1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "softbus_aes_encrypt.h"
17
18 #include <openssl/evp.h>
19 #include <openssl/hmac.h>
20 #include <openssl/rand.h>
21 #include <securec.h>
22
23 #include "openssl/aes.h"
24
25 #include "comm_log.h"
26 #include "softbus_adapter_crypto.h"
27 #include "softbus_adapter_mem.h"
28 #include "softbus_errcode.h"
29
30 #define AES_128_CFB_KEYLEN 16
31 #define AES_256_CFB_KEYLEN 32
32 #define AES_128_GCM_KEYLEN 16
33 #define AES_256_GCM_KEYLEN 32
34 #define AES_128_CFB_BITS_LEN 128
35 #define AES_256_CFB_BITS_LEN 256
36 #define OPENSSL_EVP_PADDING_FUNC_OPEN (1)
37 #define OPENSSL_EVP_PADDING_FUNC_CLOSE (0)
38
SoftBusGenerateHmacHash(const EncryptKey * randomKey,const uint8_t * rootKey,uint32_t rootKeyLen,uint8_t * hash,uint32_t hashLen)39 int32_t SoftBusGenerateHmacHash(
40 const EncryptKey *randomKey, const uint8_t *rootKey, uint32_t rootKeyLen, uint8_t *hash, uint32_t hashLen)
41 {
42 uint32_t outBufLen;
43 uint8_t tempOutputData[EVP_MAX_MD_SIZE];
44
45 if (randomKey == NULL || rootKey == NULL || rootKeyLen == 0 || hash == NULL || hashLen == 0) {
46 COMM_LOGE(COMM_ADAPTER, "invalid param.");
47 return SOFTBUS_INVALID_PARAM;
48 }
49 HMAC_CTX *ctx = HMAC_CTX_new();
50 if (ctx == NULL) {
51 COMM_LOGE(COMM_ADAPTER, "HMAC_CTX_new failed.");
52 return SOFTBUS_ERR;
53 }
54 if (HMAC_CTX_reset(ctx) != 1) {
55 COMM_LOGE(COMM_ADAPTER, "HMAC_CTX_reset failed.");
56 HMAC_CTX_free(ctx);
57 return SOFTBUS_ERR;
58 }
59 if (HMAC_Init_ex(ctx, rootKey, rootKeyLen, EVP_sha256(), NULL) != 1) {
60 COMM_LOGE(COMM_ADAPTER, "HMAC_Init_ex failed.");
61 HMAC_CTX_free(ctx);
62 return SOFTBUS_ERR;
63 }
64 if (HMAC_Update(ctx, randomKey->key, (size_t)randomKey->len) != 1) {
65 COMM_LOGE(COMM_ADAPTER, "HMAC_Update failed.");
66 HMAC_CTX_free(ctx);
67 return SOFTBUS_ERR;
68 }
69 if (HMAC_Final(ctx, tempOutputData, &outBufLen) != 1) {
70 COMM_LOGE(COMM_ADAPTER, "HMAC_Final failed.");
71 HMAC_CTX_free(ctx);
72 return SOFTBUS_ERR;
73 }
74 HMAC_CTX_free(ctx);
75 if (hashLen < outBufLen) {
76 COMM_LOGE(COMM_ADAPTER, "hash is invalid param.");
77 return SOFTBUS_INVALID_PARAM;
78 }
79 if (outBufLen != SHA256_MAC_LEN) {
80 COMM_LOGE(COMM_ADAPTER, "outBufLen is invalid length for hash.");
81 return SOFTBUS_ERR;
82 }
83 if (memcpy_s(hash, hashLen, tempOutputData, outBufLen) != EOK) {
84 COMM_LOGE(COMM_ADAPTER, "hash result memcpy_s failed.");
85 return SOFTBUS_MEM_ERR;
86 }
87 return SOFTBUS_OK;
88 }
89
OpensslAesCfbEncrypt(AesCipherKey * cipherKey,const AesInputData * inData,int32_t encMode,AesOutputData * outData)90 static int32_t OpensslAesCfbEncrypt(
91 AesCipherKey *cipherKey, const AesInputData *inData, int32_t encMode, AesOutputData *outData)
92 {
93 int32_t num = 0;
94 AES_KEY aes;
95
96 if (cipherKey == NULL || cipherKey->ivLen != AES_IV_LENGTH || inData == NULL || inData->data == NULL ||
97 outData == NULL || (encMode != ENCRYPT_MODE && encMode != DECRYPT_MODE)) {
98 COMM_LOGE(COMM_ADAPTER, "invalid param.");
99 return SOFTBUS_INVALID_PARAM;
100 }
101 int32_t bits = 0;
102 switch (cipherKey->keyLen) {
103 case AES_128_CFB_KEYLEN:
104 bits = AES_128_CFB_BITS_LEN;
105 break;
106 case AES_256_CFB_KEYLEN:
107 bits = AES_256_CFB_BITS_LEN;
108 break;
109 default:
110 COMM_LOGE(COMM_ADAPTER, "cipherKey->keyLen unable to get encryption bits.");
111 return SOFTBUS_INVALID_PARAM;
112 }
113 if (AES_set_encrypt_key(cipherKey->key, bits, &aes) < 0) {
114 COMM_LOGE(COMM_ADAPTER, "SoftbusAesCfbEncrypt unable to set encryption key in AES.");
115 return SOFTBUS_ERR;
116 }
117 if (encMode == ENCRYPT_MODE) {
118 AES_cfb128_encrypt(inData->data, outData->data, inData->len, &aes, cipherKey->iv, &num, ENCRYPT_MODE);
119 } else {
120 AES_cfb128_encrypt(inData->data, outData->data, inData->len, &aes, cipherKey->iv, &num, DECRYPT_MODE);
121 }
122 outData->len = inData->len;
123 return SOFTBUS_OK;
124 }
125
RootKeyGenerateIvAndSessionKey(const EncryptKey * randomKey,EncryptKey * rootKey,AesCipherKey * cipherKey)126 static int32_t RootKeyGenerateIvAndSessionKey(const EncryptKey *randomKey, EncryptKey *rootKey, AesCipherKey *cipherKey)
127 {
128 uint8_t result[SHA256_MAC_LEN] = { 0 };
129 if (SoftBusGenerateHmacHash(randomKey, rootKey->key, rootKey->len, result, sizeof(result)) != SOFTBUS_OK) {
130 COMM_LOGE(COMM_ADAPTER, "SslHmacSha256 failed.");
131 return SOFTBUS_ERR;
132 }
133 if (memcpy_s(cipherKey->key, cipherKey->keyLen, result, AES_SESSION_KEY_LENGTH) != EOK) {
134 COMM_LOGE(COMM_ADAPTER, "RootKeyGenerateIvAndSessionKey fill sessionKey failed!");
135 return SOFTBUS_MEM_ERR;
136 }
137 if (memcpy_s(cipherKey->iv, cipherKey->ivLen, result + AES_SESSION_KEY_LENGTH,
138 SHA256_MAC_LEN - AES_SESSION_KEY_LENGTH) != EOK) {
139 COMM_LOGE(COMM_ADAPTER, "RootKeyGenerateIvAndSessionKey fill iv failed!");
140 return SOFTBUS_MEM_ERR;
141 }
142 return SOFTBUS_OK;
143 }
144
GenerateIvAndSessionKey(const EncryptKey * randomKey,EncryptKey * rootKey,AesCipherKey * cipherKey)145 static int32_t GenerateIvAndSessionKey(const EncryptKey *randomKey, EncryptKey *rootKey, AesCipherKey *cipherKey)
146 {
147 if (cipherKey == NULL) {
148 COMM_LOGE(COMM_ADAPTER, "invalid param.");
149 return SOFTBUS_INVALID_PARAM;
150 }
151 cipherKey->keyLen = AES_SESSION_KEY_LENGTH;
152 cipherKey->ivLen = AES_IV_LENGTH;
153 cipherKey->key = (uint8_t *)SoftBusCalloc(cipherKey->keyLen);
154 if (cipherKey->key == NULL) {
155 return SOFTBUS_MEM_ERR;
156 }
157 cipherKey->iv = (uint8_t *)SoftBusCalloc(cipherKey->ivLen);
158 if (cipherKey->iv == NULL) {
159 SoftBusFree(cipherKey->key);
160 return SOFTBUS_MEM_ERR;
161 }
162 if (RootKeyGenerateIvAndSessionKey(randomKey, rootKey, cipherKey) != SOFTBUS_OK) {
163 COMM_LOGE(COMM_ADAPTER, "RootKeyGenerateIvAndSessionKey failed!");
164 SoftBusFree(cipherKey->key);
165 SoftBusFree(cipherKey->iv);
166 return SOFTBUS_ERR;
167 }
168 return SOFTBUS_OK;
169 }
170
SoftBusAesCfbRootEncrypt(const AesInputData * inData,const EncryptKey * randomKey,EncryptKey * rootKey,int32_t encMode,AesOutputData * outData)171 int32_t SoftBusAesCfbRootEncrypt(const AesInputData *inData, const EncryptKey *randomKey, EncryptKey *rootKey,
172 int32_t encMode, AesOutputData *outData)
173 {
174 if (inData == NULL || inData->data == NULL || randomKey == NULL || randomKey->key == NULL || rootKey == NULL ||
175 rootKey->key == NULL || outData == NULL || (encMode != ENCRYPT_MODE && encMode != DECRYPT_MODE)) {
176 COMM_LOGE(COMM_ADAPTER, "invalid param.");
177 return SOFTBUS_INVALID_PARAM;
178 }
179 AesCipherKey cipherKey = { 0 };
180 AesOutputData encryptData = { .data = (uint8_t *)SoftBusCalloc(inData->len), .len = inData->len };
181 if (encryptData.data == NULL) {
182 COMM_LOGE(COMM_ADAPTER, "encryptData calloc failed.");
183 return SOFTBUS_MEM_ERR;
184 }
185 if (GenerateIvAndSessionKey(randomKey, rootKey, &cipherKey) != SOFTBUS_OK) {
186 COMM_LOGE(COMM_ADAPTER, "GenerateIvAndSessionKey failed!");
187 SoftBusFree(encryptData.data);
188 return SOFTBUS_ERR;
189 }
190 if (OpensslAesCfbEncrypt(&cipherKey, inData, encMode, &encryptData) != SOFTBUS_OK) {
191 COMM_LOGE(COMM_ADAPTER, "OpensslAesCfb encrypt or decrypt by root key failed.");
192 SoftBusFree(cipherKey.key);
193 SoftBusFree(cipherKey.iv);
194 SoftBusFree(encryptData.data);
195 encryptData.data = NULL;
196 return SOFTBUS_ENCRYPT_ERR;
197 }
198 (void)memset_s(cipherKey.key, cipherKey.keyLen, 0, cipherKey.keyLen);
199 (void)memset_s(cipherKey.iv, cipherKey.ivLen, 0, cipherKey.ivLen);
200 SoftBusFree(cipherKey.key);
201 SoftBusFree(cipherKey.iv);
202 outData->len = encryptData.len;
203 outData->data = encryptData.data;
204 return SOFTBUS_OK;
205 }
206
SoftBusAesCfbEncrypt(const AesInputData * inData,AesCipherKey * cipherKey,int32_t encMode,AesOutputData * outData)207 int32_t SoftBusAesCfbEncrypt(
208 const AesInputData *inData, AesCipherKey *cipherKey, int32_t encMode, AesOutputData *outData)
209 {
210 uint8_t random[RANDOM_LENGTH] = { 0 };
211 uint8_t result[SHA256_MAC_LEN] = { 0 };
212
213 if (inData == NULL || inData->data == NULL || cipherKey == NULL || cipherKey->ivLen < RANDOM_LENGTH ||
214 outData == NULL || (encMode != ENCRYPT_MODE && encMode != DECRYPT_MODE)) {
215 COMM_LOGE(COMM_ADAPTER, "invalid param.");
216 return SOFTBUS_INVALID_PARAM;
217 }
218 if (memcpy_s(random, sizeof(random), cipherKey->iv, sizeof(random)) != EOK) {
219 COMM_LOGE(COMM_ADAPTER, "random memcpy_s failed!");
220 return SOFTBUS_MEM_ERR;
221 }
222 EncryptKey key = { cipherKey->key, cipherKey->keyLen };
223 if (SoftBusGenerateHmacHash(&key, random, sizeof(random), result, SHA256_MAC_LEN) != SOFTBUS_OK) {
224 COMM_LOGE(COMM_ADAPTER, "SslHmacSha256 failed.");
225 return SOFTBUS_ERR;
226 }
227 (void)memset_s(cipherKey->key, cipherKey->keyLen, 0, cipherKey->keyLen);
228 if (memcpy_s(cipherKey->key, cipherKey->keyLen, result, SHA256_MAC_LEN) != EOK) {
229 COMM_LOGE(COMM_ADAPTER, "fill cipherKey->key failed!");
230 return SOFTBUS_MEM_ERR;
231 }
232 AesOutputData encryptData = { .data = (uint8_t *)SoftBusCalloc(inData->len), .len = inData->len };
233 if (encryptData.data == NULL) {
234 COMM_LOGE(COMM_ADAPTER, "encryptData calloc failed.");
235 return SOFTBUS_MEM_ERR;
236 }
237 if (OpensslAesCfbEncrypt(cipherKey, inData, encMode, &encryptData) != SOFTBUS_OK) {
238 COMM_LOGE(COMM_ADAPTER, "OpensslAesCfbEncrypt failed.");
239 SoftBusFree(encryptData.data);
240 encryptData.data = NULL;
241 return SOFTBUS_ENCRYPT_ERR;
242 }
243
244 outData->data = encryptData.data;
245 outData->len = encryptData.len;
246 return SOFTBUS_OK;
247 }
248
GetSslGcmAlgorithmByKeyLen(uint32_t keyLen)249 static EVP_CIPHER *GetSslGcmAlgorithmByKeyLen(uint32_t keyLen)
250 {
251 switch (keyLen) {
252 case AES_128_GCM_KEYLEN:
253 return (EVP_CIPHER *)EVP_aes_128_gcm();
254 case AES_256_GCM_KEYLEN:
255 return (EVP_CIPHER *)EVP_aes_256_gcm();
256 default:
257 COMM_LOGE(COMM_ADAPTER, "Get SslGcmAlgorithm ByKeyLen failed.");
258 return NULL;
259 }
260 return NULL;
261 }
262
GcmOpensslEvpInit(EVP_CIPHER_CTX ** ctx,uint32_t keyLen,int32_t encMode)263 static int32_t GcmOpensslEvpInit(EVP_CIPHER_CTX **ctx, uint32_t keyLen, int32_t encMode)
264 {
265 if (ctx == NULL || keyLen == 0 || (encMode != ENCRYPT_MODE && encMode != DECRYPT_MODE)) {
266 COMM_LOGE(COMM_ADAPTER, "invalid param.");
267 return SOFTBUS_INVALID_PARAM;
268 }
269 EVP_CIPHER *cipher = GetSslGcmAlgorithmByKeyLen(keyLen);
270 if (cipher == NULL) {
271 COMM_LOGE(COMM_ADAPTER, "GetSslGcmAlgorithmByKeyLen failed.");
272 return SOFTBUS_ERR;
273 }
274 *ctx = EVP_CIPHER_CTX_new();
275 if (*ctx == NULL) {
276 COMM_LOGE(COMM_ADAPTER, "EVP_CIPHER_CTX_new failed.");
277 return SOFTBUS_ERR;
278 }
279 EVP_CIPHER_CTX_set_padding(*ctx, OPENSSL_EVP_PADDING_FUNC_CLOSE);
280 if (encMode == ENCRYPT_MODE) {
281 if (EVP_EncryptInit_ex(*ctx, cipher, NULL, NULL, NULL) != 1) {
282 COMM_LOGE(COMM_ADAPTER, "EVP_EncryptInit_ex failed.");
283 EVP_CIPHER_CTX_free(*ctx);
284 return SOFTBUS_ERR;
285 }
286 } else {
287 if (EVP_DecryptInit_ex(*ctx, cipher, NULL, NULL, NULL) != 1) {
288 COMM_LOGE(COMM_ADAPTER, "EVP_DecryptInit_ex failed.");
289 EVP_CIPHER_CTX_free(*ctx);
290 return SOFTBUS_ERR;
291 }
292 }
293 if (EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_GCM_SET_IVLEN, AES_IV_LENGTH, NULL) != 1) {
294 COMM_LOGE(COMM_ADAPTER, "EVP_CIPHER_CTX_ctrl failed.");
295 EVP_CIPHER_CTX_free(*ctx);
296 return SOFTBUS_ERR;
297 }
298 return SOFTBUS_OK;
299 }
300
OpensslAesGcmEncrypt(const uint8_t * srcData,uint32_t srcDataLen,AesCipherKey * cipherKey,uint8_t * outData,uint32_t * outDataLen)301 static int32_t OpensslAesGcmEncrypt(
302 const uint8_t *srcData, uint32_t srcDataLen, AesCipherKey *cipherKey, uint8_t *outData, uint32_t *outDataLen)
303 {
304 if (srcData == NULL || srcDataLen == 0 || cipherKey == NULL || outData == NULL || outDataLen == NULL ||
305 *outDataLen < (srcDataLen + AES_GCM_TAG_LEN)) {
306 COMM_LOGE(COMM_ADAPTER, "invalid param.");
307 return SOFTBUS_INVALID_PARAM;
308 }
309 EVP_CIPHER_CTX *ctx = NULL;
310 if (GcmOpensslEvpInit(&ctx, cipherKey->keyLen, ENCRYPT_MODE) != SOFTBUS_OK) {
311 COMM_LOGE(COMM_ADAPTER, "GcmOpensslEvpInit failed.");
312 return SOFTBUS_ERR;
313 }
314 if (EVP_EncryptInit_ex(ctx, NULL, NULL, cipherKey->key, cipherKey->iv) != 1) {
315 COMM_LOGE(COMM_ADAPTER, "EVP_EncryptInit_ex failed.");
316 EVP_CIPHER_CTX_free(ctx);
317 return SOFTBUS_ERR;
318 }
319 int32_t outLen = 0;
320 int32_t outBufLen = 0;
321 if (EVP_EncryptUpdate(ctx, outData, &outBufLen, srcData, srcDataLen) != 1) {
322 COMM_LOGE(COMM_ADAPTER, "EVP_EncryptUpdate failed.");
323 EVP_CIPHER_CTX_free(ctx);
324 return SOFTBUS_ERR;
325 }
326 outLen += outBufLen;
327 if (EVP_EncryptFinal_ex(ctx, outData + outBufLen, &outBufLen) != 1) {
328 COMM_LOGE(COMM_ADAPTER, "EVP_EncryptFinal_ex failed.");
329 EVP_CIPHER_CTX_free(ctx);
330 return SOFTBUS_ERR;
331 }
332 outLen += outBufLen;
333 if (*outDataLen < ((uint32_t)outLen + AES_GCM_TAG_LEN)) {
334 COMM_LOGE(COMM_ADAPTER, "invalid param. *outDataLen=%{public}u, outLen=%{public}u", *outDataLen,
335 (uint32_t)outLen);
336 EVP_CIPHER_CTX_free(ctx);
337 return SOFTBUS_INVALID_PARAM;
338 }
339 uint8_t tagbuf[AES_GCM_TAG_LEN]; // outData has two part: EncryptedData & AES-GCM-TAG
340 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_GCM_TAG_LEN, (void *)tagbuf) != 1) {
341 COMM_LOGE(COMM_ADAPTER, "EVP_CTRL_GCM_GET_TAG failed.");
342 EVP_CIPHER_CTX_free(ctx);
343 return SOFTBUS_ERR;
344 }
345 if (memcpy_s(outData + outLen, *outDataLen - outLen, tagbuf, AES_GCM_TAG_LEN) != EOK) {
346 COMM_LOGE(COMM_ADAPTER, "tag memcpy_s failed.");
347 EVP_CIPHER_CTX_free(ctx);
348 return SOFTBUS_MEM_ERR;
349 }
350 *outDataLen = outLen + AES_GCM_TAG_LEN;
351 EVP_CIPHER_CTX_free(ctx);
352 return SOFTBUS_OK;
353 }
354
OpensslAesGcmDecrypt(const uint8_t * srcData,uint32_t srcDataLen,AesCipherKey * cipherKey,uint8_t * outData,uint32_t * outDataLen)355 static int32_t OpensslAesGcmDecrypt(
356 const uint8_t *srcData, uint32_t srcDataLen, AesCipherKey *cipherKey, uint8_t *outData, uint32_t *outDataLen)
357 {
358 if (srcData == NULL || srcDataLen <= AES_GCM_TAG_LEN || cipherKey == NULL || outData == NULL ||
359 outDataLen == NULL || *outDataLen < (srcDataLen - AES_GCM_TAG_LEN)) {
360 COMM_LOGE(COMM_ADAPTER, "invalid param.");
361 return SOFTBUS_INVALID_PARAM;
362 }
363 EVP_CIPHER_CTX *ctx = NULL;
364 if (GcmOpensslEvpInit(&ctx, cipherKey->keyLen, DECRYPT_MODE) != SOFTBUS_OK) {
365 COMM_LOGE(COMM_ADAPTER, "GcmOpensslEvpInit failed.");
366 return SOFTBUS_ERR;
367 }
368 if (EVP_DecryptInit_ex(ctx, NULL, NULL, cipherKey->key, cipherKey->iv) != 1) {
369 COMM_LOGE(COMM_ADAPTER, "EVP_DecryptInit_ex failed.");
370 EVP_CIPHER_CTX_free(ctx);
371 return SOFTBUS_ERR;
372 }
373 int32_t outLen = 0;
374 int32_t outBufLen = 0;
375 uint8_t trueEncryptedData[srcDataLen - AES_GCM_TAG_LEN];
376 if (memcpy_s(trueEncryptedData, srcDataLen - AES_GCM_TAG_LEN, srcData, srcDataLen - AES_GCM_TAG_LEN) != EOK) {
377 COMM_LOGE(COMM_ADAPTER, "trueEncryptedData memcpy_s failed.");
378 EVP_CIPHER_CTX_free(ctx);
379 return SOFTBUS_MEM_ERR;
380 }
381 if (EVP_CIPHER_CTX_ctrl(
382 ctx, EVP_CTRL_GCM_SET_TAG, AES_GCM_TAG_LEN, (void *)(srcData + (srcDataLen - AES_GCM_TAG_LEN))) != 1) {
383 COMM_LOGE(COMM_ADAPTER, "EVP_CTRL_GCM_SET_TAG failed.");
384 EVP_CIPHER_CTX_free(ctx);
385 return SOFTBUS_ERR;
386 }
387 if (EVP_DecryptUpdate(ctx, outData, &outBufLen, trueEncryptedData, srcDataLen - AES_GCM_TAG_LEN) != 1) {
388 COMM_LOGE(COMM_ADAPTER, "EVP_DecryptUpdate failed.");
389 EVP_CIPHER_CTX_free(ctx);
390 return SOFTBUS_ERR;
391 }
392 outLen += outBufLen;
393 if (EVP_DecryptFinal_ex(ctx, outData + outBufLen, &outBufLen) != 1) {
394 COMM_LOGE(COMM_ADAPTER, "EVP_DecryptFinal_ex failed.");
395 EVP_CIPHER_CTX_free(ctx);
396 return SOFTBUS_ERR;
397 }
398 outLen += outBufLen;
399 *outDataLen = outLen;
400 EVP_CIPHER_CTX_free(ctx);
401 return SOFTBUS_OK;
402 }
403
SoftBusAesGcmEncrypt(const AesInputData * inData,AesCipherKey * cipherKey,int32_t encMode,AesOutputData * outData)404 int32_t SoftBusAesGcmEncrypt(
405 const AesInputData *inData, AesCipherKey *cipherKey, int32_t encMode, AesOutputData *outData)
406 {
407 if (inData == NULL || inData->data == NULL || cipherKey == NULL || cipherKey->key == NULL ||
408 cipherKey->iv == NULL || outData == NULL || (encMode != ENCRYPT_MODE && encMode != DECRYPT_MODE)) {
409 COMM_LOGE(COMM_ADAPTER, "invalid param.");
410 return SOFTBUS_INVALID_PARAM;
411 }
412 uint32_t encryptDataLen = inData->len + AES_GCM_TAG_LEN;
413 uint8_t *encryptData = (uint8_t *)SoftBusCalloc(encryptDataLen);
414 if (encryptData == NULL) {
415 COMM_LOGE(COMM_ADAPTER, "encrypt data calloc fail.");
416 return SOFTBUS_MEM_ERR;
417 }
418 if (encMode == ENCRYPT_MODE) {
419 if (OpensslAesGcmEncrypt(inData->data, inData->len, cipherKey, encryptData, &encryptDataLen) != SOFTBUS_OK) {
420 COMM_LOGE(COMM_ADAPTER, "OpensslAesGcmEncrypt failed.");
421 SoftBusFree(encryptData);
422 encryptData = NULL;
423 return SOFTBUS_ENCRYPT_ERR;
424 }
425 } else {
426 if (OpensslAesGcmDecrypt(inData->data, inData->len, cipherKey, encryptData, &encryptDataLen) != SOFTBUS_OK) {
427 COMM_LOGE(COMM_ADAPTER, "OpensslAesGcmDecrypt failed.");
428 SoftBusFree(encryptData);
429 encryptData = NULL;
430 return SOFTBUS_DECRYPT_ERR;
431 }
432 }
433 outData->data = encryptData;
434 outData->len = encryptDataLen;
435 return SOFTBUS_OK;
436 }