1 /*
2 * Copyright (c) 2020-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_mbedtls_common.h"
23
24 #include <mbedtls/entropy.h>
25 #include <mbedtls/md.h>
26 #include <securec.h>
27
28 #include "hks_log.h"
29 #include "hks_template.h"
30
31 #ifdef HUKS_LOG_MINI_EXT_ENABLED
32 #include "log.h"
33 #endif
34
35 /* the custom data of random seed */
36 const unsigned char g_hksRandomSeedCustom[] = {
37 /* H K S */
38 0x48, 0x4B, 0x53
39 };
40
HksToMbedtlsDigestAlg(const uint32_t hksAlg,uint32_t * mbedtlsAlg)41 int32_t HksToMbedtlsDigestAlg(const uint32_t hksAlg, uint32_t *mbedtlsAlg)
42 {
43 switch (hksAlg) {
44 case HKS_DIGEST_MD5:
45 *mbedtlsAlg = MBEDTLS_MD_MD5;
46 break;
47 case HKS_DIGEST_SHA1:
48 *mbedtlsAlg = MBEDTLS_MD_SHA1;
49 break;
50 case HKS_DIGEST_SHA224:
51 *mbedtlsAlg = MBEDTLS_MD_SHA224;
52 break;
53 case HKS_DIGEST_SHA256:
54 *mbedtlsAlg = MBEDTLS_MD_SHA256;
55 break;
56 case HKS_DIGEST_SHA384:
57 *mbedtlsAlg = MBEDTLS_MD_SHA384;
58 break;
59 case HKS_DIGEST_SHA512:
60 *mbedtlsAlg = MBEDTLS_MD_SHA512;
61 break;
62 case HKS_DIGEST_NONE:
63 *mbedtlsAlg = MBEDTLS_MD_NONE;
64 break;
65 default:
66 HKS_LOG_E("Unsupported digest algorithm! digestAlg: 0x%" LOG_PUBLIC "X", hksAlg);
67 return HKS_ERROR_INVALID_DIGEST;
68 }
69 return HKS_SUCCESS;
70 }
71
HksCtrDrbgSeed(mbedtls_ctr_drbg_context * ctrDrbg,mbedtls_entropy_context * entropy)72 int32_t HksCtrDrbgSeed(mbedtls_ctr_drbg_context *ctrDrbg, mbedtls_entropy_context *entropy)
73 {
74 mbedtls_ctr_drbg_init(ctrDrbg);
75 mbedtls_entropy_init(entropy);
76
77 /* use the g_hksRandomSeedCustom without string terminator */
78 int32_t ret = mbedtls_ctr_drbg_seed(ctrDrbg, mbedtls_entropy_func,
79 entropy, g_hksRandomSeedCustom, sizeof(g_hksRandomSeedCustom));
80 if (ret != HKS_MBEDTLS_SUCCESS) {
81 HKS_LOG_E("Ctr drbg seed failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
82 mbedtls_ctr_drbg_free(ctrDrbg);
83 mbedtls_entropy_free(entropy);
84 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
85 }
86
87 return HKS_SUCCESS;
88 }
89
HksMbedtlsFillRandom(struct HksBlob * randomData)90 int32_t HksMbedtlsFillRandom(struct HksBlob *randomData)
91 {
92 mbedtls_entropy_context entropy;
93 mbedtls_ctr_drbg_context ctrDrbg;
94 (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
95 (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
96 int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
97 HKS_IF_NOT_SUCC_RETURN(ret, ret)
98
99 do {
100 ret = mbedtls_ctr_drbg_random(&ctrDrbg, randomData->data, randomData->size);
101 if (ret != HKS_MBEDTLS_SUCCESS) {
102 HKS_LOG_E("Mbedtls random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
103 #ifdef HUKS_LOG_MINI_EXT_ENABLED
104 HILOG_ERROR(HILOG_MODULE_SCY, "Mbedtls random failed! mbedtls ret = 0x%{public}X", ret);
105 #endif
106 (void)memset_s(randomData->data, randomData->size, 0, randomData->size);
107 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
108 }
109 } while (0);
110
111 mbedtls_ctr_drbg_free(&ctrDrbg);
112 mbedtls_entropy_free(&entropy);
113 return ret;
114 }
115