1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define HUKS_DISABLE_LOG_AT_FILE_TO_REDUCE_ROM_SIZE
16
17 #ifdef HKS_CONFIG_FILE
18 #include HKS_CONFIG_FILE
19 #else
20 #include "hks_config.h"
21 #endif
22
23 #ifdef HKS_SUPPORT_DES_C
24
25 #include "hks_mbedtls_des.h"
26
27 #include <mbedtls/des.h>
28 #include <mbedtls/ccm.h>
29 #include <mbedtls/cipher.h>
30 #include <mbedtls/ctr_drbg.h>
31 #include <mbedtls/entropy.h>
32 #include <mbedtls/gcm.h>
33
34 #include <securec.h>
35
36 #include "hks_log.h"
37 #include "hks_mbedtls_common.h"
38 #include "hks_mem.h"
39 #include "hks_template.h"
40
41 #define HKS_DES_CBC_NOPADDING_IV_SIZE 8
42 #define HKS_DES_CBC_DATA_BLOB_SIZE 8
43
44 struct HksMbedtlsDesCtx {
45 uint32_t algType;
46 uint32_t mode;
47 uint32_t padding;
48 uint8_t *append;
49 uint8_t iv[HKS_DES_CBC_NOPADDING_IV_SIZE];
50 uint8_t *nonce;
51 uint32_t nonceSize;
52 uint8_t *aad;
53 uint32_t aadSize;
54 } HksMbedtlsDesCtx;
55
CheckKeySize(const struct HksBlob * key)56 static int32_t CheckKeySize(const struct HksBlob *key)
57 {
58 if (key->size != HKS_KEY_BYTES(HKS_DES_KEY_SIZE_64)) {
59 return HKS_ERROR_INVALID_KEY_SIZE;
60 }
61
62 return HKS_SUCCESS;
63 }
64
65 #ifdef HKS_SUPPORT_DES_GENERATE_KEY
HksMbedtlsDesGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)66 int32_t HksMbedtlsDesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
67 {
68 if (spec->keyLen != HKS_DES_KEY_SIZE_64) {
69 return HKS_ERROR_INVALID_KEY_SIZE;
70 }
71
72 const uint32_t keyByteLen = spec->keyLen / HKS_BITS_PER_BYTE;
73
74 uint8_t *outKey = (uint8_t *)HksMalloc(keyByteLen);
75 HKS_IF_NULL_RETURN(outKey, HKS_ERROR_MALLOC_FAIL)
76
77 mbedtls_entropy_context entropy;
78 mbedtls_ctr_drbg_context ctrDrbg;
79 (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
80 (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
81 int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
82 if (ret != HKS_SUCCESS) {
83 HKS_FREE(outKey);
84 return ret;
85 }
86
87 do {
88 ret = mbedtls_ctr_drbg_random(&ctrDrbg, outKey, keyByteLen);
89 if (ret != HKS_MBEDTLS_SUCCESS) {
90 HKS_LOG_E("Mbedtls ctr drbg random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
91 (void)memset_s(outKey, keyByteLen, 0, keyByteLen);
92 HKS_FREE(outKey);
93 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
94 break;
95 }
96
97 key->data = outKey;
98 key->size = keyByteLen;
99 } while (0);
100
101 mbedtls_ctr_drbg_free(&ctrDrbg);
102 mbedtls_entropy_free(&entropy);
103 return ret;
104 }
105 #endif /* HKS_SUPPORT_DES_GENERATE_KEY */
106
107 #ifdef HKS_SUPPORT_DES_CBC_NOPADDING
DesCbcNoPaddingCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)108 static int32_t DesCbcNoPaddingCryptInit(
109 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
110 {
111 mbedtls_des_context *ctx = (mbedtls_des_context *)HksMalloc(sizeof(mbedtls_des_context));
112 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_MALLOC_FAIL, "initialize ctx fail")
113 mbedtls_des_init(ctx);
114
115 int32_t ret;
116 if (encrypt) {
117 ret = mbedtls_des_setkey_enc(ctx, key->data);
118 } else {
119 ret = mbedtls_des_setkey_dec(ctx, key->data);
120 }
121 if (ret != HKS_MBEDTLS_SUCCESS) {
122 HKS_LOG_E("Mbedtls des set key failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
123 mbedtls_des_free(ctx);
124 HKS_FREE(ctx);
125 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
126 }
127
128 struct HksCipherParam *iv = (struct HksCipherParam *)(usageSpec->algParam);
129 if (iv->iv.size != HKS_DES_CBC_NOPADDING_IV_SIZE) {
130 HKS_LOG_E("initialize iv fail");
131 mbedtls_des_free(ctx);
132 HKS_FREE(ctx);
133 return HKS_ERROR_INVALID_IV;
134 }
135
136 struct HksMbedtlsDesCtx *outCtx = (struct HksMbedtlsDesCtx *)HksMalloc(sizeof(struct HksMbedtlsDesCtx));
137 if (outCtx == NULL) {
138 HKS_LOG_E("initialize outCtx fail");
139 mbedtls_des_free(ctx);
140 HKS_FREE(ctx);
141 return HKS_ERROR_MALLOC_FAIL;
142 }
143
144 outCtx->append = (void *)ctx;
145 outCtx->mode = usageSpec->mode;
146 outCtx->padding = usageSpec->padding;
147 (void)memcpy_s(outCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE, iv->iv.data, HKS_DES_CBC_NOPADDING_IV_SIZE);
148
149 *cryptoCtx = (void *)outCtx;
150
151 return ret;
152 }
153
DesCbcNoPaddingCryptUpdate(void * cryptoCtx,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText)154 static int32_t DesCbcNoPaddingCryptUpdate(
155 void *cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
156 {
157 struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
158 HKS_IF_NULL_RETURN(desCtx, HKS_ERROR_NULL_POINTER)
159
160 mbedtls_des_context *cbcNoPaddingCtx = (mbedtls_des_context *)desCtx->append;
161
162 HKS_IF_NULL_RETURN(cbcNoPaddingCtx, HKS_ERROR_NULL_POINTER)
163
164 int32_t ret;
165 do {
166 if (message->size % HKS_DES_CBC_DATA_BLOB_SIZE != 0) {
167 HKS_LOG_E("DesCbcNoPaddingCryptUpdate data size invalid!");
168 ret = HKS_ERROR_INVALID_ARGUMENT;
169 break;
170 }
171
172 /* mbedtls_des_crypt_cbc will refresh iv, so need a temp iv */
173 uint8_t tmpIv[HKS_DES_CBC_NOPADDING_IV_SIZE];
174 if (memcpy_s(tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE, desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE) != EOK) {
175 HKS_LOG_E("Memcpy temp iv failed!");
176 ret = HKS_ERROR_INVALID_IV;
177 break;
178 }
179
180 ret = mbedtls_des_crypt_cbc(cbcNoPaddingCtx,
181 (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
182 message->size,
183 tmpIv,
184 message->data,
185 cipherText->data);
186 if (ret != HKS_MBEDTLS_SUCCESS) {
187 HKS_LOG_E("Mbedtks des cbc nopadding crypt failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
188 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
189 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
190 break;
191 }
192
193 cipherText->size = message->size;
194 (void)memcpy_s(desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE, tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE);
195 } while (0);
196
197 return ret;
198 }
199
DesCbcNoPaddingCryptFinal(void ** cryptoCtx,const struct HksBlob * message,const bool encrypt,struct HksBlob * cipherText)200 static int32_t DesCbcNoPaddingCryptFinal(
201 void **cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
202 {
203 struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
204 mbedtls_des_context *cbcNoPaddingCtx = (mbedtls_des_context *)desCtx->append;
205
206 if (cbcNoPaddingCtx == NULL) {
207 HKS_FREE(*cryptoCtx);
208 return HKS_ERROR_NULL_POINTER;
209 }
210
211 int32_t ret = HKS_SUCCESS;
212 do {
213 if (message->size % HKS_DES_CBC_DATA_BLOB_SIZE != 0) {
214 HKS_LOG_E("DesCbcNoPaddingCryptFinal data size invalid!");
215 ret = HKS_ERROR_INVALID_ARGUMENT;
216 break;
217 }
218
219 if (message->size != 0) {
220 /* mbedtls_des_crypt_cbc will refresh iv, so need a temp iv */
221 uint8_t tmpIv[HKS_DES_CBC_NOPADDING_IV_SIZE];
222 if (memcpy_s(tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE, desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE) != EOK) {
223 HKS_LOG_E("Memcpy temp iv failed!");
224 ret = HKS_ERROR_INVALID_IV;
225 break;
226 }
227 ret = mbedtls_des_crypt_cbc(cbcNoPaddingCtx,
228 (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
229 message->size,
230 tmpIv,
231 message->data,
232 cipherText->data);
233 if (ret != HKS_MBEDTLS_SUCCESS) {
234 HKS_LOG_E("Mbedtls des gcm encryot failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
235 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
236 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
237 break;
238 }
239 }
240 cipherText->size = message->size;
241 } while (0);
242
243 mbedtls_des_free(cbcNoPaddingCtx);
244 HKS_FREE(desCtx->append);
245 HKS_FREE(*cryptoCtx);
246
247 return ret;
248 }
249 #endif /* HKS_SUPPORT_DES_CBC_NOPADDING */
250
DesCbcCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)251 static int32_t DesCbcCryptInit(
252 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
253 {
254 switch (usageSpec->padding) {
255 #ifdef HKS_SUPPORT_DES_CBC_NOPADDING
256 case HKS_PADDING_NONE:
257 return DesCbcNoPaddingCryptInit(cryptoCtx, key, usageSpec, encrypt);
258 #endif
259 default:
260 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
261 return HKS_ERROR_INVALID_PADDING;
262 }
263 }
264
DesCbcCryptUpdate(void * cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)265 static int32_t DesCbcCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
266 struct HksBlob *cipherText, const bool encrypt)
267 {
268 switch (padding) {
269 #ifdef HKS_SUPPORT_DES_CBC_NOPADDING
270 case HKS_PADDING_NONE:
271 return DesCbcNoPaddingCryptUpdate(cryptoCtx, message, encrypt, cipherText);
272 #endif
273 default:
274 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
275 return HKS_ERROR_INVALID_PADDING;
276 }
277 }
278
DesCbcCryptFinal(void ** cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)279 static int32_t DesCbcCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
280 struct HksBlob *cipherText, const bool encrypt)
281 {
282 switch (padding) {
283 #ifdef HKS_SUPPORT_DES_CBC_NOPADDING
284 case HKS_PADDING_NONE:
285 return DesCbcNoPaddingCryptFinal(cryptoCtx, message, encrypt, cipherText);
286 #endif
287 default:
288 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
289 return HKS_ERROR_INVALID_PADDING;
290 }
291 }
292
293 #ifdef HKS_SUPPORT_DES_ECB_NOPADDING
DesEcbNoPaddingCryptInitParam(const struct HksBlob * key,mbedtls_cipher_context_t * ecbCtx,const bool encrypt)294 static int32_t DesEcbNoPaddingCryptInitParam(const struct HksBlob *key, mbedtls_cipher_context_t *ecbCtx,
295 const bool encrypt)
296 {
297 const mbedtls_cipher_info_t *info =
298 mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
299 if (info == NULL) {
300 HKS_LOG_E("get cipher info from values failed!");
301 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
302 }
303 int32_t ret = mbedtls_cipher_setup(ecbCtx, info);
304 if (ret != HKS_MBEDTLS_SUCCESS) {
305 HKS_LOG_E("Mbedtls cipher setup failed ret = %" LOG_PUBLIC "d", ret);
306 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
307 }
308
309 ret = mbedtls_cipher_setkey(
310 ecbCtx, key->data, key->size * HKS_BITS_PER_BYTE, encrypt ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
311 if (ret != HKS_MBEDTLS_SUCCESS) {
312 HKS_LOG_E("Mbedtls setkey failed ret = %" LOG_PUBLIC "d", ret);
313 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
314 }
315
316 ret = mbedtls_cipher_set_iv(ecbCtx, NULL, 0);
317 if (ret != HKS_MBEDTLS_SUCCESS) {
318 HKS_LOG_E("Mbedtls set iv failed ret = %" LOG_PUBLIC "d", ret);
319 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
320 }
321 return HKS_SUCCESS;
322 }
323
DesEcbNoPaddingCryptInit(void ** cryptoCtx,const struct HksUsageSpec * usageSpec,const struct HksBlob * key,const bool encrypt)324 static int32_t DesEcbNoPaddingCryptInit(void **cryptoCtx, const struct HksUsageSpec *usageSpec,
325 const struct HksBlob *key, const bool encrypt)
326 {
327 mbedtls_cipher_context_t *ecbCtx = (mbedtls_cipher_context_t *)HksMalloc(sizeof(mbedtls_cipher_context_t));
328 HKS_IF_NULL_LOGE_RETURN(ecbCtx, HKS_ERROR_MALLOC_FAIL, "Ecb ecbCtx malloc fail")
329
330 mbedtls_cipher_init(ecbCtx);
331
332 int32_t ret = DesEcbNoPaddingCryptInitParam(key, ecbCtx, encrypt);
333 if (ret != HKS_SUCCESS) {
334 HKS_LOG_E("DesEcbNoPaddingCryptInitParam failed ret = %" LOG_PUBLIC "d", ret);
335 mbedtls_cipher_free(ecbCtx);
336 HKS_FREE(ecbCtx);
337 return ret;
338 }
339
340 ret = mbedtls_cipher_reset(ecbCtx);
341 if (ret != HKS_MBEDTLS_SUCCESS) {
342 HKS_LOG_E("Mbedtls reset failed ret = %" LOG_PUBLIC "d", ret);
343 mbedtls_cipher_free(ecbCtx);
344 HKS_FREE(ecbCtx);
345 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
346 }
347
348 struct HksMbedtlsDesCtx *outCtx = (struct HksMbedtlsDesCtx *)HksMalloc(sizeof(struct HksMbedtlsDesCtx));
349 if (outCtx == NULL) {
350 HKS_LOG_E("initialize outCtx fail");
351 mbedtls_cipher_free(ecbCtx);
352 HKS_FREE(ecbCtx);
353 return HKS_ERROR_MALLOC_FAIL;
354 }
355
356 outCtx->algType = usageSpec->algType;
357 outCtx->mode = usageSpec->mode;
358 outCtx->padding = usageSpec->padding;
359 outCtx->append = (void *)ecbCtx;
360 *cryptoCtx = (void *)outCtx;
361
362 return ret;
363 }
364
DesEcbNoPaddingData(mbedtls_cipher_context_t * ecbNoPadingctx,size_t blockSize,const struct HksBlob * message,struct HksBlob * cipherText,size_t * outLenTotal)365 static int32_t DesEcbNoPaddingData(mbedtls_cipher_context_t *ecbNoPadingctx, size_t blockSize,
366 const struct HksBlob *message, struct HksBlob *cipherText, size_t *outLenTotal)
367 {
368 int32_t ret;
369
370 uint8_t *tmpMessage = (uint8_t *)HksMalloc(blockSize);
371 HKS_IF_NULL_LOGE_RETURN(tmpMessage, HKS_ERROR_INSUFFICIENT_MEMORY, "EcbNoPaddingUpdate tmpMessage is null")
372
373 if (message->size <= blockSize) {
374 (void)memset_s(tmpMessage, blockSize, 0, blockSize);
375 (void)memcpy_s(tmpMessage, message->size, message->data, message->size);
376 ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, blockSize, cipherText->data, outLenTotal);
377 if (ret != HKS_MBEDTLS_SUCCESS) {
378 HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
379 HKS_FREE(tmpMessage);
380 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
381 }
382 } else {
383 uint32_t point = 0;
384 while (point < message->size) {
385 (void)memset_s(tmpMessage, blockSize, 0, blockSize);
386 uint32_t tmpSize = (message->size - point) >= blockSize ? blockSize : (message->size - point);
387 ret = memcpy_s(tmpMessage, blockSize, message->data + point, tmpSize);
388 if (ret != HKS_MBEDTLS_SUCCESS) {
389 HKS_LOG_E("copy data failed");
390 HKS_FREE(tmpMessage);
391 return HKS_ERROR_INSUFFICIENT_MEMORY;
392 }
393 size_t olen;
394 ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, tmpSize, cipherText->data + point, &olen);
395 if (ret != HKS_MBEDTLS_SUCCESS) {
396 HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
397 HKS_FREE(tmpMessage);
398 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
399 }
400 *outLenTotal += olen;
401 point += blockSize;
402 }
403 }
404 HKS_FREE(tmpMessage);
405 return HKS_SUCCESS;
406 }
407
GetDesEcbNoPaddingCtx(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,size_t * outLenTotal)408 static mbedtls_cipher_context_t *GetDesEcbNoPaddingCtx(void *cryptoCtx, const struct HksBlob *message,
409 struct HksBlob *cipherText, size_t *outLenTotal)
410 {
411 struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
412 mbedtls_cipher_context_t *ecbNoPadingctx = (mbedtls_cipher_context_t *)desCtx->append;
413 HKS_IF_NULL_LOGE_RETURN(ecbNoPadingctx, NULL, "EcbNoPaddingUpdate ecbNoPadingctx is null")
414
415 int32_t ret = HKS_SUCCESS;
416 do {
417 if (message == NULL) {
418 HKS_LOG_E("The message is null.");
419 ret = HKS_FAILURE;
420 break;
421 }
422
423 if (message->size != 0) {
424 size_t blockSize = mbedtls_cipher_get_block_size(ecbNoPadingctx);
425 HKS_LOG_E("Ecb No padding update!message.size[%" LOG_PUBLIC "d] blockSize[%" LOG_PUBLIC "d]",
426 message->size, blockSize);
427 if (blockSize == 0 || (message->size % blockSize != 0)) {
428 HKS_LOG_E("The size of message is invalid.");
429 ret = HKS_ERROR_INVALID_ARGUMENT;
430 break;
431 }
432
433 ret = DesEcbNoPaddingData(ecbNoPadingctx, blockSize, message, cipherText, outLenTotal);
434 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DesEcbNoPaddingData failed")
435 }
436 } while (0);
437
438 HKS_IF_NOT_SUCC_RETURN(ret, NULL)
439
440 return ecbNoPadingctx;
441 }
442
DesEcbNoPaddingCryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)443 static int32_t DesEcbNoPaddingCryptUpdate(void *cryptoCtx, const struct HksBlob *message,
444 struct HksBlob *cipherText)
445 {
446 size_t outLenTotal = 0;
447 HKS_IF_NULL_RETURN(GetDesEcbNoPaddingCtx(cryptoCtx, message, cipherText, &outLenTotal), HKS_ERROR_NULL_POINTER)
448
449 cipherText->size = outLenTotal;
450 return HKS_SUCCESS;
451 }
452
DesEcbNoPaddingCryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)453 static int32_t DesEcbNoPaddingCryptFinal(void **cryptoCtx, const struct HksBlob *message,
454 struct HksBlob *cipherText)
455 {
456 size_t outLenTotal = 0;
457 mbedtls_cipher_context_t *ecbNoPadingctx = GetDesEcbNoPaddingCtx(*cryptoCtx, message, cipherText, &outLenTotal);
458 if (ecbNoPadingctx == NULL) {
459 HKS_FREE(*cryptoCtx);
460 return HKS_ERROR_NULL_POINTER;
461 }
462
463 struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
464 size_t finishOlen;
465 size_t olen = outLenTotal;
466 int32_t ret = mbedtls_cipher_finish(ecbNoPadingctx, cipherText->data + olen, &finishOlen);
467 if (ret != HKS_MBEDTLS_SUCCESS) {
468 HKS_LOG_E("Mbedtls ecb nopadding crypt update failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
469 (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
470 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
471 } else {
472 cipherText->size = olen + finishOlen;
473 }
474
475 mbedtls_cipher_free(ecbNoPadingctx);
476 HKS_FREE(desCtx->append);
477 HKS_FREE(*cryptoCtx);
478
479 return ret;
480 }
481 #endif
482
483 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
DesEcbCryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)484 static int32_t DesEcbCryptInit(void **cryptoCtx, const struct HksBlob *key,
485 const struct HksUsageSpec *usageSpec, const bool encrypt)
486 {
487 switch (usageSpec->padding) {
488 #ifdef HKS_SUPPORT_DES_ECB_NOPADDING
489 case HKS_PADDING_NONE:
490 return DesEcbNoPaddingCryptInit(cryptoCtx, usageSpec, key, encrypt);
491 #endif
492 default:
493 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
494 return HKS_ERROR_INVALID_PADDING;
495 }
496 }
497
DesEcbCryptUpdate(void * cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText)498 static int32_t DesEcbCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
499 struct HksBlob *cipherText)
500 {
501 switch (padding) {
502 #ifdef HKS_SUPPORT_DES_ECB_NOPADDING
503 case HKS_PADDING_NONE:
504 return DesEcbNoPaddingCryptUpdate(cryptoCtx, message, cipherText);
505 #endif
506 default:
507 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
508 return HKS_ERROR_INVALID_PADDING;
509 }
510 }
511
DesEcbCryptFinal(void ** cryptoCtx,const uint8_t padding,const struct HksBlob * message,struct HksBlob * cipherText)512 static int32_t DesEcbCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
513 struct HksBlob *cipherText)
514 {
515 switch (padding) {
516 #ifdef HKS_SUPPORT_DES_ECB_NOPADDING
517 case HKS_PADDING_NONE:
518 return DesEcbNoPaddingCryptFinal(cryptoCtx, message, cipherText);
519 #endif
520 default:
521 HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
522 return HKS_ERROR_INVALID_PADDING;
523 }
524 }
525 #endif
526
HksMbedtlsDesEncryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)527 int32_t HksMbedtlsDesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
528 {
529 if (CheckKeySize(key) != HKS_SUCCESS || cryptoCtx == NULL || usageSpec == NULL) {
530 HKS_LOG_E("Invalid des keySiz = 0x%" LOG_PUBLIC "X", key->size);
531 return HKS_ERROR_INVALID_ARGUMENT;
532 }
533
534 switch (usageSpec->mode) {
535 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
536 case HKS_MODE_CBC:
537 return DesCbcCryptInit(cryptoCtx, key, usageSpec, true);
538 #endif
539 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
540 case HKS_MODE_ECB:
541 return DesEcbCryptInit(cryptoCtx, key, usageSpec, true);
542 #endif
543 default:
544 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
545 return HKS_ERROR_NOT_SUPPORTED;
546 }
547 }
548
HksMbedtlsDesEncryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)549 int32_t HksMbedtlsDesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
550 {
551 HKS_IF_NULL_LOGE_RETURN(cryptoCtx, HKS_ERROR_INVALID_ARGUMENT, "Mbedtls DES encrypt update param is null")
552
553 struct HksMbedtlsDesCtx *desEncryptCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
554
555 switch (desEncryptCtx->mode) {
556 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
557 case HKS_MODE_CBC:
558 return DesCbcCryptUpdate(cryptoCtx, desEncryptCtx->padding, message, cipherText, true);
559 #endif
560 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
561 case HKS_MODE_ECB:
562 return DesEcbCryptUpdate(cryptoCtx, desEncryptCtx->padding, message, cipherText);
563 #endif
564 default:
565 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desEncryptCtx->mode);
566 return HKS_ERROR_INVALID_ARGUMENT;
567 }
568 }
569
HksMbedtlsDesEncryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)570 int32_t HksMbedtlsDesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
571 {
572 struct HksMbedtlsDesCtx *desEncryptCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
573
574 switch (desEncryptCtx->mode) {
575 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
576 case HKS_MODE_CBC:
577 return DesCbcCryptFinal(cryptoCtx, desEncryptCtx->padding, message, cipherText, true);
578 #endif
579 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
580 case HKS_MODE_ECB:
581 return DesEcbCryptFinal(cryptoCtx, desEncryptCtx->padding, message, cipherText);
582 #endif
583 default:
584 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desEncryptCtx->mode);
585 return HKS_ERROR_INVALID_ARGUMENT;
586 }
587 }
588
HksMbedtlsDesDecryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)589 int32_t HksMbedtlsDesDecryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
590 {
591 HKS_IF_NOT_SUCC_LOGE_RETURN(
592 CheckKeySize(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid des keySize = 0x%" LOG_PUBLIC "X", key->size)
593
594 switch (usageSpec->mode) {
595 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
596 case HKS_MODE_CBC:
597 return DesCbcCryptInit(cryptoCtx, key, usageSpec, false);
598 #endif
599 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
600 case HKS_MODE_ECB:
601 return DesEcbCryptInit(cryptoCtx, key, usageSpec, false);
602 #endif
603 default:
604 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
605 return HKS_ERROR_INVALID_ARGUMENT;
606 }
607 }
608
HksMbedtlsDesDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)609 int32_t HksMbedtlsDesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
610 {
611 struct HksMbedtlsDesCtx *desDecryptCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
612 switch (desDecryptCtx->mode) {
613 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
614 case HKS_MODE_CBC:
615 return DesCbcCryptUpdate(cryptoCtx, desDecryptCtx->padding, message, cipherText, false);
616 #endif
617 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
618 case HKS_MODE_ECB:
619 return DesEcbCryptUpdate(cryptoCtx, desDecryptCtx->padding, message, cipherText);
620 #endif
621 default:
622 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desDecryptCtx->mode);
623 return HKS_ERROR_INVALID_ARGUMENT;
624 }
625 }
626
HksMbedtlsDesDecryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)627 int32_t HksMbedtlsDesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
628 {
629 struct HksMbedtlsDesCtx *desDecryptCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
630
631 switch (desDecryptCtx->mode) {
632 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
633 case HKS_MODE_CBC:
634 return DesCbcCryptFinal(cryptoCtx, desDecryptCtx->padding, message, cipherText, false);
635 #endif
636 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
637 case HKS_MODE_ECB:
638 return DesEcbCryptFinal(cryptoCtx, desDecryptCtx->padding, message, cipherText);
639 #endif
640 default:
641 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desDecryptCtx->mode);
642 return HKS_ERROR_INVALID_ARGUMENT;
643 }
644 }
645
HksMbedtlsDesCryptoInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool encrypt)646 int32_t HksMbedtlsDesCryptoInit(
647 void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
648 {
649 if (encrypt) {
650 return HksMbedtlsDesEncryptInit(cryptoCtx, key, usageSpec);
651 } else {
652 return HksMbedtlsDesDecryptInit(cryptoCtx, key, usageSpec);
653 }
654 }
655
HksMbedtlsDesCryptoUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)656 int32_t HksMbedtlsDesCryptoUpdate(
657 void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt)
658 {
659 if (encrypt) {
660 return HksMbedtlsDesEncryptUpdate(cryptoCtx, message, cipherText);
661 } else {
662 return HksMbedtlsDesDecryptUpdate(cryptoCtx, message, cipherText);
663 }
664 }
665
HksMbedtlsDesCryptoFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,const bool encrypt)666 int32_t HksMbedtlsDesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
667 const bool encrypt)
668 {
669 if (encrypt) {
670 return HksMbedtlsDesEncryptFinal(cryptoCtx, message, cipherText);
671 } else {
672 return HksMbedtlsDesDecryptFinal(cryptoCtx, message, cipherText);
673 }
674 }
675
676 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
HksMbedtlsDesHalModecbcFreeCtx(void ** cryptCtx)677 void HksMbedtlsDesHalModecbcFreeCtx(void **cryptCtx)
678 {
679 if (cryptCtx == NULL || *cryptCtx == NULL) {
680 HKS_LOG_E("FreeCtx cryptCtx param is null");
681 return;
682 }
683
684 struct HksMbedtlsDesCtx *mbedtlsDesCtx = (struct HksMbedtlsDesCtx *)*cryptCtx;
685 if (mbedtlsDesCtx->padding == HKS_PADDING_NONE) {
686 if (mbedtlsDesCtx->append != NULL) {
687 mbedtls_des_free((mbedtls_des_context *)(mbedtlsDesCtx->append));
688 HKS_FREE(mbedtlsDesCtx->append);
689 }
690 }
691 }
692 #endif
693
HksMbedtlsDesHalFreeCtx(void ** cryptCtx)694 void HksMbedtlsDesHalFreeCtx(void **cryptCtx)
695 {
696 if (cryptCtx == NULL || *cryptCtx == NULL) {
697 HKS_LOG_E("FreeCtx param context null");
698 return;
699 }
700
701 struct HksMbedtlsDesCtx *mbedtlsDesCtx = (struct HksMbedtlsDesCtx *)*cryptCtx;
702 switch (mbedtlsDesCtx->mode) {
703 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
704 case HKS_MODE_CBC:
705 HksMbedtlsDesHalModecbcFreeCtx(cryptCtx);
706 break;
707 #endif
708 default:
709 HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", mbedtlsDesCtx->mode);
710 break;
711 }
712 HKS_FREE(*cryptCtx);
713 }
714
715 #endif /* HKS_SUPPORT_DES_C */