1 /*
2 * Copyright (C) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "signature_rsa_openssl.h"
17
18 #include <string.h>
19
20 #include <openssl/evp.h>
21
22 #include "securec.h"
23
24 #include "algorithm_parameter.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "openssl_adapter.h"
28 #include "openssl_class.h"
29 #include "openssl_common.h"
30 #include "rsa_openssl_common.h"
31 #include "utils.h"
32
33 #define PSS_TRAILER_FIELD_SUPPORTED_INT 1
34 #define PSS_SALTLEN_INVALID_INIT (-9)
35
36 typedef struct {
37 HcfSignSpi base;
38
39 EVP_MD_CTX *mdctx;
40
41 EVP_PKEY_CTX *ctx;
42
43 int32_t padding;
44
45 int32_t md;
46
47 int32_t mgf1md;
48
49 CryptoStatus initFlag;
50
51 int32_t saltLen;
52 } HcfSignSpiRsaOpensslImpl;
53
54 typedef struct {
55 HcfVerifySpi base;
56
57 EVP_MD_CTX *mdctx;
58
59 EVP_PKEY_CTX *ctx;
60
61 int32_t padding;
62
63 int32_t md;
64
65 int32_t mgf1md;
66
67 CryptoStatus initFlag;
68
69 int32_t saltLen;
70 } HcfVerifySpiRsaOpensslImpl;
71
GetRsaSignClass(void)72 static const char *GetRsaSignClass(void)
73 {
74 return OPENSSL_RSA_SIGN_CLASS;
75 }
76
GetRsaVerifyClass(void)77 static const char *GetRsaVerifyClass(void)
78 {
79 return OPENSSL_RSA_VERIFY_CLASS;
80 }
81
DestroyRsaSign(HcfObjectBase * self)82 static void DestroyRsaSign(HcfObjectBase *self)
83 {
84 if (self == NULL) {
85 LOGE("Class is null");
86 return;
87 }
88 if (!IsClassMatch(self, OPENSSL_RSA_SIGN_CLASS)) {
89 LOGE("Class not match.");
90 return;
91 }
92 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
93 Openssl_EVP_MD_CTX_free(impl->mdctx);
94 impl->mdctx = NULL;
95 // ctx will be freed with mdctx
96 HcfFree(impl);
97 impl = NULL;
98 LOGD("DestroyRsaSign success.");
99 }
100
DestroyRsaVerify(HcfObjectBase * self)101 static void DestroyRsaVerify(HcfObjectBase *self)
102 {
103 if (self == NULL) {
104 LOGE("Class is null");
105 return;
106 }
107 if (!IsClassMatch(self, OPENSSL_RSA_VERIFY_CLASS)) {
108 LOGE("Class not match.");
109 return;
110 }
111 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
112 Openssl_EVP_MD_CTX_free(impl->mdctx);
113 impl->mdctx = NULL;
114 HcfFree(impl);
115 impl = NULL;
116 LOGD("DestroyRsaVerify success.");
117 }
118
CheckInitKeyType(HcfKey * key,bool signing)119 static HcfResult CheckInitKeyType(HcfKey *key, bool signing)
120 {
121 if (signing) {
122 if (!IsClassMatch((HcfObjectBase *)key, OPENSSL_RSA_PRIKEY_CLASS)) {
123 LOGE("Input keyType dismatch with sign option, please use priKey.");
124 return HCF_INVALID_PARAMS;
125 }
126 } else {
127 if (!IsClassMatch((HcfObjectBase *)key, OPENSSL_RSA_PUBKEY_CLASS)) {
128 LOGE("Input keyType dismatch with sign option, please use pubKey.");
129 return HCF_INVALID_PARAMS;
130 }
131 }
132 return HCF_SUCCESS;
133 }
134
InitRsaEvpKey(const HcfKey * key,bool signing)135 static EVP_PKEY *InitRsaEvpKey(const HcfKey *key, bool signing)
136 {
137 RSA *rsa = NULL;
138 if (signing == true) {
139 // dup will check if rsa is NULL
140 if (DuplicateRsa(((HcfOpensslRsaPriKey *)key)->sk, signing, &rsa) != HCF_SUCCESS) {
141 LOGE("dup pri RSA fail");
142 return NULL;
143 }
144 } else if (signing == false) {
145 if (DuplicateRsa(((HcfOpensslRsaPubKey *)key)->pk, signing, &rsa) != HCF_SUCCESS) {
146 LOGE("dup pub RSA fail");
147 return NULL;
148 }
149 }
150 if (rsa == NULL) {
151 LOGE("The Key has lost.");
152 return NULL;
153 }
154 EVP_PKEY *pkey = NewEvpPkeyByRsa(rsa, false);
155 if (pkey == NULL) {
156 LOGD("[error] New evp pkey failed");
157 HcfPrintOpensslError();
158 Openssl_RSA_free(rsa);
159 return NULL;
160 }
161 return pkey;
162 }
163
164 // the params has been checked in the CheckSignatureParams
SetPaddingAndDigest(EVP_PKEY_CTX * ctx,int32_t hcfPadding,int32_t md,int32_t mgf1md)165 static HcfResult SetPaddingAndDigest(EVP_PKEY_CTX *ctx, int32_t hcfPadding, int32_t md, int32_t mgf1md)
166 {
167 int32_t opensslPadding = 0;
168 (void)GetOpensslPadding(hcfPadding, &opensslPadding);
169 if (Openssl_EVP_PKEY_CTX_set_rsa_padding(ctx, opensslPadding) != HCF_OPENSSL_SUCCESS) {
170 LOGD("[error] Openssl_EVP_PKEY_CTX_set_rsa_padding fail");
171 HcfPrintOpensslError();
172 return HCF_ERR_CRYPTO_OPERATION;
173 }
174 if (hcfPadding == HCF_OPENSSL_RSA_PSS_PADDING) {
175 LOGD("padding is pss, set mgf1 md");
176 EVP_MD *opensslAlg = NULL;
177 (void)GetOpensslDigestAlg(mgf1md, &opensslAlg);
178 if (Openssl_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, opensslAlg) != HCF_OPENSSL_SUCCESS) {
179 LOGD("[error] EVP_PKEY_CTX_set_rsa_mgf1_md fail");
180 HcfPrintOpensslError();
181 return HCF_ERR_CRYPTO_OPERATION;
182 }
183 }
184 return HCF_SUCCESS;
185 }
186
187
SetSignParams(HcfSignSpiRsaOpensslImpl * impl,HcfPriKey * privateKey)188 static HcfResult SetSignParams(HcfSignSpiRsaOpensslImpl *impl, HcfPriKey *privateKey)
189 {
190 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)privateKey, true);
191 if (dupKey == NULL) {
192 LOGD("[error] InitRsaEvpKey fail.");
193 return HCF_ERR_CRYPTO_OPERATION;
194 }
195 EVP_PKEY_CTX *ctx = NULL;
196 EVP_MD *opensslAlg = NULL;
197 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
198 if (opensslAlg == NULL) {
199 LOGE("Get openssl digest alg fail");
200 return HCF_INVALID_PARAMS;
201 }
202 if (Openssl_EVP_DigestSignInit(impl->mdctx, &ctx, opensslAlg, NULL, dupKey) != HCF_OPENSSL_SUCCESS) {
203 LOGD("[error] Openssl_EVP_DigestSignInit fail.");
204 Openssl_EVP_PKEY_free(dupKey);
205 return HCF_ERR_CRYPTO_OPERATION;
206 }
207 if (SetPaddingAndDigest(ctx, impl->padding, impl->md, impl->mgf1md) != HCF_SUCCESS) {
208 LOGD("[error] set padding and digest fail");
209 Openssl_EVP_PKEY_free(dupKey);
210 return HCF_ERR_CRYPTO_OPERATION;
211 }
212 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
213 if (Openssl_EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, impl->saltLen) != HCF_OPENSSL_SUCCESS) {
214 LOGD("[error] get saltLen fail");
215 return HCF_ERR_CRYPTO_OPERATION;
216 }
217 }
218 impl->ctx = ctx;
219 Openssl_EVP_PKEY_free(dupKey);
220 return HCF_SUCCESS;
221 }
222
EngineSignInit(HcfSignSpi * self,HcfParamsSpec * params,HcfPriKey * privateKey)223 static HcfResult EngineSignInit(HcfSignSpi *self, HcfParamsSpec *params, HcfPriKey *privateKey)
224 {
225 (void)params;
226 if (self == NULL || privateKey == NULL) {
227 LOGE("Invalid input params");
228 return HCF_INVALID_PARAMS;
229 }
230 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
231 LOGE("Class not match.");
232 return HCF_INVALID_PARAMS;
233 }
234 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
235 if (impl->initFlag != UNINITIALIZED) {
236 LOGE("Sign has been init");
237 return HCF_INVALID_PARAMS;
238 }
239 if (CheckInitKeyType((HcfKey *)privateKey, true) != HCF_SUCCESS) {
240 LOGE("KeyType dismatch.");
241 return HCF_INVALID_PARAMS;
242 }
243 if (SetSignParams(impl, privateKey) != HCF_SUCCESS) {
244 LOGD("[error] Sign set padding or md fail");
245 return HCF_ERR_CRYPTO_OPERATION;
246 }
247 impl->initFlag = INITIALIZED;
248 return HCF_SUCCESS;
249 }
250
SetVerifyParams(HcfVerifySpiRsaOpensslImpl * impl,HcfPubKey * publicKey)251 static HcfResult SetVerifyParams(HcfVerifySpiRsaOpensslImpl *impl, HcfPubKey *publicKey)
252 {
253 EVP_PKEY_CTX *ctx = NULL;
254 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)publicKey, false);
255 if (dupKey == NULL) {
256 LOGD("[error] InitRsaEvpKey fail.");
257 return HCF_ERR_CRYPTO_OPERATION;
258 }
259 EVP_MD *opensslAlg = NULL;
260 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
261 if (opensslAlg == NULL) {
262 LOGE("Get openssl digest alg fail");
263 return HCF_INVALID_PARAMS;
264 }
265 if (Openssl_EVP_DigestVerifyInit(impl->mdctx, &ctx, opensslAlg, NULL, dupKey) != HCF_OPENSSL_SUCCESS) {
266 LOGD("[error] Openssl_EVP_DigestVerifyInit fail.");
267 HcfPrintOpensslError();
268 Openssl_EVP_PKEY_free(dupKey);
269 return HCF_ERR_CRYPTO_OPERATION;
270 }
271 if (SetPaddingAndDigest(ctx, impl->padding, impl->md, impl->mgf1md) != HCF_SUCCESS) {
272 LOGD("[error] set padding and digest fail");
273 Openssl_EVP_PKEY_free(dupKey);
274 return HCF_ERR_CRYPTO_OPERATION;
275 }
276 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
277 if (Openssl_EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, impl->saltLen) != HCF_OPENSSL_SUCCESS) {
278 LOGD("[error] get saltLen fail");
279 return HCF_ERR_CRYPTO_OPERATION;
280 }
281 }
282 impl->ctx = ctx;
283 Openssl_EVP_PKEY_free(dupKey);
284 return HCF_SUCCESS;
285 }
286
EngineVerifyInit(HcfVerifySpi * self,HcfParamsSpec * params,HcfPubKey * publicKey)287 static HcfResult EngineVerifyInit(HcfVerifySpi *self, HcfParamsSpec *params, HcfPubKey *publicKey)
288 {
289 (void)params;
290 if (self == NULL || publicKey == NULL) {
291 LOGE("Invalid input params.");
292 return HCF_INVALID_PARAMS;
293 }
294 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
295 LOGE("Class not match.");
296 return HCF_INVALID_PARAMS;
297 }
298 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
299 if (impl->initFlag != UNINITIALIZED) {
300 LOGE("Verigy has been init.");
301 return HCF_INVALID_PARAMS;
302 }
303 if (CheckInitKeyType((HcfKey *)publicKey, false) != HCF_SUCCESS) {
304 LOGE("KeyType dismatch.");
305 return HCF_INVALID_PARAMS;
306 }
307 if (SetVerifyParams(impl, publicKey) != HCF_SUCCESS) {
308 LOGD("[error] Verify set padding or md fail");
309 return HCF_ERR_CRYPTO_OPERATION;
310 }
311 impl->initFlag = INITIALIZED;
312 return HCF_SUCCESS;
313 }
314
EngineSignUpdate(HcfSignSpi * self,HcfBlob * data)315 static HcfResult EngineSignUpdate(HcfSignSpi *self, HcfBlob *data)
316 {
317 if ((self == NULL) || (data == NULL) || (data->data == NULL)) {
318 LOGE("Invalid input parameter.");
319 return HCF_INVALID_PARAMS;
320 }
321 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
322 LOGE("Class not match.");
323 return HCF_INVALID_PARAMS;
324 }
325 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
326 if (impl->initFlag != INITIALIZED) {
327 LOGE("The Sign has not been init");
328 return HCF_INVALID_PARAMS;
329 }
330 if (Openssl_EVP_DigestSignUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
331 LOGD("[error] Openssl_EVP_DigestSignUpdate fail");
332 return HCF_ERR_CRYPTO_OPERATION;
333 }
334 return HCF_SUCCESS;
335 }
336
EngineVerifyUpdate(HcfVerifySpi * self,HcfBlob * data)337 static HcfResult EngineVerifyUpdate(HcfVerifySpi *self, HcfBlob *data)
338 {
339 if ((self == NULL) || (data == NULL) || (data->data == NULL)) {
340 LOGE("Invalid input parameter.");
341 return HCF_INVALID_PARAMS;
342 }
343 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
344 LOGE("Class not match.");
345 return HCF_INVALID_PARAMS;
346 }
347 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
348 if (impl->initFlag != INITIALIZED) {
349 LOGE("The Sign has not been init");
350 return HCF_INVALID_PARAMS;
351 }
352 if (Openssl_EVP_DigestVerifyUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
353 LOGD("[error] Openssl_EVP_DigestSignUpdate fail");
354 return HCF_ERR_CRYPTO_OPERATION;
355 }
356 return HCF_SUCCESS;
357 }
358
EngineSign(HcfSignSpi * self,HcfBlob * data,HcfBlob * returnSignatureData)359 static HcfResult EngineSign(HcfSignSpi *self, HcfBlob *data, HcfBlob *returnSignatureData)
360 {
361 if (self == NULL || returnSignatureData == NULL) {
362 LOGE("Invalid input params.");
363 return HCF_INVALID_PARAMS;
364 }
365 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
366 LOGE("Class not match.");
367 return HCF_INVALID_PARAMS;
368 }
369 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
370 if (impl->initFlag != INITIALIZED) {
371 LOGE("The Sign has not been init");
372 return HCF_INVALID_PARAMS;
373 }
374 if (data != NULL && data->data != NULL) {
375 if (Openssl_EVP_DigestSignUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
376 LOGD("[error] Dofinal update data fail.");
377 return HCF_ERR_CRYPTO_OPERATION;
378 }
379 }
380 size_t maxLen;
381 if (Openssl_EVP_DigestSignFinal(impl->mdctx, NULL, &maxLen) != HCF_OPENSSL_SUCCESS) {
382 LOGD("[error] Openssl_EVP_DigestSignFinal fail");
383 return HCF_ERR_CRYPTO_OPERATION;
384 }
385 LOGD("sign maxLen is %d", maxLen);
386 uint8_t *outData = (uint8_t *)HcfMalloc(maxLen, 0);
387 if (outData == NULL) {
388 LOGE("Failed to allocate outData memory!");
389 return HCF_ERR_MALLOC;
390 }
391 size_t actualLen = maxLen;
392 if (Openssl_EVP_DigestSignFinal(impl->mdctx, outData, &actualLen) != HCF_OPENSSL_SUCCESS) {
393 LOGD("[error] Openssl_EVP_DigestSignFinal fail");
394 HcfFree(outData);
395 HcfPrintOpensslError();
396 return HCF_ERR_CRYPTO_OPERATION;
397 }
398 if (actualLen > maxLen) {
399 LOGD("[error] signature data too long.");
400 HcfFree(outData);
401 return HCF_ERR_CRYPTO_OPERATION;
402 }
403
404 returnSignatureData->data = outData;
405 returnSignatureData->len = (uint32_t)actualLen;
406
407 return HCF_SUCCESS;
408 }
409
EngineVerify(HcfVerifySpi * self,HcfBlob * data,HcfBlob * signatureData)410 static bool EngineVerify(HcfVerifySpi *self, HcfBlob *data, HcfBlob *signatureData)
411 {
412 if (self == NULL || signatureData == NULL || signatureData->data == NULL) {
413 LOGE("Invalid input params");
414 return false;
415 }
416 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
417 LOGE("Class not match.");
418 return false;
419 }
420
421 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
422 if (impl->initFlag != INITIALIZED) {
423 LOGE("The Sign has not been init");
424 return false;
425 }
426 if (data != NULL && data->data != NULL) {
427 if (Openssl_EVP_DigestVerifyUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
428 LOGD("[error] Openssl_EVP_DigestVerifyUpdate fail");
429 return false;
430 }
431 }
432 if (Openssl_EVP_DigestVerifyFinal(impl->mdctx, signatureData->data, signatureData->len) != HCF_OPENSSL_SUCCESS) {
433 LOGD("[error] Openssl_EVP_DigestVerifyFinal fail");
434 return false;
435 }
436 return true;
437 }
438
CheckSignatureParams(HcfSignatureParams * params)439 static HcfResult CheckSignatureParams(HcfSignatureParams *params)
440 {
441 int32_t opensslPadding = 0;
442 if (GetOpensslPadding(params->padding, &opensslPadding) != HCF_SUCCESS) {
443 LOGE("getpadding fail.");
444 return HCF_INVALID_PARAMS;
445 }
446 if (opensslPadding != RSA_PKCS1_PADDING && opensslPadding != RSA_PKCS1_PSS_PADDING) {
447 LOGE("signature cannot use that padding mode");
448 return HCF_INVALID_PARAMS;
449 }
450 EVP_MD *md = NULL;
451 (void)GetOpensslDigestAlg(params->md, &md);
452 if (md == NULL) {
453 LOGE("Md is NULL");
454 return HCF_INVALID_PARAMS;
455 }
456 if (params->padding == HCF_OPENSSL_RSA_PSS_PADDING) {
457 EVP_MD *mgf1md = NULL;
458 (void)GetOpensslDigestAlg(params->mgf1md, &mgf1md);
459 if (mgf1md == NULL) {
460 LOGE("Use pss padding, but mgf1md is NULL");
461 return HCF_INVALID_PARAMS;
462 }
463 }
464 return HCF_SUCCESS;
465 }
466
EngineSetSignSpecInt(HcfSignSpi * self,SignSpecItem item,int32_t saltLen)467 static HcfResult EngineSetSignSpecInt(HcfSignSpi *self, SignSpecItem item, int32_t saltLen)
468 {
469 if (self == NULL) {
470 LOGE("Invalid input parameter");
471 return HCF_INVALID_PARAMS;
472 }
473 if (item != PSS_SALT_LEN_INT) {
474 LOGE("Invalid sign spec item");
475 return HCF_INVALID_PARAMS;
476 }
477 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
478 LOGE("Class not match.");
479 return HCF_INVALID_PARAMS;
480 }
481 if (saltLen < 0) {
482 // RSA_PSS_SALTLEN_MAX_SIGN: max sign is old compatible max salt length for sign only
483 if (saltLen != RSA_PSS_SALTLEN_DIGEST && saltLen != RSA_PSS_SALTLEN_MAX_SIGN &&
484 saltLen != RSA_PSS_SALTLEN_MAX) {
485 LOGE("Invalid salt Len %d", saltLen);
486 return HCF_INVALID_PARAMS;
487 }
488 }
489 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
490 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
491 LOGE("Only support pss parameter");
492 return HCF_INVALID_PARAMS;
493 }
494 impl->saltLen = saltLen;
495 if (impl->initFlag == INITIALIZED) {
496 if (Openssl_EVP_PKEY_CTX_set_rsa_pss_saltlen(impl->ctx, saltLen) != HCF_OPENSSL_SUCCESS) {
497 LOGD("[error] set saltLen fail");
498 return HCF_ERR_CRYPTO_OPERATION;
499 }
500 }
501 LOGD("Set sign saltLen success");
502 return HCF_SUCCESS;
503 }
504
EngineGetSignSpecInt(HcfSignSpi * self,SignSpecItem item,int32_t * returnInt)505 static HcfResult EngineGetSignSpecInt(HcfSignSpi *self, SignSpecItem item, int32_t *returnInt)
506 {
507 if (self == NULL || returnInt == NULL) {
508 LOGE("Invalid input parameter");
509 return HCF_INVALID_PARAMS;
510 }
511 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
512 LOGE("Class not match.");
513 return HCF_INVALID_PARAMS;
514 }
515 if (item != PSS_TRAILER_FIELD_INT && item != PSS_SALT_LEN_INT) {
516 LOGE("Invalid input spec");
517 return HCF_INVALID_PARAMS;
518 }
519 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
520 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
521 LOGE("Only support pss parameter");
522 return HCF_INVALID_PARAMS;
523 }
524 if (item == PSS_TRAILER_FIELD_INT) {
525 *returnInt = PSS_TRAILER_FIELD_SUPPORTED_INT;
526 return HCF_SUCCESS;
527 }
528 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
529 *returnInt = impl->saltLen;
530 return HCF_SUCCESS;
531 }
532 if (impl->initFlag == INITIALIZED) {
533 if (Openssl_EVP_PKEY_CTX_get_rsa_pss_saltlen(impl->ctx, returnInt) != HCF_OPENSSL_SUCCESS) {
534 LOGD("[error] get saltLen fail");
535 return HCF_ERR_CRYPTO_OPERATION;
536 }
537 return HCF_SUCCESS;
538 } else {
539 LOGE("No set saltLen and not init!");
540 return HCF_INVALID_PARAMS;
541 }
542 }
543
EngineSetSignSpecUint8Array(HcfSignSpi * self,SignSpecItem item,HcfBlob pSource)544 static HcfResult EngineSetSignSpecUint8Array(HcfSignSpi *self, SignSpecItem item, HcfBlob pSource)
545 {
546 (void)self;
547 (void)item;
548 (void)pSource;
549 return HCF_NOT_SUPPORT;
550 }
551
EngineGetSignSpecString(HcfSignSpi * self,SignSpecItem item,char ** returnString)552 static HcfResult EngineGetSignSpecString(HcfSignSpi *self, SignSpecItem item, char **returnString)
553 {
554 if (self == NULL || returnString == NULL) {
555 LOGE("Invalid input parameter");
556 return HCF_INVALID_PARAMS;
557 }
558 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
559 LOGE("Class not match.");
560 return HCF_INVALID_PARAMS;
561 }
562 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
563 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
564 LOGE("Only support pss parameter");
565 return HCF_INVALID_PARAMS;
566 }
567 HcfResult ret = HCF_INVALID_PARAMS;
568 switch (item) {
569 case PSS_MD_NAME_STR:
570 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->md), returnString);
571 break;
572 case PSS_MGF_NAME_STR:
573 // only support mgf1
574 ret = GetRsaSpecStringMGF(returnString);
575 break;
576 case PSS_MGF1_MD_STR:
577 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->mgf1md), returnString);
578 break;
579 default:
580 LOGE("Invalid input sign spec item");
581 return HCF_INVALID_PARAMS;
582 }
583 return ret;
584 }
585
EngineSetVerifySpecInt(HcfVerifySpi * self,SignSpecItem item,int32_t saltLen)586 static HcfResult EngineSetVerifySpecInt(HcfVerifySpi *self, SignSpecItem item, int32_t saltLen)
587 {
588 if (self == NULL) {
589 LOGE("Invalid input parameter");
590 return HCF_INVALID_PARAMS;
591 }
592 if (item != PSS_SALT_LEN_INT) {
593 LOGE("Invalid verify spec item");
594 return HCF_INVALID_PARAMS;
595 }
596 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
597 LOGE("Class not match.");
598 return HCF_INVALID_PARAMS;
599 }
600 if (saltLen < 0) {
601 // RSA_PSS_SALTLEN_AUTO: Verify only: auto detect salt length(only support verify)
602 if (saltLen != RSA_PSS_SALTLEN_DIGEST && saltLen != RSA_PSS_SALTLEN_AUTO &&
603 saltLen != RSA_PSS_SALTLEN_MAX) {
604 LOGE("Invalid salt Len %d", saltLen);
605 return HCF_INVALID_PARAMS;
606 }
607 }
608 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
609 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
610 LOGE("Only support pss parameter");
611 return HCF_INVALID_PARAMS;
612 }
613 impl->saltLen = saltLen;
614 if (impl->initFlag == INITIALIZED) {
615 if (Openssl_EVP_PKEY_CTX_set_rsa_pss_saltlen(impl->ctx, saltLen) != HCF_OPENSSL_SUCCESS) {
616 LOGD("[error] set saltLen fail");
617 return HCF_ERR_CRYPTO_OPERATION;
618 }
619 }
620 return HCF_SUCCESS;
621 }
622
EngineGetVerifySpecInt(HcfVerifySpi * self,SignSpecItem item,int32_t * returnInt)623 static HcfResult EngineGetVerifySpecInt(HcfVerifySpi *self, SignSpecItem item, int32_t *returnInt)
624 {
625 if (self == NULL || returnInt == NULL) {
626 LOGE("Invalid input parameter");
627 return HCF_INVALID_PARAMS;
628 }
629 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
630 LOGE("Class not match.");
631 return HCF_INVALID_PARAMS;
632 }
633 if (item != PSS_TRAILER_FIELD_INT && item != PSS_SALT_LEN_INT) {
634 LOGE("Invalid input sign spec item");
635 return HCF_INVALID_PARAMS;
636 }
637 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
638 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
639 LOGE("Only support pss parameter");
640 return HCF_INVALID_PARAMS;
641 }
642 if (item == PSS_TRAILER_FIELD_INT) {
643 *returnInt = PSS_TRAILER_FIELD_SUPPORTED_INT;
644 return HCF_SUCCESS;
645 }
646 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
647 *returnInt = impl->saltLen;
648 return HCF_SUCCESS;
649 }
650 if (impl->initFlag == INITIALIZED) {
651 if (Openssl_EVP_PKEY_CTX_get_rsa_pss_saltlen(impl->ctx, returnInt) != HCF_OPENSSL_SUCCESS) {
652 LOGD("[error] get saltLen fail");
653 return HCF_ERR_CRYPTO_OPERATION;
654 }
655 return HCF_SUCCESS;
656 } else {
657 LOGE("No set saltLen and not init!");
658 return HCF_INVALID_PARAMS;
659 }
660 }
661
EngineSetVerifySpecUint8Array(HcfVerifySpi * self,SignSpecItem item,HcfBlob pSource)662 static HcfResult EngineSetVerifySpecUint8Array(HcfVerifySpi *self, SignSpecItem item, HcfBlob pSource)
663 {
664 (void)self;
665 (void)item;
666 (void)pSource;
667 return HCF_NOT_SUPPORT;
668 }
669
EngineGetVerifySpecString(HcfVerifySpi * self,SignSpecItem item,char ** returnString)670 static HcfResult EngineGetVerifySpecString(HcfVerifySpi *self, SignSpecItem item, char **returnString)
671 {
672 if (self == NULL || returnString == NULL) {
673 LOGE("Invalid input parameter");
674 return HCF_INVALID_PARAMS;
675 }
676 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
677 LOGE("Class not match.");
678 return HCF_INVALID_PARAMS;
679 }
680 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
681 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
682 LOGE("Only support pss parameter");
683 return HCF_INVALID_PARAMS;
684 }
685 HcfResult ret = HCF_INVALID_PARAMS;
686 switch (item) {
687 case PSS_MD_NAME_STR:
688 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->md), returnString);
689 break;
690 case PSS_MGF_NAME_STR:
691 // only support mgf1
692 ret = GetRsaSpecStringMGF(returnString);
693 break;
694 case PSS_MGF1_MD_STR:
695 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->mgf1md), returnString);
696 break;
697 default:
698 LOGE("Invalid input sign spec item");
699 return HCF_INVALID_PARAMS;
700 }
701 return ret;
702 }
703
HcfSignSpiRsaCreate(HcfSignatureParams * params,HcfSignSpi ** returnObj)704 HcfResult HcfSignSpiRsaCreate(HcfSignatureParams *params, HcfSignSpi **returnObj)
705 {
706 if (params == NULL || returnObj == NULL) {
707 LOGE("Invalid input parameter.");
708 return HCF_INVALID_PARAMS;
709 }
710 if (CheckSignatureParams(params) != HCF_SUCCESS) {
711 return HCF_INVALID_PARAMS;
712 }
713 HcfSignSpiRsaOpensslImpl *returnImpl = (HcfSignSpiRsaOpensslImpl *)HcfMalloc(
714 sizeof(HcfSignSpiRsaOpensslImpl), 0);
715 if (returnImpl == NULL) {
716 LOGE("Failed to allocate returnImpl memroy!");
717 return HCF_ERR_MALLOC;
718 }
719 returnImpl->base.base.getClass = GetRsaSignClass;
720 returnImpl->base.base.destroy = DestroyRsaSign;
721 returnImpl->base.engineInit = EngineSignInit;
722 returnImpl->base.engineUpdate = EngineSignUpdate;
723 returnImpl->base.engineSign = EngineSign;
724 returnImpl->base.engineSetSignSpecInt = EngineSetSignSpecInt;
725 returnImpl->base.engineGetSignSpecInt = EngineGetSignSpecInt;
726 returnImpl->base.engineGetSignSpecString = EngineGetSignSpecString;
727 returnImpl->base.engineSetSignSpecUint8Array = EngineSetSignSpecUint8Array;
728 returnImpl->md = params->md;
729 returnImpl->padding = params->padding;
730 returnImpl->mgf1md = params->mgf1md;
731 returnImpl->mdctx = EVP_MD_CTX_create();
732 returnImpl->initFlag = UNINITIALIZED;
733 returnImpl->saltLen = PSS_SALTLEN_INVALID_INIT;
734 *returnObj = (HcfSignSpi *)returnImpl;
735 return HCF_SUCCESS;
736 }
737
HcfVerifySpiRsaCreate(HcfSignatureParams * params,HcfVerifySpi ** returnObj)738 HcfResult HcfVerifySpiRsaCreate(HcfSignatureParams *params, HcfVerifySpi **returnObj)
739 {
740 if (params == NULL || returnObj == NULL) {
741 LOGE("Invalid input parameter.");
742 return HCF_INVALID_PARAMS;
743 }
744 if (CheckSignatureParams(params) != HCF_SUCCESS) {
745 return HCF_INVALID_PARAMS;
746 }
747 HcfVerifySpiRsaOpensslImpl *returnImpl = (HcfVerifySpiRsaOpensslImpl *)HcfMalloc(
748 sizeof(HcfVerifySpiRsaOpensslImpl), 0);
749 if (returnImpl == NULL) {
750 LOGE("Failed to allocate returnImpl memroy!");
751 return HCF_ERR_MALLOC;
752 }
753 returnImpl->base.base.getClass = GetRsaVerifyClass;
754 returnImpl->base.base.destroy = DestroyRsaVerify;
755 returnImpl->base.engineInit = EngineVerifyInit;
756 returnImpl->base.engineUpdate = EngineVerifyUpdate;
757 returnImpl->base.engineVerify = EngineVerify;
758 returnImpl->base.engineSetVerifySpecInt = EngineSetVerifySpecInt;
759 returnImpl->base.engineGetVerifySpecInt = EngineGetVerifySpecInt;
760 returnImpl->base.engineGetVerifySpecString = EngineGetVerifySpecString;
761 returnImpl->base.engineSetVerifySpecUint8Array = EngineSetVerifySpecUint8Array;
762 returnImpl->md = params->md;
763 returnImpl->padding = params->padding;
764 returnImpl->mgf1md = params->mgf1md;
765 returnImpl->mdctx = EVP_MD_CTX_create();
766 returnImpl->initFlag = UNINITIALIZED;
767 returnImpl->saltLen = PSS_SALTLEN_INVALID_INIT;
768 *returnObj = (HcfVerifySpi *)returnImpl;
769 return HCF_SUCCESS;
770 }
771