1 /*
2 * Copyright (C) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "signature_rsa_openssl.h"
17
18 #include <string.h>
19
20 #include <openssl/evp.h>
21
22 #include "securec.h"
23
24 #include "algorithm_parameter.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "openssl_adapter.h"
28 #include "openssl_class.h"
29 #include "openssl_common.h"
30 #include "rsa_openssl_common.h"
31 #include "utils.h"
32
33 #define PSS_TRAILER_FIELD_SUPPORTED_INT 1
34 #define PSS_SALTLEN_INVALID_INIT (-9)
35
36 typedef struct {
37 HcfSignSpi base;
38
39 EVP_MD_CTX *mdctx;
40
41 EVP_PKEY_CTX *ctx;
42
43 int32_t padding;
44
45 int32_t md;
46
47 int32_t mgf1md;
48
49 CryptoStatus initFlag;
50
51 int32_t saltLen;
52
53 int32_t operation;
54 } HcfSignSpiRsaOpensslImpl;
55
56 #define RSA_DIGEST_VERIFY 0
57 #define RSA_VERIFY_RECOVER 1
58 typedef struct {
59 HcfVerifySpi base;
60
61 EVP_MD_CTX *mdctx;
62
63 EVP_PKEY_CTX *ctx;
64
65 int32_t padding;
66
67 int32_t md;
68
69 int32_t mgf1md;
70
71 CryptoStatus initFlag;
72
73 int32_t saltLen;
74
75 int32_t operation;
76 } HcfVerifySpiRsaOpensslImpl;
77
GetRsaSignClass(void)78 static const char *GetRsaSignClass(void)
79 {
80 return OPENSSL_RSA_SIGN_CLASS;
81 }
82
GetRsaVerifyClass(void)83 static const char *GetRsaVerifyClass(void)
84 {
85 return OPENSSL_RSA_VERIFY_CLASS;
86 }
87
DestroyRsaSign(HcfObjectBase * self)88 static void DestroyRsaSign(HcfObjectBase *self)
89 {
90 if (self == NULL) {
91 LOGE("Class is null");
92 return;
93 }
94 if (!HcfIsClassMatch(self, OPENSSL_RSA_SIGN_CLASS)) {
95 LOGE("Class not match.");
96 return;
97 }
98 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
99 OpensslEvpMdCtxFree(impl->mdctx);
100 impl->mdctx = NULL;
101 // ctx will be freed with mdctx unless only sign
102 if (impl->operation == HCF_OPERATIOPN_ONLY_SIGN) {
103 OpensslEvpPkeyCtxFree(impl->ctx);
104 impl->ctx = NULL;
105 }
106 HcfFree(impl);
107 }
108
DestroyRsaVerify(HcfObjectBase * self)109 static void DestroyRsaVerify(HcfObjectBase *self)
110 {
111 if (self == NULL) {
112 LOGE("Class is null");
113 return;
114 }
115 if (!HcfIsClassMatch(self, OPENSSL_RSA_VERIFY_CLASS)) {
116 LOGE("Class not match.");
117 return;
118 }
119 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
120 OpensslEvpMdCtxFree(impl->mdctx);
121 impl->mdctx = NULL;
122 if (impl->operation == RSA_VERIFY_RECOVER) {
123 OpensslEvpPkeyCtxFree(impl->ctx);
124 impl->ctx = NULL;
125 }
126 HcfFree(impl);
127 }
128
CheckInitKeyType(HcfKey * key,bool signing)129 static HcfResult CheckInitKeyType(HcfKey *key, bool signing)
130 {
131 if (signing) {
132 if (!HcfIsClassMatch((HcfObjectBase *)key, OPENSSL_RSA_PRIKEY_CLASS)) {
133 LOGE("Input keyType dismatch with sign option, please use priKey.");
134 return HCF_INVALID_PARAMS;
135 }
136 } else {
137 if (!HcfIsClassMatch((HcfObjectBase *)key, OPENSSL_RSA_PUBKEY_CLASS)) {
138 LOGE("Input keyType dismatch with sign option, please use pubKey.");
139 return HCF_INVALID_PARAMS;
140 }
141 }
142 return HCF_SUCCESS;
143 }
144
InitRsaEvpKey(const HcfKey * key,bool signing)145 static EVP_PKEY *InitRsaEvpKey(const HcfKey *key, bool signing)
146 {
147 RSA *rsa = NULL;
148 if (signing == true) {
149 // dup will check if rsa is NULL
150 if (DuplicateRsa(((HcfOpensslRsaPriKey *)key)->sk, signing, &rsa) != HCF_SUCCESS) {
151 LOGE("dup pri RSA fail");
152 return NULL;
153 }
154 } else if (signing == false) {
155 if (DuplicateRsa(((HcfOpensslRsaPubKey *)key)->pk, signing, &rsa) != HCF_SUCCESS) {
156 LOGE("dup pub RSA fail");
157 return NULL;
158 }
159 }
160 if (rsa == NULL) {
161 LOGE("The Key has lost.");
162 return NULL;
163 }
164 EVP_PKEY *pkey = NewEvpPkeyByRsa(rsa, false);
165 if (pkey == NULL) {
166 LOGD("[error] New evp pkey failed");
167 HcfPrintOpensslError();
168 OpensslRsaFree(rsa);
169 return NULL;
170 }
171 return pkey;
172 }
173
174 // the params has been checked in the CheckSignatureParams
SetPaddingAndDigest(EVP_PKEY_CTX * ctx,int32_t hcfPadding,int32_t md,int32_t mgf1md)175 static HcfResult SetPaddingAndDigest(EVP_PKEY_CTX *ctx, int32_t hcfPadding, int32_t md, int32_t mgf1md)
176 {
177 int32_t opensslPadding = 0;
178 (void)GetOpensslPadding(hcfPadding, &opensslPadding);
179 if (OpensslEvpPkeyCtxSetRsaPadding(ctx, opensslPadding) != HCF_OPENSSL_SUCCESS) {
180 LOGD("[error] OpensslEvpPkeyCtxSetRsaPadding fail");
181 HcfPrintOpensslError();
182 return HCF_ERR_CRYPTO_OPERATION;
183 }
184 if (hcfPadding == HCF_OPENSSL_RSA_PSS_PADDING) {
185 LOGD("padding is pss, set mgf1 md");
186 EVP_MD *opensslAlg = NULL;
187 (void)GetOpensslDigestAlg(mgf1md, &opensslAlg);
188 if (OpensslEvpPkeyCtxSetRsaMgf1Md(ctx, opensslAlg) != HCF_OPENSSL_SUCCESS) {
189 LOGD("[error] EVP_PKEY_CTX_set_rsa_mgf1_md fail");
190 HcfPrintOpensslError();
191 return HCF_ERR_CRYPTO_OPERATION;
192 }
193 }
194 return HCF_SUCCESS;
195 }
196
SetOnlySignParams(HcfSignSpiRsaOpensslImpl * impl,HcfPriKey * privateKey)197 static HcfResult SetOnlySignParams(HcfSignSpiRsaOpensslImpl *impl, HcfPriKey *privateKey)
198 {
199 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)privateKey, true);
200 if (dupKey == NULL) {
201 LOGD("InitRsaEvpKey fail.");
202 return HCF_ERR_CRYPTO_OPERATION;
203 }
204 EVP_PKEY_CTX *ctx = NULL;
205 EVP_MD *opensslAlg = NULL;
206 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
207 ctx = OpensslEvpPkeyCtxNewFromPkey(NULL, dupKey, NULL);
208 OpensslEvpPkeyFree(dupKey);
209 if (ctx == NULL) {
210 LOGD("OpensslEvpPkeyCtxNew fail.");
211 return HCF_ERR_CRYPTO_OPERATION;
212 }
213 if (OpensslEvpPkeySignInit(ctx) != HCF_OPENSSL_SUCCESS) {
214 LOGD("OpensslEvpPkeySignInit fail.");
215 OpensslEvpPkeyCtxFree(ctx);
216 return HCF_ERR_CRYPTO_OPERATION;
217 }
218 if (opensslAlg != NULL) {
219 if (OpensslEvpPkeyCtxSetSignatureMd(ctx, opensslAlg) != HCF_OPENSSL_SUCCESS) {
220 LOGD("OpensslEvpPkeyCtxSetSignatureMd fail.");
221 OpensslEvpPkeyCtxFree(ctx);
222 return HCF_ERR_CRYPTO_OPERATION;
223 }
224 }
225 int32_t opensslPadding = 0;
226 (void)GetOpensslPadding(impl->padding, &opensslPadding);
227 if (OpensslEvpPkeyCtxSetRsaPadding(ctx, opensslPadding) != HCF_OPENSSL_SUCCESS) {
228 LOGD("OpensslEvpPkeyCtxSetRsaPadding fail");
229 OpensslEvpPkeyCtxFree(ctx);
230 return HCF_ERR_CRYPTO_OPERATION;
231 }
232 impl->ctx = ctx;
233 return HCF_SUCCESS;
234 }
235
SetSignParams(HcfSignSpiRsaOpensslImpl * impl,HcfPriKey * privateKey)236 static HcfResult SetSignParams(HcfSignSpiRsaOpensslImpl *impl, HcfPriKey *privateKey)
237 {
238 if (impl->operation == HCF_OPERATIOPN_ONLY_SIGN) {
239 return SetOnlySignParams(impl, privateKey);
240 }
241 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)privateKey, true);
242 if (dupKey == NULL) {
243 LOGD("[error] InitRsaEvpKey fail.");
244 return HCF_ERR_CRYPTO_OPERATION;
245 }
246 EVP_PKEY_CTX *ctx = NULL;
247 EVP_MD *opensslAlg = NULL;
248 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
249 if (opensslAlg == NULL) {
250 OpensslEvpPkeyFree(dupKey);
251 LOGE("Get openssl digest alg fail");
252 return HCF_INVALID_PARAMS;
253 }
254 int ret = OpensslEvpDigestSignInit(impl->mdctx, &ctx, opensslAlg, NULL, dupKey);
255 OpensslEvpPkeyFree(dupKey);
256 if (ret != HCF_OPENSSL_SUCCESS) {
257 LOGD("[error] OpensslEvpDigestSignInit fail.");
258 return HCF_ERR_CRYPTO_OPERATION;
259 }
260 if (SetPaddingAndDigest(ctx, impl->padding, impl->md, impl->mgf1md) != HCF_SUCCESS) {
261 LOGD("[error] set padding and digest fail");
262 return HCF_ERR_CRYPTO_OPERATION;
263 }
264 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
265 if (OpensslEvpPkeyCtxSetRsaPssSaltLen(ctx, impl->saltLen) != HCF_OPENSSL_SUCCESS) {
266 LOGD("[error] get saltLen fail");
267 return HCF_ERR_CRYPTO_OPERATION;
268 }
269 }
270 impl->ctx = ctx;
271 return HCF_SUCCESS;
272 }
273
EngineSignInit(HcfSignSpi * self,HcfParamsSpec * params,HcfPriKey * privateKey)274 static HcfResult EngineSignInit(HcfSignSpi *self, HcfParamsSpec *params, HcfPriKey *privateKey)
275 {
276 (void)params;
277 if (self == NULL || privateKey == NULL) {
278 LOGE("Invalid input params");
279 return HCF_INVALID_PARAMS;
280 }
281 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
282 LOGE("Class not match.");
283 return HCF_INVALID_PARAMS;
284 }
285 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
286 if (impl->initFlag != UNINITIALIZED) {
287 LOGE("Sign has been init");
288 return HCF_INVALID_PARAMS;
289 }
290 if (CheckInitKeyType((HcfKey *)privateKey, true) != HCF_SUCCESS) {
291 LOGE("KeyType dismatch.");
292 return HCF_INVALID_PARAMS;
293 }
294
295 HcfResult ret = SetSignParams(impl, privateKey);
296 if (ret == HCF_ERR_CRYPTO_OPERATION) {
297 HcfPrintOpensslError();
298 }
299 if (ret != HCF_SUCCESS) {
300 LOGD("[error] Sign set padding or md fail");
301 return ret;
302 }
303 impl->initFlag = INITIALIZED;
304 return HCF_SUCCESS;
305 }
306
SetVerifyParams(HcfVerifySpiRsaOpensslImpl * impl,HcfPubKey * publicKey)307 static HcfResult SetVerifyParams(HcfVerifySpiRsaOpensslImpl *impl, HcfPubKey *publicKey)
308 {
309 EVP_PKEY_CTX *ctx = NULL;
310 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)publicKey, false);
311 if (dupKey == NULL) {
312 LOGD("[error] InitRsaEvpKey fail.");
313 return HCF_ERR_CRYPTO_OPERATION;
314 }
315 EVP_MD *opensslAlg = NULL;
316 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
317 if (opensslAlg == NULL) {
318 OpensslEvpPkeyFree(dupKey);
319 LOGE("Get openssl digest alg fail");
320 return HCF_INVALID_PARAMS;
321 }
322 int ret = OpensslEvpDigestVerifyInit(impl->mdctx, &ctx, opensslAlg, NULL, dupKey);
323 OpensslEvpPkeyFree(dupKey);
324 if (ret != HCF_OPENSSL_SUCCESS) {
325 LOGD("[error] OpensslEvpDigestVerifyInit fail.");
326 HcfPrintOpensslError();
327 return HCF_ERR_CRYPTO_OPERATION;
328 }
329 if (SetPaddingAndDigest(ctx, impl->padding, impl->md, impl->mgf1md) != HCF_SUCCESS) {
330 LOGD("[error] set padding and digest fail");
331 return HCF_ERR_CRYPTO_OPERATION;
332 }
333 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
334 if (OpensslEvpPkeyCtxSetRsaPssSaltLen(ctx, impl->saltLen) != HCF_OPENSSL_SUCCESS) {
335 LOGD("[error] get saltLen fail");
336 return HCF_ERR_CRYPTO_OPERATION;
337 }
338 }
339 impl->ctx = ctx;
340 return HCF_SUCCESS;
341 }
342
SetVerifyRecoverParams(HcfVerifySpiRsaOpensslImpl * impl,HcfPubKey * publicKey)343 static HcfResult SetVerifyRecoverParams(HcfVerifySpiRsaOpensslImpl *impl, HcfPubKey *publicKey)
344 {
345 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)publicKey, false);
346 if (dupKey == NULL) {
347 LOGD("[error] InitRsaEvpKey fail.");
348 return HCF_ERR_CRYPTO_OPERATION;
349 }
350
351 EVP_PKEY_CTX *ctx = NULL;
352 ctx = OpensslEvpPkeyCtxNewFromPkey(NULL, dupKey, NULL);
353 OpensslEvpPkeyFree(dupKey);
354 if (ctx == NULL) {
355 LOGD("[error] OpensslEvpPkeyCtxNewFromPkey fail.");
356 HcfPrintOpensslError();
357 return HCF_ERR_CRYPTO_OPERATION;
358 }
359
360 if (OpensslEvpPkeyVerifyRecoverInit(ctx) != HCF_OPENSSL_SUCCESS) {
361 LOGD("[error] OpensslEvpPkeyVerifyRecoverInit fail");
362 HcfPrintOpensslError();
363 OpensslEvpPkeyCtxFree(ctx);
364 return HCF_ERR_CRYPTO_OPERATION;
365 }
366
367 int32_t opensslPadding = 0;
368 (void)GetOpensslPadding(impl->padding, &opensslPadding);
369 if (OpensslEvpPkeyCtxSetRsaPadding(ctx, opensslPadding) != HCF_OPENSSL_SUCCESS) {
370 LOGD("[error] OpensslEvpPkeyCtxSetRsaPadding fail");
371 HcfPrintOpensslError();
372 OpensslEvpPkeyCtxFree(ctx);
373 return HCF_ERR_CRYPTO_OPERATION;
374 }
375
376 EVP_MD *opensslAlg = NULL;
377 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
378 if (opensslAlg != NULL) {
379 if (OpensslEvpPkeyCtxSetSignatureMd(ctx, opensslAlg) != HCF_OPENSSL_SUCCESS) {
380 LOGD("[error] EVP_PKEY_CTX_set_rsa_mgf1_md fail");
381 HcfPrintOpensslError();
382 OpensslEvpPkeyCtxFree(ctx);
383 return HCF_ERR_CRYPTO_OPERATION;
384 }
385 }
386
387 impl->ctx = ctx;
388 return HCF_SUCCESS;
389 }
390
EngineVerifyInit(HcfVerifySpi * self,HcfParamsSpec * params,HcfPubKey * publicKey)391 static HcfResult EngineVerifyInit(HcfVerifySpi *self, HcfParamsSpec *params, HcfPubKey *publicKey)
392 {
393 (void)params;
394 if (self == NULL || publicKey == NULL) {
395 LOGE("Invalid input params.");
396 return HCF_INVALID_PARAMS;
397 }
398 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
399 LOGE("Class not match.");
400 return HCF_INVALID_PARAMS;
401 }
402 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
403 if (impl->initFlag != UNINITIALIZED) {
404 LOGE("Verigy has been init.");
405 return HCF_INVALID_PARAMS;
406 }
407 if (CheckInitKeyType((HcfKey *)publicKey, false) != HCF_SUCCESS) {
408 LOGE("KeyType dismatch.");
409 return HCF_INVALID_PARAMS;
410 }
411
412 if (impl->operation == RSA_DIGEST_VERIFY) {
413 if (SetVerifyParams(impl, publicKey) != HCF_SUCCESS) {
414 LOGD("[error] Verify set padding or md fail");
415 return HCF_ERR_CRYPTO_OPERATION;
416 }
417 } else {
418 if (SetVerifyRecoverParams(impl, publicKey) != HCF_SUCCESS) {
419 LOGD("[error] VerifyRecover set padding or md fail");
420 return HCF_ERR_CRYPTO_OPERATION;
421 }
422 }
423
424 impl->initFlag = INITIALIZED;
425 return HCF_SUCCESS;
426 }
427
EngineSignUpdate(HcfSignSpi * self,HcfBlob * data)428 static HcfResult EngineSignUpdate(HcfSignSpi *self, HcfBlob *data)
429 {
430 if ((self == NULL) || (data == NULL) || (data->data == NULL)) {
431 LOGE("Invalid input parameter.");
432 return HCF_INVALID_PARAMS;
433 }
434 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
435 LOGE("Class not match.");
436 return HCF_INVALID_PARAMS;
437 }
438 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
439 if (impl->initFlag != INITIALIZED) {
440 LOGE("The Sign has not been init");
441 return HCF_INVALID_PARAMS;
442 }
443 if (impl->operation == HCF_OPERATIOPN_ONLY_SIGN) {
444 LOGE("Update cannot support in OnlySign");
445 return HCF_ERR_CRYPTO_OPERATION;
446 }
447 if (OpensslEvpDigestSignUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
448 LOGD("[error] OpensslEvpDigestSignUpdate fail");
449 return HCF_ERR_CRYPTO_OPERATION;
450 }
451 return HCF_SUCCESS;
452 }
453
EngineVerifyUpdate(HcfVerifySpi * self,HcfBlob * data)454 static HcfResult EngineVerifyUpdate(HcfVerifySpi *self, HcfBlob *data)
455 {
456 if ((self == NULL) || (data == NULL) || (data->data == NULL)) {
457 LOGE("Invalid input parameter.");
458 return HCF_INVALID_PARAMS;
459 }
460 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
461 LOGE("Class not match.");
462 return HCF_INVALID_PARAMS;
463 }
464 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
465 if (impl->initFlag != INITIALIZED) {
466 LOGE("The Sign has not been init");
467 return HCF_INVALID_PARAMS;
468 }
469
470 if (impl->operation != RSA_DIGEST_VERIFY) {
471 LOGE("Invalid digest verify operation.");
472 return HCF_ERR_CRYPTO_OPERATION;
473 }
474
475 if (OpensslEvpDigestVerifyUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
476 LOGD("[error] OpensslEvpDigestSignUpdate fail");
477 return HCF_ERR_CRYPTO_OPERATION;
478 }
479 return HCF_SUCCESS;
480 }
481
EnginePkeySign(HcfSignSpiRsaOpensslImpl * impl,HcfBlob * data,HcfBlob * returnSignatureData)482 static HcfResult EnginePkeySign(HcfSignSpiRsaOpensslImpl *impl, HcfBlob *data, HcfBlob *returnSignatureData)
483 {
484 if (data == NULL || data->len == 0 || data->data == NULL) {
485 LOGE("Invalid input params.");
486 return HCF_INVALID_PARAMS;
487 }
488 size_t maxLen;
489 if (OpensslEvpPkeySign(impl->ctx, NULL, &maxLen, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
490 LOGE("OpensslEvpPkeySign get maxLen fail");
491 return HCF_ERR_CRYPTO_OPERATION;
492 }
493 LOGD("sign maxLen is %zu", maxLen);
494 uint8_t *outData = (uint8_t *)HcfMalloc(maxLen, 0);
495 if (outData == NULL) {
496 LOGE("Failed to allocate outData memory!");
497 return HCF_ERR_MALLOC;
498 }
499 size_t actualLen = maxLen;
500 if (OpensslEvpPkeySign(impl->ctx, outData, &actualLen, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
501 LOGE("OpensslEvpPkeySign fail");
502 HcfFree(outData);
503 outData = NULL;
504 return HCF_ERR_CRYPTO_OPERATION;
505 }
506 returnSignatureData->data = outData;
507 returnSignatureData->len = (uint32_t)actualLen;
508 return HCF_SUCCESS;
509 }
510
EngineDigestSign(HcfSignSpiRsaOpensslImpl * impl,HcfBlob * data,HcfBlob * returnSignatureData)511 static HcfResult EngineDigestSign(HcfSignSpiRsaOpensslImpl *impl, HcfBlob *data, HcfBlob *returnSignatureData)
512 {
513 if (data != NULL && data->data != NULL) {
514 if (OpensslEvpDigestSignUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
515 LOGD("[error] Dofinal update data fail.");
516 return HCF_ERR_CRYPTO_OPERATION;
517 }
518 }
519
520 size_t maxLen;
521 if (OpensslEvpDigestSignFinal(impl->mdctx, NULL, &maxLen) != HCF_OPENSSL_SUCCESS) {
522 LOGD("[error] OpensslEvpDigestSignFinal fail");
523 return HCF_ERR_CRYPTO_OPERATION;
524 }
525 LOGD("sign maxLen is %zu", maxLen);
526 uint8_t *outData = (uint8_t *)HcfMalloc(maxLen, 0);
527 if (outData == NULL) {
528 LOGE("Failed to allocate outData memory!");
529 return HCF_ERR_MALLOC;
530 }
531
532 if (OpensslEvpDigestSignFinal(impl->mdctx, outData, &maxLen) != HCF_OPENSSL_SUCCESS) {
533 LOGD("[error] OpensslEvpDigestSignFinal fail");
534 HcfFree(outData);
535 outData = NULL;
536 HcfPrintOpensslError();
537 return HCF_ERR_CRYPTO_OPERATION;
538 }
539 returnSignatureData->data = outData;
540 returnSignatureData->len = (uint32_t)maxLen;
541 return HCF_SUCCESS;
542 }
543
EngineSign(HcfSignSpi * self,HcfBlob * data,HcfBlob * returnSignatureData)544 static HcfResult EngineSign(HcfSignSpi *self, HcfBlob *data, HcfBlob *returnSignatureData)
545 {
546 if (self == NULL || returnSignatureData == NULL) {
547 LOGE("Invalid input params.");
548 return HCF_INVALID_PARAMS;
549 }
550 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
551 LOGE("Class not match.");
552 return HCF_INVALID_PARAMS;
553 }
554 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
555 if (impl->initFlag != INITIALIZED) {
556 LOGE("The Sign has not been init");
557 return HCF_INVALID_PARAMS;
558 }
559
560 HcfResult ret;
561 if (impl->operation == HCF_OPERATIOPN_ONLY_SIGN) {
562 ret = EnginePkeySign(impl, data, returnSignatureData);
563 } else {
564 ret = EngineDigestSign(impl, data, returnSignatureData);
565 }
566
567 return ret;
568 }
569
EngineVerify(HcfVerifySpi * self,HcfBlob * data,HcfBlob * signatureData)570 static bool EngineVerify(HcfVerifySpi *self, HcfBlob *data, HcfBlob *signatureData)
571 {
572 if (self == NULL || signatureData == NULL || signatureData->data == NULL) {
573 LOGE("Invalid input params");
574 return false;
575 }
576 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
577 LOGE("Class not match.");
578 return false;
579 }
580
581 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
582 if (impl->initFlag != INITIALIZED) {
583 LOGE("The Sign has not been init");
584 return false;
585 }
586
587 if (impl->operation != RSA_DIGEST_VERIFY) {
588 LOGE("Invalid digest verify operation.");
589 return false;
590 }
591
592 if (data != NULL && data->data != NULL) {
593 if (OpensslEvpDigestVerifyUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
594 LOGD("[error] OpensslEvpDigestVerifyUpdate fail");
595 return false;
596 }
597 }
598 if (OpensslEvpDigestVerifyFinal(impl->mdctx, signatureData->data, signatureData->len) != HCF_OPENSSL_SUCCESS) {
599 LOGD("[error] OpensslEvpDigestVerifyFinal fail");
600 return false;
601 }
602 return true;
603 }
604
EngineRecover(HcfVerifySpi * self,HcfBlob * signatureData,HcfBlob * rawSignatureData)605 static HcfResult EngineRecover(HcfVerifySpi *self, HcfBlob *signatureData, HcfBlob *rawSignatureData)
606 {
607 if (self == NULL || signatureData == NULL || signatureData->data == NULL || rawSignatureData == NULL) {
608 LOGE("Invalid input params");
609 return HCF_INVALID_PARAMS;
610 }
611 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
612 LOGE("Class not match.");
613 return HCF_INVALID_PARAMS;
614 }
615
616 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
617 if (impl->initFlag != INITIALIZED) {
618 LOGE("The Sign has not been init.");
619 return HCF_ERR_CRYPTO_OPERATION;
620 }
621
622 if (impl->operation != RSA_VERIFY_RECOVER) {
623 LOGE("Invalid verify recover operation.");
624 return HCF_ERR_CRYPTO_OPERATION;
625 }
626
627 size_t bufLen = 0;
628 if (OpensslEvpPkeyVerifyRecover(impl->ctx, NULL, &bufLen, signatureData->data, signatureData->len)
629 != HCF_OPENSSL_SUCCESS) {
630 LOGE("[error] OpensslEvpPkeyVerifyRecover get len fail.");
631 HcfPrintOpensslError();
632 return HCF_ERR_CRYPTO_OPERATION;
633 }
634
635 uint8_t *buf = (uint8_t *)HcfMalloc((uint32_t)bufLen, 0);
636 if (buf == NULL) {
637 LOGE("[error] HcfMalloc fail");
638 return HCF_ERR_MALLOC;
639 }
640
641 if (OpensslEvpPkeyVerifyRecover(impl->ctx, buf, &bufLen, signatureData->data, signatureData->len)
642 != HCF_OPENSSL_SUCCESS) {
643 LOGE("[error] OpensslEvpPkeyVerifyRecover fail.");
644 HcfPrintOpensslError();
645 HcfFree(buf);
646 buf = NULL;
647 return HCF_ERR_CRYPTO_OPERATION;
648 }
649
650 rawSignatureData->data = buf;
651 rawSignatureData->len = bufLen;
652 return HCF_SUCCESS;
653 }
654
CheckOnlySignatureParams(HcfSignatureParams * params)655 static HcfResult CheckOnlySignatureParams(HcfSignatureParams *params)
656 {
657 int32_t opensslPadding = 0;
658 if (GetOpensslPadding(params->padding, &opensslPadding) != HCF_SUCCESS) {
659 LOGE("getpadding fail.");
660 return HCF_INVALID_PARAMS;
661 }
662 if (opensslPadding != RSA_PKCS1_PADDING && opensslPadding != RSA_NO_PADDING) {
663 LOGE("only signature cannot use that padding mode.");
664 return HCF_INVALID_PARAMS;
665 }
666 EVP_MD *md = NULL;
667 HcfResult ret = GetOpensslDigestAlg(params->md, &md);
668 if (ret != HCF_SUCCESS) {
669 LOGE("Md is invalid.");
670 return HCF_INVALID_PARAMS;
671 }
672
673 return HCF_SUCCESS;
674 }
675
CheckSignatureParams(HcfSignatureParams * params)676 static HcfResult CheckSignatureParams(HcfSignatureParams *params)
677 {
678 if (params->operation == HCF_ALG_ONLY_SIGN) {
679 return CheckOnlySignatureParams(params);
680 }
681 int32_t opensslPadding = 0;
682 if (GetOpensslPadding(params->padding, &opensslPadding) != HCF_SUCCESS) {
683 LOGE("getpadding fail.");
684 return HCF_INVALID_PARAMS;
685 }
686 if (opensslPadding != RSA_PKCS1_PADDING && opensslPadding != RSA_PKCS1_PSS_PADDING) {
687 LOGE("signature cannot use that padding mode");
688 return HCF_INVALID_PARAMS;
689 }
690 EVP_MD *md = NULL;
691 (void)GetOpensslDigestAlg(params->md, &md);
692 if (md == NULL) {
693 LOGE("Md is NULL");
694 return HCF_INVALID_PARAMS;
695 }
696 if (params->padding == HCF_OPENSSL_RSA_PSS_PADDING) {
697 EVP_MD *mgf1md = NULL;
698 (void)GetOpensslDigestAlg(params->mgf1md, &mgf1md);
699 if (mgf1md == NULL) {
700 LOGE("Use pss padding, but mgf1md is NULL");
701 return HCF_INVALID_PARAMS;
702 }
703 }
704 return HCF_SUCCESS;
705 }
706
EngineSetSignSpecInt(HcfSignSpi * self,SignSpecItem item,int32_t saltLen)707 static HcfResult EngineSetSignSpecInt(HcfSignSpi *self, SignSpecItem item, int32_t saltLen)
708 {
709 if (self == NULL) {
710 LOGE("Invalid input parameter");
711 return HCF_INVALID_PARAMS;
712 }
713 if (item != PSS_SALT_LEN_INT) {
714 LOGE("Invalid sign spec item");
715 return HCF_INVALID_PARAMS;
716 }
717 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
718 LOGE("Class not match.");
719 return HCF_INVALID_PARAMS;
720 }
721 if (saltLen < 0) {
722 // RSA_PSS_SALTLEN_MAX_SIGN: max sign is old compatible max salt length for sign only
723 if (saltLen != RSA_PSS_SALTLEN_DIGEST && saltLen != RSA_PSS_SALTLEN_MAX_SIGN &&
724 saltLen != RSA_PSS_SALTLEN_MAX) {
725 LOGE("Invalid salt Len %{public}d", saltLen);
726 return HCF_INVALID_PARAMS;
727 }
728 }
729 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
730 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
731 LOGE("Only support pss parameter");
732 return HCF_INVALID_PARAMS;
733 }
734 impl->saltLen = saltLen;
735 if (impl->initFlag == INITIALIZED) {
736 if (OpensslEvpPkeyCtxSetRsaPssSaltLen(impl->ctx, saltLen) != HCF_OPENSSL_SUCCESS) {
737 LOGD("[error] set saltLen fail");
738 return HCF_ERR_CRYPTO_OPERATION;
739 }
740 }
741 LOGD("Set sign saltLen success");
742 return HCF_SUCCESS;
743 }
744
EngineGetSignSpecInt(HcfSignSpi * self,SignSpecItem item,int32_t * returnInt)745 static HcfResult EngineGetSignSpecInt(HcfSignSpi *self, SignSpecItem item, int32_t *returnInt)
746 {
747 if (self == NULL || returnInt == NULL) {
748 LOGE("Invalid input parameter");
749 return HCF_INVALID_PARAMS;
750 }
751 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
752 LOGE("Class not match.");
753 return HCF_INVALID_PARAMS;
754 }
755 if (item != PSS_TRAILER_FIELD_INT && item != PSS_SALT_LEN_INT) {
756 LOGE("Invalid input spec");
757 return HCF_INVALID_PARAMS;
758 }
759 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
760 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
761 LOGE("Only support pss parameter");
762 return HCF_INVALID_PARAMS;
763 }
764 if (item == PSS_TRAILER_FIELD_INT) {
765 *returnInt = PSS_TRAILER_FIELD_SUPPORTED_INT;
766 return HCF_SUCCESS;
767 }
768 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
769 *returnInt = impl->saltLen;
770 return HCF_SUCCESS;
771 }
772 if (impl->initFlag == INITIALIZED) {
773 if (OpensslEvpPkeyCtxGetRsaPssSaltLen(impl->ctx, returnInt) != HCF_OPENSSL_SUCCESS) {
774 LOGD("[error] get saltLen fail");
775 return HCF_ERR_CRYPTO_OPERATION;
776 }
777 return HCF_SUCCESS;
778 } else {
779 LOGE("No set saltLen and not init!");
780 return HCF_INVALID_PARAMS;
781 }
782 }
783
EngineSetSignSpecUint8Array(HcfSignSpi * self,SignSpecItem item,HcfBlob pSource)784 static HcfResult EngineSetSignSpecUint8Array(HcfSignSpi *self, SignSpecItem item, HcfBlob pSource)
785 {
786 (void)self;
787 (void)item;
788 (void)pSource;
789 return HCF_NOT_SUPPORT;
790 }
791
EngineGetSignSpecString(HcfSignSpi * self,SignSpecItem item,char ** returnString)792 static HcfResult EngineGetSignSpecString(HcfSignSpi *self, SignSpecItem item, char **returnString)
793 {
794 if (self == NULL || returnString == NULL) {
795 LOGE("Invalid input parameter");
796 return HCF_INVALID_PARAMS;
797 }
798 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
799 LOGE("Class not match.");
800 return HCF_INVALID_PARAMS;
801 }
802 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
803 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
804 LOGE("Only support pss parameter");
805 return HCF_INVALID_PARAMS;
806 }
807 HcfResult ret = HCF_INVALID_PARAMS;
808 switch (item) {
809 case PSS_MD_NAME_STR:
810 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->md), returnString);
811 break;
812 case PSS_MGF_NAME_STR:
813 // only support mgf1
814 ret = GetRsaSpecStringMGF(returnString);
815 break;
816 case PSS_MGF1_MD_STR:
817 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->mgf1md), returnString);
818 break;
819 default:
820 LOGE("Invalid input sign spec item");
821 return HCF_INVALID_PARAMS;
822 }
823 return ret;
824 }
825
EngineSetVerifySpecInt(HcfVerifySpi * self,SignSpecItem item,int32_t saltLen)826 static HcfResult EngineSetVerifySpecInt(HcfVerifySpi *self, SignSpecItem item, int32_t saltLen)
827 {
828 if (self == NULL) {
829 LOGE("Invalid input parameter");
830 return HCF_INVALID_PARAMS;
831 }
832 if (item != PSS_SALT_LEN_INT) {
833 LOGE("Invalid verify spec item");
834 return HCF_INVALID_PARAMS;
835 }
836 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
837 LOGE("Class not match.");
838 return HCF_INVALID_PARAMS;
839 }
840 if (saltLen < 0) {
841 // RSA_PSS_SALTLEN_AUTO: Verify only: auto detect salt length(only support verify)
842 if (saltLen != RSA_PSS_SALTLEN_DIGEST && saltLen != RSA_PSS_SALTLEN_AUTO &&
843 saltLen != RSA_PSS_SALTLEN_MAX) {
844 LOGE("Invalid salt Len %{public}d", saltLen);
845 return HCF_INVALID_PARAMS;
846 }
847 }
848 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
849 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
850 LOGE("Only support pss parameter");
851 return HCF_INVALID_PARAMS;
852 }
853 impl->saltLen = saltLen;
854 if (impl->initFlag == INITIALIZED) {
855 if (OpensslEvpPkeyCtxSetRsaPssSaltLen(impl->ctx, saltLen) != HCF_OPENSSL_SUCCESS) {
856 LOGD("[error] set saltLen fail");
857 return HCF_ERR_CRYPTO_OPERATION;
858 }
859 }
860 return HCF_SUCCESS;
861 }
862
EngineGetVerifySpecInt(HcfVerifySpi * self,SignSpecItem item,int32_t * returnInt)863 static HcfResult EngineGetVerifySpecInt(HcfVerifySpi *self, SignSpecItem item, int32_t *returnInt)
864 {
865 if (self == NULL || returnInt == NULL) {
866 LOGE("Invalid input parameter");
867 return HCF_INVALID_PARAMS;
868 }
869 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
870 LOGE("Class not match.");
871 return HCF_INVALID_PARAMS;
872 }
873 if (item != PSS_TRAILER_FIELD_INT && item != PSS_SALT_LEN_INT) {
874 LOGE("Invalid input sign spec item");
875 return HCF_INVALID_PARAMS;
876 }
877 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
878 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
879 LOGE("Only support pss parameter");
880 return HCF_INVALID_PARAMS;
881 }
882 if (item == PSS_TRAILER_FIELD_INT) {
883 *returnInt = PSS_TRAILER_FIELD_SUPPORTED_INT;
884 return HCF_SUCCESS;
885 }
886 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
887 *returnInt = impl->saltLen;
888 return HCF_SUCCESS;
889 }
890 if (impl->initFlag == INITIALIZED) {
891 if (OpensslEvpPkeyCtxGetRsaPssSaltLen(impl->ctx, returnInt) != HCF_OPENSSL_SUCCESS) {
892 LOGD("[error] get saltLen fail");
893 return HCF_ERR_CRYPTO_OPERATION;
894 }
895 return HCF_SUCCESS;
896 } else {
897 LOGE("No set saltLen and not init!");
898 return HCF_INVALID_PARAMS;
899 }
900 }
901
EngineSetVerifySpecUint8Array(HcfVerifySpi * self,SignSpecItem item,HcfBlob pSource)902 static HcfResult EngineSetVerifySpecUint8Array(HcfVerifySpi *self, SignSpecItem item, HcfBlob pSource)
903 {
904 (void)self;
905 (void)item;
906 (void)pSource;
907 return HCF_NOT_SUPPORT;
908 }
909
EngineGetVerifySpecString(HcfVerifySpi * self,SignSpecItem item,char ** returnString)910 static HcfResult EngineGetVerifySpecString(HcfVerifySpi *self, SignSpecItem item, char **returnString)
911 {
912 if (self == NULL || returnString == NULL) {
913 LOGE("Invalid input parameter");
914 return HCF_INVALID_PARAMS;
915 }
916 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
917 LOGE("Class not match.");
918 return HCF_INVALID_PARAMS;
919 }
920 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
921 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
922 LOGE("Only support pss parameter");
923 return HCF_INVALID_PARAMS;
924 }
925 HcfResult ret = HCF_INVALID_PARAMS;
926 switch (item) {
927 case PSS_MD_NAME_STR:
928 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->md), returnString);
929 break;
930 case PSS_MGF_NAME_STR:
931 // only support mgf1
932 ret = GetRsaSpecStringMGF(returnString);
933 break;
934 case PSS_MGF1_MD_STR:
935 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->mgf1md), returnString);
936 break;
937 default:
938 LOGE("Invalid input sign spec item");
939 return HCF_INVALID_PARAMS;
940 }
941 return ret;
942 }
943
HcfSignSpiRsaCreate(HcfSignatureParams * params,HcfSignSpi ** returnObj)944 HcfResult HcfSignSpiRsaCreate(HcfSignatureParams *params, HcfSignSpi **returnObj)
945 {
946 if (params == NULL || returnObj == NULL) {
947 LOGE("Invalid input parameter.");
948 return HCF_INVALID_PARAMS;
949 }
950 if (CheckSignatureParams(params) != HCF_SUCCESS) {
951 return HCF_INVALID_PARAMS;
952 }
953 HcfSignSpiRsaOpensslImpl *returnImpl = (HcfSignSpiRsaOpensslImpl *)HcfMalloc(
954 sizeof(HcfSignSpiRsaOpensslImpl), 0);
955 if (returnImpl == NULL) {
956 LOGE("Failed to allocate returnImpl memroy!");
957 return HCF_ERR_MALLOC;
958 }
959 returnImpl->base.base.getClass = GetRsaSignClass;
960 returnImpl->base.base.destroy = DestroyRsaSign;
961 returnImpl->base.engineInit = EngineSignInit;
962 returnImpl->base.engineUpdate = EngineSignUpdate;
963 returnImpl->base.engineSign = EngineSign;
964 returnImpl->base.engineSetSignSpecInt = EngineSetSignSpecInt;
965 returnImpl->base.engineGetSignSpecInt = EngineGetSignSpecInt;
966 returnImpl->base.engineGetSignSpecString = EngineGetSignSpecString;
967 returnImpl->base.engineSetSignSpecUint8Array = EngineSetSignSpecUint8Array;
968 returnImpl->md = params->md;
969 returnImpl->padding = params->padding;
970 returnImpl->mgf1md = params->mgf1md;
971 returnImpl->mdctx = OpensslEvpMdCtxNew();
972 if (returnImpl->mdctx == NULL) {
973 LOGE("Failed to allocate md ctx!");
974 HcfFree(returnImpl);
975 returnImpl = NULL;
976 return HCF_ERR_MALLOC;
977 }
978 returnImpl->initFlag = UNINITIALIZED;
979 returnImpl->saltLen = PSS_SALTLEN_INVALID_INIT;
980 returnImpl->operation = (params->operation == HCF_ALG_ONLY_SIGN) ? HCF_OPERATIOPN_ONLY_SIGN : HCF_OPERATION_SIGN;
981 *returnObj = (HcfSignSpi *)returnImpl;
982 return HCF_SUCCESS;
983 }
984
CheckVerifyRecoverParams(HcfSignatureParams * params)985 static HcfResult CheckVerifyRecoverParams(HcfSignatureParams *params)
986 {
987 int32_t opensslPadding = 0;
988 if (GetOpensslPadding(params->padding, &opensslPadding) != HCF_SUCCESS) {
989 LOGE("getpadding fail.");
990 return HCF_INVALID_PARAMS;
991 }
992 if (opensslPadding != RSA_PKCS1_PADDING && opensslPadding != RSA_NO_PADDING) {
993 LOGE("VerifyRecover cannot use that padding mode");
994 return HCF_INVALID_PARAMS;
995 }
996 return HCF_SUCCESS;
997 }
998
HcfVerifySpiRsaCreate(HcfSignatureParams * params,HcfVerifySpi ** returnObj)999 HcfResult HcfVerifySpiRsaCreate(HcfSignatureParams *params, HcfVerifySpi **returnObj)
1000 {
1001 if (params == NULL || returnObj == NULL) {
1002 LOGE("Invalid input parameter.");
1003 return HCF_INVALID_PARAMS;
1004 }
1005 if (params->operation != HCF_ALG_VERIFY_RECOVER) {
1006 if (CheckSignatureParams(params) != HCF_SUCCESS) {
1007 return HCF_INVALID_PARAMS;
1008 }
1009 } else {
1010 if (CheckVerifyRecoverParams(params) != HCF_SUCCESS) {
1011 return HCF_INVALID_PARAMS;
1012 }
1013 }
1014
1015 HcfVerifySpiRsaOpensslImpl *returnImpl = (HcfVerifySpiRsaOpensslImpl *)HcfMalloc(
1016 sizeof(HcfVerifySpiRsaOpensslImpl), 0);
1017 if (returnImpl == NULL) {
1018 LOGE("Failed to allocate returnImpl memroy!");
1019 return HCF_ERR_MALLOC;
1020 }
1021 returnImpl->base.base.getClass = GetRsaVerifyClass;
1022 returnImpl->base.base.destroy = DestroyRsaVerify;
1023 returnImpl->base.engineInit = EngineVerifyInit;
1024 returnImpl->base.engineUpdate = EngineVerifyUpdate;
1025 returnImpl->base.engineVerify = EngineVerify;
1026 returnImpl->base.engineRecover = EngineRecover;
1027 returnImpl->base.engineSetVerifySpecInt = EngineSetVerifySpecInt;
1028 returnImpl->base.engineGetVerifySpecInt = EngineGetVerifySpecInt;
1029 returnImpl->base.engineGetVerifySpecString = EngineGetVerifySpecString;
1030 returnImpl->base.engineSetVerifySpecUint8Array = EngineSetVerifySpecUint8Array;
1031 returnImpl->md = params->md;
1032 returnImpl->padding = params->padding;
1033 if (params->operation != HCF_ALG_VERIFY_RECOVER) {
1034 returnImpl->mgf1md = params->mgf1md;
1035 returnImpl->mdctx = OpensslEvpMdCtxNew();
1036 if (returnImpl->mdctx == NULL) {
1037 LOGE("Failed to allocate md ctx!");
1038 HcfFree(returnImpl);
1039 returnImpl = NULL;
1040 return HCF_ERR_MALLOC;
1041 }
1042 returnImpl->saltLen = PSS_SALTLEN_INVALID_INIT;
1043 returnImpl->operation = RSA_DIGEST_VERIFY;
1044 } else {
1045 returnImpl->operation = RSA_VERIFY_RECOVER;
1046 }
1047 returnImpl->initFlag = UNINITIALIZED;
1048 *returnObj = (HcfVerifySpi *)returnImpl;
1049 return HCF_SUCCESS;
1050 }
1051