plainText.data.get() + plainText.size),
66 &outlen) != OPENSSL_SUCCESS_FLAG) {
67 LOGE("Openssl error: %{public}lu ", ERR_get_error());
68 return false;
69 }
70 if (outlen != 0) {
71 LOGE("GCM EncryptFinal should be 0, was %{public}d ", outlen);
72 return false;
73 }
74 LOGI("Enhance decrypt key success");
75 return true;
76 }
77
AESEncrypt(const KeyBlob & preKey,const KeyBlob & plainText,KeyContext & keyContext_)78 bool OpensslCrypto::AESEncrypt(const KeyBlob &preKey, const KeyBlob &plainText, KeyContext &keyContext_)
79 {
80 KeyBlob shield = HashAndClip(preKey, keyContext_.secDiscard, AES_256_HASH_RANDOM_SIZE);
81 auto ctx = std::unique_ptr<EVP_CIPHER_CTX, decltype(&::EVP_CIPHER_CTX_free)>(
82 EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
83 if (!ctx) {
84 LOGE("Openssl error: %{public}lu ", ERR_get_error());
85 return false;
86 }
87 keyContext_.encrypted = KeyBlob(GCM_NONCE_BYTES + plainText.size + GCM_MAC_BYTES);
88 if (EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL,
89 reinterpret_cast<const uint8_t*>(shield.data.get()),
90 reinterpret_cast<const uint8_t*>(keyContext_.encrypted.data.get())) !=
91 OPENSSL_SUCCESS_FLAG) {
92 LOGE("Openssl error: %{public}lu ", ERR_get_error());
93 return false;
94 }
95 int outlen;
96 if (EVP_EncryptUpdate(ctx.get(), reinterpret_cast<uint8_t*>(keyContext_.encrypted.data.get() + GCM_NONCE_BYTES),
97 &outlen, reinterpret_cast<const uint8_t*>(plainText.data.get()), plainText.size) !=
98 OPENSSL_SUCCESS_FLAG) {
99 LOGE("Openssl error: %{public}lu ", ERR_get_error());
100 return false;
101 }
102 if (static_cast<int>(plainText.size) != outlen) {
103 LOGE("GCM cipherText length should be %{private}d, was %{public}u", plainText.size, outlen);
104 return false;
105 }
106 if (EVP_EncryptFinal_ex(ctx.get(),
107 reinterpret_cast<uint8_t*>(keyContext_.encrypted.data.get() +
108 GCM_NONCE_BYTES + plainText.size), &outlen) != OPENSSL_SUCCESS_FLAG) {
109 LOGE("Openssl error: %{public}lu ", ERR_get_error());
110 return false;
111 }
112 if (outlen != 0) {
113 LOGE("GCM EncryptFinal should be 0 , was %{public}u", outlen);
114 return false;
115 }
116 if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, GCM_MAC_BYTES,
117 reinterpret_cast<uint8_t*> (keyContext_.encrypted.data.get() +
118 GCM_NONCE_BYTES + plainText.size)) != OPENSSL_SUCCESS_FLAG) {
119 LOGE("Openssl error: %{public}lu ", ERR_get_error());
120 return false;
121 }
122 LOGI("Enhance encrypt key success");
123 return true;
124 }
125
HashAndClip(const KeyBlob & prefix,const KeyBlob & payload,uint32_t length)126 KeyBlob OpensslCrypto::HashAndClip(const KeyBlob &prefix, const KeyBlob &payload, uint32_t length)
127 {
128 KeyBlob res(SHA512_DIGEST_LENGTH);
129 SHA512_CTX c;
130 SHA512_Init(&c);
131 SHA512_Update(&c, prefix.data.get(), prefix.size);
132 if (!payload.IsEmpty()) {
133 SHA512_Update(&c, payload.data.get(), payload.size);
134 }
135 SHA512_Final(res.data.get(), &c);
136
137 res.size = length;
138 return res;
139 }
140
141 } // namespace StorageDaemon
142 } // namespace OHOS