1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #ifdef HKS_SUPPORT_ECC_C
23 #include "hks_openssl_ecc.h"
24
25 #include <openssl/bn.h>
26 #include <openssl/ec.h>
27 #include <openssl/evp.h>
28 #include <openssl/obj_mac.h>
29 #include <openssl/ossl_typ.h>
30 #include <stdbool.h>
31 #include <stddef.h>
32
33 #include "hks_log.h"
34 #include "hks_mem.h"
35 #include "hks_openssl_engine.h"
36 #include "hks_template.h"
37 #include "securec.h"
38
HksOpensslEccCheckKeyLen(uint32_t keyLen)39 static int32_t HksOpensslEccCheckKeyLen(uint32_t keyLen)
40 {
41 if ((keyLen != HKS_ECC_KEY_SIZE_224) && (keyLen != HKS_ECC_KEY_SIZE_256) && (keyLen != HKS_ECC_KEY_SIZE_384) &&
42 (keyLen != HKS_ECC_KEY_SIZE_521)) {
43 HKS_LOG_E("invalid param keyLen(0x%" LOG_PUBLIC "x)!", keyLen);
44 return HKS_ERROR_INVALID_ARGUMENT;
45 }
46 return HKS_SUCCESS;
47 }
48
HksOpensslGetCurveId(uint32_t keyLen,int * nid)49 static int32_t HksOpensslGetCurveId(uint32_t keyLen, int *nid)
50 {
51 switch (keyLen) {
52 case HKS_ECC_KEY_SIZE_224:
53 *nid = NID_secp224r1;
54 break;
55 case HKS_ECC_KEY_SIZE_256:
56 *nid = NID_X9_62_prime256v1;
57 break;
58 case HKS_ECC_KEY_SIZE_384:
59 *nid = NID_secp384r1;
60 break;
61 case HKS_ECC_KEY_SIZE_521:
62 *nid = NID_secp521r1;
63 break;
64 default:
65 HKS_LOG_E("invalid key size.");
66 return HKS_ERROR_INVALID_AE_TAG;
67 }
68
69 return HKS_SUCCESS;
70 }
71
72 #ifdef HKS_SUPPORT_ECC_GENERATE_KEY
TransEccKeyToKeyBlob(const EC_KEY * eccKey,const struct KeyMaterialEcc * keyMaterial,BIGNUM * pubX,BIGNUM * pubY,uint8_t * rawMaterial)73 static int32_t TransEccKeyToKeyBlob(
74 const EC_KEY *eccKey, const struct KeyMaterialEcc *keyMaterial, BIGNUM *pubX, BIGNUM *pubY, uint8_t *rawMaterial)
75 {
76 const EC_GROUP *ecGroup = EC_KEY_get0_group(eccKey);
77 int retCode = EC_POINT_get_affine_coordinates_GFp(ecGroup, EC_KEY_get0_public_key(eccKey), pubX, pubY, NULL);
78 if (retCode <= 0) {
79 HksLogOpensslError();
80 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
81 }
82
83 const BIGNUM *priv = EC_KEY_get0_private_key(eccKey);
84 uint32_t offset = sizeof(struct KeyMaterialEcc);
85
86 retCode = BN_bn2binpad(pubX, rawMaterial + offset, keyMaterial->xSize);
87 if (retCode <= 0) {
88 HksLogOpensslError();
89 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
90 }
91 offset += keyMaterial->xSize;
92
93 retCode = BN_bn2binpad(pubY, rawMaterial + offset, keyMaterial->ySize);
94 if (retCode <= 0) {
95 HksLogOpensslError();
96 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
97 }
98 offset += keyMaterial->ySize;
99
100 retCode = BN_bn2binpad(priv, rawMaterial + offset, keyMaterial->zSize);
101 if (retCode <= 0) {
102 HksLogOpensslError();
103 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
104 }
105
106 return HKS_SUCCESS;
107 }
108
EccSaveKeyMaterial(const EC_KEY * eccKey,const struct HksKeySpec * spec,uint8_t ** output,uint32_t * outputSize)109 static int32_t EccSaveKeyMaterial(const EC_KEY *eccKey, const struct HksKeySpec *spec,
110 uint8_t **output, uint32_t *outputSize)
111 {
112 uint32_t keySize = spec->keyLen;
113 /* public exponent x and y, and private exponent, so need size is: keySize / 8 * 3 */
114 uint32_t rawMaterialLen = sizeof(struct KeyMaterialEcc) + HKS_KEY_BYTES(keySize) * ECC_KEYPAIR_CNT;
115 uint8_t *rawMaterial = (uint8_t *)HksMalloc(rawMaterialLen);
116 HKS_IF_NULL_LOGE_RETURN(rawMaterial, HKS_ERROR_MALLOC_FAIL, "malloc buffer failed!")
117
118 (void)memset_s(rawMaterial, rawMaterialLen, 0, rawMaterialLen);
119
120 /*
121 * ECC key data internal struct:
122 * struct KeyMaterialEcc + pubX_data + pubY_data + pri_data
123 */
124 struct KeyMaterialEcc *keyMaterial = (struct KeyMaterialEcc *)rawMaterial;
125 keyMaterial->keyAlg = (enum HksKeyAlg)spec->algType;
126 keyMaterial->keySize = keySize;
127 keyMaterial->xSize = HKS_KEY_BYTES(keySize);
128 keyMaterial->ySize = HKS_KEY_BYTES(keySize);
129 keyMaterial->zSize = HKS_KEY_BYTES(keySize);
130
131 BIGNUM *pubX = BN_new();
132 BIGNUM *pubY = BN_new();
133
134 int32_t ret;
135 do {
136 if ((pubX == NULL) || (pubY == NULL)) {
137 HKS_LOG_E("BN_new x or y failed");
138 ret = HKS_ERROR_NULL_POINTER;
139 HKS_FREE(rawMaterial);
140 break;
141 }
142 ret = TransEccKeyToKeyBlob(eccKey, keyMaterial, pubX, pubY, rawMaterial);
143 if (ret != HKS_SUCCESS) {
144 HKS_LOG_E("transfer ecc key to key blob failed");
145 HKS_FREE(rawMaterial);
146 break;
147 }
148 *output = rawMaterial;
149 *outputSize = rawMaterialLen;
150 } while (0);
151
152 if (pubX != NULL) {
153 BN_free(pubX);
154 pubX = NULL;
155 }
156 if (pubY != NULL) {
157 BN_free(pubY);
158 pubY = NULL;
159 }
160 return ret;
161 }
162
HksOpensslEccGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)163 int32_t HksOpensslEccGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
164 {
165 if (spec->algType != HKS_ALG_ECC) {
166 HKS_LOG_E("invalid alg type %" LOG_PUBLIC "u", spec->algType);
167 return HKS_ERROR_INVALID_ARGUMENT;
168 }
169 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslEccCheckKeyLen(spec->keyLen),
170 HKS_ERROR_INVALID_ARGUMENT, "Ecc Invalid Param!")
171
172 int curveId = 0;
173 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslGetCurveId(spec->keyLen, &curveId),
174 HKS_ERROR_INVALID_ARGUMENT, "Ecc get curveId failed!")
175
176 EC_KEY *eccKey = NULL;
177 int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
178 do {
179 eccKey = EC_KEY_new_by_curve_name(curveId);
180 if (eccKey == NULL) {
181 HKS_LOG_E("new ec key failed");
182 HksLogOpensslError();
183 break;
184 }
185
186 if (EC_KEY_generate_key(eccKey) <= 0) {
187 HKS_LOG_E("generate ec key failed");
188 HksLogOpensslError();
189 break;
190 }
191
192 ret = EccSaveKeyMaterial(eccKey, spec, &key->data, &key->size);
193 HKS_IF_NOT_SUCC_LOGE(ret, "save ec key material failed! ret=0x%" LOG_PUBLIC "x", ret)
194 } while (0);
195
196 if (eccKey != NULL) {
197 EC_KEY_free(eccKey);
198 eccKey = NULL;
199 }
200
201 return ret;
202 }
203 #endif
204
205 #if defined(HKS_SUPPORT_ECC_GET_PUBLIC_KEY) || defined(HKS_SUPPORT_SM2_GET_PUBLIC_KEY)
HksOpensslGetEccPubKey(const struct HksBlob * input,struct HksBlob * output)206 int32_t HksOpensslGetEccPubKey(const struct HksBlob *input, struct HksBlob *output)
207 {
208 struct KeyMaterialEcc *keyMaterial = (struct KeyMaterialEcc *)input->data;
209
210 if ((keyMaterial->xSize == 0) || (keyMaterial->ySize == 0)) {
211 HKS_LOG_E("not support get pubkey");
212 return HKS_ERROR_NOT_SUPPORTED;
213 }
214
215 output->size = sizeof(struct KeyMaterialEcc) + keyMaterial->xSize + keyMaterial->ySize;
216
217 struct KeyMaterialEcc *publickeyMaterial = (struct KeyMaterialEcc *)output->data;
218 publickeyMaterial->keyAlg = keyMaterial->keyAlg;
219 publickeyMaterial->keySize = keyMaterial->keySize;
220 publickeyMaterial->xSize = keyMaterial->xSize;
221 publickeyMaterial->ySize = keyMaterial->ySize;
222 publickeyMaterial->zSize = 0;
223
224 if (memcpy_s(output->data + sizeof(struct KeyMaterialEcc), output->size - sizeof(struct KeyMaterialEcc),
225 input->data + sizeof(struct KeyMaterialEcc), keyMaterial->xSize + keyMaterial->ySize) != EOK) {
226 HKS_LOG_E("copy output data + sizeof(struct KeyMaterialEcc) failed!");
227 return HKS_ERROR_INSUFFICIENT_MEMORY;
228 }
229
230 return HKS_SUCCESS;
231 }
232 #endif
233
GetEccModules(const uint8_t * key,uint32_t * keySize,uint32_t * publicXSize,uint32_t * publicYSize,uint32_t * privateXSize)234 static int GetEccModules(
235 const uint8_t *key, uint32_t *keySize, uint32_t *publicXSize, uint32_t *publicYSize, uint32_t *privateXSize)
236 {
237 struct KeyMaterialEcc *keyMaterial = (struct KeyMaterialEcc *)key;
238 *keySize = keyMaterial->keySize;
239 *publicXSize = keyMaterial->xSize;
240 *publicYSize = keyMaterial->ySize;
241 *privateXSize = keyMaterial->zSize;
242
243 return 0;
244 }
245
EccInitPublicKey(EC_KEY * eccKey,const uint8_t * keyPair,uint32_t xSize,uint32_t ySize)246 static int32_t EccInitPublicKey(EC_KEY *eccKey, const uint8_t *keyPair, uint32_t xSize, uint32_t ySize)
247 {
248 const EC_GROUP *ecGroup = EC_KEY_get0_group(eccKey);
249 if (ecGroup == NULL) {
250 HksLogOpensslError();
251 return HKS_ERROR_INVALID_ARGUMENT;
252 }
253
254 int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
255 uint32_t offset = sizeof(struct KeyMaterialEcc);
256 EC_POINT *pub = EC_POINT_new(ecGroup);
257 BIGNUM *pubX = BN_bin2bn(keyPair + offset, xSize, NULL);
258 offset += xSize;
259 BIGNUM *pubY = BN_bin2bn(keyPair + offset, ySize, NULL);
260 do {
261 if ((pubX == NULL) || (pubY == NULL) || (pub == NULL)) {
262 HKS_LOG_E("new big num x or y or pub failed");
263 break;
264 }
265
266 if (EC_POINT_set_affine_coordinates_GFp(ecGroup, pub, pubX, pubY, NULL) <= 0) {
267 HksLogOpensslError();
268 break;
269 }
270
271 if (EC_KEY_set_public_key(eccKey, pub) <= 0) {
272 HksLogOpensslError();
273 break;
274 }
275 ret = HKS_SUCCESS;
276 } while (0);
277
278 if (pubX != NULL) {
279 BN_free(pubX);
280 pubX = NULL;
281 }
282
283 if (pubY != NULL) {
284 BN_free(pubY);
285 pubY = NULL;
286 }
287
288 if (pub != NULL) {
289 EC_POINT_free(pub);
290 pub = NULL;
291 }
292 return ret;
293 }
294
EccInitKey(const struct HksBlob * keyBlob,bool private)295 static EC_KEY *EccInitKey(const struct HksBlob *keyBlob, bool private)
296 {
297 /* get ecc pubX,pubY,pri */
298 uint8_t *keyPair = keyBlob->data;
299 uint32_t publicXSize;
300 uint32_t publicYSize;
301 uint32_t privateSize;
302 uint32_t keySize;
303
304 if (GetEccModules(keyPair, &keySize, &publicXSize, &publicYSize, &privateSize) != 0) {
305 HKS_LOG_E("get ecc key modules is failed");
306 return NULL;
307 }
308
309 int nid;
310 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslGetCurveId(keySize, &nid), NULL, "get curve id failed")
311
312 EC_KEY *eccKey = EC_KEY_new_by_curve_name(nid);
313 if (eccKey == NULL) {
314 HksLogOpensslError();
315 return NULL;
316 }
317
318 if (!private) {
319 if (EccInitPublicKey(eccKey, keyPair, publicXSize, publicYSize) != HKS_SUCCESS) {
320 HKS_LOG_E("initialize ecc public key failed");
321 EC_KEY_free(eccKey);
322 return NULL;
323 }
324 }
325
326 if (private) {
327 BIGNUM *pri = BN_bin2bn(keyPair + sizeof(struct KeyMaterialEcc) + publicXSize + publicYSize, privateSize, NULL);
328 if (pri == NULL || EC_KEY_set_private_key(eccKey, pri) <= 0) {
329 HKS_LOG_E("build ecc key failed");
330 BN_free(pri);
331 EC_KEY_free(eccKey);
332 return NULL;
333 }
334 BN_clear_free(pri);
335 }
336
337 return eccKey;
338 }
339
GetEvpKey(const struct HksBlob * keyBlob,EVP_PKEY * key,bool private)340 static int32_t GetEvpKey(const struct HksBlob *keyBlob, EVP_PKEY *key, bool private)
341 {
342 EC_KEY *eccKey = EccInitKey(keyBlob, private);
343 HKS_IF_NULL_LOGE_RETURN(eccKey, HKS_ERROR_CRYPTO_ENGINE_ERROR, "initialize ecc key failed\n")
344
345 if (EVP_PKEY_assign_EC_KEY(key, eccKey) <= 0) {
346 HksLogOpensslError();
347 EC_KEY_free(eccKey);
348 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
349 }
350 return HKS_SUCCESS;
351 }
352
GetNativePKey(const struct HksBlob * nativeKey,EVP_PKEY * key)353 static int32_t GetNativePKey(const struct HksBlob *nativeKey, EVP_PKEY *key)
354 {
355 int32_t ret = GetEvpKey(nativeKey, key, true);
356 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get native evp key failed")
357 return ret;
358 }
359
GetPeerKey(const struct HksBlob * pubKey,EVP_PKEY * key)360 static int32_t GetPeerKey(const struct HksBlob *pubKey, EVP_PKEY *key)
361 {
362 int32_t ret = GetEvpKey(pubKey, key, false);
363 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_CRYPTO_ENGINE_ERROR, "get peer evp key failed")
364 return ret;
365 }
366
EcdhDerive(EVP_PKEY_CTX * ctx,EVP_PKEY * peerKey,struct HksBlob * sharedKey)367 static int32_t EcdhDerive(EVP_PKEY_CTX *ctx, EVP_PKEY *peerKey, struct HksBlob *sharedKey)
368 {
369 size_t tmpSharedKeySize = (size_t)sharedKey->size;
370 if (EVP_PKEY_derive_init(ctx) != 1) {
371 HksLogOpensslError();
372 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
373 }
374 if (EVP_PKEY_derive_set_peer(ctx, peerKey) != 1) {
375 HksLogOpensslError();
376 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
377 }
378 if (EVP_PKEY_derive(ctx, NULL, &tmpSharedKeySize) != 1) {
379 HksLogOpensslError();
380 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
381 }
382
383 if (tmpSharedKeySize > sharedKey->size) {
384 return HKS_ERROR_BUFFER_TOO_SMALL;
385 }
386
387 if (EVP_PKEY_derive(ctx, sharedKey->data, &tmpSharedKeySize) != 1) {
388 HksLogOpensslError();
389 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
390 }
391 sharedKey->size = tmpSharedKeySize;
392
393 return HKS_SUCCESS;
394 }
395
AgreeKeyEcdh(const struct HksBlob * nativeKey,const struct HksBlob * pubKey,struct HksBlob * sharedKey)396 static int32_t AgreeKeyEcdh(const struct HksBlob *nativeKey, const struct HksBlob *pubKey, struct HksBlob *sharedKey)
397 {
398 int32_t res = HKS_ERROR_CRYPTO_ENGINE_ERROR;
399 EVP_PKEY *pKey = EVP_PKEY_new();
400 EVP_PKEY *peerKey = EVP_PKEY_new();
401 EVP_PKEY_CTX *ctx = NULL;
402
403 do {
404 if ((peerKey == NULL) || (pKey == NULL)) {
405 HKS_LOG_E("new pkey failed\n");
406 break;
407 }
408 int32_t ret = GetNativePKey(nativeKey, pKey);
409 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get native pkey failed\n")
410
411 ret = GetPeerKey(pubKey, peerKey);
412 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get peer pkey failed\n")
413
414 ctx = EVP_PKEY_CTX_new(pKey, NULL);
415 if (ctx == NULL) {
416 HksLogOpensslError();
417 break;
418 }
419
420 ret = EcdhDerive(ctx, peerKey, sharedKey);
421 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "derive ecdh key failed\n")
422
423 res = HKS_SUCCESS;
424 } while (0);
425
426 EVP_PKEY_CTX_free(ctx);
427 if (peerKey != NULL) {
428 EVP_PKEY_free(peerKey);
429 }
430 if (pKey != NULL) {
431 EVP_PKEY_free(pKey);
432 }
433
434 return res;
435 }
436
437 #ifdef HKS_SUPPORT_ECDH_AGREE_KEY
HksOpensslEcdhAgreeKey(const struct HksBlob * nativeKey,const struct HksBlob * pubKey,const struct HksKeySpec * spec,struct HksBlob * sharedKey)438 int32_t HksOpensslEcdhAgreeKey(const struct HksBlob *nativeKey, const struct HksBlob *pubKey,
439 const struct HksKeySpec *spec, struct HksBlob *sharedKey)
440 {
441 HKS_IF_NOT_SUCC_LOGE_RETURN(HksOpensslEccCheckKeyLen(spec->keyLen),
442 HKS_ERROR_INVALID_ARGUMENT, "invalid param!")
443 int32_t ret = AgreeKeyEcdh(nativeKey, pubKey, sharedKey);
444 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "ecdh key agreement failed!")
445
446 return ret;
447 }
448 #endif
449
450 #ifdef HKS_SUPPORT_ECDSA_SIGN_VERIFY
InitEcdsaCtx(const struct HksBlob * mainKey,uint32_t digest,bool sign,uint32_t len)451 static EVP_PKEY_CTX *InitEcdsaCtx(const struct HksBlob *mainKey, uint32_t digest, bool sign, uint32_t len)
452 {
453 const EVP_MD *opensslAlg = GetOpensslAlg(digest);
454 if (digest == HKS_DIGEST_NONE) {
455 opensslAlg = GetOpensslAlgFromLen(len);
456 }
457 if (opensslAlg == NULL) {
458 HKS_LOG_E("get openssl algorithm fail");
459 return NULL;
460 }
461
462 EC_KEY *eccKey = EccInitKey(mainKey, sign);
463 HKS_IF_NULL_LOGE_RETURN(eccKey, NULL, "initialize ecc key failed")
464
465 EVP_PKEY *key = EVP_PKEY_new();
466 if (key == NULL) {
467 HksLogOpensslError();
468 EC_KEY_free(eccKey);
469 return NULL;
470 }
471
472 if (EVP_PKEY_assign_EC_KEY(key, eccKey) <= 0) {
473 EC_KEY_free(eccKey);
474 EVP_PKEY_free(key);
475 return NULL;
476 }
477
478 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key, NULL);
479 if (ctx == NULL) {
480 HksLogOpensslError();
481 EVP_PKEY_free(key);
482 return NULL;
483 }
484 int32_t ret;
485 if (sign) {
486 ret = EVP_PKEY_sign_init(ctx);
487 } else {
488 ret = EVP_PKEY_verify_init(ctx);
489 }
490 EVP_PKEY_free(key);
491 if (ret != HKS_OPENSSL_SUCCESS) {
492 HksLogOpensslError();
493 EVP_PKEY_CTX_free(ctx);
494 return NULL;
495 }
496 if (EVP_PKEY_CTX_set_signature_md(ctx, opensslAlg) != HKS_OPENSSL_SUCCESS) {
497 HksLogOpensslError();
498 EVP_PKEY_CTX_free(ctx);
499 return NULL;
500 }
501 return ctx;
502 }
503
HksOpensslEcdsaVerify(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,const struct HksBlob * signature)504 int32_t HksOpensslEcdsaVerify(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
505 const struct HksBlob *message, const struct HksBlob *signature)
506 {
507 EVP_PKEY_CTX *ctx = InitEcdsaCtx(key, usageSpec->digest, false, message->size);
508 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_INVALID_KEY_INFO, "initialize ecc context failed")
509
510 if (EVP_PKEY_verify(ctx, signature->data, signature->size, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
511 HksLogOpensslError();
512 EVP_PKEY_CTX_free(ctx);
513 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
514 }
515
516 EVP_PKEY_CTX_free(ctx);
517 return HKS_SUCCESS;
518 }
519
HksOpensslEcdsaSign(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * signature)520 int32_t HksOpensslEcdsaSign(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
521 const struct HksBlob *message, struct HksBlob *signature)
522 {
523 EVP_PKEY_CTX *ctx = InitEcdsaCtx(key, usageSpec->digest, true, message->size);
524 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_INVALID_KEY_INFO, "initialize ecc context failed")
525
526 size_t sigSize = (size_t)signature->size;
527 if (EVP_PKEY_sign(ctx, signature->data, &sigSize, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
528 HksLogOpensslError();
529 EVP_PKEY_CTX_free(ctx);
530 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
531 }
532 signature->size = (uint32_t)sigSize;
533 EVP_PKEY_CTX_free(ctx);
534 return HKS_SUCCESS;
535 }
536 #endif
537 #endif