1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "base_key.h"
16 #include "err.h"
17 #include "huks_master.h"
18 #include "key_manager.h"
19 #include "key_blob.h"
20 #include "openssl_crypto.h"
21 #include "openssl/err.h"
22 #include <openssl/sha.h>
23 #include "storage_service_log.h"
24 #include "openssl/evp.h"
25
26 namespace OHOS {
27 namespace StorageDaemon {
AESDecrypt(const KeyBlob & preKey,KeyContext & keyContext_,KeyBlob & plainText)28 bool OpensslCrypto::AESDecrypt(const KeyBlob &preKey, KeyContext &keyContext_, KeyBlob &plainText)
29 {
30 LOGI("enter");
31 KeyBlob shield = HashWithPrefix(preKey, keyContext_.secDiscard, AES_256_HASH_RANDOM_SIZE);
32 if (keyContext_.rndEnc.size < GCM_NONCE_BYTES + GCM_MAC_BYTES) {
33 LOGE("GCM cipherText too small: %{public}u ", keyContext_.rndEnc.size);
34 return false;
35 }
36 auto ctx = std::unique_ptr<EVP_CIPHER_CTX, decltype(&::EVP_CIPHER_CTX_free)>(
37 EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
38 if (!ctx) {
39 LOGE("Openssl error: %{public}lu ", ERR_get_error());
40 return false;
41 }
42 if (EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, reinterpret_cast<const uint8_t*>(shield.data.get()),
43 reinterpret_cast<const uint8_t*>(keyContext_.rndEnc.data.get())) !=
44 OPENSSL_SUCCESS_FLAG) {
45 LOGE("Openssl error: %{public}lu ", ERR_get_error());
46 return false;
47 }
48 plainText = KeyBlob(keyContext_.rndEnc.size - GCM_NONCE_BYTES - GCM_MAC_BYTES);
49 int outlen;
50 if (EVP_DecryptUpdate(ctx.get(), reinterpret_cast<uint8_t*>(plainText.data.get()), &outlen,
51 reinterpret_cast<const uint8_t*>(keyContext_.rndEnc.data.get() + GCM_NONCE_BYTES),
52 plainText.size) != OPENSSL_SUCCESS_FLAG) {
53 LOGE("Openssl error: %{public}lu ", ERR_get_error());
54 return false;
55 }
56 if (static_cast<int>(plainText.size) != outlen) {
57 LOGE("GCM plainText length should be %{private}u, was %{public}d", plainText.size, outlen);
58 return false;
59 }
60 if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, GCM_MAC_BYTES,
61 const_cast<void*>(reinterpret_cast<const void*>(
62 keyContext_.rndEnc.data.get() + GCM_NONCE_BYTES + plainText.size))) !=
63 OPENSSL_SUCCESS_FLAG) {
64 LOGE("Openssl error: %{public}lu ", ERR_get_error());
65 return false;
66 }
67 if (EVP_DecryptFinal_ex(ctx.get(), reinterpret_cast<uint8_t*>(plainText.data.get() + plainText.size),
68 &outlen) != OPENSSL_SUCCESS_FLAG) {
69 LOGE("Openssl error: %{public}lu ", ERR_get_error());
70 return false;
71 }
72 if (outlen != 0) {
73 LOGE("GCM EncryptFinal should be 0, was %{public}d ", outlen);
74 return false;
75 }
76 LOGI("Enhance decrypt key success");
77 return true;
78 }
79
AESEncrypt(const KeyBlob & preKey,const KeyBlob & plainText,KeyContext & keyContext_)80 bool OpensslCrypto::AESEncrypt(const KeyBlob &preKey, const KeyBlob &plainText, KeyContext &keyContext_)
81 {
82 LOGI("enter");
83 KeyBlob shield = HashWithPrefix(preKey, keyContext_.secDiscard, AES_256_HASH_RANDOM_SIZE);
84 auto ctx = std::unique_ptr<EVP_CIPHER_CTX, decltype(&::EVP_CIPHER_CTX_free)>(
85 EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
86 if (!ctx) {
87 LOGE("Openssl error: %{public}lu ", ERR_get_error());
88 return false;
89 }
90 keyContext_.rndEnc = HuksMaster::GenerateRandomKey(GCM_NONCE_BYTES + plainText.size + GCM_MAC_BYTES);
91 if (EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL,
92 reinterpret_cast<const uint8_t*>(shield.data.get()),
93 reinterpret_cast<const uint8_t*>(keyContext_.rndEnc.data.get())) !=
94 OPENSSL_SUCCESS_FLAG) {
95 LOGE("Openssl error: %{public}lu ", ERR_get_error());
96 return false;
97 }
98 int outlen;
99 if (EVP_EncryptUpdate(ctx.get(), reinterpret_cast<uint8_t*>(keyContext_.rndEnc.data.get() + GCM_NONCE_BYTES),
100 &outlen, reinterpret_cast<const uint8_t*>(plainText.data.get()), plainText.size) !=
101 OPENSSL_SUCCESS_FLAG) {
102 LOGE("Openssl error: %{public}lu ", ERR_get_error());
103 return false;
104 }
105 if (static_cast<int>(plainText.size) != outlen) {
106 LOGE("GCM cipherText length should be %{private}d, was %{public}u", plainText.size, outlen);
107 return false;
108 }
109 if (EVP_EncryptFinal_ex(ctx.get(),
110 reinterpret_cast<uint8_t*>(keyContext_.rndEnc.data.get() +
111 GCM_NONCE_BYTES + plainText.size), &outlen) != OPENSSL_SUCCESS_FLAG) {
112 LOGE("Openssl error: %{public}lu ", ERR_get_error());
113 return false;
114 }
115 if (outlen != 0) {
116 LOGE("GCM EncryptFinal should be 0 , was %{public}u", outlen);
117 return false;
118 }
119 if (EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, GCM_MAC_BYTES,
120 reinterpret_cast<uint8_t*> (keyContext_.rndEnc.data.get() +
121 GCM_NONCE_BYTES + plainText.size)) != OPENSSL_SUCCESS_FLAG) {
122 LOGE("Openssl error: %{public}lu ", ERR_get_error());
123 return false;
124 }
125 LOGI("Enhance encrypt key success");
126 return true;
127 }
128
HashWithPrefix(const KeyBlob & prefix,const KeyBlob & payload,uint32_t length)129 KeyBlob OpensslCrypto::HashWithPrefix(const KeyBlob &prefix, const KeyBlob &payload, uint32_t length)
130 {
131 KeyBlob res(SHA512_DIGEST_LENGTH);
132 SHA512_CTX c;
133 SHA512_Init(&c);
134 SHA512_Update(&c, prefix.data.get(), prefix.size);
135 if (!payload.IsEmpty()) {
136 SHA512_Update(&c, payload.data.get(), payload.size);
137 }
138 SHA512_Final(res.data.get(), &c);
139
140 res.size = length;
141 return res;
142 }
143
144 } // namespace StorageDaemon
145 } // namespace OHOS