1 /*
2 * Copyright (C) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "openssl_common.h"
17
18 #include "securec.h"
19
20 #include <string.h>
21 #include <openssl/err.h>
22 #include "config.h"
23 #include "log.h"
24 #include "memory.h"
25 #include "openssl_adapter.h"
26 #include "result.h"
27 #include "params_parser.h"
28 #include "utils.h"
29 #include "pri_key.h"
30
31 #define HCF_OPENSSL_DIGEST_NONE_STR "NONE"
32 #define HCF_OPENSSL_DIGEST_MD5_STR "MD5"
33 #define HCF_OPENSSL_DIGEST_SM3_STR "SM3"
34 #define HCF_OPENSSL_DIGEST_SHA1_STR "SHA1"
35 #define HCF_OPENSSL_DIGEST_SHA224_STR "SHA224"
36 #define HCF_OPENSSL_DIGEST_SHA256_STR "SHA256"
37 #define HCF_OPENSSL_DIGEST_SHA384_STR "SHA384"
38 #define HCF_OPENSSL_DIGEST_SHA512_STR "SHA512"
39 #define HCF_OPENSSL_MGF1 "MGF1"
40
41 static const uint32_t ASCII_CODE_ZERO = 48;
42
43 typedef struct {
44 int32_t bits; // keyLen
45 int32_t nid; // nid
46 char *groupName;
47 } NidTypeAlg;
48
49 static const NidTypeAlg NID_TYPE_MAP[] = {
50 { HCF_ALG_ECC_224, NID_secp224r1, "secp224r1" },
51 { HCF_ALG_ECC_256, NID_X9_62_prime256v1, "prime256v1" },
52 { HCF_ALG_ECC_384, NID_secp384r1, "secp384r1" },
53 { HCF_ALG_ECC_521, NID_secp521r1, "secp521r1" },
54 { HCF_ALG_SM2_256, NID_sm2, "sm2" },
55 { HCF_ALG_ECC_BP160R1, NID_brainpoolP160r1, "brainpoolP160r1" },
56 { HCF_ALG_ECC_BP160T1, NID_brainpoolP160t1, "brainpoolP160t1" },
57 { HCF_ALG_ECC_BP192R1, NID_brainpoolP192r1, "brainpoolP192r1" },
58 { HCF_ALG_ECC_BP192T1, NID_brainpoolP192t1, "brainpoolP192t1" },
59 { HCF_ALG_ECC_BP224R1, NID_brainpoolP224r1, "brainpoolP224r1" },
60 { HCF_ALG_ECC_BP224T1, NID_brainpoolP224t1, "brainpoolP224t1" },
61 { HCF_ALG_ECC_BP256R1, NID_brainpoolP256r1, "brainpoolP256r1" },
62 { HCF_ALG_ECC_BP256T1, NID_brainpoolP256t1, "brainpoolP256t1" },
63 { HCF_ALG_ECC_BP320R1, NID_brainpoolP320r1, "brainpoolP320r1" },
64 { HCF_ALG_ECC_BP320T1, NID_brainpoolP320t1, "brainpoolP320t1" },
65 { HCF_ALG_ECC_BP384R1, NID_brainpoolP384r1, "brainpoolP384r1" },
66 { HCF_ALG_ECC_BP384T1, NID_brainpoolP384t1, "brainpoolP384t1" },
67 { HCF_ALG_ECC_BP512R1, NID_brainpoolP512r1, "brainpoolP512r1" },
68 { HCF_ALG_ECC_BP512T1, NID_brainpoolP512t1, "brainpoolP512t1" },
69 { HCF_ALG_ECC_SECP256K1, NID_secp256k1, "secp256k1" },
70 };
71
72 typedef struct {
73 int32_t curveId;
74 char *curveName;
75 } CurveNameAlg;
76
77 static const CurveNameAlg CURVE_NAME_MAP[] = {
78 { NID_secp224r1, "NID_secp224r1" },
79 { NID_X9_62_prime256v1, "NID_X9_62_prime256v1" },
80 { NID_secp384r1, "NID_secp384r1" },
81 { NID_secp521r1, "NID_secp521r1" },
82 { NID_brainpoolP160r1, "NID_brainpoolP160r1" },
83 { NID_brainpoolP160t1, "NID_brainpoolP160t1" },
84 { NID_brainpoolP192r1, "NID_brainpoolP192r1" },
85 { NID_brainpoolP192t1, "NID_brainpoolP192t1" },
86 { NID_brainpoolP224r1, "NID_brainpoolP224r1" },
87 { NID_brainpoolP224t1, "NID_brainpoolP224t1" },
88 { NID_brainpoolP256r1, "NID_brainpoolP256r1" },
89 { NID_brainpoolP256t1, "NID_brainpoolP256t1" },
90 { NID_brainpoolP320r1, "NID_brainpoolP320r1" },
91 { NID_brainpoolP320t1, "NID_brainpoolP320t1" },
92 { NID_brainpoolP384r1, "NID_brainpoolP384r1" },
93 { NID_brainpoolP384t1, "NID_brainpoolP384t1" },
94 { NID_brainpoolP512r1, "NID_brainpoolP512r1" },
95 { NID_brainpoolP512t1, "NID_brainpoolP512t1" },
96 { NID_secp256k1, "NID_secp256k1" }
97 };
98
99 typedef struct {
100 int32_t bits;
101 char *algName;
102 } AlgNameType;
103
104 static const AlgNameType ALG_NAME_TYPE_MAP[] = {
105 { HCF_ALG_ECC_224, "ECC" },
106 { HCF_ALG_ECC_256, "ECC" },
107 { HCF_ALG_ECC_384, "ECC" },
108 { HCF_ALG_ECC_521, "ECC" },
109 { HCF_ALG_SM2_256, "SM2" },
110 { HCF_ALG_ECC_BP160R1, "ECC" },
111 { HCF_ALG_ECC_BP160T1, "ECC" },
112 { HCF_ALG_ECC_BP192R1, "ECC" },
113 { HCF_ALG_ECC_BP192T1, "ECC" },
114 { HCF_ALG_ECC_BP224R1, "ECC" },
115 { HCF_ALG_ECC_BP224T1, "ECC" },
116 { HCF_ALG_ECC_BP256R1, "ECC" },
117 { HCF_ALG_ECC_BP256T1, "ECC" },
118 { HCF_ALG_ECC_BP320R1, "ECC" },
119 { HCF_ALG_ECC_BP320T1, "ECC" },
120 { HCF_ALG_ECC_BP384R1, "ECC" },
121 { HCF_ALG_ECC_BP384T1, "ECC" },
122 { HCF_ALG_ECC_BP512R1, "ECC" },
123 { HCF_ALG_ECC_BP512T1, "ECC" },
124 { HCF_ALG_ECC_SECP256K1, "ECC" }
125 };
126
127 typedef struct {
128 int32_t formatValue;
129 int32_t formatType;
130 } FormatType;
131
132 static const FormatType FORMAT_TYPE_MAP[] = {
133 { HCF_UNCOMPRESSED_FORMAT_VALUE, POINT_CONVERSION_UNCOMPRESSED },
134 { HCF_COMPRESSED_FORMAT_VALUE, POINT_CONVERSION_COMPRESSED }
135 };
136
GetCurveNameByCurveId(int32_t curveId,char ** curveName)137 HcfResult GetCurveNameByCurveId(int32_t curveId, char **curveName)
138 {
139 if (curveName == NULL) {
140 LOGE("Invalid curveName");
141 return HCF_INVALID_PARAMS;
142 }
143 for (uint32_t i = 0; i < sizeof(CURVE_NAME_MAP) / sizeof(CURVE_NAME_MAP[0]); i++) {
144 if (CURVE_NAME_MAP[i].curveId == curveId) {
145 *curveName = CURVE_NAME_MAP[i].curveName;
146 return HCF_SUCCESS;
147 }
148 }
149 LOGE("Invalid curve id:%{public}d", curveId);
150 return HCF_INVALID_PARAMS;
151 }
152
GetNidByCurveNameValue(int32_t curveNameValue,int32_t * nid)153 HcfResult GetNidByCurveNameValue(int32_t curveNameValue, int32_t *nid)
154 {
155 if (nid == NULL) {
156 LOGE("Invalid nid");
157 return HCF_INVALID_PARAMS;
158 }
159 for (uint32_t i = 0; i < sizeof(NID_TYPE_MAP) / sizeof(NID_TYPE_MAP[0]); i++) {
160 if (NID_TYPE_MAP[i].bits == curveNameValue) {
161 *nid = NID_TYPE_MAP[i].nid;
162 return HCF_SUCCESS;
163 }
164 }
165 LOGE("Invalid curveNameValue value: %{public}d", curveNameValue);
166 return HCF_INVALID_PARAMS;
167 }
168
GetGroupNameByNid(int32_t nid,char ** groupName)169 HcfResult GetGroupNameByNid(int32_t nid, char **groupName)
170 {
171 if (groupName == NULL) {
172 LOGE("Invalid groupName");
173 return HCF_INVALID_PARAMS;
174 }
175 for (uint32_t i = 0; i < sizeof(NID_TYPE_MAP) / sizeof(NID_TYPE_MAP[0]); i++) {
176 if (NID_TYPE_MAP[i].nid == nid) {
177 *groupName = NID_TYPE_MAP[i].groupName;
178 return HCF_SUCCESS;
179 }
180 }
181 LOGE("Invalid nid:%{public}d", nid);
182 return HCF_INVALID_PARAMS;
183 }
184
GetFormatTypeByFormatValue(int32_t formatValue,int32_t * formatType)185 HcfResult GetFormatTypeByFormatValue(int32_t formatValue, int32_t *formatType)
186 {
187 if (formatType == NULL) {
188 LOGE("Invalid formatType");
189 return HCF_INVALID_PARAMS;
190 }
191 for (uint32_t i = 0; i < sizeof(FORMAT_TYPE_MAP) / sizeof(FORMAT_TYPE_MAP[0]); i++) {
192 if (FORMAT_TYPE_MAP[i].formatValue == formatValue) {
193 *formatType = FORMAT_TYPE_MAP[i].formatType;
194 return HCF_SUCCESS;
195 }
196 }
197 LOGE("Invalid format value: %{public}d", formatValue);
198 return HCF_INVALID_PARAMS;
199 }
200
GetAlgNameByBits(int32_t keyLen,char ** algName)201 HcfResult GetAlgNameByBits(int32_t keyLen, char **algName)
202 {
203 if (algName == NULL) {
204 LOGE("Invalid algName");
205 return HCF_INVALID_PARAMS;
206 }
207 for (uint32_t i = 0; i < sizeof(ALG_NAME_TYPE_MAP) / sizeof(ALG_NAME_TYPE_MAP[0]); i++) {
208 if (ALG_NAME_TYPE_MAP[i].bits == keyLen) {
209 size_t srcAlgNameLen = HcfStrlen(ALG_NAME_TYPE_MAP[i].algName);
210 if (srcAlgNameLen == 0) {
211 LOGE("algName is empty!");
212 return HCF_ERR_MALLOC;
213 }
214 *algName = (char *)HcfMalloc(srcAlgNameLen + 1, 0);
215 if (*algName == NULL) {
216 LOGE("algName malloc failed.");
217 return HCF_ERR_MALLOC;
218 }
219 if (memcpy_s(*algName, srcAlgNameLen, ALG_NAME_TYPE_MAP[i].algName, srcAlgNameLen) != EOK) {
220 LOGE("memcpy algName failed.");
221 HcfFree(*algName);
222 *algName = NULL;
223 return HCF_ERR_MALLOC;
224 }
225 return HCF_SUCCESS;
226 }
227 }
228 LOGD("[error] Invalid key size:%d", keyLen);
229 return HCF_INVALID_PARAMS;
230 }
231
GetOpensslCurveId(int32_t keyLen,int32_t * returnCurveId)232 HcfResult GetOpensslCurveId(int32_t keyLen, int32_t *returnCurveId)
233 {
234 if (returnCurveId == NULL) {
235 LOGE("Invalid algName");
236 return HCF_INVALID_PARAMS;
237 }
238 for (uint32_t i = 0; i < sizeof(NID_TYPE_MAP) / sizeof(NID_TYPE_MAP[0]); i++) {
239 if (NID_TYPE_MAP[i].bits == keyLen) {
240 *returnCurveId = NID_TYPE_MAP[i].nid;
241 return HCF_SUCCESS;
242 }
243 }
244 LOGE("invalid key size:%{public}d", keyLen);
245 return HCF_INVALID_PARAMS;
246 }
247
GetOpensslDigestAlg(uint32_t alg,EVP_MD ** digestAlg)248 HcfResult GetOpensslDigestAlg(uint32_t alg, EVP_MD **digestAlg)
249 {
250 if (digestAlg == NULL) {
251 LOGE("Invalid MD pointer");
252 return HCF_INVALID_PARAMS;
253 }
254 switch (alg) {
255 case HCF_OPENSSL_DIGEST_NONE:
256 *digestAlg = NULL;
257 break;
258 case HCF_OPENSSL_DIGEST_MD5:
259 *digestAlg = (EVP_MD *)EVP_md5();
260 break;
261 case HCF_OPENSSL_DIGEST_SM3:
262 *digestAlg = (EVP_MD *)EVP_sm3();
263 break;
264 case HCF_OPENSSL_DIGEST_SHA1:
265 *digestAlg = (EVP_MD *)EVP_sha1();
266 break;
267 case HCF_OPENSSL_DIGEST_SHA224:
268 *digestAlg = (EVP_MD *)EVP_sha224();
269 break;
270 case HCF_OPENSSL_DIGEST_SHA256:
271 *digestAlg = (EVP_MD *)EVP_sha256();
272 break;
273 case HCF_OPENSSL_DIGEST_SHA384:
274 *digestAlg = (EVP_MD *)EVP_sha384();
275 break;
276 case HCF_OPENSSL_DIGEST_SHA512:
277 *digestAlg = (EVP_MD *)EVP_sha512();
278 break;
279 default:
280 LOGD("[error] Invalid digest num is %u.", alg);
281 return HCF_INVALID_PARAMS;
282 }
283 return HCF_SUCCESS;
284 }
285
GetRsaSpecStringMd(const HcfAlgParaValue md,char ** returnString)286 HcfResult GetRsaSpecStringMd(const HcfAlgParaValue md, char **returnString)
287 {
288 if (returnString == NULL) {
289 LOGE("return string is null");
290 return HCF_INVALID_PARAMS;
291 }
292 char *tmp = NULL;
293 switch (md) {
294 case HCF_OPENSSL_DIGEST_MD5:
295 tmp = HCF_OPENSSL_DIGEST_MD5_STR;
296 break;
297 case HCF_OPENSSL_DIGEST_SM3:
298 tmp = HCF_OPENSSL_DIGEST_SM3_STR;
299 break;
300 case HCF_OPENSSL_DIGEST_SHA1:
301 tmp = HCF_OPENSSL_DIGEST_SHA1_STR;
302 break;
303 case HCF_OPENSSL_DIGEST_SHA224:
304 tmp = HCF_OPENSSL_DIGEST_SHA224_STR;
305 break;
306 case HCF_OPENSSL_DIGEST_SHA256:
307 tmp = HCF_OPENSSL_DIGEST_SHA256_STR;
308 break;
309 case HCF_OPENSSL_DIGEST_SHA384:
310 tmp = HCF_OPENSSL_DIGEST_SHA384_STR;
311 break;
312 case HCF_OPENSSL_DIGEST_SHA512:
313 tmp = HCF_OPENSSL_DIGEST_SHA512_STR;
314 break;
315 default:
316 LOGE("Invalid digest num is %{public}u.", md);
317 return HCF_INVALID_PARAMS;
318 }
319 size_t mdLen = HcfStrlen(tmp);
320 if (mdLen == 0) {
321 LOGE("mdLen is empty!");
322 return HCF_ERR_MALLOC;
323 }
324 char *mdStr = (char *)HcfMalloc(mdLen + 1, 0);
325 if (mdStr == NULL) {
326 LOGE("Failed to allocate md name memory");
327 return HCF_ERR_MALLOC;
328 }
329 (void)memcpy_s(mdStr, mdLen, tmp, mdLen);
330 *returnString = mdStr;
331 return HCF_SUCCESS;
332 }
333
GetRsaSpecStringMGF(char ** returnString)334 HcfResult GetRsaSpecStringMGF(char **returnString)
335 {
336 if (returnString == NULL) {
337 LOGE("return string is null");
338 return HCF_INVALID_PARAMS;
339 }
340 size_t mgf1Len = HcfStrlen(HCF_OPENSSL_MGF1);
341 if (mgf1Len == 0) {
342 LOGE("mgf1Len is empty!");
343 return HCF_ERR_MALLOC;
344 }
345 char *mgf1Str = (char *)HcfMalloc(mgf1Len + 1, 0);
346 if (mgf1Str == NULL) {
347 LOGE("Failed to allocate mgf1 name memory");
348 return HCF_ERR_MALLOC;
349 }
350 (void)memcpy_s(mgf1Str, mgf1Len, HCF_OPENSSL_MGF1, mgf1Len);
351 *returnString = mgf1Str;
352 return HCF_SUCCESS;
353 }
354
GetSm2SpecStringSm3(char ** returnString)355 HcfResult GetSm2SpecStringSm3(char **returnString)
356 {
357 if (returnString == NULL) {
358 LOGE("return string is null");
359 return HCF_INVALID_PARAMS;
360 }
361 size_t sm2Len = HcfStrlen(HCF_OPENSSL_DIGEST_SM3_STR);
362 if (sm2Len == 0) {
363 LOGE("sm2Len is empty!");
364 return HCF_ERR_MALLOC;
365 }
366 char *sm2Str = (char *)HcfMalloc(sm2Len + 1, 0);
367 if (sm2Str == NULL) {
368 LOGE("Failed to allocate sm2 name memory");
369 return HCF_ERR_MALLOC;
370 }
371 if (memcpy_s(sm2Str, sm2Len, HCF_OPENSSL_DIGEST_SM3_STR, sm2Len) != EOK) {
372 LOGE("memcpy sm2Str failed.");
373 HcfFree(sm2Str);
374 sm2Str = NULL;
375 return HCF_ERR_MALLOC;
376 }
377 *returnString = sm2Str;
378 return HCF_SUCCESS;
379 }
380
HcfPrintOpensslError(void)381 void HcfPrintOpensslError(void)
382 {
383 char szErr[LOG_PRINT_MAX_LEN] = {0}; // Then maximum length of the OpenSSL error string is 256.
384 unsigned long errCode;
385
386 errCode = ERR_get_error();
387 ERR_error_string_n(errCode, szErr, LOG_PRINT_MAX_LEN);
388
389 LOGD("[error] [Openssl]: engine fail, error code = %lu, error string = %s", errCode, szErr);
390 }
391
GetOpensslPadding(int32_t padding,int32_t * opensslPadding)392 HcfResult GetOpensslPadding(int32_t padding, int32_t *opensslPadding)
393 {
394 if (opensslPadding == NULL) {
395 LOGE("return openssl padding pointer is null");
396 return HCF_INVALID_PARAMS;
397 }
398 switch (padding) {
399 case HCF_ALG_NOPADDING:
400 *opensslPadding = RSA_NO_PADDING;
401 return HCF_SUCCESS;
402
403 case HCF_OPENSSL_RSA_PKCS1_PADDING:
404 *opensslPadding = RSA_PKCS1_PADDING;
405 return HCF_SUCCESS;
406
407 case HCF_OPENSSL_RSA_PKCS1_OAEP_PADDING:
408 *opensslPadding = RSA_PKCS1_OAEP_PADDING;
409 return HCF_SUCCESS;
410
411 case HCF_OPENSSL_RSA_PSS_PADDING:
412 *opensslPadding = RSA_PKCS1_PSS_PADDING;
413 return HCF_SUCCESS;
414
415 default:
416 LOGD("[error] Invalid framwork padding = %d", padding);
417 return HCF_INVALID_PARAMS;
418 }
419 }
420
IsBigEndian(void)421 bool IsBigEndian(void)
422 {
423 uint32_t *pointer = (uint32_t *)&ASCII_CODE_ZERO;
424 char firstChar = *((char *)pointer);
425 if (firstChar == '0') {
426 return false;
427 } else {
428 return true;
429 }
430 }
431
BigIntegerToBigNum(const HcfBigInteger * src,BIGNUM ** dest)432 HcfResult BigIntegerToBigNum(const HcfBigInteger *src, BIGNUM **dest)
433 {
434 if (src == NULL || dest == NULL) {
435 LOGE("Invalid input parameter.");
436 return HCF_INVALID_PARAMS;
437 }
438
439 if (IsBigEndian()) {
440 *dest = OpensslBin2Bn((src->data), (src->len), *dest);
441 } else {
442 *dest = OpensslLeBin2Bn((src->data), (src->len), *dest);
443 }
444
445 if (*dest == NULL) {
446 LOGD("[error] translate BigInteger to BIGNUM failed.");
447 HcfPrintOpensslError();
448 return HCF_ERR_CRYPTO_OPERATION;
449 }
450 return HCF_SUCCESS;
451 }
452
BigNumToBigIntegerSecp256k1(const BIGNUM * src,HcfBigInteger * dest)453 HcfResult BigNumToBigIntegerSecp256k1(const BIGNUM *src, HcfBigInteger *dest)
454 {
455 if (src == NULL || dest == NULL) {
456 LOGE("Invalid input parameter.");
457 return HCF_INVALID_PARAMS;
458 }
459 int len = 1;
460 dest->data = (unsigned char *)HcfMalloc(len, 0);
461 if (dest->data == NULL) {
462 LOGE("Alloc dest->data memeory failed.");
463 return HCF_ERR_MALLOC;
464 }
465 dest->len = len;
466 dest->data[0] = 0;
467 return HCF_SUCCESS;
468 }
469
BigNumToBigInteger(const BIGNUM * src,HcfBigInteger * dest)470 HcfResult BigNumToBigInteger(const BIGNUM *src, HcfBigInteger *dest)
471 {
472 if (src == NULL || dest == NULL) {
473 LOGE("Invalid input parameter.");
474 return HCF_INVALID_PARAMS;
475 }
476
477 int len = OpensslBnNumBytes(src);
478 if (len <= 0) {
479 LOGD("[error] Invalid input parameter.");
480 HcfPrintOpensslError();
481 return HCF_ERR_CRYPTO_OPERATION;
482 }
483 dest->data = (unsigned char *)HcfMalloc(len, 0);
484 if (dest->data == NULL) {
485 LOGE("Alloc dest->data memeory failed.");
486 return HCF_ERR_MALLOC;
487 }
488 dest->len = len;
489
490 int resLen = -1;
491 if (IsBigEndian()) {
492 resLen = OpensslBn2BinPad(src, dest->data, dest->len);
493 } else {
494 resLen = OpensslBn2LeBinPad(src, dest->data, dest->len);
495 }
496
497 if (resLen != len) {
498 LOGD("[error] translate BIGNUM to BigInteger failed.");
499 HcfPrintOpensslError();
500 HcfFree(dest->data);
501 dest->data = NULL;
502 dest->len = 0;
503 return HCF_ERR_CRYPTO_OPERATION;
504 }
505 return HCF_SUCCESS;
506 }
507
KeyDerive(EVP_PKEY * priKey,EVP_PKEY * pubKey,HcfBlob * returnSecret)508 HcfResult KeyDerive(EVP_PKEY *priKey, EVP_PKEY *pubKey, HcfBlob *returnSecret)
509 {
510 EVP_PKEY_CTX *ctx = OpensslEvpPkeyCtxNew(priKey, NULL);
511 if (ctx == NULL) {
512 LOGD("[error] EVP_PKEY_CTX_new failed!");
513 HcfPrintOpensslError();
514 return HCF_ERR_CRYPTO_OPERATION;
515 }
516 HcfResult ret = HCF_ERR_CRYPTO_OPERATION;
517 do {
518 if (OpensslEvpPkeyDeriveInit(ctx) != HCF_OPENSSL_SUCCESS) {
519 LOGD("[error] Evp key derive init failed!");
520 HcfPrintOpensslError();
521 break;
522 }
523 if (OpensslEvpPkeyDeriveSetPeer(ctx, pubKey) != HCF_OPENSSL_SUCCESS) {
524 LOGD("[error] Evp key derive set peer failed!");
525 HcfPrintOpensslError();
526 break;
527 }
528 size_t maxLen;
529 if (OpensslEvpPkeyDerive(ctx, NULL, &maxLen) != HCF_OPENSSL_SUCCESS) {
530 LOGD("[error] Evp key derive failed!");
531 HcfPrintOpensslError();
532 break;
533 }
534 uint8_t *secretData = (uint8_t *)HcfMalloc(maxLen, 0);
535 if (secretData == NULL) {
536 LOGE("Failed to allocate secretData memory!");
537 ret = HCF_ERR_MALLOC;
538 break;
539 }
540
541 if (OpensslEvpPkeyDerive(ctx, secretData, &maxLen) != HCF_OPENSSL_SUCCESS) {
542 LOGD("[error] Evp key derive failed!");
543 HcfPrintOpensslError();
544 HcfFree(secretData);
545 secretData = NULL;
546 break;
547 }
548
549 returnSecret->data = secretData;
550 returnSecret->len = maxLen;
551 ret = HCF_SUCCESS;
552 } while (0);
553 OpensslEvpPkeyCtxFree(ctx);
554 return ret;
555 }
556
GetKeyEncodedPem(EVP_PKEY * pkey,const char * outPutStruct,int selection,char ** returnString)557 HcfResult GetKeyEncodedPem(EVP_PKEY *pkey, const char *outPutStruct, int selection, char **returnString)
558 {
559 OSSL_ENCODER_CTX *ctx = OpensslOsslEncoderCtxNewForPkey(pkey, selection, "PEM", outPutStruct, NULL);
560 if (ctx == NULL) {
561 LOGE("OSSL_ENCODER_CTX_new_for_pkey failed.");
562 HcfPrintOpensslError();
563 return HCF_ERR_CRYPTO_OPERATION;
564 }
565
566 unsigned char *data = NULL;
567 size_t dataLen = 0;
568 if (OpensslOsslEncoderToData(ctx, &data, &dataLen) != HCF_OPENSSL_SUCCESS) {
569 HcfPrintOpensslError();
570 OpensslOsslEncoderCtxFree(ctx);
571 return HCF_ERR_CRYPTO_OPERATION;
572 }
573 *returnString = (char *)data;
574 OpensslOsslEncoderCtxFree(ctx);
575 return HCF_SUCCESS;
576 }
577
ConvertPubPemStrToKey(EVP_PKEY ** pkey,const char * keyType,int selection,const char * keyStr)578 HcfResult ConvertPubPemStrToKey(EVP_PKEY **pkey, const char *keyType, int selection, const char *keyStr)
579 {
580 OSSL_DECODER_CTX *ctx = OpensslOsslDecoderCtxNewForPkey(pkey, "PEM", NULL, keyType, selection, NULL, NULL);
581 if (ctx == NULL) {
582 LOGE("Failed to init pem public key decoder ctx.");
583 HcfPrintOpensslError();
584 return HCF_ERR_CRYPTO_OPERATION;
585 }
586 size_t pdataLen = strlen(keyStr);
587 const unsigned char *pdata = (const unsigned char *)keyStr;
588 int ret = OpensslOsslDecoderFromData(ctx, &pdata, &pdataLen);
589 OpensslOsslDecoderCtxFree(ctx);
590 if (ret != HCF_OPENSSL_SUCCESS) {
591 LOGE("Failed to decode public key from pem data.");
592 HcfPrintOpensslError();
593 return HCF_ERR_CRYPTO_OPERATION;
594 }
595 return HCF_SUCCESS;
596 }
597
PrivateKeyReadNullCb(char * buf,int size,int rwflag,void * userdata)598 int PrivateKeyReadNullCb(char *buf, int size, int rwflag, void *userdata)
599 {
600 LOGE("Failed to read private key from bio.");
601 return -1;
602 }
603
ConvertPriPemStrToKey(const char * keyStr,EVP_PKEY ** pkey,const char * keyType)604 HcfResult ConvertPriPemStrToKey(const char *keyStr, EVP_PKEY **pkey, const char *keyType)
605 {
606 BIO *bio = OpensslBioNew(OpensslBioSMem());
607 if (bio == NULL) {
608 LOGE("Failed to init bio.");
609 HcfPrintOpensslError();
610 return HCF_ERR_CRYPTO_OPERATION;
611 }
612
613 if (OpensslBioWrite(bio, keyStr, strlen(keyStr)) <= 0) {
614 OpensslBioFreeAll(bio);
615 LOGE("Failed to write pem private key to bio");
616 HcfPrintOpensslError();
617 return HCF_ERR_CRYPTO_OPERATION;
618 }
619
620 EVP_PKEY *pkeyRet = OpensslPemReadBioPrivateKey(bio, pkey, PrivateKeyReadNullCb, NULL);
621 OpensslBioFreeAll(bio);
622 if (pkeyRet == NULL) {
623 LOGE("Failed to read private key from bio");
624 HcfPrintOpensslError();
625 return HCF_ERR_CRYPTO_OPERATION;
626 }
627
628 if (OpensslEvpPkeyIsA(*pkey, keyType) != HCF_OPENSSL_SUCCESS) {
629 LOGE("Private key type does not match current alg [%{public}s].", keyType);
630 OpensslEvpPkeyFree(*pkey);
631 return HCF_INVALID_PARAMS;
632 }
633
634 return HCF_SUCCESS;
635 }
636