1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_openssl_aes.h"
23
24 #include <openssl/evp.h>
25 #include <stddef.h>
26
27 #include "hks_cfi.h"
28 #include "hks_log.h"
29 #include "hks_mem.h"
30 #include "hks_openssl_common.h"
31 #include "hks_openssl_engine.h"
32 #include "hks_template.h"
33
34 #if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_SM4_C)
35 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
36 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING) || defined(HKS_SUPPORT_AES_CTR_NOPADDING) || \
37 defined(HKS_SUPPORT_AES_ECB_NOPADDING) || defined(HKS_SUPPORT_AES_GCM) || \
38 defined(HKS_SUPPORT_SM4_CBC_NOPADDING) || defined(HKS_SUPPORT_SM4_CBC_PKCS7) || \
39 defined(HKS_SUPPORT_SM4_CTR_NOPADDING) || defined(HKS_SUPPORT_SM4_ECB_NOPADDING) || \
40 defined(HKS_SUPPORT_SM4_ECB_PKCS7) || defined(HKS_SUPPORT_SM4_CFB_NOPADDING) || \
41 defined(HKS_SUPPORT_SM4_OFB_NOPADDING)
42
ENABLE_CFI(const EVP_CIPHER * GetBlockCipherType (uint32_t keySize,uint32_t mode,const EVP_CIPHER * (* getCbcCipherType)(uint32_t keySize),const EVP_CIPHER * (* getCtrCipherType)(uint32_t keySize),const EVP_CIPHER * (* getEcbCipherType)(uint32_t keySize)))43 ENABLE_CFI(const EVP_CIPHER *GetBlockCipherType(uint32_t keySize, uint32_t mode,
44 const EVP_CIPHER *(*getCbcCipherType)(uint32_t keySize),
45 const EVP_CIPHER *(*getCtrCipherType)(uint32_t keySize),
46 const EVP_CIPHER *(*getEcbCipherType)(uint32_t keySize)))
47 {
48 if (mode == HKS_MODE_CBC) {
49 return getCbcCipherType(keySize);
50 } else if (mode == HKS_MODE_CTR) {
51 return getCtrCipherType(keySize);
52 } else if (mode == HKS_MODE_ECB) {
53 return getEcbCipherType(keySize);
54 }
55 return NULL;
56 }
57
OpensslBlockCipherCryptInitParams(const struct HksBlob * key,EVP_CIPHER_CTX * ctx,struct HksCipherParam * cipherParam,bool isEncrypt,const struct HksUsageSpec * usageSpec)58 static int32_t OpensslBlockCipherCryptInitParams(const struct HksBlob *key, EVP_CIPHER_CTX *ctx,
59 struct HksCipherParam *cipherParam, bool isEncrypt, const struct HksUsageSpec *usageSpec)
60 {
61 int32_t ret;
62 if (isEncrypt) {
63 ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key->data, (cipherParam == NULL) ? NULL : cipherParam->iv.data);
64 } else {
65 ret = EVP_DecryptInit_ex(ctx, NULL, NULL, key->data, (cipherParam == NULL) ? NULL : cipherParam->iv.data);
66 }
67 if (ret != HKS_OPENSSL_SUCCESS) {
68 HksLogOpensslError();
69 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
70 }
71
72 if (usageSpec->padding == HKS_PADDING_PKCS7) {
73 // set chipher padding enable
74 ret = EVP_CIPHER_CTX_set_padding(ctx, OPENSSL_CTX_PADDING_ENABLE);
75 } else if (usageSpec->padding == HKS_PADDING_NONE) {
76 // set chipher padding none
77 ret = EVP_CIPHER_CTX_set_padding(ctx, OPENSSL_CTX_PADDING_NONE);
78 }
79 if (ret != HKS_OPENSSL_SUCCESS) {
80 HksLogOpensslError();
81 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
82 }
83 return HKS_SUCCESS;
84 }
85
ENABLE_CFI(int32_t OpensslBlockCipherCryptInit (const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool isEncrypt,void ** cryptoCtx,const EVP_CIPHER * (* getCipherType)(uint32_t keySize,uint32_t mode)))86 ENABLE_CFI(int32_t OpensslBlockCipherCryptInit(
87 const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool isEncrypt, void **cryptoCtx,
88 const EVP_CIPHER *(*getCipherType)(uint32_t keySize, uint32_t mode)))
89 {
90 int32_t ret;
91 struct HksCipherParam *cipherParam = (struct HksCipherParam *)usageSpec->algParam;
92
93 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
94 if (ctx == NULL) {
95 HksLogOpensslError();
96 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
97 }
98
99 const EVP_CIPHER *cipher = getCipherType(key->size, usageSpec->mode);
100 if (cipher == NULL) {
101 EVP_CIPHER_CTX_free(ctx);
102 return HKS_ERROR_INVALID_ARGUMENT;
103 }
104
105 if (isEncrypt) {
106 ret = EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL);
107 } else {
108 ret = EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL);
109 }
110 if (ret != HKS_OPENSSL_SUCCESS) {
111 HksLogOpensslError();
112 EVP_CIPHER_CTX_free(ctx);
113 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
114 }
115
116 ret = OpensslBlockCipherCryptInitParams(key, ctx, cipherParam, isEncrypt, usageSpec);
117 if (ret != HKS_SUCCESS) {
118 EVP_CIPHER_CTX_free(ctx);
119 HKS_LOG_E("OpensslBlockCipherCryptInitParams fail, ret = %" LOG_PUBLIC "d", ret);
120 return ret;
121 }
122
123 struct HksOpensslBlockCipherCtx *outCtx =
124 (struct HksOpensslBlockCipherCtx *)HksMalloc(sizeof(HksOpensslBlockCipherCtx));
125 if (outCtx == NULL) {
126 EVP_CIPHER_CTX_free(ctx);
127 return HKS_ERROR_MALLOC_FAIL;
128 }
129 outCtx->algType = usageSpec->algType;
130 outCtx->mode = usageSpec->mode;
131 outCtx->padding = usageSpec->padding;
132 outCtx->append = (void *)ctx;
133
134 *cryptoCtx = (void *)outCtx;
135
136 return HKS_SUCCESS;
137 }
138
139 // blob data and size have been checked in hks_core_service_three_stage.c
OpensslBlockCipherEncryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)140 int32_t OpensslBlockCipherEncryptUpdate(
141 void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
142 {
143 struct HksOpensslBlockCipherCtx *blockCipherCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
144 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)blockCipherCtx->append;
145
146 HKS_IF_NULL_RETURN(ctx, HKS_ERROR_NULL_POINTER)
147
148 int32_t outLen = 0;
149 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
150 HksLogOpensslError();
151 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
152 }
153 cipherText->size = (uint32_t)outLen;
154
155 return HKS_SUCCESS;
156 }
157
OpensslBlockCipherHandleFinalThree(void ** cryptoCtx,const struct HksBlob * input,struct HksBlob * output,bool isEncrypt)158 static int32_t OpensslBlockCipherHandleFinalThree(
159 void **cryptoCtx, const struct HksBlob *input, struct HksBlob *output, bool isEncrypt)
160 {
161 struct HksOpensslBlockCipherCtx *blockCipherCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
162 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)blockCipherCtx->append;
163 if (ctx == NULL) {
164 HKS_FREE(*cryptoCtx);
165 return HKS_ERROR_NULL_POINTER;
166 }
167
168 int32_t ret = HKS_SUCCESS;
169 do {
170 int32_t outLen = 0;
171 int evpRet;
172 if (input->size != 0) {
173 evpRet = isEncrypt
174 ? EVP_EncryptUpdate(ctx, output->data, &outLen, input->data, input->size)
175 : EVP_DecryptUpdate(ctx, output->data, &outLen, input->data, input->size);
176 if (evpRet != HKS_OPENSSL_SUCCESS) {
177 HksLogOpensslError();
178 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
179 break;
180 }
181 }
182 output->size = (uint32_t)outLen;
183 evpRet = isEncrypt
184 ? EVP_EncryptFinal_ex(ctx, (output->data + outLen), &outLen)
185 : EVP_DecryptFinal_ex(ctx, (output->data + outLen), &outLen);
186 if (evpRet != HKS_OPENSSL_SUCCESS) {
187 HksLogOpensslError();
188 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
189 break;
190 }
191 output->size += (uint32_t)outLen;
192 } while (0);
193
194 EVP_CIPHER_CTX_free(ctx);
195 blockCipherCtx->append = NULL;
196 HKS_FREE(*cryptoCtx);
197
198 return ret;
199 }
200
201 // blob data and size have been checked in hks_core_service_three_stage.c
OpensslBlockCipherEncryptFinalThree(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)202 int32_t OpensslBlockCipherEncryptFinalThree(
203 void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
204 {
205 return OpensslBlockCipherHandleFinalThree(cryptoCtx, message, cipherText, true);
206 }
207
208 // blob data and size have been checked in hks_core_service_three_stage.c
OpensslBlockCipherDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText)209 int32_t OpensslBlockCipherDecryptUpdate(
210 void *cryptoCtx, const struct HksBlob *message, struct HksBlob *plainText)
211 {
212 struct HksOpensslBlockCipherCtx *blockCipherCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
213 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)blockCipherCtx->append;
214
215 HKS_IF_NULL_RETURN(ctx, HKS_ERROR_NULL_POINTER)
216
217 int32_t outLen = 0;
218 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
219 HksLogOpensslError();
220 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
221 }
222 plainText->size = (uint32_t)outLen;
223
224 return HKS_SUCCESS;
225 }
226
227 // blob data and size have been checked in hks_core_service_three_stage.c
OpensslBlockCipherDecryptFinalThree(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText)228 int32_t OpensslBlockCipherDecryptFinalThree(
229 void **cryptoCtx, const struct HksBlob *message, struct HksBlob *plainText)
230 {
231 return OpensslBlockCipherHandleFinalThree(cryptoCtx, message, plainText, false);
232 }
233
234 #endif
235 #endif /* defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_SM4_C) */
236
237 #ifdef HKS_SUPPORT_AES_C
238 #ifdef HKS_SUPPORT_AES_GENERATE_KEY
AesGenKeyCheckParam(const struct HksKeySpec * spec)239 static int32_t AesGenKeyCheckParam(const struct HksKeySpec *spec)
240 {
241 if ((spec->keyLen != HKS_AES_KEY_SIZE_128) && (spec->keyLen != HKS_AES_KEY_SIZE_192) &&
242 (spec->keyLen != HKS_AES_KEY_SIZE_256)) {
243 HKS_LOG_E("Invlid aes key len %" LOG_PUBLIC "x!", spec->keyLen);
244 return HKS_ERROR_INVALID_ARGUMENT;
245 }
246 return HKS_SUCCESS;
247 }
248
HksOpensslAesGenerateKey(const struct HksKeySpec * spec,struct HksBlob * key)249 int32_t HksOpensslAesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
250 {
251 HKS_IF_NOT_SUCC_LOGE_RETURN(AesGenKeyCheckParam(spec), HKS_ERROR_INVALID_ARGUMENT,
252 "aes generate key invalid params!")
253
254 return HksOpensslGenerateRandomKey(spec->keyLen, key);
255 }
256 #endif
257
GetAesCbcCipherType(uint32_t keySize)258 static const EVP_CIPHER *GetAesCbcCipherType(uint32_t keySize)
259 {
260 switch (keySize) {
261 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_128):
262 return EVP_aes_128_cbc();
263 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_192):
264 return EVP_aes_192_cbc();
265 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256):
266 return EVP_aes_256_cbc();
267 default:
268 return NULL;
269 }
270 }
271
GetAesCtrCipherType(uint32_t keySize)272 static const EVP_CIPHER *GetAesCtrCipherType(uint32_t keySize)
273 {
274 switch (keySize) {
275 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_128):
276 return EVP_aes_128_ctr();
277 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_192):
278 return EVP_aes_192_ctr();
279 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256):
280 return EVP_aes_256_ctr();
281 default:
282 return NULL;
283 }
284 }
285
GetAesEcbCipherType(uint32_t keySize)286 static const EVP_CIPHER *GetAesEcbCipherType(uint32_t keySize)
287 {
288 switch (keySize) {
289 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_128):
290 return EVP_aes_128_ecb();
291 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_192):
292 return EVP_aes_192_ecb();
293 case HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256):
294 return EVP_aes_256_ecb();
295 default:
296 return NULL;
297 }
298 }
299
GetGcmCipherType(uint32_t keySize)300 static const EVP_CIPHER *GetGcmCipherType(uint32_t keySize)
301 {
302 switch (keySize) {
303 case (HKS_AES_KEY_SIZE_128 / HKS_BITS_PER_BYTE):
304 return EVP_aes_128_gcm();
305 case (HKS_AES_KEY_SIZE_192 / HKS_BITS_PER_BYTE):
306 return EVP_aes_192_gcm();
307 case (HKS_AES_KEY_SIZE_256 / HKS_BITS_PER_BYTE):
308 return EVP_aes_256_gcm();
309 default:
310 return NULL;
311 }
312 }
313
GetCcmCipherType(uint32_t keySize)314 static const EVP_CIPHER *GetCcmCipherType(uint32_t keySize)
315 {
316 switch (keySize) {
317 case (HKS_AES_KEY_SIZE_128 / HKS_BITS_PER_BYTE):
318 return EVP_aes_128_ccm();
319 case (HKS_AES_KEY_SIZE_192 / HKS_BITS_PER_BYTE):
320 return EVP_aes_192_ccm();
321 case (HKS_AES_KEY_SIZE_256 / HKS_BITS_PER_BYTE):
322 return EVP_aes_256_ccm();
323 default:
324 return NULL;
325 }
326 }
327
GetAesCipherType(uint32_t keySize,uint32_t mode)328 static const EVP_CIPHER *GetAesCipherType(uint32_t keySize, uint32_t mode)
329 {
330 return GetBlockCipherType(keySize, mode, GetAesCbcCipherType, GetAesCtrCipherType, GetAesEcbCipherType);
331 }
332
GetAeadCipherType(uint32_t keySize,uint32_t mode)333 static const EVP_CIPHER *GetAeadCipherType(uint32_t keySize, uint32_t mode)
334 {
335 if (mode == HKS_MODE_GCM) {
336 return GetGcmCipherType(keySize);
337 }
338
339 if (mode == HKS_MODE_CCM) {
340 return GetCcmCipherType(keySize);
341 }
342
343 return NULL;
344 }
345
346 #if defined(HKS_SUPPORT_AES_GCM) || defined(HKS_SUPPORT_AES_CCM)
OpensslAesAeadInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool isEncrypt,EVP_CIPHER_CTX ** ctx)347 static int32_t OpensslAesAeadInit(
348 const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool isEncrypt, EVP_CIPHER_CTX **ctx)
349 {
350 int32_t ret;
351 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
352 HKS_IF_NULL_RETURN(aeadParam, HKS_ERROR_INVALID_ARGUMENT)
353
354 *ctx = EVP_CIPHER_CTX_new();
355 if (*ctx == NULL) {
356 HksLogOpensslError();
357 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
358 }
359
360 if (isEncrypt) {
361 ret = EVP_EncryptInit_ex(*ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL);
362 } else {
363 ret = EVP_DecryptInit_ex(*ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL);
364 }
365 if (ret != HKS_OPENSSL_SUCCESS) {
366 HksLogOpensslError();
367 EVP_CIPHER_CTX_free(*ctx);
368 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
369 }
370
371 ret = EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_AEAD_SET_IVLEN, aeadParam->nonce.size, NULL);
372 if (ret != HKS_OPENSSL_SUCCESS) {
373 HksLogOpensslError();
374 EVP_CIPHER_CTX_free(*ctx);
375 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
376 }
377
378 if (isEncrypt) {
379 ret = EVP_EncryptInit_ex(*ctx, NULL, NULL, key->data, aeadParam->nonce.data);
380 } else {
381 ret = EVP_DecryptInit_ex(*ctx, NULL, NULL, key->data, aeadParam->nonce.data);
382 }
383 if (ret != HKS_OPENSSL_SUCCESS) {
384 HksLogOpensslError();
385 EVP_CIPHER_CTX_free(*ctx);
386 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
387 }
388
389 return HKS_SUCCESS;
390 }
391
OpensslAesAeadEncryptFinal(EVP_CIPHER_CTX * ctx,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)392 static int32_t OpensslAesAeadEncryptFinal(EVP_CIPHER_CTX *ctx, const struct HksUsageSpec *usageSpec,
393 const struct HksBlob *message, struct HksBlob *cipherText, struct HksBlob *tagAead)
394 {
395 int outLen = 0;
396 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
397
398 if (EVP_EncryptUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size) != HKS_OPENSSL_SUCCESS) {
399 HksLogOpensslError();
400 EVP_CIPHER_CTX_free(ctx);
401 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
402 }
403
404 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
405 HksLogOpensslError();
406 EVP_CIPHER_CTX_free(ctx);
407 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
408 }
409 cipherText->size = (uint32_t)outLen;
410
411 if (EVP_EncryptFinal_ex(ctx, cipherText->data, &outLen) != HKS_OPENSSL_SUCCESS) {
412 HksLogOpensslError();
413 EVP_CIPHER_CTX_free(ctx);
414 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
415 }
416
417 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, HKS_AE_TAG_LEN, tagAead->data) != HKS_OPENSSL_SUCCESS) {
418 HksLogOpensslError();
419 EVP_CIPHER_CTX_free(ctx);
420 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
421 }
422
423 EVP_CIPHER_CTX_free(ctx);
424 return HKS_SUCCESS;
425 }
426
OpensslAesAeadDecryptFinal(EVP_CIPHER_CTX * ctx,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * plainText)427 static int32_t OpensslAesAeadDecryptFinal(
428 EVP_CIPHER_CTX *ctx, const struct HksUsageSpec *usageSpec, const struct HksBlob *message, struct HksBlob *plainText)
429 {
430 int outLen = 0;
431 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
432
433 if (EVP_DecryptUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size) != HKS_OPENSSL_SUCCESS) {
434 HksLogOpensslError();
435 EVP_CIPHER_CTX_free(ctx);
436 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
437 }
438
439 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
440 HksLogOpensslError();
441 EVP_CIPHER_CTX_free(ctx);
442 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
443 }
444 plainText->size = (uint32_t)outLen;
445
446 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, aeadParam->tagDec.size, aeadParam->tagDec.data) !=
447 HKS_OPENSSL_SUCCESS) {
448 HksLogOpensslError();
449 EVP_CIPHER_CTX_free(ctx);
450 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
451 }
452
453 if (EVP_DecryptFinal_ex(ctx, plainText->data, &outLen) != HKS_OPENSSL_SUCCESS) {
454 HksLogOpensslError();
455 EVP_CIPHER_CTX_free(ctx);
456 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
457 }
458
459 EVP_CIPHER_CTX_free(ctx);
460 return HKS_SUCCESS;
461 }
462
OpensslAesAeadCryptSetParam(const struct HksBlob * key,struct HksAeadParam * aeadParam,bool isEncrypt,EVP_CIPHER_CTX * ctx)463 static int32_t OpensslAesAeadCryptSetParam(const struct HksBlob *key, struct HksAeadParam *aeadParam,
464 bool isEncrypt, EVP_CIPHER_CTX *ctx)
465 {
466 if (aeadParam == NULL || key == NULL) {
467 return HKS_ERROR_INVALID_ARGUMENT;
468 }
469
470 int32_t ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, aeadParam->nonce.size, NULL);
471 if (ret != HKS_OPENSSL_SUCCESS) {
472 HksLogOpensslError();
473 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
474 }
475
476 if (isEncrypt) {
477 ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key->data, aeadParam->nonce.data);
478 } else {
479 ret = EVP_DecryptInit_ex(ctx, NULL, NULL, key->data, aeadParam->nonce.data);
480 }
481 if (ret != HKS_OPENSSL_SUCCESS) {
482 HksLogOpensslError();
483 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
484 }
485
486 return HKS_SUCCESS;
487 }
488
489
OpensslAesAeadCryptInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool isEncrypt,void ** cryptoCtx)490 static int32_t OpensslAesAeadCryptInit(
491 const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool isEncrypt, void **cryptoCtx)
492 {
493 int32_t ret;
494 int outLen = 0;
495 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
496 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
497 if (ctx == NULL) {
498 HksLogOpensslError();
499 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
500 }
501
502 if (isEncrypt) {
503 ret = EVP_EncryptInit_ex(ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL);
504 } else {
505 ret = EVP_DecryptInit_ex(ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL);
506 }
507 if (ret != HKS_OPENSSL_SUCCESS) {
508 HksLogOpensslError();
509 EVP_CIPHER_CTX_free(ctx);
510 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
511 }
512
513 ret = OpensslAesAeadCryptSetParam(key, aeadParam, isEncrypt, ctx);
514 if (ret != HKS_SUCCESS) {
515 HksLogOpensslError();
516 EVP_CIPHER_CTX_free(ctx);
517 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
518 }
519
520 if (isEncrypt) {
521 ret = EVP_EncryptUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size);
522 } else {
523 ret = EVP_DecryptUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size);
524 }
525 if (ret != HKS_OPENSSL_SUCCESS) {
526 HksLogOpensslError();
527 HKS_LOG_E("update aad faild, outLen->%" LOG_PUBLIC "d", outLen);
528 EVP_CIPHER_CTX_free(ctx);
529 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
530 }
531
532 struct HksOpensslBlockCipherCtx *outCtx =
533 (struct HksOpensslBlockCipherCtx *)HksMalloc(sizeof(HksOpensslBlockCipherCtx));
534 if (outCtx == NULL) {
535 HKS_LOG_E("HksOpensslBlockCipherCtx malloc fail");
536 EVP_CIPHER_CTX_free(ctx);
537 return HKS_ERROR_MALLOC_FAIL;
538 }
539 outCtx->algType = usageSpec->algType;
540 outCtx->mode = usageSpec->mode;
541 outCtx->padding = 0;
542 outCtx->append = (void *)ctx;
543
544 *cryptoCtx = (void *)outCtx;
545
546 return HKS_SUCCESS;
547 }
548
OpensslAesAeadEnryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)549 static int32_t OpensslAesAeadEnryptUpdate(void *cryptoCtx, const struct HksBlob *message,
550 struct HksBlob *cipherText)
551 {
552 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
553 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
554
555 int32_t outLen = 0;
556
557 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
558 HksLogOpensslError();
559 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
560 }
561 cipherText->size = (uint32_t)outLen;
562
563 return HKS_SUCCESS;
564 }
565
OpensslAesAeadDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText)566 static int32_t OpensslAesAeadDecryptUpdate(void *cryptoCtx,
567 const struct HksBlob *message, struct HksBlob *plainText)
568 {
569 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
570 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
571 int32_t outLen = 0;
572
573 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
574 HksLogOpensslError();
575 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
576 }
577
578 plainText->size = (uint32_t)outLen;
579
580 return HKS_SUCCESS;
581 }
582
OpensslAesAeadEncryptFinalGCM(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)583 static int32_t OpensslAesAeadEncryptFinalGCM(void **cryptoCtx, const struct HksBlob *message,
584 struct HksBlob *cipherText, struct HksBlob *tagAead)
585 {
586 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
587 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
588
589 if (ctx == NULL) {
590 HKS_FREE(*cryptoCtx);
591 return HKS_ERROR_NULL_POINTER;
592 }
593
594 int32_t ret = HKS_SUCCESS;
595 do {
596 int32_t outLen = 0;
597 if (message->size != 0) {
598 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data,
599 message->size) != HKS_OPENSSL_SUCCESS) {
600 HksLogOpensslError();
601 HKS_LOG_E("EVP_EncryptUpdate cipherText data faild, outLen->%" LOG_PUBLIC "d", outLen);
602 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
603 break;
604 }
605 }
606 cipherText->size = (uint32_t)outLen;
607
608 if (EVP_EncryptFinal_ex(ctx, cipherText->data + outLen, &outLen) != HKS_OPENSSL_SUCCESS) {
609 HksLogOpensslError();
610 HKS_LOG_E("EVP_EncryptFinal_ex faild, outLen->%" LOG_PUBLIC "d", outLen);
611 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
612 break;
613 }
614 cipherText->size += (uint32_t)outLen;
615 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, HKS_AE_TAG_LEN, tagAead->data) != HKS_OPENSSL_SUCCESS) {
616 HksLogOpensslError();
617 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
618 break;
619 }
620 } while (0);
621
622 EVP_CIPHER_CTX_free(ctx);
623 aesCtx->append = NULL;
624 HKS_FREE(*cryptoCtx);
625
626 return ret;
627 }
628
OpensslAesAeadDecryptFinalGCM(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText,struct HksBlob * tagAead)629 static int32_t OpensslAesAeadDecryptFinalGCM(void **cryptoCtx, const struct HksBlob *message,
630 struct HksBlob *plainText, struct HksBlob *tagAead)
631 {
632 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
633 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
634
635 if (ctx == NULL) {
636 HKS_FREE(aesCtx);
637 *cryptoCtx = NULL;
638 return HKS_ERROR_NULL_POINTER;
639 }
640
641 int32_t ret = HKS_SUCCESS;
642 do {
643 int32_t outLen = 0;
644 if (message->size != 0) {
645 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) !=
646 HKS_OPENSSL_SUCCESS) {
647 HksLogOpensslError();
648 HKS_LOG_E("EVP_DecryptUpdate plainText data faild, outLen->%" LOG_PUBLIC "d", outLen);
649 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
650 break;
651 }
652 }
653 plainText->size = (uint32_t)outLen;
654
655 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tagAead->size, tagAead->data) !=
656 HKS_OPENSSL_SUCCESS) {
657 HKS_LOG_E("EVP_CIPHER_CTX_ctrl failed, tagAead->size->%" LOG_PUBLIC "d", tagAead->size);
658 HksLogOpensslError();
659 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
660 break;
661 }
662
663 if (EVP_DecryptFinal_ex(ctx, plainText->data + outLen, &outLen) != HKS_OPENSSL_SUCCESS) {
664 HksLogOpensslError();
665 HKS_LOG_E("EVP_DecryptFinal_ex faild, outLen->%" LOG_PUBLIC "d", outLen);
666 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
667 break;
668 }
669 plainText->size += (uint32_t)outLen;
670 } while (0);
671
672 EVP_CIPHER_CTX_free(ctx);
673 aesCtx->append = NULL;
674 HKS_FREE(*cryptoCtx);
675 return ret;
676 }
677
OpensslAesAeadCipherSetParam(const struct HksBlob * key,const struct HksUsageSpec * spec,const bool isEncrypt,EVP_CIPHER_CTX * ctx)678 static int32_t OpensslAesAeadCipherSetParam(const struct HksBlob *key, const struct HksUsageSpec *spec,
679 const bool isEncrypt, EVP_CIPHER_CTX *ctx)
680 {
681 if (spec == NULL || key == NULL || ctx == NULL) {
682 return HKS_ERROR_INVALID_ARGUMENT;
683 }
684
685 struct HksAeadParam *aeadParam = (struct HksAeadParam *)spec->algParam;
686 if (aeadParam == NULL) {
687 HKS_LOG_E("aeadParam is null!");
688 return HKS_ERROR_INVALID_ARGUMENT;
689 }
690
691 if (!isEncrypt && spec->mode == HKS_MODE_CCM) {
692 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, aeadParam->tagDec.size, aeadParam->tagDec.data) !=
693 HKS_OPENSSL_SUCCESS) {
694 HKS_LOG_E("EVP_CIPHER_CTX_ctrl failed, tag aead size %" LOG_PUBLIC "d", aeadParam->tagDec.size);
695 HksLogOpensslError();
696 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
697 }
698 }
699
700 int32_t ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, aeadParam->nonce.size, NULL);
701 if (ret != HKS_OPENSSL_SUCCESS) {
702 HKS_LOG_E("set iv length error");
703 HksLogOpensslError();
704 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
705 }
706 int enc = (isEncrypt ? 1 : 0);
707 ret = EVP_CipherInit_ex(ctx, NULL, NULL, key->data, aeadParam->nonce.data, enc);
708 if (ret != HKS_OPENSSL_SUCCESS) {
709 HKS_LOG_E("set key and iv error");
710 HksLogOpensslError();
711 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
712 }
713
714 return HKS_SUCCESS;
715 }
716
OpensslAesAeadCipherInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const bool isEncrypt,void ** cryptoCtx)717 static int32_t OpensslAesAeadCipherInit(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
718 const bool isEncrypt, void **cryptoCtx)
719 {
720 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
721 if (ctx == NULL) {
722 HksLogOpensslError();
723 HKS_LOG_E("cipher init get ctx failed!");
724 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
725 }
726
727 int enc = (isEncrypt ? 1 : 0);
728 int32_t ret = EVP_CipherInit_ex(ctx, GetAeadCipherType(key->size, usageSpec->mode), NULL, NULL, NULL, enc);
729 if (ret != HKS_OPENSSL_SUCCESS) {
730 HKS_LOG_E("EVP_CipherInit_ex exec failed!");
731 HksLogOpensslError();
732 EVP_CIPHER_CTX_free(ctx);
733 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
734 }
735
736 if (isEncrypt && usageSpec->mode == HKS_MODE_CCM) {
737 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, HKS_AE_TAG_LEN, NULL) != HKS_OPENSSL_SUCCESS) {
738 HKS_LOG_E("EVP_CIPHER_CTX_ctrl set tag len failed!");
739 HksLogOpensslError();
740 EVP_CIPHER_CTX_free(ctx);
741 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
742 }
743 }
744
745 ret = OpensslAesAeadCipherSetParam(key, usageSpec, isEncrypt, ctx);
746 if (ret != HKS_SUCCESS) {
747 HKS_LOG_E("OpensslAesAeadCipherSetParam set params failed!");
748 EVP_CIPHER_CTX_free(ctx);
749 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
750 }
751
752 struct HksOpensslBlockCipherCtx *outCtx =
753 (struct HksOpensslBlockCipherCtx *)HksMalloc(sizeof(HksOpensslBlockCipherCtx));
754 if (outCtx == NULL) {
755 HKS_LOG_E("HksOpensslBlockCipherCtx malloc fail");
756 EVP_CIPHER_CTX_free(ctx);
757 return HKS_ERROR_MALLOC_FAIL;
758 }
759 outCtx->algType = usageSpec->algType;
760 outCtx->mode = usageSpec->mode;
761 outCtx->padding = 0;
762 outCtx->append = (void *)ctx;
763
764 *cryptoCtx = (void *)outCtx;
765
766 return HKS_SUCCESS;
767 }
768
OpensslAesAeadCipherUpdate(void * cryptoCtx,const struct HksUsageSpec * usageSpec,const struct HksBlob * input,struct HksBlob * output)769 static int32_t OpensslAesAeadCipherUpdate(void *cryptoCtx, const struct HksUsageSpec *usageSpec,
770 const struct HksBlob *input, struct HksBlob *output)
771 {
772 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
773 int32_t outLen = output->size;
774
775 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
776 if (ctx == NULL) {
777 HKS_LOG_E("EVP_CIPHER_CTX is null!");
778 return HKS_ERROR_NULL_POINTER;
779 }
780
781 struct HksAeadParam *aeadParam = (struct HksAeadParam *)usageSpec->algParam;
782 if (aeadParam == NULL) {
783 HKS_LOG_E("aeadParam is null!");
784 return HKS_ERROR_INVALID_ARGUMENT;
785 }
786
787 if (aesCtx->mode == HKS_MODE_CCM) {
788 if (EVP_CipherUpdate(ctx, NULL, &outLen, NULL, input->size) != HKS_OPENSSL_SUCCESS) {
789 HksLogOpensslError();
790 HKS_LOG_E("cipher update set ccm data length failed!");
791 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
792 }
793 }
794
795 if (aeadParam->aad.size != 0) {
796 if (EVP_CipherUpdate(ctx, NULL, &outLen, aeadParam->aad.data, aeadParam->aad.size) != HKS_OPENSSL_SUCCESS) {
797 HksLogOpensslError();
798 HKS_LOG_E("update aad faild, outLen->%" LOG_PUBLIC "d", outLen);
799 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
800 }
801 }
802
803 if (EVP_CipherUpdate(ctx, output->data, &outLen, input->data, input->size) != HKS_OPENSSL_SUCCESS) {
804 HksLogOpensslError();
805 HKS_LOG_E("cipher update exec failed!");
806 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
807 }
808 output->size = (uint32_t)outLen;
809
810 return HKS_SUCCESS;
811 }
812
OpensslAesAeadCipherFinal(void ** cryptoCtx,const struct HksUsageSpec * usageSpec,bool isEncrypt,const struct HksBlob * input,struct HksBlob * output,struct HksBlob * tagAead)813 static int32_t OpensslAesAeadCipherFinal(void **cryptoCtx, const struct HksUsageSpec *usageSpec, bool isEncrypt,
814 const struct HksBlob *input, struct HksBlob *output, struct HksBlob *tagAead)
815 {
816 struct HksOpensslBlockCipherCtx *aesCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
817 EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)aesCtx->append;
818 if (ctx == NULL) {
819 HKS_FREE(*cryptoCtx);
820 return HKS_ERROR_NULL_POINTER;
821 }
822
823 int32_t ret = HKS_SUCCESS;
824 do {
825 int32_t outLen = 0;
826 if (input->size != 0) {
827 ret = OpensslAesAeadCipherUpdate(*cryptoCtx, usageSpec, input, output);
828 if (ret != HKS_SUCCESS) {
829 HKS_LOG_E("cipher final update input data failed");
830 break;
831 }
832 }
833
834 // for gcm mode in decrypt process need set aead tag before EVP_CipherFinal_ex
835 if (!isEncrypt && aesCtx->mode == HKS_MODE_GCM) {
836 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tagAead->size, tagAead->data) !=
837 HKS_OPENSSL_SUCCESS) {
838 HKS_LOG_E("EVP_CIPHER_CTX_ctrl failed, tagAead->size->%" LOG_PUBLIC "d", tagAead->size);
839 HksLogOpensslError();
840 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
841 break;
842 }
843 }
844
845 if (EVP_CipherFinal_ex(ctx, output->data + output->size, &outLen) != HKS_OPENSSL_SUCCESS) {
846 HksLogOpensslError();
847 HKS_LOG_E("EVP_CipherFinal_ex faild, outLen->%" LOG_PUBLIC "d", outLen);
848 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
849 break;
850 }
851 output->size += (uint32_t)outLen;
852
853 if (isEncrypt) {
854 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, HKS_AE_TAG_LEN, tagAead->data) != HKS_OPENSSL_SUCCESS) {
855 HksLogOpensslError();
856 HKS_LOG_E("EVP_CIPHER_CTX_ctrl get aead faild");
857 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
858 break;
859 }
860 }
861 } while (0);
862
863 EVP_CIPHER_CTX_free(ctx);
864 aesCtx->append = NULL;
865 HKS_FREE(*cryptoCtx);
866
867 return ret;
868 }
869 #endif
870
871 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
872 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
873 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
OpensslAesCipherInit(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,bool isEncrypt,EVP_CIPHER_CTX ** ctx)874 static int32_t OpensslAesCipherInit(
875 const struct HksBlob *key, const struct HksUsageSpec *usageSpec, bool isEncrypt, EVP_CIPHER_CTX **ctx)
876 {
877 int32_t ret;
878 struct HksCipherParam *cipherParam = (struct HksCipherParam *)usageSpec->algParam;
879
880 *ctx = EVP_CIPHER_CTX_new();
881 if (*ctx == NULL) {
882 HksLogOpensslError();
883 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
884 }
885
886 const EVP_CIPHER *cipher = GetAesCipherType(key->size, usageSpec->mode);
887 if (cipher == NULL) {
888 EVP_CIPHER_CTX_free(*ctx);
889 return HKS_ERROR_INVALID_ARGUMENT;
890 }
891
892 if (isEncrypt) {
893 ret = EVP_EncryptInit_ex(*ctx, cipher, NULL, NULL, NULL);
894 } else {
895 ret = EVP_DecryptInit_ex(*ctx, cipher, NULL, NULL, NULL);
896 }
897 if (ret != HKS_OPENSSL_SUCCESS) {
898 HksLogOpensslError();
899 EVP_CIPHER_CTX_free(*ctx);
900 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
901 }
902
903 if (isEncrypt) {
904 ret = EVP_EncryptInit_ex(*ctx, NULL, NULL, key->data, (cipherParam == NULL) ? NULL : cipherParam->iv.data);
905 } else {
906 ret = EVP_DecryptInit_ex(*ctx, NULL, NULL, key->data, (cipherParam == NULL) ? NULL : cipherParam->iv.data);
907 }
908 if (ret != HKS_OPENSSL_SUCCESS) {
909 HksLogOpensslError();
910 EVP_CIPHER_CTX_free(*ctx);
911 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
912 }
913
914 if (usageSpec->padding == HKS_PADDING_PKCS7) {
915 ret = EVP_CIPHER_CTX_set_padding(*ctx, OPENSSL_CTX_PADDING_ENABLE);
916 } else if (usageSpec->padding == HKS_PADDING_NONE) {
917 ret = EVP_CIPHER_CTX_set_padding(*ctx, OPENSSL_CTX_PADDING_NONE);
918 }
919 if (ret != HKS_OPENSSL_SUCCESS) {
920 HksLogOpensslError();
921 EVP_CIPHER_CTX_free(*ctx);
922 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
923 }
924
925 return HKS_SUCCESS;
926 }
927
OpensslAesCipherEncryptFinal(EVP_CIPHER_CTX * ctx,const struct HksBlob * message,struct HksBlob * cipherText)928 static int32_t OpensslAesCipherEncryptFinal(
929 EVP_CIPHER_CTX *ctx, const struct HksBlob *message, struct HksBlob *cipherText)
930 {
931 int32_t outLen = 0;
932
933 if (EVP_EncryptUpdate(ctx, cipherText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
934 HksLogOpensslError();
935 EVP_CIPHER_CTX_free(ctx);
936 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
937 }
938 cipherText->size = (uint32_t)outLen;
939
940 if (EVP_EncryptFinal_ex(ctx, cipherText->data + outLen, &outLen) != HKS_OPENSSL_SUCCESS) {
941 HksLogOpensslError();
942 EVP_CIPHER_CTX_free(ctx);
943 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
944 }
945 cipherText->size += (uint32_t)outLen;
946
947 EVP_CIPHER_CTX_free(ctx);
948 return HKS_SUCCESS;
949 }
950
OpensslAesCipherDecryptFinal(EVP_CIPHER_CTX * ctx,const struct HksBlob * message,struct HksBlob * plainText)951 static int32_t OpensslAesCipherDecryptFinal(
952 EVP_CIPHER_CTX *ctx, const struct HksBlob *message, struct HksBlob *plainText)
953 {
954 int32_t outLen = 0;
955
956 if (EVP_DecryptUpdate(ctx, plainText->data, &outLen, message->data, message->size) != HKS_OPENSSL_SUCCESS) {
957 HksLogOpensslError();
958 EVP_CIPHER_CTX_free(ctx);
959 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
960 }
961 plainText->size = (uint32_t)outLen;
962
963 if (EVP_DecryptFinal_ex(ctx, plainText->data + outLen, &outLen) != HKS_OPENSSL_SUCCESS) {
964 HksLogOpensslError();
965 EVP_CIPHER_CTX_free(ctx);
966 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
967 }
968 plainText->size += (uint32_t)outLen;
969
970 EVP_CIPHER_CTX_free(ctx);
971 return HKS_SUCCESS;
972 }
973 #endif
974
HksOpensslAesEncryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)975 int32_t HksOpensslAesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
976 {
977 int32_t ret;
978 switch (usageSpec->mode) {
979 #ifdef HKS_SUPPORT_AES_GCM
980 case HKS_MODE_GCM:
981 ret = OpensslAesAeadCryptInit(key, usageSpec, true, cryptoCtx);
982 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "OpensslAesAeadInit fail, ret = %" LOG_PUBLIC "d", ret)
983 break;
984 #endif
985 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
986 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
987 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
988 case HKS_MODE_CBC:
989 case HKS_MODE_CTR:
990 case HKS_MODE_ECB:
991 ret = OpensslBlockCipherCryptInit(key, usageSpec, true, cryptoCtx, GetAesCipherType);
992 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
993 "OpensslBlockCipherCryptInit for aes fail, ret = %" LOG_PUBLIC "d", ret)
994 break;
995 #endif
996 default:
997 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", usageSpec->mode);
998 return HKS_ERROR_INVALID_ARGUMENT;
999 }
1000
1001 return HKS_SUCCESS;
1002 }
1003
HksOpensslAesEncryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText)1004 int32_t HksOpensslAesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
1005 {
1006 struct HksOpensslBlockCipherCtx *contex = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
1007 uint32_t mode = contex->mode;
1008
1009 int32_t ret;
1010 switch (mode) {
1011 #ifdef HKS_SUPPORT_AES_GCM
1012 case HKS_MODE_GCM:
1013 ret = OpensslAesAeadEnryptUpdate(cryptoCtx, message, cipherText);
1014 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1015 "OpensslAesAeadEnryptUpdate for aes fail, ret = %" LOG_PUBLIC "d", ret)
1016 break;
1017 #endif
1018 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1019 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1020 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1021 case HKS_MODE_CBC:
1022 case HKS_MODE_CTR:
1023 case HKS_MODE_ECB:
1024 ret = OpensslBlockCipherEncryptUpdate(cryptoCtx, message, cipherText);
1025 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1026 "OpensslBlockCipherEncryptUpdate for aes fail, ret = %" LOG_PUBLIC "d", ret)
1027 break;
1028 #endif
1029 default:
1030 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", mode);
1031 return HKS_ERROR_INVALID_ARGUMENT;
1032 }
1033
1034 return HKS_SUCCESS;
1035 }
1036
HksOpensslAesEncryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)1037 int32_t HksOpensslAesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
1038 struct HksBlob *tagAead)
1039 {
1040 struct HksOpensslBlockCipherCtx *contex = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
1041 uint32_t mode = contex->mode;
1042
1043 int32_t ret;
1044 switch (mode) {
1045 #ifdef HKS_SUPPORT_AES_GCM
1046 case HKS_MODE_GCM:
1047 ret = OpensslAesAeadEncryptFinalGCM(cryptoCtx, message, cipherText, tagAead);
1048 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1049 "OpensslAesAeadEncryptFinalGCM for aes fail, ret = %" LOG_PUBLIC "d", ret)
1050 break;
1051 #endif
1052 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1053 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1054 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1055 case HKS_MODE_CBC:
1056 case HKS_MODE_CTR:
1057 case HKS_MODE_ECB:
1058 ret = OpensslBlockCipherEncryptFinalThree(cryptoCtx, message, cipherText);
1059 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1060 "OpensslBlockCipherEncryptFinalThree for aes fail, ret = %" LOG_PUBLIC "d", ret)
1061 break;
1062 #endif
1063 default:
1064 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", mode);
1065 return HKS_ERROR_INVALID_ARGUMENT;
1066 }
1067
1068 return HKS_SUCCESS;
1069 }
1070
HksOpensslAesDecryptInit(void ** cryptoCtx,const struct HksBlob * key,const struct HksUsageSpec * usageSpec)1071 int32_t HksOpensslAesDecryptInit(void **cryptoCtx, const struct HksBlob *key,
1072 const struct HksUsageSpec *usageSpec)
1073 {
1074 int32_t ret;
1075 switch (usageSpec->mode) {
1076 case HKS_MODE_GCM:
1077 ret = OpensslAesAeadCryptInit(key, usageSpec, false, cryptoCtx);
1078 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1079 "OpensslAesAeadDecryptInit for aes fail, ret = %" LOG_PUBLIC "d", ret)
1080 break;
1081 case HKS_MODE_CBC:
1082 case HKS_MODE_CTR:
1083 case HKS_MODE_ECB:
1084 ret = OpensslBlockCipherCryptInit(key, usageSpec, false, cryptoCtx, GetAesCipherType);
1085 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1086 "OpensslBlockCipherCryptInit for aes fail, ret = %" LOG_PUBLIC "d", ret)
1087 break;
1088 default:
1089 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", usageSpec->mode);
1090 return HKS_ERROR_INVALID_ARGUMENT;
1091 }
1092
1093 return ret;
1094 }
1095
HksOpensslAesDecryptUpdate(void * cryptoCtx,const struct HksBlob * message,struct HksBlob * plainText)1096 int32_t HksOpensslAesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *plainText)
1097 {
1098 struct HksOpensslBlockCipherCtx *contex = (struct HksOpensslBlockCipherCtx *)cryptoCtx;
1099 uint32_t mode = contex->mode;
1100
1101 int32_t ret;
1102 switch (mode) {
1103 case HKS_MODE_GCM:
1104 ret = OpensslAesAeadDecryptUpdate(cryptoCtx, message, plainText);
1105 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1106 "OpensslAesAeadDecryptUpdate for aes fail, ret = %" LOG_PUBLIC "d", ret)
1107 break;
1108 case HKS_MODE_CBC:
1109 case HKS_MODE_CTR:
1110 case HKS_MODE_ECB:
1111 ret = OpensslBlockCipherDecryptUpdate(cryptoCtx, message, plainText);
1112 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1113 "OpensslBlockCipherDecryptUpdate for aes fail, ret = %" LOG_PUBLIC "d", ret)
1114 break;
1115 default:
1116 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", mode);
1117 return HKS_ERROR_INVALID_ARGUMENT;
1118 }
1119
1120 return ret;
1121 }
1122
HksOpensslAesDecryptFinal(void ** cryptoCtx,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)1123 int32_t HksOpensslAesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
1124 struct HksBlob *tagAead)
1125 {
1126 struct HksOpensslBlockCipherCtx *contex = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
1127 uint32_t mode = contex->mode;
1128
1129 int32_t ret;
1130 switch (mode) {
1131 #ifdef HKS_SUPPORT_AES_GCM
1132 case HKS_MODE_GCM:
1133 ret = OpensslAesAeadDecryptFinalGCM(cryptoCtx, message, cipherText, tagAead);
1134 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1135 "OpensslAesAeadDecryptFinalGCM for aes fail, ret = %" LOG_PUBLIC "d", ret)
1136 break;
1137 #endif
1138 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1139 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1140 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1141 case HKS_MODE_CBC:
1142 case HKS_MODE_CTR:
1143 case HKS_MODE_ECB:
1144 ret = OpensslBlockCipherDecryptFinalThree(cryptoCtx, message, cipherText);
1145 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1146 "OpensslBlockCipherDecryptFinalThree for aes fail, ret = %" LOG_PUBLIC "d", ret)
1147 break;
1148 #endif
1149 default:
1150 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", mode);
1151 return HKS_ERROR_INVALID_ARGUMENT;
1152 }
1153
1154 return HKS_SUCCESS;
1155 }
1156
HksOpensslAesHalFreeCtx(void ** cryptoCtx)1157 void HksOpensslAesHalFreeCtx(void **cryptoCtx)
1158 {
1159 if (cryptoCtx == NULL || *cryptoCtx == NULL) {
1160 HKS_LOG_E("Openssl aes free ctx is null");
1161 return;
1162 }
1163
1164 struct HksOpensslBlockCipherCtx *opensslAesCtx = (struct HksOpensslBlockCipherCtx *)*cryptoCtx;
1165 switch (opensslAesCtx->mode) {
1166 #ifdef HKS_SUPPORT_AES_GCM
1167 case HKS_MODE_GCM:
1168 if ((EVP_CIPHER_CTX *)opensslAesCtx->append != NULL) {
1169 EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)opensslAesCtx->append);
1170 opensslAesCtx->append = NULL;
1171 }
1172 break;
1173 #endif
1174 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1175 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1176 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1177 case HKS_MODE_CBC:
1178 case HKS_MODE_CTR:
1179 case HKS_MODE_ECB:
1180 if ((EVP_CIPHER_CTX *)opensslAesCtx->append != NULL) {
1181 EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)opensslAesCtx->append);
1182 opensslAesCtx->append = NULL;
1183 }
1184 break;
1185 #endif
1186 default:
1187 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", opensslAesCtx->mode);
1188 break;
1189 }
1190
1191 HKS_FREE(*cryptoCtx);
1192 }
1193
HksOpensslAesEncrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * cipherText,struct HksBlob * tagAead)1194 int32_t HksOpensslAesEncrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
1195 const struct HksBlob *message, struct HksBlob *cipherText, struct HksBlob *tagAead)
1196 {
1197 EVP_CIPHER_CTX *ctx = NULL;
1198 struct HksBlob tmpCipherText = *cipherText;
1199
1200 int32_t ret;
1201 switch (usageSpec->mode) {
1202 #ifdef HKS_SUPPORT_AES_GCM
1203 case HKS_MODE_GCM:
1204 ret = OpensslAesAeadInit(key, usageSpec, true, &ctx);
1205 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1206 "OpensslAesAeadInit for aes fail, ret = %" LOG_PUBLIC "d", ret)
1207
1208 ret = OpensslAesAeadEncryptFinal(ctx, usageSpec, message, &tmpCipherText, tagAead);
1209 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1210 "OpensslAesAeadEncryptFinal fail, ret = %" LOG_PUBLIC "d", ret)
1211 break;
1212 #endif
1213 #ifdef HKS_SUPPORT_AES_CCM
1214 case HKS_MODE_CCM:
1215 ret = OpensslAesAeadCipherInit(key, usageSpec, true, (void **)(&ctx));
1216 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1217 "OpensslAesAeadCipherInit for aes ccm enc fail, ret = %" LOG_PUBLIC "d", ret)
1218 ret = OpensslAesAeadCipherFinal((void **)(&ctx), usageSpec, true, message, &tmpCipherText, tagAead);
1219 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1220 "OpensslAesAeadCipherFinal for aes ccm enc fail, ret = %" LOG_PUBLIC "d", ret)
1221 break;
1222 #endif
1223 #if defined(HKS_SUPPORT_AES_CBC_NOPADDING) || defined(HKS_SUPPORT_AES_CBC_PKCS7) || \
1224 defined(HKS_SUPPORT_AES_CTR_NOPADDING) || defined(HKS_SUPPORT_AES_ECB_NOPADDING) || \
1225 defined(HKS_SUPPORT_AES_ECB_PKCS7PADDING)
1226 case HKS_MODE_CBC:
1227 case HKS_MODE_CTR:
1228 case HKS_MODE_ECB:
1229 ret = OpensslAesCipherInit(key, usageSpec, true, &ctx);
1230 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1231 "OpensslAesCipherInit fail, ret = %" LOG_PUBLIC "d", ret)
1232
1233 ret = OpensslAesCipherEncryptFinal(ctx, message, &tmpCipherText);
1234 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1235 "OpensslAesCipherEncryptFinal fail, ret = %" LOG_PUBLIC "d", ret)
1236 break;
1237 #endif
1238 default:
1239 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", usageSpec->mode);
1240 return HKS_ERROR_INVALID_ARGUMENT;
1241 }
1242
1243 cipherText->size = tmpCipherText.size;
1244 return HKS_SUCCESS;
1245 }
1246
HksOpensslAesDecrypt(const struct HksBlob * key,const struct HksUsageSpec * usageSpec,const struct HksBlob * message,struct HksBlob * plainText)1247 int32_t HksOpensslAesDecrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec,
1248 const struct HksBlob *message, struct HksBlob *plainText)
1249 {
1250 EVP_CIPHER_CTX *ctx = NULL;
1251 struct HksBlob tmpPlainText = *plainText;
1252
1253 int32_t ret;
1254 switch (usageSpec->mode) {
1255 case HKS_MODE_GCM:
1256 ret = OpensslAesAeadInit(key, usageSpec, false, &ctx);
1257 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1258 "OpensslAesAeadDecryptInit fail, ret = %" LOG_PUBLIC "d", ret)
1259
1260 ret = OpensslAesAeadDecryptFinal(ctx, usageSpec, message, &tmpPlainText);
1261 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1262 "OpensslAesAeadDecryptFinal fail, ret = %" LOG_PUBLIC "d", ret)
1263 break;
1264 #ifdef HKS_SUPPORT_AES_CCM
1265 case HKS_MODE_CCM:
1266 ret = OpensslAesAeadCipherInit(key, usageSpec, false, (void **)(&ctx));
1267 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1268 "OpensslAesAeadCipherInit for aes ccm dec fail, ret = %" LOG_PUBLIC "d", ret)
1269 struct HksBlob tag = {0, NULL};
1270 ret = OpensslAesAeadCipherFinal((void **)(&ctx), usageSpec, false, message, &tmpPlainText, &tag);
1271 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1272 "OpensslAesAeadCipherFinal for aes ccm dec fail, ret = %" LOG_PUBLIC "d", ret)
1273 break;
1274 #endif
1275 case HKS_MODE_CBC:
1276 case HKS_MODE_CTR:
1277 case HKS_MODE_ECB:
1278 ret = OpensslAesCipherInit(key, usageSpec, false, &ctx);
1279 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1280 "OpensslAesCipherInit fail, ret = %" LOG_PUBLIC "d", ret)
1281
1282 ret = OpensslAesCipherDecryptFinal(ctx, message, &tmpPlainText);
1283 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
1284 "OpensslAesCipherDecryptFinal fail, ret = %" LOG_PUBLIC "d", ret)
1285 break;
1286 default:
1287 HKS_LOG_E("Unsupport aes mode! mode = 0x%" LOG_PUBLIC "x", usageSpec->mode);
1288 return HKS_ERROR_INVALID_ARGUMENT;
1289 }
1290
1291 plainText->size = tmpPlainText.size;
1292 return ret;
1293 }
1294 #endif
1295