1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define HUKS_DISABLE_LOG_AT_FILE_TO_REDUCE_ROM_SIZE
16
17 #ifdef HKS_CONFIG_FILE
18 #include HKS_CONFIG_FILE
19 #else
20 #include "hks_config.h"
21 #endif
22
23 #include "hks_crypto_adapter.h"
24
25 #include <stddef.h>
26
27 #include "hks_common_check.h"
28 #include "hks_log.h"
29 #include "hks_mem.h"
30 #include "hks_param.h"
31 #include "hks_template.h"
32 #include "securec.h"
33
HksFillKeySpec(const struct HksParamSet * paramSet,struct HksKeySpec * spec)34 void HksFillKeySpec(const struct HksParamSet *paramSet, struct HksKeySpec *spec)
35 {
36 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
37 switch (paramSet->params[i].tag) {
38 case HKS_TAG_ALGORITHM:
39 spec->algType = paramSet->params[i].uint32Param;
40 break;
41 case HKS_TAG_KEY_SIZE:
42 spec->keyLen = paramSet->params[i].uint32Param;
43 break;
44 default:
45 break;
46 }
47 }
48 }
49
HksFillUsageSpec(const struct HksParamSet * paramSet,struct HksUsageSpec * usageSpec)50 void HksFillUsageSpec(const struct HksParamSet *paramSet, struct HksUsageSpec *usageSpec)
51 {
52 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
53 switch (paramSet->params[i].tag) {
54 case HKS_TAG_ALGORITHM:
55 usageSpec->algType = paramSet->params[i].uint32Param;
56 break;
57 case HKS_TAG_PADDING:
58 usageSpec->padding = paramSet->params[i].uint32Param;
59 break;
60 case HKS_TAG_DIGEST:
61 usageSpec->digest = paramSet->params[i].uint32Param;
62 break;
63 case HKS_TAG_BLOCK_MODE:
64 usageSpec->mode = paramSet->params[i].uint32Param;
65 break;
66 case HKS_TAG_PURPOSE:
67 usageSpec->purpose = paramSet->params[i].uint32Param;
68 break;
69 case HKS_TAG_MGF_DIGEST:
70 usageSpec->mgfDigest = paramSet->params[i].uint32Param;
71 break;
72 default:
73 break;
74 }
75 }
76 usageSpec->algParam = NULL;
77 }
78
HksFreeUsageSpec(struct HksUsageSpec ** usageSpec)79 void HksFreeUsageSpec(struct HksUsageSpec **usageSpec)
80 {
81 if ((usageSpec == NULL) || (*usageSpec == NULL)) {
82 return;
83 }
84
85 if ((*usageSpec)->algParam != NULL) {
86 HKS_FREE((*usageSpec)->algParam);
87 }
88 HKS_FREE(*usageSpec);
89 }
90
HksFillKeyDerivationParam(const struct HksParamSet * paramSet,struct HksKeyDerivationParam * param)91 void HksFillKeyDerivationParam(const struct HksParamSet *paramSet, struct HksKeyDerivationParam *param)
92 {
93 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
94 switch (paramSet->params[i].tag) {
95 case HKS_TAG_DIGEST:
96 param->digestAlg = paramSet->params[i].uint32Param;
97 break;
98 case HKS_TAG_SALT:
99 param->salt = paramSet->params[i].blob;
100 break;
101 case HKS_TAG_INFO:
102 param->info = paramSet->params[i].blob;
103 break;
104 case HKS_TAG_ITERATION:
105 param->iterations = paramSet->params[i].uint32Param;
106 break;
107 default:
108 break;
109 }
110 }
111 }
112
HksFillAeadParam(const struct HksParamSet * paramSet,struct HksBlob * inputText,struct HksUsageSpec * usageSpec,bool isEncrypt)113 int32_t HksFillAeadParam(
114 const struct HksParamSet *paramSet, struct HksBlob *inputText, struct HksUsageSpec *usageSpec, bool isEncrypt)
115 {
116 struct HksParam *nonceParam = NULL;
117 int32_t ret = HksGetParam(paramSet, HKS_TAG_NONCE, &nonceParam);
118 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksFillAeadParam get nonce param failed!")
119
120 struct HksParam emptyAadParam = {
121 .tag = HKS_TAG_ASSOCIATED_DATA,
122 .blob = {
123 .size = 0,
124 .data = NULL
125 }
126 };
127 struct HksParam *aadParam = NULL;
128 ret = HksGetParam(paramSet, HKS_TAG_ASSOCIATED_DATA, &aadParam);
129 if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
130 HKS_LOG_W("HksFillAeadParam no input aad, do not use aad");
131 aadParam = &emptyAadParam;
132 } else if (ret != HKS_SUCCESS) {
133 HKS_LOG_E("HksFillAeadParam get aad param failed!");
134 return ret;
135 }
136
137 struct HksParam tagParam;
138 if (!isEncrypt) {
139 if (inputText->size <= HKS_AE_TAG_LEN) {
140 HKS_LOG_E("too small inputText size");
141 return HKS_ERROR_INVALID_ARGUMENT;
142 }
143 inputText->size -= HKS_AE_TAG_LEN;
144
145 tagParam.blob.size = HKS_AE_TAG_LEN;
146 tagParam.blob.data = inputText->data + inputText->size;
147 }
148
149 struct HksAeadParam *aeadParam = (struct HksAeadParam *)HksMalloc(sizeof(struct HksAeadParam));
150 HKS_IF_NULL_LOGE_RETURN(aeadParam, HKS_ERROR_MALLOC_FAIL, "aeadParam malloc failed!")
151
152 if (!isEncrypt) {
153 aeadParam->tagDec = tagParam.blob;
154 } else {
155 aeadParam->tagLenEnc = HKS_AE_TAG_LEN;
156 }
157
158 aeadParam->nonce = nonceParam->blob;
159 aeadParam->aad = aadParam->blob;
160 aeadParam->payloadLen = 0;
161 usageSpec->algParam = aeadParam;
162 return HKS_SUCCESS;
163 }
164
HksFillIvParam(const struct HksParamSet * paramSet,struct HksUsageSpec * usageSpec)165 int32_t HksFillIvParam(const struct HksParamSet *paramSet, struct HksUsageSpec *usageSpec)
166 {
167 struct HksParam *ivParam = NULL;
168 int32_t ret = HksGetParam(paramSet, HKS_TAG_IV, &ivParam);
169 if (ret != HKS_SUCCESS && usageSpec->mode == HKS_MODE_ECB) {
170 return HKS_SUCCESS;
171 }
172 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher get iv param failed!")
173
174 struct HksCipherParam *param = (struct HksCipherParam *)HksMalloc(sizeof(struct HksCipherParam));
175 HKS_IF_NULL_LOGE_RETURN(param, HKS_ERROR_MALLOC_FAIL, "param malloc failed!")
176
177 param->iv = ivParam->blob;
178 usageSpec->algParam = param;
179 return HKS_SUCCESS;
180 }
181
HksIsAlgorithmSm4(const struct HksParamSet * paramSet)182 static bool HksIsAlgorithmSm4(const struct HksParamSet *paramSet)
183 {
184 struct HksParam *algParam = NULL;
185 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
186 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check sm4 get alg param failed!")
187 return (algParam->uint32Param == HKS_ALG_SM4);
188 }
189
190 #ifdef HKS_SUPPORT_3DES_C
HksIsNeedIv3DES(const struct HksParamSet * paramSet)191 static bool HksIsNeedIv3DES(const struct HksParamSet *paramSet)
192 {
193 struct HksParam *algParam = NULL;
194 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
195 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check 3DES get alg param failed!")
196
197 struct HksParam *modeParam = NULL;
198 ret = HksGetParam(paramSet, HKS_TAG_BLOCK_MODE, &modeParam);
199 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check 3DES get block mode param failed!")
200
201 return ((algParam->uint32Param == HKS_ALG_3DES) && (modeParam->uint32Param == HKS_MODE_CBC));
202 }
203 #endif
204
205 #ifdef HKS_SUPPORT_DES_C
HksIsNeedIvDES(const struct HksParamSet * paramSet)206 static bool HksIsNeedIvDES(const struct HksParamSet *paramSet)
207 {
208 struct HksParam *algParam = NULL;
209 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
210 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check DES get alg param failed!")
211
212 struct HksParam *modeParam = NULL;
213 ret = HksGetParam(paramSet, HKS_TAG_BLOCK_MODE, &modeParam);
214 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check DES get block mode param failed!")
215
216 return ((algParam->uint32Param == HKS_ALG_DES) && (modeParam->uint32Param == HKS_MODE_CBC));
217 }
218 #endif
219
HksBuildCipherUsageSpec(const struct HksParamSet * paramSet,bool isEncrypt,struct HksBlob * inputText,struct HksUsageSpec ** outUsageSpec)220 int32_t HksBuildCipherUsageSpec(
221 const struct HksParamSet *paramSet, bool isEncrypt, struct HksBlob *inputText, struct HksUsageSpec **outUsageSpec)
222 {
223 bool isAes = false;
224 bool isAeMode = false;
225 int32_t ret = HksCheckAesAeMode(paramSet, &isAes, &isAeMode);
226 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get aeMode failed!")
227
228 struct HksUsageSpec *usageSpec = (struct HksUsageSpec *)HksMalloc(sizeof(struct HksUsageSpec));
229 HKS_IF_NULL_LOGE_RETURN(usageSpec, HKS_ERROR_MALLOC_FAIL, "cipher usageSpec malloc failed!")
230
231 HksFillUsageSpec(paramSet, usageSpec);
232
233 if (usageSpec->algType == HKS_ALG_RSA && usageSpec->digest == HKS_DIGEST_NONE) {
234 usageSpec->digest = HKS_DIGEST_SHA1;
235 }
236
237 if (HksIsAlgorithmSm4(paramSet)) { // is sm4
238 ret = HksFillIvParam(paramSet, usageSpec);
239 #ifdef HKS_SUPPORT_3DES_C
240 } else if (HksIsNeedIv3DES(paramSet)) { // is 3des
241 ret = HksFillIvParam(paramSet, usageSpec);
242 #endif
243 #ifdef HKS_SUPPORT_DES_C
244 } else if (HksIsNeedIvDES(paramSet)) { // is des
245 ret = HksFillIvParam(paramSet, usageSpec);
246 #endif
247 } else if (!isAes) { // not sm4, not aes
248 *outUsageSpec = usageSpec;
249 return HKS_SUCCESS;
250 } else if (isAeMode) { // is aes, is ae mode
251 ret = HksFillAeadParam(paramSet, inputText, usageSpec, isEncrypt);
252 } else { // is aes, not ae mode
253 ret = HksFillIvParam(paramSet, usageSpec);
254 }
255
256 if (ret != HKS_SUCCESS) {
257 HksFreeUsageSpec(&usageSpec);
258 HKS_LOG_E("fill[%" LOG_PUBLIC "x] param failed!", isAeMode);
259 return ret;
260 }
261
262 *outUsageSpec = usageSpec;
263 return HKS_SUCCESS;
264 }
265
HksGetEncryptAeTag(const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData,struct HksBlob * tagAead)266 int32_t HksGetEncryptAeTag(
267 const struct HksParamSet *paramSet, const struct HksBlob *inData, struct HksBlob *outData, struct HksBlob *tagAead)
268 {
269 bool isAes = false;
270 bool isAeMode = false;
271 int32_t ret = HksCheckAesAeMode(paramSet, &isAes, &isAeMode);
272 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get aeMode failed!")
273
274 if ((!isAes) || (!isAeMode)) {
275 tagAead->data = NULL;
276 tagAead->size = 0;
277 return HKS_SUCCESS;
278 }
279
280 if (outData->size < (inData->size + HKS_AE_TAG_LEN)) {
281 HKS_LOG_E("too small out buf!");
282 return HKS_ERROR_INVALID_ARGUMENT;
283 }
284
285 tagAead->data = outData->data + inData->size;
286 tagAead->size = HKS_AE_TAG_LEN;
287 return HKS_SUCCESS;
288 }
289
HksGetDecryptAeTag(const struct HksParamSet * runtimeParamSet,struct HksUsageSpec * spec)290 int32_t HksGetDecryptAeTag(const struct HksParamSet *runtimeParamSet, struct HksUsageSpec *spec)
291 {
292 if (runtimeParamSet == NULL || spec == NULL) {
293 HKS_LOG_E("input param is NULL!");
294 return HKS_ERROR_INVALID_ARGUMENT;
295 }
296
297 bool isAes = false;
298 bool isAeMode = false;
299 (void)HksCheckAesAeMode(runtimeParamSet, &isAes, &isAeMode);
300 if (!(isAes && isAeMode)) {
301 HKS_LOG_E("not aes aead mode!");
302 return HKS_ERROR_INVALID_ARGUMENT;
303 }
304
305 struct HksAeadParam *aeadParam = (struct HksAeadParam *)spec->algParam;
306 if (aeadParam == NULL) {
307 HKS_LOG_E("spec algParam is NULL!");
308 return HKS_ERROR_INVALID_ARGUMENT;
309 }
310
311 struct HksParam *tagParam = NULL;
312 int32_t ret = HksGetParam(runtimeParamSet, HKS_TAG_AE_TAG, &tagParam);
313 if (ret != HKS_SUCCESS) {
314 HKS_LOG_E("get aead tag failed!");
315 return ret;
316 }
317
318 aeadParam->tagDec = tagParam->blob;
319 return HKS_SUCCESS;
320 }
321
BuildParamSetOut(const struct HksParam * params,uint32_t paramCnt,struct HksParamSet * paramSetOut)322 static int32_t BuildParamSetOut(const struct HksParam *params, uint32_t paramCnt, struct HksParamSet *paramSetOut)
323 {
324 int32_t ret;
325 struct HksParamSet *tmpParamSetOut = NULL;
326
327 ret = HksInitParamSet(&tmpParamSetOut);
328 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "init paramSet failed!")
329
330 ret = HksAddParams(tmpParamSetOut, params, paramCnt);
331 if (ret != HKS_SUCCESS) {
332 HKS_LOG_E("add params failed");
333 HksFreeParamSet(&tmpParamSetOut);
334 return ret;
335 }
336
337 ret = HksBuildParamSet(&tmpParamSetOut);
338 if (ret != HKS_SUCCESS) {
339 HKS_LOG_E("build paramSet failed");
340 HksFreeParamSet(&tmpParamSetOut);
341 return ret;
342 }
343
344 if (memcpy_s(paramSetOut, paramSetOut->paramSetSize, tmpParamSetOut, tmpParamSetOut->paramSetSize) != EOK) {
345 HksFreeParamSet(&tmpParamSetOut);
346 HKS_LOG_E("memcpy paramSet out failed, paramSetOut size = %" LOG_PUBLIC "u", paramSetOut->paramSetSize);
347 return HKS_ERROR_INSUFFICIENT_MEMORY;
348 }
349
350 HksFreeParamSet(&tmpParamSetOut);
351 return HksFreshParamSet(paramSetOut, false);
352 }
353
354 #if (defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)) || \
355 (defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY))
FormatKeyInner(uint32_t publicKeySize,uint8_t * publicKey,const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)356 static int32_t FormatKeyInner(uint32_t publicKeySize, uint8_t *publicKey, const struct HksBlob *keyIn,
357 struct HksParamSet *paramSetOut)
358 {
359 struct HksParam params[] = {
360 {
361 .tag = HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA,
362 .blob = { publicKeySize, publicKey },
363 },
364 {
365 .tag = HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA,
366 .blob = { keyIn->size, keyIn->data },
367 },
368 };
369 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
370 }
371 #endif
372
373 #ifndef _CUT_AUTHENTICATE_
SetCurve25519KeyMaterial(bool isPubKey,const struct HksBlob * keyIn,struct HksBlob * keyOut)374 static int32_t SetCurve25519KeyMaterial(bool isPubKey, const struct HksBlob *keyIn, struct HksBlob *keyOut)
375 {
376 struct KeyMaterial25519 curve25519Km = {HKS_ALG_ED25519, 0, 0, 0, 0};
377 curve25519Km.keySize = HKS_CURVE25519_KEY_SIZE_256;
378 curve25519Km.reserved = 0;
379
380 uint32_t offset = sizeof(struct KeyMaterial25519);
381 if (isPubKey) {
382 curve25519Km.pubKeySize = keyIn->size;
383 curve25519Km.priKeySize = 0;
384 } else {
385 curve25519Km.pubKeySize = 0;
386 curve25519Km.priKeySize = keyIn->size;
387 }
388
389 keyOut->size = sizeof(struct KeyMaterial25519) + curve25519Km.pubKeySize + curve25519Km.priKeySize;
390 keyOut->data = (uint8_t *)HksMalloc(keyOut->size);
391 HKS_IF_NULL_RETURN(keyOut->data, HKS_ERROR_MALLOC_FAIL)
392
393 (void)memcpy_s(keyOut->data, keyOut->size, &curve25519Km, sizeof(struct KeyMaterial25519));
394
395 (void)memcpy_s(keyOut->data + offset, keyOut->size - offset, keyIn->data, keyIn->size);
396
397 return HKS_SUCCESS;
398 }
399
CheckCurve25519KeySize(const struct HksBlob * keyIn)400 static int32_t CheckCurve25519KeySize(const struct HksBlob *keyIn)
401 {
402 if (keyIn->size < sizeof(struct KeyMaterial25519)) {
403 HKS_LOG_E("keyIn buffer too small");
404 return HKS_ERROR_INVALID_ARGUMENT;
405 }
406
407 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
408
409 /* input pubKeySize and priKeySize of keyMaterial have been guaranteed that the addition will not overflow */
410 if (keyIn->size < (sizeof(struct KeyMaterial25519) + keyMaterial->pubKeySize + keyMaterial->priKeySize)) {
411 HKS_LOG_E("keyIn is not a valid key material");
412 return HKS_ERROR_INVALID_ARGUMENT;
413 }
414
415 return HKS_SUCCESS;
416 }
417
CheckFormatCurve25519Key(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)418 static int32_t CheckFormatCurve25519Key(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
419 {
420 int32_t ret = CheckCurve25519KeySize(keyIn);
421 HKS_IF_NOT_SUCC_RETURN(ret, ret)
422
423 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
424 uint32_t offset = sizeof(struct HksParamSet) + (sizeof(struct HksParam) << 1);
425 if (keyMaterial->pubKeySize > MAX_KEY_SIZE || keyMaterial->priKeySize > MAX_KEY_SIZE) {
426 HKS_LOG_E("pubKey or priKey buffer too big");
427 return HKS_ERROR_INVALID_ARGUMENT;
428 }
429 if (paramSetOut->paramSetSize < (offset + keyMaterial->pubKeySize + keyMaterial->priKeySize)) {
430 HKS_LOG_E("pubKey or priKey buffer too small");
431 return HKS_ERROR_BUFFER_TOO_SMALL;
432 }
433
434 return HKS_SUCCESS;
435 }
436
FormatCurve25519Key(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)437 static int32_t FormatCurve25519Key(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
438 {
439 int32_t ret = CheckFormatCurve25519Key(keyIn, paramSetOut);
440 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check curve 25519 key failed")
441
442 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
443 struct HksParam params[] = {
444 {
445 .tag = HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA,
446 .blob = { keyMaterial->pubKeySize, keyIn->data + sizeof(struct KeyMaterial25519) },
447 },
448 {
449 .tag = HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA,
450 .blob = { keyMaterial->priKeySize,
451 keyIn->data + sizeof(struct KeyMaterial25519) + keyMaterial->pubKeySize },
452 },
453 };
454
455 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
456 }
457
GetCurve25519FromKeyMaterial(const bool isPubKey,const struct HksBlob * keyMaterial,struct HksBlob * keyOut)458 int32_t GetCurve25519FromKeyMaterial(const bool isPubKey, const struct HksBlob *keyMaterial,
459 struct HksBlob *keyOut)
460 {
461 int32_t ret = CheckCurve25519KeySize(keyMaterial);
462 HKS_IF_NOT_SUCC_RETURN(ret, ret)
463
464 const struct KeyMaterial25519 *km = (struct KeyMaterial25519 *)(keyMaterial->data);
465
466 uint32_t size = (isPubKey ? km->pubKeySize : km->priKeySize);
467 if (size == 0) {
468 HKS_LOG_E("get key material size invalid, pubSize = %" LOG_PUBLIC "u, priSize = %" LOG_PUBLIC "u",
469 km->pubKeySize, km->priKeySize);
470 return HKS_ERROR_INVALID_KEY_INFO;
471 }
472 uint8_t *buffer = (uint8_t *)HksMalloc(size);
473 HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL)
474
475 uint32_t offset = sizeof(struct KeyMaterial25519);
476 uint8_t *tmp = (isPubKey ? (keyMaterial->data + offset) : (keyMaterial->data + offset + km->pubKeySize));
477 (void)memcpy_s(buffer, size, tmp, size);
478
479 keyOut->data = buffer;
480 keyOut->size = size;
481 return HKS_SUCCESS;
482 }
483
484 #if defined(HKS_SUPPORT_AES_C) || (defined(HKS_SUPPORT_HMAC_C) && defined(HKS_SUPPORT_HMAC_GENERATE_KEY))
FormatAesOrHmacKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)485 static int32_t FormatAesOrHmacKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
486 {
487 struct HksParam params[] = {
488 {
489 .tag = HKS_TAG_SYMMETRIC_KEY_DATA,
490 .blob = { keyIn->size, keyIn->data },
491 },
492 };
493 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
494 }
495 #endif
496
497 #if defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY)
FormatRsaKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)498 static int32_t FormatRsaKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
499 {
500 if (keyIn->size < sizeof(struct KeyMaterialRsa)) {
501 return HKS_ERROR_INVALID_ARGUMENT;
502 }
503
504 struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)keyIn->data;
505 uint32_t publicKeySize = sizeof(struct KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize;
506 if (keyIn->size < publicKeySize) {
507 HKS_LOG_E("invalid key info.");
508 return HKS_ERROR_INVALID_KEY_INFO;
509 }
510
511 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
512 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
513
514 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
515 ((struct KeyMaterialRsa *)publicKey)->dSize = 0;
516
517 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
518 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
519 HKS_FREE(publicKey);
520 return ret;
521 }
522 #endif
523
524 #if defined(HKS_SUPPORT_DSA_C) && defined(HKS_SUPPORT_DSA_GENERATE_KEY)
FormatDsaKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)525 static int32_t FormatDsaKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
526 {
527 if (keyIn->size < sizeof(struct KeyMaterialDsa)) {
528 return HKS_ERROR_INVALID_ARGUMENT;
529 }
530
531 struct KeyMaterialDsa *keyMaterial = (struct KeyMaterialDsa *)keyIn->data;
532 uint32_t publicKeySize = sizeof(struct KeyMaterialDsa) + keyMaterial->ySize + keyMaterial->pSize +
533 keyMaterial->qSize + keyMaterial->gSize;
534 if (keyIn->size < publicKeySize) {
535 HKS_LOG_E("invalid key info.");
536 return HKS_ERROR_INVALID_KEY_INFO;
537 }
538
539 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
540 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc key failed.")
541
542 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, sizeof(struct KeyMaterialDsa));
543 uint32_t inOffset = sizeof(struct KeyMaterialDsa);
544 uint32_t outOffset = sizeof(struct KeyMaterialDsa) + keyMaterial->xSize;
545 (void)memcpy_s(publicKey + inOffset, publicKeySize - inOffset, keyIn->data + outOffset, publicKeySize - inOffset);
546 ((struct KeyMaterialDsa *)publicKey)->xSize = 0;
547
548 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
549 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
550 HKS_FREE(publicKey);
551 return ret;
552 }
553 #endif
554
555 #if defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)
FormatEccKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)556 static int32_t FormatEccKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
557 {
558 if (keyIn->size < sizeof(struct KeyMaterialEcc)) {
559 return HKS_ERROR_INVALID_ARGUMENT;
560 }
561
562 struct KeyMaterialEcc *keyMaterial = (struct KeyMaterialEcc *)keyIn->data;
563 uint32_t publicKeySize = sizeof(struct KeyMaterialEcc) + keyMaterial->xSize + keyMaterial->ySize;
564 if (keyIn->size < publicKeySize) {
565 HKS_LOG_E("invalid key info.");
566 return HKS_ERROR_INVALID_KEY_INFO;
567 }
568
569 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
570 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
571
572 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
573 ((struct KeyMaterialEcc *)publicKey)->zSize = 0;
574 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
575 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
576 HKS_FREE(publicKey);
577 return ret;
578 }
579 #endif
580
581 #if defined(HKS_SUPPORT_DH_C) && defined(HKS_SUPPORT_DH_GENERATE_KEY)
FormatDhKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)582 static int32_t FormatDhKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
583 {
584 if (keyIn->size < sizeof(struct KeyMaterialDh)) {
585 return HKS_ERROR_INVALID_ARGUMENT;
586 }
587
588 struct KeyMaterialDh *keyMaterial = (struct KeyMaterialDh *)keyIn->data;
589 uint32_t publicKeySize = sizeof(struct KeyMaterialDh) + keyMaterial->pubKeySize;
590 if (keyIn->size < publicKeySize) {
591 HKS_LOG_E("invalid key info.");
592 return HKS_ERROR_INVALID_KEY_INFO;
593 }
594
595 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
596 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
597
598 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
599 ((struct KeyMaterialDh *)publicKey)->priKeySize = 0;
600 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
601 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
602 HKS_FREE(publicKey);
603 return ret;
604 }
605 #endif
606
HksSetKeyToMaterial(uint32_t alg,bool isPubKey,const struct HksBlob * key,struct HksBlob * keyMaterial)607 int32_t HksSetKeyToMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *key, struct HksBlob *keyMaterial)
608 {
609 switch (alg) {
610 case HKS_ALG_X25519:
611 case HKS_ALG_ED25519:
612 return SetCurve25519KeyMaterial(isPubKey, key, keyMaterial);
613 case HKS_ALG_RSA:
614 case HKS_ALG_DSA:
615 case HKS_ALG_ECC:
616 case HKS_ALG_ECDH:
617 case HKS_ALG_DH:
618 keyMaterial->size = key->size;
619 keyMaterial->data = (uint8_t *)HksMalloc(keyMaterial->size);
620 if (keyMaterial->data != NULL) {
621 (void)memcpy_s(keyMaterial->data, keyMaterial->size, key->data, key->size);
622 return HKS_SUCCESS;
623 } else {
624 return HKS_ERROR_MALLOC_FAIL;
625 }
626 break;
627 default:
628 HKS_LOG_E("alg not support");
629 return HKS_ERROR_INVALID_ALGORITHM;
630 }
631 }
632
HksGetKeyFromMaterial(uint32_t alg,bool isPubKey,const struct HksBlob * keyMaterial,struct HksBlob * key)633 int32_t HksGetKeyFromMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *keyMaterial, struct HksBlob *key)
634 {
635 switch (alg) {
636 case HKS_ALG_X25519:
637 case HKS_ALG_ED25519:
638 return GetCurve25519FromKeyMaterial(isPubKey, keyMaterial, key);
639 default:
640 HKS_LOG_E("alg not support");
641 return HKS_ERROR_INVALID_ALGORITHM;
642 }
643 }
644
HksFormatKeyFromMaterial(uint32_t alg,const struct HksBlob * keyMaterial,struct HksParamSet * paramSetOut)645 int32_t HksFormatKeyFromMaterial(uint32_t alg, const struct HksBlob *keyMaterial,
646 struct HksParamSet *paramSetOut)
647 {
648 switch (alg) {
649 case HKS_ALG_X25519:
650 case HKS_ALG_ED25519:
651 return FormatCurve25519Key(keyMaterial, paramSetOut);
652 #if defined(HKS_SUPPORT_AES_C) && defined(HKS_SUPPORT_AES_GENERATE_KEY)
653 case HKS_ALG_AES:
654 return FormatAesOrHmacKey(keyMaterial, paramSetOut);
655 #endif
656 #if defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY)
657 case HKS_ALG_RSA:
658 return FormatRsaKey(keyMaterial, paramSetOut);
659 #endif
660 #if defined(HKS_SUPPORT_HMAC_C) && defined(HKS_SUPPORT_HMAC_GENERATE_KEY)
661 case HKS_ALG_HMAC:
662 return FormatAesOrHmacKey(keyMaterial, paramSetOut);
663 #endif
664 #if defined(HKS_SUPPORT_DSA_C) && defined(HKS_SUPPORT_DSA_GENERATE_KEY)
665 case HKS_ALG_DSA:
666 return FormatDsaKey(keyMaterial, paramSetOut);
667 #endif
668 #if defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)
669 case HKS_ALG_ECC:
670 case HKS_ALG_ECDH:
671 return FormatEccKey(keyMaterial, paramSetOut);
672 #endif
673 #if defined(HKS_SUPPORT_DH_C) && defined(HKS_SUPPORT_DH_GENERATE_KEY)
674 case HKS_ALG_DH:
675 return FormatDhKey(keyMaterial, paramSetOut);
676 #endif
677 default:
678 HKS_LOG_E("alg not support");
679 return HKS_ERROR_INVALID_ALGORITHM;
680 }
681 }
682 #endif
683