openharmony/security_huks
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_huks synced 2024-11-23 14:50:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

mini平台新增接口

Browse Source 
Signed-off-by: 绫地宁宁 <756090608@qq.com>
This commit is contained in:
绫地宁宁 2024-09-06 15:35:15 +08:00
parent 4880c5bcb8
commit d242b4e610
18 changed files with 2721 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
frameworks/huks_standard/main/common/include/hks_ability.h
View File

@ -58,6 +58,10 @@ enum HksOperationType {
/* see hks_chipset_platform_key_hardcoded.c */
HKS_OPERATION_CHIPSET_PLATFORM_DERIVE_PUB_KEY = 0x20, /* hardcoded key implementation did not use the enum */
/* see hks_chipset_platform_key_hardcoded.c */
HKS_OPERATION_CMAC_INIT, /* cmac init */
HKS_OPERATION_CMAC_UPDATE, /* cmac update */
HKS_OPERATION_CMAC_FINAL, /* cmac final */
HKS_OPERATION_CMAC_FREE_CTX /* cmac free ctx */
};
struct HksAbility {
@ -86,6 +90,11 @@ struct HksAbility {
#define HKS_CRYPTO_ABILITY_HMAC_FINAL HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC_FINAL, 0)
#define HKS_CRYPTO_ABILITY_HMAC_FREE_CTX HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC_FREE_CTX, 0)
#define HKS_CRYPTO_ABILITY_CMAC_INIT HKS_CRYPTO_ABILITY(HKS_OPERATION_CMAC_INIT, 0)
#define HKS_CRYPTO_ABILITY_CMAC_UPDATE HKS_CRYPTO_ABILITY(HKS_OPERATION_CMAC_UPDATE, 0)
#define HKS_CRYPTO_ABILITY_CMAC_FINAL HKS_CRYPTO_ABILITY(HKS_OPERATION_CMAC_FINAL, 0)
#define HKS_CRYPTO_ABILITY_CMAC_FREE_CTX HKS_CRYPTO_ABILITY(HKS_OPERATION_CMAC_FREE_CTX, 0)
#define HKS_CRYPTO_ABILITY_HASH HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH, 0)
#define HKS_CRYPTO_ABILITY_HASH_INIT HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH_INIT, 0)
#define HKS_CRYPTO_ABILITY_HASH_UPDATE HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH_UPDATE, 0)

129
frameworks/huks_standard/main/common/include/hks_config_lite_wearable.h Normal file
View File

@ -0,0 +1,129 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HKS_CONFIG_H
#define HKS_CONFIG_H
#define HKS_SUPPORT_POSIX
#define HKS_LOG_ENGINE_HILOG_MODULE_SCY
/* AES */
#define HKS_SUPPORT_AES_C
#define HKS_SUPPORT_AES_GENERATE_KEY
#define HKS_SUPPORT_AES_CBC_NOPADDING
#define HKS_SUPPORT_AES_CBC_PKCS7
#define HKS_SUPPORT_AES_GCM
#define HKS_SUPPORT_AES_CTR_NOPADDING
/* DES */
#define HKS_SUPPORT_DES_C
#define HKS_SUPPORT_DES_GENERATE_KEY
#define HKS_SUPPORT_DES_ECB_NOPADDING
#define HKS_SUPPORT_DES_CBC_NOPADDING
/* 3DES */
#define HKS_SUPPORT_3DES_C
#define HKS_SUPPORT_3DES_GENERATE_KEY
#define HKS_SUPPORT_3DES_ECB_NOPADDING
#define HKS_SUPPORT_3DES_CBC_NOPADDING
/* BN */
#define HKS_SUPPORT_BN_C
/* HASH */
#define HKS_SUPPORT_HASH_C
#define HKS_SUPPORT_HASH_SHA256
#define HKS_SUPPORT_HASH_SHA384
#define HKS_SUPPORT_HASH_SHA512
/* HMAC */
#define HKS_SUPPORT_HMAC_C
#define HKS_SUPPORT_HMAC_SHA256
#define HKS_SUPPORT_HMAC_SHA384
#define HKS_SUPPORT_HMAC_SHA512
/* CMAC */
#if defined(HKS_SUPPORT_3DES_C)
#define HKS_SUPPORT_CMAC_C
#endif
/* KDF */
#define HKS_SUPPORT_KDF_C
#define HKS_SUPPORT_KDF_PBKDF2
#define HKS_SUPPORT_KDF_HKDF
/* X25519 */
#define HKS_SUPPORT_X25519_C
#define HKS_SUPPORT_X25519_GENERATE_KEY
#define HKS_SUPPORT_X25519_AGREE_KEY
#define HKS_SUPPORT_X25519_GET_PUBLIC_KEY
#if defined(HKS_SUPPORT_AES_GENERATE_KEY) || defined(HKS_SUPPORT_ECC_GENERATE_KEY) || \
defined(HKS_SUPPORT_ED25519_GENERATE_KEY) || defined(HKS_SUPPORT_RSA_GENERATE_KEY) || \
defined(HKS_SUPPORT_X25519_GENERATE_KEY)
#define HKS_SUPPORT_API_GENERATE_KEY
#define HKS_SUPPORT_API_DELETE_KEY
#define HKS_SUPPORT_API_GET_KEY_PARAM_SET
#define HKS_SUPPORT_API_KEY_EXIST
#endif
#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || \
defined(HKS_SUPPORT_ED25519_C) || defined(HKS_SUPPORT_X25519_C) || \
defined(HKS_SUPPORT_AES_C)
#define HKS_SUPPORT_API_IMPORT
#endif
#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || \
defined(HKS_SUPPORT_ED25519_C) || defined(HKS_SUPPORT_X25519_C)
#define HKS_SUPPORT_API_EXPORT
#endif
#define HKS_SUPPORT_API_GENERATE_RANDOM
#if defined(HKS_SUPPORT_ECDSA_C) || defined(HKS_SUPPORT_ED25519_SIGN_VERIFY) || \
defined(HKS_SUPPORT_RSA_SIGN_VERIFY)
#define HKS_SUPPORT_API_SIGN_VERIFY
#endif
#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_RSA_CRYPT)
#define HKS_SUPPORT_API_CIPHER
#endif
#if defined(HKS_SUPPORT_X25519_AGREE_KEY) || defined(HKS_SUPPORT_ECDH_C)
#define HKS_SUPPORT_API_AGREE_KEY
#endif
#ifdef HKS_SUPPORT_KDF_C
#define HKS_SUPPORT_API_DERIVE_KEY
#endif
#if defined(HKS_SUPPORT_HMAC_C) || defined(HKS_SUPPORT_CMAC_C)
#define HKS_SUPPORT_API_MAC
#endif
#ifdef HKS_SUPPORT_HASH_C
#define HKS_SUPPORT_API_HASH
#endif
#ifdef HKS_SUPPORT_BN_C
#define HKS_SUPPORT_API_BN_EXP_MOD
#endif
#ifndef HKS_SUPPORT_LITE_HEAP
#define HKS_SUPPORT_API_GET_KEY_INFO_LIST
#endif
#endif /* HKS_CONFIG_H */

16
frameworks/huks_standard/main/common/include/hks_crypto_hal.h
View File

@ -143,6 +143,12 @@ typedef int32_t (*HmacUpdate)(void *, const struct HksBlob *);
typedef int32_t (*HmacFinal)(void **, const struct HksBlob *, struct HksBlob *);
typedef int32_t (*CmacInit)(void **, const struct HksBlob *, uint32_t);
typedef int32_t (*CmacUpdate)(void *, const struct HksBlob *);
typedef int32_t (*CmacFinal)(void **, const struct HksBlob *, struct HksBlob *);
typedef int32_t (*Hash)(uint32_t, const struct HksBlob *, struct HksBlob *);
typedef int32_t (*HashInit)(void **, uint32_t);
@ -169,6 +175,8 @@ typedef int32_t (*DecryptUpdate)(void *, const struct HksBlob *, struct HksBlob
typedef int32_t (*DecryptFinal)(void **, const struct HksBlob *, struct HksBlob *, struct HksBlob *, const bool);
typedef int32_t (*DecryptFinalDes)(void **, const struct HksBlob *, struct HksBlob *, const bool);
typedef int32_t (*BnExpMod)(struct HksBlob *, const struct HksBlob *,
const struct HksBlob *, const struct HksBlob *);
@ -209,6 +217,14 @@ void HksCryptoHalHmacFreeCtx(void **ctx);
int32_t HksCryptoHalHmac(const struct HksBlob *key, uint32_t digestAlg, const struct HksBlob *msg,
struct HksBlob *mac);
int32_t HksCryptoHalCmacInit(const struct HksBlob *key, uint32_t digestAlg, void **ctx);
int32_t HksCryptoHalCmacUpdate(const struct HksBlob *chunk, void *ctx);
int32_t HksCryptoHalCmacFinal(const struct HksBlob *msg, void **ctx, struct HksBlob *mac);
void HksCryptoHalCmacFreeCtx(void **ctx);
int32_t HksCryptoHalHashInit(uint32_t alg, void **ctx);
int32_t HksCryptoHalHashUpdate(const struct HksBlob *msg, void *ctx);

496
frameworks/huks_standard/main/common/src/hks_base_check.c
View File

@ -116,6 +116,52 @@ static const uint32_t g_aesEcbPadding[] = {
};
#endif
#ifdef HKS_SUPPORT_DES_C
static const uint32_t g_desKeySize[] = {
HKS_DES_KEY_SIZE_64
};
static const uint32_t g_desMacKeySize[] = {
HKS_DES_KEY_SIZE_64
};
static const uint32_t g_desPadding[] = {
HKS_PADDING_NONE
};
static const uint32_t g_desMode[] = {
HKS_MODE_CBC,
HKS_MODE_ECB
};
static const uint32_t g_desCbcPadding[] = {
HKS_PADDING_NONE
};
static const uint32_t g_desEcbPadding[] = {
HKS_PADDING_NONE
};
#endif
#ifdef HKS_SUPPORT_3DES_C
static const uint32_t g_3desKeySize[] = {
HKS_3DES_KEY_SIZE_128,
HKS_3DES_KEY_SIZE_192
};
static const uint32_t g_3desMacKeySize[] = {
HKS_3DES_KEY_SIZE_128,
HKS_3DES_KEY_SIZE_192
};
static const uint32_t g_3desPadding[] = {
HKS_PADDING_NONE
};
static const uint32_t g_3desMode[] = {
HKS_MODE_CBC,
HKS_MODE_ECB
};
static const uint32_t g_3desCbcPadding[] = {
HKS_PADDING_NONE
};
static const uint32_t g_3desEcbPadding[] = {
HKS_PADDING_NONE
};
#endif
#ifdef HKS_SUPPORT_SM4_C
static const uint32_t g_sm4KeySize[] = {
HKS_SM4_KEY_SIZE_128,
@ -228,6 +274,7 @@ static const uint32_t g_hmacDigest[] = {
HKS_DIGEST_SM3
};
#endif
#ifdef HKS_SUPPORT_DSA_C
static const uint32_t g_dsaDigest[] = {
HKS_DIGEST_NONE,
@ -321,6 +368,102 @@ static const struct ExpectParamsValuesChecker g_expectAesParams[] = {
};
#endif
#ifdef HKS_SUPPORT_DES_C
static const struct ParamsValuesChecker g_desParamSet[] = {
{ HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { true, 0, false}, { true, 0, false}, { false, 0, false},
{ true, 0, false} } },
{ HKS_CHECK_TYPE_USE_KEY, { { false, 0, false}, { true, 0, false}, { true, 0, false}, { false, 0, false},
{ true, 0, false} } },
{ HKS_CHECK_TYPE_GEN_MAC_KEY, { { true, 0, false}, { false, 0, false}, { false, 0, false}, { true, 0, false},
{ false, 0, false} } },
{ HKS_CHECK_TYPE_GEN_DERIVE_KEY, { { true, 0, false}, { false, 0, false}, { false, 0, false}, { true, 0, false},
{ false, 0, false} } }
};
static const struct ExpectParamsValuesChecker g_expectDesParams[] = {
{ HKS_CHECK_TYPE_GEN_KEY, {
{ true, g_desKeySize, HKS_ARRAY_SIZE(g_desKeySize) },
{ true, g_desPadding, HKS_ARRAY_SIZE(g_desPadding) },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ true, g_desMode, HKS_ARRAY_SIZE(g_desMode) }
}
},
{ HKS_CHECK_TYPE_USE_KEY, {
{ false, NULL, 0 },
{ true, g_desPadding, HKS_ARRAY_SIZE(g_desPadding) },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ true, g_desMode, HKS_ARRAY_SIZE(g_desMode) }
}
},
{ HKS_CHECK_TYPE_GEN_MAC_KEY, {
{ true, g_desMacKeySize, HKS_ARRAY_SIZE(g_desMacKeySize) },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ true, g_macDigest, HKS_ARRAY_SIZE(g_macDigest) },
{ false, NULL, 0 }
}
},
{ HKS_CHECK_TYPE_GEN_DERIVE_KEY, {
{ true, g_desKeySize, HKS_ARRAY_SIZE(g_desKeySize) },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ true, g_digest, HKS_ARRAY_SIZE(g_digest) },
{ false, NULL, 0 }
}
}
};
#endif
#ifdef HKS_SUPPORT_3DES_C
static const struct ParamsValuesChecker g_3desParamSet[] = {
{ HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { true, 0, false}, { true, 0, false}, { false, 0, false},
{ true, 0, false} } },
{ HKS_CHECK_TYPE_USE_KEY, { { false, 0, false}, { true, 0, false}, { true, 0, false}, { false, 0, false},
{ true, 0, false} } },
{ HKS_CHECK_TYPE_GEN_MAC_KEY, { { true, 0, false}, { false, 0, false}, { false, 0, false}, { true, 0, false},
{ false, 0, false} } },
{ HKS_CHECK_TYPE_GEN_DERIVE_KEY, { { true, 0, false}, { false, 0, false}, { false, 0, false}, { true, 0, false},
{ false, 0, false} } }
};
static const struct ExpectParamsValuesChecker g_expect3DesParams[] = {
{ HKS_CHECK_TYPE_GEN_KEY, {
{ true, g_3desKeySize, HKS_ARRAY_SIZE(g_3desKeySize) },
{ true, g_3desPadding, HKS_ARRAY_SIZE(g_3desPadding) },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ true, g_3desMode, HKS_ARRAY_SIZE(g_3desMode) }
}
},
{ HKS_CHECK_TYPE_USE_KEY, {
{ false, NULL, 0 },
{ true, g_3desPadding, HKS_ARRAY_SIZE(g_3desPadding) },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ true, g_3desMode, HKS_ARRAY_SIZE(g_3desMode) }
}
},
{ HKS_CHECK_TYPE_GEN_MAC_KEY, {
{ true, g_3desMacKeySize, HKS_ARRAY_SIZE(g_3desMacKeySize) },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ true, g_macDigest, HKS_ARRAY_SIZE(g_macDigest) },
{ false, NULL, 0 }
}
},
{ HKS_CHECK_TYPE_GEN_DERIVE_KEY, {
{ true, g_3desKeySize, HKS_ARRAY_SIZE(g_3desKeySize) },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ true, g_digest, HKS_ARRAY_SIZE(g_digest) },
{ false, NULL, 0 }
}
}
};
#endif
#ifdef HKS_SUPPORT_ECC_C
static const struct ParamsValuesChecker g_eccParamSet[] = {
{ HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
@ -503,6 +646,43 @@ static const struct ExpectParamsValuesChecker g_expectHmacParams[] = {
};
#endif
#ifdef HKS_SUPPORT_CMAC_C
static const struct ParamsValuesChecker g_cmacParamSet[] = {
{ HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
{ false, 0, false} } },
{ HKS_CHECK_TYPE_USE_KEY, { { false, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
{ false, 0, false} } },
{ HKS_CHECK_TYPE_GEN_MAC_KEY, { { true, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
{ false, 0, false} } }
};
static const struct ExpectParamsValuesChecker g_expectCmacParams[] = {
{ HKS_CHECK_TYPE_GEN_KEY, {
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 }
}
},
{ HKS_CHECK_TYPE_USE_KEY, {
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 }
}
},
{ HKS_CHECK_TYPE_GEN_MAC_KEY, {
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 },
{ false, NULL, 0 }
}
}
};
#endif
#ifdef HKS_SUPPORT_DSA_C
static const struct ParamsValuesChecker g_dsaParamSet[] = {
{ HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
@ -627,6 +807,20 @@ static const uint32_t g_invalidPurpose[][2] = {
HKS_KEY_PURPOSE_UNWRAP,
},
#endif
#ifdef HKS_SUPPORT_DES_C
{
HKS_ALG_DES,
HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY | HKS_KEY_PURPOSE_AGREE | HKS_KEY_PURPOSE_WRAP |
HKS_KEY_PURPOSE_UNWRAP,
},
#endif
#ifdef HKS_SUPPORT_3DES_C
{
HKS_ALG_3DES,
HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY | HKS_KEY_PURPOSE_AGREE | HKS_KEY_PURPOSE_WRAP |
HKS_KEY_PURPOSE_UNWRAP,
},
#endif
#ifdef HKS_SUPPORT_ED25519_C
{
HKS_ALG_ED25519,
@ -648,6 +842,13 @@ static const uint32_t g_invalidPurpose[][2] = {
HKS_KEY_PURPOSE_UNWRAP | HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT | HKS_KEY_PURPOSE_AGREE,
},
#endif
#ifdef HKS_SUPPORT_CMAC_C
{
HKS_ALG_CMAC,
HKS_KEY_PURPOSE_DERIVE | HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY | HKS_KEY_PURPOSE_WRAP |
HKS_KEY_PURPOSE_UNWRAP | HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT | HKS_KEY_PURPOSE_AGREE,
},
#endif
#ifdef HKS_SUPPORT_DSA_C
{
HKS_ALG_DSA,
@ -758,6 +959,46 @@ static const struct KeyInfoParams g_validAesKeyInfo[] = {
};
#endif
#ifdef HKS_SUPPORT_DES_C
static const uint32_t g_supportDesPurpose[] = {
HKS_KEY_PURPOSE_ENCRYPT,
HKS_KEY_PURPOSE_DECRYPT,
HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT,
HKS_KEY_PURPOSE_DERIVE,
HKS_KEY_PURPOSE_MAC
};
static const uint32_t g_supportDesCipherMode[] = {
HKS_MODE_CBC,
HKS_MODE_ECB
};
static const struct KeyInfoParams g_validDesKeyInfo[] = {
{ true, HKS_TAG_PURPOSE, g_supportDesPurpose, HKS_ARRAY_SIZE(g_supportDesPurpose) },
{ true, HKS_TAG_BLOCK_MODE, g_supportDesCipherMode, HKS_ARRAY_SIZE(g_supportDesCipherMode) }
};
#endif
#ifdef HKS_SUPPORT_3DES_C
static const uint32_t g_support3DesPurpose[] = {
HKS_KEY_PURPOSE_ENCRYPT,
HKS_KEY_PURPOSE_DECRYPT,
HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT,
HKS_KEY_PURPOSE_DERIVE,
HKS_KEY_PURPOSE_MAC
};
static const uint32_t g_support3DesCipherMode[] = {
HKS_MODE_CBC,
HKS_MODE_ECB
};
static const struct KeyInfoParams g_valid3DesKeyInfo[] = {
{ true, HKS_TAG_PURPOSE, g_support3DesPurpose, HKS_ARRAY_SIZE(g_support3DesPurpose) },
{ true, HKS_TAG_BLOCK_MODE, g_support3DesCipherMode, HKS_ARRAY_SIZE(g_support3DesCipherMode) }
};
#endif
#ifdef HKS_SUPPORT_SM4_C
static const uint32_t g_supportSm4Purpose[] = {
HKS_KEY_PURPOSE_ENCRYPT,
@ -779,6 +1020,12 @@ static const struct AuthAcceessKeyInfoChecker g_validKeyInfo[] = {
#ifdef HKS_SUPPORT_AES_C
{ HKS_ALG_AES, g_validAesKeyInfo, HKS_ARRAY_SIZE(g_validAesKeyInfo) },
#endif
#ifdef HKS_SUPPORT_DES_C
{ HKS_ALG_DES, g_validDesKeyInfo, HKS_ARRAY_SIZE(g_validDesKeyInfo) },
#endif
#ifdef HKS_SUPPORT_3DES_C
{ HKS_ALG_3DES, g_valid3DesKeyInfo, HKS_ARRAY_SIZE(g_valid3DesKeyInfo) },
#endif
#ifdef HKS_SUPPORT_SM4_C
{ HKS_ALG_SM4, g_validSm4KeyInfo, HKS_ARRAY_SIZE(g_validSm4KeyInfo) }
#endif
@ -959,6 +1206,35 @@ static int32_t InitInputParams(enum CheckKeyType checkType, struct ParamsValues
return HKS_ERROR_NOT_SUPPORTED;
}
static int32_t InitInputParamsByAlgOne(uint32_t alg, enum CheckKeyType checkType, struct ParamsValues *inputParams)
{
switch (alg) {
#ifdef HKS_SUPPORT_HMAC_C
case HKS_ALG_HMAC:
return InitInputParams(checkType, inputParams, g_hmacParamSet, HKS_ARRAY_SIZE(g_hmacParamSet));
#endif
#ifdef HKS_SUPPORT_CMAC_C
case HKS_ALG_CMAC:
return InitInputParams(checkType, inputParams, g_cmacParamSet, HKS_ARRAY_SIZE(g_cmacParamSet));
#endif
#ifdef HKS_SUPPORT_DSA_C
case HKS_ALG_DSA:
return InitInputParams(checkType, inputParams, g_dsaParamSet, HKS_ARRAY_SIZE(g_dsaParamSet));
#endif
#ifdef HKS_SUPPORT_DH_C
case HKS_ALG_DH:
return InitInputParams(checkType, inputParams, g_dhParamSet, HKS_ARRAY_SIZE(g_dhParamSet));
#endif
#ifdef HKS_SUPPORT_ECDH_C
case HKS_ALG_ECDH:
return InitInputParams(checkType, inputParams, g_ecdhParamSet, HKS_ARRAY_SIZE(g_ecdhParamSet));
#endif
default:
return HKS_ERROR_INVALID_ALGORITHM;
}
}
static int32_t InitInputParamsByAlg(uint32_t alg, enum CheckKeyType checkType, struct ParamsValues *inputParams)
{
switch (alg) {
@ -966,8 +1242,18 @@ static int32_t InitInputParamsByAlg(uint32_t alg, enum CheckKeyType checkType, s
case HKS_ALG_RSA:
return InitInputParams(checkType, inputParams, g_rsaParamSet, HKS_ARRAY_SIZE(g_rsaParamSet));
#endif
#ifdef HKS_SUPPORT_AES_C
case HKS_ALG_AES:
return InitInputParams(checkType, inputParams, g_aesParamSet, HKS_ARRAY_SIZE(g_aesParamSet));
#endif
#ifdef HKS_SUPPORT_DES_C
case HKS_ALG_DES:
return InitInputParams(checkType, inputParams, g_desParamSet, HKS_ARRAY_SIZE(g_desParamSet));
#endif
#ifdef HKS_SUPPORT_3DES_C
case HKS_ALG_3DES:
return InitInputParams(checkType, inputParams, g_3desParamSet, HKS_ARRAY_SIZE(g_3desParamSet));
#endif
#ifdef HKS_SUPPORT_ECC_C
case HKS_ALG_ECC:
return InitInputParams(checkType, inputParams, g_eccParamSet, HKS_ARRAY_SIZE(g_eccParamSet));
@ -988,25 +1274,9 @@ static int32_t InitInputParamsByAlg(uint32_t alg, enum CheckKeyType checkType, s
case HKS_ALG_X25519:
case HKS_ALG_ED25519:
return InitInputParams(checkType, inputParams, g_curve25519ParamSet, HKS_ARRAY_SIZE(g_curve25519ParamSet));
#endif
#ifdef HKS_SUPPORT_HMAC_C
case HKS_ALG_HMAC:
return InitInputParams(checkType, inputParams, g_hmacParamSet, HKS_ARRAY_SIZE(g_hmacParamSet));
#endif
#ifdef HKS_SUPPORT_DSA_C
case HKS_ALG_DSA:
return InitInputParams(checkType, inputParams, g_dsaParamSet, HKS_ARRAY_SIZE(g_dsaParamSet));
#endif
#ifdef HKS_SUPPORT_DH_C
case HKS_ALG_DH:
return InitInputParams(checkType, inputParams, g_dhParamSet, HKS_ARRAY_SIZE(g_dhParamSet));
#endif
#ifdef HKS_SUPPORT_ECDH_C
case HKS_ALG_ECDH:
return InitInputParams(checkType, inputParams, g_ecdhParamSet, HKS_ARRAY_SIZE(g_ecdhParamSet));
#endif
default:
return HKS_ERROR_INVALID_ALGORITHM;
return InitInputParamsByAlgOne(alg, checkType, inputParams);
}
}
@ -1023,6 +1293,34 @@ static int32_t InitExpectParams(enum CheckKeyType checkType, struct ExpectParams
return HKS_ERROR_NOT_SUPPORTED;
}
static int32_t GetExpectParamsByAlg(uint32_t alg, enum CheckKeyType checkType, struct ExpectParamsValues *expectValues)
{
switch (alg) {
#ifdef HKS_SUPPORT_HMAC_C
case HKS_ALG_HMAC:
return InitExpectParams(checkType, expectValues, g_expectHmacParams, HKS_ARRAY_SIZE(g_expectHmacParams));
#endif
#ifdef HKS_SUPPORT_CMAC_C
case HKS_ALG_CMAC:
return InitExpectParams(checkType, expectValues, g_expectCmacParams, HKS_ARRAY_SIZE(g_expectCmacParams));
#endif
#ifdef HKS_SUPPORT_DSA_C
case HKS_ALG_DSA:
return InitExpectParams(checkType, expectValues, g_expectDsaParams, HKS_ARRAY_SIZE(g_expectDsaParams));
#endif
#ifdef HKS_SUPPORT_DH_C
case HKS_ALG_DH:
return InitExpectParams(checkType, expectValues, g_expectDhParams, HKS_ARRAY_SIZE(g_expectDhParams));
#endif
#ifdef HKS_SUPPORT_ECDH_C
case HKS_ALG_ECDH:
return InitExpectParams(checkType, expectValues, g_expectEcdhParams, HKS_ARRAY_SIZE(g_expectEcdhParams));
#endif
default:
return HKS_ERROR_INVALID_ALGORITHM;
}
}
static int32_t GetExpectParams(uint32_t alg, enum CheckKeyType checkType, struct ExpectParamsValues *expectValues)
{
switch (alg) {
@ -1030,8 +1328,18 @@ static int32_t GetExpectParams(uint32_t alg, enum CheckKeyType checkType, struct
case HKS_ALG_RSA:
return InitExpectParams(checkType, expectValues, g_expectRsaParams, HKS_ARRAY_SIZE(g_expectRsaParams));
#endif
#ifdef HKS_SUPPORT_AES_C
case HKS_ALG_AES:
return InitExpectParams(checkType, expectValues, g_expectAesParams, HKS_ARRAY_SIZE(g_expectAesParams));
#endif
#ifdef HKS_SUPPORT_DES_C
case HKS_ALG_DES:
return InitExpectParams(checkType, expectValues, g_expectDesParams, HKS_ARRAY_SIZE(g_expectDesParams));
#endif
#ifdef HKS_SUPPORT_3DES_C
case HKS_ALG_3DES:
return InitExpectParams(checkType, expectValues, g_expect3DesParams, HKS_ARRAY_SIZE(g_expect3DesParams));
#endif
#ifdef HKS_SUPPORT_ECC_C
case HKS_ALG_ECC:
return InitExpectParams(checkType, expectValues, g_expectEccParams, HKS_ARRAY_SIZE(g_expectEccParams));
@ -1053,25 +1361,9 @@ static int32_t GetExpectParams(uint32_t alg, enum CheckKeyType checkType, struct
case HKS_ALG_ED25519:
return InitExpectParams(checkType, expectValues, g_expectCurve25519Params,
HKS_ARRAY_SIZE(g_expectCurve25519Params));
#endif
#ifdef HKS_SUPPORT_HMAC_C
case HKS_ALG_HMAC:
return InitExpectParams(checkType, expectValues, g_expectHmacParams, HKS_ARRAY_SIZE(g_expectHmacParams));
#endif
#ifdef HKS_SUPPORT_DSA_C
case HKS_ALG_DSA:
return InitExpectParams(checkType, expectValues, g_expectDsaParams, HKS_ARRAY_SIZE(g_expectDsaParams));
#endif
#ifdef HKS_SUPPORT_DH_C
case HKS_ALG_DH:
return InitExpectParams(checkType, expectValues, g_expectDhParams, HKS_ARRAY_SIZE(g_expectDhParams));
#endif
#ifdef HKS_SUPPORT_ECDH_C
case HKS_ALG_ECDH:
return InitExpectParams(checkType, expectValues, g_expectEcdhParams, HKS_ARRAY_SIZE(g_expectEcdhParams));
#endif
default:
return HKS_ERROR_INVALID_ALGORITHM;
return GetExpectParamsByAlg(alg, checkType, expectValues);
}
}
@ -1266,7 +1558,8 @@ static int32_t CheckRsaCipherData(uint32_t cmdId, const struct ParamsValues *inp
static int32_t CheckAesAeCipherData(uint32_t cmdId, const struct HksBlob *inData, const struct HksBlob *outData);
#endif
#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_SM4_C)
#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DES_C) || defined(HKS_SUPPORT_3DES_C) || \
defined(HKS_SUPPORT_SM4_C)
static int32_t CheckBlockCbcCipherData(uint32_t mode, uint32_t cmdId, uint32_t padding,
const struct HksBlob *inData, const struct HksBlob *outData)
{
@ -1335,6 +1628,24 @@ static int32_t CheckBlockCipherData(uint32_t cmdId, const struct ParamsValues *i
}
#endif
#if defined(HKS_SUPPORT_DES_C)
if (alg == HKS_ALG_DES) {
if (mode == HKS_MODE_CBC || mode == HKS_MODE_ECB) {
uint32_t padding = inputParams->padding.value;
return CheckBlockCbcCipherData(mode, cmdId, padding, inData, outData);
}
}
#endif
#if defined(HKS_SUPPORT_3DES_C)
if (alg == HKS_ALG_3DES) {
if (mode == HKS_MODE_CBC || mode == HKS_MODE_ECB) {
uint32_t padding = inputParams->padding.value;
return CheckBlockCbcCipherData(mode, cmdId, padding, inData, outData);
}
}
#endif
#if defined(HKS_SUPPORT_SM4_C)
if (alg == HKS_ALG_SM4) {
for (uint32_t i = 0; i < HKS_ARRAY_SIZE(g_sm4Mode); i++) {
@ -1362,7 +1673,8 @@ static int32_t CheckBlockCipherIvMaterial(const struct HksParamSet *paramSet)
return ret;
}
#endif // defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_SM4_C)
#endif // defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DES_C) || defined(HKS_SUPPORT_3DES_C)
// || defined(HKS_SUPPORT_SM4_C)
#ifdef HKS_SUPPORT_AES_C
static int32_t CheckAesPadding(const struct ParamsValues *inputParams)
@ -1485,6 +1797,46 @@ static int32_t CheckCipherAeMaterial(uint32_t mode, const struct HksParamSet *pa
}
#endif
#ifdef HKS_SUPPORT_DES_C
static int32_t CheckDesPadding(const struct ParamsValues *inputParams)
{
if ((inputParams->mode.isAbsent) || (inputParams->padding.isAbsent)) {
return HKS_SUCCESS;
}
uint32_t mode = inputParams->mode.value;
uint32_t padding = inputParams->padding.value;
if (mode == HKS_MODE_CBC) {
return HksCheckValue(padding, g_desCbcPadding, HKS_ARRAY_SIZE(g_desCbcPadding));
}
if (mode == HKS_MODE_ECB) {
return HksCheckValue(padding, g_desEcbPadding, HKS_ARRAY_SIZE(g_desEcbPadding));
}
return HKS_SUCCESS;
}
#endif
#ifdef HKS_SUPPORT_3DES_C
static int32_t Check3DesPadding(const struct ParamsValues *inputParams)
{
if ((inputParams->mode.isAbsent) || (inputParams->padding.isAbsent)) {
return HKS_SUCCESS;
}
uint32_t mode = inputParams->mode.value;
uint32_t padding = inputParams->padding.value;
if (mode == HKS_MODE_CBC) {
return HksCheckValue(padding, g_3desCbcPadding, HKS_ARRAY_SIZE(g_3desCbcPadding));
}
if (mode == HKS_MODE_ECB) {
return HksCheckValue(padding, g_3desEcbPadding, HKS_ARRAY_SIZE(g_3desEcbPadding));
}
return HKS_SUCCESS;
}
#endif
#ifdef HKS_SUPPORT_SM4_C
static int32_t CheckSm4Padding(const struct ParamsValues *inputParams)
{
@ -1648,7 +2000,8 @@ int32_t HksCheckOptionalParam(uint32_t tag, uint32_t alg, uint32_t purpose, bool
{
enum CheckKeyType checkType = HKS_CHECK_TYPE_GEN_KEY;
if (((purpose & HKS_KEY_PURPOSE_DERIVE) != 0) || ((purpose & HKS_KEY_PURPOSE_MAC) != 0)) {
if (alg != HKS_ALG_AES && alg != HKS_ALG_HMAC && alg != HKS_ALG_SM3) {
if ((alg != HKS_ALG_AES) && (alg != HKS_ALG_DES) && (alg != HKS_ALG_3DES) &&
(alg != HKS_ALG_HMAC) && (alg != HKS_ALG_CMAC) && (alg != HKS_ALG_SM3)) {
HKS_LOG_E("check mac or derive, not aes alg, alg: %u", alg);
return HKS_ERROR_INVALID_PURPOSE;
}
@ -1735,6 +2088,20 @@ int32_t HksCheckGenKeyMutableParams(uint32_t alg, const struct ParamsValues *inp
"Check padding not expected, padding = %" LOG_PUBLIC "u", inputParams->padding.value);
break;
#endif
#ifdef HKS_SUPPORT_DES_C
case HKS_ALG_DES:
ret = CheckDesPadding(inputParams);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_PADDING,
"Check padding not expected, padding = %" LOG_PUBLIC "u", inputParams->padding.value);
break;
#endif
#ifdef HKS_SUPPORT_3DES_C
case HKS_ALG_3DES:
ret = Check3DesPadding(inputParams);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_PADDING,
"Check padding not expected, padding = %" LOG_PUBLIC "u", inputParams->padding.value);
break;
#endif
#ifdef HKS_SUPPORT_SM4_C
case HKS_ALG_SM4:
ret = CheckSm4Padding(inputParams);
@ -1872,6 +2239,29 @@ int32_t HksCheckSignVerifyMutableParams(uint32_t cmdId, uint32_t alg, const stru
}
#endif /* _CUT_AUTHENTICATE_ */
#if defined(HKS_SUPPORT_DES_C) || defined(HKS_SUPPORT_3DES_C)
static int32_t HksCheckCipherMutableParamsByAlg(uint32_t alg, const struct ParamsValues *inputParams)
{
int32_t ret = HKS_ERROR_INVALID_PADDING;
switch (alg) {
#ifdef HKS_SUPPORT_DES_C
case HKS_ALG_DES:
ret = CheckDesPadding(inputParams);
break;
#endif
#ifdef HKS_SUPPORT_3DES_C
case HKS_ALG_3DES:
ret = Check3DesPadding(inputParams);
break;
#endif
default:
return HKS_ERROR_INVALID_ALGORITHM;
}
return ret;
}
#endif
int32_t HksCheckCipherMutableParams(uint32_t cmdId, uint32_t alg, const struct ParamsValues *inputParams)
{
switch (cmdId) {
@ -1912,7 +2302,13 @@ int32_t HksCheckCipherMutableParams(uint32_t cmdId, uint32_t alg, const struct P
break;
#endif
default:
return HKS_ERROR_INVALID_ALGORITHM;
#if defined(HKS_SUPPORT_DES_C) || defined(HKS_SUPPORT_3DES_C)
ret = HksCheckCipherMutableParamsByAlg(alg, inputParams);
if (ret == HKS_ERROR_INVALID_ALGORITHM) {
return HKS_ERROR_INVALID_ALGORITHM;
}
#endif
break;
}
HKS_IF_NOT_SUCC_RETURN(ret, HKS_ERROR_INVALID_PADDING)
return ret;
@ -1930,6 +2326,14 @@ int32_t HksCheckCipherData(uint32_t cmdId, uint32_t alg, const struct ParamsValu
case HKS_ALG_AES:
return CheckBlockCipherData(cmdId, inputParams, inData, outData, HKS_ALG_AES);
#endif
#ifdef HKS_SUPPORT_DES_C
case HKS_ALG_DES:
return CheckBlockCipherData(cmdId, inputParams, inData, outData, HKS_ALG_DES);
#endif
#ifdef HKS_SUPPORT_3DES_C
case HKS_ALG_3DES:
return CheckBlockCipherData(cmdId, inputParams, inData, outData, HKS_ALG_3DES);
#endif
#ifdef HKS_SUPPORT_SM4_C
case HKS_ALG_SM4:
return CheckBlockCipherData(cmdId, inputParams, inData, outData, HKS_ALG_SM4);
@ -1956,6 +2360,22 @@ int32_t HksCheckCipherMaterialParams(uint32_t alg, const struct ParamsValues *in
}
}
#endif
#ifdef HKS_SUPPORT_DES_C
if (alg == HKS_ALG_DES) {
uint32_t mode = inputParams->mode.value;
if (mode == HKS_MODE_CBC) {
return CheckBlockCipherIvMaterial(paramSet);
}
}
#endif
#ifdef HKS_SUPPORT_3DES_C
if (alg == HKS_ALG_3DES) {
uint32_t mode = inputParams->mode.value;
if (mode == HKS_MODE_CBC) {
return CheckBlockCipherIvMaterial(paramSet);
}
}
#endif
#ifdef HKS_SUPPORT_SM4_C
if (alg == HKS_ALG_SM4) {
uint32_t mode = inputParams->mode.value;

68
frameworks/huks_standard/main/common/src/hks_check_paramset.c
View File

@ -56,12 +56,21 @@ static uint32_t g_genKeyAlg[] = {
#ifdef HKS_SUPPORT_AES_C
HKS_ALG_AES,
#endif
#ifdef HKS_SUPPORT_DES_C
HKS_ALG_DES,
#endif
#ifdef HKS_SUPPORT_3DES_C
HKS_ALG_3DES,
#endif
#ifdef HKS_SUPPORT_ECC_C
HKS_ALG_ECC,
#endif
#ifdef HKS_SUPPORT_HMAC_C
HKS_ALG_HMAC,
#endif
#ifdef HKS_SUPPORT_CMAC_C
HKS_ALG_CMAC,
#endif
#ifdef HKS_SUPPORT_ED25519_C
HKS_ALG_ED25519,
#endif
@ -95,6 +104,12 @@ static uint32_t g_importKeyAlg[] = {
#ifdef HKS_SUPPORT_AES_C
HKS_ALG_AES,
#endif
#ifdef HKS_SUPPORT_DES_C
HKS_ALG_DES,
#endif
#ifdef HKS_SUPPORT_3DES_C
HKS_ALG_3DES,
#endif
#ifdef HKS_SUPPORT_ECC_C
HKS_ALG_ECC,
#endif
@ -113,6 +128,9 @@ static uint32_t g_importKeyAlg[] = {
#ifdef HKS_SUPPORT_HMAC_C
HKS_ALG_HMAC,
#endif
#ifdef HKS_SUPPORT_CMAC_C
HKS_ALG_CMAC,
#endif
#ifdef HKS_SUPPORT_SM2_C
HKS_ALG_SM2,
#endif
@ -131,6 +149,12 @@ static uint32_t g_cipherAlg[] = {
#ifdef HKS_SUPPORT_AES_C
HKS_ALG_AES,
#endif
#ifdef HKS_SUPPORT_DES_C
HKS_ALG_DES,
#endif
#ifdef HKS_SUPPORT_3DES_C
HKS_ALG_3DES,
#endif
#ifdef HKS_SUPPORT_SM2_C
HKS_ALG_SM2,
#endif
@ -237,6 +261,17 @@ static uint32_t g_aesKeySizeLocal[] = {
HKS_AES_KEY_SIZE_256,
};
#endif
#ifdef HKS_SUPPORT_DES_C
static uint32_t g_desKeySizeLocal[] = {
HKS_DES_KEY_SIZE_64
};
#endif
#ifdef HKS_SUPPORT_3DES_C
static uint32_t g_3desKeySizeLocal[] = {
HKS_3DES_KEY_SIZE_128,
HKS_3DES_KEY_SIZE_192
};
#endif
#ifdef HKS_SUPPORT_RSA_C
static uint32_t g_rsaKeySizeLocal[] = {
HKS_RSA_KEY_SIZE_512,
@ -252,6 +287,12 @@ static uint32_t g_cipherAlgLocal[] = {
#ifdef HKS_SUPPORT_AES_C
HKS_ALG_AES,
#endif
#ifdef HKS_SUPPORT_DES_C
HKS_ALG_DES,
#endif
#ifdef HKS_SUPPORT_3DES_C
HKS_ALG_3DES,
#endif
#ifdef HKS_SUPPORT_RSA_C
HKS_ALG_RSA,
#endif
@ -261,9 +302,18 @@ static uint32_t g_symmetricAlgorithm[] = {
#ifdef HKS_SUPPORT_AES_C
HKS_ALG_AES,
#endif
#ifdef HKS_SUPPORT_DES_C
HKS_ALG_DES,
#endif
#ifdef HKS_SUPPORT_3DES_C
HKS_ALG_3DES,
#endif
#ifdef HKS_SUPPORT_HMAC_C
HKS_ALG_HMAC,
#endif
#ifdef HKS_SUPPORT_CMAC_C
HKS_ALG_CMAC,
#endif
#ifdef HKS_SUPPORT_SM3_C
HKS_ALG_SM3,
#endif
@ -325,7 +375,8 @@ static int32_t CheckGenKeyMacDeriveParams(
uint32_t alg, uint32_t inputPurpose, const struct HksParamSet *paramSet, struct ParamsValues *params,
uint32_t keyFlag)
{
if (alg != HKS_ALG_AES && alg != HKS_ALG_HMAC && alg != HKS_ALG_SM3 && alg != HKS_ALG_SM4) {
if (alg != HKS_ALG_AES && alg != HKS_ALG_DES && alg != HKS_ALG_3DES && alg != HKS_ALG_HMAC &&
alg != HKS_ALG_CMAC && alg != HKS_ALG_SM3 && alg != HKS_ALG_SM4) {
HKS_LOG_E("check mac or derive, not valid alg, alg: %" LOG_PUBLIC "u", alg);
return HKS_ERROR_INVALID_PURPOSE;
}
@ -768,7 +819,8 @@ int32_t HksCoreCheckImportKeyParams(const struct HksBlob *keyAlias, const struct
ret = CheckAndGetAlgorithm(paramSet, g_importKeyAlg, HKS_ARRAY_SIZE(g_importKeyAlg), &alg);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "import key check and get alg failed")
if ((alg == HKS_ALG_AES) || (alg == HKS_ALG_SM3) || (alg == HKS_ALG_SM4) || (alg == HKS_ALG_HMAC)) {
if ((alg == HKS_ALG_AES) || (alg == HKS_ALG_DES) || (alg == HKS_ALG_3DES) || (alg == HKS_ALG_SM3) ||
(alg == HKS_ALG_SM4) || (alg == HKS_ALG_HMAC) || (alg == HKS_ALG_CMAC)) {
return CheckImportSymmetricKeySize(&params, key);
}
@ -984,6 +1036,18 @@ int32_t HksLocalCheckCipherParams(uint32_t cmdId, uint32_t keySize, const struct
ret = HksCheckValue(keySize, g_aesKeySizeLocal, HKS_ARRAY_SIZE(g_aesKeySizeLocal));
#else
ret = HKS_ERROR_NOT_SUPPORTED;
#endif
} else if (alg == HKS_ALG_DES) {
#ifdef HKS_SUPPORT_DES_C
ret = HksCheckValue(keySize, g_desKeySizeLocal, HKS_ARRAY_SIZE(g_desKeySizeLocal));
#else
ret = HKS_ERROR_NOT_SUPPORTED;
#endif
} else if (alg == HKS_ALG_3DES) {
#ifdef HKS_SUPPORT_3DES_C
ret = HksCheckValue(keySize, g_3desKeySizeLocal, HKS_ARRAY_SIZE(g_3desKeySizeLocal));
#else
ret = HKS_ERROR_NOT_SUPPORTED;
#endif
} else if (alg == HKS_ALG_RSA) {
#ifdef HKS_SUPPORT_RSA_C

20
frameworks/huks_standard/main/common/src/hks_crypto_adapter.c
View File

@ -183,6 +183,22 @@ static bool HksIsAlgorithmSm4(const struct HksParamSet *paramSet)
return (algParam->uint32Param == HKS_ALG_SM4);
}
static bool HksIsAlgorithm3DES(const struct HksParamSet *paramSet)
{
struct HksParam *algParam = NULL;
int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check 3DES get alg param failed!")
return (algParam->uint32Param == HKS_ALG_3DES);
}
static bool HksIsAlgorithmDES(const struct HksParamSet *paramSet)
{
struct HksParam *algParam = NULL;
int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check DES get alg param failed!")
return (algParam->uint32Param == HKS_ALG_DES);
}
int32_t HksBuildCipherUsageSpec(
const struct HksParamSet *paramSet, bool isEncrypt, struct HksBlob *inputText, struct HksUsageSpec **outUsageSpec)
{
@ -202,6 +218,10 @@ int32_t HksBuildCipherUsageSpec(
if (HksIsAlgorithmSm4(paramSet)) { // is sm4
ret = HksFillIvParam(paramSet, usageSpec);
} else if (HksIsAlgorithm3DES(paramSet)) { // is 3des
ret = HksFillIvParam(paramSet, usageSpec);
} else if (HksIsAlgorithmDES(paramSet)) { // is des
ret = HksFillIvParam(paramSet, usageSpec);
} else if (!isAes) { // not sm4, not aes
*outUsageSpec = usageSpec;
return HKS_SUCCESS;

53
frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_3des.h Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HKS_MBEDTLS_3DES_H
#define HKS_MBEDTLS_3DES_H
#ifdef HKS_CONFIG_FILE
#include HKS_CONFIG_FILE
#else
#include "hks_config.h"
#endif
#include "hks_crypto_hal.h"
#include "hks_type_inner.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifdef HKS_SUPPORT_3DES_C
#ifdef HKS_SUPPORT_3DES_GENERATE_KEY
int32_t HksMbedtls3DesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key);
#endif /* HKS_SUPPORT_3DES_GENERATE_KEY */
int32_t HksMbedtls3DesCryptoInit(
void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt);
int32_t HksMbedtls3DesCryptoUpdate(
void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt);
int32_t HksMbedtls3DesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
const bool encrypt);
void HksMbedtls3DesHalFreeCtx(void **cryptoCtx);
#endif /* HKS_SUPPORT_3DES_C */
#ifdef __cplusplus
}
#endif
#endif /* HKS_MBEDTLS_3DES_H */

53
frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_des.h Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HKS_MBEDTLS_DES_H
#define HKS_MBEDTLS_DES_H
#ifdef HKS_CONFIG_FILE
#include HKS_CONFIG_FILE
#else
#include "hks_config.h"
#endif
#include "hks_crypto_hal.h"
#include "hks_type_inner.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifdef HKS_SUPPORT_DES_C
#ifdef HKS_SUPPORT_DES_GENERATE_KEY
int32_t HksMbedtlsDesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key);
#endif /* HKS_SUPPORT_DES_GENERATE_KEY */
int32_t HksMbedtlsDesCryptoInit(
void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt);
int32_t HksMbedtlsDesCryptoUpdate(
void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt);
int32_t HksMbedtlsDesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
const bool encrypt);
void HksMbedtlsDesHalFreeCtx(void **cryptoCtx);
#endif /* HKS_SUPPORT_DES_C */
#ifdef __cplusplus
}
#endif
#endif /* HKS_MBEDTLS_DES_H */

740
frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_3des.c Normal file
View File

@ -0,0 +1,740 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifdef HKS_CONFIG_FILE
#include HKS_CONFIG_FILE
#else
#include "hks_config.h"
#endif
#ifdef HKS_SUPPORT_3DES_C
#include "hks_mbedtls_3des.h"
#include <mbedtls/des.h>
#include <mbedtls/ccm.h>
#include <mbedtls/cipher.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
#include <mbedtls/gcm.h>
#include "hks_log.h"
#include "hks_mbedtls_common.h"
#include "hks_mem.h"
#include "hks_template.h"
#define HKS_3DES_CBC_NOPADDING_IV_SIZE 8
#define HKS_3DES_CBC_DATA_BLOB_SIZE 8
struct HksMbedtls3DesCtx {
uint32_t algType;
uint32_t mode;
uint32_t padding;
uint8_t *append;
uint8_t iv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
} HksMbedtls3DesCtx;
static int32_t CheckKeySize(const struct HksBlob *key)
{
if ((key->size != HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) && (key->size != HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192))) {
return HKS_ERROR_INVALID_KEY_SIZE;
}
return HKS_SUCCESS;
}
#ifdef HKS_SUPPORT_3DES_GENERATE_KEY
int32_t HksMbedtls3DesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
{
if ((spec->keyLen != HKS_3DES_KEY_SIZE_128) && (spec->keyLen != HKS_3DES_KEY_SIZE_192)) {
return HKS_ERROR_INVALID_KEY_SIZE;
}
const uint32_t keyByteLen = spec->keyLen / HKS_BITS_PER_BYTE;
uint8_t *outKey = (uint8_t *)HksMalloc(keyByteLen);
HKS_IF_NULL_RETURN(outKey, HKS_ERROR_MALLOC_FAIL)
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctrDrbg;
(void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
(void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
if (ret != HKS_SUCCESS) {
HKS_FREE(outKey);
return ret;
}
do {
ret = mbedtls_ctr_drbg_random(&ctrDrbg, outKey, keyByteLen);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls ctr drbg random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
(void)memset_s(outKey, keyByteLen, 0, keyByteLen);
HKS_FREE(outKey);
ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
break;
}
key->data = outKey;
key->size = keyByteLen;
} while (0);
mbedtls_ctr_drbg_free(&ctrDrbg);
mbedtls_entropy_free(&entropy);
return ret;
}
#endif /* HKS_SUPPORT_3DES_GENERATE_KEY */
#ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
static int32_t Des3CbcNoPaddingCryptSetKey(const struct HksBlob *key, mbedtls_des3_context *ctx, const bool encrypt)
{
int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
if (encrypt) {
if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
ret = mbedtls_des3_set2key_enc(ctx, key->data);
} else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
ret = mbedtls_des3_set3key_enc(ctx, key->data);
}
} else {
if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
ret = mbedtls_des3_set2key_dec(ctx, key->data);
} else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
ret = mbedtls_des3_set3key_dec(ctx, key->data);
}
}
return ret;
}
static int32_t Des3CbcNoPaddingCryptInit(
void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
{
mbedtls_des3_context *ctx = (mbedtls_des3_context *)HksMalloc(sizeof(mbedtls_des3_context));
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_MALLOC_FAIL, "initialize ctx fail")
mbedtls_des3_init(ctx);
int32_t ret = Des3CbcNoPaddingCryptSetKey(key, ctx, encrypt);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls 3des set key failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
mbedtls_des3_free(ctx);
HKS_FREE(ctx);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
struct HksMbedtls3DesCtx *outCtx = (struct HksMbedtls3DesCtx *)HksMalloc(sizeof(struct HksMbedtls3DesCtx));
if (outCtx == NULL) {
HKS_LOG_E("initialize outCtx fail");
mbedtls_des3_free(ctx);
HKS_FREE(ctx);
return HKS_ERROR_MALLOC_FAIL;
}
outCtx->append = (void *)ctx;
outCtx->mode = usageSpec->mode;
outCtx->padding = usageSpec->padding;
struct HksCipherParam *iv = (struct HksCipherParam *)(usageSpec->algParam);
(void)memcpy_s(outCtx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE, iv->iv.data, HKS_3DES_CBC_NOPADDING_IV_SIZE);
*cryptoCtx = (void *)outCtx;
return ret;
}
static int32_t Des3CbcNoPaddingCryptUpdate(
void *cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
{
struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)cryptoCtx;
HKS_IF_NULL_RETURN(des3Ctx, HKS_ERROR_NULL_POINTER)
mbedtls_des3_context *cbcNoPaddingCtx = (mbedtls_des3_context *)des3Ctx->append;
HKS_IF_NULL_RETURN(cbcNoPaddingCtx, HKS_ERROR_NULL_POINTER)
int32_t ret;
do {
if (message->size % HKS_3DES_CBC_DATA_BLOB_SIZE != 0) {
HKS_LOG_E("Des3CbcNoPaddingCryptUpdate data size invalid!");
ret = HKS_ERROR_INVALID_ARGUMENT;
break;
}
/* mbedtls_des3_crypt_cbc will refresh iv, so need a temp iv */
uint8_t tmpIv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
if (memcpy_s(tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE, des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE) != EOK) {
HKS_LOG_E("Memcpy temp iv failed!");
ret = HKS_ERROR_INVALID_IV;
break;
}
ret = mbedtls_des3_crypt_cbc(cbcNoPaddingCtx,
(encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
message->size,
tmpIv,
message->data,
cipherText->data);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtks 3des cbc nopadding crypt failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
(void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
break;
}
cipherText->size = message->size;
(void)memcpy_s(des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE, tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE);
} while (0);
return ret;
}
static int32_t Des3CbcNoPaddingCryptFinal(
void **cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
{
struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
mbedtls_des3_context *cbcNoPaddingCtx = (mbedtls_des3_context *)des3Ctx->append;
if (cbcNoPaddingCtx == NULL) {
HKS_FREE(*cryptoCtx);
return HKS_ERROR_NULL_POINTER;
}
int32_t ret = HKS_SUCCESS;
do {
if (message->size % HKS_3DES_CBC_DATA_BLOB_SIZE != 0) {
HKS_LOG_E("Des3CbcNoPaddingCryptFinal data size invalid!");
ret = HKS_ERROR_INVALID_ARGUMENT;
break;
}
if (message->size != 0) {
/* mbedtls_des3_crypt_cbc will refresh iv, so need a temp iv */
uint8_t tmpIv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
if (memcpy_s(tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE, des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE) != EOK) {
HKS_LOG_E("Memcpy temp iv failed!");
ret = HKS_ERROR_INVALID_IV;
break;
}
ret = mbedtls_des3_crypt_cbc(cbcNoPaddingCtx,
(encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
message->size,
tmpIv,
message->data,
cipherText->data);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls 3des gcm encryot failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
(void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
break;
}
}
cipherText->size = message->size;
} while (0);
mbedtls_des3_free(cbcNoPaddingCtx);
HKS_FREE(des3Ctx->append);
HKS_FREE(*cryptoCtx);
return ret;
}
#endif /* HKS_SUPPORT_3DES_CBC_NOPADDING */
static int32_t Des3CbcCryptInit(
void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
{
switch (usageSpec->padding) {
#ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
case HKS_PADDING_NONE:
return Des3CbcNoPaddingCryptInit(cryptoCtx, key, usageSpec, encrypt);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
return HKS_ERROR_INVALID_PADDING;
}
}
static int32_t Des3CbcCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
struct HksBlob *cipherText, const bool encrypt)
{
switch (padding) {
#ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
case HKS_PADDING_NONE:
return Des3CbcNoPaddingCryptUpdate(cryptoCtx, message, encrypt, cipherText);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
return HKS_ERROR_INVALID_PADDING;
}
}
static int32_t Des3CbcCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
struct HksBlob *cipherText, const bool encrypt)
{
switch (padding) {
#ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
case HKS_PADDING_NONE:
return Des3CbcNoPaddingCryptFinal(cryptoCtx, message, encrypt, cipherText);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
return HKS_ERROR_INVALID_PADDING;
}
}
#ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
static int32_t Des3EcbNoPaddingCryptInitParam(const struct HksBlob *key, mbedtls_cipher_context_t *ecbCtx,
const bool encrypt)
{
const mbedtls_cipher_info_t *info = NULL;
if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
info = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
} else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
info = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_3DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
}
if (info == NULL) {
HKS_LOG_E("get cipher info from values failed!");
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
int32_t ret = mbedtls_cipher_setup(ecbCtx, info);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls cipher setup failed ret = %" LOG_PUBLIC "d", ret);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
ret = mbedtls_cipher_setkey(
ecbCtx, key->data, key->size * HKS_BITS_PER_BYTE, encrypt ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls setkey failed ret = %" LOG_PUBLIC "d", ret);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
ret = mbedtls_cipher_set_iv(ecbCtx, NULL, 0);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls set iv failed ret = %" LOG_PUBLIC "d", ret);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
return HKS_SUCCESS;
}
static int32_t Des3EcbNoPaddingCryptInit(void **cryptoCtx, const struct HksUsageSpec *usageSpec,
const struct HksBlob *key, const bool encrypt)
{
mbedtls_cipher_context_t *ecbCtx = (mbedtls_cipher_context_t *)HksMalloc(sizeof(mbedtls_cipher_context_t));
HKS_IF_NULL_LOGE_RETURN(ecbCtx, HKS_ERROR_MALLOC_FAIL, "Ecb ecbCtx malloc fail")
mbedtls_cipher_init(ecbCtx);
int32_t ret = Des3EcbNoPaddingCryptInitParam(key, ecbCtx, encrypt);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("Des3EcbNoPaddingCryptInitParam failed ret = %" LOG_PUBLIC "d", ret);
mbedtls_cipher_free(ecbCtx);
HKS_FREE(ecbCtx);
return ret;
}
ret = mbedtls_cipher_reset(ecbCtx);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls reset failed ret = %" LOG_PUBLIC "d", ret);
mbedtls_cipher_free(ecbCtx);
HKS_FREE(ecbCtx);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
struct HksMbedtls3DesCtx *outCtx = (struct HksMbedtls3DesCtx *)HksMalloc(sizeof(struct HksMbedtls3DesCtx));
if (outCtx == NULL) {
HKS_LOG_E("initialize outCtx fail");
mbedtls_cipher_free(ecbCtx);
HKS_FREE(ecbCtx);
return HKS_ERROR_MALLOC_FAIL;
}
outCtx->algType = usageSpec->algType;
outCtx->mode = usageSpec->mode;
outCtx->padding = usageSpec->padding;
outCtx->append = (void *)ecbCtx;
*cryptoCtx = (void *)outCtx;
return ret;
}
static int32_t Des3EcbNoPaddingData(mbedtls_cipher_context_t *ecbNoPadingctx, size_t blockSize,
const struct HksBlob *message, struct HksBlob *cipherText, size_t *outLenTotal)
{
int32_t ret;
uint8_t *tmpMessage = (uint8_t *)HksMalloc(blockSize);
HKS_IF_NULL_LOGE_RETURN(tmpMessage, HKS_ERROR_INSUFFICIENT_MEMORY, "EcbNoPaddingUpdate tmpMessage is null")
if (message->size <= blockSize) {
(void)memset_s(tmpMessage, blockSize, 0, blockSize);
(void)memcpy_s(tmpMessage, message->size, message->data, message->size);
ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, blockSize, cipherText->data, outLenTotal);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
HKS_FREE(tmpMessage);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
} else {
uint32_t point = 0;
while (point < message->size) {
(void)memset_s(tmpMessage, blockSize, 0, blockSize);
uint32_t tmpSize = (message->size - point) >= blockSize ? blockSize : (message->size - point);
ret = memcpy_s(tmpMessage, blockSize, message->data + point, tmpSize);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("copy data failed");
HKS_FREE(tmpMessage);
return HKS_ERROR_INSUFFICIENT_MEMORY;
}
size_t olen;
ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, tmpSize, cipherText->data + point, &olen);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
HKS_FREE(tmpMessage);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
*outLenTotal += olen;
point += blockSize;
}
}
HKS_FREE(tmpMessage);
return HKS_SUCCESS;
}
static mbedtls_cipher_context_t *Get3DesEcbNoPaddingCtx(void *cryptoCtx, const struct HksBlob *message,
struct HksBlob *cipherText, size_t *outLenTotal)
{
struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)cryptoCtx;
mbedtls_cipher_context_t *ecbNoPadingctx = (mbedtls_cipher_context_t *)des3Ctx->append;
HKS_IF_NULL_LOGE_RETURN(ecbNoPadingctx, NULL, "EcbNoPaddingUpdate ecbNoPadingctx is null")
int32_t ret = HKS_SUCCESS;
do {
if (message == NULL) {
HKS_LOG_E("The message is null.");
ret = HKS_FAILURE;
break;
}
if (message->size != 0) {
size_t blockSize = mbedtls_cipher_get_block_size(ecbNoPadingctx);
HKS_LOG_E("Ecb No padding update!message.size[%" LOG_PUBLIC "d] blockSize[%" LOG_PUBLIC "d]",
message->size, blockSize);
if (blockSize == 0 || (message->size % blockSize != 0)) {
HKS_LOG_E("The size of message is invalid.");
ret = HKS_ERROR_INVALID_ARGUMENT;
break;
}
ret = Des3EcbNoPaddingData(ecbNoPadingctx, blockSize, message, cipherText, outLenTotal);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DesEcbNoPaddingData failed")
}
} while (0);
HKS_IF_NOT_SUCC_RETURN(ret, NULL)
return ecbNoPadingctx;
}
static int32_t Des3EcbNoPaddingCryptUpdate(void *cryptoCtx, const struct HksBlob *message,
struct HksBlob *cipherText)
{
size_t outLenTotal = 0;
HKS_IF_NULL_RETURN(Get3DesEcbNoPaddingCtx(cryptoCtx, message, cipherText, &outLenTotal), HKS_ERROR_NULL_POINTER)
cipherText->size = outLenTotal;
return HKS_SUCCESS;
}
static int32_t Des3EcbNoPaddingCryptFinal(void **cryptoCtx, const struct HksBlob *message,
struct HksBlob *cipherText)
{
size_t outLenTotal = 0;
mbedtls_cipher_context_t *ecbNoPadingctx = Get3DesEcbNoPaddingCtx(*cryptoCtx, message, cipherText, &outLenTotal);
if (ecbNoPadingctx == NULL) {
HKS_FREE(*cryptoCtx);
return HKS_ERROR_NULL_POINTER;
}
struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
size_t finishOlen;
size_t olen = outLenTotal;
int32_t ret = mbedtls_cipher_finish(ecbNoPadingctx, cipherText->data + olen, &finishOlen);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls ecb nopadding crypt update failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
(void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
} else {
cipherText->size = olen + finishOlen;
}
mbedtls_cipher_free(ecbNoPadingctx);
HKS_FREE(des3Ctx->append);
HKS_FREE(*cryptoCtx);
return ret;
}
#endif
static int32_t Des3EcbCryptInit(void **cryptoCtx, const struct HksBlob *key,
const struct HksUsageSpec *usageSpec, const bool encrypt)
{
switch (usageSpec->padding) {
#ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
case HKS_PADDING_NONE:
return Des3EcbNoPaddingCryptInit(cryptoCtx, usageSpec, key, encrypt);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
return HKS_ERROR_INVALID_PADDING;
}
}
static int32_t Des3EcbCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
struct HksBlob *cipherText)
{
switch (padding) {
#ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
case HKS_PADDING_NONE:
return Des3EcbNoPaddingCryptUpdate(cryptoCtx, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
return HKS_ERROR_INVALID_PADDING;
}
}
static int32_t Des3EcbCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
struct HksBlob *cipherText)
{
switch (padding) {
#ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
case HKS_PADDING_NONE:
return Des3EcbNoPaddingCryptFinal(cryptoCtx, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
return HKS_ERROR_INVALID_PADDING;
}
}
int32_t HksMbedtls3DesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
{
if (CheckKeySize(key) != HKS_SUCCESS || cryptoCtx == NULL || usageSpec == NULL) {
HKS_LOG_E("Invalid des3 keySiz = 0x%" LOG_PUBLIC "X", key->size);
return HKS_ERROR_INVALID_ARGUMENT;
}
switch (usageSpec->mode) {
#if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return Des3CbcCryptInit(cryptoCtx, key, usageSpec, true);
#endif
#if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return Des3EcbCryptInit(cryptoCtx, key, usageSpec, true);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
return HKS_ERROR_NOT_SUPPORTED;
}
}
int32_t HksMbedtls3DesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
{
HKS_IF_NULL_LOGE_RETURN(cryptoCtx, HKS_ERROR_INVALID_ARGUMENT, "Mbedtls 3DES encrypt update param is null")
struct HksMbedtls3DesCtx *des3EncryptCtx = (struct HksMbedtls3DesCtx *)cryptoCtx;
switch (des3EncryptCtx->mode) {
#if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return Des3CbcCryptUpdate(cryptoCtx, des3EncryptCtx->padding, message, cipherText, true);
#endif
#if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return Des3EcbCryptUpdate(cryptoCtx, des3EncryptCtx->padding, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3EncryptCtx->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtls3DesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
{
struct HksMbedtls3DesCtx *des3EncryptCtx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
switch (des3EncryptCtx->mode) {
#if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return Des3CbcCryptFinal(cryptoCtx, des3EncryptCtx->padding, message, cipherText, true);
#endif
#if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return Des3EcbCryptFinal(cryptoCtx, des3EncryptCtx->padding, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3EncryptCtx->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtls3DesDecryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
{
HKS_IF_NOT_SUCC_LOGE_RETURN(
CheckKeySize(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid des3 keySize = 0x%" LOG_PUBLIC "X", key->size)
switch (usageSpec->mode) {
#if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return Des3CbcCryptInit(cryptoCtx, key, usageSpec, false);
#endif
#if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return Des3EcbCryptInit(cryptoCtx, key, usageSpec, false);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtls3DesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
{
struct HksMbedtls3DesCtx *des3DecryptCtx = (struct HksMbedtls3DesCtx *)cryptoCtx;
switch (des3DecryptCtx->mode) {
#if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return Des3CbcCryptUpdate(cryptoCtx, des3DecryptCtx->padding, message, cipherText, false);
#endif
#if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return Des3EcbCryptUpdate(cryptoCtx, des3DecryptCtx->padding, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3DecryptCtx->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtls3DesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
{
struct HksMbedtls3DesCtx *des3DecryptCtx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
switch (des3DecryptCtx->mode) {
#if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return Des3CbcCryptFinal(cryptoCtx, des3DecryptCtx->padding, message, cipherText, false);
#endif
#if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return Des3EcbCryptFinal(cryptoCtx, des3DecryptCtx->padding, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3DecryptCtx->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtls3DesCryptoInit(
void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
{
if (encrypt) {
return HksMbedtls3DesEncryptInit(cryptoCtx, key, usageSpec);
} else {
return HksMbedtls3DesDecryptInit(cryptoCtx, key, usageSpec);
}
}
int32_t HksMbedtls3DesCryptoUpdate(
void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt)
{
if (encrypt) {
return HksMbedtls3DesEncryptUpdate(cryptoCtx, message, cipherText);
} else {
return HksMbedtls3DesDecryptUpdate(cryptoCtx, message, cipherText);
}
}
int32_t HksMbedtls3DesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
const bool encrypt)
{
if (encrypt) {
return HksMbedtls3DesEncryptFinal(cryptoCtx, message, cipherText);
} else {
return HksMbedtls3DesDecryptFinal(cryptoCtx, message, cipherText);
}
}
#if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
void HksMbedtls3DesHalModeCbcFreeCtx(void **cryptCtx)
{
if (cryptCtx == NULL || *cryptCtx == NULL) {
HKS_LOG_E("FreeCtx cryptCtx param is null");
return;
}
struct HksMbedtls3DesCtx *mbedtls3DesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
if (mbedtls3DesCtx->padding == HKS_PADDING_NONE) {
if (mbedtls3DesCtx->append != NULL) {
mbedtls_des3_free((mbedtls_des3_context *)(mbedtls3DesCtx->append));
HKS_FREE(mbedtls3DesCtx->append);
}
}
}
#endif
#if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
void HksMbedtls3DesHalModeEcbFreeCtx(void **cryptCtx)
{
if (cryptCtx == NULL || *cryptCtx == NULL) {
HKS_LOG_E("FreeCtx cryptCtx param is null");
return;
}
struct HksMbedtls3DesCtx *mbedtlsDesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
if (mbedtlsDesCtx->padding == HKS_PADDING_NONE) {
if (mbedtlsDesCtx->append != NULL) {
mbedtls_cipher_free((mbedtls_cipher_context_t *)mbedtlsDesCtx->append);
HKS_FREE(mbedtlsDesCtx->append);
}
}
}
#endif
void HksMbedtls3DesHalFreeCtx(void **cryptCtx)
{
if (cryptCtx == NULL || *cryptCtx == NULL) {
HKS_LOG_E("FreeCtx param context null");
return;
}
struct HksMbedtls3DesCtx *mbedtls3DesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
switch (mbedtls3DesCtx->mode) {
#if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
case HKS_MODE_CBC:
HksMbedtls3DesHalModeCbcFreeCtx(cryptCtx);
break;
#endif
#if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
case HKS_MODE_ECB:
HksMbedtls3DesHalModeEcbFreeCtx(cryptCtx);
break;
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", mbedtls3DesCtx->mode);
break;
}
HKS_FREE(*cryptCtx);
}
#endif /* HKS_SUPPORT_3DES_C */

48
frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c
View File

@ -27,6 +27,8 @@
#include "hks_mbedtls_aes.h"
#include "hks_mbedtls_bn.h"
#include "hks_mbedtls_common.h"
#include "hks_mbedtls_des.h"
#include "hks_mbedtls_3des.h"
#include "hks_mbedtls_dh.h"
#include "hks_mbedtls_dsa.h"
#include "hks_mbedtls_ecc.h"
@ -52,6 +54,12 @@ static void RegisterAbilityGenerateKey(void)
#if defined(HKS_SUPPORT_AES_C) && defined(HKS_SUPPORT_AES_GENERATE_KEY)
(void)RegisterAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(HKS_ALG_AES), (void *)HksMbedtlsAesGenerateKey);
#endif
#if defined(HKS_SUPPORT_DES_C) && defined(HKS_SUPPORT_DES_GENERATE_KEY)
(void)RegisterAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(HKS_ALG_DES), (void *)HksMbedtlsDesGenerateKey);
#endif
#if defined(HKS_SUPPORT_3DES_C) && defined(HKS_SUPPORT_3DES_GENERATE_KEY)
(void)RegisterAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(HKS_ALG_3DES), (void *)HksMbedtls3DesGenerateKey);
#endif
#if defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY)
(void)RegisterAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(HKS_ALG_RSA), (void *)HksMbedtlsRsaGenerateKey);
#endif
@ -136,6 +144,26 @@ static void RegisterAbilityEncrypt(void)
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FREE_CTX(HKS_ALG_AES),
(void *)HksMbedtlsAesHalFreeCtx);
#endif
#ifdef HKS_SUPPORT_DES_C
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_INIT(HKS_ALG_DES),
(void *)HksMbedtlsDesCryptoInit);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_UPDATE(HKS_ALG_DES),
(void *)HksMbedtlsDesCryptoUpdate);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FINAL(HKS_ALG_DES),
(void *)HksMbedtlsDesCryptoFinal);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FREE_CTX(HKS_ALG_DES),
(void *)HksMbedtlsDesHalFreeCtx);
#endif
#ifdef HKS_SUPPORT_3DES_C
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_INIT(HKS_ALG_3DES),
(void *)HksMbedtls3DesCryptoInit);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_UPDATE(HKS_ALG_3DES),
(void *)HksMbedtls3DesCryptoUpdate);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FINAL(HKS_ALG_3DES),
(void *)HksMbedtls3DesCryptoFinal);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FREE_CTX(HKS_ALG_3DES),
(void *)HksMbedtls3DesHalFreeCtx);
#endif
}
static void RegisterAbilityDecrypt(void)
@ -154,6 +182,26 @@ static void RegisterAbilityDecrypt(void)
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FREE_CTX(HKS_ALG_AES),
(void *)HksMbedtlsAesHalFreeCtx);
#endif
#ifdef HKS_SUPPORT_DES_C
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_INIT(HKS_ALG_DES),
(void *)HksMbedtlsDesCryptoInit);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_UPDATE(HKS_ALG_DES),
(void *)HksMbedtlsDesCryptoUpdate);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(HKS_ALG_DES),
(void *)HksMbedtlsDesCryptoFinal);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FREE_CTX(HKS_ALG_DES),
(void *)HksMbedtlsDesHalFreeCtx);
#endif
#ifdef HKS_SUPPORT_3DES_C
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_INIT(HKS_ALG_3DES),
(void *)HksMbedtls3DesCryptoInit);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_UPDATE(HKS_ALG_3DES),
(void *)HksMbedtls3DesCryptoUpdate);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(HKS_ALG_3DES),
(void *)HksMbedtls3DesCryptoFinal);
(void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FREE_CTX(HKS_ALG_3DES),
(void *)HksMbedtls3DesHalFreeCtx);
#endif
}
static void RegisterAbilityAgree(void)

706
frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_des.c Normal file
View File

@ -0,0 +1,706 @@
/*
* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifdef HKS_CONFIG_FILE
#include HKS_CONFIG_FILE
#else
#include "hks_config.h"
#endif
#ifdef HKS_SUPPORT_DES_C
#include "hks_mbedtls_des.h"
#include <mbedtls/des.h>
#include <mbedtls/ccm.h>
#include <mbedtls/cipher.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
#include <mbedtls/gcm.h>
#include "hks_log.h"
#include "hks_mbedtls_common.h"
#include "hks_mem.h"
#include "hks_template.h"
#define HKS_DES_CBC_NOPADDING_IV_SIZE 8
#define HKS_DES_CBC_DATA_BLOB_SIZE 8
struct HksMbedtlsDesCtx {
uint32_t algType;
uint32_t mode;
uint32_t padding;
uint8_t *append;
uint8_t iv[HKS_DES_CBC_NOPADDING_IV_SIZE];
uint8_t *nonce;
uint32_t nonceSize;
uint8_t *aad;
uint32_t aadSize;
} HksMbedtlsDesCtx;
static int32_t CheckKeySize(const struct HksBlob *key)
{
if (key->size != HKS_KEY_BYTES(HKS_DES_KEY_SIZE_64)) {
return HKS_ERROR_INVALID_KEY_SIZE;
}
return HKS_SUCCESS;
}
#ifdef HKS_SUPPORT_DES_GENERATE_KEY
int32_t HksMbedtlsDesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
{
if (spec->keyLen != HKS_DES_KEY_SIZE_64) {
return HKS_ERROR_INVALID_KEY_SIZE;
}
const uint32_t keyByteLen = spec->keyLen / HKS_BITS_PER_BYTE;
uint8_t *outKey = (uint8_t *)HksMalloc(keyByteLen);
HKS_IF_NULL_RETURN(outKey, HKS_ERROR_MALLOC_FAIL)
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctrDrbg;
(void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
(void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
if (ret != HKS_SUCCESS) {
HKS_FREE(outKey);
return ret;
}
do {
ret = mbedtls_ctr_drbg_random(&ctrDrbg, outKey, keyByteLen);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls ctr drbg random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
(void)memset_s(outKey, keyByteLen, 0, keyByteLen);
HKS_FREE(outKey);
ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
break;
}
key->data = outKey;
key->size = keyByteLen;
} while (0);
mbedtls_ctr_drbg_free(&ctrDrbg);
mbedtls_entropy_free(&entropy);
return ret;
}
#endif /* HKS_SUPPORT_DES_GENERATE_KEY */
#ifdef HKS_SUPPORT_DES_CBC_NOPADDING
static int32_t DesCbcNoPaddingCryptInit(
void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
{
mbedtls_des_context *ctx = (mbedtls_des_context *)HksMalloc(sizeof(mbedtls_des_context));
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_MALLOC_FAIL, "initialize ctx fail")
mbedtls_des_init(ctx);
int32_t ret;
if (encrypt) {
ret = mbedtls_des_setkey_enc(ctx, key->data);
} else {
ret = mbedtls_des_setkey_dec(ctx, key->data);
}
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls des set key failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
mbedtls_des_free(ctx);
HKS_FREE(ctx);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
struct HksMbedtlsDesCtx *outCtx = (struct HksMbedtlsDesCtx *)HksMalloc(sizeof(struct HksMbedtlsDesCtx));
if (outCtx == NULL) {
HKS_LOG_E("initialize outCtx fail");
mbedtls_des_free(ctx);
HKS_FREE(ctx);
return HKS_ERROR_MALLOC_FAIL;
}
outCtx->append = (void *)ctx;
outCtx->mode = usageSpec->mode;
outCtx->padding = usageSpec->padding;
struct HksCipherParam *iv = (struct HksCipherParam *)(usageSpec->algParam);
(void)memcpy_s(outCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE, iv->iv.data, HKS_DES_CBC_NOPADDING_IV_SIZE);
*cryptoCtx = (void *)outCtx;
return ret;
}
static int32_t DesCbcNoPaddingCryptUpdate(
void *cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
{
struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
HKS_IF_NULL_RETURN(desCtx, HKS_ERROR_NULL_POINTER)
mbedtls_des_context *cbcNoPaddingCtx = (mbedtls_des_context *)desCtx->append;
HKS_IF_NULL_RETURN(cbcNoPaddingCtx, HKS_ERROR_NULL_POINTER)
int32_t ret;
do {
if (message->size % HKS_DES_CBC_DATA_BLOB_SIZE != 0) {
HKS_LOG_E("DesCbcNoPaddingCryptUpdate data size invalid!");
ret = HKS_ERROR_INVALID_ARGUMENT;
break;
}
/* mbedtls_des_crypt_cbc will refresh iv, so need a temp iv */
uint8_t tmpIv[HKS_DES_CBC_NOPADDING_IV_SIZE];
if (memcpy_s(tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE, desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE) != EOK) {
HKS_LOG_E("Memcpy temp iv failed!");
ret = HKS_ERROR_INVALID_IV;
break;
}
ret = mbedtls_des_crypt_cbc(cbcNoPaddingCtx,
(encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
message->size,
tmpIv,
message->data,
cipherText->data);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtks des cbc nopadding crypt failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
(void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
break;
}
cipherText->size = message->size;
(void)memcpy_s(desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE, tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE);
} while (0);
return ret;
}
static int32_t DesCbcNoPaddingCryptFinal(
void **cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
{
struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
mbedtls_des_context *cbcNoPaddingCtx = (mbedtls_des_context *)desCtx->append;
if (cbcNoPaddingCtx == NULL) {
HKS_FREE(*cryptoCtx);
return HKS_ERROR_NULL_POINTER;
}
int32_t ret = HKS_SUCCESS;
do {
if (message->size % HKS_DES_CBC_DATA_BLOB_SIZE != 0) {
HKS_LOG_E("DesCbcNoPaddingCryptFinal data size invalid!");
ret = HKS_ERROR_INVALID_ARGUMENT;
break;
}
if (message->size != 0) {
/* mbedtls_des_crypt_cbc will refresh iv, so need a temp iv */
uint8_t tmpIv[HKS_DES_CBC_NOPADDING_IV_SIZE];
if (memcpy_s(tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE, desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE) != EOK) {
HKS_LOG_E("Memcpy temp iv failed!");
ret = HKS_ERROR_INVALID_IV;
break;
}
ret = mbedtls_des_crypt_cbc(cbcNoPaddingCtx,
(encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
message->size,
tmpIv,
message->data,
cipherText->data);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls des gcm encryot failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
(void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
break;
}
}
cipherText->size = message->size;
} while (0);
mbedtls_des_free(cbcNoPaddingCtx);
HKS_FREE(desCtx->append);
HKS_FREE(*cryptoCtx);
return ret;
}
#endif /* HKS_SUPPORT_DES_CBC_NOPADDING */
static int32_t DesCbcCryptInit(
void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
{
switch (usageSpec->padding) {
#ifdef HKS_SUPPORT_DES_CBC_NOPADDING
case HKS_PADDING_NONE:
return DesCbcNoPaddingCryptInit(cryptoCtx, key, usageSpec, encrypt);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
return HKS_ERROR_INVALID_PADDING;
}
}
static int32_t DesCbcCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
struct HksBlob *cipherText, const bool encrypt)
{
switch (padding) {
#ifdef HKS_SUPPORT_DES_CBC_NOPADDING
case HKS_PADDING_NONE:
return DesCbcNoPaddingCryptUpdate(cryptoCtx, message, encrypt, cipherText);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
return HKS_ERROR_INVALID_PADDING;
}
}
static int32_t DesCbcCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
struct HksBlob *cipherText, const bool encrypt)
{
switch (padding) {
#ifdef HKS_SUPPORT_DES_CBC_NOPADDING
case HKS_PADDING_NONE:
return DesCbcNoPaddingCryptFinal(cryptoCtx, message, encrypt, cipherText);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
return HKS_ERROR_INVALID_PADDING;
}
}
#ifdef HKS_SUPPORT_DES_ECB_NOPADDING
static int32_t DesEcbNoPaddingCryptInitParam(const struct HksBlob *key, mbedtls_cipher_context_t *ecbCtx,
const bool encrypt)
{
const mbedtls_cipher_info_t *info =
mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
if (info == NULL) {
HKS_LOG_E("get cipher info from values failed!");
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
int32_t ret = mbedtls_cipher_setup(ecbCtx, info);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls cipher setup failed ret = %" LOG_PUBLIC "d", ret);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
ret = mbedtls_cipher_setkey(
ecbCtx, key->data, key->size * HKS_BITS_PER_BYTE, encrypt ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls setkey failed ret = %" LOG_PUBLIC "d", ret);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
ret = mbedtls_cipher_set_iv(ecbCtx, NULL, 0);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls set iv failed ret = %" LOG_PUBLIC "d", ret);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
return HKS_SUCCESS;
}
static int32_t DesEcbNoPaddingCryptInit(void **cryptoCtx, const struct HksUsageSpec *usageSpec,
const struct HksBlob *key, const bool encrypt)
{
mbedtls_cipher_context_t *ecbCtx = (mbedtls_cipher_context_t *)HksMalloc(sizeof(mbedtls_cipher_context_t));
HKS_IF_NULL_LOGE_RETURN(ecbCtx, HKS_ERROR_MALLOC_FAIL, "Ecb ecbCtx malloc fail")
mbedtls_cipher_init(ecbCtx);
int32_t ret = DesEcbNoPaddingCryptInitParam(key, ecbCtx, encrypt);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("DesEcbNoPaddingCryptInitParam failed ret = %" LOG_PUBLIC "d", ret);
mbedtls_cipher_free(ecbCtx);
HKS_FREE(ecbCtx);
return ret;
}
ret = mbedtls_cipher_reset(ecbCtx);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls reset failed ret = %" LOG_PUBLIC "d", ret);
mbedtls_cipher_free(ecbCtx);
HKS_FREE(ecbCtx);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
struct HksMbedtlsDesCtx *outCtx = (struct HksMbedtlsDesCtx *)HksMalloc(sizeof(struct HksMbedtlsDesCtx));
if (outCtx == NULL) {
HKS_LOG_E("initialize outCtx fail");
mbedtls_cipher_free(ecbCtx);
HKS_FREE(ecbCtx);
return HKS_ERROR_MALLOC_FAIL;
}
outCtx->algType = usageSpec->algType;
outCtx->mode = usageSpec->mode;
outCtx->padding = usageSpec->padding;
outCtx->append = (void *)ecbCtx;
*cryptoCtx = (void *)outCtx;
return ret;
}
static int32_t DesEcbNoPaddingData(mbedtls_cipher_context_t *ecbNoPadingctx, size_t blockSize,
const struct HksBlob *message, struct HksBlob *cipherText, size_t *outLenTotal)
{
int32_t ret;
uint8_t *tmpMessage = (uint8_t *)HksMalloc(blockSize);
HKS_IF_NULL_LOGE_RETURN(tmpMessage, HKS_ERROR_INSUFFICIENT_MEMORY, "EcbNoPaddingUpdate tmpMessage is null")
if (message->size <= blockSize) {
(void)memset_s(tmpMessage, blockSize, 0, blockSize);
(void)memcpy_s(tmpMessage, message->size, message->data, message->size);
ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, blockSize, cipherText->data, outLenTotal);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
HKS_FREE(tmpMessage);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
} else {
uint32_t point = 0;
while (point < message->size) {
(void)memset_s(tmpMessage, blockSize, 0, blockSize);
uint32_t tmpSize = (message->size - point) >= blockSize ? blockSize : (message->size - point);
ret = memcpy_s(tmpMessage, blockSize, message->data + point, tmpSize);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("copy data failed");
HKS_FREE(tmpMessage);
return HKS_ERROR_INSUFFICIENT_MEMORY;
}
size_t olen;
ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, tmpSize, cipherText->data + point, &olen);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
HKS_FREE(tmpMessage);
return HKS_ERROR_CRYPTO_ENGINE_ERROR;
}
*outLenTotal += olen;
point += blockSize;
}
}
HKS_FREE(tmpMessage);
return HKS_SUCCESS;
}
static mbedtls_cipher_context_t *GetDesEcbNoPaddingCtx(void *cryptoCtx, const struct HksBlob *message,
struct HksBlob *cipherText, size_t *outLenTotal)
{
struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
mbedtls_cipher_context_t *ecbNoPadingctx = (mbedtls_cipher_context_t *)desCtx->append;
HKS_IF_NULL_LOGE_RETURN(ecbNoPadingctx, NULL, "EcbNoPaddingUpdate ecbNoPadingctx is null")
int32_t ret = HKS_SUCCESS;
do {
if (message == NULL) {
HKS_LOG_E("The message is null.");
ret = HKS_FAILURE;
break;
}
if (message->size != 0) {
size_t blockSize = mbedtls_cipher_get_block_size(ecbNoPadingctx);
HKS_LOG_E("Ecb No padding update!message.size[%" LOG_PUBLIC "d] blockSize[%" LOG_PUBLIC "d]",
message->size, blockSize);
if (blockSize == 0 || (message->size % blockSize != 0)) {
HKS_LOG_E("The size of message is invalid.");
ret = HKS_ERROR_INVALID_ARGUMENT;
break;
}
ret = DesEcbNoPaddingData(ecbNoPadingctx, blockSize, message, cipherText, outLenTotal);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DesEcbNoPaddingData failed")
}
} while (0);
HKS_IF_NOT_SUCC_RETURN(ret, NULL)
return ecbNoPadingctx;
}
static int32_t DesEcbNoPaddingCryptUpdate(void *cryptoCtx, const struct HksBlob *message,
struct HksBlob *cipherText)
{
size_t outLenTotal = 0;
HKS_IF_NULL_RETURN(GetDesEcbNoPaddingCtx(cryptoCtx, message, cipherText, &outLenTotal), HKS_ERROR_NULL_POINTER)
cipherText->size = outLenTotal;
return HKS_SUCCESS;
}
static int32_t DesEcbNoPaddingCryptFinal(void **cryptoCtx, const struct HksBlob *message,
struct HksBlob *cipherText)
{
size_t outLenTotal = 0;
mbedtls_cipher_context_t *ecbNoPadingctx = GetDesEcbNoPaddingCtx(*cryptoCtx, message, cipherText, &outLenTotal);
if (ecbNoPadingctx == NULL) {
HKS_FREE(*cryptoCtx);
return HKS_ERROR_NULL_POINTER;
}
struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
size_t finishOlen;
size_t olen = outLenTotal;
int32_t ret = mbedtls_cipher_finish(ecbNoPadingctx, cipherText->data + olen, &finishOlen);
if (ret != HKS_MBEDTLS_SUCCESS) {
HKS_LOG_E("Mbedtls ecb nopadding crypt update failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
(void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
} else {
cipherText->size = olen + finishOlen;
}
mbedtls_cipher_free(ecbNoPadingctx);
HKS_FREE(desCtx->append);
HKS_FREE(*cryptoCtx);
return ret;
}
#endif
#if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
static int32_t DesEcbCryptInit(void **cryptoCtx, const struct HksBlob *key,
const struct HksUsageSpec *usageSpec, const bool encrypt)
{
switch (usageSpec->padding) {
#ifdef HKS_SUPPORT_DES_ECB_NOPADDING
case HKS_PADDING_NONE:
return DesEcbNoPaddingCryptInit(cryptoCtx, usageSpec, key, encrypt);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
return HKS_ERROR_INVALID_PADDING;
}
}
static int32_t DesEcbCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
struct HksBlob *cipherText)
{
switch (padding) {
#ifdef HKS_SUPPORT_DES_ECB_NOPADDING
case HKS_PADDING_NONE:
return DesEcbNoPaddingCryptUpdate(cryptoCtx, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
return HKS_ERROR_INVALID_PADDING;
}
}
static int32_t DesEcbCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
struct HksBlob *cipherText)
{
switch (padding) {
#ifdef HKS_SUPPORT_DES_ECB_NOPADDING
case HKS_PADDING_NONE:
return DesEcbNoPaddingCryptFinal(cryptoCtx, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
return HKS_ERROR_INVALID_PADDING;
}
}
#endif
int32_t HksMbedtlsDesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
{
if (CheckKeySize(key) != HKS_SUCCESS || cryptoCtx == NULL || usageSpec == NULL) {
HKS_LOG_E("Invalid des keySiz = 0x%" LOG_PUBLIC "X", key->size);
return HKS_ERROR_INVALID_ARGUMENT;
}
switch (usageSpec->mode) {
#if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return DesCbcCryptInit(cryptoCtx, key, usageSpec, true);
#endif
#if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return DesEcbCryptInit(cryptoCtx, key, usageSpec, true);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
return HKS_ERROR_NOT_SUPPORTED;
}
}
int32_t HksMbedtlsDesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
{
HKS_IF_NULL_LOGE_RETURN(cryptoCtx, HKS_ERROR_INVALID_ARGUMENT, "Mbedtls DES encrypt update param is null")
struct HksMbedtlsDesCtx *desEncryptCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
switch (desEncryptCtx->mode) {
#if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return DesCbcCryptUpdate(cryptoCtx, desEncryptCtx->padding, message, cipherText, true);
#endif
#if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return DesEcbCryptUpdate(cryptoCtx, desEncryptCtx->padding, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desEncryptCtx->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtlsDesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
{
struct HksMbedtlsDesCtx *desEncryptCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
switch (desEncryptCtx->mode) {
#if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return DesCbcCryptFinal(cryptoCtx, desEncryptCtx->padding, message, cipherText, true);
#endif
#if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return DesEcbCryptFinal(cryptoCtx, desEncryptCtx->padding, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desEncryptCtx->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtlsDesDecryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
{
HKS_IF_NOT_SUCC_LOGE_RETURN(
CheckKeySize(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid des keySize = 0x%" LOG_PUBLIC "X", key->size)
switch (usageSpec->mode) {
#if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return DesCbcCryptInit(cryptoCtx, key, usageSpec, false);
#endif
#if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return DesEcbCryptInit(cryptoCtx, key, usageSpec, false);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtlsDesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
{
struct HksMbedtlsDesCtx *desDecryptCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
switch (desDecryptCtx->mode) {
#if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return DesCbcCryptUpdate(cryptoCtx, desDecryptCtx->padding, message, cipherText, false);
#endif
#if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return DesEcbCryptUpdate(cryptoCtx, desDecryptCtx->padding, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desDecryptCtx->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtlsDesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
{
struct HksMbedtlsDesCtx *desDecryptCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
switch (desDecryptCtx->mode) {
#if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
case HKS_MODE_CBC:
return DesCbcCryptFinal(cryptoCtx, desDecryptCtx->padding, message, cipherText, false);
#endif
#if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
case HKS_MODE_ECB:
return DesEcbCryptFinal(cryptoCtx, desDecryptCtx->padding, message, cipherText);
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desDecryptCtx->mode);
return HKS_ERROR_INVALID_ARGUMENT;
}
}
int32_t HksMbedtlsDesCryptoInit(
void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
{
if (encrypt) {
return HksMbedtlsDesEncryptInit(cryptoCtx, key, usageSpec);
} else {
return HksMbedtlsDesDecryptInit(cryptoCtx, key, usageSpec);
}
}
int32_t HksMbedtlsDesCryptoUpdate(
void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt)
{
if (encrypt) {
return HksMbedtlsDesEncryptUpdate(cryptoCtx, message, cipherText);
} else {
return HksMbedtlsDesDecryptUpdate(cryptoCtx, message, cipherText);
}
}
int32_t HksMbedtlsDesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
const bool encrypt)
{
if (encrypt) {
return HksMbedtlsDesEncryptFinal(cryptoCtx, message, cipherText);
} else {
return HksMbedtlsDesDecryptFinal(cryptoCtx, message, cipherText);
}
}
#if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
void HksMbedtlsDesHalModecbcFreeCtx(void **cryptCtx)
{
if (cryptCtx == NULL || *cryptCtx == NULL) {
HKS_LOG_E("FreeCtx cryptCtx param is null");
return;
}
struct HksMbedtlsDesCtx *mbedtlsDesCtx = (struct HksMbedtlsDesCtx *)*cryptCtx;
if (mbedtlsDesCtx->padding == HKS_PADDING_NONE) {
if (mbedtlsDesCtx->append != NULL) {
mbedtls_des_free((mbedtls_des_context *)(mbedtlsDesCtx->append));
HKS_FREE(mbedtlsDesCtx->append);
}
}
}
#endif
void HksMbedtlsDesHalFreeCtx(void **cryptCtx)
{
if (cryptCtx == NULL || *cryptCtx == NULL) {
HKS_LOG_E("FreeCtx param context null");
return;
}
struct HksMbedtlsDesCtx *mbedtlsDesCtx = (struct HksMbedtlsDesCtx *)*cryptCtx;
switch (mbedtlsDesCtx->mode) {
#if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
case HKS_MODE_CBC:
HksMbedtlsDesHalModecbcFreeCtx(cryptCtx);
break;
#endif
default:
HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", mbedtlsDesCtx->mode);
break;
}
HKS_FREE(*cryptCtx);
}
#endif /* HKS_SUPPORT_DES_C */

58
frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_engine.c
View File

@ -99,6 +99,58 @@ void HksCryptoHalHmacFreeCtx(void **ctx)
func(ctx);
}
#ifdef HKS_SUPPORT_CMAC_C
int32_t HksCryptoHalCmacInit(const struct HksBlob *key, uint32_t digestAlg, void **ctx)
{
if (CheckBlob(key) != HKS_SUCCESS || ctx == NULL) {
HKS_LOG_E("Crypt Hal Cmac init msg is NULL");
return HKS_ERROR_INVALID_ARGUMENT;
}
CmacInit func = (CmacInit)GetAbility(HKS_CRYPTO_ABILITY_CMAC_INIT);
HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
return func(ctx, key, digestAlg);
}
int32_t HksCryptoHalCmacUpdate(const struct HksBlob *chunk, void *ctx)
{
if (CheckBlob(chunk) != HKS_SUCCESS || ctx == NULL) {
HKS_LOG_E("Crypt Hal Cmac update chunk is invalid param");
return HKS_ERROR_INVALID_ARGUMENT;
}
CmacUpdate func = (CmacUpdate)GetAbility(HKS_CRYPTO_ABILITY_CMAC_UPDATE);
HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
return func(ctx, chunk);
}
int32_t HksCryptoHalCmacFinal(const struct HksBlob *msg, void **ctx, struct HksBlob *mac)
{
if (msg == NULL || ctx == NULL || *ctx == NULL || CheckBlob(mac) != HKS_SUCCESS) {
HKS_LOG_E("Crypt Hal Cmac final msg or mac is NULL");
return HKS_ERROR_INVALID_ARGUMENT;
}
CmacFinal func = (CmacFinal)GetAbility(HKS_CRYPTO_ABILITY_CMAC_FINAL);
HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
return func(ctx, msg, mac);
}
void HksCryptoHalCmacFreeCtx(void **ctx)
{
FreeCtx func = (FreeCtx)GetAbility(HKS_CRYPTO_ABILITY_CMAC_FREE_CTX);
if (func == NULL) {
HKS_LOG_E("CryptoHalCmacFreeCtx func is null");
return;
}
func(ctx);
}
#endif
#ifndef _CUT_AUTHENTICATE_
int32_t HksCryptoHalHash(uint32_t alg, const struct HksBlob *msg, struct HksBlob *hash)
{
@ -365,6 +417,12 @@ int32_t HksCryptoHalDecryptFinal(const struct HksBlob *message, void **ctx, stru
return HKS_ERROR_INVALID_ARGUMENT;
}
if ((algtype == HKS_ALG_DES) || (algtype == HKS_ALG_3DES)) {
DecryptFinalDes func = (DecryptFinalDes)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(algtype));
HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
return func(ctx, message, cipherText, false);
}
DecryptFinal func = (DecryptFinal)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(algtype));
HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)

2
interfaces/inner_api/huks_lite/BUILD.gn
View File

@ -129,10 +129,12 @@ if (ohos_kernel_type == "liteos_m") {
"../../../frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c",
"../../../frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_get_main_key.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_crypto_ed25519.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_3des.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_aes.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_bn.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_common.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_des.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ecc.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ecdh.c",
"../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ecdsa.c",

61
interfaces/kits/liteapi/src/hks_lite_api_export_key_item.cpp
View File

@ -24,13 +24,33 @@
namespace OHOS {
namespace ACELite {
// key size 512 plus aead 16
#define RESERVED_PADDING_AREA 528
static int32_t HksCallExportKeyItem(
const struct HksBlob *aliasBlob, const struct HksParamSet *paramSet, struct HksBlob *outData)
{
int32_t ret = InitHuksModule();
if (ret != HKS_SUCCESS) {
HKS_LOG_E("init huks failed");
return ret;
}
ret = HksExportPublicKey(aliasBlob, paramSet, outData);
return ret;
}
static int32_t InitOutDataBuffer(struct HksBlob *inData, struct HksBlob *outData)
{
outData->size = inData->size + RESERVED_PADDING_AREA;
outData->data = static_cast<uint8_t*>(HksMalloc(outData->size));
if (outData->data == NULL) {
return HKS_ERROR_MALLOC_FAIL;
}
return HKS_SUCCESS;
}
JSIValue HksLiteModule::exportKeyItem(const JSIValue thisVal, const JSIValue* args, uint8_t argsNum)
{
(void)thisVal;
(void)args;
(void)argsNum;
JSIValue undefValue = JSI::CreateUndefined();
uint32_t minNumArgs = 3;
if (argsNum < minNumArgs || args == nullptr) {
@ -38,7 +58,38 @@ JSIValue HksLiteModule::exportKeyItem(const JSIValue thisVal, const JSIValue* ar
return undefValue;
}
HksCallbackResultFailure(thisVal, args[ARGS_INDEX_2], HKS_ERROR_API_NOT_SUPPORTED);
struct HksBlob aliasBlob = { 0, nullptr };
struct HksParamSet *paramSet = nullptr;
struct HksBlob outData = { 0, nullptr };
struct HksBlob inData = { 0, nullptr };
int32_t ret;
do {
ret = HksParseKeyAlias(args, ARGS_INDEX_0, &aliasBlob);
if (ret != HKS_SUCCESS) {
break;
}
ret = HksParseParamSetWithAdd(args, ARGS_INDEX_1, &paramSet, nullptr, 0);
if (ret != HKS_SUCCESS) {
break;
}
ret = InitOutDataBuffer(&inData, &outData);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("init outdata buffer failed!");
break;
}
ret = HksCallExportKeyItem(&aliasBlob, paramSet, &outData);
} while (0);
if (ret == HKS_SUCCESS) {
struct HksLiteApiResult result = { &outData, nullptr, false };
HksCallbackResultSuccess(thisVal, args[ARGS_INDEX_2], &result);
} else {
HksCallbackResultFailure(thisVal, args[ARGS_INDEX_2], ret);
}
HKS_FREE_BLOB(aliasBlob);
HKS_FREE_BLOB(inData);
HKS_FREE_BLOB(outData);
HksFreeParamSet(&paramSet);
return undefValue;
}
}

66
interfaces/kits/liteapi/src/hks_lite_api_import_key_item.cpp
View File

@ -24,13 +24,33 @@
namespace OHOS {
namespace ACELite {
// key size 512 plus aead 16
#define RESERVED_PADDING_AREA 528
static int32_t HksCallImportKeyItem(
const struct HksBlob *aliasBlob, const struct HksParamSet *paramSet, struct HksBlob *inData)
{
int32_t ret = InitHuksModule();
if (ret != HKS_SUCCESS) {
HKS_LOG_E("init huks failed");
return ret;
}
ret = HksImportKey(aliasBlob, paramSet, inData);
return ret;
}
static int32_t InitOutDataBuffer(struct HksBlob *inData, struct HksBlob *outData)
{
outData->size = inData->size + RESERVED_PADDING_AREA;
outData->data = static_cast<uint8_t *>(HksMalloc(outData->size));
if (outData->data == NULL) {
return HKS_ERROR_MALLOC_FAIL;
}
return HKS_SUCCESS;
}
JSIValue HksLiteModule::importKeyItem(const JSIValue thisVal, const JSIValue* args, uint8_t argsNum)
{
(void)thisVal;
(void)args;
(void)argsNum;
JSIValue undefValue = JSI::CreateUndefined();
uint32_t minNumArgs = 3;
if (argsNum < minNumArgs || args == nullptr) {
@ -38,7 +58,43 @@ JSIValue HksLiteModule::importKeyItem(const JSIValue thisVal, const JSIValue* ar
return undefValue;
}
HksCallbackResultFailure(thisVal, args[ARGS_INDEX_2], HKS_ERROR_API_NOT_SUPPORTED);
struct HksBlob aliasBlob = { 0, nullptr };
struct HksParamSet *paramSet = nullptr;
struct HksBlob outData = { 0, nullptr };
struct HksBlob inData = { 0, nullptr };
int32_t ret;
do {
ret = HksParseKeyAlias(args, ARGS_INDEX_0, &aliasBlob);
if (ret != HKS_SUCCESS) {
break;
}
ret = HksParseParamSetWithAdd(args, ARGS_INDEX_1, &paramSet, nullptr, 0);
if (ret != HKS_SUCCESS) {
break;
}
ret = HksParseInData(args, ARGS_INDEX_1, &inData);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("parse indata failed!");
break;
}
ret = InitOutDataBuffer(&inData, &outData);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("init outdata buffer failed!");
break;
}
ret = HksCallImportKeyItem(&aliasBlob, paramSet, &inData);
} while (0);
if (ret == HKS_SUCCESS) {
struct HksLiteApiResult result = { nullptr, nullptr, false };
HksCallbackResultSuccess(thisVal, args[ARGS_INDEX_2], &result);
} else {
HksCallbackResultFailure(thisVal, args[ARGS_INDEX_2], ret);
}
HKS_FREE_BLOB(aliasBlob);
HKS_FREE_BLOB(inData);
HKS_FREE_BLOB(outData);
HksFreeParamSet(&paramSet);
return undefValue;
}
}

1
services/huks_standard/huks_engine/main/core/include/hks_auth.h
View File

@ -32,6 +32,7 @@ enum HksAuthId {
HKS_AUTH_ID_DERIVE = 0x7,
HKS_AUTH_ID_SIGN_VERIFY_ED25519 = 0x8,
HKS_AUTH_ID_AGREE = 0x9,
HKS_AUTH_ID_MAC_CMAC = 0x10,
};
#ifdef __cplusplus

4
services/huks_standard/huks_engine/main/core/src/hks_auth.c
View File

@ -37,6 +37,7 @@ static uint32_t g_signVerifyEccPolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_DIGEST
static uint32_t g_signVerifyEd25519PolicyTag[] = { HKS_TAG_PURPOSE };
static uint32_t g_macPolicyTag[] = { HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_macSm3PolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_macCmacPolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_PURPOSE };
static uint32_t g_derivePolicyTag[] = { HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_agreePolicyTag[] = { HKS_TAG_PURPOSE };
@ -49,7 +50,8 @@ struct HksAuthPolicy g_authPolicyList[] = {
{ HKS_AUTH_ID_MAC_HMAC, HKS_ARRAY_SIZE(g_macPolicyTag), g_macPolicyTag },
{ HKS_AUTH_ID_MAC_SM3, HKS_ARRAY_SIZE(g_macSm3PolicyTag), g_macSm3PolicyTag },
{ HKS_AUTH_ID_DERIVE, HKS_ARRAY_SIZE(g_derivePolicyTag), g_derivePolicyTag },
{ HKS_AUTH_ID_AGREE, HKS_ARRAY_SIZE(g_agreePolicyTag), g_agreePolicyTag }
{ HKS_AUTH_ID_AGREE, HKS_ARRAY_SIZE(g_agreePolicyTag), g_agreePolicyTag },
{ HKS_AUTH_ID_MAC_CMAC, HKS_ARRAY_SIZE(g_macCmacPolicyTag), g_macCmacPolicyTag },
};
static int32_t CheckPurpose(const struct HksParam *authParam, const struct HksParam *requestParam)

259
services/huks_standard/huks_engine/main/core/src/hks_core_service_three_stage.c
View File

@ -208,6 +208,8 @@ static int32_t HksCheckFinishOutSize(bool isEncrypt, struct HksParamSet *paramSe
case HKS_ALG_SM2:
return CheckSm2CipherData(isEncrypt, &usageSpec, inData, outData);
case HKS_ALG_AES:
case HKS_ALG_DES:
case HKS_ALG_3DES:
return CheckBlockCipherData(isEncrypt, &usageSpec, inData, outData);
case HKS_ALG_SM4:
return CheckBlockCipherData(isEncrypt, &usageSpec, inData, outData);
@ -262,6 +264,8 @@ static int32_t HmacAuth(const struct HuksKeyNode *keyNode, const struct HksParam
if (algParam->uint32Param == HKS_ALG_HMAC) {
return HksThreeStageAuth(HKS_AUTH_ID_MAC_HMAC, keyNode);
} else if (algParam->uint32Param == HKS_ALG_3DES) { // CMACinit校验密钥算法只支持3DES
return HksThreeStageAuth(HKS_AUTH_ID_MAC_CMAC, keyNode);
} else if (algParam->uint32Param == HKS_ALG_SM3) {
return HksThreeStageAuth(HKS_AUTH_ID_MAC_SM3, keyNode);
}
@ -274,7 +278,8 @@ static int32_t CipherAuth(const struct HuksKeyNode *keyNode, const struct HksPar
int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append cipher get alg param failed!")
if (algParam->uint32Param == HKS_ALG_AES) {
if ((algParam->uint32Param == HKS_ALG_AES) || (algParam->uint32Param == HKS_ALG_DES) ||
(algParam->uint32Param == HKS_ALG_3DES)) {
return HksThreeStageAuth(HKS_AUTH_ID_SYM_CIPHER, keyNode);
} else if ((algParam->uint32Param == HKS_ALG_RSA) || (algParam->uint32Param == HKS_ALG_SM2)) {
return HksThreeStageAuth(HKS_AUTH_ID_ASYM_CIPHER, keyNode);
@ -992,6 +997,168 @@ static int32_t CoreAesCipherFinish(const struct HuksKeyNode *keyNode, const bool
return CoreAesDecryptFinish(keyNode, inData, outData, alg);
}
static int32_t CoreDesCipherInit(const struct HuksKeyNode *keyNode)
{
struct HksParam *modeParam = NULL;
int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher init get block mode failed")
return CoreCipherInit(keyNode);
}
static int32_t CoreDesCipherUpdate(const struct HuksKeyNode *keyNode, const struct HksBlob *inData,
struct HksBlob *outData, uint32_t alg)
{
struct HksParam *modeParam = NULL;
int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher update get block mode failed")
return CoreCipherUpdate(keyNode, inData, outData, alg);
}
static int32_t CoreDesEncryptFinish(
const struct HuksKeyNode *keyNode, const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
{
struct HksBlob tag = {0, NULL};
int32_t ret = HksCheckFinishOutSize(true, keyNode->runtimeParamSet, inData, outData);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "des encrypt finish check data size failed")
struct HksParam *ctxParam = NULL;
ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get ctx from keyNode failed!")
void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is invalid: null!")
ret = HksCryptoHalEncryptFinal(inData, &ctx, outData, &tag, alg);
ctxParam->uint64Param = 0; /* clear ctx to NULL */
if (ret != HKS_SUCCESS) {
HKS_LOG_E("des encrypt Finish failed! ret : %" LOG_PUBLIC "d", ret);
return ret;
}
outData->size += tag.size;
return HKS_SUCCESS;
}
static int32_t CoreDesDecryptFinish(
const struct HuksKeyNode *keyNode, const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
{
struct HksBlob tag = {0, NULL};
int32_t ret = HksCheckFinishOutSize(false, keyNode->runtimeParamSet, inData, outData);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "des decrypt finish check data size failed")
struct HksParam *ctxParam = NULL;
ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get ctx from keyNode failed!")
void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is invalid: null!")
ret = HksCryptoHalDecryptFinal(inData, &ctx, outData, &tag, alg);
HKS_IF_NOT_SUCC_LOGE(ret, "cipher DecryptFinish failed! ret : %" LOG_PUBLIC "d", ret)
ctxParam->uint64Param = 0; /* clear ctx to NULL */
return ret;
}
static int32_t CoreDesCipherFinish(const struct HuksKeyNode *keyNode, const bool isEncrypt,
const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
{
struct HksParam *modeParam = NULL;
int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher finish get block mode failed")
if (isEncrypt) {
return CoreDesEncryptFinish(keyNode, inData, outData, alg);
}
return CoreDesDecryptFinish(keyNode, inData, outData, alg);
}
static int32_t Core3DesCipherInit(const struct HuksKeyNode *keyNode)
{
struct HksParam *modeParam = NULL;
int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher init get block mode failed")
return CoreCipherInit(keyNode);
}
static int32_t Core3DesCipherUpdate(const struct HuksKeyNode *keyNode, const struct HksBlob *inData,
struct HksBlob *outData, uint32_t alg)
{
struct HksParam *modeParam = NULL;
int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher update get block mode failed")
return CoreCipherUpdate(keyNode, inData, outData, alg);
}
static int32_t Core3DesEncryptFinish(
const struct HuksKeyNode *keyNode, const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
{
struct HksBlob tag = {0, NULL};
int32_t ret = HksCheckFinishOutSize(true, keyNode->runtimeParamSet, inData, outData);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "3des encrypt finish check data size failed")
struct HksParam *ctxParam = NULL;
ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get ctx from keyNode failed!")
void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is invalid: null!")
ret = HksCryptoHalEncryptFinal(inData, &ctx, outData, &tag, alg);
ctxParam->uint64Param = 0; /* clear ctx to NULL */
if (ret != HKS_SUCCESS) {
HKS_LOG_E("3des encrypt Finish failed! ret : %" LOG_PUBLIC "d", ret);
return ret;
}
outData->size += tag.size;
return HKS_SUCCESS;
}
static int32_t Core3DesDecryptFinish(
const struct HuksKeyNode *keyNode, const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
{
struct HksBlob tag = {0, NULL};
int32_t ret = HksCheckFinishOutSize(false, keyNode->runtimeParamSet, inData, outData);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "3des decrypt finish check data size failed")
struct HksParam *ctxParam = NULL;
ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get ctx from keyNode failed!")
void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is invalid: null!")
ret = HksCryptoHalDecryptFinal(inData, &ctx, outData, &tag, alg);
HKS_IF_NOT_SUCC_LOGE(ret, "cipher DecryptFinish failed! ret : %" LOG_PUBLIC "d", ret)
ctxParam->uint64Param = 0; /* clear ctx to NULL */
return ret;
}
static int32_t Core3DesCipherFinish(const struct HuksKeyNode *keyNode, const bool isEncrypt,
const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
{
struct HksParam *modeParam = NULL;
int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher finish get block mode failed")
if (isEncrypt) {
return Core3DesEncryptFinish(keyNode, inData, outData, alg);
}
return Core3DesDecryptFinish(keyNode, inData, outData, alg);
}
static int32_t CoreSm4EncryptFinish(const struct HuksKeyNode *keyNode,
const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
{
@ -1142,7 +1309,7 @@ static void FreeCryptoCtx(const struct HuksKeyNode *keyNode, uint32_t alg)
return;
}
if (alg == HKS_ALG_AES) {
if ((alg == HKS_ALG_AES) || (alg == HKS_ALG_DES) || (alg == HKS_ALG_3DES)) {
struct HksParam *modeParam = NULL;
ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
if (ret != HKS_SUCCESS) {
@ -1300,12 +1467,13 @@ int32_t HksCoreSignVerifyThreeStageFinish(const struct HuksKeyNode *keyNode, con
uint32_t digest = alg; // In signature or verify scenario, alg represents digest. See code {GetPurposeAndAlgorithm}
struct HksBlob signVerifyData = { 0, NULL };
struct HksBlob signVerifyData = {0, NULL};
if (HksCheckNeedCache(algParam->uint32Param, digest) == HKS_SUCCESS) {
ret = FinishCachedData(keyNode, &message, &signVerifyData);
} else {
ret = CoreHashFinish(keyNode, &message, &signVerifyData);
}
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "signVerify Finish get Data failed, ret = %" LOG_PUBLIC "d", ret)
/* inData indicates signature when processing verify */
@ -1344,6 +1512,10 @@ int32_t HksCoreCryptoThreeStageInit(const struct HuksKeyNode *keyNode, const str
return SetCacheModeCtx(keyNode);
} else if (algParam->uint32Param == HKS_ALG_AES) {
return CoreAesCipherInit(keyNode);
} else if (algParam->uint32Param == HKS_ALG_DES) {
return CoreDesCipherInit(keyNode);
} else if (algParam->uint32Param == HKS_ALG_3DES) {
return Core3DesCipherInit(keyNode);
} else if (algParam->uint32Param == HKS_ALG_SM4) {
return CoreCipherInit(keyNode);
} else {
@ -1364,6 +1536,10 @@ int32_t HksCoreCryptoThreeStageUpdate(const struct HuksKeyNode *keyNode, const s
return UpdateCachedData(keyNode, inData);
} else if (algParam->uint32Param == HKS_ALG_AES) {
return CoreAesCipherUpdate(keyNode, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_DES) {
return CoreDesCipherUpdate(keyNode, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_3DES) {
return Core3DesCipherUpdate(keyNode, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_SM4) {
return CoreCipherUpdate(keyNode, inData, outData, alg);
} else {
@ -1388,6 +1564,10 @@ int32_t HksCoreEncryptThreeStageFinish(const struct HuksKeyNode *keyNode, const
return CoreSm2CipherFinish(keyNode, inData, outData);
} else if (algParam->uint32Param == HKS_ALG_AES) {
return CoreAesCipherFinish(keyNode, true, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_DES) {
return CoreDesCipherFinish(keyNode, true, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_3DES) {
return Core3DesCipherFinish(keyNode, true, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_SM4) {
return CoreSm4EncryptFinish(keyNode, inData, outData, alg);
} else {
@ -1412,6 +1592,10 @@ int32_t HksCoreDecryptThreeStageFinish(const struct HuksKeyNode *keyNode, const
return CoreSm2CipherFinish(keyNode, inData, outData);
} else if (algParam->uint32Param == HKS_ALG_AES) {
return CoreAesCipherFinish(keyNode, false, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_DES) {
return CoreDesCipherFinish(keyNode, false, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_3DES) {
return Core3DesCipherFinish(keyNode, false, inData, outData, alg);
} else if (algParam->uint32Param == HKS_ALG_SM4) {
return CoreSm4DecryptFinish(keyNode, inData, outData, alg);
} else {
@ -1695,7 +1879,16 @@ int32_t HksCoreMacThreeStageInit(const struct HuksKeyNode *keyNode, const struct
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Derive get raw key failed!")
void *ctx = NULL;
ret = HksCryptoHalHmacInit(&rawKey, alg, &ctx);
struct HksParam *algParam = NULL;
ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append hmac get alg param failed!");
if (algParam->uint32Param == HKS_ALG_3DES) { // CMACinit阶段校验密钥只支持3DES
#ifdef HKS_SUPPORT_CMAC_C
ret = HksCryptoHalCmacInit(&rawKey, alg, &ctx);
#endif
} else {
ret = HksCryptoHalHmacInit(&rawKey, alg, &ctx);
}
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hmac init failed! ret : %" LOG_PUBLIC "d", ret)
ctxParam->uint64Param = (uint64_t)(uintptr_t)ctx;
@ -1720,7 +1913,17 @@ int32_t HksCoreMacThreeStageUpdate(const struct HuksKeyNode *keyNode, const stru
void *ctx = GetCryptoCtx(keyNode);
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is NULL!")
ret = HksCryptoHalHmacUpdate(srcData, ctx);
struct HksParam *algParam = NULL;
ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append hmac get alg param failed!");
if (algParam->uint32Param == HKS_ALG_CMAC) {
#ifdef HKS_SUPPORT_CMAC_C
ret = HksCryptoHalCmacUpdate(srcData, ctx);
#endif
} else {
ret = HksCryptoHalHmacUpdate(srcData, ctx);
}
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hmac update failed! ret : %" LOG_PUBLIC "d", ret)
return HKS_SUCCESS;
@ -1732,17 +1935,23 @@ int32_t HksCoreMacThreeStageFinish(const struct HuksKeyNode *keyNode, const stru
(void)paramSet;
(void)alg;
struct HksParam *digestParam = NULL;
int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_DIGEST, &digestParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_CHECK_GET_DIGEST_FAIL, "get ctx from keyNode failed!")
struct HksParam *algParam = NULL;
int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append hmac get alg param failed!")
uint32_t macLen;
ret = HksGetDigestLen(digestParam->uint32Param, &macLen);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get digest len failed")
if (algParam->uint32Param != HKS_ALG_CMAC) {
struct HksParam *digestParam = NULL;
ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_DIGEST, &digestParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_CHECK_GET_DIGEST_FAIL, "get ctx from keyNode failed!")
if ((CheckBlob(outData) != HKS_SUCCESS) || (outData->size < macLen)) {
HKS_LOG_E("out buffer too small");
return HKS_ERROR_BUFFER_TOO_SMALL;
uint32_t macLen;
ret = HksGetDigestLen(digestParam->uint32Param, &macLen);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get digest len failed")
if ((CheckBlob(outData) != HKS_SUCCESS) || (outData->size < macLen)) {
HKS_LOG_E("out buffer too small");
return HKS_ERROR_BUFFER_TOO_SMALL;
}
}
struct HksParam *ctxParam = NULL;
@ -1752,7 +1961,14 @@ int32_t HksCoreMacThreeStageFinish(const struct HuksKeyNode *keyNode, const stru
void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx invalid")
ret = HksCryptoHalHmacFinal(inData, &ctx, outData);
if (algParam->uint32Param == HKS_ALG_CMAC) {
#ifdef HKS_SUPPORT_CMAC_C
ret = HksCryptoHalCmacFinal(inData, &ctx, outData);
#endif
} else {
ret = HksCryptoHalHmacFinal(inData, &ctx, outData);
}
HKS_IF_NOT_SUCC_LOGE(ret, "hmac final failed! ret : %" LOG_PUBLIC "d", ret)
ctxParam->uint64Param = 0; /* clear ctx to NULL */
@ -1766,8 +1982,17 @@ int32_t HksCoreMacThreeStageAbort(const struct HuksKeyNode *keyNode, const struc
void *ctx = GetCryptoCtx(keyNode);
HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx invalid")
HksCryptoHalHmacFreeCtx(&ctx);
struct HksParam *algParam = NULL;
int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append hmac get alg param failed!")
if (algParam->uint32Param == HKS_ALG_CMAC) {
#ifdef HKS_SUPPORT_CMAC_C
HksCryptoHalCmacFreeCtx(&ctx);
#endif
} else {
HksCryptoHalHmacFreeCtx(&ctx);
}
ClearCryptoCtx(keyNode);
return HKS_SUCCESS;