1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_openssl_engine.h"
23
24 #include <openssl/err.h>
25 #include <openssl/evp.h>
26 #include <stdbool.h>
27 #include <stddef.h>
28
29 #include "hks_ability.h"
30 #include "hks_crypto_hal.h"
31 #include "hks_log.h"
32 #include "hks_mem.h"
33 #include "hks_template.h"
34
HksLogOpensslError(void)35 void HksLogOpensslError(void)
36 {
37 char szErr[HKS_OPENSSL_ERROR_LEN] = {0};
38 unsigned long errCode;
39
40 errCode = ERR_get_error();
41 ERR_error_string_n(errCode, szErr, HKS_OPENSSL_ERROR_LEN);
42
43 HKS_LOG_E("Openssl engine fail, error code = %" LOG_PUBLIC "lu, error string = %" LOG_PUBLIC "s", errCode, szErr);
44 }
45
HksOpensslCheckBlob(const struct HksBlob * blob)46 inline int32_t HksOpensslCheckBlob(const struct HksBlob *blob)
47 {
48 if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) {
49 return HKS_ERROR_INVALID_ARGUMENT;
50 }
51 return HKS_SUCCESS;
52 }
53
GenKeyCheckParam(const struct HksKeySpec * spec,const struct HksBlob * key)54 static int32_t GenKeyCheckParam(const struct HksKeySpec *spec, const struct HksBlob *key)
55 {
56 if ((spec == NULL) || (key == NULL)) {
57 HKS_LOG_E("Invalid params!");
58 return HKS_ERROR_INVALID_ARGUMENT;
59 }
60
61 return HKS_SUCCESS;
62 }
63
SignVerifyCheckParam(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const struct HksBlob * signature)64 static int32_t SignVerifyCheckParam(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
65 const struct HksBlob *message, const struct HksBlob *signature)
66 {
67 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid param key!")
68
69 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(message), HKS_ERROR_INVALID_ARGUMENT, "Invalid param message!")
70
71 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(signature), HKS_ERROR_INVALID_ARGUMENT, "Invalid param signature!")
72
73 HKS_IF_NULL_LOGE_RETURN(usageSpec, HKS_ERROR_INVALID_ARGUMENT, "Invalid param usageSpec!")
74
75 return HKS_SUCCESS;
76 }
77
DeriveKeyCheckParam(const struct HksBlob * mainKey,const struct HksKeySpec * derivationSpec,const struct HksBlob * derivedKey)78 static int32_t DeriveKeyCheckParam(
79 const struct HksBlob *mainKey, const struct HksKeySpec *derivationSpec, const struct HksBlob *derivedKey)
80 {
81 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(mainKey), HKS_ERROR_INVALID_ARGUMENT,
82 "Invalid mainKey params!")
83
84 if ((derivationSpec == NULL) || (derivationSpec->algParam == NULL)) {
85 HKS_LOG_E("Invalid params!");
86 return HKS_ERROR_INVALID_ARGUMENT;
87 }
88
89 HKS_IF_NULL_LOGE_RETURN(derivedKey, HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
90
91 return HKS_SUCCESS;
92 }
93
AgreeKeyCheckParam(const struct HksBlob * nativeKey,const struct HksBlob * pubKey,const struct HksKeySpec * spec,const struct HksBlob * sharedKey)94 static int32_t AgreeKeyCheckParam(const struct HksBlob *nativeKey, const struct HksBlob *pubKey,
95 const struct HksKeySpec *spec, const struct HksBlob *sharedKey)
96 {
97 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(nativeKey),
98 HKS_ERROR_INVALID_ARGUMENT, "Invalid nativeKey params!")
99
100 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(pubKey), HKS_ERROR_INVALID_ARGUMENT, "Invalid pubKey params!")
101
102 HKS_IF_NULL_LOGE_RETURN(spec, HKS_ERROR_INVALID_ARGUMENT, "Invalid spec params!")
103
104 HKS_IF_NULL_LOGE_RETURN(sharedKey, HKS_ERROR_INVALID_ARGUMENT, "Invalid sharedKey params!")
105
106 return HKS_SUCCESS;
107 }
108
EncryptCheckParam(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText)109 static int32_t EncryptCheckParam(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
110 const struct HksBlob *message, struct HksBlob *cipherText)
111 {
112 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid param key!")
113
114 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(message), HKS_ERROR_INVALID_ARGUMENT, "Invalid param message!")
115
116 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(cipherText),
117 HKS_ERROR_INVALID_ARGUMENT, "Invalid param cipherText!")
118
119 HKS_IF_NULL_LOGE_RETURN(usageSpec, HKS_ERROR_INVALID_ARGUMENT, "Invalid param usageSpec!")
120
121 return HKS_SUCCESS;
122 }
123
DecryptCheckParam(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText)124 static int32_t DecryptCheckParam(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
125 const struct HksBlob *message, struct HksBlob *cipherText)
126 {
127 return EncryptCheckParam(key, usageSpec, message, cipherText);
128 }
129
GetOpensslAlg(uint32_t alg)130 const EVP_MD *GetOpensslAlg(uint32_t alg)
131 {
132 switch (alg) {
133 case HKS_DIGEST_MD5:
134 return EVP_md5();
135 case HKS_DIGEST_SHA1:
136 return EVP_sha1();
137 case HKS_DIGEST_SHA224:
138 return EVP_sha224();
139 case HKS_DIGEST_SHA256:
140 return EVP_sha256();
141 case HKS_DIGEST_SHA384:
142 return EVP_sha384();
143 case HKS_DIGEST_SHA512:
144 return EVP_sha512();
145 case HKS_DIGEST_SM3:
146 return EVP_sm3();
147 default:
148 return NULL;
149 }
150 }
151
GetOpensslAlgFromLen(uint32_t len)152 const EVP_MD *GetOpensslAlgFromLen(uint32_t len)
153 {
154 HKS_LOG_I("GetOpensslAlgFromLen, %" LOG_PUBLIC "d", len);
155 switch (len) {
156 case AFTER_HASH_LEN_16:
157 return EVP_md5();
158 case AFTER_HASH_LEN_20:
159 return EVP_sha1();
160 case AFTER_HASH_LEN_28:
161 return EVP_sha224();
162 case AFTER_HASH_LEN_32:
163 return EVP_sha256();
164 case AFTER_HASH_LEN_48:
165 return EVP_sha384();
166 case AFTER_HASH_LEN_64:
167 return EVP_sha512();
168 default:
169 return NULL;
170 }
171 }
172
HksCryptoHalFillRandom(struct HksBlob * randomData)173 int32_t HksCryptoHalFillRandom(struct HksBlob *randomData)
174 {
175 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(randomData), HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
176
177 FillRandom func = (FillRandom)GetAbility(HKS_CRYPTO_ABILITY_FILL_RANDOM);
178 HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
179 return func(randomData);
180 }
181
HksCryptoHalFillPrivRandom(struct HksBlob * randomData)182 int32_t HksCryptoHalFillPrivRandom(struct HksBlob *randomData)
183 {
184 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(randomData), HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
185
186 FillRandom func = (FillRandom)GetAbility(HKS_CRYPTO_ABILITY_FILL_PRI_RANDOM);
187 HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
188 return func(randomData);
189 }
190
HksCryptoHalGetPubKey(const struct HksBlob * keyIn,struct HksBlob * keyOut)191 int32_t HksCryptoHalGetPubKey(const struct HksBlob *keyIn, struct HksBlob *keyOut)
192 {
193 if (CheckBlob(keyIn) != HKS_SUCCESS || CheckBlob(keyOut) != HKS_SUCCESS) {
194 HKS_LOG_E("Invalid params!");
195 return HKS_ERROR_INVALID_ARGUMENT;
196 }
197
198 /* KeyMaterialRsa, KeyMaterialEcc, KeyMaterial25519's size are same */
199 if (keyIn->size < sizeof(struct KeyMaterialRsa)) {
200 HKS_LOG_E("Invalid params key size!");
201 return HKS_ERROR_INVALID_KEY_SIZE;
202 }
203
204 struct KeyMaterialRsa *key = (struct KeyMaterialRsa *)(keyIn->data);
205 PubKey func = (PubKey)GetAbility(HKS_CRYPTO_ABILITY_GET_PUBLIC_KEY(key->keyAlg));
206 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT,
207 "PubKey func is null, keyAlg:%" LOG_PUBLIC "d", key->keyAlg)
208 return func(keyIn, keyOut);
209 }
210
HksCryptoHalHmac(const struct HksBlob * key,uint32_t digestAlg,const struct HksBlob * msg,struct HksBlob * mac)211 int32_t HksCryptoHalHmac(const struct HksBlob *key, uint32_t digestAlg, const struct HksBlob *msg, struct HksBlob *mac)
212 {
213 if (CheckBlob(key) != HKS_SUCCESS || CheckBlob(msg) != HKS_SUCCESS) {
214 HKS_LOG_E("Invalid params!");
215 return HKS_ERROR_INVALID_ARGUMENT;
216 }
217
218 Hmac func = (Hmac)GetAbility(HKS_CRYPTO_ABILITY_HMAC);
219 HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
220 return func(key, digestAlg, msg, mac);
221 }
222
HksCryptoHalHmacInit(const struct HksBlob * key,uint32_t digestAlg,void ** ctx)223 int32_t HksCryptoHalHmacInit(const struct HksBlob *key, uint32_t digestAlg, void **ctx)
224 {
225 if (CheckBlob(key) != HKS_SUCCESS || ctx == NULL) {
226 HKS_LOG_E("Invalid params!");
227 return HKS_ERROR_INVALID_ARGUMENT;
228 }
229
230 HmacInit func = (HmacInit)GetAbility(HKS_CRYPTO_ABILITY_HMAC_INIT);
231 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "HmacInit func is null!")
232
233 return func(ctx, key, digestAlg);
234 }
235
HksCryptoHalHmacUpdate(const struct HksBlob * chunk,void * ctx)236 int32_t HksCryptoHalHmacUpdate(const struct HksBlob *chunk, void *ctx)
237 {
238 if (CheckBlob(chunk) != HKS_SUCCESS || ctx == NULL) {
239 HKS_LOG_E("Invalid params!");
240 return HKS_ERROR_INVALID_ARGUMENT;
241 }
242
243 HmacUpdate func = (HmacUpdate)GetAbility(HKS_CRYPTO_ABILITY_HMAC_UPDATE);
244 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "HmacUpdate func is null!")
245
246 return func(ctx, chunk);
247 }
248
HksCryptoHalHmacFinal(const struct HksBlob * msg,void ** ctx,struct HksBlob * mac)249 int32_t HksCryptoHalHmacFinal(const struct HksBlob *msg, void **ctx, struct HksBlob *mac)
250 {
251 if (msg == NULL || ctx == NULL || CheckBlob(mac) != HKS_SUCCESS) {
252 HKS_LOG_E("Invalid params!");
253 return HKS_ERROR_INVALID_ARGUMENT;
254 }
255
256 HmacFinal func = (HmacFinal)GetAbility(HKS_CRYPTO_ABILITY_HMAC_FINAL);
257 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "HmacFinal func is null!")
258
259 return func(ctx, msg, mac);
260 }
261
HksCryptoHalHmacFreeCtx(void ** ctx)262 void HksCryptoHalHmacFreeCtx(void **ctx)
263 {
264 FreeCtx func = (FreeCtx)GetAbility(HKS_CRYPTO_ABILITY_HMAC_FREE_CTX);
265 if (func == NULL) {
266 HKS_LOG_E("CryptoHalHmacFreeCtx func is null");
267 return;
268 }
269
270 return func(ctx);
271 }
272
HksCryptoHalHash(uint32_t alg,const struct HksBlob * msg,struct HksBlob * hash)273 int32_t HksCryptoHalHash(uint32_t alg, const struct HksBlob *msg, struct HksBlob *hash)
274 {
275 Hash func = (Hash)GetAbility(HKS_CRYPTO_ABILITY_HASH);
276 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "Hash func is null!")
277 return func(alg, msg, hash);
278 }
279
HksCryptoHalHashInit(uint32_t alg,void ** ctx)280 int32_t HksCryptoHalHashInit(uint32_t alg, void **ctx)
281 {
282 HashInit func = (HashInit)GetAbility(HKS_CRYPTO_ABILITY_HASH_INIT);
283 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "HashInit func is null!")
284
285 return func(ctx, alg);
286 }
287
HksCryptoHalHashUpdate(const struct HksBlob * msg,void * ctx)288 int32_t HksCryptoHalHashUpdate(const struct HksBlob *msg, void *ctx)
289 {
290 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(msg), HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
291
292 HashUpdate func = (HashUpdate)GetAbility(HKS_CRYPTO_ABILITY_HASH_UPDATE);
293 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "HashUpdate func is null!")
294
295 return func(ctx, msg);
296 }
297
HksCryptoHalHashFinal(const struct HksBlob * msg,void ** ctx,struct HksBlob * hash)298 int32_t HksCryptoHalHashFinal(const struct HksBlob *msg, void **ctx, struct HksBlob *hash)
299 {
300 HashFinal func = (HashFinal)GetAbility(HKS_CRYPTO_ABILITY_HASH_FINAL);
301 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "HashFinal func is null!")
302
303 return func(ctx, msg, hash);
304 }
305
HksCryptoHalHashFreeCtx(void ** ctx)306 void HksCryptoHalHashFreeCtx(void **ctx)
307 {
308 FreeCtx func = (FreeCtx)GetAbility(HKS_CRYPTO_ABILITY_HASH_FREE_CTX);
309 if (func == NULL) {
310 HKS_LOG_E("CryptoHalHashFreeCtx func is null");
311 return;
312 }
313
314 func(ctx);
315 }
316
HksCryptoHalBnExpMod(struct HksBlob * x,const struct HksBlob * a,const struct HksBlob * e,const struct HksBlob * n)317 int32_t HksCryptoHalBnExpMod(
318 struct HksBlob *x, const struct HksBlob *a, const struct HksBlob *e, const struct HksBlob *n)
319 {
320 BnExpMod func = (BnExpMod)GetAbility(HKS_CRYPTO_ABILITY_BN_EXP_MOD);
321 HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
322 return func(x, a, e, n);
323 }
324
HksCryptoHalGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)325 int32_t HksCryptoHalGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
326 {
327 int32_t ret = GenKeyCheckParam(spec, key);
328 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
329
330 GenerateKey func = (GenerateKey)GetAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(spec->algType));
331 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "GenerateKey func is null!")
332 return func(spec, key);
333 }
334
HksCryptoHalAgreeKey(const struct HksBlob * nativeKey,const struct HksBlob * pubKey,const struct HksKeySpec * spec,struct HksBlob * sharedKey)335 int32_t HksCryptoHalAgreeKey(const struct HksBlob *nativeKey, const struct HksBlob *pubKey,
336 const struct HksKeySpec *spec, struct HksBlob *sharedKey)
337 {
338 int32_t ret = AgreeKeyCheckParam(nativeKey, pubKey, spec, sharedKey);
339 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
340
341 AgreeKey func = (AgreeKey)GetAbility(HKS_CRYPTO_ABILITY_AGREE_KEY(spec->algType));
342 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "AgreeKey func is null!")
343 return func(nativeKey, pubKey, spec, sharedKey);
344 }
345
HksCryptoHalSign(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * signature)346 int32_t HksCryptoHalSign(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
347 const struct HksBlob *message, struct HksBlob *signature)
348 {
349 int32_t ret = SignVerifyCheckParam(key, usageSpec, message, signature);
350 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
351
352 Sign func = (Sign)GetAbility(HKS_CRYPTO_ABILITY_SIGN(usageSpec->algType));
353 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "Sign func is null!")
354 return func(key, usageSpec, message, signature);
355 }
356
HksCryptoHalVerify(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const struct HksBlob * signature)357 int32_t HksCryptoHalVerify(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
358 const struct HksBlob *message, const struct HksBlob *signature)
359 {
360 int32_t ret = SignVerifyCheckParam(key, usageSpec, message, signature);
361 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
362
363 Verify func = (Verify)GetAbility(HKS_CRYPTO_ABILITY_VERIFY(usageSpec->algType));
364 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "Verify func is null!")
365 return func(key, usageSpec, message, signature);
366 }
367
HksCryptoHalDeriveKey(const struct HksBlob * mainKey,const struct HksKeySpec * derivationSpec,struct HksBlob * derivedKey)368 int32_t HksCryptoHalDeriveKey(
369 const struct HksBlob *mainKey, const struct HksKeySpec *derivationSpec, struct HksBlob *derivedKey)
370 {
371 int32_t ret = DeriveKeyCheckParam(mainKey, derivationSpec, derivedKey);
372 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
373
374 DeriveKey func = (DeriveKey)GetAbility(HKS_CRYPTO_ABILITY_DERIVE_KEY(derivationSpec->algType));
375 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "DeriveKey func is null!")
376 return func(mainKey, derivationSpec, derivedKey);
377 }
378
HksCryptoHalEncrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)379 int32_t HksCryptoHalEncrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
380 const struct HksBlob *message, struct HksBlob *cipherText, struct HksBlob *tagAead)
381 {
382 int32_t ret = EncryptCheckParam(key, usageSpec, message, cipherText);
383 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
384
385 Encrypt func = (Encrypt)GetAbility(HKS_CRYPTO_ABILITY_ENCRYPT(usageSpec->algType));
386 HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
387 return func(key, usageSpec, message, cipherText, tagAead);
388 }
389
HksCryptoHalEncryptInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,void ** ctx)390 int32_t HksCryptoHalEncryptInit(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, void **ctx)
391 {
392 if (HksOpensslCheckBlob(key) != HKS_SUCCESS || ctx == NULL) {
393 HKS_LOG_E("Invalid param key!");
394 return HKS_ERROR_INVALID_ARGUMENT;
395 }
396
397 HKS_IF_NULL_LOGE_RETURN(usageSpec, HKS_ERROR_INVALID_ARGUMENT, "Invalid param usageSpec!")
398
399 EncryptInit func = (EncryptInit)GetAbility(HKS_CRYPTO_ABILITY_ENCRYPT_INIT(usageSpec->algType));
400 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "EncryptInit func is null!")
401
402 return func(ctx, key, usageSpec, true);
403 }
404
HksCryptoHalEncryptUpdate(const struct HksBlob * message,void * ctx,struct HksBlob * out,const uint32_t algtype)405 int32_t HksCryptoHalEncryptUpdate(const struct HksBlob *message,
406 void *ctx, struct HksBlob *out, const uint32_t algtype)
407 {
408 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(message), HKS_ERROR_INVALID_ARGUMENT, "Invalid param message!")
409
410 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(out), HKS_ERROR_INVALID_ARGUMENT, "Invalid param outdata!")
411
412 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_INVALID_ARGUMENT, "Invalid param ctx!")
413
414 EncryptUpdate func = (EncryptUpdate)GetAbility(HKS_CRYPTO_ABILITY_ENCRYPT_UPDATE(algtype));
415 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "EncryptUpdate func is null!")
416
417 return func(ctx, message, out, true);
418 }
419
HksCryptoHalEncryptFinal(const struct HksBlob * message,void ** ctx,struct HksBlob * cipherText,struct HksBlob * tagAead,const uint32_t algtype)420 int32_t HksCryptoHalEncryptFinal(const struct HksBlob *message, void **ctx, struct HksBlob *cipherText,
421 struct HksBlob *tagAead, const uint32_t algtype)
422 {
423 HKS_IF_NULL_LOGE_RETURN(message, HKS_ERROR_INVALID_ARGUMENT, "Invalid param message!")
424
425 if (ctx == NULL || *ctx == NULL) {
426 HKS_LOG_E("Invalid param ctx!");
427 return HKS_ERROR_INVALID_ARGUMENT;
428 }
429
430 EncryptFinal func = (EncryptFinal)GetAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FINAL(algtype));
431 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "EncryptFinal func is null!")
432
433 return func(ctx, message, cipherText, tagAead, true);
434 }
435
HksCryptoHalEncryptFreeCtx(void ** ctx,const uint32_t algtype)436 void HksCryptoHalEncryptFreeCtx(void **ctx, const uint32_t algtype)
437 {
438 FreeCtx func = (FreeCtx)GetAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FREE_CTX(algtype));
439 if (func == NULL) {
440 HKS_LOG_E("CryptoHalEncryptFreeCtx func is null");
441 return;
442 }
443
444 return func(ctx);
445 }
446
HksCryptoHalDecrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText)447 int32_t HksCryptoHalDecrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
448 const struct HksBlob *message, struct HksBlob *cipherText)
449 {
450 int32_t ret = DecryptCheckParam(key, usageSpec, message, cipherText);
451 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "Invalid params!")
452
453 Decrypt func = (Decrypt)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT(usageSpec->algType));
454 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "Unsupport alg now!")
455 return func(key, usageSpec, message, cipherText);
456 }
457
HksCryptoHalDecryptInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,void ** ctx)458 int32_t HksCryptoHalDecryptInit(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, void **ctx)
459 {
460 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslCheckBlob(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid param key!")
461
462 HKS_IF_NULL_LOGE_RETURN(usageSpec, HKS_ERROR_INVALID_ARGUMENT, "Invalid param usageSpec!")
463
464 DecryptInit func = (DecryptInit)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT_INIT(usageSpec->algType));
465 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "DecryptInit func is null!")
466
467 return func(ctx, key, usageSpec, false);
468 }
469
HksCryptoHalDecryptUpdate(const struct HksBlob * message,void * ctx,struct HksBlob * out,const uint32_t algtype)470 int32_t HksCryptoHalDecryptUpdate(const struct HksBlob *message,
471 void *ctx, struct HksBlob *out, const uint32_t algtype)
472 {
473 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(message), HKS_ERROR_INVALID_ARGUMENT, "Invalid param message!")
474
475 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(out), HKS_ERROR_INVALID_ARGUMENT, "Invalid param outdata!")
476
477 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_INVALID_ARGUMENT, "Invalid param ctx !")
478
479 DecryptUpdate func = (DecryptUpdate)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT_UPDATE(algtype));
480 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "Unsupport alg now!")
481 return func(ctx, message, out, false);
482 }
483
HksCryptoHalDecryptFinal(const struct HksBlob * message,void ** ctx,struct HksBlob * cipherText,struct HksBlob * tagAead,const uint32_t algtype)484 int32_t HksCryptoHalDecryptFinal(const struct HksBlob *message, void **ctx, struct HksBlob *cipherText,
485 struct HksBlob *tagAead, const uint32_t algtype)
486 {
487 HKS_IF_NULL_LOGE_RETURN(message, HKS_ERROR_INVALID_ARGUMENT, "Invalid param message!")
488
489 if (ctx == NULL || *ctx == NULL) {
490 HKS_LOG_E("Invalid param ctx!");
491 return HKS_ERROR_INVALID_ARGUMENT;
492 }
493
494 DecryptFinal func = (DecryptFinal)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(algtype));
495 HKS_IF_NULL_LOGE_RETURN(func, HKS_ERROR_INVALID_ARGUMENT, "DecryptFinal func is null!")
496
497 return func(ctx, message, cipherText, tagAead, false);
498 }
499
HksCryptoHalDecryptFreeCtx(void ** ctx,const uint32_t algtype)500 void HksCryptoHalDecryptFreeCtx(void **ctx, const uint32_t algtype)
501 {
502 FreeCtx func = (FreeCtx)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT_FREE_CTX(algtype));
503 if (func == NULL) {
504 HKS_LOG_E("CryptoHalDecryptFreeCtx func is null");
505 return;
506 }
507
508 return func(ctx);
509 }
510
HksCryptoHalGetMainKey(const struct HksBlob * message,struct HksBlob * mainKey)511 int32_t HksCryptoHalGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey)
512 {
513 GetMainKey func = (GetMainKey)GetAbility(HKS_CRYPTO_ABILITY_GET_MAIN_KEY);
514 HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
515 return func(message, mainKey);
516 }
517
518 // Note: `out` memory will be allocated, you MUST free out->data after using.
GetBnBinpadFromPkey(const EVP_PKEY * pkey,const char * keyName,struct HksBlob * out)519 int32_t GetBnBinpadFromPkey(const EVP_PKEY *pkey, const char *keyName, struct HksBlob *out)
520 {
521 if (pkey == NULL || keyName == NULL || out == NULL) {
522 HKS_LOG_E("args NULL");
523 return HKS_ERROR_INVALID_ARGUMENT;
524 }
525 BIGNUM *bn = BN_new();
526 if (!bn) {
527 HKS_LOG_E("BN_new NULL");
528 return HKS_ERROR_INSUFFICIENT_MEMORY;
529 }
530 int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
531 do {
532 int osRet = EVP_PKEY_get_bn_param(pkey, keyName, &bn);
533 if (osRet != HKS_OPENSSL_SUCCESS) {
534 HKS_LOG_E("EVP_PKEY_get_bn_param ret = %" LOG_PUBLIC "d %" LOG_PUBLIC "s",
535 osRet, ERR_reason_error_string(ERR_get_error()));
536 break;
537 }
538 int len = BN_num_bytes(bn);
539 if (len <= 0) {
540 HKS_LOG_E("BN_num_bytes failed %" LOG_PUBLIC "d", len);
541 break;
542 }
543 if (len >= HKS_MAX_KEY_LEN) {
544 HKS_LOG_E("malloc size too large %" LOG_PUBLIC "d", len);
545 break;
546 }
547 out->data = HksMalloc(len);
548 if (!out->data) {
549 HKS_LOG_E("HksMalloc %d failed", len);
550 break;
551 }
552 osRet = BN_bn2binpad(bn, out->data, len);
553 if (osRet != len) {
554 HKS_LOG_E("BN_bn2binpad ret = %" LOG_PUBLIC "d %" LOG_PUBLIC "s",
555 osRet, ERR_reason_error_string(ERR_get_error()));
556 HksFree(out->data);
557 break;
558 }
559 out->size = (uint32_t)(len);
560 ret = HKS_SUCCESS;
561 } while (false);
562 SELF_FREE_PTR(bn, BN_free)
563 return ret;
564 }
565