1 /*
2 * Copyright (C) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "securec.h"
17 #include "string.h"
18
19 #include "openssl_adapter.h"
20 #include "openssl_class.h"
21 #include "openssl_common.h"
22 #include "openssl/pem.h"
23 #include "openssl/x509.h"
24
25 #include "algorithm_parameter.h"
26 #include "asy_key_generator_spi.h"
27 #include "detailed_rsa_key_params.h"
28 #include "log.h"
29 #include "memory.h"
30 #include "rsa_openssl_common.h"
31 #include "utils.h"
32
33 #include "rsa_asy_key_generator_openssl.h"
34
35 #define OPENSSL_BITS_PER_BYTE 8
36 #define OPENSSL_RSA_KEYPAIR_CNT 3
37 #define OPENSSL_RSA_KEYGEN_DEFAULT_PRIMES 2
38 #define MAX_KEY_SIZE 8192
39 #define MIN_KEY_SIZE 512
40
41 enum OpensslRsaKeySize {
42 OPENSSL_RSA_KEY_SIZE_BY_SPEC = 0,
43 OPENSSL_RSA_KEY_SIZE_512 = 512,
44 OPENSSL_RSA_KEY_SIZE_768 = 768,
45 OPENSSL_RSA_KEY_SIZE_1024 = 1024,
46 OPENSSL_RSA_KEY_SIZE_2048 = 2048,
47 OPENSSL_RSA_KEY_SIZE_3072 = 3072,
48 OPENSSL_RSA_KEY_SIZE_4096 = 4096,
49 OPENSSL_RSA_KEY_SIZE_8192 = 8192,
50 };
51
52 enum OpensslRsaPrimesSize {
53 OPENSSL_RSA_PRIMES_SIZE_2 = 2,
54 OPENSSL_RSA_PRIMES_SIZE_3 = 3,
55 OPENSSL_RSA_PRIMES_SIZE_4 = 4,
56 OPENSSL_RSA_PRIMES_SIZE_5 = 5,
57 };
58
59 typedef struct {
60 int32_t bits;
61 int32_t primes;
62 BIGNUM *pubExp;
63 } HcfAsyKeyGenSpiRsaParams;
64
65 typedef struct {
66 HcfAsyKeyGeneratorSpi base;
67
68 HcfAsyKeyGenSpiRsaParams *params;
69 } HcfAsyKeyGeneratorSpiRsaOpensslImpl;
70
CheckRsaKeyGenParams(HcfAsyKeyGenSpiRsaParams * params)71 static HcfResult CheckRsaKeyGenParams(HcfAsyKeyGenSpiRsaParams *params)
72 {
73 switch (params->bits) {
74 case OPENSSL_RSA_KEY_SIZE_BY_SPEC:
75 break;
76 case OPENSSL_RSA_KEY_SIZE_512:
77 case OPENSSL_RSA_KEY_SIZE_768:
78 if (params->primes != OPENSSL_RSA_PRIMES_SIZE_2) {
79 LOGE("Set invalid primes %d to Keygen bits %d.", params->primes, params->bits);
80 return HCF_INVALID_PARAMS;
81 }
82 break;
83 case OPENSSL_RSA_KEY_SIZE_1024:
84 case OPENSSL_RSA_KEY_SIZE_2048:
85 case OPENSSL_RSA_KEY_SIZE_3072:
86 if (params->primes > OPENSSL_RSA_PRIMES_SIZE_3 || params->primes < OPENSSL_RSA_PRIMES_SIZE_2) {
87 LOGE("Set invalid primes %d to Keygen bits %d.", params->primes, params->bits);
88 return HCF_INVALID_PARAMS;
89 }
90 break;
91 case OPENSSL_RSA_KEY_SIZE_4096:
92 if (params->primes > OPENSSL_RSA_PRIMES_SIZE_4 || params->primes < OPENSSL_RSA_PRIMES_SIZE_2) {
93 LOGE("Set invalid primes %d to Keygen bits %d.", params->primes, params->bits);
94 return HCF_INVALID_PARAMS;
95 }
96 break;
97 case OPENSSL_RSA_KEY_SIZE_8192: // This keySize can use primes from 2 to 5.
98 break;
99 default:
100 LOGE("The current bits %d is invalid.", params->bits);
101 return HCF_INVALID_PARAMS;
102 }
103 return HCF_SUCCESS;
104 }
105
GetOpensslPubkeyClass(void)106 static const char *GetOpensslPubkeyClass(void)
107 {
108 return OPENSSL_RSA_PUBKEY_CLASS;
109 }
110
GetOpensslPrikeyClass(void)111 static const char *GetOpensslPrikeyClass(void)
112 {
113 return OPENSSL_RSA_PRIKEY_CLASS;
114 }
115
GetOpensslKeyPairClass(void)116 static const char *GetOpensslKeyPairClass(void)
117 {
118 return OPENSSL_RSA_KEYPAIR_CLASS;
119 }
120
GetRsaPubKeySpecString(const HcfPubKey * self,const AsyKeySpecItem item,char ** returnString)121 static HcfResult GetRsaPubKeySpecString(const HcfPubKey *self, const AsyKeySpecItem item,
122 char **returnString)
123 {
124 (void)self;
125 (void)returnString;
126 LOGE("Rsa has no string attribute");
127 return HCF_NOT_SUPPORT;
128 }
129
GetRsaPubKeySpecInt(const HcfPubKey * self,const AsyKeySpecItem item,int * returnInt)130 static HcfResult GetRsaPubKeySpecInt(const HcfPubKey *self, const AsyKeySpecItem item,
131 int *returnInt)
132 {
133 (void)self;
134 (void)returnInt;
135 LOGE("Rsa has no integer attribute");
136 return HCF_NOT_SUPPORT;
137 }
138
GetRsaPriKeySpecString(const HcfPriKey * self,const AsyKeySpecItem item,char ** returnString)139 static HcfResult GetRsaPriKeySpecString(const HcfPriKey *self, const AsyKeySpecItem item,
140 char **returnString)
141 {
142 (void)self;
143 (void)returnString;
144 LOGE("Rsa has no string attribute");
145 return HCF_NOT_SUPPORT;
146 }
147
GetRsaPriKeySpecInt(const HcfPriKey * self,const AsyKeySpecItem item,int * returnInt)148 static HcfResult GetRsaPriKeySpecInt(const HcfPriKey *self, const AsyKeySpecItem item,
149 int *returnInt)
150 {
151 (void)self;
152 (void)returnInt;
153 LOGE("Rsa has no integer attribute");
154 return HCF_NOT_SUPPORT;
155 }
156
GetRsaPriKeySpecBigInteger(const HcfPriKey * self,const AsyKeySpecItem item,HcfBigInteger * returnBigInteger)157 static HcfResult GetRsaPriKeySpecBigInteger(const HcfPriKey *self, const AsyKeySpecItem item,
158 HcfBigInteger *returnBigInteger)
159 {
160 if (self == NULL || returnBigInteger == NULL) {
161 LOGE("Input params is invalid.");
162 return HCF_INVALID_PARAMS;
163 }
164 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
165 LOGE("Class not match");
166 return HCF_INVALID_PARAMS;
167 }
168 HcfOpensslRsaPriKey *impl = (HcfOpensslRsaPriKey *)self;
169 if (impl->sk == NULL) {
170 LOGE("Cannot use priKey after free");
171 return HCF_INVALID_PARAMS;
172 }
173 HcfResult ret = HCF_INVALID_PARAMS;
174 if (item == RSA_N_BN) {
175 const BIGNUM *n = Openssl_RSA_get0_n(impl->sk);
176 if (n == NULL) {
177 LOGD("[error] fail to get n");
178 return HCF_ERR_CRYPTO_OPERATION;
179 }
180 ret = BigNumToBigInteger(n, returnBigInteger);
181 if (ret != HCF_SUCCESS) {
182 LOGD("[error] fail get RSA Big Integer n");
183 return ret;
184 }
185 } else if (item == RSA_SK_BN) {
186 const BIGNUM *d = Openssl_RSA_get0_d(impl->sk);
187 if (d == NULL) {
188 LOGD("[error] fail to get sk");
189 return HCF_ERR_CRYPTO_OPERATION;
190 }
191 ret = BigNumToBigInteger(d, returnBigInteger);
192 if (ret != HCF_SUCCESS) {
193 LOGE("fail get RSA Big Integer d");
194 return ret;
195 }
196 } else {
197 LOGE("Invalid RSA pri key spec");
198 return HCF_INVALID_PARAMS;
199 }
200 return ret;
201 }
202
GetRsaPubKeySpecBigInteger(const HcfPubKey * self,const AsyKeySpecItem item,HcfBigInteger * returnBigInteger)203 static HcfResult GetRsaPubKeySpecBigInteger(const HcfPubKey *self, const AsyKeySpecItem item,
204 HcfBigInteger *returnBigInteger)
205 {
206 if (self == NULL || returnBigInteger == NULL) {
207 LOGE("Input params is invalid.");
208 return HCF_INVALID_PARAMS;
209 }
210 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PUBKEY_CLASS)) {
211 LOGE("Class not match");
212 return HCF_INVALID_PARAMS;
213 }
214 HcfOpensslRsaPubKey *impl = (HcfOpensslRsaPubKey *)self;
215 HcfResult ret = HCF_INVALID_PARAMS;
216 if (item == RSA_N_BN) {
217 const BIGNUM *n = Openssl_RSA_get0_n(impl->pk);
218 if (n == NULL) {
219 LOGD("[error] fail to get n");
220 return HCF_ERR_CRYPTO_OPERATION;
221 }
222 ret = BigNumToBigInteger(n, returnBigInteger);
223 if (ret != HCF_SUCCESS) {
224 LOGE("fail get RSA Big Integer n");
225 return ret;
226 }
227 } else if (item == RSA_PK_BN) {
228 const BIGNUM *e = Openssl_RSA_get0_e(impl->pk);
229 if (e == NULL) {
230 LOGD("[error] fail to get pk");
231 return HCF_ERR_CRYPTO_OPERATION;
232 }
233 ret = BigNumToBigInteger(e, returnBigInteger);
234 if (ret != HCF_SUCCESS) {
235 LOGE("fail get RSA Big Integer e");
236 return ret;
237 }
238 } else {
239 LOGE("Invalid RSA pub key spec");
240 return HCF_INVALID_PARAMS;
241 }
242 return ret;
243 }
244
DestroyPubKey(HcfObjectBase * self)245 static void DestroyPubKey(HcfObjectBase *self)
246 {
247 if (self == NULL) {
248 LOGE("PubKey is NULL.");
249 return;
250 }
251 if (!IsClassMatch(self, OPENSSL_RSA_PUBKEY_CLASS)) {
252 LOGE("Class not match");
253 return;
254 }
255 HcfOpensslRsaPubKey *impl = (HcfOpensslRsaPubKey *)self;
256 Openssl_RSA_free(impl->pk);
257 impl->pk = NULL;
258 HcfFree(self);
259 }
260
DestroyPriKey(HcfObjectBase * self)261 static void DestroyPriKey(HcfObjectBase *self)
262 {
263 if (self == NULL) {
264 LOGE("PubKey is NULL.");
265 return;
266 }
267 if (!IsClassMatch(self, OPENSSL_RSA_PRIKEY_CLASS)) {
268 LOGE("Class not match");
269 return;
270 }
271 HcfOpensslRsaPriKey *impl = (HcfOpensslRsaPriKey*)self;
272 // RSA_free func will clear private information
273 Openssl_RSA_free(impl->sk);
274 impl->sk = NULL;
275 HcfFree(self);
276 }
277
DestroyKeyPair(HcfObjectBase * self)278 static void DestroyKeyPair(HcfObjectBase *self)
279 {
280 if (self == NULL) {
281 LOGE("PubKey is NULL.");
282 return;
283 }
284 if (!IsClassMatch(self, OPENSSL_RSA_KEYPAIR_CLASS)) {
285 LOGE("Class not match");
286 return;
287 }
288 HcfOpensslRsaKeyPair *impl = (HcfOpensslRsaKeyPair*)self;
289 if (impl->base.pubKey != NULL) {
290 DestroyPubKey((HcfObjectBase *)impl->base.pubKey);
291 impl->base.pubKey = NULL;
292 }
293 if (impl->base.priKey != NULL) {
294 DestroyPriKey((HcfObjectBase *)impl->base.priKey);
295 impl->base.priKey = NULL;
296 }
297 HcfFree(self);
298 }
299
CopyMemFromBIO(BIO * bio,HcfBlob * outBlob)300 static HcfResult CopyMemFromBIO(BIO *bio, HcfBlob *outBlob)
301 {
302 if (bio == NULL || outBlob == NULL) {
303 LOGE("Invalid input.");
304 return HCF_INVALID_PARAMS;
305 }
306 int len = BIO_pending(bio);
307 if (len < 0) {
308 LOGE("Bio len less than 0.");
309 return HCF_INVALID_PARAMS;
310 }
311 HcfBlob blob;
312 blob.len = len;
313 blob.data = (uint8_t *)HcfMalloc(sizeof(uint8_t) * len, 0);
314 if (blob.data == NULL) {
315 LOGE("Malloc mem for blob fail.");
316 return HCF_ERR_MALLOC;
317 }
318 if (Openssl_BIO_read(bio, blob.data, blob.len) <= 0) {
319 LOGD("[error] Bio read fail");
320 HcfPrintOpensslError();
321 HcfFree(blob.data);
322 return HCF_ERR_CRYPTO_OPERATION;
323 }
324 outBlob->len = blob.len;
325 outBlob->data = blob.data;
326 return HCF_SUCCESS;
327 }
328
ConvertPubKeyFromX509(HcfBlob * x509Blob,RSA ** rsa)329 static HcfResult ConvertPubKeyFromX509(HcfBlob *x509Blob, RSA **rsa)
330 {
331 uint8_t *temp = x509Blob->data;
332 RSA *tempRsa = Openssl_d2i_RSA_PUBKEY(NULL, (const unsigned char **)&temp, x509Blob->len);
333 if (tempRsa == NULL) {
334 LOGD("[error] d2i_RSA_PUBKEY fail.");
335 return HCF_ERR_CRYPTO_OPERATION;
336 }
337 *rsa = tempRsa;
338 return HCF_SUCCESS;
339 }
340
ConvertPriKeyFromPKCS8(HcfBlob * pkcs8Blob,RSA ** rsa)341 static HcfResult ConvertPriKeyFromPKCS8(HcfBlob *pkcs8Blob, RSA **rsa)
342 {
343 const unsigned char *temp = (const unsigned char *)pkcs8Blob->data;
344 EVP_PKEY *pKey = Openssl_d2i_AutoPrivateKey(NULL, &temp, pkcs8Blob->len);
345 if (pKey == NULL) {
346 LOGD("[error] d2i_AutoPrivateKey fail.");
347 HcfPrintOpensslError();
348 return HCF_ERR_CRYPTO_OPERATION;
349 }
350 RSA *tmpRsa = Openssl_EVP_PKEY_get1_RSA(pKey);
351 if (tmpRsa == NULL) {
352 LOGD("[error] EVP_PKEY_get1_RSA fail");
353 HcfPrintOpensslError();
354 Openssl_EVP_PKEY_free(pKey);
355 return HCF_ERR_CRYPTO_OPERATION;
356 }
357 *rsa = tmpRsa;
358 Openssl_EVP_PKEY_free(pKey);
359 return HCF_SUCCESS;
360 }
361
EncodePubKeyToX509(RSA * rsa,HcfBlob * returnBlob)362 static HcfResult EncodePubKeyToX509(RSA *rsa, HcfBlob *returnBlob)
363 {
364 unsigned char *tempData = NULL;
365 int len = Openssl_i2d_RSA_PUBKEY(rsa, &tempData);
366 if (len <= 0) {
367 LOGD("[error] i2d_RSA_PUBKEY fail");
368 HcfPrintOpensslError();
369 return HCF_ERR_CRYPTO_OPERATION;
370 }
371 returnBlob->data = tempData;
372 returnBlob->len = len;
373 return HCF_SUCCESS;
374 }
375
EncodePriKeyToPKCS8(RSA * rsa,HcfBlob * returnBlob)376 static HcfResult EncodePriKeyToPKCS8(RSA *rsa, HcfBlob *returnBlob)
377 {
378 EVP_PKEY *pKey = NewEvpPkeyByRsa(rsa, true);
379 if (pKey == NULL) {
380 LOGD("[error] NewEvpPkeyByRsa fail.");
381 return HCF_ERR_CRYPTO_OPERATION;
382 }
383 HcfResult ret = HCF_SUCCESS;
384 BIO *bio = Openssl_BIO_new(Openssl_BIO_s_mem());
385 if (bio == NULL) {
386 LOGD("[error] BIO new fail.");
387 HcfPrintOpensslError();
388 ret = HCF_ERR_CRYPTO_OPERATION;
389 goto ERR2;
390 }
391 if (Openssl_i2d_PKCS8PrivateKey_bio(bio, pKey, NULL, NULL, 0, NULL, NULL) != HCF_OPENSSL_SUCCESS) {
392 LOGD("[error] i2b_PrivateKey_bio fail.");
393 HcfPrintOpensslError();
394 ret = HCF_ERR_CRYPTO_OPERATION;
395 goto ERR1;
396 }
397 if (CopyMemFromBIO(bio, returnBlob) != HCF_SUCCESS) {
398 LOGD("[error] CopyMemFromBIO fail.");
399 ret = HCF_ERR_CRYPTO_OPERATION;
400 goto ERR1;
401 }
402 ERR1:
403 Openssl_BIO_free_all(bio);
404 ERR2:
405 Openssl_EVP_PKEY_free(pKey);
406 return ret;
407 }
408
GetPubKeyEncoded(HcfKey * self,HcfBlob * returnBlob)409 static HcfResult GetPubKeyEncoded(HcfKey *self, HcfBlob *returnBlob)
410 {
411 if (self == NULL || returnBlob == NULL) {
412 LOGE("Input params is invalid.");
413 return HCF_INVALID_PARAMS;
414 }
415 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PUBKEY_CLASS)) {
416 LOGE("Class not match.");
417 return HCF_INVALID_PARAMS;
418 }
419 HcfOpensslRsaPubKey *impl = (HcfOpensslRsaPubKey *)self;
420 return EncodePubKeyToX509(impl->pk, returnBlob);
421 }
422
GetPriKeyEncoded(HcfKey * self,HcfBlob * returnBlob)423 static HcfResult GetPriKeyEncoded(HcfKey *self, HcfBlob *returnBlob)
424 {
425 if (self == NULL || returnBlob == NULL) {
426 LOGE("Key is null.");
427 return HCF_INVALID_PARAMS;
428 }
429
430 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
431 LOGE("Class not match.");
432 return HCF_INVALID_PARAMS;
433 }
434 HcfOpensslRsaPriKey *impl = (HcfOpensslRsaPriKey *)self;
435 const BIGNUM *p = NULL;
436 const BIGNUM *q = NULL;
437 Openssl_RSA_get0_factors(impl->sk, &p, &q);
438 if (p == NULL || q == NULL) {
439 LOGD("[error] RSA private key missing p, q, not support to get encoded PK");
440 return HCF_NOT_SUPPORT;
441 }
442 return EncodePriKeyToPKCS8(impl->sk, returnBlob);
443 }
444
GetPubKeyFormat(HcfKey * self)445 static const char *GetPubKeyFormat(HcfKey *self)
446 {
447 if (self == NULL) {
448 LOGE("Invalid input parameter.");
449 return NULL;
450 }
451 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PUBKEY_CLASS)) {
452 return NULL;
453 }
454 return OPENSSL_RSA_PUBKEY_FORMAT;
455 }
456
GetPriKeyFormat(HcfKey * self)457 static const char *GetPriKeyFormat(HcfKey *self)
458 {
459 if (self == NULL) {
460 LOGE("Invalid input parameter.");
461 return NULL;
462 }
463 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
464 return NULL;
465 }
466 return OPENSSL_RSA_PRIKEY_FORMAT;
467 }
468
GetPriKeyAlgorithm(HcfKey * self)469 static const char *GetPriKeyAlgorithm(HcfKey *self)
470 {
471 if (self == NULL) {
472 LOGE("Invalid input parameter.");
473 return NULL;
474 }
475 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
476 return NULL;
477 }
478 return OPENSSL_RSA_ALGORITHM;
479 }
480
GetPubKeyAlgorithm(HcfKey * self)481 static const char *GetPubKeyAlgorithm(HcfKey *self)
482 {
483 if (self == NULL) {
484 LOGE("Invalid input parameter.");
485 return NULL;
486 }
487 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PUBKEY_CLASS)) {
488 return NULL;
489 }
490 return OPENSSL_RSA_ALGORITHM;
491 }
492
ClearPriKeyMem(HcfPriKey * self)493 static void ClearPriKeyMem(HcfPriKey *self)
494 {
495 if (self == NULL) {
496 LOGE("PriKey is NULL.");
497 return;
498 }
499 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_PRIKEY_CLASS)) {
500 LOGE("Class not match");
501 return;
502 }
503 HcfOpensslRsaPriKey *impl = (HcfOpensslRsaPriKey *)self;
504 Openssl_RSA_free(impl->sk);
505 impl->sk = NULL;
506 }
507
PackPubKey(RSA * rsaPubKey,HcfOpensslRsaPubKey ** retPubKey)508 static HcfResult PackPubKey(RSA *rsaPubKey, HcfOpensslRsaPubKey **retPubKey)
509 {
510 if (retPubKey == NULL || rsaPubKey == NULL) {
511 LOGE("Invalid params");
512 return HCF_INVALID_PARAMS;
513 }
514 *retPubKey = (HcfOpensslRsaPubKey *)HcfMalloc(sizeof(HcfOpensslRsaPubKey), 0);
515 if (*retPubKey == NULL) {
516 LOGE("Malloc retPubKey fail");
517 return HCF_ERR_MALLOC;
518 }
519 (*retPubKey)->pk = rsaPubKey;
520 (*retPubKey)->bits = Openssl_RSA_bits(rsaPubKey);
521 (*retPubKey)->base.base.getAlgorithm = GetPubKeyAlgorithm;
522 (*retPubKey)->base.base.getEncoded = GetPubKeyEncoded;
523 (*retPubKey)->base.base.getFormat = GetPubKeyFormat;
524 (*retPubKey)->base.base.base.getClass = GetOpensslPubkeyClass;
525 (*retPubKey)->base.base.base.destroy = DestroyPubKey;
526 (*retPubKey)->base.getAsyKeySpecBigInteger = GetRsaPubKeySpecBigInteger;
527 (*retPubKey)->base.getAsyKeySpecString = GetRsaPubKeySpecString;
528 (*retPubKey)->base.getAsyKeySpecInt = GetRsaPubKeySpecInt;
529 return HCF_SUCCESS;
530 }
531
532 // spec中,prikey只有n,e,d,没有p, q
PackPriKey(RSA * rsaPriKey,HcfOpensslRsaPriKey ** retPriKey)533 static HcfResult PackPriKey(RSA *rsaPriKey, HcfOpensslRsaPriKey **retPriKey)
534 {
535 if (retPriKey == NULL || rsaPriKey == NULL) {
536 LOGE("Invalid params");
537 return HCF_INVALID_PARAMS;
538 }
539 *retPriKey = (HcfOpensslRsaPriKey *)HcfMalloc(sizeof(HcfOpensslRsaPriKey), 0);
540 if (*retPriKey == NULL) {
541 LOGE("Malloc retPriKey fail");
542 return HCF_ERR_MALLOC;
543 }
544 (*retPriKey)->sk = rsaPriKey;
545 (*retPriKey)->bits = Openssl_RSA_bits(rsaPriKey);
546 (*retPriKey)->base.clearMem = ClearPriKeyMem;
547 (*retPriKey)->base.base.getAlgorithm = GetPriKeyAlgorithm;
548 (*retPriKey)->base.base.getEncoded = GetPriKeyEncoded;
549 (*retPriKey)->base.base.getFormat = GetPriKeyFormat;
550 (*retPriKey)->base.base.base.getClass = GetOpensslPrikeyClass;
551 (*retPriKey)->base.base.base.destroy = DestroyPriKey;
552 (*retPriKey)->base.getAsyKeySpecBigInteger = GetRsaPriKeySpecBigInteger;
553 (*retPriKey)->base.getAsyKeySpecString = GetRsaPriKeySpecString;
554 (*retPriKey)->base.getAsyKeySpecInt = GetRsaPriKeySpecInt;
555 return HCF_SUCCESS;
556 }
557
DuplicatePkAndSkFromRSA(RSA * rsa,RSA ** pubKey,RSA ** priKey)558 static HcfResult DuplicatePkAndSkFromRSA(RSA *rsa, RSA **pubKey, RSA **priKey)
559 {
560 if (rsa == NULL) {
561 LOGE("Rsa is NULL.");
562 return HCF_INVALID_PARAMS;
563 }
564 if (DuplicateRsa(rsa, false, pubKey) != HCF_SUCCESS) {
565 LOGD("[error] Duplicate pubkey rsa fail");
566 return HCF_ERR_CRYPTO_OPERATION;
567 }
568 if (DuplicateRsa(rsa, true, priKey) != HCF_SUCCESS) {
569 LOGD("[error] Duplicate prikey rsa fail");
570 Openssl_RSA_free(*pubKey);
571 *pubKey = NULL;
572 return HCF_ERR_CRYPTO_OPERATION;
573 }
574 return HCF_SUCCESS;
575 }
576
PackKeyPair(RSA * rsa,uint32_t realBits,HcfOpensslRsaKeyPair ** retKeyPair)577 static HcfResult PackKeyPair(RSA *rsa, uint32_t realBits, HcfOpensslRsaKeyPair **retKeyPair)
578 {
579 if (retKeyPair == NULL || rsa == NULL) {
580 LOGE("Invalid params");
581 return HCF_INVALID_PARAMS;
582 }
583 RSA *pubKey = NULL;
584 RSA *priKey = NULL;
585 if (DuplicatePkAndSkFromRSA(rsa, &pubKey, &priKey) != HCF_SUCCESS) {
586 LOGD("[error] DuplicatePkAndSkFromRSA fail");
587 return HCF_ERR_CRYPTO_OPERATION;
588 }
589 HcfResult ret = HCF_SUCCESS;
590 *retKeyPair = (HcfOpensslRsaKeyPair *)HcfMalloc(sizeof(HcfOpensslRsaKeyPair), 0);
591 if (*retKeyPair == NULL) {
592 LOGE("Malloc keypair fail");
593 Openssl_RSA_free(pubKey);
594 Openssl_RSA_free(priKey);
595 return HCF_ERR_MALLOC;
596 }
597 HcfOpensslRsaPriKey *priKeyImpl = NULL;
598 HcfOpensslRsaPubKey *pubKeyImpl = NULL;
599 ret = PackPubKey(pubKey, &pubKeyImpl);
600 if (ret != HCF_SUCCESS) {
601 LOGE("Pack pubKey fail.");
602 goto ERR2;
603 }
604 ret = PackPriKey(priKey, &priKeyImpl);
605 if (ret != HCF_SUCCESS) {
606 LOGE("Pack priKey fail.");
607 goto ERR1;
608 }
609 (*retKeyPair)->base.priKey = (HcfPriKey *)priKeyImpl;
610 (*retKeyPair)->base.pubKey = (HcfPubKey *)pubKeyImpl;
611 (*retKeyPair)->base.base.getClass = GetOpensslKeyPairClass;
612 (*retKeyPair)->base.base.destroy = DestroyKeyPair;
613 return HCF_SUCCESS;
614 ERR1:
615 HcfFree(pubKeyImpl);
616 ERR2:
617 Openssl_RSA_free(pubKey);
618 Openssl_RSA_free(priKey);
619 HcfFree(*retKeyPair);
620 *retKeyPair = NULL;
621 return ret;
622 }
623
GenerateKeyPair(HcfAsyKeyGenSpiRsaParams * params,HcfKeyPair ** keyPair)624 static HcfResult GenerateKeyPair(HcfAsyKeyGenSpiRsaParams *params, HcfKeyPair **keyPair)
625 {
626 // check input params is valid
627 HcfResult res = CheckRsaKeyGenParams(params);
628 if (res != HCF_SUCCESS) {
629 LOGE("Rsa CheckRsaKeyGenParams fail.");
630 return HCF_INVALID_PARAMS;
631 }
632 // Generate keyPair RSA
633 RSA *rsa = Openssl_RSA_new();
634 if (rsa == NULL) {
635 LOGE("new RSA fail.");
636 return HCF_ERR_MALLOC;
637 }
638 LOGD("keygen bits is %d, primes is %d", params->bits, GetRealPrimes(params->primes));
639 if (GetRealPrimes(params->primes) != OPENSSL_RSA_KEYGEN_DEFAULT_PRIMES) {
640 if (RSA_generate_multi_prime_key(rsa, params->bits, GetRealPrimes(params->primes), params->pubExp, NULL)
641 != HCF_OPENSSL_SUCCESS) {
642 LOGD("[error] Generate multi-primes rsa key fail");
643 HcfPrintOpensslError();
644 Openssl_RSA_free(rsa);
645 return HCF_ERR_CRYPTO_OPERATION;
646 }
647 } else {
648 if (RSA_generate_key_ex(rsa, params->bits, params->pubExp, NULL) != HCF_OPENSSL_SUCCESS) {
649 LOGD("[error] Generate rsa key fail");
650 HcfPrintOpensslError();
651 Openssl_RSA_free(rsa);
652 return HCF_ERR_CRYPTO_OPERATION;
653 }
654 }
655
656 // devided to pk and sk;
657 HcfOpensslRsaKeyPair *keyPairImpl = NULL;
658 res = PackKeyPair(rsa, params->bits, &keyPairImpl);
659 if (res != HCF_SUCCESS) {
660 LOGE("Generate keyPair fail.");
661 Openssl_RSA_free(rsa);
662 return res;
663 }
664 *keyPair = (HcfKeyPair *)keyPairImpl;
665 Openssl_RSA_free(rsa);
666 LOGD("Generate keypair success.");
667 return res;
668 }
669
EngineGenerateKeyPair(HcfAsyKeyGeneratorSpi * self,HcfKeyPair ** keyPair)670 static HcfResult EngineGenerateKeyPair(HcfAsyKeyGeneratorSpi *self, HcfKeyPair **keyPair)
671 {
672 if (self == NULL || keyPair == NULL) {
673 LOGE("Invalid params.");
674 return HCF_INVALID_PARAMS;
675 }
676 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) {
677 LOGE("Class not match.");
678 return HCF_INVALID_PARAMS;
679 }
680 HcfAsyKeyGeneratorSpiRsaOpensslImpl *impl = (HcfAsyKeyGeneratorSpiRsaOpensslImpl *)self;
681 return GenerateKeyPair(impl->params, keyPair);
682 }
683
GetKeyGeneratorClass(void)684 static const char *GetKeyGeneratorClass(void)
685 {
686 return OPENSSL_RSA_GENERATOR_CLASS;
687 }
688
DestroyKeyGeneratorSpiImpl(HcfObjectBase * self)689 static void DestroyKeyGeneratorSpiImpl(HcfObjectBase *self)
690 {
691 if (self == NULL) {
692 LOGE("DestroyKeyGeneratorSpiImpl is null");
693 return;
694 }
695 if (!IsClassMatch(self, OPENSSL_RSA_GENERATOR_CLASS)) {
696 LOGE("Class not match.");
697 return;
698 }
699 // destroy pubExp first.
700 HcfAsyKeyGeneratorSpiRsaOpensslImpl *impl = (HcfAsyKeyGeneratorSpiRsaOpensslImpl *)self;
701 if (impl->params != NULL && impl->params->pubExp != NULL) {
702 Openssl_BN_free(impl->params->pubExp);
703 }
704 HcfFree(impl->params);
705 impl->params = NULL;
706 HcfFree(self);
707 }
708
ConvertPubKey(HcfBlob * pubKeyBlob,HcfOpensslRsaPubKey ** pubkeyRet)709 static HcfResult ConvertPubKey(HcfBlob *pubKeyBlob, HcfOpensslRsaPubKey **pubkeyRet)
710 {
711 RSA *rsaPk = NULL;
712 if (ConvertPubKeyFromX509(pubKeyBlob, &rsaPk) != HCF_SUCCESS) {
713 LOGD("[error] Convert pubKey from X509 fail.");
714 return HCF_ERR_CRYPTO_OPERATION;
715 }
716 HcfOpensslRsaPubKey *pubKey = NULL;
717 HcfResult ret = PackPubKey(rsaPk, &pubKey);
718 if (ret != HCF_SUCCESS) {
719 LOGD("[error] PackPubKey fail");
720 goto ERR;
721 }
722 *pubkeyRet = pubKey;
723 return ret;
724 ERR:
725 Openssl_RSA_free(rsaPk);
726 return ret;
727 }
728
ConvertPriKey(HcfBlob * priKeyBlob,HcfOpensslRsaPriKey ** priKeyRet)729 static HcfResult ConvertPriKey(HcfBlob *priKeyBlob, HcfOpensslRsaPriKey **priKeyRet)
730 {
731 RSA *rsaSk = NULL;
732 if (ConvertPriKeyFromPKCS8(priKeyBlob, &rsaSk) != HCF_SUCCESS) {
733 LOGE("ConvertPriKeyFromPKCS8 fail.");
734 return HCF_ERR_MALLOC;
735 }
736 HcfOpensslRsaPriKey *priKey = NULL;
737 HcfResult ret = PackPriKey(rsaSk, &priKey);
738 if (ret != HCF_SUCCESS) {
739 LOGD("[error] PackPriKey fail");
740 goto ERR;
741 }
742 *priKeyRet = priKey;
743 return ret;
744 ERR:
745 Openssl_RSA_free(rsaSk);
746 return ret;
747 }
748
EngineConvertKey(HcfAsyKeyGeneratorSpi * self,HcfParamsSpec * params,HcfBlob * pubKeyBlob,HcfBlob * priKeyBlob,HcfKeyPair ** returnKeyPair)749 static HcfResult EngineConvertKey(HcfAsyKeyGeneratorSpi *self, HcfParamsSpec *params, HcfBlob *pubKeyBlob,
750 HcfBlob *priKeyBlob, HcfKeyPair **returnKeyPair)
751 {
752 (void)params;
753 if ((self == NULL) || (returnKeyPair == NULL) || ((pubKeyBlob == NULL) && (priKeyBlob == NULL))) {
754 LOGE("ConvertKeyParams is invalid.");
755 return HCF_INVALID_PARAMS;
756 }
757 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) {
758 LOGE("Class not match.");
759 return HCF_INVALID_PARAMS;
760 }
761
762 HcfOpensslRsaPubKey *pubKey = NULL;
763 if ((pubKeyBlob != NULL) && (pubKeyBlob->len != 0) && (pubKeyBlob->data != NULL)) {
764 if (ConvertPubKey(pubKeyBlob, &pubKey) != HCF_SUCCESS) {
765 LOGE("convert pubkey fail.");
766 return HCF_INVALID_PARAMS;
767 }
768 }
769
770 HcfOpensslRsaPriKey *priKey = NULL;
771 if ((priKeyBlob != NULL) && (priKeyBlob->len != 0) && (priKeyBlob->data != NULL)) {
772 if (ConvertPriKey(priKeyBlob, &priKey) != HCF_SUCCESS) {
773 LOGE("convert prikey fail.");
774 HcfObjDestroy((HcfObjectBase *)pubKey);
775 return HCF_INVALID_PARAMS;
776 }
777 }
778
779 if (pubKey == NULL && priKey == NULL) {
780 LOGE("Convert key failed with invalid blob");
781 return HCF_INVALID_PARAMS;
782 }
783
784 HcfOpensslRsaKeyPair *keyPair = (HcfOpensslRsaKeyPair *)HcfMalloc(sizeof(HcfOpensslRsaKeyPair), 0);
785 if (keyPair == NULL) {
786 LOGE("Malloc keyPair fail.");
787 HcfObjDestroy((HcfObjectBase *)pubKey);
788 HcfObjDestroy((HcfObjectBase *)priKey);
789 return HCF_ERR_MALLOC;
790 }
791
792 keyPair->base.priKey = (HcfPriKey *)priKey;
793 keyPair->base.pubKey = (HcfPubKey *)pubKey;
794 keyPair->base.base.getClass = GetOpensslKeyPairClass;
795 keyPair->base.base.destroy = DestroyKeyPair;
796 *returnKeyPair = (HcfKeyPair *)keyPair;
797 return HCF_SUCCESS;
798 }
799
ParseRsaBnFromBin(const HcfAsyKeyParamsSpec * paramsSpec,BIGNUM ** n,BIGNUM ** e,BIGNUM ** d)800 static HcfResult ParseRsaBnFromBin(const HcfAsyKeyParamsSpec *paramsSpec, BIGNUM **n,
801 BIGNUM **e, BIGNUM **d)
802 {
803 // when meeting the fail situation, the BIGNUM will be NULL and other BIGNUM will be freeed in InitRsaStructByBin();
804 if (BigIntegerToBigNum(&((HcfRsaCommParamsSpec *)paramsSpec)->n, n) != HCF_SUCCESS) {
805 LOGD("[error] Rsa new BN n fail.");
806 return HCF_ERR_CRYPTO_OPERATION;
807 }
808 if (paramsSpec->specType == HCF_KEY_PAIR_SPEC) {
809 if (BigIntegerToBigNum(&((HcfRsaKeyPairParamsSpec *)paramsSpec)->pk, e) != HCF_SUCCESS) {
810 LOGD("[error] Rsa new BN e fail.");
811 Openssl_BN_free(*n);
812 *n = NULL;
813 return HCF_ERR_CRYPTO_OPERATION;
814 }
815 if (BigIntegerToBigNum(&((HcfRsaKeyPairParamsSpec *)paramsSpec)->sk, d) != HCF_SUCCESS) {
816 LOGD("[error] Rsa new BN d fail.");
817 Openssl_BN_free(*n);
818 *n = NULL;
819 Openssl_BN_free(*e);
820 *e = NULL;
821 return HCF_ERR_CRYPTO_OPERATION;
822 }
823 }
824 if (paramsSpec->specType == HCF_PUBLIC_KEY_SPEC) {
825 if (BigIntegerToBigNum(&((HcfRsaPubKeyParamsSpec *)paramsSpec)->pk, e) != HCF_SUCCESS) {
826 LOGD("[error] Rsa new BN e fail.");
827 Openssl_BN_free(*n);
828 *n = NULL;
829 return HCF_ERR_CRYPTO_OPERATION;
830 }
831 }
832 return HCF_SUCCESS;
833 }
834
InitRsaStructByBin(const HcfAsyKeyParamsSpec * paramsSpec)835 static RSA *InitRsaStructByBin(const HcfAsyKeyParamsSpec *paramsSpec)
836 {
837 BIGNUM *n = NULL;
838 BIGNUM *e = NULL;
839 BIGNUM *d = NULL;
840 RSA *rsa = NULL;
841
842 if (ParseRsaBnFromBin(paramsSpec, &n, &e, &d) != HCF_SUCCESS) {
843 LOGD("[error] ParseRsaBnFromBin fail");
844 return rsa;
845 }
846 rsa = Openssl_RSA_new();
847 if (rsa == NULL) {
848 Openssl_BN_free(n);
849 Openssl_BN_free(e);
850 Openssl_BN_clear_free(d);
851 LOGD("[error] new RSA fail");
852 return rsa;
853 }
854 // if set0 success, RSA object will take the owner of n, e, d and will free them.
855 // as a new RSA object, in RSA_set0_key(), n and e cannot be NULL.
856 if (Openssl_RSA_set0_key(rsa, n, e, d) != HCF_OPENSSL_SUCCESS) {
857 LOGD("[error] set RSA fail");
858 HcfPrintOpensslError();
859 Openssl_BN_free(n);
860 Openssl_BN_free(e);
861 Openssl_BN_clear_free(d);
862 Openssl_RSA_free(rsa);
863 rsa = NULL;
864 return rsa;
865 }
866 return rsa;
867 }
868
GenerateKeyPairBySpec(const HcfAsyKeyParamsSpec * paramsSpec,HcfKeyPair ** keyPair)869 static HcfResult GenerateKeyPairBySpec(const HcfAsyKeyParamsSpec *paramsSpec, HcfKeyPair **keyPair)
870 {
871 // Generate keyPair RSA by spec
872 RSA *rsa = InitRsaStructByBin(paramsSpec);
873 if (rsa == NULL) {
874 LOGD("[error] Generate RSA fail.");
875 return HCF_ERR_CRYPTO_OPERATION;
876 }
877 HcfOpensslRsaKeyPair *keyPairImpl = (HcfOpensslRsaKeyPair *)HcfMalloc(sizeof(HcfOpensslRsaKeyPair), 0);
878 if (keyPairImpl == NULL) {
879 LOGE("Malloc keyPair fail.");
880 Openssl_RSA_free(rsa);
881 return HCF_ERR_MALLOC;
882 }
883 // devided to pk and sk;
884 HcfOpensslRsaPubKey *pubKeyImpl = NULL;
885 HcfOpensslRsaPriKey *priKeyImpl = NULL;
886
887 RSA *pubKeyRsa = NULL;
888 if (DuplicateRsa(rsa, false, &pubKeyRsa) != HCF_SUCCESS) {
889 LOGD("[error] Duplicate pubKey rsa fail");
890 Openssl_RSA_free(rsa);
891 HcfFree(keyPairImpl);
892 return HCF_ERR_CRYPTO_OPERATION;
893 }
894
895 HcfResult res = PackPubKey(pubKeyRsa, &pubKeyImpl);
896 if (res != HCF_SUCCESS) {
897 LOGE("pack pup key fail.");
898 Openssl_RSA_free(rsa);
899 Openssl_RSA_free(pubKeyRsa);
900 HcfFree(keyPairImpl);
901 return res;
902 }
903
904 res = PackPriKey(rsa, &priKeyImpl);
905 if (res != HCF_SUCCESS) {
906 LOGE("pack pri key fail.");
907 Openssl_RSA_free(rsa);
908 Openssl_RSA_free(pubKeyRsa);
909 HcfFree(keyPairImpl);
910 HcfFree(pubKeyImpl);
911 return res;
912 }
913 keyPairImpl->base.priKey = (HcfPriKey *)priKeyImpl;
914 keyPairImpl->base.pubKey = (HcfPubKey *)pubKeyImpl;
915 keyPairImpl->base.base.getClass = GetOpensslKeyPairClass;
916 keyPairImpl->base.base.destroy = DestroyKeyPair;
917 *keyPair = (HcfKeyPair *)keyPairImpl;
918 LOGD("Generate keypair success.");
919 return res;
920 }
921
GeneratePubKeyBySpec(const HcfAsyKeyParamsSpec * paramsSpec,HcfPubKey ** pubKey)922 static HcfResult GeneratePubKeyBySpec(const HcfAsyKeyParamsSpec *paramsSpec, HcfPubKey **pubKey)
923 {
924 RSA *rsa = InitRsaStructByBin(paramsSpec);
925 if (rsa == NULL) {
926 LOGD("[error] Generate RSA fail.");
927 return HCF_ERR_CRYPTO_OPERATION;
928 }
929 RSA *pubKeyRsa = NULL;
930 if (DuplicateRsa(rsa, false, &pubKeyRsa) != HCF_SUCCESS) {
931 LOGD("[error] Duplicate pubKey rsa fail");
932 Openssl_RSA_free(rsa);
933 return HCF_ERR_CRYPTO_OPERATION;
934 }
935 HcfOpensslRsaPubKey *pubKeyImpl = NULL;
936 HcfResult res = PackPubKey(pubKeyRsa, &pubKeyImpl);
937 if (res != HCF_SUCCESS) {
938 LOGD("[error] pack pup key fail.");
939 Openssl_RSA_free(rsa);
940 Openssl_RSA_free(pubKeyRsa);
941 return res;
942 }
943 *pubKey = (HcfPubKey *)pubKeyImpl;
944 Openssl_RSA_free(rsa);
945 LOGD("Generate pub key success.");
946 return res;
947 }
948
GeneratePriKeyBySpec(const HcfAsyKeyParamsSpec * paramsSpec,HcfPriKey ** priKey)949 static HcfResult GeneratePriKeyBySpec(const HcfAsyKeyParamsSpec *paramsSpec, HcfPriKey **priKey)
950 {
951 RSA *rsa = InitRsaStructByBin(paramsSpec);
952 if (rsa == NULL) {
953 LOGD("[error] Generate RSA fail.");
954 return HCF_ERR_CRYPTO_OPERATION;
955 }
956 HcfOpensslRsaPriKey *priKeyImpl = NULL;
957 HcfResult res = PackPriKey(rsa, &priKeyImpl);
958 if (res != HCF_SUCCESS) {
959 LOGD("[error] pack pri key fail.");
960 Openssl_RSA_free(rsa);
961 return res;
962 }
963 *priKey = (HcfPriKey *)priKeyImpl;
964 LOGD("Generate pri key success.");
965 return res;
966 }
967
EngineGenerateKeyPairBySpec(const HcfAsyKeyGeneratorSpi * self,const HcfAsyKeyParamsSpec * paramsSpec,HcfKeyPair ** returnKeyPair)968 static HcfResult EngineGenerateKeyPairBySpec(const HcfAsyKeyGeneratorSpi *self,
969 const HcfAsyKeyParamsSpec *paramsSpec, HcfKeyPair **returnKeyPair)
970 {
971 if ((self == NULL) || (returnKeyPair == NULL) || (paramsSpec == NULL)) {
972 LOGE("GenerateKeyPairBySpec Params is invalid.");
973 return HCF_INVALID_PARAMS;
974 }
975 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) {
976 LOGE("Class not match.");
977 return HCF_INVALID_PARAMS;
978 }
979 if (strcmp(paramsSpec->algName, RSA_ALG_NAME) != 0) {
980 LOGE("Spec alg not match.");
981 return HCF_INVALID_PARAMS;
982 }
983 if (paramsSpec->specType != HCF_KEY_PAIR_SPEC) {
984 LOGE("Spec type not match.");
985 return HCF_INVALID_PARAMS;
986 }
987 return GenerateKeyPairBySpec(paramsSpec, returnKeyPair);
988 }
989
EngineGeneratePubKeyBySpec(const HcfAsyKeyGeneratorSpi * self,const HcfAsyKeyParamsSpec * paramsSpec,HcfPubKey ** returnPubKey)990 static HcfResult EngineGeneratePubKeyBySpec(const HcfAsyKeyGeneratorSpi *self,
991 const HcfAsyKeyParamsSpec *paramsSpec, HcfPubKey **returnPubKey)
992 {
993 if ((self == NULL) || (returnPubKey == NULL) || (paramsSpec == NULL)) {
994 LOGE("GeneratePubKeyBySpec Params is invalid.");
995 return HCF_INVALID_PARAMS;
996 }
997 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) {
998 LOGE("Class not match.");
999 return HCF_INVALID_PARAMS;
1000 }
1001 if (strcmp(paramsSpec->algName, RSA_ALG_NAME) != 0) {
1002 LOGE("Spec alg not match.");
1003 return HCF_INVALID_PARAMS;
1004 }
1005 if (paramsSpec->specType != HCF_PUBLIC_KEY_SPEC && paramsSpec->specType != HCF_KEY_PAIR_SPEC) {
1006 LOGE("Spec not match.");
1007 return HCF_INVALID_PARAMS;
1008 }
1009 return GeneratePubKeyBySpec(paramsSpec, returnPubKey);
1010 }
1011
EngineGeneratePriKeyBySpec(const HcfAsyKeyGeneratorSpi * self,const HcfAsyKeyParamsSpec * paramsSpec,HcfPriKey ** returnPriKey)1012 static HcfResult EngineGeneratePriKeyBySpec(const HcfAsyKeyGeneratorSpi *self,
1013 const HcfAsyKeyParamsSpec *paramsSpec, HcfPriKey **returnPriKey)
1014 {
1015 if ((self == NULL) || (returnPriKey == NULL) || (paramsSpec == NULL)) {
1016 LOGE("GeneratePriKeyBySpec Params is invalid.");
1017 return HCF_INVALID_PARAMS;
1018 }
1019 if (!IsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) {
1020 LOGE("Class not match.");
1021 return HCF_INVALID_PARAMS;
1022 }
1023 if (strcmp(paramsSpec->algName, RSA_ALG_NAME) != 0) {
1024 LOGE("Spec alg not match.");
1025 return HCF_INVALID_PARAMS;
1026 }
1027 if (paramsSpec->specType != HCF_KEY_PAIR_SPEC) {
1028 LOGE("Spec not match.");
1029 return HCF_INVALID_PARAMS;
1030 }
1031 return GeneratePriKeyBySpec(paramsSpec, returnPriKey);
1032 }
1033
SetDefaultValue(HcfAsyKeyGenSpiRsaParams * params)1034 static HcfResult SetDefaultValue(HcfAsyKeyGenSpiRsaParams *params)
1035 {
1036 if (params->primes == 0) {
1037 LOGD("set default primes 2");
1038 params->primes = OPENSSL_RSA_PRIMES_SIZE_2;
1039 }
1040 if (params->pubExp != NULL) {
1041 LOGE("RSA has pubKey default unexpectedly.");
1042 return HCF_SUCCESS;
1043 }
1044 BIGNUM *e = Openssl_BN_new();
1045 if (e == NULL) {
1046 LOGD("[error] RSA new BN fail.");
1047 return HCF_ERR_CRYPTO_OPERATION;
1048 }
1049 if (Openssl_BN_set_word(e, RSA_F4) != HCF_OPENSSL_SUCCESS) {
1050 LOGD("[error] RSA keygen Bn_set_word fail.");
1051 Openssl_BN_free(e);
1052 return HCF_ERR_CRYPTO_OPERATION;
1053 }
1054 params->pubExp = e;
1055 return HCF_SUCCESS;
1056 }
1057
DecodeParams(HcfAsyKeyGenParams * from,HcfAsyKeyGenSpiRsaParams ** to)1058 static HcfResult DecodeParams(HcfAsyKeyGenParams *from, HcfAsyKeyGenSpiRsaParams **to)
1059 {
1060 *to = (HcfAsyKeyGenSpiRsaParams *)HcfMalloc(sizeof(HcfAsyKeyGenSpiRsaParams), 0);
1061 if (*to == NULL) {
1062 LOGE("Malloc HcfAsyKeyGenSpiRsaParams fail");
1063 return HCF_ERR_MALLOC;
1064 }
1065
1066 (*to)->bits = from->bits;
1067 (*to)->primes = from->primes;
1068
1069 // set 2 as default primes, RSA_F4 as default pubExp
1070 if (SetDefaultValue(*to) != HCF_SUCCESS) {
1071 LOGE("Set default value fail.");
1072 HcfFree(*to);
1073 *to = NULL;
1074 return HCF_INVALID_PARAMS;
1075 }
1076 if (CheckRsaKeyGenParams(*to) != HCF_SUCCESS) {
1077 LOGE("Invalid keyGen params");
1078 HcfFree(*to);
1079 *to = NULL;
1080 return HCF_INVALID_PARAMS;
1081 }
1082 return HCF_SUCCESS;
1083 }
1084
HcfAsyKeyGeneratorSpiRsaCreate(HcfAsyKeyGenParams * params,HcfAsyKeyGeneratorSpi ** generator)1085 HcfResult HcfAsyKeyGeneratorSpiRsaCreate(HcfAsyKeyGenParams *params, HcfAsyKeyGeneratorSpi **generator)
1086 {
1087 if (params == NULL || generator == NULL) {
1088 LOGE("Invalid input, params is invalid or generator is null.");
1089 return HCF_INVALID_PARAMS;
1090 }
1091 HcfAsyKeyGeneratorSpiRsaOpensslImpl *impl = (HcfAsyKeyGeneratorSpiRsaOpensslImpl *)
1092 HcfMalloc(sizeof(HcfAsyKeyGeneratorSpiRsaOpensslImpl), 0);
1093 if (impl == NULL) {
1094 LOGE("Failed to allocate returnImpl memroy!");
1095 return HCF_ERR_MALLOC;
1096 }
1097 if (DecodeParams(params, &impl->params) != HCF_SUCCESS) {
1098 LOGE("Keygen params is invalid.");
1099 HcfFree(impl);
1100 return HCF_INVALID_PARAMS;
1101 }
1102 impl->base.base.getClass = GetKeyGeneratorClass;
1103 impl->base.base.destroy = DestroyKeyGeneratorSpiImpl;
1104 impl->base.engineGenerateKeyPair = EngineGenerateKeyPair;
1105 impl->base.engineConvertKey = EngineConvertKey;
1106 impl->base.engineGenerateKeyPairBySpec = EngineGenerateKeyPairBySpec;
1107 impl->base.engineGeneratePubKeyBySpec = EngineGeneratePubKeyBySpec;
1108 impl->base.engineGeneratePriKeyBySpec = EngineGeneratePriKeyBySpec;
1109 *generator = (HcfAsyKeyGeneratorSpi *)impl;
1110 return HCF_SUCCESS;
1111 }
1112