1 /*
2 * Copyright (c) 2020-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #ifdef _CUT_AUTHENTICATE_
23 #undef HKS_SUPPORT_RSA_C
24 #endif
25
26 #ifdef HKS_SUPPORT_RSA_C
27
28 #include "hks_mbedtls_rsa.h"
29
30 #include <mbedtls/bignum.h>
31 #include <mbedtls/ctr_drbg.h>
32 #include <mbedtls/entropy.h>
33 #include <mbedtls/rsa.h>
34 #include <securec.h>
35
36 #include "hks_log.h"
37 #include "hks_mbedtls_common.h"
38 #include "hks_common_check.h"
39 #include "hks_mem.h"
40 #include "hks_template.h"
41
42 #define HKS_RSA_PUBLIC_EXPONENT 65537
43 #define HKS_RSA_KEYPAIR_CNT 3
44 #define MBEDTLS_RSA_PUBLIC 0
45 #define MBEDTLS_RSA_PRIVATE 1
46 #define HKS_RSA_KEYSIZE_CNT 8
47 #define MBEDTLS_RSA_PSS_DIGEST_NUM 2
48
49 typedef struct HksMbedtlsSignVerifyParam {
50 uint32_t mbedtlsAlg;
51 int32_t padding;
52 uint32_t pssSaltLen;
53 } HksMbedtlsSignVerifyParam;
54
RsaCheckKeySize(const uint32_t keySize)55 static int32_t RsaCheckKeySize(const uint32_t keySize)
56 {
57 #ifdef HKS_SUPPORT_RSA_C_FLEX_KEYSIZE
58 if ((keySize >= HKS_RSA_KEY_SIZE_1024) && (keySize <= HKS_RSA_KEY_SIZE_2048)) {
59 if ((keySize % HKS_RSA_KEYSIZE_CNT) == 0) {
60 return HKS_SUCCESS;
61 }
62 }
63 #endif
64 switch (keySize) {
65 case HKS_RSA_KEY_SIZE_512:
66 case HKS_RSA_KEY_SIZE_768:
67 case HKS_RSA_KEY_SIZE_1024:
68 case HKS_RSA_KEY_SIZE_2048:
69 case HKS_RSA_KEY_SIZE_3072:
70 case HKS_RSA_KEY_SIZE_4096:
71 break;
72 default:
73 HKS_LOG_E("Invalid rsa key size! keySize = 0x%" LOG_PUBLIC "X", keySize);
74 return HKS_ERROR_INVALID_KEY_SIZE;
75 }
76
77 return HKS_SUCCESS;
78 }
79
RsaKeyMaterialNedSizeCheck(const struct KeyMaterialRsa * keyMaterial)80 int32_t RsaKeyMaterialNedSizeCheck(const struct KeyMaterialRsa *keyMaterial)
81 {
82 const uint32_t maxKeyByteLen = HKS_RSA_KEY_SIZE_4096 / HKS_BITS_PER_BYTE;
83 if ((keyMaterial->nSize > maxKeyByteLen) || (keyMaterial->eSize > maxKeyByteLen) ||
84 (keyMaterial->dSize > maxKeyByteLen)) {
85 HKS_LOG_E("Invalid rsa keyMaterial! nSize = 0x%" LOG_PUBLIC "X, eSize = 0x%" LOG_PUBLIC "X, "
86 "dSize = 0x%" LOG_PUBLIC "X",
87 keyMaterial->nSize,
88 keyMaterial->eSize,
89 keyMaterial->dSize);
90 return HKS_ERROR_INVALID_ARGUMENT;
91 }
92
93 return HKS_SUCCESS;
94 }
95
RsaKeyCheck(const struct HksBlob * key)96 int32_t RsaKeyCheck(const struct HksBlob *key)
97 {
98 const struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)(key->data);
99
100 int32_t ret = RsaCheckKeySize(keyMaterial->keySize);
101 HKS_IF_NOT_SUCC_RETURN(ret, ret)
102
103 ret = RsaKeyMaterialNedSizeCheck(keyMaterial);
104 HKS_IF_NOT_SUCC_RETURN(ret, ret)
105
106 if (key->size < (sizeof(struct KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize + keyMaterial->dSize)) {
107 HKS_LOG_E("Rsa key size too small! key size = 0x%" LOG_PUBLIC "X", key->size);
108 return HKS_ERROR_INVALID_KEY_INFO;
109 }
110
111 return HKS_SUCCESS;
112 }
113
114 #ifdef HKS_SUPPORT_RSA_GENERATE_KEY
RsaSaveKeyMaterial(const mbedtls_rsa_context * ctx,const uint32_t keySize,struct HksBlob * key)115 static int32_t RsaSaveKeyMaterial(const mbedtls_rsa_context *ctx, const uint32_t keySize, struct HksBlob *key)
116 {
117 const uint32_t keyByteLen = keySize / HKS_BITS_PER_BYTE;
118 const uint32_t rawMaterialLen = sizeof(struct KeyMaterialRsa) + keyByteLen * HKS_RSA_KEYPAIR_CNT;
119 uint8_t *rawMaterial = (uint8_t *)HksMalloc(rawMaterialLen);
120 HKS_IF_NULL_RETURN(rawMaterial, HKS_ERROR_MALLOC_FAIL)
121 (void)memset_s(rawMaterial, rawMaterialLen, 0, rawMaterialLen);
122
123 /* RSA key data internal struct: struct KeyMaterialRsa + nData + eData + dData */
124 struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)rawMaterial;
125 keyMaterial->keyAlg = HKS_ALG_RSA;
126 keyMaterial->keySize = keySize;
127 keyMaterial->nSize = keyByteLen;
128 keyMaterial->eSize = keyByteLen;
129 keyMaterial->dSize = keyByteLen;
130
131 int32_t ret;
132 do {
133 uint32_t offset = sizeof(*keyMaterial);
134 ret = mbedtls_mpi_write_binary(&(ctx->MBEDTLS_PRIVATE(N)), rawMaterial + offset, keyMaterial->nSize);
135 if (ret != HKS_MBEDTLS_SUCCESS) {
136 HKS_LOG_E("Rsa save keyMaterial mpi write N failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
137 break;
138 }
139
140 offset = offset + keyMaterial->nSize;
141 ret = mbedtls_mpi_write_binary(&(ctx->MBEDTLS_PRIVATE(E)), rawMaterial + offset, keyMaterial->eSize);
142 if (ret != HKS_MBEDTLS_SUCCESS) {
143 HKS_LOG_E("Rsa save keyMaterial mpi write E failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
144 break;
145 }
146
147 offset = offset + keyMaterial->eSize;
148 ret = mbedtls_mpi_write_binary(&(ctx->MBEDTLS_PRIVATE(D)), rawMaterial + offset, keyMaterial->dSize);
149 if (ret != HKS_MBEDTLS_SUCCESS) {
150 HKS_LOG_E("Rsa save keyMaterial mpi write D failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
151 break;
152 }
153
154 key->data = rawMaterial;
155 key->size = rawMaterialLen;
156 } while (0);
157
158 if (ret != HKS_MBEDTLS_SUCCESS) {
159 (void)memset_s(rawMaterial, rawMaterialLen, 0, rawMaterialLen);
160 HKS_FREE(rawMaterial);
161 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
162 }
163
164 return ret;
165 }
166
HksMbedtlsRsaGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)167 int32_t HksMbedtlsRsaGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
168 {
169 mbedtls_rsa_context ctx;
170 (void)memset_s(&ctx, sizeof(mbedtls_rsa_context), 0, sizeof(mbedtls_rsa_context));
171 mbedtls_rsa_init(&ctx);
172 ctx.MBEDTLS_PRIVATE(padding) = 0;
173 ctx.MBEDTLS_PRIVATE(hash_id) = 0;
174
175 mbedtls_ctr_drbg_context ctrDrbg;
176 mbedtls_entropy_context entropy;
177 (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
178 (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
179 int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
180 if (ret != HKS_SUCCESS) {
181 mbedtls_rsa_free(&ctx);
182 return ret;
183 }
184
185 do {
186 ret = mbedtls_rsa_gen_key(&ctx, mbedtls_ctr_drbg_random, &ctrDrbg, spec->keyLen, HKS_RSA_PUBLIC_EXPONENT);
187 if (ret != HKS_MBEDTLS_SUCCESS) {
188 HKS_LOG_E("Mbedtls rsa generate key failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
189 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
190 break;
191 }
192
193 ret = RsaSaveKeyMaterial(&ctx, spec->keyLen, key);
194 } while (0);
195
196 mbedtls_rsa_free(&ctx);
197 mbedtls_ctr_drbg_free(&ctrDrbg);
198 mbedtls_entropy_free(&entropy);
199 return ret;
200 }
201 #endif /* HKS_SUPPORT_RSA_GENERATE_KEY */
202
203 #if defined(HKS_SUPPORT_RSA_CRYPT) || defined(HKS_SUPPORT_RSA_SIGN_VERIFY)
RsaKeyMaterialToCtx(const struct HksBlob * key,const bool needPrivateExponent,mbedtls_rsa_context * ctx)204 int32_t RsaKeyMaterialToCtx(const struct HksBlob *key, const bool needPrivateExponent, mbedtls_rsa_context *ctx)
205 {
206 const struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)(key->data);
207
208 mbedtls_mpi n;
209 mbedtls_mpi e;
210 mbedtls_mpi d;
211
212 mbedtls_mpi_init(&n);
213 mbedtls_mpi_init(&e);
214 mbedtls_mpi_init(&d);
215
216 int32_t ret;
217 do {
218 uint32_t offset = sizeof(*keyMaterial);
219 ret = mbedtls_mpi_read_binary(&n, key->data + offset, keyMaterial->nSize);
220 if (ret != HKS_MBEDTLS_SUCCESS) {
221 HKS_LOG_E("Mbedtls rsa keyMaterial to ctx read N failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
222 break;
223 }
224
225 offset = offset + keyMaterial->nSize;
226 ret = mbedtls_mpi_read_binary(&e, key->data + offset, keyMaterial->eSize);
227 if (ret != HKS_MBEDTLS_SUCCESS) {
228 HKS_LOG_E("Mbedtls rsa keyMaterial to ctx read E failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
229 break;
230 }
231
232 if (needPrivateExponent) {
233 offset = offset + keyMaterial->eSize;
234 ret = mbedtls_mpi_read_binary(&d, key->data + offset, keyMaterial->dSize);
235 if (ret != HKS_MBEDTLS_SUCCESS) {
236 HKS_LOG_E("Mbedtls rsa keyMaterial to ctx read D failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
237 break;
238 }
239 }
240
241 ret = mbedtls_rsa_import(ctx, &n, NULL, NULL, (needPrivateExponent ? &d : NULL), &e);
242 if (ret != HKS_MBEDTLS_SUCCESS) {
243 HKS_LOG_E("Mbedtls rsa keyMaterial to ctx import failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
244 break;
245 }
246
247 ret = mbedtls_rsa_complete(ctx);
248 if (ret != HKS_MBEDTLS_SUCCESS) {
249 HKS_LOG_E("Mbedtls rsa keyMaterial to ctx complete failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
250 }
251 } while (0);
252
253 mbedtls_mpi_free(&n);
254 mbedtls_mpi_free(&e);
255 mbedtls_mpi_free(&d);
256
257 if (ret != HKS_MBEDTLS_SUCCESS) {
258 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
259 }
260 return ret;
261 }
262 #endif /* HKS_SUPPORT_RSA_CRYPT or HKS_SUPPORT_RSA_SIGN_VERIFY */
263
264 #ifdef HKS_SUPPORT_RSA_CRYPT
HksToMbedtlsPadding(uint32_t hksPadding,int32_t * padding)265 static int32_t HksToMbedtlsPadding(uint32_t hksPadding, int32_t *padding)
266 {
267 switch (hksPadding) {
268 #ifdef HKS_SUPPORT_RSA_ECB_NOPADDING
269 case HKS_PADDING_NONE:
270 return HKS_SUCCESS;
271 #endif
272 case HKS_PADDING_PKCS1_V1_5:
273 *padding = MBEDTLS_RSA_PKCS_V15;
274 break;
275 case HKS_PADDING_OAEP:
276 *padding = MBEDTLS_RSA_PKCS_V21;
277 break;
278 default:
279 return HKS_ERROR_NOT_SUPPORTED;
280 }
281 return HKS_SUCCESS;
282 }
283
HksMbedtlsRsaCryptMbedtls(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText,size_t * outlen,mbedtls_rsa_context * ctx)284 static int32_t HksMbedtlsRsaCryptMbedtls(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
285 const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText, size_t *outlen,
286 mbedtls_rsa_context *ctx)
287 {
288 mbedtls_ctr_drbg_context ctrDrbg;
289 mbedtls_entropy_context entropy;
290 (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
291 (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
292 int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
293 HKS_IF_NOT_SUCC_RETURN(ret, ret)
294
295 do {
296 ret = RsaKeyMaterialToCtx(key, !encrypt, ctx); /* encrypt don't need private exponent (d) */
297 HKS_IF_NOT_SUCC_BREAK(ret)
298 #ifdef HKS_SUPPORT_RSA_ECB_NOPADDING
299 if (usageSpec->padding == HKS_PADDING_NONE) {
300 if (ctx->private_len != message->size) {
301 HKS_LOG_E("Mbedtls rsa crypt nopadding failed! message size = 0x%" LOG_PUBLIC "X", message->size);
302 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
303 break;
304 }
305 if (encrypt) {
306 ret = mbedtls_rsa_public(ctx, message->data, cipherText->data);
307 *outlen = mbedtls_rsa_get_len(ctx);
308 } else {
309 ret = mbedtls_rsa_private(ctx, mbedtls_ctr_drbg_random, &ctrDrbg,
310 message->data, cipherText->data);
311 *outlen = mbedtls_rsa_get_len(ctx);
312 }
313 break;
314 }
315 #endif
316 if (encrypt) {
317 ret = mbedtls_rsa_pkcs1_encrypt(ctx, mbedtls_ctr_drbg_random,
318 &ctrDrbg, (size_t)message->size, message->data, cipherText->data);
319 *outlen = mbedtls_rsa_get_len(ctx);
320 } else {
321 ret = mbedtls_rsa_pkcs1_decrypt(ctx, mbedtls_ctr_drbg_random, &ctrDrbg,
322 outlen, message->data, cipherText->data, (size_t)cipherText->size);
323 }
324 } while (0);
325
326 mbedtls_rsa_free(ctx);
327 mbedtls_ctr_drbg_free(&ctrDrbg);
328 mbedtls_entropy_free(&entropy);
329
330 return ret;
331 }
332
HksMbedtlsRsaCrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText)333 static int32_t HksMbedtlsRsaCrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
334 const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
335 {
336 int32_t ret = RsaKeyCheck(key);
337 HKS_IF_NOT_SUCC_RETURN(ret, ret)
338
339 int32_t padding = MBEDTLS_RSA_PKCS_V15;
340 ret = HksToMbedtlsPadding(usageSpec->padding, &padding);
341 HKS_IF_NOT_SUCC_RETURN(ret, ret)
342
343 mbedtls_rsa_context ctx;
344 (void)memset_s(&ctx, sizeof(mbedtls_rsa_context), 0, sizeof(mbedtls_rsa_context));
345 mbedtls_rsa_init(&ctx);
346
347 if (padding == MBEDTLS_RSA_PKCS_V21) {
348 uint32_t mbedtlsAlg;
349 ret = HksToMbedtlsDigestAlg(usageSpec->digest, &mbedtlsAlg);
350 mbedtls_rsa_set_padding(&ctx, padding, (mbedtls_md_type_t)mbedtlsAlg);
351 HKS_IF_NOT_SUCC_RETURN(ret, ret)
352 }
353
354 size_t outlen;
355 ret = HksMbedtlsRsaCryptMbedtls(key, usageSpec, message, encrypt, cipherText, &outlen, &ctx);
356 if (ret != HKS_SUCCESS) {
357 HKS_LOG_E("Mbedtls rsa crypt failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
358 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
359 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
360 }
361 cipherText->size = (uint32_t)outlen;
362
363 return ret;
364 }
365
HksMbedtlsRsaEncrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)366 int32_t HksMbedtlsRsaEncrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
367 const struct HksBlob *message, struct HksBlob *cipherText, struct HksBlob *tagAead)
368 {
369 (void)tagAead;
370 return HksMbedtlsRsaCrypt(key, usageSpec, message, true, cipherText);
371 }
372
HksMbedtlsRsaDecrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText)373 int32_t HksMbedtlsRsaDecrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
374 const struct HksBlob *message, struct HksBlob *cipherText)
375 {
376 return HksMbedtlsRsaCrypt(key, usageSpec, message, false, cipherText);
377 }
378 #endif /* HKS_SUPPORT_RSA_CRYPT */
379
380 #ifdef HKS_SUPPORT_RSA_SIGN_VERIFY
HksToMbedtlsSignPadding(uint32_t hksPadding,int32_t * padding)381 static int32_t HksToMbedtlsSignPadding(uint32_t hksPadding, int32_t *padding)
382 {
383 switch (hksPadding) {
384 case HKS_PADDING_PKCS1_V1_5:
385 *padding = MBEDTLS_RSA_PKCS_V15;
386 break;
387 case HKS_PADDING_PSS:
388 *padding = MBEDTLS_RSA_PKCS_V21;
389 break;
390 default:
391 return HKS_ERROR_NOT_SUPPORTED;
392 }
393 return HKS_SUCCESS;
394 }
395
HksToMbedtlsRsaSetPssSaltLen(const struct HksBlob * key,const uint32_t digest,const uint32_t hksPssSaltLen,HksMbedtlsSignVerifyParam * param)396 static int32_t HksToMbedtlsRsaSetPssSaltLen(const struct HksBlob *key, const uint32_t digest,
397 const uint32_t hksPssSaltLen, HksMbedtlsSignVerifyParam *param)
398 {
399 const struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)(key->data);
400 uint32_t digestLen = 0;
401 int32_t ret = HksGetDigestLen(digest, &digestLen);
402 HKS_IF_NOT_SUCC_RETURN(ret, ret);
403 int32_t saltLen = 0;
404
405 switch (hksPssSaltLen) {
406 case HKS_RSA_PSS_SALTLEN_DIGEST:
407 saltLen = digestLen;
408 break;
409 case HKS_RSA_PSS_SALTLEN_MAX:
410 saltLen = (keyMaterial->keySize / HKS_BITS_PER_BYTE) - digestLen - MBEDTLS_RSA_PSS_DIGEST_NUM;
411 if (saltLen < 0) {
412 return HKS_ERROR_INVALID_KEY_SIZE;
413 }
414 break;
415 default:
416 return HKS_ERROR_NOT_SUPPORTED;
417 }
418 param->pssSaltLen = saltLen;
419
420 return HKS_SUCCESS;
421 }
422
HksMbedtlsRsaSignHandle(mbedtls_rsa_context * ctx,mbedtls_ctr_drbg_context * ctrDrbg,HksMbedtlsSignVerifyParam * signParam,const struct HksBlob * message,struct HksBlob * signature)423 static int32_t HksMbedtlsRsaSignHandle(mbedtls_rsa_context *ctx, mbedtls_ctr_drbg_context *ctrDrbg,
424 HksMbedtlsSignVerifyParam *signParam, const struct HksBlob *message, struct HksBlob *signature)
425 {
426 int32_t ret = HKS_SUCCESS;
427 if (signParam->padding == MBEDTLS_RSA_PKCS_V21) {
428 // 支持传入saltlen
429 ret = mbedtls_rsa_rsassa_pss_sign_ext(ctx, mbedtls_ctr_drbg_random, ctrDrbg,
430 (mbedtls_md_type_t)signParam->mbedtlsAlg, message->size, message->data, signParam->pssSaltLen,
431 signature->data);
432 } else {
433 ret = mbedtls_rsa_pkcs1_sign(ctx, mbedtls_ctr_drbg_random, ctrDrbg,
434 (mbedtls_md_type_t)signParam->mbedtlsAlg, message->size, message->data, signature->data);
435 }
436
437 return ret;
438 }
439
HksMbedtlsRsaVerifyHandle(mbedtls_rsa_context * ctx,mbedtls_ctr_drbg_context * ctrDrbg,HksMbedtlsSignVerifyParam * verifyParam,const struct HksBlob * message,struct HksBlob * signature)440 static int32_t HksMbedtlsRsaVerifyHandle(mbedtls_rsa_context *ctx, mbedtls_ctr_drbg_context *ctrDrbg,
441 HksMbedtlsSignVerifyParam *verifyParam, const struct HksBlob *message, struct HksBlob *signature)
442 {
443 int32_t ret = HKS_SUCCESS;
444 if (verifyParam->padding == MBEDTLS_RSA_PKCS_V21) {
445 // 支持传入saltlen
446 ret = mbedtls_rsa_rsassa_pss_verify_ext(ctx, (mbedtls_md_type_t)verifyParam->mbedtlsAlg,
447 message->size, message->data, (mbedtls_md_type_t)verifyParam->mbedtlsAlg, verifyParam->pssSaltLen,
448 signature->data);
449 } else {
450 ret = mbedtls_rsa_pkcs1_verify(ctx,
451 (mbedtls_md_type_t)verifyParam->mbedtlsAlg, message->size, message->data, signature->data);
452 }
453
454 return ret;
455 }
456
HksMbedtlsRsaSignVerify(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const bool sign,struct HksBlob * signature)457 static int32_t HksMbedtlsRsaSignVerify(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
458 const struct HksBlob *message, const bool sign, struct HksBlob *signature)
459 {
460 uint32_t mbedtlsAlg;
461 int32_t ret = HksToMbedtlsDigestAlg(usageSpec->digest, &mbedtlsAlg);
462 HKS_IF_NOT_SUCC_RETURN(ret, ret)
463 int32_t padding;
464 ret = HksToMbedtlsSignPadding(usageSpec->padding, &padding);
465 HKS_IF_NOT_SUCC_RETURN(ret, ret)
466
467 mbedtls_ctr_drbg_context ctrDrbg;
468 mbedtls_entropy_context entropy;
469 (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
470 (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
471 ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
472 HKS_IF_NOT_SUCC_RETURN(ret, ret)
473
474 mbedtls_rsa_context ctx;
475 (void)memset_s(&ctx, sizeof(mbedtls_rsa_context), 0, sizeof(mbedtls_rsa_context));
476 mbedtls_rsa_init(&ctx);
477 mbedtls_rsa_set_padding(&ctx, padding, (mbedtls_md_type_t)mbedtlsAlg);
478 HksMbedtlsSignVerifyParam mbedtlsSignVerifyParam = { 0 };
479 if (padding == MBEDTLS_RSA_PKCS_V21) {
480 ret = HksToMbedtlsRsaSetPssSaltLen(key, usageSpec->digest, usageSpec->pssSaltLenType, &mbedtlsSignVerifyParam);
481 HKS_IF_NOT_SUCC_RETURN(ret, ret)
482 }
483 mbedtlsSignVerifyParam.mbedtlsAlg = mbedtlsAlg;
484 mbedtlsSignVerifyParam.padding = padding;
485
486 do {
487 ret = RsaKeyMaterialToCtx(key, sign, &ctx); /* sign need private exponent (d) */
488 HKS_IF_NOT_SUCC_BREAK(ret)
489 if (sign) {
490 ret = HksMbedtlsRsaSignHandle(&ctx, &ctrDrbg, &mbedtlsSignVerifyParam, message, signature);
491 } else {
492 ret = HksMbedtlsRsaVerifyHandle(&ctx, &ctrDrbg, &mbedtlsSignVerifyParam, message, signature);
493 }
494 if (ret != HKS_MBEDTLS_SUCCESS) {
495 HKS_LOG_E("Mbedtls rsa sign/verify failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
496 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
497 (void)memset_s(signature->data, signature->size, 0, signature->size);
498 }
499 } while (0);
500
501 if (sign) {
502 signature->size = mbedtls_rsa_get_len(&ctx);
503 }
504
505 mbedtls_rsa_free(&ctx);
506 mbedtls_ctr_drbg_free(&ctrDrbg);
507 mbedtls_entropy_free(&entropy);
508 return ret;
509 }
510
HksMbedtlsRsaSign(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * signature)511 int32_t HksMbedtlsRsaSign(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
512 const struct HksBlob *message, struct HksBlob *signature)
513 {
514 int32_t ret = RsaKeyCheck(key);
515 HKS_IF_NOT_SUCC_RETURN(ret, ret)
516
517 return HksMbedtlsRsaSignVerify(key, usageSpec, message, true, signature); /* true: is sign */
518 }
519
HksMbedtlsRsaVerify(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const struct HksBlob * signature)520 int32_t HksMbedtlsRsaVerify(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
521 const struct HksBlob *message, const struct HksBlob *signature)
522 {
523 int32_t ret = RsaKeyCheck(key);
524 HKS_IF_NOT_SUCC_RETURN(ret, ret)
525
526 return HksMbedtlsRsaSignVerify(key, usageSpec, message, false, (struct HksBlob *)signature); /* false: is verify */
527 }
528 #endif /* HKS_SUPPORT_RSA_SIGN_VERIFY */
529
530 #ifdef HKS_SUPPORT_RSA_GET_PUBLIC_KEY
GetRsaPubKeyCheckParams(const struct HksBlob * keyIn,const struct HksBlob * keyOut)531 static int32_t GetRsaPubKeyCheckParams(const struct HksBlob *keyIn, const struct HksBlob *keyOut)
532 {
533 int32_t ret = RsaKeyCheck(keyIn);
534 HKS_IF_NOT_SUCC_RETURN(ret, ret)
535
536 /* check keyOut size */
537 const struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)(keyIn->data);
538 if (keyOut->size < (sizeof(struct HksPubKeyInfo) + keyMaterial->nSize + keyMaterial->eSize)) {
539 HKS_LOG_E("Rsa public keyOut size too small! keyOut size = 0x%" LOG_PUBLIC "X", keyOut->size);
540 return HKS_ERROR_BUFFER_TOO_SMALL;
541 }
542
543 return HKS_SUCCESS;
544 }
545
HksMbedtlsGetRsaPubKey(const struct HksBlob * keyIn,struct HksBlob * keyOut)546 int32_t HksMbedtlsGetRsaPubKey(const struct HksBlob *keyIn, struct HksBlob *keyOut)
547 {
548 int32_t ret = GetRsaPubKeyCheckParams(keyIn, keyOut);
549 HKS_IF_NOT_SUCC_RETURN(ret, ret)
550
551 /* n + e, so need size is: sizeof(struct HksPubKeyInfo) + nSize + eSize */
552 const struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)(keyIn->data);
553 const uint32_t outLen = sizeof(struct HksPubKeyInfo) + keyMaterial->nSize + keyMaterial->eSize;
554 if (memcpy_s(keyOut->data, keyOut->size, (void *)keyMaterial, outLen) != EOK) {
555 HKS_LOG_E("Memcpy rsa pub key failed!");
556 (void)memset_s(keyOut->data, keyOut->size, 0, keyOut->size);
557 return HKS_ERROR_INSUFFICIENT_MEMORY;
558 }
559 ((struct KeyMaterialRsa *)(keyOut->data))->dSize = 0;
560 keyOut->size = outLen;
561
562 return HKS_SUCCESS;
563 }
564 #endif /* HKS_SUPPORT_RSA_GET_PUBLIC_KEY */
565 #endif /* HKS_SUPPORT_RSA_C */
566