1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include <unistd.h>
17 #include <stdbool.h>
18 #include <stdio.h>
19 #include "hitls_build.h"
20 #include "crypt_eal_pkey.h"
21 #include "hlt_type.h"
22 #include "hitls_cert_type.h"
23 #include "hitls_cert.h"
24 #include "hitls_type.h"
25 #include "hitls_cert_reg.h"
26 #include "hitls_config.h"
27 #include "hitls_cert.h"
28 #include "hitls_cert_init.h"
29 #include "bsl_sal.h"
30 #include "bsl_log.h"
31 #include "bsl_err.h"
32 #include "logger.h"
33 #include "tls_config.h"
34 #include "tls.h"
35 #include "bsl_list.h"
36 #include "hitls_x509_adapt.h"
37 #include "hitls_cert_init.h"
38 #include "hitls_pki_x509.h"
39 #include "cert_method.h"
40
41 #define SUCCESS 0
42 #define ERROR (-1)
43 #define SINGLE_CERT_LEN (512)
44 #define CERT_FILE_LEN (4 * 1024)
45
RegCertCallback(CertCallbackType type)46 int32_t RegCertCallback(CertCallbackType type)
47 {
48 switch (type) {
49 case CERT_CALLBACK_DEFAULT:
50 #ifndef HITLS_TLS_FEATURE_PROVIDER
51 HITLS_CertMethodInit();
52 #endif
53 break;
54 default:
55 return ERROR;
56 }
57 return SUCCESS;
58 }
59
BinLogFixLenFunc(uint32_t logId,uint32_t logLevel,uint32_t logType,void * format,void * para1,void * para2,void * para3,void * para4)60 void BinLogFixLenFunc(uint32_t logId, uint32_t logLevel, uint32_t logType,
61 void *format, void *para1, void *para2, void *para3, void *para4)
62 {
63 (void)logLevel;
64 (void)logType;
65 printf("logId:%u\t", logId);
66 printf(format, para1, para2, para3, para4);
67 printf("\n");
68 return;
69 }
70
BinLogVarLenFunc(uint32_t logId,uint32_t logLevel,uint32_t logType,void * format,void * para)71 void BinLogVarLenFunc(uint32_t logId, uint32_t logLevel, uint32_t logType, void *format, void *para)
72 {
73 (void)logLevel;
74 (void)logType;
75 printf("logId:%u\t", logId);
76 printf(format, para);
77 printf("\n");
78 return;
79 }
80
RegDefaultMemCallback(void)81 void RegDefaultMemCallback(void)
82 {
83 BSL_SAL_CallBack_Ctrl(BSL_SAL_MEM_MALLOC, malloc);
84 BSL_SAL_CallBack_Ctrl(BSL_SAL_MEM_FREE, free);
85 BSL_ERR_Init();
86 BSL_LOG_SetBinLogLevel(BSL_LOG_LEVEL_DEBUG);
87 #ifdef TLS_DEBUG
88 BSL_LOG_BinLogFuncs logFunc = { BinLogFixLenFunc, BinLogVarLenFunc };
89 BSL_LOG_RegBinLogFunc(&logFunc);
90 #endif
91 LOG_DEBUG("HiTLS RegDefaultMemCallback");
92 return;
93 }
94
RegMemCallback(MemCallbackType type)95 int32_t RegMemCallback(MemCallbackType type)
96 {
97 switch (type) {
98 case MEM_CALLBACK_DEFAULT : RegDefaultMemCallback(); break;
99 default:
100 return ERROR;
101 }
102 return SUCCESS;
103 }
104
HiTLS_X509_LoadCertFile(HITLS_Config * tlsCfg,const char * file)105 HITLS_CERT_X509 *HiTLS_X509_LoadCertFile(HITLS_Config *tlsCfg, const char *file)
106 {
107 #ifdef HITLS_TLS_FEATURE_PROVIDER
108 HITLS_Lib_Ctx *libCtx = LIBCTX_FROM_CONFIG(tlsCfg);
109 const char *attrName = ATTRIBUTE_FROM_CONFIG(tlsCfg);
110 return HITLS_CERT_ProviderCertParse(libCtx, attrName, (const uint8_t *)file, strlen(file) + 1,
111 TLS_PARSE_TYPE_FILE, "ASN1");
112 #else
113 return HITLS_X509_Adapt_CertParse(tlsCfg, (const uint8_t *)file, strlen(file) + 1, TLS_PARSE_TYPE_FILE,
114 TLS_PARSE_FORMAT_ASN1);
115 #endif
116 }
117
HiTLS_X509_LoadCertListToStore(HITLS_Config * tlsCfg,const char * fileList)118 void *HiTLS_X509_LoadCertListToStore(HITLS_Config *tlsCfg, const char *fileList)
119 {
120 int32_t ret;
121 char certList[MAX_CERT_LEN] = {0};
122 char certPath[SINGLE_CERT_LEN] = {0};
123
124 ret = memcpy_s(certList, MAX_CERT_LEN, fileList, strlen(fileList));
125 if (ret != EOK) {
126 LOG_ERROR("memcpy_s Error");
127 return NULL;
128 }
129
130 void *store = SAL_CERT_StoreNew(tlsCfg->certMgrCtx);
131 if(store == NULL){
132 LOG_ERROR("SAL_CERT_StoreNew Error");
133 return NULL;
134 }
135
136 char *rest = NULL;
137 char *token = strtok_s(certList, ":", &rest);
138 do {
139 (void)memset_s(certPath, SINGLE_CERT_LEN, 0, SINGLE_CERT_LEN);
140 ret = sprintf_s(certPath, SINGLE_CERT_LEN, "%s%s", DEFAULT_CERT_PATH, token);
141 if (ret <= 0) {
142 LOG_ERROR("sprintf_s Error");
143 HITLS_X509_StoreCtxFree(store);
144 return NULL;
145 }
146 LOG_DEBUG("Load Cert Path is %s", certPath);
147
148 HITLS_CERT_X509 *cert = HiTLS_X509_LoadCertFile(tlsCfg, certPath);
149 if (cert == NULL) {
150 HITLS_X509_StoreCtxFree(store);
151 return NULL;
152 }
153 ret = HITLS_X509_Adapt_StoreCtrl(tlsCfg, store, CERT_STORE_CTRL_ADD_CERT_LIST, cert, NULL);
154 if (ret != SUCCESS) {
155 LOG_ERROR("X509_STORE_add_cert Error: path = %s.", certPath);
156 HITLS_X509_StoreCtxFree(store);
157 return NULL;
158 }
159 token = strtok_s(NULL, ":", &rest);
160 } while (token != NULL);
161
162 return store;
163 }
164
HITLS_X509_LoadEECertList(HITLS_Config * tlsCfg,const char * eeFileList,bool isEnc)165 int32_t HITLS_X509_LoadEECertList(HITLS_Config *tlsCfg, const char *eeFileList, bool isEnc)
166 {
167 int32_t ret;
168 HITLS_CERT_X509 *cert = NULL;
169 char certList[MAX_CERT_LEN] = {0};
170 char certPath[SINGLE_CERT_LEN] = {0};
171
172 ret = memcpy_s(certList, MAX_CERT_LEN, eeFileList, strlen(eeFileList));
173 if (ret != EOK) {
174 LOG_ERROR("memcpy_s Error");
175 return ERROR;
176 }
177
178 char *rest = NULL;
179 char *token = strtok_s(certList, ":", &rest);
180 do {
181 (void)memset_s(certPath, SINGLE_CERT_LEN, 0, SINGLE_CERT_LEN);
182 ret = sprintf_s(certPath, SINGLE_CERT_LEN, "%s%s", DEFAULT_CERT_PATH, token);
183 if (ret <= 0) {
184 LOG_ERROR("sprintf_s Error");
185 return ERROR;
186 }
187 LOG_DEBUG("Load Cert Path is %s", certPath);
188
189 cert = HiTLS_X509_LoadCertFile(tlsCfg, certPath);
190 if (cert == NULL) {
191 LOG_ERROR("LoadCert Error: path = %s", certPath);
192 return ERROR;
193 }
194 if (isEnc == true) {
195 ret = HITLS_CFG_SetTlcpCertificate(tlsCfg, cert, 0, isEnc);
196 } else {
197 ret = HITLS_CFG_SetCertificate(tlsCfg, cert, 0);
198 }
199 if (ret != SUCCESS) {
200 LOG_ERROR("HITLS_CFG_SetCertificate Error: path = %s.", certPath);
201 HITLS_X509_Adapt_CertFree(cert);
202 return ERROR;
203 }
204 token = strtok_s(NULL, ":", &rest);
205 } while (token != NULL);
206 return SUCCESS;
207 }
208
HITLS_X509_LoadPrivateKeyList(HITLS_Config * tlsCfg,const char * keyFileList,bool isEnc)209 int32_t HITLS_X509_LoadPrivateKeyList(HITLS_Config *tlsCfg, const char *keyFileList, bool isEnc)
210 {
211 int32_t ret;
212 HITLS_CERT_Key *key = NULL;
213 char fileList[MAX_CERT_LEN] = {0};
214 char filePath[SINGLE_CERT_LEN] = {0};
215
216 ret = memcpy_s(fileList, MAX_CERT_LEN, keyFileList, strlen(keyFileList));
217 if (ret != EOK) {
218 LOG_ERROR("memcpy_s Error");
219 return ERROR;
220 }
221
222 char *rest = NULL;
223 char *token = strtok_s(fileList, ":", &rest);
224 do {
225 (void)memset_s(filePath, SINGLE_CERT_LEN, 0, SINGLE_CERT_LEN);
226 ret = sprintf_s(filePath, SINGLE_CERT_LEN, "%s%s", DEFAULT_CERT_PATH, token);
227 if (ret <= 0) {
228 LOG_ERROR("sprintf_s Error");
229 return ERROR;
230 }
231 LOG_DEBUG("Load Cert Path is %s", filePath);
232
233 #ifdef HITLS_TLS_FEATURE_PROVIDER
234 key = HITLS_X509_Adapt_ProviderKeyParse(tlsCfg, (const uint8_t *)filePath, strlen(filePath),
235 TLS_PARSE_TYPE_FILE, "ASN1", NULL);
236 #else
237 key = HITLS_X509_Adapt_KeyParse(tlsCfg, (const uint8_t *)filePath, strlen(filePath),
238 TLS_PARSE_TYPE_FILE, TLS_PARSE_FORMAT_ASN1);
239 #endif
240 if (key == NULL) {
241 LOG_ERROR("LoadCert Error: path = %s.", filePath);
242 return ERROR;
243 }
244 if (isEnc == true) {
245 ret = HITLS_CFG_SetTlcpPrivateKey(tlsCfg, key, 0, isEnc);
246 } else {
247 ret = HITLS_CFG_SetPrivateKey(tlsCfg, key, 0);
248 }
249 if (ret != SUCCESS) {
250 LOG_ERROR("HITLS_CFG_SetPrivateKey Error: path = %s.", filePath);
251 CRYPT_EAL_PkeyFreeCtx(key);
252 return ERROR;
253 }
254 token = strtok_s(NULL, ":", &rest);
255 } while (token != NULL);
256 return SUCCESS;
257 }
258
FRAME_HITLS_X509_FreeCert(HITLS_CERT_Store * caStore,HITLS_CERT_Store * chainStore)259 void FRAME_HITLS_X509_FreeCert(HITLS_CERT_Store *caStore, HITLS_CERT_Store *chainStore)
260 {
261 if (caStore != NULL) {
262 HITLS_X509_StoreCtxFree(caStore);
263 }
264 if (chainStore != NULL) {
265 HITLS_X509_StoreCtxFree(chainStore);
266 }
267 return;
268 }
269
HiTLS_X509_LoadCertAndKey(HITLS_Config * tlsCfg,const char * caFile,const char * chainFile,const char * eeFile,const char * signFile,const char * privateKeyFile,const char * signPrivateKeyFile)270 int32_t HiTLS_X509_LoadCertAndKey(HITLS_Config *tlsCfg, const char *caFile, const char *chainFile,
271 const char *eeFile, const char *signFile, const char *privateKeyFile, const char *signPrivateKeyFile)
272 {
273 int32_t ret;
274 if ((caFile != NULL) && (strncmp(caFile, "NULL", strlen(caFile)) != 0)) {
275 HITLS_CERT_Store *caStore = HiTLS_X509_LoadCertListToStore(tlsCfg, caFile);
276 if (caStore == NULL) {
277 return ERROR;
278 }
279 ret = HITLS_CFG_SetCertStore(tlsCfg, caStore, 0);
280 if (ret != SUCCESS) {
281 HITLS_X509_StoreCtxFree(caStore);
282 return ret;
283 }
284 }
285
286 if ((chainFile != NULL) && (strncmp(chainFile, "NULL", strlen(chainFile)) != 0)) {
287 HITLS_CERT_Store *chainStore = HiTLS_X509_LoadCertListToStore(tlsCfg, chainFile);
288 if (chainStore == NULL) {
289 return ERROR;
290 }
291 ret = HITLS_CFG_SetChainStore(tlsCfg, chainStore, 0);
292 if (ret != SUCCESS) {
293 HITLS_X509_StoreCtxFree(chainStore);
294 return ret;
295 }
296 }
297
298 bool hasTlcpSignCert = ((signFile != NULL) && (strncmp(signFile, "NULL", strlen(signFile)) != 0));
299 if (hasTlcpSignCert) {
300 ret = HITLS_X509_LoadEECertList(tlsCfg, signFile, false);
301 if (ret != SUCCESS) {
302 return ret;
303 }
304 }
305
306 if ((eeFile != NULL) && (strncmp(eeFile, "NULL", strlen(eeFile)) != 0)) {
307 ret = HITLS_X509_LoadEECertList(tlsCfg, eeFile, hasTlcpSignCert);
308 if (ret != SUCCESS) {
309 return ret;
310 }
311 }
312
313 if ((signPrivateKeyFile != NULL) && (strncmp(signPrivateKeyFile, "NULL", strlen(signPrivateKeyFile)) != 0)) {
314 ret = HITLS_X509_LoadPrivateKeyList(tlsCfg, signPrivateKeyFile, false);
315 if (ret != SUCCESS) {
316 return ret;
317 }
318 if ((privateKeyFile != NULL) && (strncmp(privateKeyFile, "NULL", strlen(eeFile)) != 0)) {
319 ret = HITLS_X509_LoadPrivateKeyList(tlsCfg, privateKeyFile, true);
320 if (ret != SUCCESS) {
321 return ret;
322 }
323 }
324 } else {
325 if ((privateKeyFile != NULL) && (strncmp(privateKeyFile, "NULL", strlen(eeFile)) != 0)) {
326 ret = HITLS_X509_LoadPrivateKeyList(tlsCfg, privateKeyFile, false);
327 if (ret != SUCCESS) {
328 return ret;
329 }
330 }
331 }
332 return SUCCESS;
333 }