项目2:构建安全认证TA - 指纹/PIN验证与防重放攻击设计
本项目将指导您构建一个安全认证可信应用(TA),实现指纹/PIN验证功能,并设计有效的防重放攻击机制。通过本项目的实践,您将掌握Trusty环境下安全认证的核心实现技术。
[指纹/PIN验证系统架构图]
普通世界(Rich OS) ↔ 可信世界(Trusty) ↔ 安全硬件(如TEE、指纹传感器)
// 示例:定义TA UUID
#define TA_FINGERPRINT_AUTH_UUID \
{ 0x12345678, 0x9abc, 0xdef0, \
{ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 } }
// 命令定义
#define TA_CMD_ENROLL 0
#define TA_CMD_VERIFY 1
#define TA_CMD_DELETE 2// 使用Trusty安全存储API存储指纹模板
TEE_Result store_fingerprint_template(const uint8_t *template, size_t size) {
TEE_ObjectHandle obj;
TEE_Attribute attr;
uint32_t flags = TEE_DATA_FLAG_ACCESS_READ | TEE_DATA_FLAG_ACCESS_WRITE;
TEE_InitRefAttribute(&attr, TEE_ATTR_SECURE_STORAGE_ID,
"fingerprint_template", strlen("fingerprint_template"));
return TEE_CreatePersistentObject(TEE_STORAGE_PRIVATE,
&attr, 1, flags,
NULL, template, size, &obj);
}// 指纹验证函数示例
TEE_Result verify_fingerprint(const uint8_t *sample, size_t sample_size) {
TEE_ObjectHandle obj;
TEE_Attribute attr;
uint8_t *stored_template;
size_t stored_size;
TEE_Result res;
// 从安全存储中读取已注册的指纹模板
TEE_InitRefAttribute(&attr, TEE_ATTR_SECURE_STORAGE_ID,
"fingerprint_template", strlen("fingerprint_template"));
res = TEE_OpenPersistentObject(TEE_STORAGE_PRIVATE, &attr, 1,
TEE_DATA_FLAG_ACCESS_READ, &obj);
if (res != TEE_SUCCESS) return res;
// 获取模板数据
res = TEE_ReadObjectData(obj, &stored_template, &stored_size);
if (res != TEE_SUCCESS) {
TEE_CloseObject(obj);
return res;
}
// 执行比对逻辑 (简化示例,实际应使用专业算法)
if (sample_size != stored_size) {
TEE_CloseObject(obj);
return TEE_ERROR_SECURITY;
}
bool match = true;
for (size_t i = 0; i < sample_size; i++) {
if (sample[i] != stored_template[i]) {
match = false;
break;
}
}
TEE_CloseObject(obj);
return match ? TEE_SUCCESS : TEE_ERROR_SECURITY;
}// TA命令分发处理函数
TEE_Result TA_InvokeCommandEntryPoint(void *sess_ctx, uint32_t cmd_id,
uint32_t param_types, TEE_Param params[4]) {
switch (cmd_id) {
case TA_CMD_ENROLL:
return handle_enroll(param_types, params);
case TA_CMD_VERIFY:
return handle_verify(param_types, params);
case TA_CMD_DELETE:
return handle_delete(param_types, params);
default:
return TEE_ERROR_NOT_SUPPORTED;
}
}重放攻击(Replay Attack)是指攻击者截获并重复发送有效的认证数据包,以欺骗系统。在指纹/PIN验证系统中,主要风险包括:
// 时间戳验证示例
#define MAX_TIME_DIFF_MS 5000 // 允许的最大时间差5秒
TEE_Result verify_timestamp(uint64_t client_timestamp) {
uint64_t current_time = TEE_GetSystemTime();
if (current_time < client_timestamp ||
(current_time - client_timestamp) > MAX_TIME_DIFF_MS) {
return TEE_ERROR_TIME_NOT_SET;
}
return TEE_SUCCESS;
}// Nonce生成与验证
TEE_Result generate_nonce(uint8_t *nonce, size_t size) {
if (size < 16) return TEE_ERROR_BAD_PARAMETERS;
return TEE_GenerateRandom(nonce, size);
}
TEE_Result verify_nonce(const uint8_t *expected, const uint8_t *received, size_t size) {
if (TEE_MemCompare(expected, received, size) != 0)
return TEE_ERROR_SECURITY;
return TEE_SUCCESS;
}// 安全会话令牌结构
typedef struct {
uint32_t session_id;
uint64_t timestamp;
uint8_t nonce[16];
uint8_t hmac[32]; // HMAC-SHA256
} secure_session_token_t;
// 令牌验证函数
TEE_Result verify_session_token(const secure_session_token_t *token) {
// 1. 验证时间戳
TEE_Result res = verify_timestamp(token->timestamp);
if (res != TEE_SUCCESS) return res;
// 2. 验证HMAC
uint8_t computed_hmac[32];
compute_hmac(token, sizeof(*token) - sizeof(token->hmac), computed_hmac);
if (TEE_MemCompare(token->hmac, computed_hmac, sizeof(token->hmac)) != 0)
return TEE_ERROR_SECURITY;
return TEE_SUCCESS;
}| 防御机制 | 优点 | 局限性 |
|---|---|---|
| 时间戳 | 实现简单,无需存储状态 | 依赖时钟同步 |
| Nonce | 安全性高,不依赖时间 | 需要存储已用nonce |
| 序列号 | 实现简单,开销小 | 需要持久化存储 |
| HMAC | 提供完整性和认证 | 计算开销较大 |
在实际系统中,推荐采用多种防御机制的组合: