#include #include #include #include "IxErrno.h" #include "qsee_log.h" #include "qsee_cipher.h" #include "qsee_clk.h" #include "qsee_kdf.h" #include "qsee_heap.h" #include "qsee_core.h" #include "qsee_fuse.h" #include "qsee_hash.h" #include "bksecapp_wrap_unrap.h" #include "bksecapp_fuse_location.h" #define UINT8_A uint8_t __attribute__ ((aligned(128))) #define WRAP_SUCCESS 0 #define WRAP_FAILED -1 #define WRAP_INVALID_BUFFER -2 #define WRAP_INSUFFICIENT_WRAP_BUFFER -3 #define WRAP_FAILED_INPUT_DATA_LENGTH -4 #define WRAP_FAILED_KEY_DERIVE -5 #define WRAP_FAILED_SHA_DIGEST -6 #define WRAP_FAILED_AES_ENCRYPT -7 #define WRAP_FAILED_AES_DECRYPT -8 #define WRAP_FAILED_DATA_INTEGRITY -9 #define WRAP_FAILED_INPUT_KEY_LENGTH -10 #define UNWRAP_FAILED_INPUT_KEY_LENGTH -11 #define WRAP_FAILED_OUTPUT_DATA_LENGTH -12 static char TZ_APP_NAME[] = {"bksecapp"}; static bool KEYMODEKDF = true; static UINT8_A wrapped_message[4096] = { 0 }; typedef struct bk_aes_vector_type { QSEE_CIPHER_ALGO_ET alg; QSEE_CIPHER_MODE_ET mode; QSEE_CIPHER_PAD_ET pad; uint8_t* pt; uint32_t* pt_len; uint8_t* key; uint32_t key_len; uint8_t* iv; uint8_t* ct; uint32_t* ct_len; } __attribute__ ((packed)) bk_aes_vector_type_t; uint32_t bksecapp_aes_derive_key( uint8_t *salt, uint32_t saltLen, uint8_t * encKey, uint32_t encKeyLen, bool usekdf ) { uint32_t ret = WRAP_SUCCESS; char key_context[] = {"HW Crypto AES key derived from SHK"}; int serial_num = 0; int jtag_id = 0; uint32 row_data_read[2] = {0x0, 0x0}; uint32 i = 0; if (salt == NULL || saltLen == 0 ) { qsee_log(QSEE_LOG_MSG_ERROR, "%s: invalid salt", __FUNCTION__); return WRAP_FAILED_KEY_DERIVE; } if (encKey == NULL || encKeyLen == 0) { qsee_log(QSEE_LOG_MSG_ERROR, "%s: invalid key buffer", __FUNCTION__); return WRAP_FAILED_KEY_DERIVE; } if(usekdf) { ret = qsee_kdf(NULL, 32/* Could be any value. it is ignored as 1st param is NULL */, (void*)salt, saltLen, (void*)key_context, strlen(key_context), encKey, encKeyLen); if (ret == -1) { qsee_log(QSEE_LOG_MSG_ERROR,"%s: qsee_kdf() null pointers present where not allowed",__FUNCTION__); ret = WRAP_FAILED_KEY_DERIVE; } else if (ret == -2) { qsee_log(QSEE_LOG_MSG_ERROR,"%s: qsee_kdf(): invalid values or overflow",__FUNCTION__); ret = WRAP_FAILED_KEY_DERIVE; } } else { serial_num = qsee_read_serial_num(); jtag_id = qsee_read_jtag_id(); for(i = 0; i*8 < QSEE_AES256_KEY_SIZE; i++) { qsee_fuse_read(HWIO_QFPROM_RAW_PK_HASH0_ROWn_LSB_ADDR(i), QFPROM_ADDR_SPACE_RAW, row_data_read, &ret); if(ret != QFPROM_NO_ERR) { qsee_log(QSEE_LOG_MSG_ERROR, "%s: Initial read returned error: %d",__FUNCTION__,ret); return WRAP_FAILED_KEY_DERIVE; } #ifdef DEBUG_WRAP qsee_log(QSEE_LOG_MSG_ERROR, "OEM_PK_HASH read value for aes key: %x %x",row_data_read[0], row_data_read[1]); #endif memcpy(encKey + (2*i*sizeof(row_data_read[0])), (uint8_t *)&row_data_read[0], sizeof(row_data_read[0])); memcpy(encKey + (2*i*sizeof(row_data_read[0]) + sizeof(row_data_read[1])), (uint8_t *)&row_data_read[1], sizeof(row_data_read[1])); } memcpy(encKey, (uint8_t *)&serial_num, sizeof(serial_num)); memcpy(encKey + sizeof(serial_num), (uint8_t *)&jtag_id, sizeof(jtag_id)); } #ifdef DEBUG_WRAP qsee_log(QSEE_LOG_MSG_ERROR, "%s: value of aes key for bksecapp (%s)",__FUNCTION__,usekdf ? "kdf" : "fuse"); BK_Hex_dumpss(encKey,QSEE_AES256_KEY_SIZE); #endif return (uint32_t)ret; } int bksecapp_app_crypto_aes_encrypt_func(QSEE_CIPHER_ALGO_ET alg, QSEE_CIPHER_MODE_ET mode, QSEE_CIPHER_PAD_ET pad, uint8_t *pt, uint32_t *pt_len, uint8_t *key, uint32_t key_len, uint8_t *iv, uint8_t *ct, uint32_t *ct_len) { qsee_cipher_ctx *ctx = 0; int status = E_SUCCESS; uint8_t digest[SHA256_DIGEST_LENGTH] = { 0 }; uint32_t digestLen=sizeof(digest); /*------------------------------------------------------------------ Init ctx ------------------------------------------------------------------*/ if (qsee_cipher_init(alg, &ctx) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_init API failed"); status = -E_FAILURE; } /*-------------------------------------------------------------------- Set key for encryption ----------------------------------------------------------------------*/ if (E_SUCCESS == status && qsee_cipher_set_param(ctx, QSEE_CIPHER_PARAM_KEY, key, key_len) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_set_param API failed"); status = -E_FAILURE; } /*-------------------------------------------------------------------- Set AES mode ----------------------------------------------------------------------*/ if (E_SUCCESS == status && qsee_cipher_set_param(ctx, QSEE_CIPHER_PARAM_MODE, &mode, sizeof(mode)) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_set_param API failed"); status = -E_FAILURE; } if (E_SUCCESS == status && qsee_cipher_set_param(ctx, QSEE_CIPHER_PARAM_PAD, &pad, sizeof(pad)) < 0) { qsee_log(QSEE_LOG_MSG_DEBUG,"qsee_cipher_set_parm API failed to set padding mode" ); status = -E_FAILURE; } if (E_SUCCESS == status && pad == QSEE_CIPHER_PAD_NO_PAD) { status = qsee_hash(QSEE_HASH_SHA256, pt, *pt_len, digest, digestLen); if (status != E_SUCCESS) { qsee_log(QSEE_LOG_MSG_DEBUG,"%s: bksecapp_sha256_hash_calculate returns an error", __FUNCTION__); status = -E_FAILURE; } memcpy(pt + *pt_len,digest,AES_CIPHER_PAD_SIZE); *pt_len = *pt_len + AES_CIPHER_PAD_SIZE; } /*-------------------------------------------------------------------- Set IV only if not NULL ----------------------------------------------------------------------*/ if (E_SUCCESS == status && NULL != iv && qsee_cipher_set_param(ctx, QSEE_CIPHER_PARAM_IV, iv, QSEE_AES128_IV_SIZE) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_set_param API failed"); status = -E_FAILURE; } #ifdef DEBUG_WRAP qsee_log(QSEE_LOG_MSG_ERROR,"%s : pt_len: %d, ct_len %d", __FUNCTION__,*pt_len,*ct_len); BK_Hex_dumpss(pt,*pt_len); #endif /*----------------------------------------------------------------------- Now encrypt the data -------------------------------------------------------------------------*/ if (E_SUCCESS == status && qsee_cipher_encrypt(ctx, pt, *pt_len, ct, ct_len) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_encrypt API failed"); status = -E_FAILURE; } #ifdef DEBUG_WRAP qsee_log(QSEE_LOG_MSG_ERROR,"%s : pt_len: %d, ct_len: %d", __FUNCTION__,*pt_len,*ct_len); BK_Hex_dumpss(ct,*ct_len); #endif if (E_SUCCESS == status) { if (pad == QSEE_CIPHER_PAD_NO_PAD) *ct_len = *pt_len; } /*--------------------------------------------------------------------------- Reset cipher context (Optional). ----------------------------------------------------------------------------*/ if (E_SUCCESS == status && qsee_cipher_reset(ctx) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_reset API failed"); status = -E_FAILURE; } if (ctx) { if (qsee_cipher_free_ctx(ctx) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_free_ctx API failed"); status = -E_FAILURE; } ctx = 0; } return status; } int bksecapp_app_crypto_aes_decrypt_func(QSEE_CIPHER_ALGO_ET alg, QSEE_CIPHER_MODE_ET mode, QSEE_CIPHER_PAD_ET pad, uint8_t *pt, uint32_t *pt_len, uint8_t *key, uint32_t key_len, uint8_t *iv, uint8_t *ct, uint32_t *ct_len) { qsee_cipher_ctx *ctx = 0; int status = E_SUCCESS; uint8_t digest[SHA256_DIGEST_LENGTH] = { 0 }; uint32_t digestLen=sizeof(digest); /*------------------------------------------------------------------ Init ctx ------------------------------------------------------------------*/ if (qsee_cipher_init(alg, &ctx) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_init API failed"); status = -E_FAILURE; } /*-------------------------------------------------------------------------------- We must set parameters again so we can do the decrypt ---------------------------------------------------------------------------------*/ if (E_SUCCESS == status && qsee_cipher_set_param(ctx, QSEE_CIPHER_PARAM_KEY, key, key_len) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_set_parm API failed"); status = -E_FAILURE; } if (E_SUCCESS == status && qsee_cipher_set_param(ctx, QSEE_CIPHER_PARAM_MODE, &mode, sizeof(mode)) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_set_parm API failed"); status = -E_FAILURE; } if (E_SUCCESS == status && qsee_cipher_set_param(ctx, QSEE_CIPHER_PARAM_PAD, &pad, sizeof(pad)) < 0) { qsee_log(QSEE_LOG_MSG_DEBUG,"qsee_cipher_set_parm API failed to set padding mode" ); status = -E_FAILURE; } /*---------------------------------------------------------------------------------- Set IV if not NULL ------------------------------------------------------------------------------------*/ if (E_SUCCESS == status && NULL != iv && qsee_cipher_set_param(ctx, QSEE_CIPHER_PARAM_IV, iv, QSEE_AES128_IV_SIZE) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_set_parm API failed"); status = -E_FAILURE; } /*---------------------------------------------------------------------------------- Now decrypt the data ------------------------------------------------------------------------------------*/ #ifdef DEBUG_WRAP qsee_log(QSEE_LOG_MSG_ERROR,"%s : ct_len: %d, pt_len: %d", __FUNCTION__,*ct_len,*pt_len); BK_Hex_dumpss(ct,*ct_len); #endif if (E_SUCCESS == status && qsee_cipher_decrypt(ctx, ct, *ct_len, pt, pt_len) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_decrypt API failed"); status = -E_FAILURE; } #ifdef DEBUG_WRAP qsee_log(QSEE_LOG_MSG_ERROR,"%s : ct_len: %d, pt_len: %d", __FUNCTION__,*ct_len,*pt_len); BK_Hex_dumpss(pt,*ct_len); #endif if (E_SUCCESS == status && pad == QSEE_CIPHER_PAD_NO_PAD) { status = qsee_hash(QSEE_HASH_SHA256, pt, *ct_len - AES_CIPHER_PAD_SIZE, digest, digestLen); if (status != E_SUCCESS) { qsee_log(QSEE_LOG_MSG_DEBUG,"%s: bksecapp_sha256_hash_calculate returns an error", __FUNCTION__); status = -E_FAILURE; } if( E_SUCCESS != memcmp(digest, pt + *ct_len - AES_CIPHER_PAD_SIZE, AES_CIPHER_PAD_SIZE)) { qsee_log(QSEE_LOG_MSG_DEBUG,"%s: the unwrapped data has integrity error", __FUNCTION__); status = -E_FAILURE; } } if (E_SUCCESS == status) { if (pad == QSEE_CIPHER_PAD_NO_PAD) *pt_len = *ct_len - AES_CIPHER_PAD_SIZE; } else *pt_len = *ct_len; /*--------------------------------------------------------------------------- Reset cipher context (Optional). ----------------------------------------------------------------------------*/ if (E_SUCCESS == status && qsee_cipher_reset(ctx) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_reset API failed"); status = -E_FAILURE; } if (ctx) { if (qsee_cipher_free_ctx(ctx) < 0) { qsee_log(QSEE_LOG_MSG_ERROR,"qsee_cipher_free_ctx API failed"); status = -E_FAILURE; } ctx = 0; } return status; } static int32_t BK_wrap_data( uint8_t * data, uint32_t datalen, uint8_t * wrapped_data, uint32_t * wrapped_datalen) { uint32_t ret = E_SUCCESS; uint8_t keyBuffer[QSEE_AES256_KEY_SIZE] = { 0 }; uint32_t keyLen=sizeof(keyBuffer); bk_aes_vector_type_t bksecapp_wrap_vectors = {0,}; UINT8_A bksecapp_aes256_iv[QSEE_AES256_IV_SIZE] = {0,}; int serial_num = 0; if ((data == NULL) || (wrapped_data == NULL) || (datalen == 0)) { qsee_log(QSEE_LOG_MSG_DEBUG, "%s invalid input buffer", __FUNCTION__); return WRAP_INVALID_BUFFER; } serial_num = qsee_read_serial_num(); memcpy(bksecapp_aes256_iv, (uint8_t *)&serial_num, sizeof(serial_num)); if (sizeof(wrapped_message) < (datalen + AES_CIPHER_PAD_SIZE)) { qsee_log(QSEE_LOG_MSG_DEBUG, "%s insufficient wrap data buffer2 %d %d", __FUNCTION__,sizeof(wrapped_message),(datalen + AES_CIPHER_PAD_SIZE)); return WRAP_FAILED_INPUT_DATA_LENGTH; } ret = bksecapp_aes_derive_key((uint8_t *)TZ_APP_NAME, strlen(TZ_APP_NAME), keyBuffer, keyLen, KEYMODEKDF); if (ret != WRAP_SUCCESS) { qsee_log(QSEE_LOG_MSG_DEBUG,"%s: bksecapp_aes_derive_key returns an error", __FUNCTION__); return WRAP_FAILED_KEY_DERIVE; } memset(wrapped_message, 0, sizeof(wrapped_message)); *wrapped_datalen = sizeof(wrapped_message); bksecapp_wrap_vectors.alg = QSEE_CIPHER_ALGO_AES_256; bksecapp_wrap_vectors.mode = QSEE_CIPHER_MODE_CBC; bksecapp_wrap_vectors.pad = QSEE_CIPHER_PAD_PKCS7; bksecapp_wrap_vectors.pt = data; bksecapp_wrap_vectors.pt_len =(uint32_t*)&datalen; bksecapp_wrap_vectors.key = keyBuffer; bksecapp_wrap_vectors.key_len = keyLen; bksecapp_wrap_vectors.iv = bksecapp_aes256_iv; bksecapp_wrap_vectors.ct = wrapped_message; bksecapp_wrap_vectors.ct_len = wrapped_datalen; ret = bksecapp_app_crypto_aes_encrypt_func(bksecapp_wrap_vectors.alg, bksecapp_wrap_vectors.mode, bksecapp_wrap_vectors.pad, bksecapp_wrap_vectors.pt, bksecapp_wrap_vectors.pt_len, bksecapp_wrap_vectors.key, bksecapp_wrap_vectors.key_len, bksecapp_wrap_vectors.iv, bksecapp_wrap_vectors.ct, bksecapp_wrap_vectors.ct_len); if (sizeof(wrapped_message) < *wrapped_datalen) { qsee_log(QSEE_LOG_MSG_DEBUG, "%s insufficient wrap out data len%d %d", __FUNCTION__,sizeof(wrapped_message),*wrapped_datalen); return WRAP_FAILED_OUTPUT_DATA_LENGTH; } if (ret == E_SUCCESS) { qsee_log(QSEE_LOG_MSG_DEBUG,"BKSECAPP AES WRAP Function : Passed"); memcpy(wrapped_data, wrapped_message, *wrapped_datalen); } else { qsee_log(QSEE_LOG_MSG_ERROR,"BKSECAPP AES WRAP Function : Failed"); memcpy(data, "Failed wraped data",sizeof("Failed wraped data")); } memset(keyBuffer, 0, sizeof(keyBuffer)); return ret; } static int32_t BK_unwrap_data( uint8_t * wrapped_data, uint32_t wrapped_datalen, uint8_t * data, uint32_t * datalen ) { uint32_t ret = WRAP_SUCCESS; uint8_t keyBuffer[QSEE_AES256_KEY_SIZE] = { 0 }; uint32_t keyLen=sizeof(keyBuffer); uint8_t digest[SHA256_DIGEST_LENGTH] = { 0 }; uint32_t digestLen=sizeof(digest); bk_aes_vector_type_t bksecapp_wrap_vectors = {0,}; UINT8_A bksecapp_aes256_iv[QSEE_AES256_IV_SIZE] = {0,}; int serial_num = 0; if ((data == NULL) || (wrapped_data == NULL) || (wrapped_datalen == 0)) { qsee_log(QSEE_LOG_MSG_DEBUG, "%s invalid input buffer", __FUNCTION__); return WRAP_INVALID_BUFFER; } serial_num = qsee_read_serial_num(); memcpy(bksecapp_aes256_iv, (uint8_t *)&serial_num, sizeof(serial_num)); if ( sizeof(wrapped_message) < wrapped_datalen) { qsee_log(QSEE_LOG_MSG_DEBUG, "%s insufficient wrap data buffer", __FUNCTION__); return WRAP_INSUFFICIENT_WRAP_BUFFER; } ret = bksecapp_aes_derive_key((uint8_t *)TZ_APP_NAME, strlen(TZ_APP_NAME), keyBuffer, keyLen, KEYMODEKDF); if (ret != WRAP_SUCCESS) { qsee_log(QSEE_LOG_MSG_DEBUG,"%s: bksecapp_aes_derive_key returns an error", __FUNCTION__); return WRAP_FAILED_KEY_DERIVE; } memset(wrapped_message, 0, sizeof(wrapped_message)); *datalen = sizeof(wrapped_message); bksecapp_wrap_vectors.alg = QSEE_CIPHER_ALGO_AES_256; bksecapp_wrap_vectors.mode = QSEE_CIPHER_MODE_CBC; bksecapp_wrap_vectors.pad = QSEE_CIPHER_PAD_PKCS7; bksecapp_wrap_vectors.pt = wrapped_message; bksecapp_wrap_vectors.pt_len = datalen; bksecapp_wrap_vectors.key = keyBuffer; bksecapp_wrap_vectors.key_len = keyLen; bksecapp_wrap_vectors.iv = bksecapp_aes256_iv; bksecapp_wrap_vectors.ct = wrapped_data; bksecapp_wrap_vectors.ct_len = (uint32_t *)&wrapped_datalen; ret = bksecapp_app_crypto_aes_decrypt_func(bksecapp_wrap_vectors.alg, bksecapp_wrap_vectors.mode, bksecapp_wrap_vectors.pad, bksecapp_wrap_vectors.pt, bksecapp_wrap_vectors.pt_len, bksecapp_wrap_vectors.key, bksecapp_wrap_vectors.key_len, bksecapp_wrap_vectors.iv, bksecapp_wrap_vectors.ct, bksecapp_wrap_vectors.ct_len); if (sizeof(wrapped_message) < *datalen) { qsee_log(QSEE_LOG_MSG_DEBUG, "%s insufficient unwrap out data len %d %d", __FUNCTION__,sizeof(wrapped_message),*datalen); return WRAP_FAILED_OUTPUT_DATA_LENGTH; } if (ret == E_SUCCESS) { qsee_log(QSEE_LOG_MSG_DEBUG,"BKSECAPP AES UNWRAP Function : Passed"); memcpy(data, wrapped_message,(uint32_t)*datalen); } else { qsee_log(QSEE_LOG_MSG_ERROR,"BKSECAPP AES UNWRAP Function : Failed"); memcpy(data, "Failed unwraped data",sizeof("Failed unwraped data")); } memset(keyBuffer, 0, sizeof(keyBuffer)); return ret; } int bk_wrap_function(wrap_unwrap_key_status_t *req_ptr,wrap_unwrap_key_status_t *rsp_ptr) { int ret = WRAP_FAILED; qsee_log(QSEE_LOG_MSG_DEBUG, "%s: InputunwrapedData ======================================= %d", __FUNCTION__,req_ptr->keysize); #ifdef DEBUG_WRAP BK_Hex_dumpss(req_ptr->keydata,req_ptr->keysize); #endif if(req_ptr->keysize > sizeof(wrap_unwrap_key_status_t) - sizeof(uint32) - AES_CIPHER_PAD_SIZE) return WRAP_FAILED_INPUT_KEY_LENGTH; rsp_ptr->keysize = sizeof(rsp_ptr->keydata); ret = BK_wrap_data((uint8_t*)req_ptr->keydata,req_ptr->keysize,(uint8_t*)rsp_ptr->keydata,(void*)&rsp_ptr->keysize); qsee_log(QSEE_LOG_MSG_DEBUG, "%s: OutputwrapedData ======================================= %d", __FUNCTION__,rsp_ptr->keysize); #ifdef DEBUG_WRAP BK_Hex_dumpss(rsp_ptr->keydata,rsp_ptr->keysize); #endif return ret; } int bk_unwrap_function(wrap_unwrap_key_status_t *req_ptr,wrap_unwrap_key_status_t *rsp_ptr) { int ret = WRAP_FAILED; qsee_log(QSEE_LOG_MSG_DEBUG, "%s: InputwrapedData ======================================= %d", __FUNCTION__,req_ptr->keysize); #ifdef DEBUG_WRAP BK_Hex_dumpss(req_ptr->keydata,req_ptr->keysize); #endif if(req_ptr->keysize > sizeof(wrap_unwrap_key_status_t) - sizeof(uint32)) return UNWRAP_FAILED_INPUT_KEY_LENGTH; ret = BK_unwrap_data((uint8_t*)req_ptr->keydata,req_ptr->keysize,(uint8_t*)rsp_ptr->keydata,(void*)&rsp_ptr->keysize); qsee_log(QSEE_LOG_MSG_DEBUG, "%s: OutputunwrapedData ======================================= %d", __FUNCTION__,rsp_ptr->keysize); #ifdef DEBUG_WRAP BK_Hex_dumpss(rsp_ptr->keydata,rsp_ptr->keysize); #endif return ret; }