1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include <stddef.h>
16 #include "securec.h"
17 #include "tls_binlog_id.h"
18 #include "bsl_log_internal.h"
19 #include "bsl_log.h"
20 #include "bsl_err_internal.h"
21 #include "bsl_bytes.h"
22 #include "bsl_sal.h"
23 #include "hitls_error.h"
24 #include "hitls_crypt_reg.h"
25 #include "crypt.h"
26 #include "config_type.h"
27
28 #include "crypt_algid.h"
29 #ifdef HITLS_TLS_FEATURE_PROVIDER
30 #include "hitls_crypt.h"
31 #endif
32
33 #ifndef HITLS_TLS_FEATURE_PROVIDER
34 HITLS_CRYPT_BaseMethod g_cryptBaseMethod = {0};
35 HITLS_CRYPT_EcdhMethod g_cryptEcdhMethod = {0};
36 HITLS_CRYPT_DhMethod g_cryptDhMethod = {0};
37 #endif
38
39 #ifdef HITLS_TLS_PROTO_TLS13
40 #define TLS13_MAX_LABEL_LEN 255
41 #define TLS13_MAX_CTX_LEN 255
42
43 #define TLS13_HKDF_LABEL_LEN(labelLen, ctxLen) \
44 (sizeof(uint16_t) + sizeof(uint8_t) + (labelLen) + sizeof(uint8_t) + (ctxLen))
45
46 #define TLS13_MAX_HKDF_LABEL_LEN TLS13_HKDF_LABEL_LEN(TLS13_MAX_LABEL_LEN, TLS13_MAX_CTX_LEN)
47
48 #ifndef HITLS_TLS_FEATURE_PROVIDER
49 HITLS_CRYPT_KdfMethod g_cryptKdfMethod = {0};
50 #endif /* HITLS_TLS_FEATURE_PROVIDER */
51 typedef struct {
52 uint16_t length; /* Length of the derived key */
53 uint8_t labelLen; /* Label length */
54 uint8_t ctxLen; /* Length of the context information */
55 const uint8_t *label; /* Label */
56 const uint8_t *ctx; /* Context information */
57 } HkdfLabel;
58 #endif
59
60 const char *g_cryptCallBackStr[] = {
61 [HITLS_CRYPT_CALLBACK_RAND_BYTES] = "random bytes",
62 [HITLS_CRYPT_CALLBACK_HMAC_SIZE] = "hmac size",
63 [HITLS_CRYPT_CALLBACK_HMAC_INIT] = "hmac init",
64 [HITLS_CRYPT_CALLBACK_HMAC_FREE] = "hmac free",
65 [HITLS_CRYPT_CALLBACK_HMAC_UPDATE] = "hmac update",
66 [HITLS_CRYPT_CALLBACK_HMAC_FINAL] = "hmac final",
67 [HITLS_CRYPT_CALLBACK_HMAC] = "hmac calc",
68 [HITLS_CRYPT_CALLBACK_DIGEST_SIZE] = "digest size",
69 [HITLS_CRYPT_CALLBACK_DIGEST_INIT] = "digest init",
70 [HITLS_CRYPT_CALLBACK_DIGEST_COPY] = "digest copy",
71 [HITLS_CRYPT_CALLBACK_DIGEST_FREE] = "digest free",
72 [HITLS_CRYPT_CALLBACK_DIGEST_UPDATE] = "digest update",
73 [HITLS_CRYPT_CALLBACK_DIGEST_FINAL] = "digest final",
74 [HITLS_CRYPT_CALLBACK_DIGEST] = "digest calc",
75 [HITLS_CRYPT_CALLBACK_ENCRYPT] = "encrypt",
76 [HITLS_CRYPT_CALLBACK_DECRYPT] = "decrpt",
77
78 [HITLS_CRYPT_CALLBACK_GENERATE_ECDH_KEY_PAIR] = "generate ecdh key",
79 [HITLS_CRYPT_CALLBACK_FREE_ECDH_KEY] = "free ecdh key",
80 [HITLS_CRYPT_CALLBACK_GET_ECDH_ENCODED_PUBKEY] = "get ecdh public key",
81 [HITLS_CRYPT_CALLBACK_CALC_ECDH_SHARED_SECRET] = "calculate ecdh shared secret",
82 [HITLS_CRYPT_CALLBACK_SM2_CALC_ECDH_SHARED_SECRET] = "calculate sm2 ecdh shared secret",
83
84 [HITLS_CRYPT_CALLBACK_GENERATE_DH_KEY_BY_SECBITS] = "generate Dh key by secbits",
85 [HITLS_CRYPT_CALLBACK_GENERATE_DH_KEY_BY_PARAMS] = "generate Dh key by params",
86 [HITLS_CRYPT_CALLBACK_DUP_DH_KEY] = "dup Dh key",
87 [HITLS_CRYPT_CALLBACK_FREE_DH_KEY] = "free Dh key",
88 [HITLS_CRYPT_CALLBACK_DH_GET_PARAMETERS] = "get dh params",
89 [HITLS_CRYPT_CALLBACK_GET_DH_ENCODED_PUBKEY] = "get dh public key",
90 [HITLS_CRYPT_CALLBACK_CALC_DH_SHARED_SECRET] = "calculate dh shared secret",
91
92 [HITLS_CRYPT_CALLBACK_HKDF_EXTRACT] = "HKDF-Extract",
93 [HITLS_CRYPT_CALLBACK_HKDF_EXPAND] = "HKDF-Expand",
94 [HITLS_CRYPT_CALLBACK_KEM_ENCAPSULATE] = "KEM-Encapsulate",
95 [HITLS_CRYPT_CALLBACK_KEM_DECAPSULATE] = "KEM-Decapsulate",
96 };
97
98 #ifndef HITLS_TLS_FEATURE_PROVIDER
HITLS_CRYPT_RegisterBaseMethod(HITLS_CRYPT_BaseMethod * userCryptCallBack)99 int32_t HITLS_CRYPT_RegisterBaseMethod(HITLS_CRYPT_BaseMethod *userCryptCallBack)
100 {
101 if (userCryptCallBack == NULL) {
102 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15063, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
103 "Register base crypt method error: input NULL.", 0, 0, 0, 0);
104 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
105 return HITLS_NULL_INPUT;
106 }
107 g_cryptBaseMethod.randBytes = userCryptCallBack->randBytes;
108 g_cryptBaseMethod.hmacSize = userCryptCallBack->hmacSize;
109 g_cryptBaseMethod.hmacInit = userCryptCallBack->hmacInit;
110 g_cryptBaseMethod.hmacReinit = userCryptCallBack->hmacReinit;
111 g_cryptBaseMethod.hmacFree = userCryptCallBack->hmacFree;
112 g_cryptBaseMethod.hmacUpdate = userCryptCallBack->hmacUpdate;
113 g_cryptBaseMethod.hmacFinal = userCryptCallBack->hmacFinal;
114 g_cryptBaseMethod.hmac = userCryptCallBack->hmac;
115 g_cryptBaseMethod.digestSize = userCryptCallBack->digestSize;
116 g_cryptBaseMethod.digestInit = userCryptCallBack->digestInit;
117 g_cryptBaseMethod.digestCopy = userCryptCallBack->digestCopy;
118 g_cryptBaseMethod.digestFree = userCryptCallBack->digestFree;
119 g_cryptBaseMethod.digestUpdate = userCryptCallBack->digestUpdate;
120 g_cryptBaseMethod.digestFinal = userCryptCallBack->digestFinal;
121 g_cryptBaseMethod.digest = userCryptCallBack->digest;
122 g_cryptBaseMethod.encrypt = userCryptCallBack->encrypt;
123 g_cryptBaseMethod.decrypt = userCryptCallBack->decrypt;
124 g_cryptBaseMethod.cipherFree = userCryptCallBack->cipherFree;
125 return HITLS_SUCCESS;
126 }
127
HITLS_CRYPT_RegisterEcdhMethod(HITLS_CRYPT_EcdhMethod * userCryptCallBack)128 int32_t HITLS_CRYPT_RegisterEcdhMethod(HITLS_CRYPT_EcdhMethod *userCryptCallBack)
129 {
130 if (userCryptCallBack == NULL) {
131 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15064, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
132 "Register ECDH crypt method error: input NULL.", 0, 0, 0, 0);
133 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
134 return HITLS_NULL_INPUT;
135 }
136 g_cryptEcdhMethod.generateEcdhKeyPair = userCryptCallBack->generateEcdhKeyPair;
137 g_cryptEcdhMethod.freeEcdhKey = userCryptCallBack->freeEcdhKey;
138 g_cryptEcdhMethod.getEcdhPubKey = userCryptCallBack->getEcdhPubKey;
139 g_cryptEcdhMethod.calcEcdhSharedSecret = userCryptCallBack->calcEcdhSharedSecret;
140 #ifdef HITLS_TLS_PROTO_TLCP11
141 g_cryptEcdhMethod.sm2CalEcdhSharedSecret = userCryptCallBack->sm2CalEcdhSharedSecret;
142 #endif /* HITLS_TLS_PROTO_TLCP11 */
143 g_cryptEcdhMethod.kemEncapsulate = userCryptCallBack->kemEncapsulate;
144 g_cryptEcdhMethod.kemDecapsulate = userCryptCallBack->kemDecapsulate;
145 return HITLS_SUCCESS;
146 }
147
HITLS_CRYPT_RegisterDhMethod(const HITLS_CRYPT_DhMethod * userCryptCallBack)148 int32_t HITLS_CRYPT_RegisterDhMethod(const HITLS_CRYPT_DhMethod *userCryptCallBack)
149 {
150 if (userCryptCallBack == NULL) {
151 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15065, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
152 "Register Dh crypt method error: input NULL.", 0, 0, 0, 0);
153 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
154 return HITLS_NULL_INPUT;
155 }
156
157 g_cryptDhMethod.getDhParameters = userCryptCallBack->getDhParameters;
158 g_cryptDhMethod.generateDhKeyBySecbits = userCryptCallBack->generateDhKeyBySecbits;
159 g_cryptDhMethod.generateDhKeyByParams = userCryptCallBack->generateDhKeyByParams;
160 g_cryptDhMethod.freeDhKey = userCryptCallBack->freeDhKey;
161 g_cryptDhMethod.getDhPubKey = userCryptCallBack->getDhPubKey;
162 g_cryptDhMethod.calcDhSharedSecret = userCryptCallBack->calcDhSharedSecret;
163 #ifdef HITLS_TLS_CONFIG_MANUAL_DH
164 g_cryptDhMethod.dupDhKey = userCryptCallBack->dupDhKey;
165 #endif /* HITLS_TLS_CONFIG_MANUAL_DH */
166 return HITLS_SUCCESS;
167 }
168
169 #ifdef HITLS_TLS_PROTO_TLS13
HITLS_CRYPT_RegisterHkdfMethod(HITLS_CRYPT_KdfMethod * userCryptCallBack)170 int32_t HITLS_CRYPT_RegisterHkdfMethod(HITLS_CRYPT_KdfMethod *userCryptCallBack)
171 {
172 if (userCryptCallBack == NULL) {
173 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15066, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
174 "Register HKDF crypt method error: input NULL.", 0, 0, 0, 0);
175 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
176 return HITLS_NULL_INPUT;
177 }
178 g_cryptKdfMethod.hkdfExtract = userCryptCallBack->hkdfExtract;
179 g_cryptKdfMethod.hkdfExpand = userCryptCallBack->hkdfExpand;
180 return HITLS_SUCCESS;
181 }
182 #endif /* HITLS_TLS_PROTO_TLS13 */
183 #endif /* HITLS_TLS_FEATURE_PROVIDER */
184
CheckCallBackRetVal(int32_t cmd,int32_t callBackRet,uint32_t bingLogId,uint32_t hitlsRet)185 int32_t CheckCallBackRetVal(int32_t cmd, int32_t callBackRet, uint32_t bingLogId, uint32_t hitlsRet)
186 {
187 if (callBackRet != HITLS_SUCCESS) {
188 BSL_LOG_BINLOG_FIXLEN(bingLogId, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
189 "%s error: callback ret = 0x%x.", g_cryptCallBackStr[cmd], callBackRet, 0, 0);
190 BSL_ERR_PUSH_ERROR((int32_t)hitlsRet);
191 return (int32_t)hitlsRet;
192 }
193 return HITLS_SUCCESS;
194 }
195
SAL_CRYPT_Rand(HITLS_Lib_Ctx * libCtx,uint8_t * buf,uint32_t len)196 int32_t SAL_CRYPT_Rand(HITLS_Lib_Ctx *libCtx, uint8_t *buf, uint32_t len)
197 {
198 #ifdef HITLS_TLS_FEATURE_PROVIDER
199 int32_t ret = HITLS_CRYPT_RandbytesEx(libCtx, buf, len);
200 #else
201 (void)libCtx;
202 if (g_cryptBaseMethod.randBytes == NULL) {
203 return HITLS_CRYPT_ERR_GENERATE_RANDOM;
204 }
205 int32_t ret = g_cryptBaseMethod.randBytes(buf, len);
206 #endif
207 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_RAND_BYTES, ret, BINLOG_ID15068,
208 HITLS_CRYPT_ERR_GENERATE_RANDOM);
209 }
210
SAL_CRYPT_HmacSize(HITLS_HashAlgo hashAlgo)211 uint32_t SAL_CRYPT_HmacSize(HITLS_HashAlgo hashAlgo)
212 {
213 #ifdef HITLS_TLS_FEATURE_PROVIDER
214 return HITLS_CRYPT_DigestSize(hashAlgo);
215 #else
216 if (g_cryptBaseMethod.hmacSize == NULL) {
217 return 0;
218 }
219 return g_cryptBaseMethod.hmacSize(hashAlgo);
220 #endif
221 }
222
223 #ifdef HITLS_TLS_CALLBACK_CRYPT_HMAC_PRIMITIVES
SAL_CRYPT_HmacInit(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_HashAlgo hashAlgo,const uint8_t * key,uint32_t len)224 HITLS_HMAC_Ctx *SAL_CRYPT_HmacInit(HITLS_Lib_Ctx *libCtx, const char *attrName,
225 HITLS_HashAlgo hashAlgo, const uint8_t *key, uint32_t len)
226 {
227 #ifdef HITLS_TLS_FEATURE_PROVIDER
228 return HITLS_CRYPT_HMAC_Init(libCtx, attrName, hashAlgo, key, len);
229 #else
230 (void)libCtx;
231 (void)attrName;
232 if (g_cryptBaseMethod.hmacInit == NULL) {
233 return NULL;
234 }
235 return g_cryptBaseMethod.hmacInit(hashAlgo, key, len);
236 #endif
237 }
238
SAL_CRYPT_HmacFree(HITLS_HMAC_Ctx * hmac)239 void SAL_CRYPT_HmacFree(HITLS_HMAC_Ctx *hmac)
240 {
241 if (hmac != NULL) {
242 #ifdef HITLS_TLS_FEATURE_PROVIDER
243 HITLS_CRYPT_HMAC_Free(hmac);
244 #else
245 if (g_cryptBaseMethod.hmacFree == NULL) {
246 return;
247 }
248 g_cryptBaseMethod.hmacFree(hmac);
249 #endif
250 }
251 return;
252 }
253
SAL_CRYPT_HmacReInit(HITLS_HMAC_Ctx * ctx)254 int32_t SAL_CRYPT_HmacReInit(HITLS_HMAC_Ctx *ctx)
255 {
256 #ifdef HITLS_TLS_FEATURE_PROVIDER
257 return HITLS_CRYPT_HMAC_ReInit(ctx);
258 #else
259 if (g_cryptBaseMethod.hmacReinit == NULL) {
260 return HITLS_CRYPT_ERR_HMAC;
261 }
262 return g_cryptBaseMethod.hmacReinit(ctx);
263 #endif
264 }
265
SAL_CRYPT_HmacUpdate(HITLS_HMAC_Ctx * hmac,const uint8_t * data,uint32_t len)266 int32_t SAL_CRYPT_HmacUpdate(HITLS_HMAC_Ctx *hmac, const uint8_t *data, uint32_t len)
267 {
268 #ifdef HITLS_TLS_FEATURE_PROVIDER
269 int32_t ret = HITLS_CRYPT_HMAC_Update(hmac, data, len);
270 #else
271 if (g_cryptBaseMethod.hmacUpdate == NULL) {
272 return HITLS_CRYPT_ERR_HMAC;
273 }
274 int32_t ret = g_cryptBaseMethod.hmacUpdate(hmac, data, len);
275 #endif
276 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_HMAC_UPDATE, ret, BINLOG_ID15073, HITLS_CRYPT_ERR_HMAC);
277 }
278
SAL_CRYPT_HmacFinal(HITLS_HMAC_Ctx * hmac,uint8_t * out,uint32_t * len)279 int32_t SAL_CRYPT_HmacFinal(HITLS_HMAC_Ctx *hmac, uint8_t *out, uint32_t *len)
280 {
281 #ifdef HITLS_TLS_FEATURE_PROVIDER
282 int32_t ret = HITLS_CRYPT_HMAC_Final(hmac, out, len);
283 #else
284 if (g_cryptBaseMethod.hmacFinal == NULL) {
285 return HITLS_CRYPT_ERR_HMAC;
286 }
287 int32_t ret = g_cryptBaseMethod.hmacFinal(hmac, out, len);
288 #endif
289 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_HMAC_FINAL, ret, BINLOG_ID15075, HITLS_CRYPT_ERR_HMAC);
290 }
291 #endif /* HITLS_TLS_CALLBACK_CRYPT_HMAC_PRIMITIVES */
292
SAL_CRYPT_Hmac(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_HashAlgo hashAlgo,const uint8_t * key,uint32_t keyLen,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)293 int32_t SAL_CRYPT_Hmac(HITLS_Lib_Ctx *libCtx, const char *attrName,
294 HITLS_HashAlgo hashAlgo, const uint8_t *key, uint32_t keyLen,
295 const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen)
296 {
297 #ifdef HITLS_TLS_FEATURE_PROVIDER
298 int32_t ret = HITLS_CRYPT_HMAC(libCtx, attrName, hashAlgo, key, keyLen, in, inLen, out, outLen);
299 #else
300 (void)libCtx;
301 (void)attrName;
302 if (g_cryptBaseMethod.hmac == NULL) {
303 return HITLS_CRYPT_ERR_HMAC;
304 }
305 int32_t ret = g_cryptBaseMethod.hmac(hashAlgo, key, keyLen, in, inLen, out, outLen);
306 #endif
307 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_HMAC, ret, BINLOG_ID15077, HITLS_CRYPT_ERR_HMAC);
308 }
309
IteratorInit(CRYPT_KeyDeriveParameters * input,uint32_t hmacSize,uint8_t ** iterator,uint32_t * iteratorSize)310 static int32_t IteratorInit(CRYPT_KeyDeriveParameters *input, uint32_t hmacSize,
311 uint8_t **iterator, uint32_t *iteratorSize)
312 {
313 uint8_t *seed = BSL_SAL_Calloc(1u, hmacSize + input->labelLen + input->seedLen);
314 if (seed == NULL) {
315 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15078, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
316 "P_Hash error: out of memory.", 0, 0, 0, 0);
317 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
318 return HITLS_MEMALLOC_FAIL;
319 }
320
321 (void)memcpy_s(&seed[hmacSize], input->labelLen, input->label, input->labelLen);
322 (void)memcpy_s(&seed[hmacSize + input->labelLen], input->seedLen, input->seed, input->seedLen);
323
324 int32_t ret = SAL_CRYPT_Hmac(input->libCtx, input->attrName,
325 input->hashAlgo, input->secret, input->secretLen,
326 &seed[hmacSize], input->labelLen + input->seedLen, seed, &hmacSize);
327 if (ret != HITLS_SUCCESS) {
328 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15079, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
329 "P_Hash error: iterator init fail, HMAC ret = 0x%x.", ret, 0, 0, 0);
330 BSL_SAL_FREE(seed);
331 return ret;
332 }
333 *iterator = seed;
334 *iteratorSize = hmacSize + input->labelLen + input->seedLen;
335 return HITLS_SUCCESS;
336 }
337
PHashPre(uint32_t * hmacSize,uint32_t * alignLen,uint32_t outLen,HITLS_HashAlgo hashAlgo)338 static int32_t PHashPre(uint32_t *hmacSize, uint32_t *alignLen, uint32_t outLen, HITLS_HashAlgo hashAlgo)
339 {
340 if (hmacSize == NULL || alignLen == NULL) {
341 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16611, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
342 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
343 return HITLS_NULL_INPUT;
344 }
345 *alignLen = outLen;
346 *hmacSize = SAL_CRYPT_HmacSize(hashAlgo);
347 if (*hmacSize == 0) {
348 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15080, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
349 "P_Hash error: hmac size is zero.", 0, 0, 0, 0);
350 BSL_ERR_PUSH_ERROR(HITLS_CRYPT_ERR_HMAC);
351 return HITLS_CRYPT_ERR_HMAC;
352 }
353 if ((outLen % *hmacSize) != 0) {
354 /* Padded based on the HMAC length. */
355 *alignLen += *hmacSize - (outLen % *hmacSize);
356 }
357 return HITLS_SUCCESS;
358 }
359
P_Hash(CRYPT_KeyDeriveParameters * input,uint8_t * out,uint32_t outLen)360 int32_t P_Hash(CRYPT_KeyDeriveParameters *input, uint8_t *out, uint32_t outLen)
361 {
362 uint8_t *iterator = NULL;
363 uint32_t iteratorSize = 0;
364 uint8_t *data = NULL;
365 uint32_t alignLen;
366 uint32_t srcLen = outLen;
367 uint32_t offset = 0;
368 uint32_t hmacSize;
369 int32_t ret = PHashPre(&hmacSize, &alignLen, outLen, input->hashAlgo);
370 if (ret != HITLS_SUCCESS) {
371 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16612, "PHashPre fail");
372 }
373 data = BSL_SAL_Calloc(1u, alignLen);
374 if (data == NULL) {
375 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
376 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID15081, "Calloc fail");
377 }
378
379 uint32_t tmpLen = hmacSize;
380 ret = IteratorInit(input, hmacSize, &iterator, &iteratorSize);
381 if (ret != HITLS_SUCCESS) {
382 (void)RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16613, "IteratorInit fail");
383 goto EXIT;
384 }
385
386 while (alignLen > 0) {
387 ret = SAL_CRYPT_Hmac(input->libCtx, input->attrName, input->hashAlgo, input->secret, input->secretLen,
388 iterator, iteratorSize, data + offset, &tmpLen);
389 if (ret != HITLS_SUCCESS) {
390 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15082, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
391 "P_Hash error: produce output data fail, HMAC ret = 0x%x.", ret, 0, 0, 0);
392 goto EXIT;
393 }
394
395 alignLen -= tmpLen;
396 offset += tmpLen;
397
398 ret = SAL_CRYPT_Hmac(input->libCtx, input->attrName, input->hashAlgo, input->secret, input->secretLen, iterator, tmpLen, iterator, &tmpLen);
399 if (ret != HITLS_SUCCESS) {
400 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15083, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
401 "P_Hash error: iterator update fail, HMAC ret = 0x%x.", ret, 0, 0, 0);
402 goto EXIT;
403 }
404 }
405
406 if (memcpy_s(out, outLen, data, srcLen) != EOK) {
407 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16614, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "memcpy fail", 0, 0, 0, 0);
408 ret = HITLS_MEMCPY_FAIL;
409 }
410 EXIT:
411 BSL_SAL_FREE(iterator);
412 BSL_SAL_FREE(data);
413 return ret;
414 }
415
416 #if defined(HITLS_CRYPTO_MD5) && defined(HITLS_CRYPTO_SHA1)
PRF_MD5_SHA1(CRYPT_KeyDeriveParameters * input,uint8_t * out,uint32_t outLen)417 int32_t PRF_MD5_SHA1(CRYPT_KeyDeriveParameters *input, uint8_t *out, uint32_t outLen)
418 {
419 uint32_t secretLen = input->secretLen;
420 const uint8_t *secret = input->secret;
421 int32_t ret;
422 uint32_t i;
423
424 /* The key is divided into two parts. The first part is the MD5 key, and the second part is the SHA1 key.
425 If the value is an odd number, for example, 7, the first half of the key is [1, 4]
426 and the second half of the key is [4, 7]. Both keys have the fourth byte. */
427 input->secretLen = ((secretLen + 1) >> 1);
428 input->hashAlgo = HITLS_HASH_MD5;
429 ret = P_Hash(input, out, outLen);
430 if (ret != HITLS_SUCCESS) {
431 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16615, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "P_Hash fail", 0, 0, 0, 0);
432 return ret;
433 }
434
435 uint8_t *sha1data = BSL_SAL_Calloc(1u, outLen);
436 if (sha1data == NULL) {
437 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15084, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
438 "PRF_MD5_SHA1 error: out of memory.", 0, 0, 0, 0);
439 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
440 return HITLS_MEMALLOC_FAIL;
441 }
442
443 input->secret += (secretLen >> 1);
444 input->hashAlgo = HITLS_HASH_SHA1;
445 ret = P_Hash(input, sha1data, outLen);
446 if (ret != HITLS_SUCCESS) {
447 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16616, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "P_Hash fail", 0, 0, 0, 0);
448 BSL_SAL_FREE(sha1data);
449 return ret;
450 }
451
452 for (i = 0; i < outLen; i++) {
453 out[i] ^= sha1data[i];
454 }
455
456 input->secret = secret;
457 input->secretLen = secretLen;
458
459 BSL_SAL_FREE(sha1data);
460 return HITLS_SUCCESS;
461 }
462 #endif /* HITLS_CRYPTO_MD5 && HITLS_CRYPTO_SHA1 */
463
SAL_CRYPT_PRF(CRYPT_KeyDeriveParameters * input,uint8_t * out,uint32_t outLen)464 int32_t SAL_CRYPT_PRF(CRYPT_KeyDeriveParameters *input, uint8_t *out, uint32_t outLen)
465 {
466 // Other versions
467 if (input->hashAlgo < HITLS_HASH_SHA_256) {
468 /* The PRF function must use the digest algorithm with SHA-256 or higher strength. */
469 input->hashAlgo = HITLS_HASH_SHA_256;
470 }
471
472 return P_Hash(input, out, outLen);
473 }
474
475
SAL_CRYPT_DigestInit(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_HashAlgo hashAlgo)476 HITLS_HASH_Ctx *SAL_CRYPT_DigestInit(HITLS_Lib_Ctx *libCtx, const char *attrName, HITLS_HashAlgo hashAlgo)
477 {
478 #ifdef HITLS_TLS_FEATURE_PROVIDER
479 return HITLS_CRYPT_DigestInit(libCtx, attrName, hashAlgo);
480 #else
481 (void)libCtx;
482 (void)attrName;
483 if (g_cryptBaseMethod.digestInit == NULL) {
484 return NULL;
485 }
486 return g_cryptBaseMethod.digestInit(hashAlgo);
487 #endif
488 }
489
SAL_CRYPT_DigestCopy(HITLS_HASH_Ctx * ctx)490 HITLS_HASH_Ctx *SAL_CRYPT_DigestCopy(HITLS_HASH_Ctx *ctx)
491 {
492 #ifdef HITLS_TLS_FEATURE_PROVIDER
493 return HITLS_CRYPT_DigestCopy(ctx);
494 #else
495 if (g_cryptBaseMethod.digestCopy == NULL) {
496 return NULL;
497 }
498 return g_cryptBaseMethod.digestCopy(ctx);
499 #endif
500 }
501
SAL_CRYPT_DigestFree(HITLS_HASH_Ctx * ctx)502 void SAL_CRYPT_DigestFree(HITLS_HASH_Ctx *ctx)
503 {
504 if (ctx != NULL) {
505 #ifdef HITLS_TLS_FEATURE_PROVIDER
506 HITLS_CRYPT_DigestFree(ctx);
507 #else
508 if (g_cryptBaseMethod.digestFree == NULL) {
509 return;
510 }
511 g_cryptBaseMethod.digestFree(ctx);
512 #endif
513 }
514 return;
515 }
516
SAL_CRYPT_DigestUpdate(HITLS_HASH_Ctx * ctx,const uint8_t * data,uint32_t len)517 int32_t SAL_CRYPT_DigestUpdate(HITLS_HASH_Ctx *ctx, const uint8_t *data, uint32_t len)
518 {
519 #ifdef HITLS_TLS_FEATURE_PROVIDER
520 int32_t ret = HITLS_CRYPT_DigestUpdate(ctx, data, len);
521 #else
522 if (g_cryptBaseMethod.digestUpdate == NULL) {
523 return HITLS_CRYPT_ERR_DIGEST;
524 }
525 int32_t ret = g_cryptBaseMethod.digestUpdate(ctx, data, len);
526 #endif
527 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_DIGEST_UPDATE, ret, BINLOG_ID15090,
528 HITLS_CRYPT_ERR_DIGEST);
529 }
530
SAL_CRYPT_DigestFinal(HITLS_HASH_Ctx * ctx,uint8_t * out,uint32_t * len)531 int32_t SAL_CRYPT_DigestFinal(HITLS_HASH_Ctx *ctx, uint8_t *out, uint32_t *len)
532 {
533 #ifdef HITLS_TLS_FEATURE_PROVIDER
534 int32_t ret = HITLS_CRYPT_DigestFinal(ctx, out, len);
535 #else
536 if (g_cryptBaseMethod.digestFinal == NULL) {
537 return HITLS_CRYPT_ERR_DIGEST;
538 }
539 int32_t ret = g_cryptBaseMethod.digestFinal(ctx, out, len);
540 #endif
541 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_DIGEST_FINAL, ret, BINLOG_ID15092,
542 HITLS_CRYPT_ERR_DIGEST);
543 }
544
545 #ifdef HITLS_TLS_PROTO_TLS13
SAL_CRYPT_DigestSize(HITLS_HashAlgo hashAlgo)546 uint32_t SAL_CRYPT_DigestSize(HITLS_HashAlgo hashAlgo)
547 {
548 #ifdef HITLS_TLS_FEATURE_PROVIDER
549 return HITLS_CRYPT_DigestSize(hashAlgo);
550 #else
551 if (g_cryptBaseMethod.digestSize == NULL) {
552 return 0;
553 }
554 return g_cryptBaseMethod.digestSize(hashAlgo);
555 #endif
556 }
557
SAL_CRYPT_Digest(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_HashAlgo hashAlgo,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)558 int32_t SAL_CRYPT_Digest(HITLS_Lib_Ctx *libCtx, const char *attrName,
559 HITLS_HashAlgo hashAlgo, const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen)
560 {
561 #ifdef HITLS_TLS_FEATURE_PROVIDER
562 int32_t ret = HITLS_CRYPT_Digest(libCtx, attrName, hashAlgo, in, inLen, out, outLen);
563 #else
564 (void)libCtx;
565 (void)attrName;
566 if (g_cryptBaseMethod.digest == NULL) {
567 return HITLS_CRYPT_ERR_DIGEST;
568 }
569 int32_t ret = g_cryptBaseMethod.digest(hashAlgo, in, inLen, out, outLen);
570 #endif
571 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_DIGEST, ret, BINLOG_ID15094, HITLS_CRYPT_ERR_DIGEST);
572 }
573 #endif
574
SAL_CRYPT_Encrypt(HITLS_Lib_Ctx * libCtx,const char * attrName,const HITLS_CipherParameters * cipher,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)575 int32_t SAL_CRYPT_Encrypt(HITLS_Lib_Ctx *libCtx, const char *attrName,
576 const HITLS_CipherParameters *cipher, const uint8_t *in, uint32_t inLen,
577 uint8_t *out, uint32_t *outLen)
578 {
579 #ifdef HITLS_TLS_FEATURE_PROVIDER
580 int32_t ret = HITLS_CRYPT_Encrypt(libCtx, attrName, cipher, in, inLen, out, outLen);
581 #else
582 (void)libCtx;
583 (void)attrName;
584 if (g_cryptBaseMethod.encrypt == NULL) {
585 return HITLS_CRYPT_ERR_ENCRYPT;
586 }
587 int32_t ret = g_cryptBaseMethod.encrypt(cipher, in, inLen, out, outLen);
588 #endif
589 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_ENCRYPT, ret, BINLOG_ID15096, HITLS_CRYPT_ERR_ENCRYPT);
590 }
591
SAL_CRYPT_Decrypt(HITLS_Lib_Ctx * libCtx,const char * attrName,const HITLS_CipherParameters * cipher,const uint8_t * in,uint32_t inLen,uint8_t * out,uint32_t * outLen)592 int32_t SAL_CRYPT_Decrypt(HITLS_Lib_Ctx *libCtx, const char *attrName,
593 const HITLS_CipherParameters *cipher, const uint8_t *in, uint32_t inLen,
594 uint8_t *out, uint32_t *outLen)
595 {
596 #ifdef HITLS_TLS_FEATURE_PROVIDER
597 int32_t ret = HITLS_CRYPT_Decrypt(libCtx, attrName, cipher, in, inLen, out, outLen);
598 #else
599 (void)libCtx;
600 (void)attrName;
601 if (g_cryptBaseMethod.decrypt == NULL) {
602 return HITLS_CRYPT_ERR_DECRYPT;
603 }
604 int32_t ret = g_cryptBaseMethod.decrypt(cipher, in, inLen, out, outLen);
605 #endif
606 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_DECRYPT, ret, BINLOG_ID15098, HITLS_CRYPT_ERR_DECRYPT);
607 }
608
SAL_CRYPT_CipherFree(HITLS_Cipher_Ctx * ctx)609 void SAL_CRYPT_CipherFree(HITLS_Cipher_Ctx *ctx)
610 {
611 #ifdef HITLS_TLS_FEATURE_PROVIDER
612 HITLS_CRYPT_CipherFree(ctx);
613 #else
614 if (g_cryptBaseMethod.cipherFree != NULL) {
615 g_cryptBaseMethod.cipherFree(ctx);
616 }
617 #endif
618 }
619
SAL_CRYPT_GenEcdhKeyPair(TLS_Ctx * ctx,const HITLS_ECParameters * curveParams)620 HITLS_CRYPT_Key *SAL_CRYPT_GenEcdhKeyPair(TLS_Ctx *ctx, const HITLS_ECParameters *curveParams)
621 {
622 #ifdef HITLS_TLS_FEATURE_PROVIDER
623 return HITLS_CRYPT_GenerateEcdhKey(LIBCTX_FROM_CTX(ctx), ATTRIBUTE_FROM_CTX(ctx),
624 &ctx->config.tlsConfig, curveParams);
625 #else
626 (void) ctx;
627 if (g_cryptEcdhMethod.generateEcdhKeyPair == NULL) {
628 return NULL;
629 }
630 return g_cryptEcdhMethod.generateEcdhKeyPair(curveParams);
631 #endif
632 }
633
SAL_CRYPT_FreeEcdhKey(HITLS_CRYPT_Key * key)634 void SAL_CRYPT_FreeEcdhKey(HITLS_CRYPT_Key *key)
635 {
636 #ifdef HITLS_TLS_FEATURE_PROVIDER
637 HITLS_CRYPT_FreeKey(key);
638 #else
639 if (key != NULL) {
640 if (g_cryptEcdhMethod.freeEcdhKey == NULL) {
641 return;
642 }
643 g_cryptEcdhMethod.freeEcdhKey(key);
644 }
645 #endif
646 return;
647 }
648
SAL_CRYPT_EncodeEcdhPubKey(HITLS_CRYPT_Key * key,uint8_t * pubKeyBuf,uint32_t bufLen,uint32_t * usedLen)649 int32_t SAL_CRYPT_EncodeEcdhPubKey(HITLS_CRYPT_Key *key, uint8_t *pubKeyBuf, uint32_t bufLen, uint32_t *usedLen)
650 {
651 #ifdef HITLS_TLS_FEATURE_PROVIDER
652 int32_t ret = HITLS_CRYPT_GetPubKey(key, pubKeyBuf, bufLen, usedLen);
653 #else
654 if (g_cryptEcdhMethod.getEcdhPubKey == NULL) {
655 return HITLS_CRYPT_ERR_ENCODE_ECDH_KEY;
656 }
657 int32_t ret = g_cryptEcdhMethod.getEcdhPubKey(key, pubKeyBuf, bufLen, usedLen);
658 #endif
659 return CheckCallBackRetVal(
660 HITLS_CRYPT_CALLBACK_GET_ECDH_ENCODED_PUBKEY, ret, BINLOG_ID15102, HITLS_CRYPT_ERR_ENCODE_ECDH_KEY);
661 }
662
SAL_CRYPT_CalcEcdhSharedSecret(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_CRYPT_Key * key,uint8_t * peerPubkey,uint32_t pubKeyLen,uint8_t * sharedSecret,uint32_t * sharedSecretLen)663 int32_t SAL_CRYPT_CalcEcdhSharedSecret(HITLS_Lib_Ctx *libCtx, const char *attrName,
664 HITLS_CRYPT_Key *key, uint8_t *peerPubkey, uint32_t pubKeyLen,
665 uint8_t *sharedSecret, uint32_t *sharedSecretLen)
666 {
667 #ifdef HITLS_TLS_FEATURE_PROVIDER
668 int32_t ret = HITLS_CRYPT_EcdhCalcSharedSecret(libCtx, attrName,
669 key, peerPubkey, pubKeyLen, sharedSecret, sharedSecretLen);
670 #else
671 (void)libCtx;
672 (void)attrName;
673 if (g_cryptEcdhMethod.calcEcdhSharedSecret == NULL) {
674 return HITLS_CRYPT_ERR_CALC_SHARED_KEY;
675 }
676 int32_t ret = g_cryptEcdhMethod.calcEcdhSharedSecret(key, peerPubkey, pubKeyLen, sharedSecret, sharedSecretLen);
677 #endif
678 return CheckCallBackRetVal(
679 HITLS_CRYPT_CALLBACK_CALC_ECDH_SHARED_SECRET, ret, BINLOG_ID15104, HITLS_CRYPT_ERR_CALC_SHARED_KEY);
680 }
681
682 #ifdef HITLS_TLS_PROTO_TLCP11
SAL_CRYPT_CalcSm2dhSharedSecret(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_Sm2GenShareKeyParameters * sm2ShareKeyParam,uint8_t * sharedSecret,uint32_t * sharedSecretLen)683 int32_t SAL_CRYPT_CalcSm2dhSharedSecret(HITLS_Lib_Ctx *libCtx, const char *attrName,
684 HITLS_Sm2GenShareKeyParameters *sm2ShareKeyParam, uint8_t *sharedSecret, uint32_t *sharedSecretLen)
685 {
686 #ifdef HITLS_TLS_FEATURE_PROVIDER
687 int32_t ret = HITLS_CRYPT_CalcSM2SharedSecret(libCtx, attrName,
688 sm2ShareKeyParam, sharedSecret, sharedSecretLen);
689 #else
690 (void)libCtx;
691 (void)attrName;
692 if (g_cryptEcdhMethod.sm2CalEcdhSharedSecret == NULL) {
693 return HITLS_CRYPT_ERR_CALC_SHARED_KEY;
694 }
695 int32_t ret = g_cryptEcdhMethod.sm2CalEcdhSharedSecret(sm2ShareKeyParam, sharedSecret, sharedSecretLen);
696 #endif
697 return CheckCallBackRetVal(
698 HITLS_CRYPT_CALLBACK_SM2_CALC_ECDH_SHARED_SECRET, ret, BINLOG_ID16212,
699 HITLS_CRYPT_ERR_ENCODE_ECDH_KEY);
700 }
701 #endif /* HITLS_TLS_PROTO_TLCP11 */
702
SAL_CRYPT_GenerateDhKeyByParams(HITLS_Lib_Ctx * libCtx,const char * attrName,uint8_t * p,uint16_t plen,uint8_t * g,uint16_t glen)703 HITLS_CRYPT_Key *SAL_CRYPT_GenerateDhKeyByParams(HITLS_Lib_Ctx *libCtx,
704 const char *attrName, uint8_t *p, uint16_t plen, uint8_t *g, uint16_t glen)
705 {
706 #ifdef HITLS_TLS_FEATURE_PROVIDER
707 return HITLS_CRYPT_GenerateDhKeyByParameters(libCtx, attrName, p, plen, g, glen);
708 #else
709 (void)libCtx;
710 (void)attrName;
711 if (g_cryptDhMethod.generateDhKeyByParams == NULL) {
712 return NULL;
713 }
714 return g_cryptDhMethod.generateDhKeyByParams(p, plen, g, glen);
715 #endif
716 }
717
SAL_CRYPT_GenerateDhKeyBySecbits(TLS_Ctx * ctx,int32_t secBits)718 HITLS_CRYPT_Key *SAL_CRYPT_GenerateDhKeyBySecbits(TLS_Ctx *ctx,
719 int32_t secBits)
720 {
721 #ifdef HITLS_TLS_FEATURE_PROVIDER
722 return HITLS_CRYPT_GenerateDhKeyBySecbits(LIBCTX_FROM_CTX(ctx), ATTRIBUTE_FROM_CTX(ctx),
723 &ctx->config.tlsConfig, secBits);
724 #else
725 (void)ctx;
726 if (g_cryptDhMethod.generateDhKeyBySecbits == NULL) {
727 return NULL;
728 }
729 return g_cryptDhMethod.generateDhKeyBySecbits(secBits);
730 #endif
731
732 }
733
734 #ifdef HITLS_TLS_CONFIG_MANUAL_DH
SAL_CRYPT_DupDhKey(HITLS_CRYPT_Key * key)735 HITLS_CRYPT_Key *SAL_CRYPT_DupDhKey(HITLS_CRYPT_Key *key)
736 {
737 #ifdef HITLS_TLS_FEATURE_PROVIDER
738 return HITLS_CRYPT_DupKey(key);
739 #else
740 if (g_cryptDhMethod.dupDhKey == NULL) {
741 return NULL;
742 }
743 return g_cryptDhMethod.dupDhKey(key);
744 #endif
745 }
746 #endif /* HITLS_TLS_CONFIG_MANUAL_DH */
747
SAL_CRYPT_FreeDhKey(HITLS_CRYPT_Key * key)748 void SAL_CRYPT_FreeDhKey(HITLS_CRYPT_Key *key)
749 {
750 if (key != NULL) {
751 #ifdef HITLS_TLS_FEATURE_PROVIDER
752 HITLS_CRYPT_FreeKey(key);
753 #else
754 if (g_cryptDhMethod.freeDhKey == NULL) {
755 return;
756 }
757 g_cryptDhMethod.freeDhKey(key);
758 #endif
759 }
760 return;
761 }
762
SAL_CRYPT_GetDhParameters(HITLS_CRYPT_Key * key,uint8_t * p,uint16_t * plen,uint8_t * g,uint16_t * glen)763 int32_t SAL_CRYPT_GetDhParameters(HITLS_CRYPT_Key *key, uint8_t *p, uint16_t *plen, uint8_t *g, uint16_t *glen)
764 {
765 #ifdef HITLS_TLS_FEATURE_PROVIDER
766 return HITLS_CRYPT_GetDhParameters(key, p, plen, g, glen);
767 #else
768 if (g_cryptDhMethod.getDhParameters == NULL) {
769 return HITLS_CRYPT_ERR_DH;
770 }
771 return g_cryptDhMethod.getDhParameters(key, p, plen, g, glen);
772 #endif
773 }
774
SAL_CRYPT_EncodeDhPubKey(HITLS_CRYPT_Key * key,uint8_t * pubKeyBuf,uint32_t bufLen,uint32_t * usedLen)775 int32_t SAL_CRYPT_EncodeDhPubKey(HITLS_CRYPT_Key *key, uint8_t *pubKeyBuf, uint32_t bufLen, uint32_t *usedLen)
776 {
777 #ifdef HITLS_TLS_FEATURE_PROVIDER
778 int32_t ret = HITLS_CRYPT_GetPubKey(key, pubKeyBuf, bufLen, usedLen);
779 #else
780 if (g_cryptDhMethod.getDhPubKey == NULL) {
781 return HITLS_CRYPT_ERR_ENCODE_DH_KEY;
782 }
783 int32_t ret = g_cryptDhMethod.getDhPubKey(key, pubKeyBuf, bufLen, usedLen);
784 #endif
785 return CheckCallBackRetVal(
786 HITLS_CRYPT_CALLBACK_GET_DH_ENCODED_PUBKEY, ret, BINLOG_ID15110, HITLS_CRYPT_ERR_ENCODE_DH_KEY);
787 }
788
SAL_CRYPT_CalcDhSharedSecret(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_CRYPT_Key * key,uint8_t * peerPubkey,uint32_t pubKeyLen,uint8_t * sharedSecret,uint32_t * sharedSecretLen)789 int32_t SAL_CRYPT_CalcDhSharedSecret(HITLS_Lib_Ctx *libCtx, const char *attrName,
790 HITLS_CRYPT_Key *key, uint8_t *peerPubkey, uint32_t pubKeyLen, uint8_t *sharedSecret, uint32_t *sharedSecretLen)
791 {
792 #ifdef HITLS_TLS_FEATURE_PROVIDER
793 int32_t ret = HITLS_CRYPT_DhCalcSharedSecret(libCtx, attrName,
794 key, peerPubkey, pubKeyLen, sharedSecret, sharedSecretLen);
795 #else
796 (void)libCtx;
797 (void)attrName;
798 if (g_cryptDhMethod.calcDhSharedSecret == NULL) {
799 return HITLS_CRYPT_ERR_CALC_SHARED_KEY;
800 }
801 int32_t ret = g_cryptDhMethod.calcDhSharedSecret(key, peerPubkey, pubKeyLen, sharedSecret, sharedSecretLen);
802 #endif
803 return CheckCallBackRetVal(
804 HITLS_CRYPT_CALLBACK_CALC_DH_SHARED_SECRET, ret, BINLOG_ID15112, HITLS_CRYPT_ERR_CALC_SHARED_KEY);
805 }
806
SAL_CRYPT_GetCryptLength(const TLS_Ctx * ctx,int32_t cmd,int32_t param)807 uint32_t SAL_CRYPT_GetCryptLength(const TLS_Ctx *ctx, int32_t cmd, int32_t param)
808 {
809 const TLS_GroupInfo *groupInfo = NULL;
810 if (ctx == NULL) {
811 return 0;
812 }
813 groupInfo = ConfigGetGroupInfo(&ctx->config.tlsConfig, (uint16_t)param);
814 switch (cmd) {
815 case HITLS_CRYPT_INFO_CMD_GET_PUBLIC_KEY_LEN:
816 if (groupInfo == NULL) {
817 return 0;
818 }
819 return groupInfo->pubkeyLen;
820 case HITLS_CRYPT_INFO_CMD_GET_CIPHERTEXT_LEN:
821 if (groupInfo == NULL) {
822 return 0;
823 }
824 return groupInfo->ciphertextLen;
825 default:
826 return 0;
827 }
828 return 0;
829 }
830
831 #ifdef HITLS_TLS_PROTO_TLS13
SAL_CRYPT_HkdfExtract(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_CRYPT_HkdfExtractInput * input,uint8_t * prk,uint32_t * prkLen)832 int32_t SAL_CRYPT_HkdfExtract(HITLS_Lib_Ctx *libCtx,
833 const char *attrName, HITLS_CRYPT_HkdfExtractInput *input, uint8_t *prk, uint32_t *prkLen)
834 {
835 #ifdef HITLS_TLS_FEATURE_PROVIDER
836 int32_t ret = HITLS_CRYPT_HkdfExtract(libCtx, attrName, input, prk, prkLen);
837 #else
838 (void)libCtx;
839 (void)attrName;
840 if (g_cryptKdfMethod.hkdfExtract == NULL) {
841 return HITLS_CRYPT_ERR_HKDF_EXTRACT;
842 }
843 int32_t ret = g_cryptKdfMethod.hkdfExtract(input, prk, prkLen);
844 #endif
845 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_HKDF_EXTRACT, ret, BINLOG_ID15114,
846 HITLS_CRYPT_ERR_HKDF_EXTRACT);
847 }
848
SAL_CRYPT_HkdfExpand(HITLS_Lib_Ctx * libCtx,const char * attrName,HITLS_CRYPT_HkdfExpandInput * input,uint8_t * okm,uint32_t okmLen)849 int32_t SAL_CRYPT_HkdfExpand(HITLS_Lib_Ctx *libCtx,
850 const char *attrName, HITLS_CRYPT_HkdfExpandInput *input, uint8_t *okm, uint32_t okmLen)
851 {
852 #ifdef HITLS_TLS_FEATURE_PROVIDER
853 int32_t ret = HITLS_CRYPT_HkdfExpand(libCtx, attrName, input, okm, okmLen);
854 #else
855 (void)libCtx;
856 (void)attrName;
857 if (g_cryptKdfMethod.hkdfExpand == NULL) {
858 return HITLS_CRYPT_ERR_HKDF_EXPAND;
859 }
860 int32_t ret = g_cryptKdfMethod.hkdfExpand(input, okm, okmLen);
861 #endif
862 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_HKDF_EXPAND, ret, BINLOG_ID15116,
863 HITLS_CRYPT_ERR_HKDF_EXPAND);
864 }
865
866 /*
867 * 2 bytes for length of derived secret + 1 byte for length of combined
868 * prefix and label + bytes for the label itself + 1 byte length of hash
869 * + bytes for the hash itself
870 */
SAL_CRYPT_EncodeHkdfLabel(HkdfLabel * hkdfLabel,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen)871 static int32_t SAL_CRYPT_EncodeHkdfLabel(HkdfLabel *hkdfLabel, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen)
872 {
873 char labelPrefix[] = "tls13 ";
874 size_t labelPrefixLen = strlen(labelPrefix);
875 uint32_t offset = 0;
876
877 BSL_Uint16ToByte(hkdfLabel->length, buf);
878 offset += sizeof(uint16_t);
879 /* The truncation won't happen, as the label length will not be greater than 64, all possible labels are as follows:
880 * "ext binder", "res binder", "finished", "c e traffic", "e exp master", "derived", "c hs traffic", "s hs traffic"
881 * "finished", "derived", "c ap traffic", "s ap traffic", "exp master", "finished", "res master",
882 * "TLS 1.3,serverCertificateVerify", "TLS 1.3,clientCertificateVerify".
883 */
884 buf[offset] = (uint8_t)(hkdfLabel->labelLen + labelPrefixLen);
885 offset += sizeof(uint8_t);
886
887 if (memcpy_s(&buf[offset], bufLen - offset, labelPrefix, labelPrefixLen) != EOK) {
888 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15117, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
889 "Encode HkdfLabel error: memcpy fail", 0, 0, 0, 0);
890 BSL_ERR_PUSH_ERROR(HITLS_MEMCPY_FAIL);
891 return HITLS_MEMCPY_FAIL;
892 }
893 offset += (uint32_t)labelPrefixLen;
894 if (hkdfLabel->labelLen != 0 &&
895 memcpy_s(&buf[offset], bufLen - offset, hkdfLabel->label, hkdfLabel->labelLen) != EOK) {
896 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15118, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
897 "Encode HkdfLabel error: memcpy fail", 0, 0, 0, 0);
898 BSL_ERR_PUSH_ERROR(HITLS_MEMCPY_FAIL);
899 return HITLS_MEMCPY_FAIL;
900 }
901 offset += hkdfLabel->labelLen;
902
903 buf[offset] = hkdfLabel->ctxLen;
904 offset += sizeof(uint8_t);
905 if (hkdfLabel->ctxLen != 0) {
906 if (memcpy_s(&buf[offset], bufLen - offset, hkdfLabel->ctx, hkdfLabel->ctxLen) != EOK) {
907 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15119, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
908 "Encode HkdfLabel error: memcpy fail", 0, 0, 0, 0);
909 BSL_ERR_PUSH_ERROR(HITLS_MEMCPY_FAIL);
910 return HITLS_MEMCPY_FAIL;
911 }
912 offset += hkdfLabel->ctxLen;
913 }
914 *usedLen = offset;
915 return HITLS_SUCCESS;
916 }
917
SAL_CRYPT_HkdfExpandLabel(CRYPT_KeyDeriveParameters * deriveInfo,uint8_t * outSecret,uint32_t outLen)918 int32_t SAL_CRYPT_HkdfExpandLabel(CRYPT_KeyDeriveParameters *deriveInfo, uint8_t *outSecret, uint32_t outLen)
919 {
920 uint8_t hkdfLabel[TLS13_MAX_HKDF_LABEL_LEN] = {0};
921 uint32_t hkdfLabelLen = 0;
922
923 HkdfLabel info = {0};
924 info.length = (uint16_t)outLen;
925 info.labelLen = (uint8_t)deriveInfo->labelLen;
926 info.ctxLen = (uint8_t)deriveInfo->seedLen;
927 info.label = deriveInfo->label;
928 info.ctx = deriveInfo->seed;
929 int32_t ret = SAL_CRYPT_EncodeHkdfLabel(&info, hkdfLabel, TLS13_MAX_HKDF_LABEL_LEN, &hkdfLabelLen);
930 if (ret != HITLS_SUCCESS) {
931 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16626, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
932 "EncodeHkdfLabel fail", 0, 0, 0, 0);
933 return ret;
934 }
935
936 HITLS_CRYPT_HkdfExpandInput expandInput = {0};
937 expandInput.hashAlgo = deriveInfo->hashAlgo;
938 expandInput.prk = deriveInfo->secret;
939 expandInput.prkLen = deriveInfo->secretLen;
940 expandInput.info = hkdfLabel;
941 expandInput.infoLen = hkdfLabelLen;
942 return SAL_CRYPT_HkdfExpand(deriveInfo->libCtx, deriveInfo->attrName, &expandInput, outSecret, outLen);
943 }
944
945 #ifdef HITLS_TLS_FEATURE_KEM
SAL_CRYPT_KemEncapsulate(TLS_Ctx * ctx,HITLS_KemEncapsulateParams * params)946 int32_t SAL_CRYPT_KemEncapsulate(TLS_Ctx *ctx, HITLS_KemEncapsulateParams *params)
947 {
948 #ifdef HITLS_TLS_FEATURE_PROVIDER
949 int32_t ret = HITLS_CRYPT_KemEncapsulate(LIBCTX_FROM_CTX(ctx), ATTRIBUTE_FROM_CTX(ctx),
950 &ctx->config.tlsConfig, params);
951 #else
952 (void)ctx;
953 (void)params;
954 if (g_cryptEcdhMethod.kemEncapsulate == NULL) {
955 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16627, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
956 "kemEncapsulate callback not registered", 0, 0, 0, 0);
957 return HITLS_UNREGISTERED_CALLBACK;
958 }
959
960 int32_t ret = g_cryptEcdhMethod.kemEncapsulate(params);
961 #endif
962 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_KEM_ENCAPSULATE, ret, BINLOG_ID16617,
963 HITLS_CRYPT_ERR_KEM_ENCAPSULATE);
964 }
965
SAL_CRYPT_KemDecapsulate(HITLS_CRYPT_Key * key,const uint8_t * ciphertext,uint32_t ciphertextLen,uint8_t * sharedSecret,uint32_t * sharedSecretLen)966 int32_t SAL_CRYPT_KemDecapsulate(HITLS_CRYPT_Key *key, const uint8_t *ciphertext, uint32_t ciphertextLen,
967 uint8_t *sharedSecret, uint32_t *sharedSecretLen)
968 {
969 #ifdef HITLS_TLS_FEATURE_PROVIDER
970 int32_t ret = HITLS_CRYPT_KemDecapsulate(key, ciphertext, ciphertextLen, sharedSecret, sharedSecretLen);
971 #else
972 if (g_cryptEcdhMethod.kemDecapsulate == NULL) {
973 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16630, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
974 "kemDecapsulate callback not registered", 0, 0, 0, 0);
975 return HITLS_UNREGISTERED_CALLBACK;
976 }
977
978 int32_t ret = g_cryptEcdhMethod.kemDecapsulate(key, ciphertext, ciphertextLen, sharedSecret, sharedSecretLen);
979 #endif
980 return CheckCallBackRetVal(HITLS_CRYPT_CALLBACK_KEM_DECAPSULATE, ret, BINLOG_ID16637,
981 HITLS_CRYPT_ERR_KEM_DECAPSULATE);
982 }
983 #endif /* HITLS_TLS_FEATURE_KEM */
984 #endif /* HITLS_TLS_PROTO_TLS13 */
985