1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_openssl_common.h"
17
18 #include <openssl/rand.h>
19 #include <stddef.h>
20
21 #include "hks_log.h"
22 #include "hks_mem.h"
23 #include "hks_openssl_engine.h"
24 #include "hks_template.h"
25 #include "securec.h"
26
HksOpensslGenerateRandomKey(const uint32_t keySize,struct HksBlob * key)27 int32_t HksOpensslGenerateRandomKey(const uint32_t keySize, struct HksBlob *key)
28 {
29 uint32_t keySizeByte = keySize / BIT_NUM_OF_UINT8;
30 int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
31
32 uint8_t *tmpKey = (uint8_t *)HksMalloc(keySizeByte);
33 HKS_IF_NULL_LOGE_RETURN(tmpKey, HKS_ERROR_MALLOC_FAIL, "malloc buffer failed")
34
35 do {
36 if (RAND_bytes(tmpKey, keySizeByte) <= 0) {
37 HKS_LOG_E("generate key is failed:0x%" LOG_PUBLIC "x", ret);
38 break;
39 }
40
41 key->data = tmpKey;
42 key->size = keySizeByte;
43 ret = HKS_SUCCESS;
44 } while (0);
45
46 if (ret != HKS_SUCCESS) {
47 (void)memset_s(tmpKey, keySizeByte, 0, keySizeByte);
48 HksFree(tmpKey);
49 }
50 return ret;
51 }
52
HksOpensslFillRandom(struct HksBlob * randomData)53 int32_t HksOpensslFillRandom(struct HksBlob *randomData)
54 {
55 int ret = RAND_bytes(randomData->data, randomData->size);
56 if (ret <= 0) {
57 HKS_LOG_E("generate random failed, ret = 0x%" LOG_PUBLIC "x", ret);
58 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
59 }
60
61 if (randomData->size == 1) {
62 return HKS_SUCCESS;
63 }
64
65 uint32_t j = 0;
66
67 for (uint32_t i = 0; i < randomData->size; i++) {
68 if (randomData->data[i] == 0) {
69 j++;
70 }
71 }
72 if (j == randomData->size) {
73 HKS_LOG_E("fill random failed, size %" LOG_PUBLIC "x", randomData->size);
74 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
75 }
76 HKS_LOG_D("generate random success");
77 return HKS_SUCCESS;
78 }
79
HksOpensslFillPrivRandom(struct HksBlob * randomData)80 int32_t HksOpensslFillPrivRandom(struct HksBlob *randomData)
81 {
82 int ret = RAND_priv_bytes(randomData->data, randomData->size);
83 if (ret <= 0) {
84 HKS_LOG_E("generate private random failed, ret = 0x%" LOG_PUBLIC "x", ret);
85 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
86 }
87
88 if (randomData->size == 1) {
89 return HKS_SUCCESS;
90 }
91
92 uint32_t j = 0;
93
94 for (uint32_t i = 0; i < randomData->size; i++) {
95 if (randomData->data[i] == 0) {
96 j++;
97 }
98 }
99 if (j == randomData->size) {
100 HKS_LOG_E("fill private random failed, size %" LOG_PUBLIC "x", randomData->size);
101 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
102 }
103 HKS_LOG_D("generate private random success");
104 return HKS_SUCCESS;
105 }
106
HksOpensslGetMainKey(const struct HksBlob * message,struct HksBlob * mainKey)107 int32_t HksOpensslGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey)
108 {
109 (void)message;
110
111 #ifndef _HARDWARE_ROOT_KEY_
112 (void)mainKey;
113 return HKS_ERROR_NOT_SUPPORTED;
114 #else
115 /*
116 * Currently, root key is implemented using stubs.
117 * Product adaptation needs to be performed based on hardware capabilities.
118 */
119 uint8_t stubBuf[] = {
120 0x0c, 0xb4, 0x29, 0x39, 0xb7, 0x46, 0xa6, 0x4b,
121 0xdd, 0xf3, 0x75, 0x4c, 0xe0, 0x73, 0x91, 0x51,
122 0xc4, 0x88, 0xbe, 0xa4, 0xe1, 0x87, 0xb5, 0x42,
123 0x06, 0x27, 0x08, 0x21, 0xe2, 0x8f, 0x9b, 0xc1,
124 };
125
126 if (memcpy_s(mainKey->data, mainKey->size, stubBuf, sizeof(stubBuf)) != EOK) {
127 HKS_LOG_E("memcpy failed, get stub main key failed");
128 return HKS_ERROR_INSUFFICIENT_MEMORY;
129 }
130 return HKS_SUCCESS;
131 #endif
132 }
133