1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #ifdef HKS_SUPPORT_3DES_C
23
24 #include "hks_mbedtls_3des.h"
25
26 #include <mbedtls/des.h>
27 #include <mbedtls/ccm.h>
28 #include <mbedtls/cipher.h>
29 #include <mbedtls/ctr_drbg.h>
30 #include <mbedtls/entropy.h>
31 #include <mbedtls/gcm.h>
32
33 #include <securec.h>
34
35 #include "hks_log.h"
36 #include "hks_mbedtls_common.h"
37 #include "hks_mem.h"
38 #include "hks_template.h"
39
40 #define HKS_3DES_CBC_NOPADDING_IV_SIZE 8
41 #define HKS_3DES_CBC_DATA_BLOB_SIZE 8
42
43 struct HksMbedtls3DesCtx {
44 uint32_t algType;
45 uint32_t mode;
46 uint32_t padding;
47 uint8_t *append;
48 uint8_t iv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
49 } HksMbedtls3DesCtx;
50
CheckKeySize(const struct HksBlob * key)51 static int32_t CheckKeySize(const struct HksBlob *key)
52 {
53 if ((key->size != HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) && (key->size != HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192))) {
54 return HKS_ERROR_INVALID_KEY_SIZE;
55 }
56
57 return HKS_SUCCESS;
58 }
59
60 #ifdef HKS_SUPPORT_3DES_GENERATE_KEY
HksMbedtls3DesGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)61 int32_t HksMbedtls3DesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
62 {
63 if ((spec->keyLen != HKS_3DES_KEY_SIZE_128) && (spec->keyLen != HKS_3DES_KEY_SIZE_192)) {
64 return HKS_ERROR_INVALID_KEY_SIZE;
65 }
66
67 const uint32_t keyByteLen = spec->keyLen / HKS_BITS_PER_BYTE;
68
69 uint8_t *outKey = (uint8_t *)HksMalloc(keyByteLen);
70 HKS_IF_NULL_RETURN(outKey, HKS_ERROR_MALLOC_FAIL)
71
72 mbedtls_entropy_context entropy;
73 mbedtls_ctr_drbg_context ctrDrbg;
74 (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
75 (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
76 int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
77 if (ret != HKS_SUCCESS) {
78 HKS_FREE(outKey);
79 return ret;
80 }
81
82 do {
83 ret = mbedtls_ctr_drbg_random(&ctrDrbg, outKey, keyByteLen);
84 if (ret != HKS_MBEDTLS_SUCCESS) {
85 HKS_LOG_E("Mbedtls ctr drbg random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
86 (void)memset_s(outKey, keyByteLen, 0, keyByteLen);
87 HKS_FREE(outKey);
88 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
89 break;
90 }
91
92 key->data = outKey;
93 key->size = keyByteLen;
94 } while (0);
95
96 mbedtls_ctr_drbg_free(&ctrDrbg);
97 mbedtls_entropy_free(&entropy);
98 return ret;
99 }
100 #endif /* HKS_SUPPORT_3DES_GENERATE_KEY */
101
102 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
Des3CbcNoPaddingCryptSetKey(const struct HksBlob * key,mbedtls_des3_context * ctx,const bool encrypt)103 static int32_t Des3CbcNoPaddingCryptSetKey(const struct HksBlob *key, mbedtls_des3_context *ctx, const bool encrypt)
104 {
105 int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
106 if (encrypt) {
107 if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
108 ret = mbedtls_des3_set2key_enc(ctx, key->data);
109 } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
110 ret = mbedtls_des3_set3key_enc(ctx, key->data);
111 }
112 } else {
113 if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
114 ret = mbedtls_des3_set2key_dec(ctx, key->data);
115 } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
116 ret = mbedtls_des3_set3key_dec(ctx, key->data);
117 }
118 }
119
120 return ret;
121 }
122
Des3CbcNoPaddingCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)123 static int32_t Des3CbcNoPaddingCryptInit(
124 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
125 {
126 mbedtls_des3_context *ctx = (mbedtls_des3_context *)HksMalloc(sizeof(mbedtls_des3_context));
127 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_MALLOC_FAIL, "initialize ctx fail")
128 mbedtls_des3_init(ctx);
129
130 int32_t ret = Des3CbcNoPaddingCryptSetKey(key, ctx, encrypt);
131 if (ret != HKS_MBEDTLS_SUCCESS) {
132 HKS_LOG_E("Mbedtls 3des set key failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
133 mbedtls_des3_free(ctx);
134 HKS_FREE(ctx);
135 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
136 }
137
138 struct HksCipherParam *iv = (struct HksCipherParam *)(usageSpec->algParam);
139 if (iv->iv.size != HKS_3DES_CBC_NOPADDING_IV_SIZE) {
140 HKS_LOG_E("initialize iv fail");
141 mbedtls_des3_free(ctx);
142 HKS_FREE(ctx);
143 return HKS_ERROR_INVALID_IV;
144 }
145
146 struct HksMbedtls3DesCtx *outCtx = (struct HksMbedtls3DesCtx *)HksMalloc(sizeof(struct HksMbedtls3DesCtx));
147 if (outCtx == NULL) {
148 HKS_LOG_E("initialize outCtx fail");
149 mbedtls_des3_free(ctx);
150 HKS_FREE(ctx);
151 return HKS_ERROR_MALLOC_FAIL;
152 }
153
154 outCtx->append = (void *)ctx;
155 outCtx->mode = usageSpec->mode;
156 outCtx->padding = usageSpec->padding;
157 (void)memcpy_s(outCtx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE, iv->iv.data, HKS_3DES_CBC_NOPADDING_IV_SIZE);
158
159 *cryptoCtx = (void *)outCtx;
160
161 return ret;
162 }
163
Des3CbcNoPaddingCryptUpdate(void * cryptoCtx,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText)164 static int32_t Des3CbcNoPaddingCryptUpdate(
165 void *cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
166 {
167 struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)cryptoCtx;
168 HKS_IF_NULL_RETURN(des3Ctx, HKS_ERROR_NULL_POINTER)
169
170 mbedtls_des3_context *cbcNoPaddingCtx = (mbedtls_des3_context *)des3Ctx->append;
171
172 HKS_IF_NULL_RETURN(cbcNoPaddingCtx, HKS_ERROR_NULL_POINTER)
173
174 int32_t ret;
175 do {
176 if (message->size % HKS_3DES_CBC_DATA_BLOB_SIZE != 0) {
177 HKS_LOG_E("Des3CbcNoPaddingCryptUpdate data size invalid!");
178 ret = HKS_ERROR_INVALID_ARGUMENT;
179 break;
180 }
181
182 /* mbedtls_des3_crypt_cbc will refresh iv, so need a temp iv */
183 uint8_t tmpIv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
184 if (memcpy_s(tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE, des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE) != EOK) {
185 HKS_LOG_E("Memcpy temp iv failed!");
186 ret = HKS_ERROR_INVALID_IV;
187 break;
188 }
189
190 ret = mbedtls_des3_crypt_cbc(cbcNoPaddingCtx,
191 (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
192 message->size,
193 tmpIv,
194 message->data,
195 cipherText->data);
196 if (ret != HKS_MBEDTLS_SUCCESS) {
197 HKS_LOG_E("Mbedtks 3des cbc nopadding crypt failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
198 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
199 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
200 break;
201 }
202
203 cipherText->size = message->size;
204 (void)memcpy_s(des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE, tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE);
205 } while (0);
206
207 return ret;
208 }
209
Des3CbcNoPaddingCryptFinal(void ** cryptoCtx,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText)210 static int32_t Des3CbcNoPaddingCryptFinal(
211 void **cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
212 {
213 struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
214 mbedtls_des3_context *cbcNoPaddingCtx = (mbedtls_des3_context *)des3Ctx->append;
215
216 if (cbcNoPaddingCtx == NULL) {
217 HKS_FREE(*cryptoCtx);
218 return HKS_ERROR_NULL_POINTER;
219 }
220
221 int32_t ret = HKS_SUCCESS;
222 do {
223 if (message->size % HKS_3DES_CBC_DATA_BLOB_SIZE != 0) {
224 HKS_LOG_E("Des3CbcNoPaddingCryptFinal data size invalid!");
225 ret = HKS_ERROR_INVALID_ARGUMENT;
226 break;
227 }
228
229 if (message->size != 0) {
230 /* mbedtls_des3_crypt_cbc will refresh iv, so need a temp iv */
231 uint8_t tmpIv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
232 if (memcpy_s(tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE, des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE) != EOK) {
233 HKS_LOG_E("Memcpy temp iv failed!");
234 ret = HKS_ERROR_INVALID_IV;
235 break;
236 }
237 ret = mbedtls_des3_crypt_cbc(cbcNoPaddingCtx,
238 (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
239 message->size,
240 tmpIv,
241 message->data,
242 cipherText->data);
243 if (ret != HKS_MBEDTLS_SUCCESS) {
244 HKS_LOG_E("Mbedtls 3des gcm encryot failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
245 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
246 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
247 break;
248 }
249 }
250 cipherText->size = message->size;
251 } while (0);
252
253 mbedtls_des3_free(cbcNoPaddingCtx);
254 HKS_FREE(des3Ctx->append);
255 HKS_FREE(*cryptoCtx);
256
257 return ret;
258 }
259 #endif /* HKS_SUPPORT_3DES_CBC_NOPADDING */
260
Des3CbcCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)261 static int32_t Des3CbcCryptInit(
262 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
263 {
264 switch (usageSpec->padding) {
265 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
266 case HKS_PADDING_NONE:
267 return Des3CbcNoPaddingCryptInit(cryptoCtx, key, usageSpec, encrypt);
268 #endif
269 default:
270 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
271 return HKS_ERROR_INVALID_PADDING;
272 }
273 }
274
Des3CbcCryptUpdate(void * cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)275 static int32_t Des3CbcCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
276 struct HksBlob *cipherText, const bool encrypt)
277 {
278 switch (padding) {
279 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
280 case HKS_PADDING_NONE:
281 return Des3CbcNoPaddingCryptUpdate(cryptoCtx, message, encrypt, cipherText);
282 #endif
283 default:
284 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
285 return HKS_ERROR_INVALID_PADDING;
286 }
287 }
288
Des3CbcCryptFinal(void ** cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)289 static int32_t Des3CbcCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
290 struct HksBlob *cipherText, const bool encrypt)
291 {
292 switch (padding) {
293 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
294 case HKS_PADDING_NONE:
295 return Des3CbcNoPaddingCryptFinal(cryptoCtx, message, encrypt, cipherText);
296 #endif
297 default:
298 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
299 return HKS_ERROR_INVALID_PADDING;
300 }
301 }
302
303 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
Des3EcbNoPaddingCryptInitParam(const struct HksBlob * key,mbedtls_cipher_context_t * ecbCtx,const bool encrypt)304 static int32_t Des3EcbNoPaddingCryptInitParam(const struct HksBlob *key, mbedtls_cipher_context_t *ecbCtx,
305 const bool encrypt)
306 {
307 const mbedtls_cipher_info_t *info = NULL;
308 if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
309 info = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
310 } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
311 info = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_3DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
312 }
313 if (info == NULL) {
314 HKS_LOG_E("get cipher info from values failed!");
315 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
316 }
317 int32_t ret = mbedtls_cipher_setup(ecbCtx, info);
318 if (ret != HKS_MBEDTLS_SUCCESS) {
319 HKS_LOG_E("Mbedtls cipher setup failed ret = %" LOG_PUBLIC "d", ret);
320 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
321 }
322
323 ret = mbedtls_cipher_setkey(
324 ecbCtx, key->data, key->size * HKS_BITS_PER_BYTE, encrypt ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
325 if (ret != HKS_MBEDTLS_SUCCESS) {
326 HKS_LOG_E("Mbedtls setkey failed ret = %" LOG_PUBLIC "d", ret);
327 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
328 }
329
330 ret = mbedtls_cipher_set_iv(ecbCtx, NULL, 0);
331 if (ret != HKS_MBEDTLS_SUCCESS) {
332 HKS_LOG_E("Mbedtls set iv failed ret = %" LOG_PUBLIC "d", ret);
333 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
334 }
335 return HKS_SUCCESS;
336 }
337
Des3EcbNoPaddingCryptInit(void ** cryptoCtx,const struct HksUsageSpec * usageSpec,const struct HksBlob * key,const bool encrypt)338 static int32_t Des3EcbNoPaddingCryptInit(void **cryptoCtx, const struct HksUsageSpec *usageSpec,
339 const struct HksBlob *key, const bool encrypt)
340 {
341 mbedtls_cipher_context_t *ecbCtx = (mbedtls_cipher_context_t *)HksMalloc(sizeof(mbedtls_cipher_context_t));
342 HKS_IF_NULL_LOGE_RETURN(ecbCtx, HKS_ERROR_MALLOC_FAIL, "Ecb ecbCtx malloc fail")
343
344 mbedtls_cipher_init(ecbCtx);
345
346 int32_t ret = Des3EcbNoPaddingCryptInitParam(key, ecbCtx, encrypt);
347 if (ret != HKS_SUCCESS) {
348 HKS_LOG_E("Des3EcbNoPaddingCryptInitParam failed ret = %" LOG_PUBLIC "d", ret);
349 mbedtls_cipher_free(ecbCtx);
350 HKS_FREE(ecbCtx);
351 return ret;
352 }
353
354 ret = mbedtls_cipher_reset(ecbCtx);
355 if (ret != HKS_MBEDTLS_SUCCESS) {
356 HKS_LOG_E("Mbedtls reset failed ret = %" LOG_PUBLIC "d", ret);
357 mbedtls_cipher_free(ecbCtx);
358 HKS_FREE(ecbCtx);
359 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
360 }
361
362 struct HksMbedtls3DesCtx *outCtx = (struct HksMbedtls3DesCtx *)HksMalloc(sizeof(struct HksMbedtls3DesCtx));
363 if (outCtx == NULL) {
364 HKS_LOG_E("initialize outCtx fail");
365 mbedtls_cipher_free(ecbCtx);
366 HKS_FREE(ecbCtx);
367 return HKS_ERROR_MALLOC_FAIL;
368 }
369
370 outCtx->algType = usageSpec->algType;
371 outCtx->mode = usageSpec->mode;
372 outCtx->padding = usageSpec->padding;
373 outCtx->append = (void *)ecbCtx;
374 *cryptoCtx = (void *)outCtx;
375
376 return ret;
377 }
378
Des3EcbNoPaddingData(mbedtls_cipher_context_t * ecbNoPadingctx,size_t blockSize,const struct HksBlob * message,struct HksBlob * cipherText,size_t * outLenTotal)379 static int32_t Des3EcbNoPaddingData(mbedtls_cipher_context_t *ecbNoPadingctx, size_t blockSize,
380 const struct HksBlob *message, struct HksBlob *cipherText, size_t *outLenTotal)
381 {
382 int32_t ret;
383
384 uint8_t *tmpMessage = (uint8_t *)HksMalloc(blockSize);
385 HKS_IF_NULL_LOGE_RETURN(tmpMessage, HKS_ERROR_INSUFFICIENT_MEMORY, "EcbNoPaddingUpdate tmpMessage is null")
386
387 if (message->size <= blockSize) {
388 (void)memset_s(tmpMessage, blockSize, 0, blockSize);
389 (void)memcpy_s(tmpMessage, message->size, message->data, message->size);
390 ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, blockSize, cipherText->data, outLenTotal);
391 if (ret != HKS_MBEDTLS_SUCCESS) {
392 HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
393 HKS_FREE(tmpMessage);
394 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
395 }
396 } else {
397 uint32_t point = 0;
398 while (point < message->size) {
399 (void)memset_s(tmpMessage, blockSize, 0, blockSize);
400 uint32_t tmpSize = (message->size - point) >= blockSize ? blockSize : (message->size - point);
401 ret = memcpy_s(tmpMessage, blockSize, message->data + point, tmpSize);
402 if (ret != HKS_MBEDTLS_SUCCESS) {
403 HKS_LOG_E("copy data failed");
404 HKS_FREE(tmpMessage);
405 return HKS_ERROR_INSUFFICIENT_MEMORY;
406 }
407 size_t olen;
408 ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, tmpSize, cipherText->data + point, &olen);
409 if (ret != HKS_MBEDTLS_SUCCESS) {
410 HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
411 HKS_FREE(tmpMessage);
412 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
413 }
414 *outLenTotal += olen;
415 point += blockSize;
416 }
417 }
418 HKS_FREE(tmpMessage);
419 return HKS_SUCCESS;
420 }
421
Get3DesEcbNoPaddingCtx(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,size_t * outLenTotal)422 static mbedtls_cipher_context_t *Get3DesEcbNoPaddingCtx(void *cryptoCtx, const struct HksBlob *message,
423 struct HksBlob *cipherText, size_t *outLenTotal)
424 {
425 struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)cryptoCtx;
426 mbedtls_cipher_context_t *ecbNoPadingctx = (mbedtls_cipher_context_t *)des3Ctx->append;
427 HKS_IF_NULL_LOGE_RETURN(ecbNoPadingctx, NULL, "EcbNoPaddingUpdate ecbNoPadingctx is null")
428
429 int32_t ret = HKS_SUCCESS;
430 do {
431 if (message == NULL) {
432 HKS_LOG_E("The message is null.");
433 ret = HKS_FAILURE;
434 break;
435 }
436
437 if (message->size != 0) {
438 size_t blockSize = mbedtls_cipher_get_block_size(ecbNoPadingctx);
439 HKS_LOG_E("Ecb No padding update!message.size[%" LOG_PUBLIC "d] blockSize[%" LOG_PUBLIC "d]",
440 message->size, blockSize);
441 if (blockSize == 0 || (message->size % blockSize != 0)) {
442 HKS_LOG_E("The size of message is invalid.");
443 ret = HKS_ERROR_INVALID_ARGUMENT;
444 break;
445 }
446
447 ret = Des3EcbNoPaddingData(ecbNoPadingctx, blockSize, message, cipherText, outLenTotal);
448 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DesEcbNoPaddingData failed")
449 }
450 } while (0);
451
452 HKS_IF_NOT_SUCC_RETURN(ret, NULL)
453
454 return ecbNoPadingctx;
455 }
456
Des3EcbNoPaddingCryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)457 static int32_t Des3EcbNoPaddingCryptUpdate(void *cryptoCtx, const struct HksBlob *message,
458 struct HksBlob *cipherText)
459 {
460 size_t outLenTotal = 0;
461 HKS_IF_NULL_RETURN(Get3DesEcbNoPaddingCtx(cryptoCtx, message, cipherText, &outLenTotal), HKS_ERROR_NULL_POINTER)
462
463 cipherText->size = outLenTotal;
464 return HKS_SUCCESS;
465 }
466
Des3EcbNoPaddingCryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)467 static int32_t Des3EcbNoPaddingCryptFinal(void **cryptoCtx, const struct HksBlob *message,
468 struct HksBlob *cipherText)
469 {
470 size_t outLenTotal = 0;
471 mbedtls_cipher_context_t *ecbNoPadingctx = Get3DesEcbNoPaddingCtx(*cryptoCtx, message, cipherText, &outLenTotal);
472 if (ecbNoPadingctx == NULL) {
473 HKS_FREE(*cryptoCtx);
474 return HKS_ERROR_NULL_POINTER;
475 }
476
477 struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
478 size_t finishOlen;
479 size_t olen = outLenTotal;
480 int32_t ret = mbedtls_cipher_finish(ecbNoPadingctx, cipherText->data + olen, &finishOlen);
481 if (ret != HKS_MBEDTLS_SUCCESS) {
482 HKS_LOG_E("Mbedtls ecb nopadding crypt update failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
483 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
484 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
485 } else {
486 cipherText->size = olen + finishOlen;
487 }
488
489 mbedtls_cipher_free(ecbNoPadingctx);
490 HKS_FREE(des3Ctx->append);
491 HKS_FREE(*cryptoCtx);
492
493 return ret;
494 }
495 #endif
496
Des3EcbCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)497 static int32_t Des3EcbCryptInit(void **cryptoCtx, const struct HksBlob *key,
498 const struct HksUsageSpec *usageSpec, const bool encrypt)
499 {
500 switch (usageSpec->padding) {
501 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
502 case HKS_PADDING_NONE:
503 return Des3EcbNoPaddingCryptInit(cryptoCtx, usageSpec, key, encrypt);
504 #endif
505 default:
506 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
507 return HKS_ERROR_INVALID_PADDING;
508 }
509 }
510
Des3EcbCryptUpdate(void * cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText)511 static int32_t Des3EcbCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
512 struct HksBlob *cipherText)
513 {
514 switch (padding) {
515 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
516 case HKS_PADDING_NONE:
517 return Des3EcbNoPaddingCryptUpdate(cryptoCtx, message, cipherText);
518 #endif
519 default:
520 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
521 return HKS_ERROR_INVALID_PADDING;
522 }
523 }
524
Des3EcbCryptFinal(void ** cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText)525 static int32_t Des3EcbCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
526 struct HksBlob *cipherText)
527 {
528 switch (padding) {
529 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
530 case HKS_PADDING_NONE:
531 return Des3EcbNoPaddingCryptFinal(cryptoCtx, message, cipherText);
532 #endif
533 default:
534 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
535 return HKS_ERROR_INVALID_PADDING;
536 }
537 }
538
HksMbedtls3DesEncryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)539 int32_t HksMbedtls3DesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
540 {
541 if (CheckKeySize(key) != HKS_SUCCESS || cryptoCtx == NULL || usageSpec == NULL) {
542 HKS_LOG_E("Invalid des3 keySiz = 0x%" LOG_PUBLIC "X", key->size);
543 return HKS_ERROR_INVALID_ARGUMENT;
544 }
545
546 switch (usageSpec->mode) {
547 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
548 case HKS_MODE_CBC:
549 return Des3CbcCryptInit(cryptoCtx, key, usageSpec, true);
550 #endif
551 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
552 case HKS_MODE_ECB:
553 return Des3EcbCryptInit(cryptoCtx, key, usageSpec, true);
554 #endif
555 default:
556 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
557 return HKS_ERROR_NOT_SUPPORTED;
558 }
559 }
560
HksMbedtls3DesEncryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)561 int32_t HksMbedtls3DesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
562 {
563 HKS_IF_NULL_LOGE_RETURN(cryptoCtx, HKS_ERROR_INVALID_ARGUMENT, "Mbedtls 3DES encrypt update param is null")
564
565 struct HksMbedtls3DesCtx *des3EncryptCtx = (struct HksMbedtls3DesCtx *)cryptoCtx;
566
567 switch (des3EncryptCtx->mode) {
568 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
569 case HKS_MODE_CBC:
570 return Des3CbcCryptUpdate(cryptoCtx, des3EncryptCtx->padding, message, cipherText, true);
571 #endif
572 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
573 case HKS_MODE_ECB:
574 return Des3EcbCryptUpdate(cryptoCtx, des3EncryptCtx->padding, message, cipherText);
575 #endif
576 default:
577 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3EncryptCtx->mode);
578 return HKS_ERROR_INVALID_ARGUMENT;
579 }
580 }
581
HksMbedtls3DesEncryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)582 int32_t HksMbedtls3DesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
583 {
584 struct HksMbedtls3DesCtx *des3EncryptCtx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
585
586 switch (des3EncryptCtx->mode) {
587 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
588 case HKS_MODE_CBC:
589 return Des3CbcCryptFinal(cryptoCtx, des3EncryptCtx->padding, message, cipherText, true);
590 #endif
591 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
592 case HKS_MODE_ECB:
593 return Des3EcbCryptFinal(cryptoCtx, des3EncryptCtx->padding, message, cipherText);
594 #endif
595 default:
596 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3EncryptCtx->mode);
597 return HKS_ERROR_INVALID_ARGUMENT;
598 }
599 }
600
HksMbedtls3DesDecryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)601 int32_t HksMbedtls3DesDecryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
602 {
603 HKS_IF_NOT_SUCC_LOGE_RETURN(
604 CheckKeySize(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid des3 keySize = 0x%" LOG_PUBLIC "X", key->size)
605
606 switch (usageSpec->mode) {
607 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
608 case HKS_MODE_CBC:
609 return Des3CbcCryptInit(cryptoCtx, key, usageSpec, false);
610 #endif
611 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
612 case HKS_MODE_ECB:
613 return Des3EcbCryptInit(cryptoCtx, key, usageSpec, false);
614 #endif
615 default:
616 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
617 return HKS_ERROR_INVALID_ARGUMENT;
618 }
619 }
620
HksMbedtls3DesDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)621 int32_t HksMbedtls3DesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
622 {
623 struct HksMbedtls3DesCtx *des3DecryptCtx = (struct HksMbedtls3DesCtx *)cryptoCtx;
624 switch (des3DecryptCtx->mode) {
625 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
626 case HKS_MODE_CBC:
627 return Des3CbcCryptUpdate(cryptoCtx, des3DecryptCtx->padding, message, cipherText, false);
628 #endif
629 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
630 case HKS_MODE_ECB:
631 return Des3EcbCryptUpdate(cryptoCtx, des3DecryptCtx->padding, message, cipherText);
632 #endif
633 default:
634 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3DecryptCtx->mode);
635 return HKS_ERROR_INVALID_ARGUMENT;
636 }
637 }
638
HksMbedtls3DesDecryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)639 int32_t HksMbedtls3DesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
640 {
641 struct HksMbedtls3DesCtx *des3DecryptCtx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
642
643 switch (des3DecryptCtx->mode) {
644 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
645 case HKS_MODE_CBC:
646 return Des3CbcCryptFinal(cryptoCtx, des3DecryptCtx->padding, message, cipherText, false);
647 #endif
648 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
649 case HKS_MODE_ECB:
650 return Des3EcbCryptFinal(cryptoCtx, des3DecryptCtx->padding, message, cipherText);
651 #endif
652 default:
653 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3DecryptCtx->mode);
654 return HKS_ERROR_INVALID_ARGUMENT;
655 }
656 }
657
HksMbedtls3DesCryptoInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)658 int32_t HksMbedtls3DesCryptoInit(
659 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
660 {
661 if (encrypt) {
662 return HksMbedtls3DesEncryptInit(cryptoCtx, key, usageSpec);
663 } else {
664 return HksMbedtls3DesDecryptInit(cryptoCtx, key, usageSpec);
665 }
666 }
667
HksMbedtls3DesCryptoUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)668 int32_t HksMbedtls3DesCryptoUpdate(
669 void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt)
670 {
671 if (encrypt) {
672 return HksMbedtls3DesEncryptUpdate(cryptoCtx, message, cipherText);
673 } else {
674 return HksMbedtls3DesDecryptUpdate(cryptoCtx, message, cipherText);
675 }
676 }
677
HksMbedtls3DesCryptoFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)678 int32_t HksMbedtls3DesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
679 const bool encrypt)
680 {
681 if (encrypt) {
682 return HksMbedtls3DesEncryptFinal(cryptoCtx, message, cipherText);
683 } else {
684 return HksMbedtls3DesDecryptFinal(cryptoCtx, message, cipherText);
685 }
686 }
687
688 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
HksMbedtls3DesHalModeCbcFreeCtx(void ** cryptCtx)689 void HksMbedtls3DesHalModeCbcFreeCtx(void **cryptCtx)
690 {
691 if (cryptCtx == NULL || *cryptCtx == NULL) {
692 HKS_LOG_E("FreeCtx cryptCtx param is null");
693 return;
694 }
695
696 struct HksMbedtls3DesCtx *mbedtls3DesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
697 if (mbedtls3DesCtx->padding == HKS_PADDING_NONE) {
698 if (mbedtls3DesCtx->append != NULL) {
699 mbedtls_des3_free((mbedtls_des3_context *)(mbedtls3DesCtx->append));
700 HKS_FREE(mbedtls3DesCtx->append);
701 }
702 }
703 }
704 #endif
705
706 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
HksMbedtls3DesHalModeEcbFreeCtx(void ** cryptCtx)707 void HksMbedtls3DesHalModeEcbFreeCtx(void **cryptCtx)
708 {
709 if (cryptCtx == NULL || *cryptCtx == NULL) {
710 HKS_LOG_E("FreeCtx cryptCtx param is null");
711 return;
712 }
713
714 struct HksMbedtls3DesCtx *mbedtlsDesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
715 if (mbedtlsDesCtx->padding == HKS_PADDING_NONE) {
716 if (mbedtlsDesCtx->append != NULL) {
717 mbedtls_cipher_free((mbedtls_cipher_context_t *)mbedtlsDesCtx->append);
718 HKS_FREE(mbedtlsDesCtx->append);
719 }
720 }
721 }
722 #endif
723
HksMbedtls3DesHalFreeCtx(void ** cryptCtx)724 void HksMbedtls3DesHalFreeCtx(void **cryptCtx)
725 {
726 if (cryptCtx == NULL || *cryptCtx == NULL) {
727 HKS_LOG_E("FreeCtx param context null");
728 return;
729 }
730
731 struct HksMbedtls3DesCtx *mbedtls3DesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
732 switch (mbedtls3DesCtx->mode) {
733 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
734 case HKS_MODE_CBC:
735 HksMbedtls3DesHalModeCbcFreeCtx(cryptCtx);
736 break;
737 #endif
738 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
739 case HKS_MODE_ECB:
740 HksMbedtls3DesHalModeEcbFreeCtx(cryptCtx);
741 break;
742 #endif
743 default:
744 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", mbedtls3DesCtx->mode);
745 break;
746 }
747 HKS_FREE(*cryptCtx);
748 }
749 #endif /* HKS_SUPPORT_3DES_C */