1 /*
2 * Copyright (c) 2020-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define HUKS_DISABLE_LOG_AT_FILE_TO_REDUCE_ROM_SIZE
16
17 #ifndef USE_HISI_MBED
18 #include "mbedtls/compat-2.x.h"
19 #endif
20 #ifdef HKS_CONFIG_FILE
21 #include HKS_CONFIG_FILE
22 #else
23 #include "hks_config.h"
24 #endif
25
26 #ifdef _CUT_AUTHENTICATE_
27 #undef HKS_SUPPORT_HASH_C
28 #endif /* _CUT_AUTHENTICATE_ */
29
30 #ifdef HKS_SUPPORT_HASH_C
31
32 #include "hks_mbedtls_hash.h"
33
34 #include <mbedtls/md5.h>
35 #include <mbedtls/sha1.h>
36 #include <mbedtls/sha256.h>
37 #include <mbedtls/sha512.h>
38
39 #include "hks_common_check.h"
40 #include "hks_log.h"
41 #include "hks_mem.h"
42 #include "hks_mbedtls_common.h"
43 #include "hks_template.h"
44
45 struct HksMbedtlsHashCtx {
46 uint8_t *append;
47 uint32_t mAlg;
48 } HksMbedtlsHashCtx;
49
HksMbedtlsHashMd5Init(void ** ctx,uint32_t alg)50 static int32_t HksMbedtlsHashMd5Init(void **ctx, uint32_t alg)
51 {
52 int32_t ret = 0;
53 mbedtls_md5_context *context = (mbedtls_md5_context *)HksMalloc(sizeof(mbedtls_md5_context));
54 HKS_IF_NULL_LOGE_RETURN(context, HKS_ERROR_MALLOC_FAIL, "malloc fail")
55
56 mbedtls_md5_init(context);
57
58 ret = mbedtls_md5_starts_ret(context);
59 if (ret != HKS_MBEDTLS_SUCCESS) {
60 HKS_LOG_E("Mbedtls Hash Md5 init starts_ret fail");
61 mbedtls_md5_free(context);
62 if (context != NULL) {
63 HKS_FREE(context);
64 }
65 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
66 }
67
68 struct HksMbedtlsHashCtx *outCtx = (struct HksMbedtlsHashCtx *)HksMalloc(sizeof(HksMbedtlsHashCtx));
69 if (outCtx == NULL) {
70 HKS_LOG_E("Mbedtls Hash Md5 init malloc fail");
71 mbedtls_md5_free(context);
72 if (context != NULL) {
73 HKS_FREE(context);
74 }
75 return HKS_ERROR_MALLOC_FAIL;
76 }
77
78 outCtx->append = (void *)context;
79 outCtx->mAlg = alg;
80 *ctx = (void *)outCtx;
81 return HKS_SUCCESS;
82 }
83
HksMbedtlsHashMd5Update(struct HksMbedtlsHashCtx * ctx,const unsigned char * input,size_t ilen)84 static int32_t HksMbedtlsHashMd5Update(struct HksMbedtlsHashCtx *ctx, const unsigned char *input, size_t ilen)
85 {
86 int32_t ret = 0;
87 mbedtls_md5_context *context = (mbedtls_md5_context *)ctx->append;
88
89 HKS_IF_NULL_RETURN(context, HKS_ERROR_NULL_POINTER)
90
91 ret = mbedtls_md5_update_ret(context, input, ilen);
92 if (ret != HKS_MBEDTLS_SUCCESS) {
93 HKS_LOG_E("Mbedtls Hash Md5 update fail");
94 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
95 }
96
97 return HKS_SUCCESS;
98 }
99
HksMbedtlsHashMd5Final(struct HksMbedtlsHashCtx * ctx,const struct HksBlob * msg,struct HksBlob * hash)100 static int32_t HksMbedtlsHashMd5Final(struct HksMbedtlsHashCtx *ctx, const struct HksBlob *msg, struct HksBlob *hash)
101 {
102 int32_t ret = 0;
103 mbedtls_md5_context *context = (mbedtls_md5_context *)ctx->append;
104
105 HKS_IF_NULL_RETURN(context, HKS_ERROR_NULL_POINTER)
106
107 do {
108 if (msg->size != 0) {
109 ret = mbedtls_md5_update_ret(context, msg->data, msg->size);
110 if (ret != HKS_MBEDTLS_SUCCESS) {
111 HKS_LOG_E("Mbedtls Hash Md5 finish last data fail");
112 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
113 break;
114 }
115 }
116
117 ret = mbedtls_md5_finish_ret(context, hash->data);
118 if (ret != HKS_MBEDTLS_SUCCESS) {
119 HKS_LOG_E("Mbedtls Hash Md5 finish fail");
120 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
121 break;
122 }
123
124 ret = HKS_SUCCESS;
125 } while (0);
126
127 mbedtls_md5_free(context);
128 HKS_FREE(context);
129 ctx->append = NULL;
130
131 return ret;
132 }
133
HksMbedtlsHashSha1Init(void ** ctx,uint32_t alg)134 static int32_t HksMbedtlsHashSha1Init(void **ctx, uint32_t alg)
135 {
136 int32_t ret = 0;
137 mbedtls_sha1_context *context = (mbedtls_sha1_context *)HksMalloc(sizeof(mbedtls_sha1_context));
138 HKS_IF_NULL_LOGE_RETURN(context, HKS_ERROR_MALLOC_FAIL, "malloc fail")
139 mbedtls_sha1_init(context);
140
141 ret = mbedtls_sha1_starts_ret(context);
142 if (ret != HKS_MBEDTLS_SUCCESS) {
143 HKS_LOG_E("Mbedtls Hash Sha1 init start_rat fail");
144 mbedtls_sha1_free(context);
145 if (context != NULL) {
146 HKS_FREE(context);
147 }
148 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
149 }
150
151 struct HksMbedtlsHashCtx *outCtx = (struct HksMbedtlsHashCtx *)HksMalloc(sizeof(HksMbedtlsHashCtx));
152 if (outCtx == NULL) {
153 HKS_LOG_E("Mbedtls Hash Sha1 init malloc fail");
154 mbedtls_sha1_free(context);
155 if (context != NULL) {
156 HKS_FREE(context);
157 }
158 return HKS_ERROR_MALLOC_FAIL;
159 }
160
161 outCtx->append = (void *)context;
162 outCtx->mAlg = alg;
163 *ctx = (void *)outCtx;
164
165 return HKS_SUCCESS;
166 }
167
HksMbedtlsHashSha1Update(struct HksMbedtlsHashCtx * ctx,const unsigned char * input,size_t ilen)168 static int32_t HksMbedtlsHashSha1Update(struct HksMbedtlsHashCtx *ctx, const unsigned char *input, size_t ilen)
169 {
170 mbedtls_sha1_context *context = (mbedtls_sha1_context *)ctx->append;
171 HKS_IF_NULL_RETURN(context, HKS_ERROR_NULL_POINTER)
172
173 if (ilen == 0 || input == NULL) {
174 HKS_LOG_E("Mbedtls Hash sha1 input param error");
175 return HKS_ERROR_INVALID_ARGUMENT;
176 }
177
178 int32_t ret = mbedtls_sha1_update_ret(context, input, ilen);
179 if (ret != HKS_MBEDTLS_SUCCESS) {
180 HKS_LOG_E("Mbedtls Hash sha1 update fail");
181 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
182 }
183
184 return HKS_SUCCESS;
185 }
186
HksMbedtlsHashSha1Final(struct HksMbedtlsHashCtx * ctx,const struct HksBlob * msg,struct HksBlob * hash)187 static int32_t HksMbedtlsHashSha1Final(struct HksMbedtlsHashCtx *ctx, const struct HksBlob *msg, struct HksBlob *hash)
188 {
189 mbedtls_sha1_context *context = (mbedtls_sha1_context *)ctx->append;
190 HKS_IF_NULL_RETURN(context, HKS_ERROR_NULL_POINTER)
191
192 int32_t ret = 0;
193 do {
194 if (hash->data == NULL) {
195 HKS_LOG_E("Mbedtls Hash sha1 output param error");
196 ret = HKS_ERROR_INVALID_ARGUMENT;
197 break;
198 }
199
200 if (msg->size != 0) {
201 ret = mbedtls_sha1_update_ret(context, msg->data, msg->size);
202 if (ret != HKS_MBEDTLS_SUCCESS) {
203 HKS_LOG_E("Mbedtls Hash sha1 finish last data fail");
204 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
205 break;
206 }
207 }
208
209 ret = mbedtls_sha1_finish_ret(context, hash->data);
210 if (ret != HKS_MBEDTLS_SUCCESS) {
211 HKS_LOG_E("Mbedtls Hash sha1 finish fail");
212 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
213 break;
214 }
215
216 ret = HKS_SUCCESS;
217 } while (0);
218 mbedtls_sha1_free(context);
219 HKS_FREE(context);
220 ctx->append = NULL;
221 return ret;
222 }
223
HksMbedtlsHashSha256Init(void ** ctx,int is224,uint32_t alg)224 static int32_t HksMbedtlsHashSha256Init(void **ctx, int is224, uint32_t alg)
225 {
226 mbedtls_sha256_context *context = (mbedtls_sha256_context *)HksMalloc(sizeof(mbedtls_sha256_context));
227 HKS_IF_NULL_LOGE_RETURN(context, HKS_ERROR_MALLOC_FAIL, "malloc fail")
228
229 if (is224 != 0 && is224 != 1) {
230 HKS_LOG_E("Mbedtls Hash not sha224 & not sha256 ");
231 if (context != NULL) {
232 HKS_FREE(context);
233 }
234 return HKS_ERROR_INVALID_ARGUMENT;
235 }
236
237 mbedtls_sha256_init(context);
238
239 int32_t ret = mbedtls_sha256_starts_ret(context, is224);
240 if (ret != HKS_MBEDTLS_SUCCESS) {
241 HKS_LOG_E("Mbedtls Hash sha256 init fail");
242 mbedtls_sha256_free(context);
243 if (context != NULL) {
244 HKS_FREE(context);
245 }
246 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
247 }
248
249 struct HksMbedtlsHashCtx *outCtx = (struct HksMbedtlsHashCtx *)HksMalloc(sizeof(HksMbedtlsHashCtx));
250 if (outCtx == NULL) {
251 HKS_LOG_E("Mbedtls Hash sha256 init fail_outCtx malloc fail");
252 mbedtls_sha256_free(context);
253 if (context != NULL) {
254 HKS_FREE(context);
255 }
256 return HKS_ERROR_MALLOC_FAIL;
257 }
258
259 outCtx->append = (void *)context;
260 outCtx->mAlg = alg;
261 *ctx = (void *)outCtx;
262 return HKS_SUCCESS;
263 }
264
HksMbedtlsHashSha256Update(struct HksMbedtlsHashCtx * ctx,const unsigned char * input,size_t ilen)265 static int32_t HksMbedtlsHashSha256Update(struct HksMbedtlsHashCtx *ctx, const unsigned char *input, size_t ilen)
266 {
267 mbedtls_sha256_context *context = (mbedtls_sha256_context *)ctx->append;
268 HKS_IF_NULL_RETURN(context, HKS_FAILURE)
269
270 if (ilen == 0 || input == NULL) {
271 return HKS_FAILURE;
272 }
273
274 int32_t ret = mbedtls_sha256_update_ret(context, input, ilen);
275 if (ret != HKS_MBEDTLS_SUCCESS) {
276 HKS_LOG_E("Mbedtls Hash sha256 update fail");
277 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
278 }
279
280 return HKS_SUCCESS;
281 }
282
HksMbedtlsHashSha256Final(struct HksMbedtlsHashCtx * ctx,const struct HksBlob * msg,struct HksBlob * hash)283 static int32_t HksMbedtlsHashSha256Final(struct HksMbedtlsHashCtx *ctx, const struct HksBlob *msg,
284 struct HksBlob *hash)
285 {
286 mbedtls_sha256_context *context = (mbedtls_sha256_context *)ctx->append;
287 HKS_IF_NULL_RETURN(context, HKS_ERROR_NULL_POINTER)
288
289 int32_t ret = 0;
290 do {
291 if (hash->data == NULL) {
292 HKS_LOG_E("Mbedtls Hash sha256 output param error");
293 ret = HKS_ERROR_INVALID_ARGUMENT;
294 break;
295 }
296
297 if (msg->size != 0) {
298 ret = mbedtls_sha256_update_ret(context, msg->data, msg->size);
299 if (ret != HKS_MBEDTLS_SUCCESS) {
300 HKS_LOG_E("Mbedtls Hash sha256 update fail");
301 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
302 break;
303 }
304 }
305
306 ret = mbedtls_sha256_finish_ret(context, hash->data);
307 if (ret != HKS_MBEDTLS_SUCCESS) {
308 HKS_LOG_E("Mbedtls Hash sha256 finish fail");
309 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
310 break;
311 }
312 ret = HKS_SUCCESS;
313 } while (0);
314
315 mbedtls_sha256_free(context);
316 HKS_FREE(context);
317 ctx->append = NULL;
318
319 return ret;
320 }
321
HksMbedtlsHashSha512Init(void ** ctx,int is384,uint32_t alg)322 static int32_t HksMbedtlsHashSha512Init(void **ctx, int is384, uint32_t alg)
323 {
324 mbedtls_sha512_context *context = (mbedtls_sha512_context *)HksMalloc(sizeof(mbedtls_sha512_context));
325 HKS_IF_NULL_LOGE_RETURN(context, HKS_ERROR_MALLOC_FAIL, "malloc fail")
326
327 if (is384 != 0 && is384 != 1) {
328 HKS_LOG_E("Mbedtls Hash not sha384 & not sha512 ");
329 if (context != NULL) {
330 HKS_FREE(context);
331 }
332 return HKS_ERROR_BAD_STATE;
333 }
334
335 mbedtls_sha512_init(context);
336
337 int32_t ret = mbedtls_sha512_starts_ret(context, is384);
338 if (ret != HKS_MBEDTLS_SUCCESS) {
339 HKS_LOG_E("Mbedtls Hash sha512 init fail");
340 mbedtls_sha512_free(context);
341 if (context != NULL) {
342 HKS_FREE(context);
343 }
344 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
345 }
346
347 struct HksMbedtlsHashCtx *outCtx = (struct HksMbedtlsHashCtx *)HksMalloc(sizeof(HksMbedtlsHashCtx));
348 if (outCtx == NULL) {
349 HKS_LOG_E("Mbedtls Hash Md5 init fail_outCtx malloc fail");
350 mbedtls_sha512_free(context);
351 if (context != NULL) {
352 HKS_FREE(context);
353 }
354 return HKS_ERROR_MALLOC_FAIL;
355 }
356
357 outCtx->append = (void *)context;
358 outCtx->mAlg = alg;
359 *ctx = (void *)outCtx;
360 return HKS_SUCCESS;
361 }
362
HksMbedtlsHashSha512Update(struct HksMbedtlsHashCtx * ctx,const unsigned char * input,size_t ilen)363 static int32_t HksMbedtlsHashSha512Update(struct HksMbedtlsHashCtx *ctx, const unsigned char *input, size_t ilen)
364 {
365 mbedtls_sha512_context *context = (mbedtls_sha512_context *)ctx->append;
366 HKS_IF_NULL_RETURN(context, HKS_ERROR_NULL_POINTER)
367
368 if (ilen == 0 || input == NULL) {
369 HKS_LOG_E("Mbedtls Hash sha512 input param error");
370 return HKS_ERROR_INVALID_ARGUMENT;
371 }
372
373 int32_t ret = mbedtls_sha512_update_ret(context, input, ilen);
374 if (ret != HKS_MBEDTLS_SUCCESS) {
375 HKS_LOG_E("Mbedtls Hash sha512 update fail");
376 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
377 }
378
379 return HKS_SUCCESS;
380 }
381
HksMbedtlsHashSha512Final(struct HksMbedtlsHashCtx * ctx,const struct HksBlob * msg,struct HksBlob * hash)382 static int32_t HksMbedtlsHashSha512Final(struct HksMbedtlsHashCtx *ctx, const struct HksBlob *msg,
383 struct HksBlob *hash)
384 {
385 mbedtls_sha512_context *context = (mbedtls_sha512_context *)ctx->append;
386 HKS_IF_NULL_RETURN(context, HKS_ERROR_NULL_POINTER)
387
388 int32_t ret = 0;
389 do {
390 if (hash->data == NULL) {
391 HKS_LOG_E("Mbedtls Hash sha512 output param error");
392 ret = HKS_ERROR_INVALID_ARGUMENT;
393 break;
394 }
395
396 if (msg->size != 0) {
397 ret = mbedtls_sha512_update_ret(context, msg->data, msg->size);
398 if (ret != HKS_MBEDTLS_SUCCESS) {
399 HKS_LOG_E("Mbedtls Hash sha512 finish last data fail");
400 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
401 break;
402 }
403 }
404
405 ret = mbedtls_sha512_finish_ret(context, hash->data);
406 if (ret != HKS_MBEDTLS_SUCCESS) {
407 HKS_LOG_E("Mbedtls Hash sha512 finish fail");
408 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
409 break;
410 }
411
412 ret = HKS_SUCCESS;
413 } while (0);
414
415 mbedtls_sha512_free(context);
416 HKS_FREE(context);
417 ctx->append = NULL;
418 return ret;
419 }
420
HksMbedtlsMd5HashFreeCtx(void ** cryptoCtx)421 static void HksMbedtlsMd5HashFreeCtx(void **cryptoCtx)
422 {
423 if (cryptoCtx == NULL || *cryptoCtx == NULL) {
424 HKS_LOG_E("Mbedtls Hash freeCtx param error");
425 return;
426 }
427 struct HksMbedtlsHashCtx *hashCtx = (struct HksMbedtlsHashCtx *)*cryptoCtx;
428 if (hashCtx->append != NULL) {
429 mbedtls_md5_free((mbedtls_md5_context *)hashCtx->append);
430 }
431 }
432
HksMbedtlsSHA1HashFreeCtx(void ** cryptoCtx)433 static void HksMbedtlsSHA1HashFreeCtx(void **cryptoCtx)
434 {
435 if (cryptoCtx == NULL || *cryptoCtx == NULL) {
436 HKS_LOG_E("Mbedtls Hash freeCtx param error");
437 return;
438 }
439 struct HksMbedtlsHashCtx *hashCtx = (struct HksMbedtlsHashCtx *)*cryptoCtx;
440 if (hashCtx->append != NULL) {
441 mbedtls_sha1_free((mbedtls_sha1_context *)hashCtx->append);
442 }
443 }
444
HksMbedtlsSha224Sha256HashFreeCtx(void ** cryptoCtx)445 static void HksMbedtlsSha224Sha256HashFreeCtx(void **cryptoCtx)
446 {
447 if (cryptoCtx == NULL || *cryptoCtx == NULL) {
448 HKS_LOG_E("Mbedtls Hash freeCtx param error");
449 return;
450 }
451 struct HksMbedtlsHashCtx *hashCtx = (struct HksMbedtlsHashCtx *)*cryptoCtx;
452 if (hashCtx->append != NULL) {
453 mbedtls_sha256_free((mbedtls_sha256_context *)hashCtx->append);
454 }
455 }
456
HksMbedtlsSha384Sha512HashFreeCtx(void ** cryptoCtx)457 static void HksMbedtlsSha384Sha512HashFreeCtx(void **cryptoCtx)
458 {
459 if (cryptoCtx == NULL || *cryptoCtx == NULL) {
460 HKS_LOG_E("Mbedtls Hash freeCtx param error");
461 return;
462 }
463 struct HksMbedtlsHashCtx *hashCtx = (struct HksMbedtlsHashCtx *)*cryptoCtx;
464 if (hashCtx->append != NULL) {
465 mbedtls_sha512_free((mbedtls_sha512_context *)hashCtx->append);
466 }
467 }
468
HksMbedtlsHashInit(void ** cryptoCtx,uint32_t digestAlg)469 int32_t HksMbedtlsHashInit(void **cryptoCtx, uint32_t digestAlg)
470 {
471 int32_t ret = 0;
472 switch (digestAlg) {
473 case HKS_DIGEST_MD5:
474 ret = HksMbedtlsHashMd5Init(cryptoCtx, digestAlg);
475 break;
476 case HKS_DIGEST_SHA1:
477 ret = HksMbedtlsHashSha1Init(cryptoCtx, digestAlg);
478 break;
479 case HKS_DIGEST_SHA224:
480 ret = HksMbedtlsHashSha256Init(cryptoCtx, 1, digestAlg); /* 0 for SHA-224 */
481 break;
482 case HKS_DIGEST_SHA256:
483 ret = HksMbedtlsHashSha256Init(cryptoCtx, 0, digestAlg); /* 0 for SHA-256 */
484 break;
485 case HKS_DIGEST_SHA384:
486 ret = HksMbedtlsHashSha512Init(cryptoCtx, 1, digestAlg); /* 1 for SHA-384 */
487 break;
488 case HKS_DIGEST_SHA512:
489 ret = HksMbedtlsHashSha512Init(cryptoCtx, 0, digestAlg); /* 0 for SHA-512 */
490 break;
491 default:
492 return HKS_ERROR_INVALID_DIGEST;
493 }
494
495 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Mbedtls hash init failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret)
496
497 return HKS_SUCCESS;
498 }
499
HksMbedtlsHashUpdate(void * cryptoCtx,const struct HksBlob * msg)500 int32_t HksMbedtlsHashUpdate(void *cryptoCtx, const struct HksBlob *msg)
501 {
502 int32_t ret = 0;
503 struct HksMbedtlsHashCtx *hashCtx = (struct HksMbedtlsHashCtx *)cryptoCtx;
504
505 switch (hashCtx->mAlg) {
506 case HKS_DIGEST_MD5:
507 ret = HksMbedtlsHashMd5Update(hashCtx, msg->data, msg->size);
508 break;
509 case HKS_DIGEST_SHA1:
510 ret = HksMbedtlsHashSha1Update(hashCtx, msg->data, msg->size);
511 break;
512 case HKS_DIGEST_SHA224:
513 case HKS_DIGEST_SHA256:
514 ret = HksMbedtlsHashSha256Update(hashCtx, msg->data, msg->size);
515 break;
516 case HKS_DIGEST_SHA384:
517 case HKS_DIGEST_SHA512:
518 ret = HksMbedtlsHashSha512Update(hashCtx, msg->data, msg->size);
519 break;
520 default:
521 return HKS_ERROR_INVALID_DIGEST;
522 }
523
524 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Mbedtls hash update failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret)
525
526 return HKS_SUCCESS;
527 }
528
HksMbedtlsHashFinal(void ** cryptoCtx,const struct HksBlob * msg,struct HksBlob * hash)529 int32_t HksMbedtlsHashFinal(void **cryptoCtx, const struct HksBlob *msg, struct HksBlob *hash)
530 {
531 int32_t ret = 0;
532 struct HksMbedtlsHashCtx *hashCtx = (struct HksMbedtlsHashCtx *)*cryptoCtx;
533 HKS_IF_NULL_RETURN(hashCtx, HKS_ERROR_INVALID_ARGUMENT)
534
535 switch (hashCtx->mAlg) {
536 case HKS_DIGEST_MD5:
537 ret = HksMbedtlsHashMd5Final(hashCtx, msg, hash);
538 break;
539 case HKS_DIGEST_SHA1:
540 ret = HksMbedtlsHashSha1Final(hashCtx, msg, hash);
541 break;
542 case HKS_DIGEST_SHA224:
543 case HKS_DIGEST_SHA256:
544 ret = HksMbedtlsHashSha256Final(hashCtx, msg, hash);
545 break;
546 case HKS_DIGEST_SHA384:
547 case HKS_DIGEST_SHA512:
548 ret = HksMbedtlsHashSha512Final(hashCtx, msg, hash);
549 break;
550 default:
551 HksMbedtlsHashFreeCtx(cryptoCtx);
552 return HKS_ERROR_INVALID_DIGEST;
553 }
554
555 if (ret != HKS_SUCCESS) {
556 HKS_LOG_E("Mbedtls hash final failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
557 HKS_FREE(*cryptoCtx);
558 *cryptoCtx = NULL;
559 return ret;
560 }
561
562 ret = HksGetDigestLen(hashCtx->mAlg, &(hash->size));
563 HKS_IF_NOT_SUCC_LOGE(ret, "Get digest len failed!")
564
565 HksMbedtlsHashFreeCtx(cryptoCtx);
566 return ret;
567 }
568
HksMbedtlsHashFreeCtx(void ** cryptoCtx)569 void HksMbedtlsHashFreeCtx(void **cryptoCtx)
570 {
571 if (cryptoCtx == NULL || *cryptoCtx == NULL) {
572 HKS_LOG_E("Mbedtls Hash freeCtx param error");
573 return;
574 }
575 struct HksMbedtlsHashCtx *hashCtx = (struct HksMbedtlsHashCtx *)*cryptoCtx;
576 switch (hashCtx->mAlg) {
577 case HKS_DIGEST_MD5:
578 HksMbedtlsMd5HashFreeCtx(cryptoCtx);
579 break;
580 case HKS_DIGEST_SHA1:
581 HksMbedtlsSHA1HashFreeCtx(cryptoCtx);
582 break;
583 case HKS_DIGEST_SHA224:
584 case HKS_DIGEST_SHA256:
585 HksMbedtlsSha224Sha256HashFreeCtx(cryptoCtx);
586 break;
587 case HKS_DIGEST_SHA384:
588 case HKS_DIGEST_SHA512:
589 HksMbedtlsSha384Sha512HashFreeCtx(cryptoCtx);
590 break;
591 default:
592 break;
593 }
594
595 if (*cryptoCtx != NULL) {
596 if (hashCtx->append != NULL) {
597 HKS_FREE(hashCtx->append);
598 hashCtx->append = NULL;
599 }
600
601 HKS_FREE(*cryptoCtx);
602 *cryptoCtx = NULL;
603 }
604 }
605
HksMbedtlsHash(uint32_t alg,const struct HksBlob * msg,struct HksBlob * hash)606 int32_t HksMbedtlsHash(uint32_t alg, const struct HksBlob *msg, struct HksBlob *hash)
607 {
608 int32_t ret = 0;
609 switch (alg) {
610 #ifdef HKS_SUPPORT_HASH_MD5
611 case HKS_DIGEST_MD5:
612 ret = mbedtls_md5_ret(msg->data, msg->size, hash->data);
613 break;
614 #endif
615 #ifdef HKS_SUPPORT_HASH_SHA1
616 case HKS_DIGEST_SHA1:
617 ret = mbedtls_sha1_ret(msg->data, msg->size, hash->data);
618 break;
619 #endif
620 #ifdef HKS_SUPPORT_HASH_SHA224
621 case HKS_DIGEST_SHA224:
622 ret = mbedtls_sha256_ret(msg->data, msg->size, hash->data, 1); /* 0 for SHA-224 */
623 break;
624 #endif
625 #ifdef HKS_SUPPORT_HASH_SHA256
626 case HKS_DIGEST_SHA256:
627 ret = mbedtls_sha256_ret(msg->data, msg->size, hash->data, 0); /* 0 for SHA-256 */
628 break;
629 #endif
630 #ifdef HKS_SUPPORT_HASH_SHA384
631 case HKS_DIGEST_SHA384:
632 ret = mbedtls_sha512_ret(msg->data, msg->size, hash->data, 1); /* 1 for SHA-384 */
633 break;
634 #endif
635 #ifdef HKS_SUPPORT_HASH_SHA512
636 case HKS_DIGEST_SHA512:
637 ret = mbedtls_sha512_ret(msg->data, msg->size, hash->data, 0); /* 0 for SHA-512 */
638 break;
639 #endif
640 default:
641 return HKS_ERROR_INVALID_DIGEST;
642 }
643
644 if (ret != HKS_MBEDTLS_SUCCESS) {
645 HKS_LOG_E("Mbedtls hash failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
646 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
647 }
648
649 ret = HksGetDigestLen(alg, &(hash->size));
650 HKS_IF_NOT_SUCC_LOGE(ret, "Get digest len failed!")
651
652 return ret;
653 }
654 #endif /* HKS_SUPPORT_HASH_C */
655