1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #if defined(HITLS_CRYPTO_RSA_EMSA_PSS) || defined(HITLS_CRYPTO_RSAES_OAEP) || defined(HITLS_CRYPTO_SLH_DSA)
18
19 #include <stdlib.h>
20 #include "securec.h"
21 #include "bsl_err_internal.h"
22 #include "bsl_sal.h"
23 #include "crypt_errno.h"
24 #include "crypt_types.h"
25 #include "crypt_eal_md.h"
26 #include "crypt_utils.h"
27
28 #define UINT32_SIZE 4
29 #define HASH_MAX_MDSIZE (64)
30
31 // outlen should be hash len
CRYPT_CalcHash(const EAL_MdMethod * hashMethod,const CRYPT_ConstData * hashData,uint32_t size,uint8_t * out,uint32_t * outlen)32 int32_t CRYPT_CalcHash(const EAL_MdMethod *hashMethod, const CRYPT_ConstData *hashData, uint32_t size, uint8_t *out,
33 uint32_t *outlen)
34 {
35 void *mdCtx = hashMethod->newCtx();
36 if (mdCtx == NULL) {
37 BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
38 return CRYPT_MEM_ALLOC_FAIL;
39 }
40 int32_t ret = hashMethod->init(mdCtx, NULL);
41 if (ret != CRYPT_SUCCESS) {
42 BSL_ERR_PUSH_ERROR(ret);
43 goto EXIT;
44 }
45 for (uint32_t i = 0; i < size; i++) {
46 ret = hashMethod->update(mdCtx, hashData[i].data, hashData[i].len);
47 if (ret != CRYPT_SUCCESS) {
48 BSL_ERR_PUSH_ERROR(ret);
49 goto EXIT;
50 }
51 }
52 ret = hashMethod->final(mdCtx, out, outlen);
53 if (ret != CRYPT_SUCCESS) {
54 BSL_ERR_PUSH_ERROR(ret);
55 }
56 EXIT:
57 hashMethod->freeCtx(mdCtx);
58 return ret;
59 }
60
CRYPT_Mgf1(const EAL_MdMethod * hashMethod,const uint8_t * seed,const uint32_t seedLen,uint8_t * mask,uint32_t maskLen)61 int32_t CRYPT_Mgf1(const EAL_MdMethod *hashMethod, const uint8_t *seed, const uint32_t seedLen, uint8_t *mask,
62 uint32_t maskLen)
63 {
64 uint32_t hashLen = hashMethod->mdSize;
65 if (hashLen > HASH_MAX_MDSIZE) {
66 BSL_ERR_PUSH_ERROR(CRYPT_RSA_ERR_INPUT_VALUE);
67 return CRYPT_RSA_ERR_INPUT_VALUE;
68 }
69 uint8_t md[HASH_MAX_MDSIZE];
70 uint8_t counter[UINT32_SIZE];
71
72 const CRYPT_ConstData hashData[] = {
73 {seed, seedLen}, // mgfSeed
74 {counter, sizeof(counter)} // counter
75 };
76 int32_t ret = CRYPT_RSA_ERR_INPUT_VALUE;
77 uint32_t i, outLen, partLen;
78 for (i = 0, outLen = 0; outLen < maskLen; i++, outLen += partLen) {
79 PUT_UINT32_BE(i, counter, 0);
80 ret = CRYPT_CalcHash(hashMethod, hashData, sizeof(hashData) / sizeof(hashData[0]), md, &hashLen);
81 if (ret != CRYPT_SUCCESS) {
82 goto EXIT;
83 }
84 // Output the leading maskLen octets of T as the octet string mask
85 partLen = (outLen + hashLen <= maskLen) ? hashLen : (maskLen - outLen);
86 if (memcpy_s(mask + outLen, maskLen - outLen, md, partLen) != EOK) {
87 ret = CRYPT_SECUREC_FAIL;
88 BSL_ERR_PUSH_ERROR(ret);
89 goto EXIT;
90 }
91 }
92 EXIT:
93 BSL_SAL_CleanseData(md, sizeof(md));
94 return ret;
95 }
96
97 #endif
98