1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define HUKS_DISABLE_LOG_AT_FILE_TO_REDUCE_ROM_SIZE
16
17 #ifdef HKS_CONFIG_FILE
18 #include HKS_CONFIG_FILE
19 #else
20 #include "hks_config.h"
21 #endif
22
23 #ifdef HKS_SUPPORT_3DES_C
24
25 #include "hks_mbedtls_3des.h"
26
27 #include <mbedtls/des.h>
28 #include <mbedtls/ccm.h>
29 #include <mbedtls/cipher.h>
30 #include <mbedtls/ctr_drbg.h>
31 #include <mbedtls/entropy.h>
32 #include <mbedtls/gcm.h>
33
34 #include <securec.h>
35
36 #include "hks_log.h"
37 #include "hks_mbedtls_common.h"
38 #include "hks_mem.h"
39 #include "hks_template.h"
40
41 #define HKS_3DES_CBC_NOPADDING_IV_SIZE 8
42 #define HKS_3DES_CBC_DATA_BLOB_SIZE 8
43
44 struct HksMbedtls3DesCtx {
45 uint32_t algType;
46 uint32_t mode;
47 uint32_t padding;
48 uint8_t *append;
49 uint8_t iv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
50 } HksMbedtls3DesCtx;
51
CheckKeySize(const struct HksBlob * key)52 static int32_t CheckKeySize(const struct HksBlob *key)
53 {
54 if ((key->size != HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) && (key->size != HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192))) {
55 return HKS_ERROR_INVALID_KEY_SIZE;
56 }
57
58 return HKS_SUCCESS;
59 }
60
61 #ifdef HKS_SUPPORT_3DES_GENERATE_KEY
HksMbedtls3DesGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)62 int32_t HksMbedtls3DesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
63 {
64 if ((spec->keyLen != HKS_3DES_KEY_SIZE_128) && (spec->keyLen != HKS_3DES_KEY_SIZE_192)) {
65 return HKS_ERROR_INVALID_KEY_SIZE;
66 }
67
68 const uint32_t keyByteLen = spec->keyLen / HKS_BITS_PER_BYTE;
69
70 uint8_t *outKey = (uint8_t *)HksMalloc(keyByteLen);
71 HKS_IF_NULL_RETURN(outKey, HKS_ERROR_MALLOC_FAIL)
72
73 mbedtls_entropy_context entropy;
74 mbedtls_ctr_drbg_context ctrDrbg;
75 (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
76 (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
77 int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
78 if (ret != HKS_SUCCESS) {
79 HKS_FREE(outKey);
80 return ret;
81 }
82
83 do {
84 ret = mbedtls_ctr_drbg_random(&ctrDrbg, outKey, keyByteLen);
85 if (ret != HKS_MBEDTLS_SUCCESS) {
86 HKS_LOG_E("Mbedtls ctr drbg random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
87 (void)memset_s(outKey, keyByteLen, 0, keyByteLen);
88 HKS_FREE(outKey);
89 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
90 break;
91 }
92
93 key->data = outKey;
94 key->size = keyByteLen;
95 } while (0);
96
97 mbedtls_ctr_drbg_free(&ctrDrbg);
98 mbedtls_entropy_free(&entropy);
99 return ret;
100 }
101 #endif /* HKS_SUPPORT_3DES_GENERATE_KEY */
102
103 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
Des3CbcNoPaddingCryptSetKey(const struct HksBlob * key,mbedtls_des3_context * ctx,const bool encrypt)104 static int32_t Des3CbcNoPaddingCryptSetKey(const struct HksBlob *key, mbedtls_des3_context *ctx, const bool encrypt)
105 {
106 int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
107 if (encrypt) {
108 if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
109 ret = mbedtls_des3_set2key_enc(ctx, key->data);
110 } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
111 ret = mbedtls_des3_set3key_enc(ctx, key->data);
112 }
113 } else {
114 if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
115 ret = mbedtls_des3_set2key_dec(ctx, key->data);
116 } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
117 ret = mbedtls_des3_set3key_dec(ctx, key->data);
118 }
119 }
120
121 return ret;
122 }
123
Des3CbcNoPaddingCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)124 static int32_t Des3CbcNoPaddingCryptInit(
125 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
126 {
127 mbedtls_des3_context *ctx = (mbedtls_des3_context *)HksMalloc(sizeof(mbedtls_des3_context));
128 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_MALLOC_FAIL, "initialize ctx fail")
129 mbedtls_des3_init(ctx);
130
131 int32_t ret = Des3CbcNoPaddingCryptSetKey(key, ctx, encrypt);
132 if (ret != HKS_MBEDTLS_SUCCESS) {
133 HKS_LOG_E("Mbedtls 3des set key failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
134 mbedtls_des3_free(ctx);
135 HKS_FREE(ctx);
136 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
137 }
138
139 struct HksCipherParam *iv = (struct HksCipherParam *)(usageSpec->algParam);
140 if (iv->iv.size != HKS_3DES_CBC_NOPADDING_IV_SIZE) {
141 HKS_LOG_E("initialize iv fail");
142 mbedtls_des3_free(ctx);
143 HKS_FREE(ctx);
144 return HKS_ERROR_INVALID_IV;
145 }
146
147 struct HksMbedtls3DesCtx *outCtx = (struct HksMbedtls3DesCtx *)HksMalloc(sizeof(struct HksMbedtls3DesCtx));
148 if (outCtx == NULL) {
149 HKS_LOG_E("initialize outCtx fail");
150 mbedtls_des3_free(ctx);
151 HKS_FREE(ctx);
152 return HKS_ERROR_MALLOC_FAIL;
153 }
154
155 outCtx->append = (void *)ctx;
156 outCtx->mode = usageSpec->mode;
157 outCtx->padding = usageSpec->padding;
158 (void)memcpy_s(outCtx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE, iv->iv.data, HKS_3DES_CBC_NOPADDING_IV_SIZE);
159
160 *cryptoCtx = (void *)outCtx;
161
162 return ret;
163 }
164
Des3CbcNoPaddingCryptUpdate(void * cryptoCtx,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText)165 static int32_t Des3CbcNoPaddingCryptUpdate(
166 void *cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
167 {
168 struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)cryptoCtx;
169 HKS_IF_NULL_RETURN(des3Ctx, HKS_ERROR_NULL_POINTER)
170
171 mbedtls_des3_context *cbcNoPaddingCtx = (mbedtls_des3_context *)des3Ctx->append;
172
173 HKS_IF_NULL_RETURN(cbcNoPaddingCtx, HKS_ERROR_NULL_POINTER)
174
175 int32_t ret;
176 do {
177 if (message->size % HKS_3DES_CBC_DATA_BLOB_SIZE != 0) {
178 HKS_LOG_E("Des3CbcNoPaddingCryptUpdate data size invalid!");
179 ret = HKS_ERROR_INVALID_ARGUMENT;
180 break;
181 }
182
183 /* mbedtls_des3_crypt_cbc will refresh iv, so need a temp iv */
184 uint8_t tmpIv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
185 if (memcpy_s(tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE, des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE) != EOK) {
186 HKS_LOG_E("Memcpy temp iv failed!");
187 ret = HKS_ERROR_INVALID_IV;
188 break;
189 }
190
191 ret = mbedtls_des3_crypt_cbc(cbcNoPaddingCtx,
192 (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
193 message->size,
194 tmpIv,
195 message->data,
196 cipherText->data);
197 if (ret != HKS_MBEDTLS_SUCCESS) {
198 HKS_LOG_E("Mbedtks 3des cbc nopadding crypt failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
199 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
200 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
201 break;
202 }
203
204 cipherText->size = message->size;
205 (void)memcpy_s(des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE, tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE);
206 } while (0);
207
208 return ret;
209 }
210
Des3CbcNoPaddingCryptFinal(void ** cryptoCtx,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText)211 static int32_t Des3CbcNoPaddingCryptFinal(
212 void **cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
213 {
214 struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
215 mbedtls_des3_context *cbcNoPaddingCtx = (mbedtls_des3_context *)des3Ctx->append;
216
217 if (cbcNoPaddingCtx == NULL) {
218 HKS_FREE(*cryptoCtx);
219 return HKS_ERROR_NULL_POINTER;
220 }
221
222 int32_t ret = HKS_SUCCESS;
223 do {
224 if (message->size % HKS_3DES_CBC_DATA_BLOB_SIZE != 0) {
225 HKS_LOG_E("Des3CbcNoPaddingCryptFinal data size invalid!");
226 ret = HKS_ERROR_INVALID_ARGUMENT;
227 break;
228 }
229
230 if (message->size != 0) {
231 /* mbedtls_des3_crypt_cbc will refresh iv, so need a temp iv */
232 uint8_t tmpIv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
233 if (memcpy_s(tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE, des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE) != EOK) {
234 HKS_LOG_E("Memcpy temp iv failed!");
235 ret = HKS_ERROR_INVALID_IV;
236 break;
237 }
238 ret = mbedtls_des3_crypt_cbc(cbcNoPaddingCtx,
239 (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
240 message->size,
241 tmpIv,
242 message->data,
243 cipherText->data);
244 if (ret != HKS_MBEDTLS_SUCCESS) {
245 HKS_LOG_E("Mbedtls 3des gcm encryot failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
246 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
247 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
248 break;
249 }
250 }
251 cipherText->size = message->size;
252 } while (0);
253
254 mbedtls_des3_free(cbcNoPaddingCtx);
255 HKS_FREE(des3Ctx->append);
256 HKS_FREE(*cryptoCtx);
257
258 return ret;
259 }
260 #endif /* HKS_SUPPORT_3DES_CBC_NOPADDING */
261
Des3CbcCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)262 static int32_t Des3CbcCryptInit(
263 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
264 {
265 switch (usageSpec->padding) {
266 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
267 case HKS_PADDING_NONE:
268 return Des3CbcNoPaddingCryptInit(cryptoCtx, key, usageSpec, encrypt);
269 #endif
270 default:
271 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
272 return HKS_ERROR_INVALID_PADDING;
273 }
274 }
275
Des3CbcCryptUpdate(void * cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)276 static int32_t Des3CbcCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
277 struct HksBlob *cipherText, const bool encrypt)
278 {
279 switch (padding) {
280 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
281 case HKS_PADDING_NONE:
282 return Des3CbcNoPaddingCryptUpdate(cryptoCtx, message, encrypt, cipherText);
283 #endif
284 default:
285 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
286 return HKS_ERROR_INVALID_PADDING;
287 }
288 }
289
Des3CbcCryptFinal(void ** cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)290 static int32_t Des3CbcCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
291 struct HksBlob *cipherText, const bool encrypt)
292 {
293 switch (padding) {
294 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
295 case HKS_PADDING_NONE:
296 return Des3CbcNoPaddingCryptFinal(cryptoCtx, message, encrypt, cipherText);
297 #endif
298 default:
299 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
300 return HKS_ERROR_INVALID_PADDING;
301 }
302 }
303
304 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
Des3EcbNoPaddingCryptInitParam(const struct HksBlob * key,mbedtls_cipher_context_t * ecbCtx,const bool encrypt)305 static int32_t Des3EcbNoPaddingCryptInitParam(const struct HksBlob *key, mbedtls_cipher_context_t *ecbCtx,
306 const bool encrypt)
307 {
308 const mbedtls_cipher_info_t *info = NULL;
309 if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
310 info = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
311 } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
312 info = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_3DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
313 }
314 if (info == NULL) {
315 HKS_LOG_E("get cipher info from values failed!");
316 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
317 }
318 int32_t ret = mbedtls_cipher_setup(ecbCtx, info);
319 if (ret != HKS_MBEDTLS_SUCCESS) {
320 HKS_LOG_E("Mbedtls cipher setup failed ret = %" LOG_PUBLIC "d", ret);
321 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
322 }
323
324 ret = mbedtls_cipher_setkey(
325 ecbCtx, key->data, key->size * HKS_BITS_PER_BYTE, encrypt ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
326 if (ret != HKS_MBEDTLS_SUCCESS) {
327 HKS_LOG_E("Mbedtls setkey failed ret = %" LOG_PUBLIC "d", ret);
328 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
329 }
330
331 ret = mbedtls_cipher_set_iv(ecbCtx, NULL, 0);
332 if (ret != HKS_MBEDTLS_SUCCESS) {
333 HKS_LOG_E("Mbedtls set iv failed ret = %" LOG_PUBLIC "d", ret);
334 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
335 }
336 return HKS_SUCCESS;
337 }
338
Des3EcbNoPaddingCryptInit(void ** cryptoCtx,const struct HksUsageSpec * usageSpec,const struct HksBlob * key,const bool encrypt)339 static int32_t Des3EcbNoPaddingCryptInit(void **cryptoCtx, const struct HksUsageSpec *usageSpec,
340 const struct HksBlob *key, const bool encrypt)
341 {
342 mbedtls_cipher_context_t *ecbCtx = (mbedtls_cipher_context_t *)HksMalloc(sizeof(mbedtls_cipher_context_t));
343 HKS_IF_NULL_LOGE_RETURN(ecbCtx, HKS_ERROR_MALLOC_FAIL, "Ecb ecbCtx malloc fail")
344
345 mbedtls_cipher_init(ecbCtx);
346
347 int32_t ret = Des3EcbNoPaddingCryptInitParam(key, ecbCtx, encrypt);
348 if (ret != HKS_SUCCESS) {
349 HKS_LOG_E("Des3EcbNoPaddingCryptInitParam failed ret = %" LOG_PUBLIC "d", ret);
350 mbedtls_cipher_free(ecbCtx);
351 HKS_FREE(ecbCtx);
352 return ret;
353 }
354
355 ret = mbedtls_cipher_reset(ecbCtx);
356 if (ret != HKS_MBEDTLS_SUCCESS) {
357 HKS_LOG_E("Mbedtls reset failed ret = %" LOG_PUBLIC "d", ret);
358 mbedtls_cipher_free(ecbCtx);
359 HKS_FREE(ecbCtx);
360 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
361 }
362
363 struct HksMbedtls3DesCtx *outCtx = (struct HksMbedtls3DesCtx *)HksMalloc(sizeof(struct HksMbedtls3DesCtx));
364 if (outCtx == NULL) {
365 HKS_LOG_E("initialize outCtx fail");
366 mbedtls_cipher_free(ecbCtx);
367 HKS_FREE(ecbCtx);
368 return HKS_ERROR_MALLOC_FAIL;
369 }
370
371 outCtx->algType = usageSpec->algType;
372 outCtx->mode = usageSpec->mode;
373 outCtx->padding = usageSpec->padding;
374 outCtx->append = (void *)ecbCtx;
375 *cryptoCtx = (void *)outCtx;
376
377 return ret;
378 }
379
Des3EcbNoPaddingData(mbedtls_cipher_context_t * ecbNoPadingctx,size_t blockSize,const struct HksBlob * message,struct HksBlob * cipherText,size_t * outLenTotal)380 static int32_t Des3EcbNoPaddingData(mbedtls_cipher_context_t *ecbNoPadingctx, size_t blockSize,
381 const struct HksBlob *message, struct HksBlob *cipherText, size_t *outLenTotal)
382 {
383 int32_t ret;
384
385 uint8_t *tmpMessage = (uint8_t *)HksMalloc(blockSize);
386 HKS_IF_NULL_LOGE_RETURN(tmpMessage, HKS_ERROR_INSUFFICIENT_MEMORY, "EcbNoPaddingUpdate tmpMessage is null")
387
388 if (message->size <= blockSize) {
389 (void)memset_s(tmpMessage, blockSize, 0, blockSize);
390 (void)memcpy_s(tmpMessage, message->size, message->data, message->size);
391 ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, blockSize, cipherText->data, outLenTotal);
392 if (ret != HKS_MBEDTLS_SUCCESS) {
393 HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
394 HKS_FREE(tmpMessage);
395 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
396 }
397 } else {
398 uint32_t point = 0;
399 while (point < message->size) {
400 (void)memset_s(tmpMessage, blockSize, 0, blockSize);
401 uint32_t tmpSize = (message->size - point) >= blockSize ? blockSize : (message->size - point);
402 ret = memcpy_s(tmpMessage, blockSize, message->data + point, tmpSize);
403 if (ret != HKS_MBEDTLS_SUCCESS) {
404 HKS_LOG_E("copy data failed");
405 HKS_FREE(tmpMessage);
406 return HKS_ERROR_INSUFFICIENT_MEMORY;
407 }
408 size_t olen;
409 ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, tmpSize, cipherText->data + point, &olen);
410 if (ret != HKS_MBEDTLS_SUCCESS) {
411 HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
412 HKS_FREE(tmpMessage);
413 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
414 }
415 *outLenTotal += olen;
416 point += blockSize;
417 }
418 }
419 HKS_FREE(tmpMessage);
420 return HKS_SUCCESS;
421 }
422
Get3DesEcbNoPaddingCtx(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,size_t * outLenTotal)423 static mbedtls_cipher_context_t *Get3DesEcbNoPaddingCtx(void *cryptoCtx, const struct HksBlob *message,
424 struct HksBlob *cipherText, size_t *outLenTotal)
425 {
426 struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)cryptoCtx;
427 mbedtls_cipher_context_t *ecbNoPadingctx = (mbedtls_cipher_context_t *)des3Ctx->append;
428 HKS_IF_NULL_LOGE_RETURN(ecbNoPadingctx, NULL, "EcbNoPaddingUpdate ecbNoPadingctx is null")
429
430 int32_t ret = HKS_SUCCESS;
431 do {
432 if (message == NULL) {
433 HKS_LOG_E("The message is null.");
434 ret = HKS_FAILURE;
435 break;
436 }
437
438 if (message->size != 0) {
439 size_t blockSize = mbedtls_cipher_get_block_size(ecbNoPadingctx);
440 HKS_LOG_E("Ecb No padding update!message.size[%" LOG_PUBLIC "d] blockSize[%" LOG_PUBLIC "d]",
441 message->size, blockSize);
442 if (blockSize == 0 || (message->size % blockSize != 0)) {
443 HKS_LOG_E("The size of message is invalid.");
444 ret = HKS_ERROR_INVALID_ARGUMENT;
445 break;
446 }
447
448 ret = Des3EcbNoPaddingData(ecbNoPadingctx, blockSize, message, cipherText, outLenTotal);
449 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DesEcbNoPaddingData failed")
450 }
451 } while (0);
452
453 HKS_IF_NOT_SUCC_RETURN(ret, NULL)
454
455 return ecbNoPadingctx;
456 }
457
Des3EcbNoPaddingCryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)458 static int32_t Des3EcbNoPaddingCryptUpdate(void *cryptoCtx, const struct HksBlob *message,
459 struct HksBlob *cipherText)
460 {
461 size_t outLenTotal = 0;
462 HKS_IF_NULL_RETURN(Get3DesEcbNoPaddingCtx(cryptoCtx, message, cipherText, &outLenTotal), HKS_ERROR_NULL_POINTER)
463
464 cipherText->size = outLenTotal;
465 return HKS_SUCCESS;
466 }
467
Des3EcbNoPaddingCryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)468 static int32_t Des3EcbNoPaddingCryptFinal(void **cryptoCtx, const struct HksBlob *message,
469 struct HksBlob *cipherText)
470 {
471 size_t outLenTotal = 0;
472 mbedtls_cipher_context_t *ecbNoPadingctx = Get3DesEcbNoPaddingCtx(*cryptoCtx, message, cipherText, &outLenTotal);
473 if (ecbNoPadingctx == NULL) {
474 HKS_FREE(*cryptoCtx);
475 return HKS_ERROR_NULL_POINTER;
476 }
477
478 struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
479 size_t finishOlen;
480 size_t olen = outLenTotal;
481 int32_t ret = mbedtls_cipher_finish(ecbNoPadingctx, cipherText->data + olen, &finishOlen);
482 if (ret != HKS_MBEDTLS_SUCCESS) {
483 HKS_LOG_E("Mbedtls ecb nopadding crypt update failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
484 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
485 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
486 } else {
487 cipherText->size = olen + finishOlen;
488 }
489
490 mbedtls_cipher_free(ecbNoPadingctx);
491 HKS_FREE(des3Ctx->append);
492 HKS_FREE(*cryptoCtx);
493
494 return ret;
495 }
496 #endif
497
Des3EcbCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)498 static int32_t Des3EcbCryptInit(void **cryptoCtx, const struct HksBlob *key,
499 const struct HksUsageSpec *usageSpec, const bool encrypt)
500 {
501 switch (usageSpec->padding) {
502 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
503 case HKS_PADDING_NONE:
504 return Des3EcbNoPaddingCryptInit(cryptoCtx, usageSpec, key, encrypt);
505 #endif
506 default:
507 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
508 return HKS_ERROR_INVALID_PADDING;
509 }
510 }
511
Des3EcbCryptUpdate(void * cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText)512 static int32_t Des3EcbCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
513 struct HksBlob *cipherText)
514 {
515 switch (padding) {
516 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
517 case HKS_PADDING_NONE:
518 return Des3EcbNoPaddingCryptUpdate(cryptoCtx, message, cipherText);
519 #endif
520 default:
521 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
522 return HKS_ERROR_INVALID_PADDING;
523 }
524 }
525
Des3EcbCryptFinal(void ** cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText)526 static int32_t Des3EcbCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
527 struct HksBlob *cipherText)
528 {
529 switch (padding) {
530 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
531 case HKS_PADDING_NONE:
532 return Des3EcbNoPaddingCryptFinal(cryptoCtx, message, cipherText);
533 #endif
534 default:
535 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
536 return HKS_ERROR_INVALID_PADDING;
537 }
538 }
539
HksMbedtls3DesEncryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)540 int32_t HksMbedtls3DesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
541 {
542 if (CheckKeySize(key) != HKS_SUCCESS || cryptoCtx == NULL || usageSpec == NULL) {
543 HKS_LOG_E("Invalid des3 keySiz = 0x%" LOG_PUBLIC "X", key->size);
544 return HKS_ERROR_INVALID_ARGUMENT;
545 }
546
547 switch (usageSpec->mode) {
548 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
549 case HKS_MODE_CBC:
550 return Des3CbcCryptInit(cryptoCtx, key, usageSpec, true);
551 #endif
552 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
553 case HKS_MODE_ECB:
554 return Des3EcbCryptInit(cryptoCtx, key, usageSpec, true);
555 #endif
556 default:
557 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
558 return HKS_ERROR_NOT_SUPPORTED;
559 }
560 }
561
HksMbedtls3DesEncryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)562 int32_t HksMbedtls3DesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
563 {
564 HKS_IF_NULL_LOGE_RETURN(cryptoCtx, HKS_ERROR_INVALID_ARGUMENT, "Mbedtls 3DES encrypt update param is null")
565
566 struct HksMbedtls3DesCtx *des3EncryptCtx = (struct HksMbedtls3DesCtx *)cryptoCtx;
567
568 switch (des3EncryptCtx->mode) {
569 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
570 case HKS_MODE_CBC:
571 return Des3CbcCryptUpdate(cryptoCtx, des3EncryptCtx->padding, message, cipherText, true);
572 #endif
573 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
574 case HKS_MODE_ECB:
575 return Des3EcbCryptUpdate(cryptoCtx, des3EncryptCtx->padding, message, cipherText);
576 #endif
577 default:
578 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3EncryptCtx->mode);
579 return HKS_ERROR_INVALID_ARGUMENT;
580 }
581 }
582
HksMbedtls3DesEncryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)583 int32_t HksMbedtls3DesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
584 {
585 struct HksMbedtls3DesCtx *des3EncryptCtx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
586
587 switch (des3EncryptCtx->mode) {
588 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
589 case HKS_MODE_CBC:
590 return Des3CbcCryptFinal(cryptoCtx, des3EncryptCtx->padding, message, cipherText, true);
591 #endif
592 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
593 case HKS_MODE_ECB:
594 return Des3EcbCryptFinal(cryptoCtx, des3EncryptCtx->padding, message, cipherText);
595 #endif
596 default:
597 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3EncryptCtx->mode);
598 return HKS_ERROR_INVALID_ARGUMENT;
599 }
600 }
601
HksMbedtls3DesDecryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)602 int32_t HksMbedtls3DesDecryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
603 {
604 HKS_IF_NOT_SUCC_LOGE_RETURN(
605 CheckKeySize(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid des3 keySize = 0x%" LOG_PUBLIC "X", key->size)
606
607 switch (usageSpec->mode) {
608 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
609 case HKS_MODE_CBC:
610 return Des3CbcCryptInit(cryptoCtx, key, usageSpec, false);
611 #endif
612 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
613 case HKS_MODE_ECB:
614 return Des3EcbCryptInit(cryptoCtx, key, usageSpec, false);
615 #endif
616 default:
617 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
618 return HKS_ERROR_INVALID_ARGUMENT;
619 }
620 }
621
HksMbedtls3DesDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)622 int32_t HksMbedtls3DesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
623 {
624 struct HksMbedtls3DesCtx *des3DecryptCtx = (struct HksMbedtls3DesCtx *)cryptoCtx;
625 switch (des3DecryptCtx->mode) {
626 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
627 case HKS_MODE_CBC:
628 return Des3CbcCryptUpdate(cryptoCtx, des3DecryptCtx->padding, message, cipherText, false);
629 #endif
630 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
631 case HKS_MODE_ECB:
632 return Des3EcbCryptUpdate(cryptoCtx, des3DecryptCtx->padding, message, cipherText);
633 #endif
634 default:
635 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3DecryptCtx->mode);
636 return HKS_ERROR_INVALID_ARGUMENT;
637 }
638 }
639
HksMbedtls3DesDecryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)640 int32_t HksMbedtls3DesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
641 {
642 struct HksMbedtls3DesCtx *des3DecryptCtx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
643
644 switch (des3DecryptCtx->mode) {
645 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
646 case HKS_MODE_CBC:
647 return Des3CbcCryptFinal(cryptoCtx, des3DecryptCtx->padding, message, cipherText, false);
648 #endif
649 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
650 case HKS_MODE_ECB:
651 return Des3EcbCryptFinal(cryptoCtx, des3DecryptCtx->padding, message, cipherText);
652 #endif
653 default:
654 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3DecryptCtx->mode);
655 return HKS_ERROR_INVALID_ARGUMENT;
656 }
657 }
658
HksMbedtls3DesCryptoInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)659 int32_t HksMbedtls3DesCryptoInit(
660 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
661 {
662 if (encrypt) {
663 return HksMbedtls3DesEncryptInit(cryptoCtx, key, usageSpec);
664 } else {
665 return HksMbedtls3DesDecryptInit(cryptoCtx, key, usageSpec);
666 }
667 }
668
HksMbedtls3DesCryptoUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)669 int32_t HksMbedtls3DesCryptoUpdate(
670 void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt)
671 {
672 if (encrypt) {
673 return HksMbedtls3DesEncryptUpdate(cryptoCtx, message, cipherText);
674 } else {
675 return HksMbedtls3DesDecryptUpdate(cryptoCtx, message, cipherText);
676 }
677 }
678
HksMbedtls3DesCryptoFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)679 int32_t HksMbedtls3DesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
680 const bool encrypt)
681 {
682 if (encrypt) {
683 return HksMbedtls3DesEncryptFinal(cryptoCtx, message, cipherText);
684 } else {
685 return HksMbedtls3DesDecryptFinal(cryptoCtx, message, cipherText);
686 }
687 }
688
689 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
HksMbedtls3DesHalModeCbcFreeCtx(void ** cryptCtx)690 void HksMbedtls3DesHalModeCbcFreeCtx(void **cryptCtx)
691 {
692 if (cryptCtx == NULL || *cryptCtx == NULL) {
693 HKS_LOG_E("FreeCtx cryptCtx param is null");
694 return;
695 }
696
697 struct HksMbedtls3DesCtx *mbedtls3DesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
698 if (mbedtls3DesCtx->padding == HKS_PADDING_NONE) {
699 if (mbedtls3DesCtx->append != NULL) {
700 mbedtls_des3_free((mbedtls_des3_context *)(mbedtls3DesCtx->append));
701 HKS_FREE(mbedtls3DesCtx->append);
702 }
703 }
704 }
705 #endif
706
707 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
HksMbedtls3DesHalModeEcbFreeCtx(void ** cryptCtx)708 void HksMbedtls3DesHalModeEcbFreeCtx(void **cryptCtx)
709 {
710 if (cryptCtx == NULL || *cryptCtx == NULL) {
711 HKS_LOG_E("FreeCtx cryptCtx param is null");
712 return;
713 }
714
715 struct HksMbedtls3DesCtx *mbedtlsDesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
716 if (mbedtlsDesCtx->padding == HKS_PADDING_NONE) {
717 if (mbedtlsDesCtx->append != NULL) {
718 mbedtls_cipher_free((mbedtls_cipher_context_t *)mbedtlsDesCtx->append);
719 HKS_FREE(mbedtlsDesCtx->append);
720 }
721 }
722 }
723 #endif
724
HksMbedtls3DesHalFreeCtx(void ** cryptCtx)725 void HksMbedtls3DesHalFreeCtx(void **cryptCtx)
726 {
727 if (cryptCtx == NULL || *cryptCtx == NULL) {
728 HKS_LOG_E("FreeCtx param context null");
729 return;
730 }
731
732 struct HksMbedtls3DesCtx *mbedtls3DesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
733 switch (mbedtls3DesCtx->mode) {
734 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
735 case HKS_MODE_CBC:
736 HksMbedtls3DesHalModeCbcFreeCtx(cryptCtx);
737 break;
738 #endif
739 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
740 case HKS_MODE_ECB:
741 HksMbedtls3DesHalModeEcbFreeCtx(cryptCtx);
742 break;
743 #endif
744 default:
745 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", mbedtls3DesCtx->mode);
746 break;
747 }
748 HKS_FREE(*cryptCtx);
749 }
750 #endif /* HKS_SUPPORT_3DES_C */