1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #ifdef HKS_SUPPORT_RSA_C
23
24 #include "hks_openssl_rsa.h"
25
26 #include <openssl/bn.h>
27 #include <openssl/evp.h>
28 #include <openssl/ossl_typ.h>
29 #include <openssl/rsa.h>
30 #include <stdbool.h>
31 #include <stddef.h>
32
33 #include "hks_log.h"
34 #include "hks_mem.h"
35 #include "hks_openssl_engine.h"
36 #include "hks_template.h"
37 #include "securec.h"
38
RsaGenKeyCheckParam(const struct HksKeySpec * spec)39 static int32_t RsaGenKeyCheckParam(const struct HksKeySpec *spec)
40 {
41 switch (spec->keyLen) {
42 case HKS_RSA_KEY_SIZE_512:
43 case HKS_RSA_KEY_SIZE_768:
44 case HKS_RSA_KEY_SIZE_1024:
45 case HKS_RSA_KEY_SIZE_2048:
46 case HKS_RSA_KEY_SIZE_3072:
47 case HKS_RSA_KEY_SIZE_4096:
48 return HKS_SUCCESS;
49 default:
50 HKS_LOG_E("Invlid rsa key len %" LOG_PUBLIC "x!", spec->keyLen);
51 return HKS_ERROR_INVALID_ARGUMENT;
52 }
53 }
54
GetRsaPssSaltLen(const struct HksUsageSpec * usageSpec)55 static int32_t GetRsaPssSaltLen(const struct HksUsageSpec *usageSpec)
56 {
57 switch (usageSpec->pssSaltLenType) {
58 case HKS_RSA_PSS_SALTLEN_DIGEST:
59 return RSA_PSS_SALTLEN_DIGEST;
60 case HKS_RSA_PSS_SALTLEN_MAX:
61 return RSA_PSS_SALTLEN_MAX;
62 default:
63 HKS_LOG_E("Invalid rsa salt len type %" LOG_PUBLIC "x!", usageSpec->pssSaltLenType);
64 return HKS_ERROR_NOT_SUPPORTED;
65 }
66 }
67
RsaCheckKeyMaterial(const struct HksBlob * key)68 static int32_t RsaCheckKeyMaterial(const struct HksBlob *key)
69 {
70 const struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)(key->data);
71 if (keyMaterial->keyAlg != HKS_ALG_RSA) {
72 return HKS_ERROR_INVALID_KEY_INFO;
73 }
74 if (key->size != sizeof(struct KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize + keyMaterial->dSize) {
75 return HKS_ERROR_INVALID_KEY_INFO;
76 }
77 return HKS_SUCCESS;
78 }
79
InitRsaKeyBuf(const struct KeyMaterialRsa * keyMaterial,struct HksBlob * bufBlob)80 int32_t InitRsaKeyBuf(const struct KeyMaterialRsa *keyMaterial, struct HksBlob *bufBlob)
81 {
82 uint32_t maxSize;
83 if (keyMaterial->nSize >= keyMaterial->eSize) {
84 maxSize = keyMaterial->nSize;
85 } else {
86 maxSize = keyMaterial->eSize;
87 }
88
89 if (maxSize < keyMaterial->dSize) {
90 maxSize = keyMaterial->dSize;
91 }
92
93 bufBlob->data = (uint8_t *)HksMalloc(maxSize);
94 HKS_IF_NULL_LOGE_RETURN(bufBlob->data, HKS_ERROR_MALLOC_FAIL, "HksMalloc failed!")
95
96 bufBlob->size = maxSize;
97 return HKS_SUCCESS;
98 }
99
InitRsaStruct(const struct HksBlob * key,const bool needPrivateExponent)100 static RSA *InitRsaStruct(const struct HksBlob *key, const bool needPrivateExponent)
101 {
102 const struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)(key->data);
103 struct HksBlob bufBlob = { 0, NULL };
104 int32_t ret = InitRsaKeyBuf(keyMaterial, &bufBlob);
105 HKS_IF_NOT_SUCC_RETURN(ret, NULL)
106
107 bool copyFail = false;
108 uint32_t offset = sizeof(*keyMaterial);
109 if (memcpy_s(bufBlob.data, bufBlob.size, key->data + offset, keyMaterial->nSize) != EOK) {
110 copyFail = true;
111 }
112 BIGNUM *n = BN_bin2bn(bufBlob.data, keyMaterial->nSize, NULL);
113 offset += keyMaterial->nSize;
114 if (memcpy_s(bufBlob.data, bufBlob.size, key->data + offset, keyMaterial->eSize) != EOK) {
115 copyFail = true;
116 }
117 BIGNUM *e = BN_bin2bn(bufBlob.data, keyMaterial->eSize, NULL);
118 offset += keyMaterial->eSize;
119 BIGNUM *d = NULL;
120 if (needPrivateExponent) {
121 if (memcpy_s(bufBlob.data, bufBlob.size, key->data + offset, keyMaterial->dSize) != EOK) {
122 copyFail = true;
123 }
124 d = BN_bin2bn(bufBlob.data, keyMaterial->dSize, NULL);
125 }
126
127 RSA *rsa = NULL;
128 do {
129 if (copyFail) {
130 break;
131 }
132
133 rsa = RSA_new();
134 if (rsa != NULL) {
135 ret = RSA_set0_key(rsa, n, e, d);
136 if (ret != HKS_OPENSSL_SUCCESS) {
137 RSA_free(rsa);
138 rsa = NULL;
139 break;
140 }
141 }
142 } while (0);
143
144 if (rsa == NULL) {
145 SELF_FREE_PTR(n, BN_free);
146 SELF_FREE_PTR(e, BN_free);
147 SELF_FREE_PTR(d, BN_free);
148 }
149
150 (void)memset_s(bufBlob.data, bufBlob.size, 0, HKS_KEY_BYTES(keyMaterial->keySize));
151 HksFree(bufBlob.data);
152 return rsa;
153 }
154
155 #ifdef HKS_SUPPORT_RSA_GENERATE_KEY
RsaSaveKeyMaterial(const RSA * rsa,const uint32_t keySize,struct HksBlob * key)156 static int32_t RsaSaveKeyMaterial(const RSA *rsa, const uint32_t keySize, struct HksBlob *key)
157 {
158 const uint32_t keyByteLen = keySize / HKS_BITS_PER_BYTE;
159 const uint32_t rawMaterialLen = sizeof(struct KeyMaterialRsa) + keyByteLen * HKS_RSA_KEYPAIR_CNT;
160 uint8_t *rawMaterial = (uint8_t *)HksMalloc(rawMaterialLen);
161 HKS_IF_NULL_RETURN(rawMaterial, HKS_ERROR_MALLOC_FAIL)
162
163 (void)memset_s(rawMaterial, rawMaterialLen, 0, rawMaterialLen);
164
165 struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)rawMaterial;
166 keyMaterial->keyAlg = HKS_ALG_RSA;
167 keyMaterial->keySize = keySize;
168
169 uint8_t tmp_buff[keyByteLen];
170 if (memset_s(tmp_buff, keyByteLen, 0, keyByteLen) != EOK) {
171 HksFree(rawMaterial);
172 return HKS_ERROR_INSUFFICIENT_MEMORY;
173 }
174
175 uint32_t offset = sizeof(*keyMaterial);
176 keyMaterial->nSize = (uint32_t)BN_bn2bin(RSA_get0_n(rsa), tmp_buff);
177 if (memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->nSize) != EOK) {
178 HksFree(rawMaterial);
179 return HKS_ERROR_INSUFFICIENT_MEMORY;
180 }
181
182 offset += keyMaterial->nSize;
183 keyMaterial->eSize = (uint32_t)BN_bn2bin(RSA_get0_e(rsa), tmp_buff);
184 if (memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->eSize) != EOK) {
185 HksFree(rawMaterial);
186 return HKS_ERROR_INSUFFICIENT_MEMORY;
187 }
188
189 offset += keyMaterial->eSize;
190 keyMaterial->dSize = (uint32_t)BN_bn2bin(RSA_get0_d(rsa), tmp_buff);
191 if (memcpy_s(rawMaterial + offset, keyByteLen, tmp_buff, keyMaterial->dSize) != EOK) {
192 HksFree(rawMaterial);
193 return HKS_ERROR_INSUFFICIENT_MEMORY;
194 }
195
196 key->data = rawMaterial;
197 key->size = sizeof(struct KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize + keyMaterial->dSize;
198
199 return HKS_SUCCESS;
200 }
201
HksOpensslRsaGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)202 int32_t HksOpensslRsaGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
203 {
204 HKS_IF_NOT_SUCC_LOGE_RETURN(RsaGenKeyCheckParam(spec),
205 HKS_ERROR_INVALID_ARGUMENT, "rsa generate key invalid params!")
206
207 RSA *rsa = RSA_new();
208 BIGNUM *e = BN_new();
209 if (rsa == NULL || e == NULL) {
210 SELF_FREE_PTR(rsa, RSA_free);
211 SELF_FREE_PTR(e, BN_free);
212 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
213 }
214
215 if (BN_set_word(e, RSA_F4) != HKS_OPENSSL_SUCCESS) {
216 SELF_FREE_PTR(rsa, RSA_free);
217 SELF_FREE_PTR(e, BN_free);
218 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
219 }
220
221 if (RSA_generate_key_ex(rsa, spec->keyLen, e, NULL) != HKS_OPENSSL_SUCCESS) {
222 HksLogOpensslError();
223 BN_free(e);
224 RSA_free(rsa);
225 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
226 }
227 BN_free(e);
228
229 int32_t ret = RsaSaveKeyMaterial(rsa, spec->keyLen, key);
230
231 RSA_free(rsa);
232
233 return ret;
234 }
235 #endif /* HKS_SUPPORT_RSA_GENERATE_KEY */
236
237 #ifdef HKS_SUPPORT_RSA_GET_PUBLIC_KEY
HksOpensslGetRsaPubKey(const struct HksBlob * input,struct HksBlob * output)238 int32_t HksOpensslGetRsaPubKey(const struct HksBlob *input, struct HksBlob *output)
239 {
240 struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)input->data;
241 output->size = sizeof(struct KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize;
242
243 struct KeyMaterialRsa *publickeyMaterial = (struct KeyMaterialRsa *)output->data;
244 publickeyMaterial->keyAlg = keyMaterial->keyAlg;
245 publickeyMaterial->keySize = keyMaterial->keySize;
246 publickeyMaterial->nSize = keyMaterial->nSize;
247 publickeyMaterial->eSize = keyMaterial->eSize;
248 publickeyMaterial->dSize = 0;
249
250 (void)memcpy_s(output->data + sizeof(struct KeyMaterialRsa), output->size - sizeof(struct KeyMaterialRsa),
251 input->data + sizeof(struct KeyMaterialRsa), keyMaterial->nSize + keyMaterial->eSize);
252
253 return HKS_SUCCESS;
254 }
255 #endif /* HKS_SUPPORT_RSA_GET_PUBLIC_KEY */
256
257 #ifdef HKS_SUPPORT_RSA_CRYPT
GetRsaCryptPadding(uint32_t padding,uint32_t * rsaPadding)258 static int32_t GetRsaCryptPadding(uint32_t padding, uint32_t *rsaPadding)
259 {
260 switch (padding) {
261 #ifdef HKS_SUPPORT_RSA_ECB_NOPADDING
262 case HKS_PADDING_NONE:
263 *rsaPadding = RSA_NO_PADDING;
264 return HKS_SUCCESS;
265 #endif
266 #ifdef HKS_SUPPORT_RSA_ECB_PKCS1PADDING
267 case HKS_PADDING_PKCS1_V1_5:
268 *rsaPadding = RSA_PKCS1_PADDING;
269 return HKS_SUCCESS;
270 #endif
271 #if defined(HKS_SUPPORT_RSA_ECB_OEAPPADDING) || defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA1MGF1) || \
272 defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA224MGF1) || defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA256MGF1) || \
273 defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA384MGF1) || defined(HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA512MGF1)
274 case HKS_PADDING_OAEP:
275 *rsaPadding = RSA_PKCS1_OAEP_PADDING;
276 return HKS_SUCCESS;
277 #endif
278 default:
279 return HKS_ERROR_NOT_SUPPORTED;
280 }
281 }
282
InitEvpPkeyCtx(const struct HksBlob * key,bool encrypt)283 static EVP_PKEY_CTX *InitEvpPkeyCtx(const struct HksBlob *key, bool encrypt)
284 {
285 int32_t ret = RsaCheckKeyMaterial(key);
286 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, NULL, "check key material failed")
287
288 RSA *rsa = InitRsaStruct(key, !encrypt);
289 HKS_IF_NULL_LOGE_RETURN(rsa, NULL, "initialize rsa key failed")
290
291 EVP_PKEY *pkey = EVP_PKEY_new();
292 if (pkey == NULL) {
293 RSA_free(rsa);
294 HksLogOpensslError();
295 return NULL;
296 }
297
298 ret = EVP_PKEY_assign_RSA(pkey, rsa);
299 if (ret != HKS_OPENSSL_SUCCESS) {
300 HksLogOpensslError();
301 RSA_free(rsa);
302 EVP_PKEY_free(pkey);
303 return NULL;
304 }
305
306 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL);
307 if (ctx == NULL) {
308 HksLogOpensslError();
309 EVP_PKEY_free(pkey);
310 return NULL;
311 }
312
313 if (encrypt) {
314 ret = EVP_PKEY_encrypt_init(ctx);
315 } else {
316 ret = EVP_PKEY_decrypt_init(ctx);
317 }
318 if (ret != HKS_OPENSSL_SUCCESS) {
319 HksLogOpensslError();
320 EVP_PKEY_free(pkey);
321 EVP_PKEY_CTX_free(ctx);
322 return NULL;
323 }
324
325 EVP_PKEY_free(pkey);
326 return ctx;
327 }
328
HksOpensslRsaCryptInit(EVP_PKEY_CTX * ctx,const struct HksUsageSpec * usageSpec)329 static int32_t HksOpensslRsaCryptInit(EVP_PKEY_CTX *ctx, const struct HksUsageSpec *usageSpec)
330 {
331 int32_t ret;
332 uint32_t padding = 0;
333 HKS_IF_NOT_SUCC_LOGE_RETURN(GetRsaCryptPadding(usageSpec->padding, &padding),
334 HKS_ERROR_CRYPTO_ENGINE_ERROR, "Unsupport padding.")
335
336 ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding);
337 if (ret <= 0) {
338 HksLogOpensslError();
339 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
340 }
341
342 if (usageSpec->padding == HKS_PADDING_OAEP) {
343 const EVP_MD *md = GetOpensslAlg(usageSpec->digest);
344 if ((md == NULL) || (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) <= 0) ||
345 (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) <= 0)) {
346 HksLogOpensslError();
347 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
348 }
349 }
350 return HKS_SUCCESS;
351 }
352
HksOpensslRsaCrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText)353 static int32_t HksOpensslRsaCrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
354 const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
355 {
356 int32_t ret;
357 EVP_PKEY_CTX *ctx = InitEvpPkeyCtx(key, encrypt);
358 if (ctx == NULL) {
359 HksLogOpensslError();
360 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
361 }
362
363 if (HksOpensslRsaCryptInit(ctx, usageSpec) != HKS_SUCCESS) {
364 EVP_PKEY_CTX_free(ctx);
365 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
366 }
367
368 size_t outLen;
369 if (encrypt) {
370 ret = EVP_PKEY_encrypt(ctx, NULL, &outLen, message->data, message->size);
371 } else {
372 ret = EVP_PKEY_decrypt(ctx, NULL, &outLen, message->data, message->size);
373 }
374 if (ret != HKS_OPENSSL_SUCCESS) {
375 HksLogOpensslError();
376 EVP_PKEY_CTX_free(ctx);
377 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
378 }
379
380 if (outLen > cipherText->size) {
381 HksLogOpensslError();
382 EVP_PKEY_CTX_free(ctx);
383 return HKS_ERROR_INVALID_ARGUMENT;
384 }
385
386 if (encrypt) {
387 ret = EVP_PKEY_encrypt(ctx, cipherText->data, &outLen, message->data, message->size);
388 } else {
389 ret = EVP_PKEY_decrypt(ctx, cipherText->data, &outLen, message->data, message->size);
390 }
391 if (ret != HKS_OPENSSL_SUCCESS) {
392 HksLogOpensslError();
393 EVP_PKEY_CTX_free(ctx);
394 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
395 }
396 cipherText->size = outLen;
397
398 EVP_PKEY_CTX_free(ctx);
399 return HKS_SUCCESS;
400 }
401
HksOpensslRsaEncrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)402 int32_t HksOpensslRsaEncrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
403 const struct HksBlob *message, struct HksBlob *cipherText, struct HksBlob *tagAead)
404 {
405 (void)tagAead;
406 return HksOpensslRsaCrypt(key, usageSpec, message, true, cipherText);
407 }
408
HksOpensslRsaDecrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText)409 int32_t HksOpensslRsaDecrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
410 const struct HksBlob *message, struct HksBlob *cipherText)
411 {
412 return HksOpensslRsaCrypt(key, usageSpec, message, false, cipherText);
413 }
414 #endif /* HKS_SUPPORT_RSA_CRYPT */
415
416 #ifdef HKS_SUPPORT_RSA_SIGN_VERIFY
GetRsaSignPadding(uint32_t padding,uint32_t * rsaPadding)417 static int32_t GetRsaSignPadding(uint32_t padding, uint32_t *rsaPadding)
418 {
419 switch (padding) {
420 case HKS_PADDING_PKCS1_V1_5:
421 *rsaPadding = RSA_PKCS1_PADDING;
422 return HKS_SUCCESS;
423 case HKS_PADDING_PSS:
424 *rsaPadding = RSA_PKCS1_PSS_PADDING;
425 return HKS_SUCCESS;
426 case HKS_PADDING_NONE:
427 *rsaPadding = RSA_NO_PADDING;
428 return HKS_SUCCESS;
429 default:
430 return HKS_ERROR_NOT_SUPPORTED;
431 }
432 }
433
SetRsaPadding(EVP_PKEY_CTX * ctx,const struct HksUsageSpec * usageSpec)434 static int32_t SetRsaPadding(EVP_PKEY_CTX *ctx, const struct HksUsageSpec *usageSpec)
435 {
436 uint32_t opensslPadding = 0;
437 int32_t ret = GetRsaSignPadding(usageSpec->padding, &opensslPadding);
438 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_PADDING, "Unsupport padding.")
439
440 if (EVP_PKEY_CTX_set_rsa_padding(ctx, opensslPadding) != HKS_OPENSSL_SUCCESS) {
441 HksLogOpensslError();
442 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
443 }
444 if (usageSpec->padding == HKS_PADDING_PSS) {
445 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, GetRsaPssSaltLen(usageSpec)) != HKS_OPENSSL_SUCCESS) {
446 HksLogOpensslError();
447 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
448 }
449 }
450 return HKS_SUCCESS;
451 }
452
InitRsaEvpKey(const struct HksBlob * key,bool signing)453 static EVP_PKEY *InitRsaEvpKey(const struct HksBlob *key, bool signing)
454 {
455 RSA *rsa = InitRsaStruct(key, signing);
456 HKS_IF_NULL_LOGE_RETURN(rsa, NULL, "initialize rsa key failed")
457
458 EVP_PKEY *pkey = EVP_PKEY_new();
459 if (pkey == NULL) {
460 HKS_LOG_E("evp pkey new failed");
461 SELF_FREE_PTR(rsa, RSA_free);
462 return NULL;
463 }
464
465 if (EVP_PKEY_assign_RSA(pkey, rsa) != HKS_OPENSSL_SUCCESS) {
466 HksLogOpensslError();
467 SELF_FREE_PTR(rsa, RSA_free);
468 SELF_FREE_PTR(pkey, EVP_PKEY_free);
469 return NULL;
470 }
471
472 return pkey;
473 }
474
InitRsaCtx(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool signing,uint32_t len)475 static EVP_PKEY_CTX *InitRsaCtx(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool signing,
476 uint32_t len)
477 {
478 const EVP_MD *opensslAlg = GetOpensslAlg(usageSpec->digest);
479 if (usageSpec->digest == HKS_DIGEST_NONE) {
480 opensslAlg = GetOpensslAlgFromLen(len);
481 }
482
483 if (opensslAlg == NULL) {
484 HKS_LOG_E("get openssl algorithm fail");
485 return NULL;
486 }
487 EVP_PKEY *pkey = NULL;
488 EVP_PKEY_CTX *ctx = NULL;
489 int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
490 do {
491 pkey = InitRsaEvpKey(key, signing);
492 HKS_IF_NULL_BREAK(pkey)
493
494 ctx = EVP_PKEY_CTX_new(pkey, NULL);
495 HKS_IF_NULL_BREAK(ctx)
496
497 if (signing) {
498 ret = EVP_PKEY_sign_init(ctx);
499 } else {
500 ret = EVP_PKEY_verify_init(ctx);
501 }
502 if (ret != HKS_OPENSSL_SUCCESS) {
503 break;
504 }
505
506 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
507 HKS_IF_NOT_SUCC_BREAK(SetRsaPadding(ctx, usageSpec))
508 if (EVP_PKEY_CTX_set_signature_md(ctx, opensslAlg) != HKS_OPENSSL_SUCCESS) {
509 break;
510 }
511 ret = HKS_SUCCESS;
512 } while (0);
513
514 SELF_FREE_PTR(pkey, EVP_PKEY_free);
515 if (ret != HKS_SUCCESS) {
516 HksLogOpensslError();
517 SELF_FREE_PTR(ctx, EVP_PKEY_CTX_free);
518 }
519
520 return ctx;
521 }
522
HksOpensslRsaSign(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * signature)523 int32_t HksOpensslRsaSign(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
524 const struct HksBlob *message, struct HksBlob *signature)
525 {
526 EVP_PKEY_CTX *ctx = InitRsaCtx(key, usageSpec, true, message->size);
527 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_INVALID_KEY_INFO, "initialize rsa context failed")
528
529 size_t sigSize = (size_t)signature->size;
530 if (EVP_PKEY_sign(ctx, signature->data, &sigSize, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
531 HksLogOpensslError();
532 EVP_PKEY_CTX_free(ctx);
533 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
534 }
535 signature->size = (uint32_t)sigSize;
536 EVP_PKEY_CTX_free(ctx);
537 return HKS_SUCCESS;
538 }
539
HksOpensslRsaVerify(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const struct HksBlob * signature)540 int32_t HksOpensslRsaVerify(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
541 const struct HksBlob *message, const struct HksBlob *signature)
542 {
543 EVP_PKEY_CTX *ctx = InitRsaCtx(key, usageSpec, false, message->size);
544 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_INVALID_KEY_INFO, "initialize rsa context failed")
545
546 if (EVP_PKEY_verify(ctx, signature->data, signature->size, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
547 HksLogOpensslError();
548 EVP_PKEY_CTX_free(ctx);
549 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
550 }
551 EVP_PKEY_CTX_free(ctx);
552 return HKS_SUCCESS;
553 }
554 #endif /* HKS_SUPPORT_RSA_SIGN_VERIFY */
555 #endif /* HKS_SUPPORT_RSA_C */
556