1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "rsa_asy_key_generator_openssl.h"
17 #include "openssl/pem.h"
18 #include "openssl/x509.h"
19 #include "algorithm_parameter.h"
20 #include "asy_key_generator_spi.h"
21 #include "log.h"
22 #include "memory.h"
23 #include "openssl_class.h"
24 #include "openssl_common.h"
25 #include "rsa_openssl_common.h"
26 #include "securec.h"
27 #include "string.h"
28 #include "utils.h"
29
30 #define OPENSSL_BITS_PER_BYTE 8
31 #define OPENSSL_RSA_KEYPAIR_CNT 3
32 #define OPENSSL_RSA_KEYGEN_DEFAULT_PRIMES 2
33 #define MAX_KEY_SIZE 8192
34 #define MIN_KEY_SIZE 512
35
36 enum OpensslRsaKeySize {
37 OPENSSL_RSA_KEY_SIZE_512 = 512,
38 OPENSSL_RSA_KEY_SIZE_768 = 768,
39 OPENSSL_RSA_KEY_SIZE_1024 = 1024,
40 OPENSSL_RSA_KEY_SIZE_2048 = 2048,
41 OPENSSL_RSA_KEY_SIZE_3072 = 3072,
42 OPENSSL_RSA_KEY_SIZE_4096 = 4096,
43 OPENSSL_RSA_KEY_SIZE_8192 = 8192,
44 };
45
46 enum OpensslRsaPrimesSize {
47 OPENSSL_RSA_PRIMES_SIZE_2 = 2,
48 OPENSSL_RSA_PRIMES_SIZE_3 = 3,
49 OPENSSL_RSA_PRIMES_SIZE_4 = 4,
50 OPENSSL_RSA_PRIMES_SIZE_5 = 5,
51 };
52
53 typedef struct {
54 int32_t bits;
55 int32_t primes;
56 BIGNUM *pubExp;
57 } HcfAsyKeyGenSpiRsaParams;
58
59 typedef struct {
60 HcfAsyKeyGeneratorSpi base;
61
62 HcfAsyKeyGenSpiRsaParams *params;
63 } HcfAsyKeyGeneratorSpiRsaOpensslImpl;
64
CheckRsaKeyGenParams(HcfAsyKeyGenSpiRsaParams * params)65 static HcfResult CheckRsaKeyGenParams(HcfAsyKeyGenSpiRsaParams *params)
66 {
67 switch (params->bits) {
68 case OPENSSL_RSA_KEY_SIZE_512:
69 case OPENSSL_RSA_KEY_SIZE_768:
70 if (params->primes != OPENSSL_RSA_PRIMES_SIZE_2) {
71 LOGE("Set invalid primes %d to Keygen bits %d.", params->primes, params->bits);
72 return HCF_INVALID_PARAMS;
73 }
74 break;
75 case OPENSSL_RSA_KEY_SIZE_1024:
76 case OPENSSL_RSA_KEY_SIZE_2048:
77 case OPENSSL_RSA_KEY_SIZE_3072:
78 if (params->primes > OPENSSL_RSA_PRIMES_SIZE_3 || params->primes < OPENSSL_RSA_PRIMES_SIZE_2) {
79 LOGE("Set invalid primes %d to Keygen bits %d.", params->primes, params->bits);
80 return HCF_INVALID_PARAMS;
81 }
82 break;
83 case OPENSSL_RSA_KEY_SIZE_4096:
84 if (params->primes > OPENSSL_RSA_PRIMES_SIZE_4 || params->primes < OPENSSL_RSA_PRIMES_SIZE_2) {
85 LOGE("Set invalid primes %d to Keygen bits %d.", params->primes, params->bits);
86 return HCF_INVALID_PARAMS;
87 }
88 break;
89 case OPENSSL_RSA_KEY_SIZE_8192: // This keySize can use primes from 2 to 5.
90 break;
91 default:
92 LOGE("The current bits %d is invalid.", params->bits);
93 return HCF_INVALID_PARAMS;
94 }
95 return HCF_SUCCESS;
96 }
97
GetOpensslPubkeyClass(void)98 static const char *GetOpensslPubkeyClass(void)
99 {
100 return OPENSSL_RSA_PUBKEY_CLASS;
101 }
102
GetOpensslPrikeyClass(void)103 static const char *GetOpensslPrikeyClass(void)
104 {
105 return OPENSSL_RSA_PRIKEY_CLASS;
106 }
107
GetOpensslKeyPairClass(void)108 static const char *GetOpensslKeyPairClass(void)
109 {
110 return OPENSSL_RSA_KEYPAIR_CLASS;
111 }
112
DestroyPubKey(HcfObjectBase * self)113 static void DestroyPubKey(HcfObjectBase *self)
114 {
115 if (self == NULL) {
116 LOGE("PubKey is NULL.");
117 return;
118 }
119 if (!IsClassMatch(self, OPENSSL_RSA_PUBKEY_CLASS)) {
120 LOGE("Class not match");
121 return;
122 }
123 HcfOpensslRsaPubKey *impl = (HcfOpensslRsaPubKey *)self;
124 RSA_free(impl->pk);
125 impl->pk = NULL;
126 HcfFree(self);
127 }
128
DestroyPriKey(HcfObjectBase * self)129 static void DestroyPriKey(HcfObjectBase *self)
130 {
131 if (self == NULL) {
132 LOGE("PubKey is NULL.");
133 return;
134 }
135 if (!IsClassMatch(self, OPENSSL_RSA_PRIKEY_CLASS)) {
136 LOGE("Class not match");
137 return;
138 }
139 HcfOpensslRsaPriKey *impl = (HcfOpensslRsaPriKey*)self;
140 RSA_free(impl->sk);
141 impl->sk = NULL;
142 HcfFree(self);
143 }
144
DestroyKey(HcfObjectBase * self)145 static void DestroyKey(HcfObjectBase *self)
146 {
147 LOGI("process DestroyKey");
148 }
149
DestroyKeyPair(HcfObjectBase * self)150 static void DestroyKeyPair(HcfObjectBase *self)
151 {
152 if (self == NULL) {
153 LOGE("PubKey is NULL.");
154 return;
155 }
156 if (!IsClassMatch(self, OPENSSL_RSA_KEYPAIR_CLASS)) {
157 LOGE("Class not match");
158 return;
159 }
160 HcfOpensslRsaKeyPair *impl = (HcfOpensslRsaKeyPair*)self;
161 DestroyPriKey((HcfObjectBase *)impl->base.priKey);
162 impl->base.priKey = NULL;
163 DestroyPubKey((HcfObjectBase *)impl->base.pubKey);
164 impl->base.pubKey = NULL;
165 HcfFree(self);
166 }
167
CopyMemFromBIO(BIO * bio,HcfBlob * outBlob)168 static HcfResult CopyMemFromBIO(BIO *bio, HcfBlob *outBlob)
169 {
170 if (bio == NULL || outBlob == NULL) {
171 LOGE("Invalid input.");
172 return HCF_INVALID_PARAMS;
173 }
174 int len = BIO_pending(bio);
175 if (len < 0) {
176 LOGE("Bio len less than 0.");
177 return HCF_INVALID_PARAMS;
178 }
179 HcfBlob blob;
180 blob.len = len;
181 blob.data = (uint8_t *)HcfMalloc(sizeof(uint8_t) * len, 0);
182 if (blob.data == NULL) {
183 LOGE("Malloc mem for blob fail.");
184 return HCF_ERR_MALLOC;
185 }
186 if (BIO_read(bio, blob.data, blob.len) <= 0) {
187 LOGE("Bio read fail");
188 HcfPrintOpensslError();
189 HcfFree(blob.data);
190 return HCF_ERR_CRYPTO_OPERATION;
191 }
192 outBlob->len = blob.len;
193 outBlob->data = blob.data;
194 return HCF_SUCCESS;
195 }
196
ConvertPubKeyFromX509(HcfBlob * x509Blob,RSA ** rsa)197 static HcfResult ConvertPubKeyFromX509(HcfBlob *x509Blob, RSA **rsa)
198 {
199 uint8_t *temp = x509Blob->data;
200 RSA *tempRsa = d2i_RSA_PUBKEY(NULL, (const unsigned char **)&temp, x509Blob->len);
201 if (tempRsa == NULL) {
202 LOGE("d2i_RSA_PUBKEY fail.");
203 return HCF_ERR_CRYPTO_OPERATION;
204 }
205 *rsa = tempRsa;
206 return HCF_SUCCESS;
207 }
208
ConvertPriKeyFromPKCS8(HcfBlob * pkcs8Blob,RSA ** rsa)209 static HcfResult ConvertPriKeyFromPKCS8(HcfBlob *pkcs8Blob, RSA **rsa)
210 {
211 uint8_t *temp = pkcs8Blob->data;
212 EVP_PKEY *pKey = d2i_AutoPrivateKey(NULL, (const unsigned char **)&temp, pkcs8Blob->len);
213 if (pKey == NULL) {
214 LOGE("d2i_AutoPrivateKey fail.");
215 HcfPrintOpensslError();
216 return HCF_ERR_CRYPTO_OPERATION;
217 }
218 RSA *tmpRsa = EVP_PKEY_get1_RSA(pKey);
219 if (tmpRsa == NULL) {
220 LOGE("EVP_PKEY_get0_RSA fail");
221 HcfPrintOpensslError();
222 EVP_PKEY_free(pKey);
223 return HCF_ERR_CRYPTO_OPERATION;
224 }
225 *rsa = tmpRsa;
226 EVP_PKEY_free(pKey);
227 return HCF_SUCCESS;
228 }
229
EncodePubKeyToX509(RSA * rsa,HcfBlob * returnBlob)230 static HcfResult EncodePubKeyToX509(RSA *rsa, HcfBlob *returnBlob)
231 {
232 unsigned char *tempData = NULL;
233 int len = i2d_RSA_PUBKEY(rsa, &tempData);
234 if (len <= 0) {
235 LOGE("i2d_RSA_PUBKEY fail");
236 HcfPrintOpensslError();
237 return HCF_ERR_CRYPTO_OPERATION;
238 }
239 returnBlob->data = tempData;
240 returnBlob->len = len;
241 return HCF_SUCCESS;
242 }
243
EncodePriKeyToPKCS8(RSA * rsa,HcfBlob * returnBlob)244 static HcfResult EncodePriKeyToPKCS8(RSA *rsa, HcfBlob *returnBlob)
245 {
246 EVP_PKEY *pKey = NewEvpPkeyByRsa(rsa, true);
247 if (pKey == NULL) {
248 LOGE("NewEvpPkeyByRsa fail.");
249 return HCF_ERR_CRYPTO_OPERATION;
250 }
251 HcfResult ret = HCF_SUCCESS;
252 BIO *bio = BIO_new(BIO_s_mem());
253 if (bio == NULL) {
254 LOGE("BIO new fail.");
255 HcfPrintOpensslError();
256 ret = HCF_ERR_CRYPTO_OPERATION;
257 goto ERR2;
258 }
259 if (i2d_PKCS8PrivateKey_bio(bio, pKey, NULL, NULL, 0, NULL, NULL) != HCF_OPENSSL_SUCCESS) {
260 LOGE("i2b_PrivateKey_bio fail.");
261 HcfPrintOpensslError();
262 ret = HCF_ERR_CRYPTO_OPERATION;
263 goto ERR1;
264 }
265 if (CopyMemFromBIO(bio, returnBlob) != HCF_SUCCESS) {
266 LOGE("CopyMemFromBIO fail.");
267 ret = HCF_ERR_CRYPTO_OPERATION;
268 goto ERR1;
269 }
270 ERR1:
271 BIO_free_all(bio);
272 ERR2:
273 EVP_PKEY_free(pKey);
274 return ret;
275 }
276
GetPubKeyEncoded(HcfKey * self,HcfBlob * returnBlob)277 static HcfResult GetPubKeyEncoded(HcfKey *self, HcfBlob *returnBlob)
278 {
279 if (self == NULL || returnBlob == NULL) {
280 LOGE("Input params is invalid.");
281 return HCF_INVALID_PARAMS;
282 }
283 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PUBKEY_CLASS)) {
284 LOGE("Class not match.");
285 return HCF_INVALID_PARAMS;
286 }
287 HcfOpensslRsaPubKey *impl = (HcfOpensslRsaPubKey *)self;
288 return EncodePubKeyToX509(impl->pk, returnBlob);
289 }
290
GetPriKeyEncoded(HcfKey * self,HcfBlob * returnBlob)291 static HcfResult GetPriKeyEncoded(HcfKey *self, HcfBlob *returnBlob)
292 {
293 if (self == NULL || returnBlob == NULL) {
294 LOGE("Key is null.");
295 return HCF_INVALID_PARAMS;
296 }
297
298 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
299 LOGE("Class not match.");
300 return HCF_INVALID_PARAMS;
301 }
302 HcfOpensslRsaPriKey *impl = (HcfOpensslRsaPriKey *)self;
303 return EncodePriKeyToPKCS8(impl->sk, returnBlob);
304 }
305
GetPubKeyFormat(HcfKey * self)306 static const char *GetPubKeyFormat(HcfKey *self)
307 {
308 if (self == NULL) {
309 LOGE("Invalid input parameter.");
310 return NULL;
311 }
312 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PUBKEY_CLASS)) {
313 return NULL;
314 }
315 return OPENSSL_RSA_PUBKEY_FORMAT;
316 }
317
GetPriKeyFormat(HcfKey * self)318 static const char *GetPriKeyFormat(HcfKey *self)
319 {
320 if (self == NULL) {
321 LOGE("Invalid input parameter.");
322 return NULL;
323 }
324 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
325 return NULL;
326 }
327 return OPENSSL_RSA_PRIKEY_FORMAT;
328 }
329
GetPriKeyAlgorithm(HcfKey * self)330 static const char *GetPriKeyAlgorithm(HcfKey *self)
331 {
332 if (self == NULL) {
333 LOGE("Invalid input parameter.");
334 return NULL;
335 }
336 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
337 return NULL;
338 }
339 return OPENSSL_RSA_ALGORITHM;
340 }
341
GetPubKeyAlgorithm(HcfKey * self)342 static const char *GetPubKeyAlgorithm(HcfKey *self)
343 {
344 if (self == NULL) {
345 LOGE("Invalid input parameter.");
346 return NULL;
347 }
348 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PUBKEY_CLASS)) {
349 return NULL;
350 }
351 return OPENSSL_RSA_ALGORITHM;
352 }
353
ClearPriKeyMem(HcfPriKey * self)354 static void ClearPriKeyMem(HcfPriKey *self)
355 {
356 if (self == NULL) {
357 LOGE("PriKey is NULL.");
358 return;
359 }
360 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
361 LOGE("Class not match");
362 return;
363 }
364 RSA_free(((HcfOpensslRsaPriKey *)self)->sk);
365 ((HcfOpensslRsaPriKey *)self)->sk = NULL;
366 }
367
PackPubKey(RSA * rsaPubKey,HcfOpensslRsaPubKey ** retPubKey)368 static HcfResult PackPubKey(RSA *rsaPubKey, HcfOpensslRsaPubKey **retPubKey)
369 {
370 if (retPubKey == NULL || rsaPubKey == NULL) {
371 LOGE("Invalid params");
372 return HCF_INVALID_PARAMS;
373 }
374 *retPubKey = (HcfOpensslRsaPubKey *)HcfMalloc(sizeof(HcfOpensslRsaPubKey), 0);
375 if (*retPubKey == NULL) {
376 LOGE("Malloc retPubKey fail");
377 return HCF_ERR_MALLOC;
378 }
379 (*retPubKey)->pk = rsaPubKey;
380 (*retPubKey)->bits = RSA_bits(rsaPubKey);
381 (*retPubKey)->base.base.getAlgorithm = GetPubKeyAlgorithm;
382 (*retPubKey)->base.base.getEncoded = GetPubKeyEncoded;
383 (*retPubKey)->base.base.getFormat = GetPubKeyFormat;
384 (*retPubKey)->base.base.base.getClass = GetOpensslPubkeyClass;
385 (*retPubKey)->base.base.base.destroy = DestroyKey;
386 return HCF_SUCCESS;
387 }
388
PackPriKey(RSA * rsaPriKey,HcfOpensslRsaPriKey ** retPriKey)389 static HcfResult PackPriKey(RSA *rsaPriKey, HcfOpensslRsaPriKey **retPriKey)
390 {
391 if (retPriKey == NULL || rsaPriKey == NULL) {
392 LOGE("Invalid params");
393 return HCF_INVALID_PARAMS;
394 }
395 *retPriKey = (HcfOpensslRsaPriKey *)HcfMalloc(sizeof(HcfOpensslRsaPriKey), 0);
396 if (*retPriKey == NULL) {
397 LOGE("Malloc retPriKey fail");
398 return HCF_ERR_MALLOC;
399 }
400 (*retPriKey)->sk = rsaPriKey;
401 (*retPriKey)->bits = RSA_bits(rsaPriKey);
402 (*retPriKey)->base.clearMem = ClearPriKeyMem;
403 (*retPriKey)->base.base.getAlgorithm = GetPriKeyAlgorithm;
404 (*retPriKey)->base.base.getEncoded = GetPriKeyEncoded;
405 (*retPriKey)->base.base.getFormat = GetPriKeyFormat;
406 (*retPriKey)->base.base.base.getClass = GetOpensslPrikeyClass;
407 (*retPriKey)->base.base.base.destroy = DestroyKey;
408 return HCF_SUCCESS;
409 }
410
DuplicatePkAndSkFromRSA(RSA * rsa,RSA ** pubKey,RSA ** priKey)411 static HcfResult DuplicatePkAndSkFromRSA(RSA *rsa, RSA **pubKey, RSA **priKey)
412 {
413 if (rsa == NULL) {
414 LOGE("Rsa is NULL.");
415 return HCF_INVALID_PARAMS;
416 }
417 if (DuplicateRsa(rsa, false, pubKey) != HCF_SUCCESS) {
418 LOGE("Duplicate pubkey rsa fail");
419 return HCF_ERR_CRYPTO_OPERATION;
420 }
421 if (DuplicateRsa(rsa, true, priKey) != HCF_SUCCESS) {
422 LOGE("Duplicate prikey rsa fail");
423 RSA_free(*pubKey);
424 *pubKey = NULL;
425 return HCF_ERR_CRYPTO_OPERATION;
426 }
427 return HCF_SUCCESS;
428 }
429
PackKeyPair(RSA * rsa,uint32_t realBits,HcfOpensslRsaKeyPair ** retKeyPair)430 static HcfResult PackKeyPair(RSA *rsa, uint32_t realBits, HcfOpensslRsaKeyPair **retKeyPair)
431 {
432 if (retKeyPair == NULL || rsa == NULL) {
433 LOGE("Invalid params");
434 return HCF_INVALID_PARAMS;
435 }
436 RSA *pubKey = NULL, *priKey = NULL;
437 if (DuplicatePkAndSkFromRSA(rsa, &pubKey, &priKey) != HCF_SUCCESS) {
438 LOGE("DuplicatePkAndSkFromRSA fail");
439 return HCF_ERR_CRYPTO_OPERATION;
440 }
441 HcfResult ret = HCF_SUCCESS;
442 *retKeyPair = (HcfOpensslRsaKeyPair *)HcfMalloc(sizeof(HcfOpensslRsaKeyPair), 0);
443 if (*retKeyPair == NULL) {
444 LOGE("Malloc keypair fail");
445 RSA_free(pubKey);
446 RSA_free(priKey);
447 return HCF_ERR_MALLOC;
448 }
449 HcfOpensslRsaPriKey *priKeyImpl = NULL;
450 HcfOpensslRsaPubKey *pubKeyImpl = NULL;
451 ret = PackPubKey(pubKey, &pubKeyImpl);
452 if (ret != HCF_SUCCESS) {
453 LOGE("Pack pubKey fail.");
454 goto ERR2;
455 }
456 ret = PackPriKey(priKey, &priKeyImpl);
457 if (ret != HCF_SUCCESS) {
458 LOGE("Pack priKey fail.");
459 goto ERR1;
460 }
461 (*retKeyPair)->base.priKey = (HcfPriKey *)priKeyImpl;
462 (*retKeyPair)->base.pubKey = (HcfPubKey *)pubKeyImpl;
463 (*retKeyPair)->base.base.getClass = GetOpensslKeyPairClass;
464 (*retKeyPair)->base.base.destroy = DestroyKeyPair;
465 return HCF_SUCCESS;
466 ERR1:
467 HcfFree(pubKeyImpl);
468 ERR2:
469 RSA_free(pubKey);
470 RSA_free(priKey);
471 HcfFree(*retKeyPair);
472 *retKeyPair = NULL;
473 return ret;
474 }
475
GenerateKeyPairByOpenssl(HcfAsyKeyGenSpiRsaParams * params,HcfKeyPair ** keyPair)476 static HcfResult GenerateKeyPairByOpenssl(HcfAsyKeyGenSpiRsaParams *params, HcfKeyPair **keyPair)
477 {
478 // check input params is valid
479 HcfResult res = CheckRsaKeyGenParams(params);
480 if (res != HCF_SUCCESS) {
481 LOGE("Rsa CheckRsaKeyGenParams fail.");
482 return HCF_INVALID_PARAMS;
483 }
484 // Generate keyPair RSA
485 RSA *rsa = RSA_new();
486 if (rsa == NULL) {
487 LOGE("new RSA fail.");
488 return HCF_ERR_MALLOC;
489 }
490 LOGI("keygen bits is %d, primes is %d", params->bits, GetRealPrimes(params->primes));
491 if (GetRealPrimes(params->primes) != OPENSSL_RSA_KEYGEN_DEFAULT_PRIMES) {
492 if (RSA_generate_multi_prime_key(rsa, params->bits, GetRealPrimes(params->primes), params->pubExp, NULL)
493 != HCF_OPENSSL_SUCCESS) {
494 LOGE("Generate multi-primes rsa key fail");
495 HcfPrintOpensslError();
496 RSA_free(rsa);
497 return HCF_ERR_CRYPTO_OPERATION;
498 }
499 } else {
500 if (RSA_generate_key_ex(rsa, params->bits, params->pubExp, NULL) != HCF_OPENSSL_SUCCESS) {
501 LOGE("Generate rsa key fail");
502 HcfPrintOpensslError();
503 RSA_free(rsa);
504 return HCF_ERR_CRYPTO_OPERATION;
505 }
506 }
507
508 // devided to pk and sk;
509 HcfOpensslRsaKeyPair *keyPairImpl = NULL;
510 res = PackKeyPair(rsa, params->bits, &keyPairImpl);
511 if (res != HCF_SUCCESS) {
512 LOGE("Generate keyPair fail.");
513 RSA_free(rsa);
514 return res;
515 }
516 *keyPair = (HcfKeyPair *)keyPairImpl;
517 RSA_free(rsa);
518 LOGI("Generate keypair success.");
519 return res;
520 }
521
EngineGenerateKeyPair(HcfAsyKeyGeneratorSpi * self,HcfKeyPair ** keyPair)522 static HcfResult EngineGenerateKeyPair(HcfAsyKeyGeneratorSpi *self, HcfKeyPair **keyPair)
523 {
524 LOGI("EngineGenerateKeyPair start");
525 if (self == NULL || keyPair == NULL) {
526 LOGE("Invalid params.");
527 return HCF_INVALID_PARAMS;
528 }
529 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) {
530 LOGE("Class not match.");
531 return HCF_INVALID_PARAMS;
532 }
533 HcfAsyKeyGeneratorSpiRsaOpensslImpl *impl = (HcfAsyKeyGeneratorSpiRsaOpensslImpl *)self;
534 return GenerateKeyPairByOpenssl(impl->params, keyPair);
535 }
536
GetKeyGeneratorClass(void)537 static const char *GetKeyGeneratorClass(void)
538 {
539 return OPENSSL_RSA_GENERATOR_CLASS;
540 }
541
DestroyKeyGeneratorSpiImpl(HcfObjectBase * self)542 static void DestroyKeyGeneratorSpiImpl(HcfObjectBase *self)
543 {
544 LOGI("DestroyKeyGeneratorSpiImpl start.");
545 if (self == NULL) {
546 LOGE("DestroyKeyGeneratorSpiImpl is null");
547 return;
548 }
549 if (!IsClassMatch(self, OPENSSL_RSA_GENERATOR_CLASS)) {
550 LOGE("Class not match.");
551 return;
552 }
553 // destroy pubExp first.
554 HcfAsyKeyGeneratorSpiRsaOpensslImpl *impl = (HcfAsyKeyGeneratorSpiRsaOpensslImpl *)self;
555 if (impl->params != NULL && impl->params->pubExp != NULL) {
556 BN_free(impl->params->pubExp);
557 }
558 HcfFree(impl->params);
559 impl->params = NULL;
560 HcfFree(self);
561 LOGI("DestroyKeyGeneratorSpiImpl end.");
562 }
563
ConvertPubKey(HcfBlob * pubKeyBlob,HcfOpensslRsaPubKey ** pubkeyRet)564 static HcfResult ConvertPubKey(HcfBlob *pubKeyBlob, HcfOpensslRsaPubKey **pubkeyRet)
565 {
566 RSA *rsaPk = NULL;
567 if (ConvertPubKeyFromX509(pubKeyBlob, &rsaPk) != HCF_SUCCESS) {
568 LOGE("Convert pubKey from X509 fail.");
569 return HCF_ERR_CRYPTO_OPERATION;
570 }
571 HcfOpensslRsaPubKey *pubKey = NULL;
572 HcfResult ret = PackPubKey(rsaPk, &pubKey);
573 if (ret != HCF_SUCCESS) {
574 LOGE("PackPubKey fail");
575 goto ERR;
576 }
577 *pubkeyRet = pubKey;
578 return ret;
579 ERR:
580 RSA_free(rsaPk);
581 return ret;
582 }
583
ConvertPriKey(HcfBlob * priKeyBlob,HcfOpensslRsaPriKey ** priKeyRet)584 static HcfResult ConvertPriKey(HcfBlob *priKeyBlob, HcfOpensslRsaPriKey **priKeyRet)
585 {
586 RSA *rsaSk = NULL;
587 if (ConvertPriKeyFromPKCS8(priKeyBlob, &rsaSk) != HCF_SUCCESS) {
588 LOGE("ConvertPriKeyFromPKCS8 fail.");
589 return HCF_ERR_MALLOC;
590 }
591 HcfOpensslRsaPriKey *priKey = NULL;
592 HcfResult ret = PackPriKey(rsaSk, &priKey);
593 if (ret != HCF_SUCCESS) {
594 LOGE("PackPriKey fail");
595 goto ERR;
596 }
597 *priKeyRet = priKey;
598 return ret;
599 ERR:
600 RSA_free(rsaSk);
601 return ret;
602 }
603
EngineConvertKey(HcfAsyKeyGeneratorSpi * self,HcfParamsSpec * params,HcfBlob * pubKeyBlob,HcfBlob * priKeyBlob,HcfKeyPair ** returnKeyPair)604 static HcfResult EngineConvertKey(HcfAsyKeyGeneratorSpi *self, HcfParamsSpec *params, HcfBlob *pubKeyBlob,
605 HcfBlob *priKeyBlob, HcfKeyPair **returnKeyPair)
606 {
607 LOGI("EngineConvertKey start");
608 (void)params;
609 if ((self == NULL) || (returnKeyPair == NULL) || ((pubKeyBlob == NULL) && (priKeyBlob == NULL))) {
610 LOGE("ConvertKeyParams is invalid.");
611 return HCF_INVALID_PARAMS;
612 }
613 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) {
614 LOGE("Class not match.");
615 return HCF_INVALID_PARAMS;
616 }
617
618 HcfOpensslRsaPubKey *pubKey = NULL;
619 if ((pubKeyBlob != NULL) && (pubKeyBlob->data != NULL)) {
620 if (ConvertPubKey(pubKeyBlob, &pubKey) != HCF_SUCCESS) {
621 LOGE("convert pubkey fail.");
622 return HCF_INVALID_PARAMS;
623 }
624 }
625
626 HcfOpensslRsaPriKey *priKey = NULL;
627 if (priKeyBlob != NULL && priKeyBlob->data != NULL) {
628 if (ConvertPriKey(priKeyBlob, &priKey) != HCF_SUCCESS) {
629 LOGE("convert prikey fail.");
630 HcfObjDestroy((HcfObjectBase *)pubKey);
631 return HCF_INVALID_PARAMS;
632 }
633 }
634
635 HcfOpensslRsaKeyPair *keyPair = (HcfOpensslRsaKeyPair *)HcfMalloc(sizeof(HcfOpensslRsaKeyPair), 0);
636 if (keyPair == NULL) {
637 LOGE("Malloc keyPair fail.");
638 HcfObjDestroy((HcfObjectBase *)pubKey);
639 HcfObjDestroy((HcfObjectBase *)priKey);
640 return HCF_ERR_MALLOC;
641 }
642
643 keyPair->base.priKey = (HcfPriKey *)priKey;
644 keyPair->base.pubKey = (HcfPubKey *)pubKey;
645 keyPair->base.base.getClass = GetOpensslKeyPairClass;
646 keyPair->base.base.destroy = DestroyKeyPair;
647 *returnKeyPair = (HcfKeyPair *)keyPair;
648 LOGI("EngineConvertKey end");
649 return HCF_SUCCESS;
650 }
651
SetDefaultValue(HcfAsyKeyGenSpiRsaParams * params)652 static HcfResult SetDefaultValue(HcfAsyKeyGenSpiRsaParams *params)
653 {
654 if (params->primes == 0) {
655 LOGI("set default primes 2");
656 params->primes = OPENSSL_RSA_PRIMES_SIZE_2;
657 }
658 if (params->pubExp == NULL) {
659 BIGNUM *e = BN_new();
660 if (e == NULL) {
661 LOGE("Rsa new BN fail.");
662 return HCF_ERR_CRYPTO_OPERATION;
663 }
664 if (BN_set_word(e, RSA_F4) != HCF_OPENSSL_SUCCESS) {
665 LOGE("Rsa keygen Bn_set_word fail.");
666 BN_free(e);
667 return HCF_ERR_CRYPTO_OPERATION;
668 }
669 params->pubExp = e;
670 }
671 return HCF_SUCCESS;
672 }
673
DecodeParams(HcfAsyKeyGenParams * from,HcfAsyKeyGenSpiRsaParams ** to)674 static HcfResult DecodeParams(HcfAsyKeyGenParams *from, HcfAsyKeyGenSpiRsaParams **to)
675 {
676 *to = (HcfAsyKeyGenSpiRsaParams *)HcfMalloc(sizeof(HcfAsyKeyGenSpiRsaParams), 0);
677 if (*to == NULL) {
678 LOGE("Malloc HcfAsyKeyGenSpiRsaParams fail");
679 return HCF_ERR_MALLOC;
680 }
681
682 (*to)->bits = from->bits;
683 (*to)->primes = from->primes;
684
685 // set 2 as default primes, RSA_F4 as default pubExp
686 if (SetDefaultValue(*to) != HCF_SUCCESS) {
687 LOGE("Set default value fail.");
688 HcfFree(*to);
689 *to = NULL;
690 return HCF_INVALID_PARAMS;
691 }
692 if (CheckRsaKeyGenParams(*to) != HCF_SUCCESS) {
693 LOGE("Invalid keyGen params");
694 HcfFree(*to);
695 *to = NULL;
696 return HCF_INVALID_PARAMS;
697 }
698 return HCF_SUCCESS;
699 }
700
HcfAsyKeyGeneratorSpiRsaCreate(HcfAsyKeyGenParams * params,HcfAsyKeyGeneratorSpi ** generator)701 HcfResult HcfAsyKeyGeneratorSpiRsaCreate(HcfAsyKeyGenParams *params, HcfAsyKeyGeneratorSpi **generator)
702 {
703 LOGI("HcfAsyKeyGeneratorSpiRsaCreate start.");
704 if (params == NULL || generator == NULL) {
705 LOGE("Invalid input, params is invalid or generator is null.");
706 return HCF_INVALID_PARAMS;
707 }
708 HcfAsyKeyGeneratorSpiRsaOpensslImpl *impl = (HcfAsyKeyGeneratorSpiRsaOpensslImpl *)
709 HcfMalloc(sizeof(HcfAsyKeyGeneratorSpiRsaOpensslImpl), 0);
710 if (impl == NULL) {
711 LOGE("Failed to allocate returnImpl memroy!");
712 return HCF_ERR_MALLOC;
713 }
714 if (DecodeParams(params, &impl->params) != HCF_SUCCESS) {
715 LOGE("Keygen params is invalid.");
716 HcfFree(impl);
717 return HCF_INVALID_PARAMS;
718 }
719 impl->base.base.getClass = GetKeyGeneratorClass;
720 impl->base.base.destroy = DestroyKeyGeneratorSpiImpl;
721 impl->base.engineGenerateKeyPair = EngineGenerateKeyPair;
722 impl->base.engineConvertKey = EngineConvertKey;
723 *generator = (HcfAsyKeyGeneratorSpi *)impl;
724 LOGI("HcfAsyKeyGeneratorSpiRsaCreate end.");
725 return HCF_SUCCESS;
726 }
727