1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_openssl_aes.h"
23
24 #include <openssl/evp.h>
25 #include <stddef.h>
26
27 #include "hks_cfi.h"
28 #include "hks_log.h"
29 #include "hks_mem.h"
30 #include "hks_openssl_common.h"
31 #include "hks_openssl_engine.h"
32 #include "hks_template.h"
33
34 #if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_SM4_C)
35 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
36 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING) || defined(HKS_SUPPORT_AES_CTR_NOPADDING) || \
37 defined(HKS_SUPPORT_AES_ECB_NOPADDING) || defined(HKS_SUPPORT_AES_GCM) || \
38 defined(HKS_SUPPORT_SM4_CBC_NOPADDING) || defined(HKS_SUPPORT_SM4_CBC_PKCS7) || \
39 defined(HKS_SUPPORT_SM4_CTR_NOPADDING) || defined(HKS_SUPPORT_SM4_ECB_NOPADDING) || \
40 defined(HKS_SUPPORT_SM4_ECB_PKCS7) || defined(HKS_SUPPORT_SM4_CFB_NOPADDING) || \
41 defined(HKS_SUPPORT_SM4_OFB_NOPADDING)
42
ENABLE_CFI(const EVP_CIPHER * GetBlockCipherType (uint32_t keySize,uint32_t mode,const EVP_CIPHER * (* getCbcCipherType)(uint32_t keySize),const EVP_CIPHER * (* getCtrCipherType)(uint32_t keySize),const EVP_CIPHER * (* getEcbCipherType)(uint32_t keySize)))43 ENABLE_CFI(const EVP_CIPHER *GetBlockCipherType(uint32_t keySize, uint32_t mode,
44 const EVP_CIPHER *(*getCbcCipherType)(uint32_t keySize),
45 const EVP_CIPHER *(*getCtrCipherType)(uint32_t keySize),
46 const EVP_CIPHER *(*getEcbCipherType)(uint32_t keySize)))
47 {
48 if (mode == HKS_MODE_CBC) {
49 return getCbcCipherType(keySize);
50 } else if (mode == HKS_MODE_CTR) {
51 return getCtrCipherType(keySize);
52 } else if (mode == HKS_MODE_ECB) {
53 return getEcbCipherType(keySize);
54 }
55 return NULL;
56 }
57
OpensslBlockCipherCryptInitParams(const struct HksBlob * key,EVP_CIPHER_CTX * ctx,struct HksCipherParam * cipherParam,bool isEncrypt,const struct HksUsageSpec * usageSpec)58 static int32_t OpensslBlockCipherCryptInitParams(const struct HksBlob *key, EVP_CIPHER_CTX *ctx,
59 struct HksCipherParam *cipherParam, bool isEncrypt, const struct HksUsageSpec *usageSpec)
60 {
61 int32_t ret;
62 if (isEncrypt) {
63 ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key->data, (cipherParam == NULL) ? NULL : cipherParam->iv.data);
64 } else {
65 ret = EVP_DecryptInit_ex(ctx, NULL, NULL, key->data, (cipherParam == NULL) ? NULL : cipherParam->iv.data);
66 }
67 if (ret != HKS_OPENSSL_SUCCESS) {
68 HksLogOpensslError();
69 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
70 }
71
72 if (usageSpec->padding == HKS_PADDING_PKCS7) {
73 // set chipher padding enable
74 ret = EVP_CIPHER_CTX_set_padding(ctx, OPENSSL_CTX_PADDING_ENABLE);
75 } else if (usageSpec->padding == HKS_PADDING_NONE) {
76 // set chipher padding none
77 ret = EVP_CIPHER_CTX_set_padding(ctx, OPENSSL_CTX_PADDING_NONE);
78 }
79 if (ret != HKS_OPENSSL_SUCCESS) {
80 HksLogOpensslError();
81 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
82 }
83 return HKS_SUCCESS;
84 }
85
ENABLE_CFI(int32_t OpensslBlockCipherCryptInit (const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool isEncrypt,void ** cryptoCtx,const EVP_CIPHER * (* getCipherType)(uint32_t keySize,uint32_t mode)))86 ENABLE_CFI(int32_t OpensslBlockCipherCryptInit(
87 const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool isEncrypt, void **cryptoCtx,
88 const EVP_CIPHER *(*getCipherType)(uint32_t keySize, uint32_t mode)))
89 {
90 int32_t ret;
91 struct HksCipherParam *cipherParam = (struct HksCipherParam *)usageSpec->algParam;
92
93 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
94 if (ctx == NULL) {
95 HksLogOpensslError();
96 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
97 }
98
99 const EVP_CIPHER *cipher = getCipherType(key->size, usageSpec->mode);
100 if (cipher == NULL) {
101 EVP_CIPHER_CTX_free(ctx);
102 return HKS_ERROR_INVALID_ARGUMENT;
103 }
104
105 if (isEncrypt) {
106 ret = EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL);
107 } else {
108 ret = EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL);
109 }
110 if (ret != HKS_OPENSSL_SUCCESS) {
111 HksLogOpensslError();
112 EVP_CIPHER_CTX_free(ctx);
113 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
114 }
115
116 ret = OpensslBlockCipherCryptInitParams(key, ctx, cipherParam, isEncrypt, usageSpec);
117 if (ret != HKS_SUCCESS) {
118 EVP_CIPHER_CTX_free(ctx);
119 HKS_LOG_E("OpensslBlockCipherCryptInitParams fail, ret = %" LOG_PUBLIC "d", ret);
120 return ret;
121 }
122
123 struct HksOpensslBlockCipherCtx *outCtx =
124 (struct HksOpensslBlockCipherCtx *)HksMalloc(sizeof(HksOpensslBlockCipherCtx));
125 if (outCtx == NULL) {
126 EVP_CIPHER_CTX_free(ctx);
127 return HKS_ERROR_MALLOC_FAIL;
128 }
129 outCtx->algType = usageSpec->algType;
130 outCtx->mode = usageSpec->mode;
131 outCtx->padding = usageSpec->padding;
132 outCtx->append = (void *)ctx;
133
134 *cryptoCtx = (void *)outCtx;
135
136 return HKS_SUCCESS;
137 }
138
139 // blob data and size have been checked in hks_core_service_three_stage.c
OpensslBlockCipherEncryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)140 int32_t OpensslBlockCipherEncryptUpdate(
141 void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
142 {
143 struct HksOpensslBlockCipherCtx *blockCipherCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
144 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)blockCipherCtx->append;
145
146 HKS_IF_NULL_RETURN(ctx, HKS_ERROR_NULL_POINTER)
147
148 int32_t outLen = 0;
149 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
150 HksLogOpensslError();
151 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
152 }
153 cipherText->size = (uint32_t)outLen;
154
155 return HKS_SUCCESS;
156 }
157
OpensslBlockCipherHandleFinalThree(void ** cryptoCtx,const struct HksBlob * input,struct HksBlob * output,bool isEncrypt)158 static int32_t OpensslBlockCipherHandleFinalThree(
159 void **cryptoCtx, const struct HksBlob *input, struct HksBlob *output, bool isEncrypt)
160 {
161 struct HksOpensslBlockCipherCtx *blockCipherCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
162 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)blockCipherCtx->append;
163 if (ctx == NULL) {
164 HKS_FREE(*cryptoCtx);
165 return HKS_ERROR_NULL_POINTER;
166 }
167
168 int32_t ret = HKS_SUCCESS;
169 do {
170 int32_t outLen = 0;
171 int evpRet;
172 if (input->size != 0) {
173 evpRet = isEncrypt
174 ? EVP_EncryptUpdate(ctx, output->data, &outLen, input->data, input->size)
175 : EVP_DecryptUpdate(ctx, output->data, &outLen, input->data, input->size);
176 if (evpRet != HKS_OPENSSL_SUCCESS) {
177 HksLogOpensslError();
178 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
179 break;
180 }
181 }
182 output->size = (uint32_t)outLen;
183 evpRet = isEncrypt
184 ? EVP_EncryptFinal_ex(ctx, (output->data + outLen), &outLen)
185 : EVP_DecryptFinal_ex(ctx, (output->data + outLen), &outLen);
186 if (evpRet != HKS_OPENSSL_SUCCESS) {
187 HksLogOpensslError();
188 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
189 break;
190 }
191 output->size += (uint32_t)outLen;
192 } while (0);
193
194 EVP_CIPHER_CTX_free(ctx);
195 blockCipherCtx->append = NULL;
196 HKS_FREE(*cryptoCtx);
197
198 return ret;
199 }
200
201 // blob data and size have been checked in hks_core_service_three_stage.c
OpensslBlockCipherEncryptFinalThree(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)202 int32_t OpensslBlockCipherEncryptFinalThree(
203 void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
204 {
205 return OpensslBlockCipherHandleFinalThree(cryptoCtx, message, cipherText, true);
206 }
207
208 // blob data and size have been checked in hks_core_service_three_stage.c
OpensslBlockCipherDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText)209 int32_t OpensslBlockCipherDecryptUpdate(
210 void *cryptoCtx, const struct HksBlob *message, struct HksBlob *plainText)
211 {
212 struct HksOpensslBlockCipherCtx *blockCipherCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
213 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)blockCipherCtx->append;
214
215 HKS_IF_NULL_RETURN(ctx, HKS_ERROR_NULL_POINTER)
216
217 int32_t outLen = 0;
218 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
219 HksLogOpensslError();
220 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
221 }
222 plainText->size = (uint32_t)outLen;
223
224 return HKS_SUCCESS;
225 }
226
227 // blob data and size have been checked in hks_core_service_three_stage.c
OpensslBlockCipherDecryptFinalThree(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText)228 int32_t OpensslBlockCipherDecryptFinalThree(
229 void **cryptoCtx, const struct HksBlob *message, struct HksBlob *plainText)
230 {
231 return OpensslBlockCipherHandleFinalThree(cryptoCtx, message, plainText, false);
232 }
233
234 #endif
235 #endif /* defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_SM4_C) */
236
237 #ifdef HKS_SUPPORT_AES_C
238 #ifdef HKS_SUPPORT_AES_GENERATE_KEY
AesGenKeyCheckParam(const struct HksKeySpec * spec)239 static int32_t AesGenKeyCheckParam(const struct HksKeySpec *spec)
240 {
241 if ((spec->keyLen != HKS_AES_KEY_SIZE_128) && (spec->keyLen != HKS_AES_KEY_SIZE_192) &&
242 (spec->keyLen != HKS_AES_KEY_SIZE_256)) {
243 HKS_LOG_E("Invlid aes key len %" LOG_PUBLIC "x!", spec->keyLen);
244 return HKS_ERROR_INVALID_ARGUMENT;
245 }
246 return HKS_SUCCESS;
247 }
248
HksOpensslAesGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)249 int32_t HksOpensslAesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
250 {
251 HKS_IF_NOT_SUCC_LOGE_RETURN(AesGenKeyCheckParam(spec), HKS_ERROR_INVALID_ARGUMENT,
252 "aes generate key invalid params!")
253
254 return HksOpensslGenerateRandomKey(spec->keyLen, key);
255 }
256 #endif
257
GetAesCbcCipherType(uint32_t keySize)258 static const EVP_CIPHER *GetAesCbcCipherType(uint32_t keySize)
259 {
260 switch (keySize) {
261 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_128):
262 return EVP_aes_128_cbc();
263 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_192):
264 return EVP_aes_192_cbc();
265 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256):
266 return EVP_aes_256_cbc();
267 default:
268 return NULL;
269 }
270 }
271
GetAesCtrCipherType(uint32_t keySize)272 static const EVP_CIPHER *GetAesCtrCipherType(uint32_t keySize)
273 {
274 switch (keySize) {
275 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_128):
276 return EVP_aes_128_ctr();
277 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_192):
278 return EVP_aes_192_ctr();
279 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256):
280 return EVP_aes_256_ctr();
281 default:
282 return NULL;
283 }
284 }
285
GetAesEcbCipherType(uint32_t keySize)286 static const EVP_CIPHER *GetAesEcbCipherType(uint32_t keySize)
287 {
288 switch (keySize) {
289 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_128):
290 return EVP_aes_128_ecb();
291 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_192):
292 return EVP_aes_192_ecb();
293 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256):
294 return EVP_aes_256_ecb();
295 default:
296 return NULL;
297 }
298 }
299
GetGcmCipherType(uint32_t keySize)300 static const EVP_CIPHER *GetGcmCipherType(uint32_t keySize)
301 {
302 switch (keySize) {
303 case (HKS_AES_KEY_SIZE_128 / HKS_BITS_PER_BYTE):
304 return EVP_aes_128_gcm();
305 case (HKS_AES_KEY_SIZE_192 / HKS_BITS_PER_BYTE):
306 return EVP_aes_192_gcm();
307 case (HKS_AES_KEY_SIZE_256 / HKS_BITS_PER_BYTE):
308 return EVP_aes_256_gcm();
309 default:
310 return NULL;
311 }
312 }
313
GetCcmCipherType(uint32_t keySize)314 static const EVP_CIPHER *GetCcmCipherType(uint32_t keySize)
315 {
316 switch (keySize) {
317 case (HKS_AES_KEY_SIZE_128 / HKS_BITS_PER_BYTE):
318 return EVP_aes_128_ccm();
319 case (HKS_AES_KEY_SIZE_192 / HKS_BITS_PER_BYTE):
320 return EVP_aes_192_ccm();
321 case (HKS_AES_KEY_SIZE_256 / HKS_BITS_PER_BYTE):
322 return EVP_aes_256_ccm();
323 default:
324 return NULL;
325 }
326 }
327
GetAesCipherType(uint32_t keySize,uint32_t mode)328 static const EVP_CIPHER *GetAesCipherType(uint32_t keySize, uint32_t mode)
329 {
330 return GetBlockCipherType(keySize, mode, GetAesCbcCipherType, GetAesCtrCipherType, GetAesEcbCipherType);
331 }
332
GetAeadCipherType(uint32_t keySize,uint32_t mode)333 static const EVP_CIPHER *GetAeadCipherType(uint32_t keySize, uint32_t mode)
334 {
335 switch (mode) {
336 case HKS_MODE_GCM:
337 return GetGcmCipherType(keySize);
338 case HKS_MODE_CCM:
339 return GetCcmCipherType(keySize);
340 default:
341 return NULL;
342 }
343 }
344
345 #if defined(HKS_SUPPORT_AES_GCM) || defined(HKS_SUPPORT_AES_CCM)
OpensslAesAeadInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool isEncrypt,EVP_CIPHER_CTX ** ctx)346 static int32_t OpensslAesAeadInit(
347 const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool isEncrypt, EVP_CIPHER_CTX **ctx)
348 {
349 int32_t ret;
350 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
351 HKS_IF_NULL_RETURN(aeadParam, HKS_ERROR_INVALID_ARGUMENT)
352
353 *ctx = EVP_CIPHER_CTX_new();
354 if (*ctx == NULL) {
355 HksLogOpensslError();
356 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
357 }
358
359 if (isEncrypt) {
360 ret = EVP_EncryptInit_ex(*ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL);
361 } else {
362 ret = EVP_DecryptInit_ex(*ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL);
363 }
364 if (ret != HKS_OPENSSL_SUCCESS) {
365 HksLogOpensslError();
366 EVP_CIPHER_CTX_free(*ctx);
367 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
368 }
369
370 ret = EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_AEAD_SET_IVLEN, aeadParam->nonce.size, NULL);
371 if (ret != HKS_OPENSSL_SUCCESS) {
372 HksLogOpensslError();
373 EVP_CIPHER_CTX_free(*ctx);
374 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
375 }
376
377 if (isEncrypt) {
378 ret = EVP_EncryptInit_ex(*ctx, NULL, NULL, key->data, aeadParam->nonce.data);
379 } else {
380 ret = EVP_DecryptInit_ex(*ctx, NULL, NULL, key->data, aeadParam->nonce.data);
381 }
382 if (ret != HKS_OPENSSL_SUCCESS) {
383 HksLogOpensslError();
384 EVP_CIPHER_CTX_free(*ctx);
385 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
386 }
387
388 return HKS_SUCCESS;
389 }
390
OpensslAesAeadEncryptFinal(EVP_CIPHER_CTX * ctx,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)391 static int32_t OpensslAesAeadEncryptFinal(EVP_CIPHER_CTX *ctx, const struct HksUsageSpec *usageSpec,
392 const struct HksBlob *message, struct HksBlob *cipherText, struct HksBlob *tagAead)
393 {
394 int outLen = 0;
395 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
396
397 if (EVP_EncryptUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size) != HKS_OPENSSL_SUCCESS) {
398 HksLogOpensslError();
399 EVP_CIPHER_CTX_free(ctx);
400 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
401 }
402
403 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
404 HksLogOpensslError();
405 EVP_CIPHER_CTX_free(ctx);
406 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
407 }
408 cipherText->size = (uint32_t)outLen;
409
410 if (EVP_EncryptFinal_ex(ctx, cipherText->data, &outLen) != HKS_OPENSSL_SUCCESS) {
411 HksLogOpensslError();
412 EVP_CIPHER_CTX_free(ctx);
413 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
414 }
415
416 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, HKS_AE_TAG_LEN, tagAead->data) != HKS_OPENSSL_SUCCESS) {
417 HksLogOpensslError();
418 EVP_CIPHER_CTX_free(ctx);
419 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
420 }
421
422 EVP_CIPHER_CTX_free(ctx);
423 return HKS_SUCCESS;
424 }
425
OpensslAesAeadDecryptFinal(EVP_CIPHER_CTX * ctx,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * plainText)426 static int32_t OpensslAesAeadDecryptFinal(
427 EVP_CIPHER_CTX *ctx, const struct HksUsageSpec *usageSpec, const struct HksBlob *message, struct HksBlob *plainText)
428 {
429 int outLen = 0;
430 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
431
432 if (EVP_DecryptUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size) != HKS_OPENSSL_SUCCESS) {
433 HksLogOpensslError();
434 EVP_CIPHER_CTX_free(ctx);
435 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
436 }
437
438 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
439 HksLogOpensslError();
440 EVP_CIPHER_CTX_free(ctx);
441 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
442 }
443 plainText->size = (uint32_t)outLen;
444
445 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, aeadParam->tagDec.size, aeadParam->tagDec.data) !=
446 HKS_OPENSSL_SUCCESS) {
447 HksLogOpensslError();
448 EVP_CIPHER_CTX_free(ctx);
449 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
450 }
451
452 if (EVP_DecryptFinal_ex(ctx, plainText->data, &outLen) != HKS_OPENSSL_SUCCESS) {
453 HksLogOpensslError();
454 EVP_CIPHER_CTX_free(ctx);
455 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
456 }
457
458 EVP_CIPHER_CTX_free(ctx);
459 return HKS_SUCCESS;
460 }
461
OpensslAesAeadCryptSetParam(const struct HksBlob * key,struct HksAeadParam * aeadParam,bool isEncrypt,EVP_CIPHER_CTX * ctx)462 static int32_t OpensslAesAeadCryptSetParam(const struct HksBlob *key, struct HksAeadParam *aeadParam,
463 bool isEncrypt, EVP_CIPHER_CTX *ctx)
464 {
465 if (aeadParam == NULL || key == NULL) {
466 return HKS_ERROR_INVALID_ARGUMENT;
467 }
468
469 int32_t ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, aeadParam->nonce.size, NULL);
470 if (ret != HKS_OPENSSL_SUCCESS) {
471 HksLogOpensslError();
472 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
473 }
474
475 if (isEncrypt) {
476 ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key->data, aeadParam->nonce.data);
477 } else {
478 ret = EVP_DecryptInit_ex(ctx, NULL, NULL, key->data, aeadParam->nonce.data);
479 }
480 if (ret != HKS_OPENSSL_SUCCESS) {
481 HksLogOpensslError();
482 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
483 }
484
485 return HKS_SUCCESS;
486 }
487
488
OpensslAesAeadCryptInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool isEncrypt,void ** cryptoCtx)489 static int32_t OpensslAesAeadCryptInit(
490 const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool isEncrypt, void **cryptoCtx)
491 {
492 int32_t ret;
493 int outLen = 0;
494 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
495 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
496 if (ctx == NULL) {
497 HksLogOpensslError();
498 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
499 }
500
501 if (isEncrypt) {
502 ret = EVP_EncryptInit_ex(ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL);
503 } else {
504 ret = EVP_DecryptInit_ex(ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL);
505 }
506 if (ret != HKS_OPENSSL_SUCCESS) {
507 HksLogOpensslError();
508 EVP_CIPHER_CTX_free(ctx);
509 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
510 }
511
512 ret = OpensslAesAeadCryptSetParam(key, aeadParam, isEncrypt, ctx);
513 if (ret != HKS_SUCCESS) {
514 HksLogOpensslError();
515 EVP_CIPHER_CTX_free(ctx);
516 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
517 }
518
519 if (isEncrypt) {
520 ret = EVP_EncryptUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size);
521 } else {
522 ret = EVP_DecryptUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size);
523 }
524 if (ret != HKS_OPENSSL_SUCCESS) {
525 HksLogOpensslError();
526 HKS_LOG_E("update aad faild, outLen->%" LOG_PUBLIC "d", outLen);
527 EVP_CIPHER_CTX_free(ctx);
528 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
529 }
530
531 struct HksOpensslBlockCipherCtx *outCtx =
532 (struct HksOpensslBlockCipherCtx *)HksMalloc(sizeof(HksOpensslBlockCipherCtx));
533 if (outCtx == NULL) {
534 HKS_LOG_E("HksOpensslBlockCipherCtx malloc fail");
535 EVP_CIPHER_CTX_free(ctx);
536 return HKS_ERROR_MALLOC_FAIL;
537 }
538 outCtx->algType = usageSpec->algType;
539 outCtx->mode = usageSpec->mode;
540 outCtx->padding = 0;
541 outCtx->append = (void *)ctx;
542
543 *cryptoCtx = (void *)outCtx;
544
545 return HKS_SUCCESS;
546 }
547
OpensslAesAeadEnryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)548 static int32_t OpensslAesAeadEnryptUpdate(void *cryptoCtx, const struct HksBlob *message,
549 struct HksBlob *cipherText)
550 {
551 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
552 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
553
554 int32_t outLen = 0;
555
556 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
557 HksLogOpensslError();
558 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
559 }
560 cipherText->size = (uint32_t)outLen;
561
562 return HKS_SUCCESS;
563 }
564
OpensslAesAeadDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText)565 static int32_t OpensslAesAeadDecryptUpdate(void *cryptoCtx,
566 const struct HksBlob *message, struct HksBlob *plainText)
567 {
568 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
569 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
570 int32_t outLen = 0;
571
572 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
573 HksLogOpensslError();
574 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
575 }
576
577 plainText->size = (uint32_t)outLen;
578
579 return HKS_SUCCESS;
580 }
581
OpensslAesAeadEncryptFinalGCM(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)582 static int32_t OpensslAesAeadEncryptFinalGCM(void **cryptoCtx, const struct HksBlob *message,
583 struct HksBlob *cipherText, struct HksBlob *tagAead)
584 {
585 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
586 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
587
588 if (ctx == NULL) {
589 HKS_FREE(*cryptoCtx);
590 return HKS_ERROR_NULL_POINTER;
591 }
592
593 int32_t ret = HKS_SUCCESS;
594 do {
595 int32_t outLen = 0;
596 if (message->size != 0) {
597 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data,
598 message->size) != HKS_OPENSSL_SUCCESS) {
599 HksLogOpensslError();
600 HKS_LOG_E("EVP_EncryptUpdate cipherText data faild, outLen->%" LOG_PUBLIC "d", outLen);
601 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
602 break;
603 }
604 }
605 cipherText->size = (uint32_t)outLen;
606
607 if (EVP_EncryptFinal_ex(ctx, cipherText->data + outLen, &outLen) != HKS_OPENSSL_SUCCESS) {
608 HksLogOpensslError();
609 HKS_LOG_E("EVP_EncryptFinal_ex faild, outLen->%" LOG_PUBLIC "d", outLen);
610 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
611 break;
612 }
613 cipherText->size += (uint32_t)outLen;
614 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, HKS_AE_TAG_LEN, tagAead->data) != HKS_OPENSSL_SUCCESS) {
615 HksLogOpensslError();
616 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
617 break;
618 }
619 } while (0);
620
621 EVP_CIPHER_CTX_free(ctx);
622 aesCtx->append = NULL;
623 HKS_FREE(*cryptoCtx);
624
625 return ret;
626 }
627
OpensslAesAeadDecryptFinalGCM(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText,struct HksBlob * tagAead)628 static int32_t OpensslAesAeadDecryptFinalGCM(void **cryptoCtx, const struct HksBlob *message,
629 struct HksBlob *plainText, struct HksBlob *tagAead)
630 {
631 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
632 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
633
634 if (ctx == NULL) {
635 HKS_FREE(aesCtx);
636 *cryptoCtx = NULL;
637 return HKS_ERROR_NULL_POINTER;
638 }
639
640 int32_t ret = HKS_SUCCESS;
641 do {
642 int32_t outLen = 0;
643 if (message->size != 0) {
644 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) !=
645 HKS_OPENSSL_SUCCESS) {
646 HksLogOpensslError();
647 HKS_LOG_E("EVP_DecryptUpdate plainText data faild, outLen->%" LOG_PUBLIC "d", outLen);
648 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
649 break;
650 }
651 }
652 plainText->size = (uint32_t)outLen;
653
654 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tagAead->size, tagAead->data) !=
655 HKS_OPENSSL_SUCCESS) {
656 HKS_LOG_E("EVP_CIPHER_CTX_ctrl failed, tagAead->size->%" LOG_PUBLIC "d", tagAead->size);
657 HksLogOpensslError();
658 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
659 break;
660 }
661
662 if (EVP_DecryptFinal_ex(ctx, plainText->data + outLen, &outLen) != HKS_OPENSSL_SUCCESS) {
663 HksLogOpensslError();
664 HKS_LOG_E("EVP_DecryptFinal_ex faild, outLen->%" LOG_PUBLIC "d", outLen);
665 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
666 break;
667 }
668 plainText->size += (uint32_t)outLen;
669 } while (0);
670
671 EVP_CIPHER_CTX_free(ctx);
672 aesCtx->append = NULL;
673 HKS_FREE(*cryptoCtx);
674 return ret;
675 }
676
OpensslAesAeadCipherSetParam(const struct HksBlob * key,const struct HksUsageSpec * spec,const bool isEncrypt,EVP_CIPHER_CTX * ctx)677 static int32_t OpensslAesAeadCipherSetParam(const struct HksBlob *key, const struct HksUsageSpec *spec,
678 const bool isEncrypt, EVP_CIPHER_CTX *ctx)
679 {
680 if (spec == NULL || key == NULL || ctx == NULL) {
681 return HKS_ERROR_INVALID_ARGUMENT;
682 }
683
684 struct HksAeadParam *aeadParam = (struct HksAeadParam *)spec->algParam;
685 if (aeadParam == NULL) {
686 HKS_LOG_E("aeadParam is null!");
687 return HKS_ERROR_INVALID_ARGUMENT;
688 }
689
690 if (!isEncrypt && spec->mode == HKS_MODE_CCM) {
691 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, aeadParam->tagDec.size, aeadParam->tagDec.data) !=
692 HKS_OPENSSL_SUCCESS) {
693 HKS_LOG_E("EVP_CIPHER_CTX_ctrl failed, tag aead size %" LOG_PUBLIC "d", aeadParam->tagDec.size);
694 HksLogOpensslError();
695 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
696 }
697 }
698
699 int32_t ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, aeadParam->nonce.size, NULL);
700 if (ret != HKS_OPENSSL_SUCCESS) {
701 HKS_LOG_E("set iv length error");
702 HksLogOpensslError();
703 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
704 }
705 int enc = (isEncrypt ? 1 : 0);
706 ret = EVP_CipherInit_ex(ctx, NULL, NULL, key->data, aeadParam->nonce.data, enc);
707 if (ret != HKS_OPENSSL_SUCCESS) {
708 HKS_LOG_E("set key and iv error");
709 HksLogOpensslError();
710 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
711 }
712
713 return HKS_SUCCESS;
714 }
715
OpensslAesAeadCipherInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool isEncrypt,void ** cryptoCtx)716 static int32_t OpensslAesAeadCipherInit(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
717 const bool isEncrypt, void **cryptoCtx)
718 {
719 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
720 if (ctx == NULL) {
721 HksLogOpensslError();
722 HKS_LOG_E("cipher init get ctx failed!");
723 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
724 }
725
726 int enc = (isEncrypt ? 1 : 0);
727 int32_t ret = EVP_CipherInit_ex(ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL, enc);
728 if (ret != HKS_OPENSSL_SUCCESS) {
729 HKS_LOG_E("EVP_CipherInit_ex exec failed!");
730 HksLogOpensslError();
731 EVP_CIPHER_CTX_free(ctx);
732 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
733 }
734
735 if (isEncrypt && usageSpec->mode == HKS_MODE_CCM) {
736 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, HKS_AE_TAG_LEN, NULL) != HKS_OPENSSL_SUCCESS) {
737 HKS_LOG_E("EVP_CIPHER_CTX_ctrl set tag len failed!");
738 HksLogOpensslError();
739 EVP_CIPHER_CTX_free(ctx);
740 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
741 }
742 }
743
744 ret = OpensslAesAeadCipherSetParam(key, usageSpec, isEncrypt, ctx);
745 if (ret != HKS_SUCCESS) {
746 HKS_LOG_E("OpensslAesAeadCipherSetParam set params failed!");
747 EVP_CIPHER_CTX_free(ctx);
748 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
749 }
750
751 struct HksOpensslBlockCipherCtx *outCtx =
752 (struct HksOpensslBlockCipherCtx *)HksMalloc(sizeof(HksOpensslBlockCipherCtx));
753 if (outCtx == NULL) {
754 HKS_LOG_E("HksOpensslBlockCipherCtx malloc fail");
755 EVP_CIPHER_CTX_free(ctx);
756 return HKS_ERROR_MALLOC_FAIL;
757 }
758 outCtx->algType = usageSpec->algType;
759 outCtx->mode = usageSpec->mode;
760 outCtx->padding = 0;
761 outCtx->append = (void *)ctx;
762
763 *cryptoCtx = (void *)outCtx;
764
765 return HKS_SUCCESS;
766 }
767
OpensslAesAeadCipherUpdate(void * cryptoCtx,const struct HksUsageSpec * usageSpec,const struct HksBlob * input,struct HksBlob * output)768 static int32_t OpensslAesAeadCipherUpdate(void *cryptoCtx, const struct HksUsageSpec *usageSpec,
769 const struct HksBlob *input, struct HksBlob *output)
770 {
771 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
772 int32_t outLen = output->size;
773
774 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
775 HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "EVP_CIPHER_CTX is null!")
776
777 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
778 HKS_IF_NULL_LOGE_RETURN(aeadParam, HKS_ERROR_INVALID_ARGUMENT, "aeadParam is null!")
779
780 if (aesCtx->mode == HKS_MODE_CCM) {
781 if (EVP_CipherUpdate(ctx, NULL, &outLen, NULL, input->size) != HKS_OPENSSL_SUCCESS) {
782 HksLogOpensslError();
783 HKS_LOG_E("cipher update set ccm data length failed!");
784 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
785 }
786 }
787
788 if (aeadParam->aad.size != 0) {
789 if (EVP_CipherUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size) != HKS_OPENSSL_SUCCESS) {
790 HksLogOpensslError();
791 HKS_LOG_E("update aad faild, outLen->%" LOG_PUBLIC "d", outLen);
792 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
793 }
794 }
795
796 if (EVP_CipherUpdate(ctx, output->data, &outLen, input->data, input->size) != HKS_OPENSSL_SUCCESS) {
797 HksLogOpensslError();
798 HKS_LOG_E("cipher update exec failed!");
799 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
800 }
801 output->size = (uint32_t)outLen;
802
803 return HKS_SUCCESS;
804 }
805
OpensslAesAeadCipherFinal(void ** cryptoCtx,const struct HksUsageSpec * usageSpec,bool isEncrypt,const struct HksBlob * input,struct HksBlob * output,struct HksBlob * tagAead)806 static int32_t OpensslAesAeadCipherFinal(void **cryptoCtx, const struct HksUsageSpec *usageSpec, bool isEncrypt,
807 const struct HksBlob *input, struct HksBlob *output, struct HksBlob *tagAead)
808 {
809 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
810 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
811 if (ctx == NULL) {
812 HKS_FREE(*cryptoCtx);
813 return HKS_ERROR_NULL_POINTER;
814 }
815
816 int32_t ret = HKS_SUCCESS;
817 do {
818 int32_t outLen = 0;
819 if (input->size != 0) {
820 ret = OpensslAesAeadCipherUpdate(*cryptoCtx, usageSpec, input, output);
821 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "cipher final update input data failed")
822 }
823
824 // for gcm mode in decrypt process need set aead tag before EVP_CipherFinal_ex
825 if (!isEncrypt && aesCtx->mode == HKS_MODE_GCM) {
826 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tagAead->size, tagAead->data) !=
827 HKS_OPENSSL_SUCCESS) {
828 HKS_LOG_E("EVP_CIPHER_CTX_ctrl failed, tagAead->size->%" LOG_PUBLIC "d", tagAead->size);
829 HksLogOpensslError();
830 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
831 break;
832 }
833 }
834
835 if (EVP_CipherFinal_ex(ctx, output->data + output->size, &outLen) != HKS_OPENSSL_SUCCESS) {
836 HksLogOpensslError();
837 HKS_LOG_E("EVP_CipherFinal_ex faild, outLen->%" LOG_PUBLIC "d", outLen);
838 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
839 break;
840 }
841 output->size += (uint32_t)outLen;
842
843 if (isEncrypt) {
844 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, HKS_AE_TAG_LEN, tagAead->data) != HKS_OPENSSL_SUCCESS) {
845 HksLogOpensslError();
846 HKS_LOG_E("EVP_CIPHER_CTX_ctrl get aead faild");
847 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
848 break;
849 }
850 }
851 } while (0);
852
853 EVP_CIPHER_CTX_free(ctx);
854 aesCtx->append = NULL;
855 HKS_FREE(*cryptoCtx);
856
857 return ret;
858 }
859 #endif
860
861 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
862 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
863 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
OpensslAesCipherInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool isEncrypt,EVP_CIPHER_CTX ** ctx)864 static int32_t OpensslAesCipherInit(
865 const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool isEncrypt, EVP_CIPHER_CTX **ctx)
866 {
867 int32_t ret;
868 struct HksCipherParam *cipherParam = (struct HksCipherParam *)usageSpec->algParam;
869
870 *ctx = EVP_CIPHER_CTX_new();
871 if (*ctx == NULL) {
872 HksLogOpensslError();
873 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
874 }
875
876 const EVP_CIPHER *cipher = GetAesCipherType(key->size, usageSpec->mode);
877 if (cipher == NULL) {
878 EVP_CIPHER_CTX_free(*ctx);
879 return HKS_ERROR_INVALID_ARGUMENT;
880 }
881
882 if (isEncrypt) {
883 ret = EVP_EncryptInit_ex(*ctx, cipher, NULL, NULL, NULL);
884 } else {
885 ret = EVP_DecryptInit_ex(*ctx, cipher, NULL, NULL, NULL);
886 }
887 if (ret != HKS_OPENSSL_SUCCESS) {
888 HksLogOpensslError();
889 EVP_CIPHER_CTX_free(*ctx);
890 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
891 }
892
893 if (isEncrypt) {
894 ret = EVP_EncryptInit_ex(*ctx, NULL, NULL, key->data, (cipherParam == NULL) ? NULL : cipherParam->iv.data);
895 } else {
896 ret = EVP_DecryptInit_ex(*ctx, NULL, NULL, key->data, (cipherParam == NULL) ? NULL : cipherParam->iv.data);
897 }
898 if (ret != HKS_OPENSSL_SUCCESS) {
899 HksLogOpensslError();
900 EVP_CIPHER_CTX_free(*ctx);
901 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
902 }
903
904 if (usageSpec->padding == HKS_PADDING_PKCS7) {
905 ret = EVP_CIPHER_CTX_set_padding(*ctx, OPENSSL_CTX_PADDING_ENABLE);
906 } else if (usageSpec->padding == HKS_PADDING_NONE) {
907 ret = EVP_CIPHER_CTX_set_padding(*ctx, OPENSSL_CTX_PADDING_NONE);
908 }
909 if (ret != HKS_OPENSSL_SUCCESS) {
910 HksLogOpensslError();
911 EVP_CIPHER_CTX_free(*ctx);
912 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
913 }
914
915 return HKS_SUCCESS;
916 }
917
OpensslAesCipherEncryptFinal(EVP_CIPHER_CTX * ctx,const struct HksBlob * message,struct HksBlob * cipherText)918 static int32_t OpensslAesCipherEncryptFinal(
919 EVP_CIPHER_CTX *ctx, const struct HksBlob *message, struct HksBlob *cipherText)
920 {
921 int32_t outLen = 0;
922
923 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
924 HksLogOpensslError();
925 EVP_CIPHER_CTX_free(ctx);
926 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
927 }
928 cipherText->size = (uint32_t)outLen;
929
930 if (EVP_EncryptFinal_ex(ctx, cipherText->data + outLen, &outLen) != HKS_OPENSSL_SUCCESS) {
931 HksLogOpensslError();
932 EVP_CIPHER_CTX_free(ctx);
933 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
934 }
935 cipherText->size += (uint32_t)outLen;
936
937 EVP_CIPHER_CTX_free(ctx);
938 return HKS_SUCCESS;
939 }
940
OpensslAesCipherDecryptFinal(EVP_CIPHER_CTX * ctx,const struct HksBlob * message,struct HksBlob * plainText)941 static int32_t OpensslAesCipherDecryptFinal(
942 EVP_CIPHER_CTX *ctx, const struct HksBlob *message, struct HksBlob *plainText)
943 {
944 int32_t outLen = 0;
945
946 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
947 HksLogOpensslError();
948 EVP_CIPHER_CTX_free(ctx);
949 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
950 }
951 plainText->size = (uint32_t)outLen;
952
953 if (EVP_DecryptFinal_ex(ctx, plainText->data + outLen, &outLen) != HKS_OPENSSL_SUCCESS) {
954 HksLogOpensslError();
955 EVP_CIPHER_CTX_free(ctx);
956 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
957 }
958 plainText->size += (uint32_t)outLen;
959
960 EVP_CIPHER_CTX_free(ctx);
961 return HKS_SUCCESS;
962 }
963 #endif
964
HksOpensslAesEncryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)965 int32_t HksOpensslAesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
966 {
967 int32_t ret;
968 switch (usageSpec->mode) {
969 #ifdef HKS_SUPPORT_AES_GCM
970 case HKS_MODE_GCM:
971 ret = OpensslAesAeadCryptInit(key, usageSpec, true, cryptoCtx);
972 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "OpensslAesAeadInit fail, ret = %" LOG_PUBLIC "d", ret)
973 break;
974 #endif
975 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
976 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
977 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
978 case HKS_MODE_CBC:
979 case HKS_MODE_CTR:
980 case HKS_MODE_ECB:
981 ret = OpensslBlockCipherCryptInit(key, usageSpec, true, cryptoCtx, GetAesCipherType);
982 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
983 "OpensslBlockCipherCryptInit for aes fail, ret = %" LOG_PUBLIC "d", ret)
984 break;
985 #endif
986 default:
987 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", usageSpec->mode);
988 return HKS_ERROR_INVALID_ARGUMENT;
989 }
990
991 return HKS_SUCCESS;
992 }
993
HksOpensslAesEncryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)994 int32_t HksOpensslAesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
995 {
996 struct HksOpensslBlockCipherCtx *contex = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
997 uint32_t mode = contex->mode;
998
999 int32_t ret;
1000 switch (mode) {
1001 #ifdef HKS_SUPPORT_AES_GCM
1002 case HKS_MODE_GCM:
1003 ret = OpensslAesAeadEnryptUpdate(cryptoCtx, message, cipherText);
1004 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1005 "OpensslAesAeadEnryptUpdate for aes fail, ret = %" LOG_PUBLIC "d", ret)
1006 break;
1007 #endif
1008 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1009 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1010 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1011 case HKS_MODE_CBC:
1012 case HKS_MODE_CTR:
1013 case HKS_MODE_ECB:
1014 ret = OpensslBlockCipherEncryptUpdate(cryptoCtx, message, cipherText);
1015 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1016 "OpensslBlockCipherEncryptUpdate for aes fail, ret = %" LOG_PUBLIC "d", ret)
1017 break;
1018 #endif
1019 default:
1020 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", mode);
1021 return HKS_ERROR_INVALID_ARGUMENT;
1022 }
1023
1024 return HKS_SUCCESS;
1025 }
1026
HksOpensslAesEncryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)1027 int32_t HksOpensslAesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
1028 struct HksBlob *tagAead)
1029 {
1030 struct HksOpensslBlockCipherCtx *contex = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
1031 uint32_t mode = contex->mode;
1032
1033 int32_t ret;
1034 switch (mode) {
1035 #ifdef HKS_SUPPORT_AES_GCM
1036 case HKS_MODE_GCM:
1037 ret = OpensslAesAeadEncryptFinalGCM(cryptoCtx, message, cipherText, tagAead);
1038 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1039 "OpensslAesAeadEncryptFinalGCM for aes fail, ret = %" LOG_PUBLIC "d", ret)
1040 break;
1041 #endif
1042 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1043 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1044 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1045 case HKS_MODE_CBC:
1046 case HKS_MODE_CTR:
1047 case HKS_MODE_ECB:
1048 ret = OpensslBlockCipherEncryptFinalThree(cryptoCtx, message, cipherText);
1049 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1050 "OpensslBlockCipherEncryptFinalThree for aes fail, ret = %" LOG_PUBLIC "d", ret)
1051 break;
1052 #endif
1053 default:
1054 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", mode);
1055 return HKS_ERROR_INVALID_ARGUMENT;
1056 }
1057
1058 return HKS_SUCCESS;
1059 }
1060
HksOpensslAesDecryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)1061 int32_t HksOpensslAesDecryptInit(void **cryptoCtx, const struct HksBlob *key,
1062 const struct HksUsageSpec *usageSpec)
1063 {
1064 int32_t ret;
1065 switch (usageSpec->mode) {
1066 case HKS_MODE_GCM:
1067 ret = OpensslAesAeadCryptInit(key, usageSpec, false, cryptoCtx);
1068 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1069 "OpensslAesAeadDecryptInit for aes fail, ret = %" LOG_PUBLIC "d", ret)
1070 break;
1071 case HKS_MODE_CBC:
1072 case HKS_MODE_CTR:
1073 case HKS_MODE_ECB:
1074 ret = OpensslBlockCipherCryptInit(key, usageSpec, false, cryptoCtx, GetAesCipherType);
1075 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1076 "OpensslBlockCipherCryptInit for aes fail, ret = %" LOG_PUBLIC "d", ret)
1077 break;
1078 default:
1079 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", usageSpec->mode);
1080 return HKS_ERROR_INVALID_ARGUMENT;
1081 }
1082
1083 return ret;
1084 }
1085
HksOpensslAesDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText)1086 int32_t HksOpensslAesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *plainText)
1087 {
1088 struct HksOpensslBlockCipherCtx *contex = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
1089 uint32_t mode = contex->mode;
1090
1091 int32_t ret;
1092 switch (mode) {
1093 case HKS_MODE_GCM:
1094 ret = OpensslAesAeadDecryptUpdate(cryptoCtx, message, plainText);
1095 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1096 "OpensslAesAeadDecryptUpdate for aes fail, ret = %" LOG_PUBLIC "d", ret)
1097 break;
1098 case HKS_MODE_CBC:
1099 case HKS_MODE_CTR:
1100 case HKS_MODE_ECB:
1101 ret = OpensslBlockCipherDecryptUpdate(cryptoCtx, message, plainText);
1102 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1103 "OpensslBlockCipherDecryptUpdate for aes fail, ret = %" LOG_PUBLIC "d", ret)
1104 break;
1105 default:
1106 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", mode);
1107 return HKS_ERROR_INVALID_ARGUMENT;
1108 }
1109
1110 return ret;
1111 }
1112
HksOpensslAesDecryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)1113 int32_t HksOpensslAesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
1114 struct HksBlob *tagAead)
1115 {
1116 struct HksOpensslBlockCipherCtx *contex = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
1117 uint32_t mode = contex->mode;
1118
1119 int32_t ret;
1120 switch (mode) {
1121 #ifdef HKS_SUPPORT_AES_GCM
1122 case HKS_MODE_GCM:
1123 ret = OpensslAesAeadDecryptFinalGCM(cryptoCtx, message, cipherText, tagAead);
1124 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1125 "OpensslAesAeadDecryptFinalGCM for aes fail, ret = %" LOG_PUBLIC "d", ret)
1126 break;
1127 #endif
1128 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1129 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1130 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1131 case HKS_MODE_CBC:
1132 case HKS_MODE_CTR:
1133 case HKS_MODE_ECB:
1134 ret = OpensslBlockCipherDecryptFinalThree(cryptoCtx, message, cipherText);
1135 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1136 "OpensslBlockCipherDecryptFinalThree for aes fail, ret = %" LOG_PUBLIC "d", ret)
1137 break;
1138 #endif
1139 default:
1140 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", mode);
1141 return HKS_ERROR_INVALID_ARGUMENT;
1142 }
1143
1144 return HKS_SUCCESS;
1145 }
1146
HksOpensslAesHalFreeCtx(void ** cryptoCtx)1147 void HksOpensslAesHalFreeCtx(void **cryptoCtx)
1148 {
1149 if (cryptoCtx == NULL || *cryptoCtx == NULL) {
1150 HKS_LOG_E("Openssl aes free ctx is null");
1151 return;
1152 }
1153
1154 struct HksOpensslBlockCipherCtx *opensslAesCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
1155 switch (opensslAesCtx->mode) {
1156 #ifdef HKS_SUPPORT_AES_GCM
1157 case HKS_MODE_GCM:
1158 if ((EVP_CIPHER_CTX *)opensslAesCtx->append != NULL) {
1159 EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)opensslAesCtx->append);
1160 opensslAesCtx->append = NULL;
1161 }
1162 break;
1163 #endif
1164 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1165 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1166 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1167 case HKS_MODE_CBC:
1168 case HKS_MODE_CTR:
1169 case HKS_MODE_ECB:
1170 if ((EVP_CIPHER_CTX *)opensslAesCtx->append != NULL) {
1171 EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)opensslAesCtx->append);
1172 opensslAesCtx->append = NULL;
1173 }
1174 break;
1175 #endif
1176 default:
1177 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", opensslAesCtx->mode);
1178 break;
1179 }
1180
1181 HKS_FREE(*cryptoCtx);
1182 }
1183
HksOpensslAesEncrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)1184 int32_t HksOpensslAesEncrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
1185 const struct HksBlob *message, struct HksBlob *cipherText, struct HksBlob *tagAead)
1186 {
1187 EVP_CIPHER_CTX *ctx = NULL;
1188 struct HksBlob tmpCipherText = *cipherText;
1189
1190 int32_t ret;
1191 switch (usageSpec->mode) {
1192 #ifdef HKS_SUPPORT_AES_GCM
1193 case HKS_MODE_GCM:
1194 ret = OpensslAesAeadInit(key, usageSpec, true, &ctx);
1195 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1196 "OpensslAesAeadInit for aes fail, ret = %" LOG_PUBLIC "d", ret)
1197
1198 ret = OpensslAesAeadEncryptFinal(ctx, usageSpec, message, &tmpCipherText, tagAead);
1199 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1200 "OpensslAesAeadEncryptFinal fail, ret = %" LOG_PUBLIC "d", ret)
1201 break;
1202 #endif
1203 #ifdef HKS_SUPPORT_AES_CCM
1204 case HKS_MODE_CCM:
1205 ret = OpensslAesAeadCipherInit(key, usageSpec, true, (void **)(&ctx));
1206 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1207 "OpensslAesAeadCipherInit for aes ccm enc fail, ret = %" LOG_PUBLIC "d", ret)
1208 ret = OpensslAesAeadCipherFinal((void **)(&ctx), usageSpec, true, message, &tmpCipherText, tagAead);
1209 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1210 "OpensslAesAeadCipherFinal for aes ccm enc fail, ret = %" LOG_PUBLIC "d", ret)
1211 break;
1212 #endif
1213 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1214 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1215 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1216 case HKS_MODE_CBC:
1217 case HKS_MODE_CTR:
1218 case HKS_MODE_ECB:
1219 ret = OpensslAesCipherInit(key, usageSpec, true, &ctx);
1220 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1221 "OpensslAesCipherInit fail, ret = %" LOG_PUBLIC "d", ret)
1222
1223 ret = OpensslAesCipherEncryptFinal(ctx, message, &tmpCipherText);
1224 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1225 "OpensslAesCipherEncryptFinal fail, ret = %" LOG_PUBLIC "d", ret)
1226 break;
1227 #endif
1228 default:
1229 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", usageSpec->mode);
1230 return HKS_ERROR_INVALID_ARGUMENT;
1231 }
1232
1233 cipherText->size = tmpCipherText.size;
1234 return HKS_SUCCESS;
1235 }
1236
HksOpensslAesDecrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * plainText)1237 int32_t HksOpensslAesDecrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
1238 const struct HksBlob *message, struct HksBlob *plainText)
1239 {
1240 EVP_CIPHER_CTX *ctx = NULL;
1241 struct HksBlob tmpPlainText = *plainText;
1242
1243 int32_t ret;
1244 switch (usageSpec->mode) {
1245 case HKS_MODE_GCM:
1246 ret = OpensslAesAeadInit(key, usageSpec, false, &ctx);
1247 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1248 "OpensslAesAeadDecryptInit fail, ret = %" LOG_PUBLIC "d", ret)
1249
1250 ret = OpensslAesAeadDecryptFinal(ctx, usageSpec, message, &tmpPlainText);
1251 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1252 "OpensslAesAeadDecryptFinal fail, ret = %" LOG_PUBLIC "d", ret)
1253 break;
1254 #ifdef HKS_SUPPORT_AES_CCM
1255 case HKS_MODE_CCM:
1256 ret = OpensslAesAeadCipherInit(key, usageSpec, false, (void **)(&ctx));
1257 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1258 "OpensslAesAeadCipherInit for aes ccm dec fail, ret = %" LOG_PUBLIC "d", ret)
1259 struct HksBlob tag = {0, NULL};
1260 ret = OpensslAesAeadCipherFinal((void **)(&ctx), usageSpec, false, message, &tmpPlainText, &tag);
1261 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1262 "OpensslAesAeadCipherFinal for aes ccm dec fail, ret = %" LOG_PUBLIC "d", ret)
1263 break;
1264 #endif
1265 case HKS_MODE_CBC:
1266 case HKS_MODE_CTR:
1267 case HKS_MODE_ECB:
1268 ret = OpensslAesCipherInit(key, usageSpec, false, &ctx);
1269 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1270 "OpensslAesCipherInit fail, ret = %" LOG_PUBLIC "d", ret)
1271
1272 ret = OpensslAesCipherDecryptFinal(ctx, message, &tmpPlainText);
1273 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1274 "OpensslAesCipherDecryptFinal fail, ret = %" LOG_PUBLIC "d", ret)
1275 break;
1276 default:
1277 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", usageSpec->mode);
1278 return HKS_ERROR_INVALID_ARGUMENT;
1279 }
1280
1281 plainText->size = tmpPlainText.size;
1282 return ret;
1283 }
1284 #endif
1285