1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include <stddef.h>
17 #include "hitls_build.h"
18 #include "config_type.h"
19 #include "hitls_cert_type.h"
20 #include "tls_config.h"
21 #include "crypt_algid.h"
22 #include "hitls_error.h"
23 #include "cipher_suite.h"
24 #include "config.h"
25
26 #ifdef HITLS_TLS_FEATURE_PROVIDER
27 #include "securec.h"
28 #include "crypt_eal_provider.h"
29 #include "crypt_params_key.h"
30 #include "crypt_eal_implprovider.h"
31 #include "crypt_eal_pkey.h"
32 #endif
33
34 static const uint16_t DEFAULT_SIGSCHEME_ID[] = {
35 CERT_SIG_SCHEME_ECDSA_SECP256R1_SHA256,
36 CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384,
37 CERT_SIG_SCHEME_ECDSA_SECP521R1_SHA512,
38 CERT_SIG_SCHEME_ED25519,
39 CERT_SIG_SCHEME_SM2_SM3,
40 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA256,
41 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA384,
42 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA512,
43 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA256,
44 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA384,
45 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA512,
46 CERT_SIG_SCHEME_RSA_PKCS1_SHA256,
47 CERT_SIG_SCHEME_RSA_PKCS1_SHA384,
48 CERT_SIG_SCHEME_RSA_PKCS1_SHA512,
49 CERT_SIG_SCHEME_ECDSA_SHA224,
50 CERT_SIG_SCHEME_ECDSA_SHA1,
51 CERT_SIG_SCHEME_RSA_PKCS1_SHA224,
52 CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
53 CERT_SIG_SCHEME_DSA_SHA224,
54 CERT_SIG_SCHEME_DSA_SHA256,
55 CERT_SIG_SCHEME_DSA_SHA384,
56 CERT_SIG_SCHEME_DSA_SHA512,
57 CERT_SIG_SCHEME_DSA_SHA1,
58 };
59
UpdateSignAlgorithmsArray(TLS_Config * config)60 static int32_t UpdateSignAlgorithmsArray(TLS_Config *config)
61 {
62 if (config == NULL) {
63 return HITLS_INVALID_INPUT;
64 }
65 uint16_t *tempItems = BSL_SAL_Calloc(sizeof(DEFAULT_SIGSCHEME_ID), sizeof(uint8_t));
66 if (tempItems == NULL) {
67 return HITLS_MEMALLOC_FAIL;
68 }
69 uint32_t size = 0;
70 for (uint32_t i = 0; i < sizeof(DEFAULT_SIGSCHEME_ID) / sizeof(DEFAULT_SIGSCHEME_ID[0]); i++) {
71 const TLS_SigSchemeInfo *info = ConfigGetSignatureSchemeInfo(config, DEFAULT_SIGSCHEME_ID[i]);
72 if (info == NULL || (config->version & info->chainVersionBits) == 0) {
73 continue;
74 }
75 tempItems[size] = DEFAULT_SIGSCHEME_ID[i];
76 size++;
77 }
78 if (size == 0) {
79 BSL_SAL_Free(tempItems);
80 return HITLS_INVALID_INPUT;
81 }
82 BSL_SAL_FREE(config->signAlgorithms);
83 config->signAlgorithms = tempItems;
84 config->signAlgorithmsSize = size;
85 return HITLS_SUCCESS;
86 }
87
88 #ifndef HITLS_TLS_FEATURE_PROVIDER
89 static const TLS_SigSchemeInfo SIGNATURE_SCHEME_INFO[] = {
90 {
91 "ecdsa_secp521r1_sha512",
92 CERT_SIG_SCHEME_ECDSA_SECP521R1_SHA512,
93 TLS_CERT_KEY_TYPE_ECDSA,
94 CRYPT_ECC_NISTP521,
95 BSL_CID_ECDSAWITHSHA512,
96 HITLS_SIGN_ECDSA,
97 HITLS_HASH_SHA_512,
98 256,
99 TLS_VERSION_MASK | DTLS_VERSION_MASK,
100 TLS_VERSION_MASK | DTLS_VERSION_MASK,
101 },
102 {
103 "ecdsa_secp384r1_sha384",
104 CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384,
105 TLS_CERT_KEY_TYPE_ECDSA,
106 CRYPT_ECC_NISTP384,
107 BSL_CID_ECDSAWITHSHA384,
108 HITLS_SIGN_ECDSA,
109 HITLS_HASH_SHA_384,
110 192,
111 TLS_VERSION_MASK | DTLS_VERSION_MASK,
112 TLS_VERSION_MASK | DTLS_VERSION_MASK,
113 },
114 {
115 "ed25519",
116 CERT_SIG_SCHEME_ED25519,
117 TLS_CERT_KEY_TYPE_ED25519,
118 CRYPT_PKEY_PARAID_MAX,
119 BSL_CID_ED25519,
120 HITLS_SIGN_ED25519,
121 HITLS_HASH_SHA_512,
122 128,
123 TLS_VERSION_MASK | DTLS_VERSION_MASK,
124 TLS_VERSION_MASK | DTLS_VERSION_MASK,
125 },
126 {
127 "ecdsa_secp256r1_sha256",
128 CERT_SIG_SCHEME_ECDSA_SECP256R1_SHA256,
129 TLS_CERT_KEY_TYPE_ECDSA,
130 CRYPT_ECC_NISTP256,
131 BSL_CID_ECDSAWITHSHA256,
132 HITLS_SIGN_ECDSA,
133 HITLS_HASH_SHA_256,
134 128,
135 TLS_VERSION_MASK | DTLS_VERSION_MASK,
136 TLS_VERSION_MASK | DTLS_VERSION_MASK,
137 },
138 {
139 "sm2_sm3",
140 CERT_SIG_SCHEME_SM2_SM3,
141 TLS_CERT_KEY_TYPE_SM2,
142 CRYPT_PKEY_PARAID_MAX,
143 BSL_CID_SM2DSAWITHSM3,
144 HITLS_SIGN_SM2,
145 HITLS_HASH_SM3,
146 128,
147 TLCP11_VERSION_BIT | DTLCP11_VERSION_BIT,
148 TLCP11_VERSION_BIT | DTLCP11_VERSION_BIT,
149 },
150 {
151 "rsa_pss_pss_sha512",
152 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA512,
153 TLS_CERT_KEY_TYPE_RSA_PSS,
154 CRYPT_PKEY_PARAID_MAX,
155 BSL_CID_RSASSAPSS,
156 HITLS_SIGN_RSA_PSS,
157 HITLS_HASH_SHA_512,
158 256,
159 TLS_VERSION_MASK | DTLS_VERSION_MASK,
160 TLS_VERSION_MASK | DTLS_VERSION_MASK,
161 },
162 {
163 "rsa_pss_pss_sha384",
164 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA384,
165 TLS_CERT_KEY_TYPE_RSA_PSS,
166 CRYPT_PKEY_PARAID_MAX,
167 BSL_CID_RSASSAPSS,
168 HITLS_SIGN_RSA_PSS,
169 HITLS_HASH_SHA_384,
170 192,
171 TLS_VERSION_MASK | DTLS_VERSION_MASK,
172 TLS_VERSION_MASK | DTLS_VERSION_MASK,
173 },
174 {
175 "rsa_pss_pss_sha256",
176 CERT_SIG_SCHEME_RSA_PSS_PSS_SHA256,
177 TLS_CERT_KEY_TYPE_RSA_PSS,
178 CRYPT_PKEY_PARAID_MAX,
179 BSL_CID_RSASSAPSS,
180 HITLS_SIGN_RSA_PSS,
181 HITLS_HASH_SHA_256,
182 128,
183 TLS_VERSION_MASK | DTLS_VERSION_MASK,
184 TLS_VERSION_MASK | DTLS_VERSION_MASK,
185 },
186 {
187 "rsa_pss_rsae_sha512",
188 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA512,
189 TLS_CERT_KEY_TYPE_RSA,
190 CRYPT_PKEY_PARAID_MAX,
191 BSL_CID_RSASSAPSS,
192 HITLS_SIGN_RSA_PSS,
193 HITLS_HASH_SHA_512,
194 256,
195 TLS_VERSION_MASK | DTLS_VERSION_MASK,
196 TLS_VERSION_MASK | DTLS_VERSION_MASK,
197 },
198 {
199 "rsa_pss_rsae_sha384",
200 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA384,
201 TLS_CERT_KEY_TYPE_RSA,
202 CRYPT_PKEY_PARAID_MAX,
203 BSL_CID_RSASSAPSS,
204 HITLS_SIGN_RSA_PSS,
205 HITLS_HASH_SHA_384,
206 192,
207 TLS_VERSION_MASK | DTLS_VERSION_MASK,
208 TLS_VERSION_MASK | DTLS_VERSION_MASK,
209 },
210 {
211 "rsa_pss_rsae_sha256",
212 CERT_SIG_SCHEME_RSA_PSS_RSAE_SHA256,
213 TLS_CERT_KEY_TYPE_RSA,
214 CRYPT_PKEY_PARAID_MAX,
215 BSL_CID_RSASSAPSS,
216 HITLS_SIGN_RSA_PSS,
217 HITLS_HASH_SHA_256,
218 128,
219 TLS_VERSION_MASK | DTLS_VERSION_MASK,
220 TLS_VERSION_MASK | DTLS_VERSION_MASK,
221 },
222 {
223 "rsa_pkcs1_sha512",
224 CERT_SIG_SCHEME_RSA_PKCS1_SHA512,
225 TLS_CERT_KEY_TYPE_RSA,
226 CRYPT_PKEY_PARAID_MAX,
227 BSL_CID_SHA512WITHRSAENCRYPTION,
228 HITLS_SIGN_RSA_PKCS1_V15,
229 HITLS_HASH_SHA_512,
230 256,
231 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
232 TLS_VERSION_MASK | DTLS_VERSION_MASK,
233 },
234 {
235 "dsa_sha512",
236 CERT_SIG_SCHEME_DSA_SHA512,
237 TLS_CERT_KEY_TYPE_DSA,
238 CRYPT_PKEY_PARAID_MAX,
239 BSL_CID_DSAWITHSHA512,
240 HITLS_SIGN_DSA,
241 HITLS_HASH_SHA_512,
242 256,
243 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
244 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
245 },
246 {
247 "rsa_pkcs1_sha384",
248 CERT_SIG_SCHEME_RSA_PKCS1_SHA384,
249 TLS_CERT_KEY_TYPE_RSA,
250 CRYPT_PKEY_PARAID_MAX,
251 BSL_CID_SHA384WITHRSAENCRYPTION,
252 HITLS_SIGN_RSA_PKCS1_V15,
253 HITLS_HASH_SHA_384,
254 192,
255 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
256 TLS_VERSION_MASK | DTLS_VERSION_MASK,
257 },
258 {
259 "dsa_sha384",
260 CERT_SIG_SCHEME_DSA_SHA384,
261 TLS_CERT_KEY_TYPE_DSA,
262 CRYPT_PKEY_PARAID_MAX,
263 BSL_CID_DSAWITHSHA384,
264 HITLS_SIGN_DSA,
265 HITLS_HASH_SHA_384,
266 192,
267 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
268 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
269 },
270 {
271 "rsa_pkcs1_sha256",
272 CERT_SIG_SCHEME_RSA_PKCS1_SHA256,
273 TLS_CERT_KEY_TYPE_RSA,
274 CRYPT_PKEY_PARAID_MAX,
275 BSL_CID_SHA256WITHRSAENCRYPTION,
276 HITLS_SIGN_RSA_PKCS1_V15,
277 HITLS_HASH_SHA_256,
278 128,
279 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
280 TLS_VERSION_MASK | DTLS_VERSION_MASK,
281 },
282 {
283 "dsa_sha256",
284 CERT_SIG_SCHEME_DSA_SHA256,
285 TLS_CERT_KEY_TYPE_DSA,
286 CRYPT_PKEY_PARAID_MAX,
287 BSL_CID_DSAWITHSHA256,
288 HITLS_SIGN_DSA,
289 HITLS_HASH_SHA_256,
290 128,
291 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
292 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
293 },
294 {
295 "ecdsa_sha224",
296 CERT_SIG_SCHEME_ECDSA_SHA224,
297 TLS_CERT_KEY_TYPE_ECDSA,
298 CRYPT_PKEY_PARAID_MAX,
299 BSL_CID_ECDSAWITHSHA224,
300 HITLS_SIGN_ECDSA,
301 HITLS_HASH_SHA_224,
302 112,
303 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
304 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
305 },
306 {
307 "rsa_pkcs1_sha224",
308 CERT_SIG_SCHEME_RSA_PKCS1_SHA224,
309 TLS_CERT_KEY_TYPE_RSA,
310 CRYPT_PKEY_PARAID_MAX,
311 BSL_CID_SHA224WITHRSAENCRYPTION,
312 HITLS_SIGN_RSA_PKCS1_V15,
313 HITLS_HASH_SHA_224,
314 112,
315 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
316 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
317 },
318 {
319 "dsa_sha224",
320 CERT_SIG_SCHEME_DSA_SHA224,
321 TLS_CERT_KEY_TYPE_DSA,
322 CRYPT_PKEY_PARAID_MAX,
323 BSL_CID_DSAWITHSHA224,
324 HITLS_SIGN_DSA,
325 HITLS_HASH_SHA_224,
326 112,
327 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
328 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
329 },
330 {
331 "ecdsa_sha1",
332 CERT_SIG_SCHEME_ECDSA_SHA1,
333 TLS_CERT_KEY_TYPE_ECDSA,
334 CRYPT_PKEY_PARAID_MAX,
335 BSL_CID_ECDSAWITHSHA1,
336 HITLS_SIGN_ECDSA,
337 HITLS_HASH_SHA1,
338 -1,
339 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
340 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
341 },
342 {
343 "rsa_pkcs1_sha1",
344 CERT_SIG_SCHEME_RSA_PKCS1_SHA1,
345 TLS_CERT_KEY_TYPE_RSA,
346 CRYPT_PKEY_PARAID_MAX,
347 BSL_CID_SHA1WITHRSA,
348 HITLS_SIGN_RSA_PKCS1_V15,
349 HITLS_HASH_SHA1,
350 -1,
351 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
352 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
353 },
354 {
355 "dsa_sha1",
356 CERT_SIG_SCHEME_DSA_SHA1,
357 TLS_CERT_KEY_TYPE_DSA,
358 CRYPT_PKEY_PARAID_MAX,
359 BSL_CID_DSAWITHSHA1,
360 HITLS_SIGN_DSA,
361 HITLS_HASH_SHA1,
362 -1,
363 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
364 TLS12_VERSION_BIT | DTLS12_VERSION_BIT,
365 },
366 };
367
ConfigLoadSignatureSchemeInfo(HITLS_Config * config)368 int32_t ConfigLoadSignatureSchemeInfo(HITLS_Config *config)
369 {
370 return UpdateSignAlgorithmsArray(config);
371 }
372
ConfigGetSignatureSchemeInfo(const HITLS_Config * config,uint16_t signatureScheme)373 const TLS_SigSchemeInfo *ConfigGetSignatureSchemeInfo(const HITLS_Config *config, uint16_t signatureScheme)
374 {
375 (void)config;
376 for (uint32_t i = 0; i < sizeof(SIGNATURE_SCHEME_INFO) / sizeof(TLS_SigSchemeInfo); i++) {
377 if (SIGNATURE_SCHEME_INFO[i].signatureScheme == signatureScheme) {
378 return &SIGNATURE_SCHEME_INFO[i];
379 }
380 }
381 return NULL;
382 }
383
ConfigGetSignatureSchemeInfoList(const HITLS_Config * config,uint32_t * size)384 const TLS_SigSchemeInfo *ConfigGetSignatureSchemeInfoList(const HITLS_Config *config, uint32_t *size)
385 {
386 (void)config;
387 *size = sizeof(SIGNATURE_SCHEME_INFO) / sizeof(SIGNATURE_SCHEME_INFO[0]);
388 return SIGNATURE_SCHEME_INFO;
389 }
390
391 #else // HITLS_TLS_FEATURE_PROVIDER
392
PrepareSignSchemeStorage(TLS_Config * config,TLS_SigSchemeInfo ** scheme)393 static int32_t PrepareSignSchemeStorage(TLS_Config *config, TLS_SigSchemeInfo **scheme)
394 {
395 if (config->sigSchemeInfolen == config->sigSchemeInfoSize) {
396 void *ptr = BSL_SAL_Realloc(config->sigSchemeInfo,
397 (config->sigSchemeInfoSize + TLS_CAPABILITY_LIST_MALLOC_SIZE) * sizeof(TLS_SigSchemeInfo),
398 config->sigSchemeInfoSize * sizeof(TLS_SigSchemeInfo));
399 if (ptr == NULL) {
400 return HITLS_MEMALLOC_FAIL;
401 }
402 config->sigSchemeInfo = ptr;
403 (void)memset_s(config->sigSchemeInfo + config->sigSchemeInfoSize,
404 TLS_CAPABILITY_LIST_MALLOC_SIZE * sizeof(TLS_SigSchemeInfo),
405 0,
406 TLS_CAPABILITY_LIST_MALLOC_SIZE * sizeof(TLS_SigSchemeInfo));
407 config->sigSchemeInfoSize += TLS_CAPABILITY_LIST_MALLOC_SIZE;
408 }
409 *scheme = config->sigSchemeInfo + config->sigSchemeInfolen;
410 return HITLS_SUCCESS;
411 }
412
413 typedef struct {
414 BslOidString oidStr;
415 const char *oidName;
416 } BslOidInfo;
417
ProcessOids(TLS_SigSchemeInfo * scheme,BslOidInfo * keyTypeOidInfo,BslOidInfo * paraOidInfo,BslOidInfo * signHashAlgOidInfo,BslOidInfo * hashOidInfo)418 static int32_t ProcessOids(TLS_SigSchemeInfo *scheme, BslOidInfo *keyTypeOidInfo, BslOidInfo *paraOidInfo,
419 BslOidInfo *signHashAlgOidInfo, BslOidInfo *hashOidInfo)
420 {
421 int32_t ret = HITLS_SUCCESS;
422 if (keyTypeOidInfo != NULL && keyTypeOidInfo->oidStr.octs != NULL) {
423 ret = BSL_OBJ_Create(keyTypeOidInfo->oidStr.octs, keyTypeOidInfo->oidStr.octetLen,
424 keyTypeOidInfo->oidName, scheme->keyType);
425 if (ret != HITLS_SUCCESS) {
426 return ret;
427 }
428 }
429 if (paraOidInfo != NULL && paraOidInfo->oidStr.octs != NULL) {
430 ret = BSL_OBJ_Create(paraOidInfo->oidStr.octs, paraOidInfo->oidStr.octetLen,
431 paraOidInfo->oidName, scheme->paraId);
432 if (ret != HITLS_SUCCESS) {
433 return ret;
434 }
435 }
436 if (hashOidInfo != NULL && hashOidInfo->oidStr.octs != NULL) {
437 ret = BSL_OBJ_Create(hashOidInfo->oidStr.octs, hashOidInfo->oidStr.octetLen,
438 hashOidInfo->oidName, scheme->hashAlgId);
439 if (ret != HITLS_SUCCESS) {
440 return ret;
441 }
442 }
443 if (signHashAlgOidInfo != NULL && signHashAlgOidInfo->oidStr.octs != NULL) {
444 ret = BSL_OBJ_Create(signHashAlgOidInfo->oidStr.octs, signHashAlgOidInfo->oidStr.octetLen,
445 signHashAlgOidInfo->oidName, scheme->signHashAlgId);
446 if (ret != HITLS_SUCCESS) {
447 return ret;
448 }
449 }
450 return BSL_OBJ_CreateSignId(scheme->signHashAlgId, scheme->signAlgId, scheme->hashAlgId);
451 }
452
ProviderAddSignatureSchemeInfo(const BSL_Param * params,void * args)453 static int32_t ProviderAddSignatureSchemeInfo(const BSL_Param *params, void *args)
454 {
455 if (params == NULL || args == NULL) {
456 return HITLS_INVALID_INPUT;
457 }
458
459 TLS_CapabilityData *data = (TLS_CapabilityData *)args;
460 TLS_Config *config = data->config;
461 TLS_SigSchemeInfo *scheme = NULL;
462 CRYPT_EAL_PkeyCtx *pkey = NULL;
463 BSL_Param *param = NULL;
464 const char *keyTypeOid = NULL, *keyTypeName = NULL, *paraOid = NULL, *paraName = NULL;
465 const char *signHashAlgOid = NULL, *signHashAlgName = NULL, *hashOid = NULL, *hashName = NULL;
466 uint32_t keyTypeOidLen = 0, paraOidLen = 0, signHashAlgOidLen = 0, hashOidLen = 0;
467
468 int32_t ret = PrepareSignSchemeStorage(config, &scheme);
469 if (ret != HITLS_SUCCESS) {
470 return ret;
471 }
472 ret = HITLS_CONFIG_ERR_LOAD_SIGN_SCHEME_INFO;
473 PROCESS_STRING_PARAM(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_IANA_SIGN_NAME, name);
474 PROCESS_PARAM_UINT16(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_IANA_SIGN_ID, signatureScheme);
475 PROCESS_PARAM_INT32(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_KEY_TYPE, keyType);
476 PROCESS_PARAM_INT32(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_PARA_ID, paraId);
477 PROCESS_PARAM_INT32(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_SIGNWITHMD_ID, signHashAlgId);
478 PROCESS_PARAM_INT32(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_SIGN_ID, signAlgId);
479 PROCESS_PARAM_INT32(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_MD_ID, hashAlgId);
480 PROCESS_PARAM_INT32(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_SEC_BITS, secBits);
481 PROCESS_PARAM_UINT32(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_CHAIN_VERSION_BITS, chainVersionBits);
482 PROCESS_PARAM_UINT32(param, scheme, params, CRYPT_PARAM_CAP_TLS_SIGNALG_CERT_VERSION_BITS, certVersionBits);
483 PROCESS_OPTIONAL_STRING_PARAM(param, params, CRYPT_PARAM_CAP_TLS_SIGNALG_KEY_TYPE_OID, keyTypeOid, keyTypeOidLen,
484 CRYPT_PARAM_CAP_TLS_SIGNALG_KEY_TYPE_NAME, keyTypeName);
485 PROCESS_OPTIONAL_STRING_PARAM(param, params, CRYPT_PARAM_CAP_TLS_SIGNALG_PARA_OID, paraOid, paraOidLen,
486 CRYPT_PARAM_CAP_TLS_SIGNALG_PARA_NAME, paraName);
487 PROCESS_OPTIONAL_STRING_PARAM(param, params, CRYPT_PARAM_CAP_TLS_SIGNALG_SIGNWITHMD_OID, signHashAlgOid,
488 signHashAlgOidLen, CRYPT_PARAM_CAP_TLS_SIGNALG_SIGNWITHMD_NAME, signHashAlgName);
489 PROCESS_OPTIONAL_STRING_PARAM(param, params, CRYPT_PARAM_CAP_TLS_SIGNALG_MD_OID, hashOid, hashOidLen,
490 CRYPT_PARAM_CAP_TLS_SIGNALG_MD_NAME, hashName);
491
492 if (scheme->keyType == TLS_CERT_KEY_TYPE_RSA_PSS) {
493 pkey = CRYPT_EAL_ProviderPkeyNewCtx(LIBCTX_FROM_CONFIG(config), TLS_CERT_KEY_TYPE_RSA,
494 CRYPT_EAL_PKEY_SIGN_OPERATE, ATTRIBUTE_FROM_CONFIG(config));
495 } else {
496 pkey = CRYPT_EAL_ProviderPkeyNewCtx(LIBCTX_FROM_CONFIG(config), scheme->keyType,
497 CRYPT_EAL_PKEY_SIGN_OPERATE, ATTRIBUTE_FROM_CONFIG(config));
498 }
499 if (pkey == NULL) {
500 goto ERR;
501 }
502
503 BslOidInfo keyTypeOidInfo = { { keyTypeOidLen, (char *)(uintptr_t)keyTypeOid, 0 }, keyTypeName };
504 BslOidInfo paraOidInfo = { { paraOidLen, (char *)(uintptr_t)paraOid, 0 }, paraName };
505 BslOidInfo signHashAlgOidInfo = { { signHashAlgOidLen, (char *)(uintptr_t)signHashAlgOid, 0 }, signHashAlgName };
506 BslOidInfo hashOidInfo = { { hashOidLen, (char *)(uintptr_t)hashOid, 0 }, hashName };
507 ret = ProcessOids(scheme, &keyTypeOidInfo, ¶OidInfo, &signHashAlgOidInfo, &hashOidInfo);
508 if (ret != HITLS_SUCCESS) {
509 goto ERR;
510 }
511 config->sigSchemeInfolen++;
512 CRYPT_EAL_PkeyFreeCtx(pkey);
513 return HITLS_SUCCESS;
514
515 ERR:
516 if (pkey != NULL) {
517 CRYPT_EAL_PkeyFreeCtx(pkey);
518 }
519 if (scheme != NULL) {
520 BSL_SAL_Free(scheme->name);
521 (void)memset_s(scheme, sizeof(TLS_SigSchemeInfo), 0, sizeof(TLS_SigSchemeInfo));
522 }
523 return ret != HITLS_SUCCESS ? ret : HITLS_CONFIG_ERR_LOAD_SIGN_SCHEME_INFO;
524 }
525
ProviderLoadSignSchemeInfo(CRYPT_EAL_ProvMgrCtx * ctx,void * args)526 static int32_t ProviderLoadSignSchemeInfo(CRYPT_EAL_ProvMgrCtx *ctx, void *args)
527 {
528 if (ctx == NULL || args == NULL) {
529 return HITLS_INVALID_INPUT;
530 }
531 TLS_CapabilityData data = {
532 .config = (TLS_Config *)args,
533 .provMgrCtx = ctx,
534 };
535 return CRYPT_EAL_ProviderGetCaps(ctx, CRYPT_EAL_GET_SIGALG_CAP, ProviderAddSignatureSchemeInfo, &data);
536 }
537
ConfigLoadSignatureSchemeInfo(HITLS_Config * config)538 int32_t ConfigLoadSignatureSchemeInfo(HITLS_Config *config)
539 {
540 HITLS_Lib_Ctx *libCtx = LIBCTX_FROM_CONFIG(config);
541 int32_t ret = CRYPT_EAL_ProviderProcessAll(libCtx, ProviderLoadSignSchemeInfo, config);
542 if (ret != HITLS_SUCCESS) {
543 return ret;
544 }
545 return UpdateSignAlgorithmsArray(config);
546 }
547
ConfigGetSignatureSchemeInfo(const HITLS_Config * config,uint16_t signScheme)548 const TLS_SigSchemeInfo *ConfigGetSignatureSchemeInfo(const HITLS_Config *config, uint16_t signScheme)
549 {
550 for (uint32_t i = 0; i < config->sigSchemeInfolen; i++) {
551 if (config->sigSchemeInfo[i].signatureScheme == signScheme) {
552 return &config->sigSchemeInfo[i];
553 }
554 }
555 return NULL;
556 }
557
ConfigGetSignatureSchemeInfoList(const HITLS_Config * config,uint32_t * size)558 const TLS_SigSchemeInfo *ConfigGetSignatureSchemeInfoList(const HITLS_Config *config, uint32_t *size)
559 {
560 *size = config->sigSchemeInfolen;
561 return config->sigSchemeInfo;
562 }
563
564 #endif
565