1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_crypto_adapter.h"
23
24 #include <stddef.h>
25
26 #include "hks_common_check.h"
27 #include "hks_log.h"
28 #include "hks_mem.h"
29 #include "hks_param.h"
30 #include "hks_template.h"
31 #include "securec.h"
32
HksFillKeySpec(const struct HksParamSet * paramSet,struct HksKeySpec * spec)33 void HksFillKeySpec(const struct HksParamSet *paramSet, struct HksKeySpec *spec)
34 {
35 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
36 switch (paramSet->params[i].tag) {
37 case HKS_TAG_ALGORITHM:
38 spec->algType = paramSet->params[i].uint32Param;
39 break;
40 case HKS_TAG_KEY_SIZE:
41 spec->keyLen = paramSet->params[i].uint32Param;
42 break;
43 default:
44 break;
45 }
46 }
47 }
48
HksFillUsageSpec(const struct HksParamSet * paramSet,struct HksUsageSpec * usageSpec)49 void HksFillUsageSpec(const struct HksParamSet *paramSet, struct HksUsageSpec *usageSpec)
50 {
51 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
52 switch (paramSet->params[i].tag) {
53 case HKS_TAG_ALGORITHM:
54 usageSpec->algType = paramSet->params[i].uint32Param;
55 break;
56 case HKS_TAG_PADDING:
57 usageSpec->padding = paramSet->params[i].uint32Param;
58 break;
59 case HKS_TAG_DIGEST:
60 usageSpec->digest = paramSet->params[i].uint32Param;
61 break;
62 case HKS_TAG_BLOCK_MODE:
63 usageSpec->mode = paramSet->params[i].uint32Param;
64 break;
65 case HKS_TAG_PURPOSE:
66 usageSpec->purpose = paramSet->params[i].uint32Param;
67 break;
68 case HKS_TAG_MGF_DIGEST:
69 usageSpec->mgfDigest = paramSet->params[i].uint32Param;
70 break;
71 default:
72 break;
73 }
74 }
75 usageSpec->algParam = NULL;
76 }
77
HksFreeUsageSpec(struct HksUsageSpec ** usageSpec)78 void HksFreeUsageSpec(struct HksUsageSpec **usageSpec)
79 {
80 if ((usageSpec == NULL) || (*usageSpec == NULL)) {
81 return;
82 }
83
84 if ((*usageSpec)->algParam != NULL) {
85 HKS_FREE((*usageSpec)->algParam);
86 }
87 HKS_FREE(*usageSpec);
88 }
89
HksFillKeyDerivationParam(const struct HksParamSet * paramSet,struct HksKeyDerivationParam * param)90 void HksFillKeyDerivationParam(const struct HksParamSet *paramSet, struct HksKeyDerivationParam *param)
91 {
92 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
93 switch (paramSet->params[i].tag) {
94 case HKS_TAG_DIGEST:
95 param->digestAlg = paramSet->params[i].uint32Param;
96 break;
97 case HKS_TAG_SALT:
98 param->salt = paramSet->params[i].blob;
99 break;
100 case HKS_TAG_INFO:
101 param->info = paramSet->params[i].blob;
102 break;
103 case HKS_TAG_ITERATION:
104 param->iterations = paramSet->params[i].uint32Param;
105 break;
106 default:
107 break;
108 }
109 }
110 }
111
HksFillAeadParam(const struct HksParamSet * paramSet,struct HksBlob * inputText,struct HksUsageSpec * usageSpec,bool isEncrypt)112 int32_t HksFillAeadParam(
113 const struct HksParamSet *paramSet, struct HksBlob *inputText, struct HksUsageSpec *usageSpec, bool isEncrypt)
114 {
115 struct HksParam *nonceParam = NULL;
116 int32_t ret = HksGetParam(paramSet, HKS_TAG_NONCE, &nonceParam);
117 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksFillAeadParam get nonce param failed!")
118
119 struct HksParam emptyAadParam = {
120 .tag = HKS_TAG_ASSOCIATED_DATA,
121 .blob = {
122 .size = 0,
123 .data = NULL
124 }
125 };
126 struct HksParam *aadParam = NULL;
127 ret = HksGetParam(paramSet, HKS_TAG_ASSOCIATED_DATA, &aadParam);
128 if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
129 HKS_LOG_W("HksFillAeadParam no input aad, do not use aad");
130 aadParam = &emptyAadParam;
131 } else if (ret != HKS_SUCCESS) {
132 HKS_LOG_E("HksFillAeadParam get aad param failed!");
133 return ret;
134 }
135
136 struct HksParam tagParam;
137 if (!isEncrypt) {
138 if (inputText->size <= HKS_AE_TAG_LEN) {
139 HKS_LOG_E("too small inputText size");
140 return HKS_ERROR_INVALID_ARGUMENT;
141 }
142 inputText->size -= HKS_AE_TAG_LEN;
143
144 tagParam.blob.size = HKS_AE_TAG_LEN;
145 tagParam.blob.data = inputText->data + inputText->size;
146 }
147
148 struct HksAeadParam *aeadParam = (struct HksAeadParam *)HksMalloc(sizeof(struct HksAeadParam));
149 HKS_IF_NULL_LOGE_RETURN(aeadParam, HKS_ERROR_MALLOC_FAIL, "aeadParam malloc failed!")
150
151 if (!isEncrypt) {
152 aeadParam->tagDec = tagParam.blob;
153 } else {
154 aeadParam->tagLenEnc = HKS_AE_TAG_LEN;
155 }
156
157 aeadParam->nonce = nonceParam->blob;
158 aeadParam->aad = aadParam->blob;
159 aeadParam->payloadLen = 0;
160 usageSpec->algParam = aeadParam;
161 return HKS_SUCCESS;
162 }
163
HksFillIvParam(const struct HksParamSet * paramSet,struct HksUsageSpec * usageSpec)164 int32_t HksFillIvParam(const struct HksParamSet *paramSet, struct HksUsageSpec *usageSpec)
165 {
166 struct HksParam *ivParam = NULL;
167 int32_t ret = HksGetParam(paramSet, HKS_TAG_IV, &ivParam);
168 if (ret != HKS_SUCCESS && usageSpec->mode == HKS_MODE_ECB) {
169 return HKS_SUCCESS;
170 }
171 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher get iv param failed!")
172
173 struct HksCipherParam *param = (struct HksCipherParam *)HksMalloc(sizeof(struct HksCipherParam));
174 HKS_IF_NULL_LOGE_RETURN(param, HKS_ERROR_MALLOC_FAIL, "param malloc failed!")
175
176 param->iv = ivParam->blob;
177 usageSpec->algParam = param;
178 return HKS_SUCCESS;
179 }
180
HksIsAlgorithmSm4(const struct HksParamSet * paramSet)181 static bool HksIsAlgorithmSm4(const struct HksParamSet *paramSet)
182 {
183 struct HksParam *algParam = NULL;
184 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
185 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check sm4 get alg param failed!")
186 return (algParam->uint32Param == HKS_ALG_SM4);
187 }
188
189 #ifdef HKS_SUPPORT_3DES_C
HksIsNeedIv3DES(const struct HksParamSet * paramSet)190 static bool HksIsNeedIv3DES(const struct HksParamSet *paramSet)
191 {
192 struct HksParam *algParam = NULL;
193 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
194 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check 3DES get alg param failed!")
195
196 struct HksParam *modeParam = NULL;
197 ret = HksGetParam(paramSet, HKS_TAG_BLOCK_MODE, &modeParam);
198 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check 3DES get block mode param failed!")
199
200 return ((algParam->uint32Param == HKS_ALG_3DES) && (modeParam->uint32Param == HKS_MODE_CBC));
201 }
202 #endif
203
204 #ifdef HKS_SUPPORT_DES_C
HksIsNeedIvDES(const struct HksParamSet * paramSet)205 static bool HksIsNeedIvDES(const struct HksParamSet *paramSet)
206 {
207 struct HksParam *algParam = NULL;
208 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
209 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check DES get alg param failed!")
210
211 struct HksParam *modeParam = NULL;
212 ret = HksGetParam(paramSet, HKS_TAG_BLOCK_MODE, &modeParam);
213 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check DES get block mode param failed!")
214
215 return ((algParam->uint32Param == HKS_ALG_DES) && (modeParam->uint32Param == HKS_MODE_CBC));
216 }
217 #endif
218
HksBuildCipherUsageSpec(const struct HksParamSet * paramSet,bool isEncrypt,struct HksBlob * inputText,struct HksUsageSpec ** outUsageSpec)219 int32_t HksBuildCipherUsageSpec(
220 const struct HksParamSet *paramSet, bool isEncrypt, struct HksBlob *inputText, struct HksUsageSpec **outUsageSpec)
221 {
222 bool isAes = false;
223 bool isAeMode = false;
224 int32_t ret = HksCheckAesAeMode(paramSet, &isAes, &isAeMode);
225 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get aeMode failed!")
226
227 struct HksUsageSpec *usageSpec = (struct HksUsageSpec *)HksMalloc(sizeof(struct HksUsageSpec));
228 HKS_IF_NULL_LOGE_RETURN(usageSpec, HKS_ERROR_MALLOC_FAIL, "cipher usageSpec malloc failed!")
229
230 HksFillUsageSpec(paramSet, usageSpec);
231
232 if (usageSpec->algType == HKS_ALG_RSA && usageSpec->digest == HKS_DIGEST_NONE) {
233 usageSpec->digest = HKS_DIGEST_SHA1;
234 }
235
236 if (HksIsAlgorithmSm4(paramSet)) { // is sm4
237 ret = HksFillIvParam(paramSet, usageSpec);
238 #ifdef HKS_SUPPORT_3DES_C
239 } else if (HksIsNeedIv3DES(paramSet)) { // is 3des
240 ret = HksFillIvParam(paramSet, usageSpec);
241 #endif
242 #ifdef HKS_SUPPORT_DES_C
243 } else if (HksIsNeedIvDES(paramSet)) { // is des
244 ret = HksFillIvParam(paramSet, usageSpec);
245 #endif
246 } else if (!isAes) { // not sm4, not aes
247 *outUsageSpec = usageSpec;
248 return HKS_SUCCESS;
249 } else if (isAeMode) { // is aes, is ae mode
250 ret = HksFillAeadParam(paramSet, inputText, usageSpec, isEncrypt);
251 } else { // is aes, not ae mode
252 ret = HksFillIvParam(paramSet, usageSpec);
253 }
254
255 if (ret != HKS_SUCCESS) {
256 HksFreeUsageSpec(&usageSpec);
257 HKS_LOG_E("fill[%" LOG_PUBLIC "x] param failed!", isAeMode);
258 return ret;
259 }
260
261 *outUsageSpec = usageSpec;
262 return HKS_SUCCESS;
263 }
264
HksGetEncryptAeTag(const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData,struct HksBlob * tagAead)265 int32_t HksGetEncryptAeTag(
266 const struct HksParamSet *paramSet, const struct HksBlob *inData, struct HksBlob *outData, struct HksBlob *tagAead)
267 {
268 bool isAes = false;
269 bool isAeMode = false;
270 int32_t ret = HksCheckAesAeMode(paramSet, &isAes, &isAeMode);
271 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get aeMode failed!")
272
273 if ((!isAes) || (!isAeMode)) {
274 tagAead->data = NULL;
275 tagAead->size = 0;
276 return HKS_SUCCESS;
277 }
278
279 if (outData->size < (inData->size + HKS_AE_TAG_LEN)) {
280 HKS_LOG_E("too small out buf!");
281 return HKS_ERROR_INVALID_ARGUMENT;
282 }
283
284 tagAead->data = outData->data + inData->size;
285 tagAead->size = HKS_AE_TAG_LEN;
286 return HKS_SUCCESS;
287 }
288
HksGetDecryptAeTag(const struct HksParamSet * runtimeParamSet,struct HksUsageSpec * spec)289 int32_t HksGetDecryptAeTag(const struct HksParamSet *runtimeParamSet, struct HksUsageSpec *spec)
290 {
291 if (runtimeParamSet == NULL || spec == NULL) {
292 HKS_LOG_E("input param is NULL!");
293 return HKS_ERROR_INVALID_ARGUMENT;
294 }
295
296 bool isAes = false;
297 bool isAeMode = false;
298 (void)HksCheckAesAeMode(runtimeParamSet, &isAes, &isAeMode);
299 if (!(isAes && isAeMode)) {
300 HKS_LOG_E("not aes aead mode!");
301 return HKS_ERROR_INVALID_ARGUMENT;
302 }
303
304 struct HksAeadParam *aeadParam = (struct HksAeadParam *)spec->algParam;
305 if (aeadParam == NULL) {
306 HKS_LOG_E("spec algParam is NULL!");
307 return HKS_ERROR_INVALID_ARGUMENT;
308 }
309
310 struct HksParam *tagParam = NULL;
311 int32_t ret = HksGetParam(runtimeParamSet, HKS_TAG_AE_TAG, &tagParam);
312 if (ret != HKS_SUCCESS) {
313 HKS_LOG_E("get aead tag failed!");
314 return ret;
315 }
316
317 aeadParam->tagDec = tagParam->blob;
318 return HKS_SUCCESS;
319 }
320
BuildParamSetOut(const struct HksParam * params,uint32_t paramCnt,struct HksParamSet * paramSetOut)321 static int32_t BuildParamSetOut(const struct HksParam *params, uint32_t paramCnt, struct HksParamSet *paramSetOut)
322 {
323 int32_t ret;
324 struct HksParamSet *tmpParamSetOut = NULL;
325
326 ret = HksInitParamSet(&tmpParamSetOut);
327 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "init paramSet failed!")
328
329 ret = HksAddParams(tmpParamSetOut, params, paramCnt);
330 if (ret != HKS_SUCCESS) {
331 HKS_LOG_E("add params failed");
332 HksFreeParamSet(&tmpParamSetOut);
333 return ret;
334 }
335
336 ret = HksBuildParamSet(&tmpParamSetOut);
337 if (ret != HKS_SUCCESS) {
338 HKS_LOG_E("build paramSet failed");
339 HksFreeParamSet(&tmpParamSetOut);
340 return ret;
341 }
342
343 if (memcpy_s(paramSetOut, paramSetOut->paramSetSize, tmpParamSetOut, tmpParamSetOut->paramSetSize) != EOK) {
344 HksFreeParamSet(&tmpParamSetOut);
345 HKS_LOG_E("memcpy paramSet out failed, paramSetOut size = %" LOG_PUBLIC "u", paramSetOut->paramSetSize);
346 return HKS_ERROR_INSUFFICIENT_MEMORY;
347 }
348
349 HksFreeParamSet(&tmpParamSetOut);
350 return HksFreshParamSet(paramSetOut, false);
351 }
352
353 #if (defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)) || \
354 (defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY))
FormatKeyInner(uint32_t publicKeySize,uint8_t * publicKey,const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)355 static int32_t FormatKeyInner(uint32_t publicKeySize, uint8_t *publicKey, const struct HksBlob *keyIn,
356 struct HksParamSet *paramSetOut)
357 {
358 struct HksParam params[] = {
359 {
360 .tag = HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA,
361 .blob = { publicKeySize, publicKey },
362 },
363 {
364 .tag = HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA,
365 .blob = { keyIn->size, keyIn->data },
366 },
367 };
368 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
369 }
370 #endif
371
372 #ifndef _CUT_AUTHENTICATE_
SetCurve25519KeyMaterial(bool isPubKey,const struct HksBlob * keyIn,struct HksBlob * keyOut)373 static int32_t SetCurve25519KeyMaterial(bool isPubKey, const struct HksBlob *keyIn, struct HksBlob *keyOut)
374 {
375 struct KeyMaterial25519 curve25519Km = {HKS_ALG_ED25519, 0, 0, 0, 0};
376 curve25519Km.keySize = HKS_CURVE25519_KEY_SIZE_256;
377 curve25519Km.reserved = 0;
378
379 uint32_t offset = sizeof(struct KeyMaterial25519);
380 if (isPubKey) {
381 curve25519Km.pubKeySize = keyIn->size;
382 curve25519Km.priKeySize = 0;
383 } else {
384 curve25519Km.pubKeySize = 0;
385 curve25519Km.priKeySize = keyIn->size;
386 }
387
388 keyOut->size = sizeof(struct KeyMaterial25519) + curve25519Km.pubKeySize + curve25519Km.priKeySize;
389 keyOut->data = (uint8_t *)HksMalloc(keyOut->size);
390 HKS_IF_NULL_RETURN(keyOut->data, HKS_ERROR_MALLOC_FAIL)
391
392 (void)memcpy_s(keyOut->data, keyOut->size, &curve25519Km, sizeof(struct KeyMaterial25519));
393
394 (void)memcpy_s(keyOut->data + offset, keyOut->size - offset, keyIn->data, keyIn->size);
395
396 return HKS_SUCCESS;
397 }
398
CheckCurve25519KeySize(const struct HksBlob * keyIn)399 static int32_t CheckCurve25519KeySize(const struct HksBlob *keyIn)
400 {
401 if (keyIn->size < sizeof(struct KeyMaterial25519)) {
402 HKS_LOG_E("keyIn buffer too small");
403 return HKS_ERROR_INVALID_ARGUMENT;
404 }
405
406 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
407
408 /* input pubKeySize and priKeySize of keyMaterial have been guaranteed that the addition will not overflow */
409 if (keyIn->size < (sizeof(struct KeyMaterial25519) + keyMaterial->pubKeySize + keyMaterial->priKeySize)) {
410 HKS_LOG_E("keyIn is not a valid key material");
411 return HKS_ERROR_INVALID_ARGUMENT;
412 }
413
414 return HKS_SUCCESS;
415 }
416
CheckFormatCurve25519Key(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)417 static int32_t CheckFormatCurve25519Key(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
418 {
419 int32_t ret = CheckCurve25519KeySize(keyIn);
420 HKS_IF_NOT_SUCC_RETURN(ret, ret)
421
422 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
423 uint32_t offset = sizeof(struct HksParamSet) + (sizeof(struct HksParam) << 1);
424 if (keyMaterial->pubKeySize > MAX_KEY_SIZE || keyMaterial->priKeySize > MAX_KEY_SIZE) {
425 HKS_LOG_E("pubKey or priKey buffer too big");
426 return HKS_ERROR_INVALID_ARGUMENT;
427 }
428 if (paramSetOut->paramSetSize < (offset + keyMaterial->pubKeySize + keyMaterial->priKeySize)) {
429 HKS_LOG_E("pubKey or priKey buffer too small");
430 return HKS_ERROR_BUFFER_TOO_SMALL;
431 }
432
433 return HKS_SUCCESS;
434 }
435
FormatCurve25519Key(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)436 static int32_t FormatCurve25519Key(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
437 {
438 int32_t ret = CheckFormatCurve25519Key(keyIn, paramSetOut);
439 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check curve 25519 key failed")
440
441 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
442 struct HksParam params[] = {
443 {
444 .tag = HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA,
445 .blob = { keyMaterial->pubKeySize, keyIn->data + sizeof(struct KeyMaterial25519) },
446 },
447 {
448 .tag = HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA,
449 .blob = { keyMaterial->priKeySize,
450 keyIn->data + sizeof(struct KeyMaterial25519) + keyMaterial->pubKeySize },
451 },
452 };
453
454 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
455 }
456
GetCurve25519FromKeyMaterial(const bool isPubKey,const struct HksBlob * keyMaterial,struct HksBlob * keyOut)457 int32_t GetCurve25519FromKeyMaterial(const bool isPubKey, const struct HksBlob *keyMaterial,
458 struct HksBlob *keyOut)
459 {
460 int32_t ret = CheckCurve25519KeySize(keyMaterial);
461 HKS_IF_NOT_SUCC_RETURN(ret, ret)
462
463 const struct KeyMaterial25519 *km = (struct KeyMaterial25519 *)(keyMaterial->data);
464
465 uint32_t size = (isPubKey ? km->pubKeySize : km->priKeySize);
466 if (size == 0) {
467 HKS_LOG_E("get key material size invalid, pubSize = %" LOG_PUBLIC "u, priSize = %" LOG_PUBLIC "u",
468 km->pubKeySize, km->priKeySize);
469 return HKS_ERROR_INVALID_KEY_INFO;
470 }
471 uint8_t *buffer = (uint8_t *)HksMalloc(size);
472 HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL)
473
474 uint32_t offset = sizeof(struct KeyMaterial25519);
475 uint8_t *tmp = (isPubKey ? (keyMaterial->data + offset) : (keyMaterial->data + offset + km->pubKeySize));
476 (void)memcpy_s(buffer, size, tmp, size);
477
478 keyOut->data = buffer;
479 keyOut->size = size;
480 return HKS_SUCCESS;
481 }
482
483 #if defined(HKS_SUPPORT_AES_C) || (defined(HKS_SUPPORT_HMAC_C) && defined(HKS_SUPPORT_HMAC_GENERATE_KEY))
FormatAesOrHmacKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)484 static int32_t FormatAesOrHmacKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
485 {
486 struct HksParam params[] = {
487 {
488 .tag = HKS_TAG_SYMMETRIC_KEY_DATA,
489 .blob = { keyIn->size, keyIn->data },
490 },
491 };
492 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
493 }
494 #endif
495
496 #if defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY)
FormatRsaKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)497 static int32_t FormatRsaKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
498 {
499 if (keyIn->size < sizeof(struct KeyMaterialRsa)) {
500 return HKS_ERROR_INVALID_ARGUMENT;
501 }
502
503 struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)keyIn->data;
504 uint32_t publicKeySize = sizeof(struct KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize;
505 if (keyIn->size < publicKeySize) {
506 HKS_LOG_E("invalid key info.");
507 return HKS_ERROR_INVALID_KEY_INFO;
508 }
509
510 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
511 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
512
513 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
514 ((struct KeyMaterialRsa *)publicKey)->dSize = 0;
515
516 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
517 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
518 HKS_FREE(publicKey);
519 return ret;
520 }
521 #endif
522
523 #if defined(HKS_SUPPORT_DSA_C) && defined(HKS_SUPPORT_DSA_GENERATE_KEY)
FormatDsaKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)524 static int32_t FormatDsaKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
525 {
526 if (keyIn->size < sizeof(struct KeyMaterialDsa)) {
527 return HKS_ERROR_INVALID_ARGUMENT;
528 }
529
530 struct KeyMaterialDsa *keyMaterial = (struct KeyMaterialDsa *)keyIn->data;
531 uint32_t publicKeySize = sizeof(struct KeyMaterialDsa) + keyMaterial->ySize + keyMaterial->pSize +
532 keyMaterial->qSize + keyMaterial->gSize;
533 if (keyIn->size < publicKeySize) {
534 HKS_LOG_E("invalid key info.");
535 return HKS_ERROR_INVALID_KEY_INFO;
536 }
537
538 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
539 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc key failed.")
540
541 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, sizeof(struct KeyMaterialDsa));
542 uint32_t inOffset = sizeof(struct KeyMaterialDsa);
543 uint32_t outOffset = sizeof(struct KeyMaterialDsa) + keyMaterial->xSize;
544 (void)memcpy_s(publicKey + inOffset, publicKeySize - inOffset, keyIn->data + outOffset, publicKeySize - inOffset);
545 ((struct KeyMaterialDsa *)publicKey)->xSize = 0;
546
547 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
548 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
549 HKS_FREE(publicKey);
550 return ret;
551 }
552 #endif
553
554 #if defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)
FormatEccKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)555 static int32_t FormatEccKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
556 {
557 if (keyIn->size < sizeof(struct KeyMaterialEcc)) {
558 return HKS_ERROR_INVALID_ARGUMENT;
559 }
560
561 struct KeyMaterialEcc *keyMaterial = (struct KeyMaterialEcc *)keyIn->data;
562 uint32_t publicKeySize = sizeof(struct KeyMaterialEcc) + keyMaterial->xSize + keyMaterial->ySize;
563 if (keyIn->size < publicKeySize) {
564 HKS_LOG_E("invalid key info.");
565 return HKS_ERROR_INVALID_KEY_INFO;
566 }
567
568 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
569 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
570
571 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
572 ((struct KeyMaterialEcc *)publicKey)->zSize = 0;
573 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
574 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
575 HKS_FREE(publicKey);
576 return ret;
577 }
578 #endif
579
580 #if defined(HKS_SUPPORT_DH_C) && defined(HKS_SUPPORT_DH_GENERATE_KEY)
FormatDhKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)581 static int32_t FormatDhKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
582 {
583 if (keyIn->size < sizeof(struct KeyMaterialDh)) {
584 return HKS_ERROR_INVALID_ARGUMENT;
585 }
586
587 struct KeyMaterialDh *keyMaterial = (struct KeyMaterialDh *)keyIn->data;
588 uint32_t publicKeySize = sizeof(struct KeyMaterialDh) + keyMaterial->pubKeySize;
589 if (keyIn->size < publicKeySize) {
590 HKS_LOG_E("invalid key info.");
591 return HKS_ERROR_INVALID_KEY_INFO;
592 }
593
594 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
595 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
596
597 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
598 ((struct KeyMaterialDh *)publicKey)->priKeySize = 0;
599 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
600 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
601 HKS_FREE(publicKey);
602 return ret;
603 }
604 #endif
605
HksSetKeyToMaterial(uint32_t alg,bool isPubKey,const struct HksBlob * key,struct HksBlob * keyMaterial)606 int32_t HksSetKeyToMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *key, struct HksBlob *keyMaterial)
607 {
608 switch (alg) {
609 case HKS_ALG_X25519:
610 case HKS_ALG_ED25519:
611 return SetCurve25519KeyMaterial(isPubKey, key, keyMaterial);
612 case HKS_ALG_RSA:
613 case HKS_ALG_DSA:
614 case HKS_ALG_ECC:
615 case HKS_ALG_ECDH:
616 case HKS_ALG_DH:
617 keyMaterial->size = key->size;
618 keyMaterial->data = (uint8_t *)HksMalloc(keyMaterial->size);
619 if (keyMaterial->data != NULL) {
620 (void)memcpy_s(keyMaterial->data, keyMaterial->size, key->data, key->size);
621 return HKS_SUCCESS;
622 } else {
623 return HKS_ERROR_MALLOC_FAIL;
624 }
625 break;
626 default:
627 HKS_LOG_E("alg not support");
628 return HKS_ERROR_INVALID_ALGORITHM;
629 }
630 }
631
HksGetKeyFromMaterial(uint32_t alg,bool isPubKey,const struct HksBlob * keyMaterial,struct HksBlob * key)632 int32_t HksGetKeyFromMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *keyMaterial, struct HksBlob *key)
633 {
634 switch (alg) {
635 case HKS_ALG_X25519:
636 case HKS_ALG_ED25519:
637 return GetCurve25519FromKeyMaterial(isPubKey, keyMaterial, key);
638 default:
639 HKS_LOG_E("alg not support");
640 return HKS_ERROR_INVALID_ALGORITHM;
641 }
642 }
643
HksFormatKeyFromMaterial(uint32_t alg,const struct HksBlob * keyMaterial,struct HksParamSet * paramSetOut)644 int32_t HksFormatKeyFromMaterial(uint32_t alg, const struct HksBlob *keyMaterial,
645 struct HksParamSet *paramSetOut)
646 {
647 switch (alg) {
648 case HKS_ALG_X25519:
649 case HKS_ALG_ED25519:
650 return FormatCurve25519Key(keyMaterial, paramSetOut);
651 #if defined(HKS_SUPPORT_AES_C) && defined(HKS_SUPPORT_AES_GENERATE_KEY)
652 case HKS_ALG_AES:
653 return FormatAesOrHmacKey(keyMaterial, paramSetOut);
654 #endif
655 #if defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY)
656 case HKS_ALG_RSA:
657 return FormatRsaKey(keyMaterial, paramSetOut);
658 #endif
659 #if defined(HKS_SUPPORT_HMAC_C) && defined(HKS_SUPPORT_HMAC_GENERATE_KEY)
660 case HKS_ALG_HMAC:
661 return FormatAesOrHmacKey(keyMaterial, paramSetOut);
662 #endif
663 #if defined(HKS_SUPPORT_DSA_C) && defined(HKS_SUPPORT_DSA_GENERATE_KEY)
664 case HKS_ALG_DSA:
665 return FormatDsaKey(keyMaterial, paramSetOut);
666 #endif
667 #if defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)
668 case HKS_ALG_ECC:
669 case HKS_ALG_ECDH:
670 return FormatEccKey(keyMaterial, paramSetOut);
671 #endif
672 #if defined(HKS_SUPPORT_DH_C) && defined(HKS_SUPPORT_DH_GENERATE_KEY)
673 case HKS_ALG_DH:
674 return FormatDhKey(keyMaterial, paramSetOut);
675 #endif
676 default:
677 HKS_LOG_E("alg not support");
678 return HKS_ERROR_INVALID_ALGORITHM;
679 }
680 }
681 #endif
682