1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #ifdef HITLS_CRYPTO_PROVIDER
18
19 #include <stdint.h>
20 #include <string.h>
21 #include "bsl_sal.h"
22 #include "bsl_obj.h"
23 #include "bsl_errno.h"
24 #include "bsl_params.h"
25 #include "bsl_err_internal.h"
26 #include "crypt_utils.h"
27 #include "crypt_algid.h"
28 #include "crypt_errno.h"
29 #include "crypt_eal_implprovider.h"
30 #include "crypt_eal_provider.h"
31 #include "crypt_default_provderimpl.h"
32 #include "crypt_default_provider.h"
33 #include "crypt_provider.h"
34 #include "crypt_params_key.h"
35 #include "hitls_crypt_type.h"
36 #include "hitls_cert_type.h"
37 #include "hitls_type.h"
38
39 #define CRYPT_EAL_DEFAULT_ATTR "provider=default"
40
41 static const CRYPT_EAL_AlgInfo g_defEalMds[] = {
42 {CRYPT_MD_MD5, g_defEalMdMd5, CRYPT_EAL_DEFAULT_ATTR},
43 {CRYPT_MD_SHA1, g_defEalMdSha1, CRYPT_EAL_DEFAULT_ATTR},
44 {CRYPT_MD_SHA224, g_defEalMdSha224, CRYPT_EAL_DEFAULT_ATTR},
45 {CRYPT_MD_SHA256, g_defEalMdSha256, CRYPT_EAL_DEFAULT_ATTR},
46 {CRYPT_MD_SHA384, g_defEalMdSha384, CRYPT_EAL_DEFAULT_ATTR},
47 {CRYPT_MD_SHA512, g_defEalMdSha512, CRYPT_EAL_DEFAULT_ATTR},
48 {CRYPT_MD_SHA3_224, g_defEalMdSha3224, CRYPT_EAL_DEFAULT_ATTR},
49 {CRYPT_MD_SHA3_256, g_defEalMdSha3256, CRYPT_EAL_DEFAULT_ATTR},
50 {CRYPT_MD_SHA3_384, g_defEalMdSha3384, CRYPT_EAL_DEFAULT_ATTR},
51 {CRYPT_MD_SHA3_512, g_defEalMdSha3512, CRYPT_EAL_DEFAULT_ATTR},
52 {CRYPT_MD_SHAKE128, g_defEalMdShake128, CRYPT_EAL_DEFAULT_ATTR},
53 {CRYPT_MD_SHAKE256, g_defEalMdShake256, CRYPT_EAL_DEFAULT_ATTR},
54 {CRYPT_MD_SM3, g_defEalMdSm3, CRYPT_EAL_DEFAULT_ATTR},
55 CRYPT_EAL_ALGINFO_END
56 };
57
58
59 static const CRYPT_EAL_AlgInfo g_defEalKdfs[] = {
60 {CRYPT_KDF_SCRYPT, g_defEalKdfScrypt, CRYPT_EAL_DEFAULT_ATTR},
61 {CRYPT_KDF_PBKDF2, g_defEalKdfPBKdf2, CRYPT_EAL_DEFAULT_ATTR},
62 {CRYPT_KDF_KDFTLS12, g_defEalKdfKdfTLS12, CRYPT_EAL_DEFAULT_ATTR},
63 {CRYPT_KDF_HKDF, g_defEalKdfHkdf, CRYPT_EAL_DEFAULT_ATTR},
64 CRYPT_EAL_ALGINFO_END
65 };
66
67 static const CRYPT_EAL_AlgInfo g_defEalKeyMgmt[] = {
68 {CRYPT_PKEY_DSA, g_defEalKeyMgmtDsa, CRYPT_EAL_DEFAULT_ATTR},
69 {CRYPT_PKEY_ED25519, g_defEalKeyMgmtEd25519, CRYPT_EAL_DEFAULT_ATTR},
70 {CRYPT_PKEY_X25519, g_defEalKeyMgmtX25519, CRYPT_EAL_DEFAULT_ATTR},
71 {CRYPT_PKEY_RSA, g_defEalKeyMgmtRsa, CRYPT_EAL_DEFAULT_ATTR},
72 {CRYPT_PKEY_DH, g_defEalKeyMgmtDh, CRYPT_EAL_DEFAULT_ATTR},
73 {CRYPT_PKEY_ECDSA, g_defEalKeyMgmtEcdsa, CRYPT_EAL_DEFAULT_ATTR},
74 {CRYPT_PKEY_ECDH, g_defEalKeyMgmtEcdh, CRYPT_EAL_DEFAULT_ATTR},
75 {CRYPT_PKEY_SM2, g_defEalKeyMgmtSm2, CRYPT_EAL_DEFAULT_ATTR},
76 {CRYPT_PKEY_PAILLIER, g_defEalKeyMgmtPaillier, CRYPT_EAL_DEFAULT_ATTR},
77 {CRYPT_PKEY_ELGAMAL, g_defEalKeyMgmtElGamal, CRYPT_EAL_DEFAULT_ATTR},
78 {CRYPT_PKEY_SLH_DSA, g_defEalKeyMgmtSlhDsa, CRYPT_EAL_DEFAULT_ATTR},
79 {CRYPT_PKEY_ML_KEM, g_defEalKeyMgmtMlKem, CRYPT_EAL_DEFAULT_ATTR},
80 {CRYPT_PKEY_ML_DSA, g_defEalKeyMgmtMlDsa, CRYPT_EAL_DEFAULT_ATTR},
81 {CRYPT_PKEY_HYBRID_KEM, g_defEalKeyMgmtHybridKem, CRYPT_EAL_DEFAULT_ATTR},
82 CRYPT_EAL_ALGINFO_END
83 };
84
85 static const CRYPT_EAL_AlgInfo g_defEalAsymCiphers[] = {
86 {CRYPT_PKEY_RSA, g_defEalAsymCipherRsa, CRYPT_EAL_DEFAULT_ATTR},
87 {CRYPT_PKEY_SM2, g_defEalAsymCipherSm2, CRYPT_EAL_DEFAULT_ATTR},
88 {CRYPT_PKEY_PAILLIER, g_defEalAsymCipherPaillier, CRYPT_EAL_DEFAULT_ATTR},
89 {CRYPT_PKEY_ELGAMAL, g_defEalAsymCipherElGamal, CRYPT_EAL_DEFAULT_ATTR},
90 CRYPT_EAL_ALGINFO_END
91 };
92
93 static const CRYPT_EAL_AlgInfo g_defEalKeyExch[] = {
94 {CRYPT_PKEY_X25519, g_defEalExchX25519, CRYPT_EAL_DEFAULT_ATTR},
95 {CRYPT_PKEY_DH, g_defEalExchDh, CRYPT_EAL_DEFAULT_ATTR},
96 {CRYPT_PKEY_ECDH, g_defEalExchEcdh, CRYPT_EAL_DEFAULT_ATTR},
97 {CRYPT_PKEY_SM2, g_defEalExchSm2, CRYPT_EAL_DEFAULT_ATTR},
98 CRYPT_EAL_ALGINFO_END
99 };
100
101 static const CRYPT_EAL_AlgInfo g_defEalSigns[] = {
102 {CRYPT_PKEY_DSA, g_defEalSignDsa, CRYPT_EAL_DEFAULT_ATTR},
103 {CRYPT_PKEY_ED25519, g_defEalSignEd25519, CRYPT_EAL_DEFAULT_ATTR},
104 {CRYPT_PKEY_RSA, g_defEalSignRsa, CRYPT_EAL_DEFAULT_ATTR},
105 {CRYPT_PKEY_ECDSA, g_defEalSignEcdsa, CRYPT_EAL_DEFAULT_ATTR},
106 {CRYPT_PKEY_SM2, g_defEalSignSm2, CRYPT_EAL_DEFAULT_ATTR},
107 {CRYPT_PKEY_SLH_DSA, g_defEalSignSlhDsa, CRYPT_EAL_DEFAULT_ATTR},
108 {CRYPT_PKEY_ML_DSA, g_defEalSignMlDsa, CRYPT_EAL_DEFAULT_ATTR},
109 CRYPT_EAL_ALGINFO_END
110 };
111
112 static const CRYPT_EAL_AlgInfo g_defEalMacs[] = {
113 {CRYPT_MAC_HMAC_MD5, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
114 {CRYPT_MAC_HMAC_SHA1, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
115 {CRYPT_MAC_HMAC_SHA224, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
116 {CRYPT_MAC_HMAC_SHA256, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
117 {CRYPT_MAC_HMAC_SHA384, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
118 {CRYPT_MAC_HMAC_SHA512, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
119 {CRYPT_MAC_HMAC_SHA3_224, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
120 {CRYPT_MAC_HMAC_SHA3_256, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
121 {CRYPT_MAC_HMAC_SHA3_384, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
122 {CRYPT_MAC_HMAC_SHA3_512, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
123 {CRYPT_MAC_HMAC_SM3, g_defEalMacHmac, CRYPT_EAL_DEFAULT_ATTR},
124 {CRYPT_MAC_CMAC_AES128, g_defEalMacCmac, CRYPT_EAL_DEFAULT_ATTR},
125 {CRYPT_MAC_CMAC_AES192, g_defEalMacCmac, CRYPT_EAL_DEFAULT_ATTR},
126 {CRYPT_MAC_CMAC_AES256, g_defEalMacCmac, CRYPT_EAL_DEFAULT_ATTR},
127 {CRYPT_MAC_CMAC_SM4, g_defEalMacCmac, CRYPT_EAL_DEFAULT_ATTR},
128 {CRYPT_MAC_CBC_MAC_SM4, g_defEalMacCbcMac, CRYPT_EAL_DEFAULT_ATTR},
129 {CRYPT_MAC_SIPHASH64, g_defEalMacSiphash, CRYPT_EAL_DEFAULT_ATTR},
130 {CRYPT_MAC_SIPHASH128, g_defEalMacSiphash, CRYPT_EAL_DEFAULT_ATTR},
131 {CRYPT_MAC_GMAC_AES128, g_defEalMacGmac, CRYPT_EAL_DEFAULT_ATTR},
132 {CRYPT_MAC_GMAC_AES192, g_defEalMacGmac, CRYPT_EAL_DEFAULT_ATTR},
133 {CRYPT_MAC_GMAC_AES256, g_defEalMacGmac, CRYPT_EAL_DEFAULT_ATTR},
134 CRYPT_EAL_ALGINFO_END
135 };
136
137 static const CRYPT_EAL_AlgInfo g_defEalRands[] = {
138 {CRYPT_RAND_SHA1, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
139 {CRYPT_RAND_SHA224, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
140 {CRYPT_RAND_SHA256, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
141 {CRYPT_RAND_SHA384, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
142 {CRYPT_RAND_SHA512, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
143 {CRYPT_RAND_SM3, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
144 {CRYPT_RAND_HMAC_SHA1, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
145 {CRYPT_RAND_HMAC_SHA224, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
146 {CRYPT_RAND_HMAC_SHA256, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
147 {CRYPT_RAND_HMAC_SHA384, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
148 {CRYPT_RAND_HMAC_SHA512, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
149 {CRYPT_RAND_AES128_CTR, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
150 {CRYPT_RAND_AES192_CTR, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
151 {CRYPT_RAND_AES256_CTR, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
152 {CRYPT_RAND_AES128_CTR_DF, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
153 {CRYPT_RAND_AES192_CTR_DF, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
154 {CRYPT_RAND_AES256_CTR_DF, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
155 {CRYPT_RAND_SM4_CTR_DF, g_defEalRand, CRYPT_EAL_DEFAULT_ATTR},
156 CRYPT_EAL_ALGINFO_END
157 };
158
159 static const CRYPT_EAL_AlgInfo g_defEalCiphers[] = {
160 {CRYPT_CIPHER_AES128_CBC, g_defEalCbc, CRYPT_EAL_DEFAULT_ATTR},
161 {CRYPT_CIPHER_AES192_CBC, g_defEalCbc, CRYPT_EAL_DEFAULT_ATTR},
162 {CRYPT_CIPHER_AES256_CBC, g_defEalCbc, CRYPT_EAL_DEFAULT_ATTR},
163 {CRYPT_CIPHER_AES128_CTR, g_defEalCtr, CRYPT_EAL_DEFAULT_ATTR},
164 {CRYPT_CIPHER_AES192_CTR, g_defEalCtr, CRYPT_EAL_DEFAULT_ATTR},
165 {CRYPT_CIPHER_AES256_CTR, g_defEalCtr, CRYPT_EAL_DEFAULT_ATTR},
166 {CRYPT_CIPHER_AES128_ECB, g_defEalEcb, CRYPT_EAL_DEFAULT_ATTR},
167 {CRYPT_CIPHER_AES192_ECB, g_defEalEcb, CRYPT_EAL_DEFAULT_ATTR},
168 {CRYPT_CIPHER_AES256_ECB, g_defEalEcb, CRYPT_EAL_DEFAULT_ATTR},
169 {CRYPT_CIPHER_AES128_CCM, g_defEalCcm, CRYPT_EAL_DEFAULT_ATTR},
170 {CRYPT_CIPHER_AES192_CCM, g_defEalCcm, CRYPT_EAL_DEFAULT_ATTR},
171 {CRYPT_CIPHER_AES256_CCM, g_defEalCcm, CRYPT_EAL_DEFAULT_ATTR},
172 {CRYPT_CIPHER_AES128_GCM, g_defEalGcm, CRYPT_EAL_DEFAULT_ATTR},
173 {CRYPT_CIPHER_AES192_GCM, g_defEalGcm, CRYPT_EAL_DEFAULT_ATTR},
174 {CRYPT_CIPHER_AES256_GCM, g_defEalGcm, CRYPT_EAL_DEFAULT_ATTR},
175 {CRYPT_CIPHER_AES128_XTS, g_defEalXts, CRYPT_EAL_DEFAULT_ATTR},
176 {CRYPT_CIPHER_AES256_XTS, g_defEalXts, CRYPT_EAL_DEFAULT_ATTR},
177 {CRYPT_CIPHER_CHACHA20_POLY1305, g_defEalChaCha, CRYPT_EAL_DEFAULT_ATTR},
178 {CRYPT_CIPHER_SM4_XTS, g_defEalXts, CRYPT_EAL_DEFAULT_ATTR},
179 {CRYPT_CIPHER_SM4_CBC, g_defEalCbc, CRYPT_EAL_DEFAULT_ATTR},
180 {CRYPT_CIPHER_SM4_ECB, g_defEalEcb, CRYPT_EAL_DEFAULT_ATTR},
181 {CRYPT_CIPHER_SM4_CTR, g_defEalCtr, CRYPT_EAL_DEFAULT_ATTR},
182 {CRYPT_CIPHER_SM4_GCM, g_defEalGcm, CRYPT_EAL_DEFAULT_ATTR},
183 {CRYPT_CIPHER_SM4_CFB, g_defEalCfb, CRYPT_EAL_DEFAULT_ATTR},
184 {CRYPT_CIPHER_SM4_OFB, g_defEalOfb, CRYPT_EAL_DEFAULT_ATTR},
185 {CRYPT_CIPHER_AES128_CFB, g_defEalCfb, CRYPT_EAL_DEFAULT_ATTR},
186 {CRYPT_CIPHER_AES192_CFB, g_defEalCfb, CRYPT_EAL_DEFAULT_ATTR},
187 {CRYPT_CIPHER_AES256_CFB, g_defEalCfb, CRYPT_EAL_DEFAULT_ATTR},
188 {CRYPT_CIPHER_AES128_OFB, g_defEalOfb, CRYPT_EAL_DEFAULT_ATTR},
189 {CRYPT_CIPHER_AES192_OFB, g_defEalOfb, CRYPT_EAL_DEFAULT_ATTR},
190 {CRYPT_CIPHER_AES256_OFB, g_defEalOfb, CRYPT_EAL_DEFAULT_ATTR},
191 CRYPT_EAL_ALGINFO_END
192 };
193
194 static const CRYPT_EAL_AlgInfo g_defEalKems[] = {
195 {CRYPT_PKEY_ML_KEM, g_defEalMlKem, CRYPT_EAL_DEFAULT_ATTR},
196 {CRYPT_PKEY_HYBRID_KEM, g_defEalHybridKeyKem, CRYPT_EAL_DEFAULT_ATTR},
197 CRYPT_EAL_ALGINFO_END
198 };
199
200 static const CRYPT_EAL_AlgInfo g_defEalDecoders[] = {
201 {BSL_CID_DECODE_UNKNOWN, g_defEalPem2Der,
202 "provider=default, inFormat=PEM, outFormat=ASN1"},
203 {BSL_CID_DECODE_UNKNOWN, g_defEalPrvP8Enc2P8,
204 "provider=default, inFormat=ASN1, inType=PRIKEY_PKCS8_ENCRYPT, outFormat=ASN1, outType=PRIKEY_PKCS8_UNENCRYPT"},
205 {CRYPT_PKEY_RSA, g_defEalRsaPrvDer2Key,
206 "provider=default, inFormat=ASN1, inType=PRIKEY_RSA, outFormat=OBJECT, outType=LOW_KEY"},
207 {CRYPT_PKEY_RSA, g_defEalRsaPubDer2Key,
208 "provider=default, inFormat=ASN1, inType=PUBKEY_RSA, outFormat=OBJECT, outType=LOW_KEY"},
209 {CRYPT_PKEY_ECDSA, g_defEalEcdsaPrvDer2Key,
210 "provider=default, inFormat=ASN1, inType=PRIKEY_ECC, outFormat=OBJECT, outType=LOW_KEY"},
211 {CRYPT_PKEY_SM2, g_defEalSm2PrvDer2Key,
212 "provider=default, inFormat=ASN1, inType=PRIKEY_ECC, outFormat=OBJECT, outType=LOW_KEY"},
213 {CRYPT_PKEY_RSA, g_defEalP8Der2RsaKey,
214 "provider=default, inFormat=ASN1, inType=PRIKEY_PKCS8_UNENCRYPT, outFormat=OBJECT, outType=LOW_KEY"},
215 {CRYPT_PKEY_ECDSA, g_defEalP8Der2EcdsaKey,
216 "provider=default, inFormat=ASN1, inType=PRIKEY_PKCS8_UNENCRYPT, outFormat=OBJECT, outType=LOW_KEY"},
217 {CRYPT_PKEY_SM2, g_defEalP8Der2Sm2Key,
218 "provider=default, inFormat=ASN1, inType=PRIKEY_PKCS8_UNENCRYPT, outFormat=OBJECT, outType=LOW_KEY"},
219 {CRYPT_PKEY_ED25519, g_defEalP8Der2Ed25519Key,
220 "provider=default, inFormat=ASN1, inType=PRIKEY_PKCS8_UNENCRYPT, outFormat=OBJECT, outType=LOW_KEY"},
221 {CRYPT_PKEY_RSA, g_defEalSubPubKeyDer2RsaKey,
222 "provider=default, inFormat=ASN1, inType=PUBKEY_SUBKEY, outFormat=OBJECT, outType=LOW_KEY"},
223 {CRYPT_PKEY_ECDSA, g_defEalSubPubKeyDer2EcdsaKey,
224 "provider=default, inFormat=ASN1, inType=PUBKEY_SUBKEY, outFormat=OBJECT, outType=LOW_KEY"},
225 {CRYPT_PKEY_SM2, g_defEalSubPubKeyDer2Sm2Key,
226 "provider=default, inFormat=ASN1, inType=PUBKEY_SUBKEY, outFormat=OBJECT, outType=LOW_KEY"},
227 {CRYPT_PKEY_ED25519, g_defEalSubPubKeyDer2Ed25519Key,
228 "provider=default, inFormat=ASN1, inType=PUBKEY_SUBKEY, outFormat=OBJECT, outType=LOW_KEY"},
229 {CRYPT_PKEY_RSA, g_defEalSubPubKeyWithoutSeqDer2RsaKey,
230 "provider=default, inFormat=ASN1, inType=PUBKEY_SUBKEY_WITHOUT_SEQ, outFormat=OBJECT, outType=LOW_KEY"},
231 {CRYPT_PKEY_ECDSA, g_defEalSubPubKeyWithoutSeqDer2EcdsaKey,
232 "provider=default, inFormat=ASN1, inType=PUBKEY_SUBKEY_WITHOUT_SEQ, outFormat=OBJECT, outType=LOW_KEY"},
233 {CRYPT_PKEY_SM2, g_defEalSubPubKeyWithoutSeqDer2Sm2Key,
234 "provider=default, inFormat=ASN1, inType=PUBKEY_SUBKEY_WITHOUT_SEQ, outFormat=OBJECT, outType=LOW_KEY"},
235 {CRYPT_PKEY_ED25519, g_defEalSubPubKeyWithoutSeqDer2Ed25519Key,
236 "provider=default, inFormat=ASN1, inType=PUBKEY_SUBKEY_WITHOUT_SEQ, outFormat=OBJECT, outType=LOW_KEY"},
237 {BSL_CID_DECODE_UNKNOWN, g_defEalLowKeyObject2PkeyObject,
238 "provider=default, inFormat=OBJECT, inType=LOW_KEY, outFormat=OBJECT, outType=HIGH_KEY"},
239 CRYPT_EAL_ALGINFO_END
240 };
241
CRYPT_EAL_DefaultProvQuery(void * provCtx,int32_t operaId,const CRYPT_EAL_AlgInfo ** algInfos)242 static int32_t CRYPT_EAL_DefaultProvQuery(void *provCtx, int32_t operaId, const CRYPT_EAL_AlgInfo **algInfos)
243 {
244 (void)provCtx;
245 int32_t ret = CRYPT_SUCCESS;
246 switch (operaId) {
247 case CRYPT_EAL_OPERAID_SYMMCIPHER:
248 *algInfos = g_defEalCiphers;
249 break;
250 case CRYPT_EAL_OPERAID_KEYMGMT:
251 *algInfos = g_defEalKeyMgmt;
252 break;
253 case CRYPT_EAL_OPERAID_SIGN:
254 *algInfos = g_defEalSigns;
255 break;
256 case CRYPT_EAL_OPERAID_ASYMCIPHER:
257 *algInfos = g_defEalAsymCiphers;
258 break;
259 case CRYPT_EAL_OPERAID_KEYEXCH:
260 *algInfos = g_defEalKeyExch;
261 break;
262 case CRYPT_EAL_OPERAID_KEM:
263 *algInfos = g_defEalKems;
264 break;
265 case CRYPT_EAL_OPERAID_HASH:
266 *algInfos = g_defEalMds;
267 break;
268 case CRYPT_EAL_OPERAID_MAC:
269 *algInfos = g_defEalMacs;
270 break;
271 case CRYPT_EAL_OPERAID_KDF:
272 *algInfos = g_defEalKdfs;
273 break;
274 case CRYPT_EAL_OPERAID_RAND:
275 *algInfos = g_defEalRands;
276 break;
277 case CRYPT_EAL_OPERAID_DECODER:
278 *algInfos = g_defEalDecoders;
279 break;
280 default:
281 ret = CRYPT_NOT_SUPPORT;
282 break;
283 }
284 return ret;
285 }
286
CRYPT_EAL_DefaultProvFree(void * provCtx)287 static void CRYPT_EAL_DefaultProvFree(void *provCtx)
288 {
289 BSL_SAL_Free(provCtx);
290 }
291
292 #define TLS_GROUP_PARAM_COUNT 11
293 #define TLS_SIGN_SCHEME_PARAM_COUNT 18
294 typedef struct {
295 const char *name; // group name
296 int32_t paraId; // parameter id CRYPT_PKEY_ParaId
297 int32_t algId; // algorithm id CRYPT_PKEY_AlgId
298 int32_t secBits; // security bits
299 uint16_t groupId; // iana group id, HITLS_NamedGroup
300 int32_t pubkeyLen; // public key length(CH keyshare / SH keyshare)
301 int32_t sharedkeyLen; // shared key length
302 int32_t ciphertextLen; // ciphertext length(SH keyshare)
303 uint32_t versionBits; // TLS_VERSION_MASK
304 bool isKem; // true: KEM, false: KEX
305 } TLS_GroupInfo;
306
307 static const TLS_GroupInfo g_tlsGroupInfo[] = {
308 {
309 "x25519",
310 CRYPT_PKEY_PARAID_MAX,
311 CRYPT_PKEY_X25519,
312 128, // secBits
313 HITLS_EC_GROUP_CURVE25519, // groupId
314 32, 32, 0, // pubkeyLen=32, sharedkeyLen=32 (256 bits)
315 TLS_VERSION_MASK | DTLS_VERSION_MASK, // versionBits
316 false,
317 },
318 #ifdef HITLS_TLS_FEATURE_KEM
319 {
320 "X25519MLKEM768",
321 CRYPT_HYBRID_X25519_MLKEM768,
322 CRYPT_PKEY_HYBRID_KEM,
323 192, // secBits
324 HITLS_HYBRID_X25519_MLKEM768, // groupId
325 1184 + 32, 32 + 32, 1088 + 32, // pubkeyLen=1216, sharedkeyLen=64, ciphertextLen=1120
326 TLS13_VERSION_BIT, // versionBits
327 true,
328 },
329 {
330 "SecP256r1MLKEM768",
331 CRYPT_HYBRID_ECDH_NISTP256_MLKEM768,
332 CRYPT_PKEY_HYBRID_KEM,
333 192, // secBits
334 HITLS_HYBRID_ECDH_NISTP256_MLKEM768, // groupId
335 1184 + 65, 32 + 32, 1088 + 65, // pubkeyLen=1249, sharedkeyLen=64, ciphertextLen=1153
336 TLS13_VERSION_BIT, // versionBits
337 true,
338 },
339 {
340 "SecP384r1MLKEM1024",
341 CRYPT_HYBRID_ECDH_NISTP384_MLKEM1024,
342 CRYPT_PKEY_HYBRID_KEM,
343 256, // secBits
344 HITLS_HYBRID_ECDH_NISTP384_MLKEM1024, // groupId
345 1568 + 97, 32 + 48, 1568 + 97, // pubkeyLen=1665, sharedkeyLen=80, ciphertextLen=1665
346 TLS13_VERSION_BIT, // versionBits
347 true,
348 },
349 #endif /* HITLS_TLS_FEATURE_KEM */
350 {
351 "secp256r1",
352 CRYPT_ECC_NISTP256, // CRYPT_ECC_NISTP256
353 CRYPT_PKEY_ECDH, // CRYPT_PKEY_ECDH
354 128, // secBits
355 HITLS_EC_GROUP_SECP256R1, // groupId
356 65, 32, 0, // pubkeyLen=65, sharedkeyLen=32 (256 bits)
357 TLS_VERSION_MASK | DTLS_VERSION_MASK, // versionBits
358 false,
359 },
360 {
361 "secp384r1",
362 CRYPT_ECC_NISTP384, // CRYPT_ECC_NISTP384
363 CRYPT_PKEY_ECDH, // CRYPT_PKEY_ECDH
364 192, // secBits
365 HITLS_EC_GROUP_SECP384R1, // groupId
366 97, 48, 0, // pubkeyLen=97, sharedkeyLen=48 (384 bits)
367 TLS_VERSION_MASK | DTLS_VERSION_MASK, // versionBits
368 false,
369 },
370 {
371 "secp521r1",
372 CRYPT_ECC_NISTP521, // CRYPT_ECC_NISTP521
373 CRYPT_PKEY_ECDH, // CRYPT_PKEY_ECDH
374 256, // secBits
375 HITLS_EC_GROUP_SECP521R1, // groupId
376 133, 66, 0, // pubkeyLen=133, sharedkeyLen=66 (521 bits)
377 TLS_VERSION_MASK | DTLS_VERSION_MASK, // versionBits
378 false,
379 },
380 {
381 "brainpoolP256r1",
382 CRYPT_ECC_BRAINPOOLP256R1, // CRYPT_ECC_BRAINPOOLP256R1
383 CRYPT_PKEY_ECDH, // CRYPT_PKEY_ECDH
384 128, // secBits
385 HITLS_EC_GROUP_BRAINPOOLP256R1, // groupId
386 65, 32, 0, // pubkeyLen=65, sharedkeyLen=32 (256 bits)
387 TLS10_VERSION_BIT | TLS11_VERSION_BIT | TLS12_VERSION_BIT | DTLS_VERSION_MASK, // versionBits
388 false,
389 },
390 {
391 "brainpoolP384r1",
392 CRYPT_ECC_BRAINPOOLP384R1, // CRYPT_ECC_BRAINPOOLP384R1
393 CRYPT_PKEY_ECDH, // CRYPT_PKEY_ECDH
394 192, // secBits
395 HITLS_EC_GROUP_BRAINPOOLP384R1, // groupId
396 97, 48, 0, // pubkeyLen=97, sharedkeyLen=48 (384 bits)
397 TLS10_VERSION_BIT | TLS11_VERSION_BIT | TLS12_VERSION_BIT | DTLS_VERSION_MASK, // versionBits
398 false,
399 },
400 {
401 "brainpoolP512r1",
402 CRYPT_ECC_BRAINPOOLP512R1, // CRYPT_ECC_BRAINPOOLP512R1
403 CRYPT_PKEY_ECDH, // CRYPT_PKEY_ECDH
404 256, // secBits
405 HITLS_EC_GROUP_BRAINPOOLP512R1, // groupId
406 129, 64, 0, // pubkeyLen=129, sharedkeyLen=64 (512 bits)
407 TLS10_VERSION_BIT | TLS11_VERSION_BIT | TLS12_VERSION_BIT | DTLS_VERSION_MASK, // versionBits
408 false,
409 },
410 {
411 "sm2",
412 CRYPT_PKEY_PARAID_MAX, // CRYPT_PKEY_PARAID_MAX
413 CRYPT_PKEY_SM2, // CRYPT_PKEY_SM2
414 128, // secBits
415 HITLS_EC_GROUP_SM2, // groupId
416 65, 32, 0, // pubkeyLen=65, sharedkeyLen=32 (256 bits)
417 TLCP11_VERSION_BIT | DTLCP11_VERSION_BIT, // versionBits
418 false,
419 },
420 {
421 "ffdhe8192",
422 CRYPT_DH_RFC7919_8192, // CRYPT_DH_8192
423 CRYPT_PKEY_DH, // CRYPT_PKEY_DH
424 192, // secBits
425 HITLS_FF_DHE_8192, // groupId
426 1024, 1024, 0, // pubkeyLen=1024, sharedkeyLen=1024 (8192 bits)
427 TLS13_VERSION_BIT, // versionBits
428 false,
429 },
430 {
431 "ffdhe6144",
432 CRYPT_DH_RFC7919_6144, // CRYPT_DH_6144
433 CRYPT_PKEY_DH, // CRYPT_PKEY_DH
434 128, // secBits
435 HITLS_FF_DHE_6144, // groupId
436 768, 768, 0, // pubkeyLen=768, sharedkeyLen=768 (6144 bits)
437 TLS13_VERSION_BIT, // versionBits
438 false,
439 },
440 {
441 "ffdhe4096",
442 CRYPT_DH_RFC7919_4096, // CRYPT_DH_4096
443 CRYPT_PKEY_DH, // CRYPT_PKEY_DH
444 128, // secBits
445 HITLS_FF_DHE_4096, // groupId
446 512, 512, 0, // pubkeyLen=512, sharedkeyLen=512 (4096 bits)
447 TLS13_VERSION_BIT, // versionBits
448 false,
449 },
450 {
451 "ffdhe3072",
452 CRYPT_DH_RFC7919_3072, // Fixed constant name
453 CRYPT_PKEY_DH,
454 128,
455 HITLS_FF_DHE_3072,
456 384, 384, 0, // pubkeyLen=384, sharedkeyLen=384 (3072 bits)
457 TLS13_VERSION_BIT,
458 false,
459 },
460 {
461 "ffdhe2048",
462 CRYPT_DH_RFC7919_2048, // CRYPT_DH_2048
463 CRYPT_PKEY_DH, // CRYPT_PKEY_DH
464 112, // secBits
465 HITLS_FF_DHE_2048, // groupId
466 256, 256, 0, // pubkeyLen=256, sharedkeyLen=256 (2048 bits)
467 TLS13_VERSION_BIT, // versionBits
468 false,
469 }
470 };
471
BuildTlsGroupParam(const TLS_GroupInfo * groupInfo,BSL_Param * param)472 static int32_t BuildTlsGroupParam(const TLS_GroupInfo *groupInfo, BSL_Param *param)
473 {
474 int32_t ret = 0;
475 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[0], CRYPT_PARAM_CAP_TLS_GROUP_IANA_GROUP_NAME,
476 BSL_PARAM_TYPE_OCTETS_PTR, (void *)(uintptr_t)groupInfo->name, (uint32_t)strlen(groupInfo->name)), ret);
477 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[1], CRYPT_PARAM_CAP_TLS_GROUP_IANA_GROUP_ID, BSL_PARAM_TYPE_UINT16,
478 (void *)(uintptr_t)&(groupInfo->groupId), sizeof(groupInfo->groupId)), ret);
479 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[2], CRYPT_PARAM_CAP_TLS_GROUP_PARA_ID, BSL_PARAM_TYPE_INT32,
480 (void *)(uintptr_t)&(groupInfo->paraId), sizeof(groupInfo->paraId)), ret);
481 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[3], CRYPT_PARAM_CAP_TLS_GROUP_ALG_ID, BSL_PARAM_TYPE_INT32,
482 (void *)(uintptr_t)&(groupInfo->algId), sizeof(groupInfo->algId)), ret);
483 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[4], CRYPT_PARAM_CAP_TLS_GROUP_SEC_BITS, BSL_PARAM_TYPE_INT32,
484 (void *)(uintptr_t)&(groupInfo->secBits), sizeof(groupInfo->secBits)), ret);
485 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[5], CRYPT_PARAM_CAP_TLS_GROUP_VERSION_BITS, BSL_PARAM_TYPE_UINT32,
486 (void *)(uintptr_t)&(groupInfo->versionBits), sizeof(groupInfo->versionBits)), ret);
487 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[6], CRYPT_PARAM_CAP_TLS_GROUP_IS_KEM, BSL_PARAM_TYPE_BOOL,
488 (void *)(uintptr_t)&(groupInfo->isKem), sizeof(groupInfo->isKem)), ret);
489 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[7], CRYPT_PARAM_CAP_TLS_GROUP_PUBKEY_LEN, BSL_PARAM_TYPE_INT32,
490 (void *)(uintptr_t)&(groupInfo->pubkeyLen), sizeof(groupInfo->pubkeyLen)), ret);
491 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[8], CRYPT_PARAM_CAP_TLS_GROUP_SHAREDKEY_LEN, BSL_PARAM_TYPE_INT32,
492 (void *)(uintptr_t)&(groupInfo->sharedkeyLen), sizeof(groupInfo->sharedkeyLen)), ret);
493 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[9], CRYPT_PARAM_CAP_TLS_GROUP_CIPHERTEXT_LEN, BSL_PARAM_TYPE_INT32,
494 (void *)(uintptr_t)&(groupInfo->ciphertextLen), sizeof(groupInfo->ciphertextLen)), ret);
495
496 return ret;
497 }
498
CryptGetGroupCaps(CRYPT_EAL_ProcessFuncCb cb,void * args)499 static int32_t CryptGetGroupCaps(CRYPT_EAL_ProcessFuncCb cb, void *args)
500 {
501 for (size_t i = 0; i < sizeof(g_tlsGroupInfo) / sizeof(g_tlsGroupInfo[0]); i++) {
502 BSL_Param param[TLS_GROUP_PARAM_COUNT] = {0};
503 int32_t ret = BuildTlsGroupParam(&g_tlsGroupInfo[i], param);
504 if (ret != BSL_SUCCESS) {
505 return ret;
506 }
507 ret = cb(param, args);
508 if (ret != CRYPT_SUCCESS) {
509 return ret;
510 }
511 }
512 return CRYPT_SUCCESS;
513 }
514 typedef struct {
515 const char *name; // name
516 uint16_t signatureScheme; // HITLS_SignHashAlgo, IANA specified
517 int32_t keyType; // HITLS_CERT_KeyType
518 int32_t paraId; // CRYPT_PKEY_ParaId
519 int32_t signHashAlgId; // combined sign hash algorithm id
520 int32_t signAlgId; // CRYPT_PKEY_AlgId
521 int32_t hashAlgId; // CRYPT_MD_AlgId
522 int32_t secBits; // security bits
523 uint32_t certVersionBits; // TLS_VERSION_MASK
524 uint32_t chainVersionBits; // TLS_VERSION_MASK
525 } TLS_SigSchemeInfo;
526
527 static const TLS_SigSchemeInfo g_signSchemeInfo[] = {
528 {
529 "ecdsa_secp521r1_sha512",
530 CERT_SIG_SCHEME_ECDSA_SECP521R1_SHA512,
531 TLS_CERT_KEY_TYPE_ECDSA,
532 CRYPT_ECC_NISTP521,
533 BSL_CID_ECDSAWITHSHA512,
534 HITLS_SIGN_ECDSA,
535 HITLS_HASH_SHA_512,
536 256,
537 TLS_VERSION_MASK | DTLS_VERSION_MASK,
538 TLS_VERSION_MASK | DTLS_VERSION_MASK,
539 },
540 {
541 "ecdsa_secp384r1_sha384",
542 CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384,
543 TLS_CERT_KEY_TYPE_ECDSA,
544 CRYPT_ECC_NISTP384,
545 BSL_CID_ECDSAWITHSHA384,
546 HITLS_SIGN_ECDSA,
547 HITLS_HASH_SHA_384,
548 192,
549 TLS_VERSION_MASK | DTLS_VERSION_MASK,
550 TLS_VERSION_MASK | DTLS_VERSION_MASK,
551 },
552 {
553 "ed25519",
554 CERT_SIG_SCHEME_ED25519,
555 TLS_CERT_KEY_TYPE_ED25519,
556 CRYPT_PKEY_PARAID_MAX,
557 BSL_CID_ED25519,
558 HITLS_SIGN_ED25519,
559 HITLS_HASH_SHA_512,
560 128,
561 TLS_VERSION_MASK | DTLS_VERSION_MASK,
562 TLS_VERSION_MASK | DTLS_VERSION_MASK,
563 },
564 {
565 "ecdsa_secp256r1_sha256",
566 CERT_SIG_SCHEME_ECDSA_SECP256R1_SHA256,
567 TLS_CERT_KEY_TYPE_ECDSA,
568 CRYPT_ECC_NISTP256,
569 BSL_CID_ECDSAWITHSHA256,
570 HITLS_SIGN_ECDSA,
571 HITLS_HASH_SHA_256,
572 128,
573 TLS_VERSION_MASK | DTLS_VERSION_MASK,
574 TLS_VERSION_MASK | DTLS_VERSION_MASK,
575 },
576 {
577 "sm2_sm3",
578 CERT_SIG_SCHEME_SM2_SM3,
579 TLS_CERT_KEY_TYPE_SM2,
580 CRYPT_PKEY_PARAID_MAX,
581 BSL_CID_SM2DSAWITHSM3,
582 HITLS_SIGN_SM2,
583 HITLS_HASH_SM3,
584 128,
585 TLCP11_VERSION_BIT | DTLCP11_VERSION_BIT,
586 TLCP11_VERSION_BIT | DTLCP11_VERSION_BIT,
587 },
588 {
589 "rsa_pss_pss_sha512",
590 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA512,
591 TLS_CERT_KEY_TYPE_RSA_PSS,
592 CRYPT_PKEY_PARAID_MAX,
593 BSL_CID_RSASSAPSS,
594 HITLS_SIGN_RSA_PSS,
595 HITLS_HASH_SHA_512,
596 256,
597 TLS_VERSION_MASK | DTLS_VERSION_MASK,
598 TLS_VERSION_MASK | DTLS_VERSION_MASK,
599 },
600 {
601 "rsa_pss_pss_sha384",
602 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA384,
603 TLS_CERT_KEY_TYPE_RSA_PSS,
604 CRYPT_PKEY_PARAID_MAX,
605 BSL_CID_RSASSAPSS,
606 HITLS_SIGN_RSA_PSS,
607 HITLS_HASH_SHA_384,
608 192,
609 TLS_VERSION_MASK | DTLS_VERSION_MASK,
610 TLS_VERSION_MASK | DTLS_VERSION_MASK,
611 },
612 {
613 "rsa_pss_pss_sha256",
614 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA256,
615 TLS_CERT_KEY_TYPE_RSA_PSS,
616 CRYPT_PKEY_PARAID_MAX,
617 BSL_CID_RSASSAPSS,
618 HITLS_SIGN_RSA_PSS,
619 HITLS_HASH_SHA_256,
620 128,
621 TLS_VERSION_MASK | DTLS_VERSION_MASK,
622 TLS_VERSION_MASK | DTLS_VERSION_MASK,
623 },
624 {
625 "rsa_pss_rsae_sha512",
626 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA512,
627 TLS_CERT_KEY_TYPE_RSA,
628 CRYPT_PKEY_PARAID_MAX,
629 BSL_CID_RSASSAPSS,
630 HITLS_SIGN_RSA_PSS,
631 HITLS_HASH_SHA_512,
632 256,
633 TLS_VERSION_MASK | DTLS_VERSION_MASK,
634 TLS_VERSION_MASK | DTLS_VERSION_MASK,
635 },
636 {
637 "rsa_pss_rsae_sha384",
638 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA384,
639 TLS_CERT_KEY_TYPE_RSA,
640 CRYPT_PKEY_PARAID_MAX,
641 BSL_CID_RSASSAPSS,
642 HITLS_SIGN_RSA_PSS,
643 HITLS_HASH_SHA_384,
644 192,
645 TLS_VERSION_MASK | DTLS_VERSION_MASK,
646 TLS_VERSION_MASK | DTLS_VERSION_MASK,
647 },
648 {
649 "rsa_pss_rsae_sha256",
650 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA256,
651 TLS_CERT_KEY_TYPE_RSA,
652 CRYPT_PKEY_PARAID_MAX,
653 BSL_CID_RSASSAPSS,
654 HITLS_SIGN_RSA_PSS,
655 HITLS_HASH_SHA_256,
656 128,
657 TLS_VERSION_MASK | DTLS_VERSION_MASK,
658 TLS_VERSION_MASK | DTLS_VERSION_MASK,
659 },
660 {
661 "rsa_pkcs1_sha512",
662 CERT_SIG_SCHEME_RSA_PKCS1_SHA512,
663 TLS_CERT_KEY_TYPE_RSA,
664 CRYPT_PKEY_PARAID_MAX,
665 BSL_CID_SHA512WITHRSAENCRYPTION,
666 HITLS_SIGN_RSA_PKCS1_V15,
667 HITLS_HASH_SHA_512,
668 256,
669 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
670 TLS_VERSION_MASK | DTLS_VERSION_MASK,
671 },
672 {
673 "dsa_sha512",
674 CERT_SIG_SCHEME_DSA_SHA512,
675 TLS_CERT_KEY_TYPE_DSA,
676 CRYPT_PKEY_PARAID_MAX,
677 BSL_CID_DSAWITHSHA512,
678 HITLS_SIGN_DSA,
679 HITLS_HASH_SHA_512,
680 256,
681 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
682 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
683 },
684 {
685 "rsa_pkcs1_sha384",
686 CERT_SIG_SCHEME_RSA_PKCS1_SHA384,
687 TLS_CERT_KEY_TYPE_RSA,
688 CRYPT_PKEY_PARAID_MAX,
689 BSL_CID_SHA384WITHRSAENCRYPTION,
690 HITLS_SIGN_RSA_PKCS1_V15,
691 HITLS_HASH_SHA_384,
692 192,
693 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
694 TLS_VERSION_MASK | DTLS_VERSION_MASK,
695 },
696 {
697 "dsa_sha384",
698 CERT_SIG_SCHEME_DSA_SHA384,
699 TLS_CERT_KEY_TYPE_DSA,
700 CRYPT_PKEY_PARAID_MAX,
701 BSL_CID_DSAWITHSHA384,
702 HITLS_SIGN_DSA,
703 HITLS_HASH_SHA_384,
704 192,
705 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
706 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
707 },
708 {
709 "rsa_pkcs1_sha256",
710 CERT_SIG_SCHEME_RSA_PKCS1_SHA256,
711 TLS_CERT_KEY_TYPE_RSA,
712 CRYPT_PKEY_PARAID_MAX,
713 BSL_CID_SHA256WITHRSAENCRYPTION,
714 HITLS_SIGN_RSA_PKCS1_V15,
715 HITLS_HASH_SHA_256,
716 128,
717 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
718 TLS_VERSION_MASK | DTLS_VERSION_MASK,
719 },
720 {
721 "dsa_sha256",
722 CERT_SIG_SCHEME_DSA_SHA256,
723 TLS_CERT_KEY_TYPE_DSA,
724 CRYPT_PKEY_PARAID_MAX,
725 BSL_CID_DSAWITHSHA256,
726 HITLS_SIGN_DSA,
727 HITLS_HASH_SHA_256,
728 128,
729 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
730 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
731 },
732 {
733 "ecdsa_sha224",
734 CERT_SIG_SCHEME_ECDSA_SHA224,
735 TLS_CERT_KEY_TYPE_ECDSA,
736 CRYPT_PKEY_PARAID_MAX,
737 BSL_CID_ECDSAWITHSHA224,
738 HITLS_SIGN_ECDSA,
739 HITLS_HASH_SHA_224,
740 112,
741 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
742 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
743 },
744 {
745 "rsa_pkcs1_sha224",
746 CERT_SIG_SCHEME_RSA_PKCS1_SHA224,
747 TLS_CERT_KEY_TYPE_RSA,
748 CRYPT_PKEY_PARAID_MAX,
749 BSL_CID_SHA224WITHRSAENCRYPTION,
750 HITLS_SIGN_RSA_PKCS1_V15,
751 HITLS_HASH_SHA_224,
752 112,
753 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
754 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
755 },
756 {
757 "dsa_sha224",
758 CERT_SIG_SCHEME_DSA_SHA224,
759 TLS_CERT_KEY_TYPE_DSA,
760 CRYPT_PKEY_PARAID_MAX,
761 BSL_CID_DSAWITHSHA224,
762 HITLS_SIGN_DSA,
763 HITLS_HASH_SHA_224,
764 112,
765 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
766 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
767 },
768 {
769 "ecdsa_sha1",
770 CERT_SIG_SCHEME_ECDSA_SHA1,
771 TLS_CERT_KEY_TYPE_ECDSA,
772 CRYPT_PKEY_PARAID_MAX,
773 BSL_CID_ECDSAWITHSHA1,
774 HITLS_SIGN_ECDSA,
775 HITLS_HASH_SHA1,
776 -1,
777 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
778 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
779 },
780 {
781 "rsa_pkcs1_sha1",
782 CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
783 TLS_CERT_KEY_TYPE_RSA,
784 CRYPT_PKEY_PARAID_MAX,
785 BSL_CID_SHA1WITHRSA,
786 HITLS_SIGN_RSA_PKCS1_V15,
787 HITLS_HASH_SHA1,
788 -1,
789 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
790 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
791 },
792 {
793 "dsa_sha1",
794 CERT_SIG_SCHEME_DSA_SHA1,
795 TLS_CERT_KEY_TYPE_DSA,
796 CRYPT_PKEY_PARAID_MAX,
797 BSL_CID_DSAWITHSHA1,
798 HITLS_SIGN_DSA,
799 HITLS_HASH_SHA1,
800 -1,
801 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
802 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
803 },
804
805 };
806
BuildTlsSigAlgParam(const TLS_SigSchemeInfo * sigSchemeInfo,BSL_Param * param)807 static int32_t BuildTlsSigAlgParam(const TLS_SigSchemeInfo *sigSchemeInfo, BSL_Param *param)
808 {
809 int32_t ret = 0;
810 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[0], CRYPT_PARAM_CAP_TLS_SIGNALG_IANA_SIGN_NAME,
811 BSL_PARAM_TYPE_OCTETS_PTR, (void *)(uintptr_t)sigSchemeInfo->name, (uint32_t)strlen(sigSchemeInfo->name)), ret);
812 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[1], CRYPT_PARAM_CAP_TLS_SIGNALG_IANA_SIGN_ID, BSL_PARAM_TYPE_UINT16,
813 (void *)(uintptr_t)&(sigSchemeInfo->signatureScheme), sizeof(sigSchemeInfo->signatureScheme)), ret);
814 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[2], CRYPT_PARAM_CAP_TLS_SIGNALG_KEY_TYPE, BSL_PARAM_TYPE_INT32,
815 (void *)(uintptr_t)&(sigSchemeInfo->keyType), sizeof(sigSchemeInfo->keyType)), ret);
816 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[3], CRYPT_PARAM_CAP_TLS_SIGNALG_PARA_ID, BSL_PARAM_TYPE_INT32,
817 (void *)(uintptr_t)&(sigSchemeInfo->paraId), sizeof(sigSchemeInfo->paraId)), ret);
818 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[4], CRYPT_PARAM_CAP_TLS_SIGNALG_SIGNWITHMD_ID, BSL_PARAM_TYPE_INT32,
819 (void *)(uintptr_t)&(sigSchemeInfo->signHashAlgId), sizeof(sigSchemeInfo->signHashAlgId)), ret);
820 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[5], CRYPT_PARAM_CAP_TLS_SIGNALG_SIGN_ID, BSL_PARAM_TYPE_INT32,
821 (void *)(uintptr_t)&(sigSchemeInfo->signAlgId), sizeof(sigSchemeInfo->signAlgId)), ret);
822 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[6], CRYPT_PARAM_CAP_TLS_SIGNALG_MD_ID, BSL_PARAM_TYPE_INT32,
823 (void *)(uintptr_t)&(sigSchemeInfo->hashAlgId), sizeof(sigSchemeInfo->hashAlgId)), ret);
824 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[7], CRYPT_PARAM_CAP_TLS_SIGNALG_SEC_BITS, BSL_PARAM_TYPE_INT32,
825 (void *)(uintptr_t)&(sigSchemeInfo->secBits), sizeof(sigSchemeInfo->secBits)), ret);
826 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[8], CRYPT_PARAM_CAP_TLS_SIGNALG_CERT_VERSION_BITS,
827 BSL_PARAM_TYPE_UINT32, (void *)(uintptr_t)&(sigSchemeInfo->certVersionBits),
828 sizeof(sigSchemeInfo->certVersionBits)), ret);
829 RETURN_RET_IF_ERR_EX(BSL_PARAM_InitValue(¶m[9], CRYPT_PARAM_CAP_TLS_SIGNALG_CHAIN_VERSION_BITS,
830 BSL_PARAM_TYPE_UINT32, (void *)(uintptr_t)&(sigSchemeInfo->chainVersionBits),
831 sizeof(sigSchemeInfo->chainVersionBits)), ret);
832
833 return ret;
834 }
835
CryptGetSignAlgCaps(CRYPT_EAL_ProcessFuncCb cb,void * args)836 static int32_t CryptGetSignAlgCaps(CRYPT_EAL_ProcessFuncCb cb, void *args)
837 {
838 for (size_t i = 0; i < sizeof(g_signSchemeInfo) / sizeof(g_signSchemeInfo[0]); i++) {
839 BSL_Param param[TLS_SIGN_SCHEME_PARAM_COUNT] = {0};
840 int32_t ret = BuildTlsSigAlgParam(&g_signSchemeInfo[i], param);
841 if (ret != BSL_SUCCESS) {
842 return ret;
843 }
844 ret = cb(param, args);
845 if (ret != CRYPT_SUCCESS) {
846 return ret;
847 }
848 }
849 return CRYPT_SUCCESS;
850 }
851
CRYPT_EAL_DefaultProvGetCaps(void * provCtx,int32_t cmd,CRYPT_EAL_ProcessFuncCb cb,void * args)852 static int32_t CRYPT_EAL_DefaultProvGetCaps(void *provCtx, int32_t cmd, CRYPT_EAL_ProcessFuncCb cb, void *args)
853 {
854 (void)provCtx;
855 if (cb == NULL) {
856 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
857 return CRYPT_NULL_INPUT;
858 }
859 switch (cmd) {
860 case CRYPT_EAL_GET_GROUP_CAP:
861 return CryptGetGroupCaps(cb, args);
862 case CRYPT_EAL_GET_SIGALG_CAP:
863 return CryptGetSignAlgCaps(cb, args);
864 default:
865 BSL_ERR_PUSH_ERROR(CRYPT_NOT_SUPPORT);
866 return CRYPT_NOT_SUPPORT;
867 }
868 }
869
870 static CRYPT_EAL_Func g_defEalProvOutFuncs[] = {
871 {CRYPT_EAL_PROVCB_QUERY, CRYPT_EAL_DefaultProvQuery},
872 {CRYPT_EAL_PROVCB_FREE, CRYPT_EAL_DefaultProvFree},
873 {CRYPT_EAL_PROVCB_CTRL, NULL},
874 {CRYPT_EAL_PROVCB_GETCAPS, CRYPT_EAL_DefaultProvGetCaps},
875 CRYPT_EAL_FUNC_END
876 };
877
878 #ifdef HITLS_CRYPTO_ENTROPY
879 static void *g_providerSeedCtx = NULL;
880 static CRYPT_RandSeedMethod g_providerSeedMethod = {0};
881
CRYPT_EAL_ProviderGetSeed(CRYPT_RandSeedMethod ** method,void ** seedCtx)882 int32_t CRYPT_EAL_ProviderGetSeed(CRYPT_RandSeedMethod **method, void **seedCtx)
883 {
884 if (method == NULL || seedCtx == NULL) {
885 BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
886 return CRYPT_NULL_INPUT;
887 }
888 *method = &g_providerSeedMethod;
889 *seedCtx = g_providerSeedCtx;
890 return CRYPT_SUCCESS;
891 }
892 #endif
893
CRYPT_EAL_DefaultProvInit(CRYPT_EAL_ProvMgrCtx * mgrCtx,BSL_Param * param,CRYPT_EAL_Func * capFuncs,CRYPT_EAL_Func ** outFuncs,void ** provCtx)894 int32_t CRYPT_EAL_DefaultProvInit(CRYPT_EAL_ProvMgrCtx *mgrCtx, BSL_Param *param,
895 CRYPT_EAL_Func *capFuncs, CRYPT_EAL_Func **outFuncs, void **provCtx)
896 {
897 (void)param;
898 void *libCtx = NULL;
899 CRYPT_EAL_ProvMgrCtrlCb mgrCtrl = NULL;
900 int32_t index = 0;
901 int32_t ret;
902 while (capFuncs[index].id != 0) {
903 switch (capFuncs[index].id) {
904 #ifdef HITLS_CRYPTO_ENTROPY_DEFAULT
905 case CRYPT_EAL_CAP_GETENTROPY:
906 g_providerSeedMethod.getEntropy = capFuncs[index].func;
907 break;
908 case CRYPT_EAL_CAP_CLEANENTROPY:
909 g_providerSeedMethod.cleanEntropy = capFuncs[index].func;
910 break;
911 case CRYPT_EAL_CAP_GETNONCE:
912 g_providerSeedMethod.getNonce = capFuncs[index].func;
913 break;
914 case CRYPT_EAL_CAP_CLEANNONCE:
915 g_providerSeedMethod.cleanNonce = capFuncs[index].func;
916 break;
917 #endif
918 case CRYPT_EAL_CAP_MGRCTXCTRL:
919 mgrCtrl = capFuncs[index].func;
920 break;
921 default:
922 break;
923 }
924 index++;
925 }
926 if (mgrCtrl == NULL) {
927 return CRYPT_PROVIDER_NOT_SUPPORT;
928 }
929 #ifdef HITLS_CRYPTO_ENTROPY_DEFAULT
930 RETURN_RET_IF_ERR_EX(mgrCtrl(mgrCtx, CRYPT_EAL_MGR_GETSEEDCTX, &g_providerSeedCtx, 0), ret);
931 #endif
932 RETURN_RET_IF_ERR_EX(mgrCtrl(mgrCtx, CRYPT_EAL_MGR_GETLIBCTX, &libCtx, 0), ret);
933 CRYPT_EAL_DefProvCtx *temp = BSL_SAL_Malloc(sizeof(CRYPT_EAL_DefProvCtx));
934 if (temp == NULL) {
935 BSL_ERR_PUSH_ERROR(BSL_MALLOC_FAIL);
936 return BSL_MALLOC_FAIL;
937 }
938 temp->libCtx = libCtx;
939 *provCtx = temp;
940 *outFuncs = g_defEalProvOutFuncs;
941 return CRYPT_SUCCESS;
942 }
943
944 #endif /* HITLS_CRYPTO_PROVIDER */
945