mini平台新增接口

Signed-off-by: 绫地宁宁 <756090608@qq.com>
2024-11-23 14:50:06 +00:00 · 2024-09-06 15:35:15 +08:00 · 2024-09-06 15:35:15 +08:00 · d242b4e610
commit d242b4e610
parent 4880c5bcb8
18 changed files with 2721 additions and 68 deletions
--- a/frameworks/huks_standard/main/common/include/hks_ability.h
+++ b/frameworks/huks_standard/main/common/include/hks_ability.h
@ -58,6 +58,10 @@ enum HksOperationType {
                                                                /* see hks_chipset_platform_key_hardcoded.c */
    HKS_OPERATION_CHIPSET_PLATFORM_DERIVE_PUB_KEY = 0x20,       /* hardcoded key implementation did not use the enum */
                                                                /* see hks_chipset_platform_key_hardcoded.c */
    HKS_OPERATION_CMAC_INIT,                                    /* cmac init */
    HKS_OPERATION_CMAC_UPDATE,                                  /* cmac update */
    HKS_OPERATION_CMAC_FINAL,                                   /* cmac final */
    HKS_OPERATION_CMAC_FREE_CTX                                 /* cmac free ctx */
 };
 struct HksAbility {
@ -86,6 +90,11 @@ struct HksAbility {
 #define HKS_CRYPTO_ABILITY_HMAC_FINAL           HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC_FINAL, 0)
 #define HKS_CRYPTO_ABILITY_HMAC_FREE_CTX        HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC_FREE_CTX, 0)
 #define HKS_CRYPTO_ABILITY_CMAC_INIT            HKS_CRYPTO_ABILITY(HKS_OPERATION_CMAC_INIT, 0)
 #define HKS_CRYPTO_ABILITY_CMAC_UPDATE          HKS_CRYPTO_ABILITY(HKS_OPERATION_CMAC_UPDATE, 0)
 #define HKS_CRYPTO_ABILITY_CMAC_FINAL           HKS_CRYPTO_ABILITY(HKS_OPERATION_CMAC_FINAL, 0)
 #define HKS_CRYPTO_ABILITY_CMAC_FREE_CTX        HKS_CRYPTO_ABILITY(HKS_OPERATION_CMAC_FREE_CTX, 0)
 #define HKS_CRYPTO_ABILITY_HASH                 HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH, 0)
 #define HKS_CRYPTO_ABILITY_HASH_INIT            HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH_INIT, 0)
 #define HKS_CRYPTO_ABILITY_HASH_UPDATE          HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH_UPDATE, 0)
--- a/frameworks/huks_standard/main/common/include/hks_config_lite_wearable.h
+++ b/frameworks/huks_standard/main/common/include/hks_config_lite_wearable.h
@ -0,0 +1,129 @@
 /*
 * Copyright (c) 2024 Huawei Device Co., Ltd.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 #ifndef HKS_CONFIG_H
 #define HKS_CONFIG_H
 #define HKS_SUPPORT_POSIX
 #define HKS_LOG_ENGINE_HILOG_MODULE_SCY
 /* AES */
 #define HKS_SUPPORT_AES_C
 #define HKS_SUPPORT_AES_GENERATE_KEY
 #define HKS_SUPPORT_AES_CBC_NOPADDING
 #define HKS_SUPPORT_AES_CBC_PKCS7
 #define HKS_SUPPORT_AES_GCM
 #define HKS_SUPPORT_AES_CTR_NOPADDING
 /* DES */
 #define HKS_SUPPORT_DES_C
 #define HKS_SUPPORT_DES_GENERATE_KEY
 #define HKS_SUPPORT_DES_ECB_NOPADDING
 #define HKS_SUPPORT_DES_CBC_NOPADDING
 /* 3DES */
 #define HKS_SUPPORT_3DES_C
 #define HKS_SUPPORT_3DES_GENERATE_KEY
 #define HKS_SUPPORT_3DES_ECB_NOPADDING
 #define HKS_SUPPORT_3DES_CBC_NOPADDING
 /* BN */
 #define HKS_SUPPORT_BN_C
 /* HASH */
 #define HKS_SUPPORT_HASH_C
 #define HKS_SUPPORT_HASH_SHA256
 #define HKS_SUPPORT_HASH_SHA384
 #define HKS_SUPPORT_HASH_SHA512
 /* HMAC */
 #define HKS_SUPPORT_HMAC_C
 #define HKS_SUPPORT_HMAC_SHA256
 #define HKS_SUPPORT_HMAC_SHA384
 #define HKS_SUPPORT_HMAC_SHA512
 /* CMAC */
 #if defined(HKS_SUPPORT_3DES_C)
 #define HKS_SUPPORT_CMAC_C
 #endif
 /* KDF */
 #define HKS_SUPPORT_KDF_C
 #define HKS_SUPPORT_KDF_PBKDF2
 #define HKS_SUPPORT_KDF_HKDF
 /* X25519 */
 #define HKS_SUPPORT_X25519_C
 #define HKS_SUPPORT_X25519_GENERATE_KEY
 #define HKS_SUPPORT_X25519_AGREE_KEY
 #define HKS_SUPPORT_X25519_GET_PUBLIC_KEY
 #if defined(HKS_SUPPORT_AES_GENERATE_KEY) || defined(HKS_SUPPORT_ECC_GENERATE_KEY) || \
    defined(HKS_SUPPORT_ED25519_GENERATE_KEY) || defined(HKS_SUPPORT_RSA_GENERATE_KEY) || \
    defined(HKS_SUPPORT_X25519_GENERATE_KEY)
 #define HKS_SUPPORT_API_GENERATE_KEY
 #define HKS_SUPPORT_API_DELETE_KEY
 #define HKS_SUPPORT_API_GET_KEY_PARAM_SET
 #define HKS_SUPPORT_API_KEY_EXIST
 #endif
 #if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || \
    defined(HKS_SUPPORT_ED25519_C) || defined(HKS_SUPPORT_X25519_C) || \
    defined(HKS_SUPPORT_AES_C)
 #define HKS_SUPPORT_API_IMPORT
 #endif
 #if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || \
    defined(HKS_SUPPORT_ED25519_C) || defined(HKS_SUPPORT_X25519_C)
 #define HKS_SUPPORT_API_EXPORT
 #endif
 #define HKS_SUPPORT_API_GENERATE_RANDOM
 #if defined(HKS_SUPPORT_ECDSA_C) || defined(HKS_SUPPORT_ED25519_SIGN_VERIFY) || \
    defined(HKS_SUPPORT_RSA_SIGN_VERIFY)
 #define HKS_SUPPORT_API_SIGN_VERIFY
 #endif
 #if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_RSA_CRYPT)
 #define HKS_SUPPORT_API_CIPHER
 #endif
 #if defined(HKS_SUPPORT_X25519_AGREE_KEY) || defined(HKS_SUPPORT_ECDH_C)
 #define HKS_SUPPORT_API_AGREE_KEY
 #endif
 #ifdef HKS_SUPPORT_KDF_C
 #define HKS_SUPPORT_API_DERIVE_KEY
 #endif
 #if defined(HKS_SUPPORT_HMAC_C) || defined(HKS_SUPPORT_CMAC_C)
 #define HKS_SUPPORT_API_MAC
 #endif
 #ifdef HKS_SUPPORT_HASH_C
 #define HKS_SUPPORT_API_HASH
 #endif
 #ifdef HKS_SUPPORT_BN_C
 #define HKS_SUPPORT_API_BN_EXP_MOD
 #endif
 #ifndef HKS_SUPPORT_LITE_HEAP
 #define HKS_SUPPORT_API_GET_KEY_INFO_LIST
 #endif
 #endif /* HKS_CONFIG_H */
--- a/frameworks/huks_standard/main/common/include/hks_crypto_hal.h
+++ b/frameworks/huks_standard/main/common/include/hks_crypto_hal.h
@ -143,6 +143,12 @@ typedef int32_t (*HmacUpdate)(void *, const struct HksBlob *);
 typedef int32_t (*HmacFinal)(void **, const struct HksBlob *, struct HksBlob *);
 typedef int32_t (*CmacInit)(void **, const struct HksBlob *, uint32_t);
 typedef int32_t (*CmacUpdate)(void *, const struct HksBlob *);
 typedef int32_t (*CmacFinal)(void **, const struct HksBlob *, struct HksBlob *);
 typedef int32_t (*Hash)(uint32_t, const struct HksBlob *, struct HksBlob *);
 typedef int32_t (*HashInit)(void **, uint32_t);
@ -169,6 +175,8 @@ typedef int32_t (*DecryptUpdate)(void *, const struct HksBlob *, struct HksBlob
 typedef int32_t (*DecryptFinal)(void **, const struct HksBlob *, struct HksBlob *, struct HksBlob *, const bool);
 typedef int32_t (*DecryptFinalDes)(void **, const struct HksBlob *, struct HksBlob *, const bool);
 typedef int32_t (*BnExpMod)(struct HksBlob *, const struct HksBlob *,
    const struct HksBlob *, const struct HksBlob *);
@ -209,6 +217,14 @@ void HksCryptoHalHmacFreeCtx(void **ctx);
 int32_t HksCryptoHalHmac(const struct HksBlob *key, uint32_t digestAlg, const struct HksBlob *msg,
    struct HksBlob *mac);
 int32_t HksCryptoHalCmacInit(const struct HksBlob *key, uint32_t digestAlg, void **ctx);
 int32_t HksCryptoHalCmacUpdate(const struct HksBlob *chunk, void *ctx);
 int32_t HksCryptoHalCmacFinal(const struct HksBlob *msg, void **ctx, struct HksBlob *mac);
 void HksCryptoHalCmacFreeCtx(void **ctx);
 int32_t HksCryptoHalHashInit(uint32_t alg, void **ctx);
 int32_t HksCryptoHalHashUpdate(const struct HksBlob *msg, void *ctx);
--- a/frameworks/huks_standard/main/common/src/hks_base_check.c
+++ b/frameworks/huks_standard/main/common/src/hks_base_check.c
@ -116,6 +116,52 @@ static const uint32_t g_aesEcbPadding[] = {
 };
 #endif
 #ifdef HKS_SUPPORT_DES_C
 static const uint32_t g_desKeySize[] = {
    HKS_DES_KEY_SIZE_64
 };
 static const uint32_t g_desMacKeySize[] = {
    HKS_DES_KEY_SIZE_64
 };
 static const uint32_t g_desPadding[] = {
    HKS_PADDING_NONE
 };
 static const uint32_t g_desMode[] = {
    HKS_MODE_CBC,
    HKS_MODE_ECB
 };
 static const uint32_t g_desCbcPadding[] = {
    HKS_PADDING_NONE
 };
 static const uint32_t g_desEcbPadding[] = {
    HKS_PADDING_NONE
 };
 #endif
 #ifdef HKS_SUPPORT_3DES_C
 static const uint32_t g_3desKeySize[] = {
    HKS_3DES_KEY_SIZE_128,
    HKS_3DES_KEY_SIZE_192
 };
 static const uint32_t g_3desMacKeySize[] = {
    HKS_3DES_KEY_SIZE_128,
    HKS_3DES_KEY_SIZE_192
 };
 static const uint32_t g_3desPadding[] = {
    HKS_PADDING_NONE
 };
 static const uint32_t g_3desMode[] = {
    HKS_MODE_CBC,
    HKS_MODE_ECB
 };
 static const uint32_t g_3desCbcPadding[] = {
    HKS_PADDING_NONE
 };
 static const uint32_t g_3desEcbPadding[] = {
    HKS_PADDING_NONE
 };
 #endif
 #ifdef HKS_SUPPORT_SM4_C
 static const uint32_t g_sm4KeySize[] = {
    HKS_SM4_KEY_SIZE_128,
@ -228,6 +274,7 @@ static const uint32_t g_hmacDigest[] = {
    HKS_DIGEST_SM3
 };
 #endif
 #ifdef HKS_SUPPORT_DSA_C
 static const uint32_t g_dsaDigest[] = {
    HKS_DIGEST_NONE,
@ -321,6 +368,102 @@ static const struct ExpectParamsValuesChecker g_expectAesParams[] = {
 };
 #endif
 #ifdef HKS_SUPPORT_DES_C
 static const struct ParamsValuesChecker g_desParamSet[] = {
    { HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { true, 0, false}, { true, 0, false}, { false, 0, false},
        { true, 0, false} } },
    { HKS_CHECK_TYPE_USE_KEY, { { false, 0, false}, { true, 0, false}, { true, 0, false}, { false, 0, false},
        { true, 0, false} } },
    { HKS_CHECK_TYPE_GEN_MAC_KEY, { { true, 0, false}, { false, 0, false}, { false, 0, false}, { true, 0, false},
        { false, 0, false} } },
    { HKS_CHECK_TYPE_GEN_DERIVE_KEY, { { true, 0, false}, { false, 0, false}, { false, 0, false}, { true, 0, false},
        { false, 0, false} } }
 };
 static const struct ExpectParamsValuesChecker g_expectDesParams[] = {
    { HKS_CHECK_TYPE_GEN_KEY, {
        { true, g_desKeySize, HKS_ARRAY_SIZE(g_desKeySize) },
        { true, g_desPadding, HKS_ARRAY_SIZE(g_desPadding) },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { true, g_desMode, HKS_ARRAY_SIZE(g_desMode) }
        }
    },
    { HKS_CHECK_TYPE_USE_KEY, {
        { false, NULL, 0 },
        { true, g_desPadding, HKS_ARRAY_SIZE(g_desPadding) },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { true, g_desMode, HKS_ARRAY_SIZE(g_desMode) }
        }
    },
    { HKS_CHECK_TYPE_GEN_MAC_KEY, {
        { true, g_desMacKeySize, HKS_ARRAY_SIZE(g_desMacKeySize) },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { true, g_macDigest, HKS_ARRAY_SIZE(g_macDigest) },
        { false, NULL, 0 }
        }
    },
    { HKS_CHECK_TYPE_GEN_DERIVE_KEY, {
        { true, g_desKeySize, HKS_ARRAY_SIZE(g_desKeySize) },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { true, g_digest, HKS_ARRAY_SIZE(g_digest) },
        { false, NULL, 0 }
        }
    }
 };
 #endif
 #ifdef HKS_SUPPORT_3DES_C
 static const struct ParamsValuesChecker g_3desParamSet[] = {
    { HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { true, 0, false}, { true, 0, false}, { false, 0, false},
        { true, 0, false} } },
    { HKS_CHECK_TYPE_USE_KEY, { { false, 0, false}, { true, 0, false}, { true, 0, false}, { false, 0, false},
        { true, 0, false} } },
    { HKS_CHECK_TYPE_GEN_MAC_KEY, { { true, 0, false}, { false, 0, false}, { false, 0, false}, { true, 0, false},
        { false, 0, false} } },
    { HKS_CHECK_TYPE_GEN_DERIVE_KEY, { { true, 0, false}, { false, 0, false}, { false, 0, false}, { true, 0, false},
        { false, 0, false} } }
 };
 static const struct ExpectParamsValuesChecker g_expect3DesParams[] = {
    { HKS_CHECK_TYPE_GEN_KEY, {
        { true, g_3desKeySize, HKS_ARRAY_SIZE(g_3desKeySize) },
        { true, g_3desPadding, HKS_ARRAY_SIZE(g_3desPadding) },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { true, g_3desMode, HKS_ARRAY_SIZE(g_3desMode) }
        }
    },
    { HKS_CHECK_TYPE_USE_KEY, {
        { false, NULL, 0 },
        { true, g_3desPadding, HKS_ARRAY_SIZE(g_3desPadding) },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { true, g_3desMode, HKS_ARRAY_SIZE(g_3desMode) }
        }
    },
    { HKS_CHECK_TYPE_GEN_MAC_KEY, {
        { true, g_3desMacKeySize, HKS_ARRAY_SIZE(g_3desMacKeySize) },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { true, g_macDigest, HKS_ARRAY_SIZE(g_macDigest) },
        { false, NULL, 0 }
        }
    },
    { HKS_CHECK_TYPE_GEN_DERIVE_KEY, {
        { true, g_3desKeySize, HKS_ARRAY_SIZE(g_3desKeySize) },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { true, g_digest, HKS_ARRAY_SIZE(g_digest) },
        { false, NULL, 0 }
        }
    }
 };
 #endif
 #ifdef HKS_SUPPORT_ECC_C
 static const struct ParamsValuesChecker g_eccParamSet[] = {
    { HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
@ -503,6 +646,43 @@ static const struct ExpectParamsValuesChecker g_expectHmacParams[] = {
 };
 #endif
 #ifdef HKS_SUPPORT_CMAC_C
 static const struct ParamsValuesChecker g_cmacParamSet[] = {
    { HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
        { false, 0, false} } },
    { HKS_CHECK_TYPE_USE_KEY, { { false, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
        { false, 0, false} } },
    { HKS_CHECK_TYPE_GEN_MAC_KEY, { { true, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
        { false, 0, false} } }
 };
 static const struct ExpectParamsValuesChecker g_expectCmacParams[] = {
    { HKS_CHECK_TYPE_GEN_KEY, {
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 }
        }
    },
    { HKS_CHECK_TYPE_USE_KEY, {
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 }
        }
    },
    { HKS_CHECK_TYPE_GEN_MAC_KEY, {
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 },
        { false, NULL, 0 }
        }
    }
 };
 #endif
 #ifdef HKS_SUPPORT_DSA_C
 static const struct ParamsValuesChecker g_dsaParamSet[] = {
    { HKS_CHECK_TYPE_GEN_KEY, { { true, 0, false}, { false, 0, false}, { true, 0, false}, { true, 0, false},
@ -627,6 +807,20 @@ static const uint32_t g_invalidPurpose[][2] = {
            HKS_KEY_PURPOSE_UNWRAP,
    },
 #endif
 #ifdef HKS_SUPPORT_DES_C
    {
        HKS_ALG_DES,
        HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY | HKS_KEY_PURPOSE_AGREE | HKS_KEY_PURPOSE_WRAP |
            HKS_KEY_PURPOSE_UNWRAP,
    },
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    {
        HKS_ALG_3DES,
        HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY | HKS_KEY_PURPOSE_AGREE | HKS_KEY_PURPOSE_WRAP |
            HKS_KEY_PURPOSE_UNWRAP,
    },
 #endif
 #ifdef HKS_SUPPORT_ED25519_C
    {
        HKS_ALG_ED25519,
@ -648,6 +842,13 @@ static const uint32_t g_invalidPurpose[][2] = {
            HKS_KEY_PURPOSE_UNWRAP | HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT | HKS_KEY_PURPOSE_AGREE,
    },
 #endif
 #ifdef HKS_SUPPORT_CMAC_C
    {
        HKS_ALG_CMAC,
        HKS_KEY_PURPOSE_DERIVE | HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY | HKS_KEY_PURPOSE_WRAP |
            HKS_KEY_PURPOSE_UNWRAP | HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT | HKS_KEY_PURPOSE_AGREE,
    },
 #endif
 #ifdef HKS_SUPPORT_DSA_C
    {
        HKS_ALG_DSA,
@ -758,6 +959,46 @@ static const struct KeyInfoParams g_validAesKeyInfo[] = {
 };
 #endif
 #ifdef HKS_SUPPORT_DES_C
 static const uint32_t g_supportDesPurpose[] = {
    HKS_KEY_PURPOSE_ENCRYPT,
    HKS_KEY_PURPOSE_DECRYPT,
    HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT,
    HKS_KEY_PURPOSE_DERIVE,
    HKS_KEY_PURPOSE_MAC
 };
 static const uint32_t g_supportDesCipherMode[] = {
    HKS_MODE_CBC,
    HKS_MODE_ECB
 };
 static const struct KeyInfoParams g_validDesKeyInfo[] = {
    { true, HKS_TAG_PURPOSE, g_supportDesPurpose, HKS_ARRAY_SIZE(g_supportDesPurpose) },
    { true, HKS_TAG_BLOCK_MODE, g_supportDesCipherMode, HKS_ARRAY_SIZE(g_supportDesCipherMode) }
 };
 #endif
 #ifdef HKS_SUPPORT_3DES_C
 static const uint32_t g_support3DesPurpose[] = {
    HKS_KEY_PURPOSE_ENCRYPT,
    HKS_KEY_PURPOSE_DECRYPT,
    HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT,
    HKS_KEY_PURPOSE_DERIVE,
    HKS_KEY_PURPOSE_MAC
 };
 static const uint32_t g_support3DesCipherMode[] = {
    HKS_MODE_CBC,
    HKS_MODE_ECB
 };
 static const struct KeyInfoParams g_valid3DesKeyInfo[] = {
    { true, HKS_TAG_PURPOSE, g_support3DesPurpose, HKS_ARRAY_SIZE(g_support3DesPurpose) },
    { true, HKS_TAG_BLOCK_MODE, g_support3DesCipherMode, HKS_ARRAY_SIZE(g_support3DesCipherMode) }
 };
 #endif
 #ifdef HKS_SUPPORT_SM4_C
 static const uint32_t g_supportSm4Purpose[] = {
    HKS_KEY_PURPOSE_ENCRYPT,
@ -779,6 +1020,12 @@ static const struct AuthAcceessKeyInfoChecker g_validKeyInfo[] = {
 #ifdef HKS_SUPPORT_AES_C
    { HKS_ALG_AES, g_validAesKeyInfo, HKS_ARRAY_SIZE(g_validAesKeyInfo) },
 #endif
 #ifdef HKS_SUPPORT_DES_C
    { HKS_ALG_DES, g_validDesKeyInfo, HKS_ARRAY_SIZE(g_validDesKeyInfo) },
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    { HKS_ALG_3DES, g_valid3DesKeyInfo, HKS_ARRAY_SIZE(g_valid3DesKeyInfo) },
 #endif
 #ifdef HKS_SUPPORT_SM4_C
    { HKS_ALG_SM4, g_validSm4KeyInfo, HKS_ARRAY_SIZE(g_validSm4KeyInfo) }
 #endif
@ -959,6 +1206,35 @@ static int32_t InitInputParams(enum CheckKeyType checkType, struct ParamsValues
    return HKS_ERROR_NOT_SUPPORTED;
 }
 static int32_t InitInputParamsByAlgOne(uint32_t alg, enum CheckKeyType checkType, struct ParamsValues *inputParams)
 {
    switch (alg) {
 #ifdef HKS_SUPPORT_HMAC_C
        case HKS_ALG_HMAC:
            return InitInputParams(checkType, inputParams, g_hmacParamSet, HKS_ARRAY_SIZE(g_hmacParamSet));
 #endif
 #ifdef HKS_SUPPORT_CMAC_C
        case HKS_ALG_CMAC:
            return InitInputParams(checkType, inputParams, g_cmacParamSet, HKS_ARRAY_SIZE(g_cmacParamSet));
 #endif
 #ifdef HKS_SUPPORT_DSA_C
        case HKS_ALG_DSA:
            return InitInputParams(checkType, inputParams, g_dsaParamSet, HKS_ARRAY_SIZE(g_dsaParamSet));
 #endif
 #ifdef HKS_SUPPORT_DH_C
        case HKS_ALG_DH:
            return InitInputParams(checkType, inputParams, g_dhParamSet, HKS_ARRAY_SIZE(g_dhParamSet));
 #endif
 #ifdef HKS_SUPPORT_ECDH_C
        case HKS_ALG_ECDH:
            return InitInputParams(checkType, inputParams, g_ecdhParamSet, HKS_ARRAY_SIZE(g_ecdhParamSet));
 #endif
        default:
            return HKS_ERROR_INVALID_ALGORITHM;
    }
 }
 static int32_t InitInputParamsByAlg(uint32_t alg, enum CheckKeyType checkType, struct ParamsValues *inputParams)
 {
    switch (alg) {
@ -966,8 +1242,18 @@ static int32_t InitInputParamsByAlg(uint32_t alg, enum CheckKeyType checkType, s
        case HKS_ALG_RSA:
            return InitInputParams(checkType, inputParams, g_rsaParamSet, HKS_ARRAY_SIZE(g_rsaParamSet));
 #endif
 #ifdef HKS_SUPPORT_AES_C
        case HKS_ALG_AES:
            return InitInputParams(checkType, inputParams, g_aesParamSet, HKS_ARRAY_SIZE(g_aesParamSet));
 #endif
 #ifdef HKS_SUPPORT_DES_C
        case HKS_ALG_DES:
            return InitInputParams(checkType, inputParams, g_desParamSet, HKS_ARRAY_SIZE(g_desParamSet));
 #endif
 #ifdef HKS_SUPPORT_3DES_C
        case HKS_ALG_3DES:
            return InitInputParams(checkType, inputParams, g_3desParamSet, HKS_ARRAY_SIZE(g_3desParamSet));
 #endif
 #ifdef HKS_SUPPORT_ECC_C
        case HKS_ALG_ECC:
            return InitInputParams(checkType, inputParams, g_eccParamSet, HKS_ARRAY_SIZE(g_eccParamSet));
@ -988,25 +1274,9 @@ static int32_t InitInputParamsByAlg(uint32_t alg, enum CheckKeyType checkType, s
        case HKS_ALG_X25519:
        case HKS_ALG_ED25519:
            return InitInputParams(checkType, inputParams, g_curve25519ParamSet, HKS_ARRAY_SIZE(g_curve25519ParamSet));
 #endif
 #ifdef HKS_SUPPORT_HMAC_C
        case HKS_ALG_HMAC:
            return InitInputParams(checkType, inputParams, g_hmacParamSet, HKS_ARRAY_SIZE(g_hmacParamSet));
 #endif
 #ifdef HKS_SUPPORT_DSA_C
        case HKS_ALG_DSA:
            return InitInputParams(checkType, inputParams, g_dsaParamSet, HKS_ARRAY_SIZE(g_dsaParamSet));
 #endif
 #ifdef HKS_SUPPORT_DH_C
        case HKS_ALG_DH:
            return InitInputParams(checkType, inputParams, g_dhParamSet, HKS_ARRAY_SIZE(g_dhParamSet));
 #endif
 #ifdef HKS_SUPPORT_ECDH_C
        case HKS_ALG_ECDH:
            return InitInputParams(checkType, inputParams, g_ecdhParamSet, HKS_ARRAY_SIZE(g_ecdhParamSet));
 #endif
        default:
-            return HKS_ERROR_INVALID_ALGORITHM;
+            return InitInputParamsByAlgOne(alg, checkType, inputParams);
    }
 }
@ -1023,6 +1293,34 @@ static int32_t InitExpectParams(enum CheckKeyType checkType, struct ExpectParams
    return HKS_ERROR_NOT_SUPPORTED;
 }
 static int32_t GetExpectParamsByAlg(uint32_t alg, enum CheckKeyType checkType, struct ExpectParamsValues *expectValues)
 {
    switch (alg) {
 #ifdef HKS_SUPPORT_HMAC_C
        case HKS_ALG_HMAC:
            return InitExpectParams(checkType, expectValues, g_expectHmacParams, HKS_ARRAY_SIZE(g_expectHmacParams));
 #endif
 #ifdef HKS_SUPPORT_CMAC_C
        case HKS_ALG_CMAC:
            return InitExpectParams(checkType, expectValues, g_expectCmacParams, HKS_ARRAY_SIZE(g_expectCmacParams));
 #endif
 #ifdef HKS_SUPPORT_DSA_C
        case HKS_ALG_DSA:
            return InitExpectParams(checkType, expectValues, g_expectDsaParams, HKS_ARRAY_SIZE(g_expectDsaParams));
 #endif
 #ifdef HKS_SUPPORT_DH_C
        case HKS_ALG_DH:
            return InitExpectParams(checkType, expectValues, g_expectDhParams, HKS_ARRAY_SIZE(g_expectDhParams));
 #endif
 #ifdef HKS_SUPPORT_ECDH_C
        case HKS_ALG_ECDH:
            return InitExpectParams(checkType, expectValues, g_expectEcdhParams, HKS_ARRAY_SIZE(g_expectEcdhParams));
 #endif
        default:
            return HKS_ERROR_INVALID_ALGORITHM;
    }
 }
 static int32_t GetExpectParams(uint32_t alg, enum CheckKeyType checkType, struct ExpectParamsValues *expectValues)
 {
    switch (alg) {
@ -1030,8 +1328,18 @@ static int32_t GetExpectParams(uint32_t alg, enum CheckKeyType checkType, struct
        case HKS_ALG_RSA:
            return InitExpectParams(checkType, expectValues, g_expectRsaParams, HKS_ARRAY_SIZE(g_expectRsaParams));
 #endif
 #ifdef HKS_SUPPORT_AES_C
        case HKS_ALG_AES:
            return InitExpectParams(checkType, expectValues, g_expectAesParams, HKS_ARRAY_SIZE(g_expectAesParams));
 #endif
 #ifdef HKS_SUPPORT_DES_C
        case HKS_ALG_DES:
            return InitExpectParams(checkType, expectValues, g_expectDesParams, HKS_ARRAY_SIZE(g_expectDesParams));
 #endif
 #ifdef HKS_SUPPORT_3DES_C
        case HKS_ALG_3DES:
            return InitExpectParams(checkType, expectValues, g_expect3DesParams, HKS_ARRAY_SIZE(g_expect3DesParams));
 #endif
 #ifdef HKS_SUPPORT_ECC_C
        case HKS_ALG_ECC:
            return InitExpectParams(checkType, expectValues, g_expectEccParams, HKS_ARRAY_SIZE(g_expectEccParams));
@ -1053,25 +1361,9 @@ static int32_t GetExpectParams(uint32_t alg, enum CheckKeyType checkType, struct
        case HKS_ALG_ED25519:
            return InitExpectParams(checkType, expectValues, g_expectCurve25519Params,
                HKS_ARRAY_SIZE(g_expectCurve25519Params));
 #endif
 #ifdef HKS_SUPPORT_HMAC_C
        case HKS_ALG_HMAC:
            return InitExpectParams(checkType, expectValues, g_expectHmacParams, HKS_ARRAY_SIZE(g_expectHmacParams));
 #endif
 #ifdef HKS_SUPPORT_DSA_C
        case HKS_ALG_DSA:
            return InitExpectParams(checkType, expectValues, g_expectDsaParams, HKS_ARRAY_SIZE(g_expectDsaParams));
 #endif
 #ifdef HKS_SUPPORT_DH_C
        case HKS_ALG_DH:
            return InitExpectParams(checkType, expectValues, g_expectDhParams, HKS_ARRAY_SIZE(g_expectDhParams));
 #endif
 #ifdef HKS_SUPPORT_ECDH_C
        case HKS_ALG_ECDH:
            return InitExpectParams(checkType, expectValues, g_expectEcdhParams, HKS_ARRAY_SIZE(g_expectEcdhParams));
 #endif
        default:
-            return HKS_ERROR_INVALID_ALGORITHM;
+            return GetExpectParamsByAlg(alg, checkType, expectValues);
    }
 }
@ -1266,7 +1558,8 @@ static int32_t CheckRsaCipherData(uint32_t cmdId, const struct ParamsValues *inp
 static int32_t CheckAesAeCipherData(uint32_t cmdId, const struct HksBlob *inData, const struct HksBlob *outData);
 #endif
-#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_SM4_C)
+#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DES_C) || defined(HKS_SUPPORT_3DES_C) || \
    defined(HKS_SUPPORT_SM4_C)
 static int32_t CheckBlockCbcCipherData(uint32_t mode, uint32_t cmdId, uint32_t padding,
    const struct HksBlob *inData, const struct HksBlob *outData)
 {
@ -1335,6 +1628,24 @@ static int32_t CheckBlockCipherData(uint32_t cmdId, const struct ParamsValues *i
    }
 #endif
 #if defined(HKS_SUPPORT_DES_C)
    if (alg == HKS_ALG_DES) {
        if (mode == HKS_MODE_CBC || mode == HKS_MODE_ECB) {
            uint32_t padding = inputParams->padding.value;
            return CheckBlockCbcCipherData(mode, cmdId, padding, inData, outData);
        }
    }
 #endif
 #if defined(HKS_SUPPORT_3DES_C)
    if (alg == HKS_ALG_3DES) {
        if (mode == HKS_MODE_CBC || mode == HKS_MODE_ECB) {
            uint32_t padding = inputParams->padding.value;
            return CheckBlockCbcCipherData(mode, cmdId, padding, inData, outData);
        }
    }
 #endif
 #if defined(HKS_SUPPORT_SM4_C)
    if (alg == HKS_ALG_SM4) {
        for (uint32_t i = 0; i < HKS_ARRAY_SIZE(g_sm4Mode); i++) {
@ -1362,7 +1673,8 @@ static int32_t CheckBlockCipherIvMaterial(const struct HksParamSet *paramSet)
    return ret;
 }
-#endif // defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_SM4_C)
+#endif // defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DES_C) || defined(HKS_SUPPORT_3DES_C)
       // || defined(HKS_SUPPORT_SM4_C)
 #ifdef HKS_SUPPORT_AES_C
 static int32_t CheckAesPadding(const struct ParamsValues *inputParams)
@ -1485,6 +1797,46 @@ static int32_t CheckCipherAeMaterial(uint32_t mode, const struct HksParamSet *pa
 }
 #endif
 #ifdef HKS_SUPPORT_DES_C
 static int32_t CheckDesPadding(const struct ParamsValues *inputParams)
 {
    if ((inputParams->mode.isAbsent) || (inputParams->padding.isAbsent)) {
        return HKS_SUCCESS;
    }
    uint32_t mode = inputParams->mode.value;
    uint32_t padding = inputParams->padding.value;
    if (mode == HKS_MODE_CBC) {
        return HksCheckValue(padding, g_desCbcPadding, HKS_ARRAY_SIZE(g_desCbcPadding));
    }
    if (mode == HKS_MODE_ECB) {
        return HksCheckValue(padding, g_desEcbPadding, HKS_ARRAY_SIZE(g_desEcbPadding));
    }
    return HKS_SUCCESS;
 }
 #endif
 #ifdef HKS_SUPPORT_3DES_C
 static int32_t Check3DesPadding(const struct ParamsValues *inputParams)
 {
    if ((inputParams->mode.isAbsent) || (inputParams->padding.isAbsent)) {
        return HKS_SUCCESS;
    }
    uint32_t mode = inputParams->mode.value;
    uint32_t padding = inputParams->padding.value;
    if (mode == HKS_MODE_CBC) {
        return HksCheckValue(padding, g_3desCbcPadding, HKS_ARRAY_SIZE(g_3desCbcPadding));
    }
    if (mode == HKS_MODE_ECB) {
        return HksCheckValue(padding, g_3desEcbPadding, HKS_ARRAY_SIZE(g_3desEcbPadding));
    }
    return HKS_SUCCESS;
 }
 #endif
 #ifdef HKS_SUPPORT_SM4_C
 static int32_t CheckSm4Padding(const struct ParamsValues *inputParams)
 {
@ -1648,7 +2000,8 @@ int32_t HksCheckOptionalParam(uint32_t tag, uint32_t alg, uint32_t purpose, bool
 {
    enum CheckKeyType checkType = HKS_CHECK_TYPE_GEN_KEY;
    if (((purpose & HKS_KEY_PURPOSE_DERIVE) != 0) || ((purpose & HKS_KEY_PURPOSE_MAC) != 0)) {
-        if (alg != HKS_ALG_AES && alg != HKS_ALG_HMAC && alg != HKS_ALG_SM3) {
+        if ((alg != HKS_ALG_AES) && (alg != HKS_ALG_DES) && (alg != HKS_ALG_3DES) &&
            (alg != HKS_ALG_HMAC) && (alg != HKS_ALG_CMAC) && (alg != HKS_ALG_SM3)) {
            HKS_LOG_E("check mac or derive, not aes alg, alg: %u", alg);
            return HKS_ERROR_INVALID_PURPOSE;
        }
@ -1735,6 +2088,20 @@ int32_t HksCheckGenKeyMutableParams(uint32_t alg, const struct ParamsValues *inp
                "Check padding not expected, padding = %" LOG_PUBLIC "u", inputParams->padding.value);
            break;
 #endif
 #ifdef HKS_SUPPORT_DES_C
        case HKS_ALG_DES:
            ret = CheckDesPadding(inputParams);
            HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_PADDING,
                "Check padding not expected, padding = %" LOG_PUBLIC "u", inputParams->padding.value);
            break;
 #endif
 #ifdef HKS_SUPPORT_3DES_C
        case HKS_ALG_3DES:
            ret = Check3DesPadding(inputParams);
            HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_PADDING,
                "Check padding not expected, padding = %" LOG_PUBLIC "u", inputParams->padding.value);
            break;
 #endif
 #ifdef HKS_SUPPORT_SM4_C
        case HKS_ALG_SM4:
            ret = CheckSm4Padding(inputParams);
@ -1872,6 +2239,29 @@ int32_t HksCheckSignVerifyMutableParams(uint32_t cmdId, uint32_t alg, const stru
 }
 #endif /* _CUT_AUTHENTICATE_ */
 #if defined(HKS_SUPPORT_DES_C) || defined(HKS_SUPPORT_3DES_C)
 static int32_t HksCheckCipherMutableParamsByAlg(uint32_t alg, const struct ParamsValues *inputParams)
 {
    int32_t ret = HKS_ERROR_INVALID_PADDING;
    switch (alg) {
 #ifdef HKS_SUPPORT_DES_C
        case HKS_ALG_DES:
            ret = CheckDesPadding(inputParams);
            break;
 #endif
 #ifdef HKS_SUPPORT_3DES_C
        case HKS_ALG_3DES:
            ret = Check3DesPadding(inputParams);
            break;
 #endif
        default:
            return HKS_ERROR_INVALID_ALGORITHM;
    }
    return ret;
 }
 #endif
 int32_t HksCheckCipherMutableParams(uint32_t cmdId, uint32_t alg, const struct ParamsValues *inputParams)
 {
    switch (cmdId) {
@ -1912,7 +2302,13 @@ int32_t HksCheckCipherMutableParams(uint32_t cmdId, uint32_t alg, const struct P
            break;
 #endif
        default:
-            return HKS_ERROR_INVALID_ALGORITHM;
+#if defined(HKS_SUPPORT_DES_C) || defined(HKS_SUPPORT_3DES_C)
            ret = HksCheckCipherMutableParamsByAlg(alg, inputParams);
            if (ret == HKS_ERROR_INVALID_ALGORITHM) {
                return HKS_ERROR_INVALID_ALGORITHM;
            }
 #endif
            break;
    }
    HKS_IF_NOT_SUCC_RETURN(ret, HKS_ERROR_INVALID_PADDING)
    return ret;
@ -1930,6 +2326,14 @@ int32_t HksCheckCipherData(uint32_t cmdId, uint32_t alg, const struct ParamsValu
        case HKS_ALG_AES:
            return CheckBlockCipherData(cmdId, inputParams, inData, outData, HKS_ALG_AES);
 #endif
 #ifdef HKS_SUPPORT_DES_C
        case HKS_ALG_DES:
            return CheckBlockCipherData(cmdId, inputParams, inData, outData, HKS_ALG_DES);
 #endif
 #ifdef HKS_SUPPORT_3DES_C
        case HKS_ALG_3DES:
            return CheckBlockCipherData(cmdId, inputParams, inData, outData, HKS_ALG_3DES);
 #endif
 #ifdef HKS_SUPPORT_SM4_C
        case HKS_ALG_SM4:
            return CheckBlockCipherData(cmdId, inputParams, inData, outData, HKS_ALG_SM4);
@ -1956,6 +2360,22 @@ int32_t HksCheckCipherMaterialParams(uint32_t alg, const struct ParamsValues *in
        }
    }
 #endif
 #ifdef HKS_SUPPORT_DES_C
    if (alg == HKS_ALG_DES) {
        uint32_t mode = inputParams->mode.value;
        if (mode == HKS_MODE_CBC) {
            return CheckBlockCipherIvMaterial(paramSet);
        }
    }
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    if (alg == HKS_ALG_3DES) {
        uint32_t mode = inputParams->mode.value;
        if (mode == HKS_MODE_CBC) {
            return CheckBlockCipherIvMaterial(paramSet);
        }
    }
 #endif
 #ifdef HKS_SUPPORT_SM4_C
    if (alg == HKS_ALG_SM4) {
        uint32_t mode = inputParams->mode.value;
--- a/frameworks/huks_standard/main/common/src/hks_check_paramset.c
+++ b/frameworks/huks_standard/main/common/src/hks_check_paramset.c
@ -56,12 +56,21 @@ static uint32_t g_genKeyAlg[] = {
 #ifdef HKS_SUPPORT_AES_C
    HKS_ALG_AES,
 #endif
 #ifdef HKS_SUPPORT_DES_C
    HKS_ALG_DES,
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    HKS_ALG_3DES,
 #endif
 #ifdef HKS_SUPPORT_ECC_C
    HKS_ALG_ECC,
 #endif
 #ifdef HKS_SUPPORT_HMAC_C
    HKS_ALG_HMAC,
 #endif
 #ifdef HKS_SUPPORT_CMAC_C
    HKS_ALG_CMAC,
 #endif
 #ifdef HKS_SUPPORT_ED25519_C
    HKS_ALG_ED25519,
 #endif
@ -95,6 +104,12 @@ static uint32_t g_importKeyAlg[] = {
 #ifdef HKS_SUPPORT_AES_C
    HKS_ALG_AES,
 #endif
 #ifdef HKS_SUPPORT_DES_C
    HKS_ALG_DES,
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    HKS_ALG_3DES,
 #endif
 #ifdef HKS_SUPPORT_ECC_C
    HKS_ALG_ECC,
 #endif
@ -113,6 +128,9 @@ static uint32_t g_importKeyAlg[] = {
 #ifdef HKS_SUPPORT_HMAC_C
    HKS_ALG_HMAC,
 #endif
 #ifdef HKS_SUPPORT_CMAC_C
    HKS_ALG_CMAC,
 #endif
 #ifdef HKS_SUPPORT_SM2_C
    HKS_ALG_SM2,
 #endif
@ -131,6 +149,12 @@ static uint32_t g_cipherAlg[] = {
 #ifdef HKS_SUPPORT_AES_C
    HKS_ALG_AES,
 #endif
 #ifdef HKS_SUPPORT_DES_C
    HKS_ALG_DES,
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    HKS_ALG_3DES,
 #endif
 #ifdef HKS_SUPPORT_SM2_C
    HKS_ALG_SM2,
 #endif
@ -237,6 +261,17 @@ static uint32_t g_aesKeySizeLocal[] = {
    HKS_AES_KEY_SIZE_256,
 };
 #endif
 #ifdef HKS_SUPPORT_DES_C
 static uint32_t g_desKeySizeLocal[] = {
    HKS_DES_KEY_SIZE_64
 };
 #endif
 #ifdef HKS_SUPPORT_3DES_C
 static uint32_t g_3desKeySizeLocal[] = {
    HKS_3DES_KEY_SIZE_128,
    HKS_3DES_KEY_SIZE_192
 };
 #endif
 #ifdef HKS_SUPPORT_RSA_C
 static uint32_t g_rsaKeySizeLocal[] = {
    HKS_RSA_KEY_SIZE_512,
@ -252,6 +287,12 @@ static uint32_t g_cipherAlgLocal[] = {
 #ifdef HKS_SUPPORT_AES_C
    HKS_ALG_AES,
 #endif
 #ifdef HKS_SUPPORT_DES_C
    HKS_ALG_DES,
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    HKS_ALG_3DES,
 #endif
 #ifdef HKS_SUPPORT_RSA_C
    HKS_ALG_RSA,
 #endif
@ -261,9 +302,18 @@ static uint32_t g_symmetricAlgorithm[] = {
 #ifdef HKS_SUPPORT_AES_C
    HKS_ALG_AES,
 #endif
 #ifdef HKS_SUPPORT_DES_C
    HKS_ALG_DES,
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    HKS_ALG_3DES,
 #endif
 #ifdef HKS_SUPPORT_HMAC_C
    HKS_ALG_HMAC,
 #endif
 #ifdef HKS_SUPPORT_CMAC_C
    HKS_ALG_CMAC,
 #endif
 #ifdef HKS_SUPPORT_SM3_C
    HKS_ALG_SM3,
 #endif
@ -325,7 +375,8 @@ static int32_t CheckGenKeyMacDeriveParams(
    uint32_t alg, uint32_t inputPurpose, const struct HksParamSet *paramSet, struct ParamsValues *params,
    uint32_t keyFlag)
 {
-    if (alg != HKS_ALG_AES && alg != HKS_ALG_HMAC && alg != HKS_ALG_SM3 && alg != HKS_ALG_SM4) {
+    if (alg != HKS_ALG_AES && alg != HKS_ALG_DES && alg != HKS_ALG_3DES && alg != HKS_ALG_HMAC &&
        alg != HKS_ALG_CMAC && alg != HKS_ALG_SM3 && alg != HKS_ALG_SM4) {
        HKS_LOG_E("check mac or derive, not valid alg, alg: %" LOG_PUBLIC "u", alg);
        return HKS_ERROR_INVALID_PURPOSE;
    }
@ -768,7 +819,8 @@ int32_t HksCoreCheckImportKeyParams(const struct HksBlob *keyAlias, const struct
    ret = CheckAndGetAlgorithm(paramSet, g_importKeyAlg, HKS_ARRAY_SIZE(g_importKeyAlg), &alg);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "import key check and get alg failed")
-    if ((alg == HKS_ALG_AES) || (alg == HKS_ALG_SM3) || (alg == HKS_ALG_SM4) || (alg == HKS_ALG_HMAC)) {
+    if ((alg == HKS_ALG_AES) || (alg == HKS_ALG_DES) || (alg == HKS_ALG_3DES) || (alg == HKS_ALG_SM3) ||
        (alg == HKS_ALG_SM4) || (alg == HKS_ALG_HMAC) || (alg == HKS_ALG_CMAC)) {
        return CheckImportSymmetricKeySize(&params, key);
    }
@ -984,6 +1036,18 @@ int32_t HksLocalCheckCipherParams(uint32_t cmdId, uint32_t keySize, const struct
        ret = HksCheckValue(keySize, g_aesKeySizeLocal, HKS_ARRAY_SIZE(g_aesKeySizeLocal));
 #else
        ret = HKS_ERROR_NOT_SUPPORTED;
 #endif
    } else if (alg == HKS_ALG_DES) {
 #ifdef HKS_SUPPORT_DES_C
        ret = HksCheckValue(keySize, g_desKeySizeLocal, HKS_ARRAY_SIZE(g_desKeySizeLocal));
 #else
        ret = HKS_ERROR_NOT_SUPPORTED;
 #endif
    } else if (alg == HKS_ALG_3DES) {
 #ifdef HKS_SUPPORT_3DES_C
        ret = HksCheckValue(keySize, g_3desKeySizeLocal, HKS_ARRAY_SIZE(g_3desKeySizeLocal));
 #else
        ret = HKS_ERROR_NOT_SUPPORTED;
 #endif
    } else if (alg == HKS_ALG_RSA) {
 #ifdef HKS_SUPPORT_RSA_C
--- a/frameworks/huks_standard/main/common/src/hks_crypto_adapter.c
+++ b/frameworks/huks_standard/main/common/src/hks_crypto_adapter.c
@ -183,6 +183,22 @@ static bool HksIsAlgorithmSm4(const struct HksParamSet *paramSet)
    return (algParam->uint32Param == HKS_ALG_SM4);
 }
 static bool HksIsAlgorithm3DES(const struct HksParamSet *paramSet)
 {
    struct HksParam *algParam = NULL;
    int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check 3DES get alg param failed!")
    return (algParam->uint32Param == HKS_ALG_3DES);
 }
 static bool HksIsAlgorithmDES(const struct HksParamSet *paramSet)
 {
    struct HksParam *algParam = NULL;
    int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check DES get alg param failed!")
    return (algParam->uint32Param == HKS_ALG_DES);
 }
 int32_t HksBuildCipherUsageSpec(
    const struct HksParamSet *paramSet, bool isEncrypt, struct HksBlob *inputText, struct HksUsageSpec **outUsageSpec)
 {
@ -202,6 +218,10 @@ int32_t HksBuildCipherUsageSpec(
    if (HksIsAlgorithmSm4(paramSet)) { // is sm4
        ret = HksFillIvParam(paramSet, usageSpec);
    } else if (HksIsAlgorithm3DES(paramSet)) { // is 3des
        ret = HksFillIvParam(paramSet, usageSpec);
    } else if (HksIsAlgorithmDES(paramSet)) { // is des
        ret = HksFillIvParam(paramSet, usageSpec);
    } else if (!isAes) { // not sm4, not aes
        *outUsageSpec = usageSpec;
        return HKS_SUCCESS;
--- a/frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_3des.h
+++ b/frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_3des.h
@ -0,0 +1,53 @@
 /*
 * Copyright (c) 2024 Huawei Device Co., Ltd.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 #ifndef HKS_MBEDTLS_3DES_H
 #define HKS_MBEDTLS_3DES_H
 #ifdef HKS_CONFIG_FILE
 #include HKS_CONFIG_FILE
 #else
 #include "hks_config.h"
 #endif
 #include "hks_crypto_hal.h"
 #include "hks_type_inner.h"
 #ifdef __cplusplus
 extern "C" {
 #endif
 #ifdef HKS_SUPPORT_3DES_C
 #ifdef HKS_SUPPORT_3DES_GENERATE_KEY
 int32_t HksMbedtls3DesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key);
 #endif /* HKS_SUPPORT_3DES_GENERATE_KEY */
 int32_t HksMbedtls3DesCryptoInit(
    void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt);
 int32_t HksMbedtls3DesCryptoUpdate(
    void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt);
 int32_t HksMbedtls3DesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
    const bool encrypt);
 void HksMbedtls3DesHalFreeCtx(void **cryptoCtx);
 #endif /* HKS_SUPPORT_3DES_C */
 #ifdef __cplusplus
 }
 #endif
 #endif /* HKS_MBEDTLS_3DES_H */
--- a/frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_des.h
+++ b/frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_des.h
@ -0,0 +1,53 @@
 /*
 * Copyright (c) 2024 Huawei Device Co., Ltd.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 #ifndef HKS_MBEDTLS_DES_H
 #define HKS_MBEDTLS_DES_H
 #ifdef HKS_CONFIG_FILE
 #include HKS_CONFIG_FILE
 #else
 #include "hks_config.h"
 #endif
 #include "hks_crypto_hal.h"
 #include "hks_type_inner.h"
 #ifdef __cplusplus
 extern "C" {
 #endif
 #ifdef HKS_SUPPORT_DES_C
 #ifdef HKS_SUPPORT_DES_GENERATE_KEY
 int32_t HksMbedtlsDesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key);
 #endif /* HKS_SUPPORT_DES_GENERATE_KEY */
 int32_t HksMbedtlsDesCryptoInit(
    void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt);
 int32_t HksMbedtlsDesCryptoUpdate(
    void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt);
 int32_t HksMbedtlsDesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
    const bool encrypt);
 void HksMbedtlsDesHalFreeCtx(void **cryptoCtx);
 #endif /* HKS_SUPPORT_DES_C */
 #ifdef __cplusplus
 }
 #endif
 #endif /* HKS_MBEDTLS_DES_H */
--- a/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_3des.c
+++ b/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_3des.c
@ -0,0 +1,740 @@
 /*
 * Copyright (c) 2024 Huawei Device Co., Ltd.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 #ifdef HKS_CONFIG_FILE
 #include HKS_CONFIG_FILE
 #else
 #include "hks_config.h"
 #endif
 #ifdef HKS_SUPPORT_3DES_C
 #include "hks_mbedtls_3des.h"
 #include <mbedtls/des.h>
 #include <mbedtls/ccm.h>
 #include <mbedtls/cipher.h>
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/gcm.h>
 #include "hks_log.h"
 #include "hks_mbedtls_common.h"
 #include "hks_mem.h"
 #include "hks_template.h"
 #define HKS_3DES_CBC_NOPADDING_IV_SIZE 8
 #define HKS_3DES_CBC_DATA_BLOB_SIZE 8
 struct HksMbedtls3DesCtx {
    uint32_t algType;
    uint32_t mode;
    uint32_t padding;
    uint8_t *append;
    uint8_t iv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
 } HksMbedtls3DesCtx;
 static int32_t CheckKeySize(const struct HksBlob *key)
 {
    if ((key->size != HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) && (key->size != HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192))) {
        return HKS_ERROR_INVALID_KEY_SIZE;
    }
    return HKS_SUCCESS;
 }
 #ifdef HKS_SUPPORT_3DES_GENERATE_KEY
 int32_t HksMbedtls3DesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
 {
    if ((spec->keyLen != HKS_3DES_KEY_SIZE_128) && (spec->keyLen != HKS_3DES_KEY_SIZE_192)) {
        return HKS_ERROR_INVALID_KEY_SIZE;
    }
    const uint32_t keyByteLen = spec->keyLen / HKS_BITS_PER_BYTE;
    uint8_t *outKey = (uint8_t *)HksMalloc(keyByteLen);
    HKS_IF_NULL_RETURN(outKey, HKS_ERROR_MALLOC_FAIL)
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctrDrbg;
    (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
    (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
    int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
    if (ret != HKS_SUCCESS) {
        HKS_FREE(outKey);
        return ret;
    }
    do {
        ret = mbedtls_ctr_drbg_random(&ctrDrbg, outKey, keyByteLen);
        if (ret != HKS_MBEDTLS_SUCCESS) {
            HKS_LOG_E("Mbedtls ctr drbg random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
            (void)memset_s(outKey, keyByteLen, 0, keyByteLen);
            HKS_FREE(outKey);
            ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
            break;
        }
        key->data = outKey;
        key->size = keyByteLen;
    } while (0);
    mbedtls_ctr_drbg_free(&ctrDrbg);
    mbedtls_entropy_free(&entropy);
    return ret;
 }
 #endif /* HKS_SUPPORT_3DES_GENERATE_KEY */
 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
 static int32_t Des3CbcNoPaddingCryptSetKey(const struct HksBlob *key, mbedtls_des3_context *ctx, const bool encrypt)
 {
    int32_t ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
    if (encrypt) {
        if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
            ret = mbedtls_des3_set2key_enc(ctx, key->data);
        } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
            ret = mbedtls_des3_set3key_enc(ctx, key->data);
        }
    } else {
        if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
            ret = mbedtls_des3_set2key_dec(ctx, key->data);
        } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
            ret = mbedtls_des3_set3key_dec(ctx, key->data);
        }
    }
    return ret;
 }
 static int32_t Des3CbcNoPaddingCryptInit(
    void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
 {
    mbedtls_des3_context *ctx = (mbedtls_des3_context *)HksMalloc(sizeof(mbedtls_des3_context));
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_MALLOC_FAIL, "initialize ctx fail")
    mbedtls_des3_init(ctx);
    int32_t ret = Des3CbcNoPaddingCryptSetKey(key, ctx, encrypt);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls 3des set key failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
        mbedtls_des3_free(ctx);
        HKS_FREE(ctx);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    struct HksMbedtls3DesCtx *outCtx = (struct HksMbedtls3DesCtx *)HksMalloc(sizeof(struct HksMbedtls3DesCtx));
    if (outCtx == NULL) {
        HKS_LOG_E("initialize outCtx fail");
        mbedtls_des3_free(ctx);
        HKS_FREE(ctx);
        return HKS_ERROR_MALLOC_FAIL;
    }
    outCtx->append = (void *)ctx;
    outCtx->mode = usageSpec->mode;
    outCtx->padding = usageSpec->padding;
    struct HksCipherParam *iv = (struct HksCipherParam *)(usageSpec->algParam);
    (void)memcpy_s(outCtx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE, iv->iv.data, HKS_3DES_CBC_NOPADDING_IV_SIZE);
    *cryptoCtx = (void *)outCtx;
    return ret;
 }
 static int32_t Des3CbcNoPaddingCryptUpdate(
    void *cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
 {
    struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)cryptoCtx;
    HKS_IF_NULL_RETURN(des3Ctx, HKS_ERROR_NULL_POINTER)
    mbedtls_des3_context *cbcNoPaddingCtx = (mbedtls_des3_context *)des3Ctx->append;
    HKS_IF_NULL_RETURN(cbcNoPaddingCtx, HKS_ERROR_NULL_POINTER)
    int32_t ret;
    do {
        if (message->size % HKS_3DES_CBC_DATA_BLOB_SIZE != 0) {
            HKS_LOG_E("Des3CbcNoPaddingCryptUpdate data size invalid!");
            ret = HKS_ERROR_INVALID_ARGUMENT;
            break;
        }
        /* mbedtls_des3_crypt_cbc will refresh iv, so need a temp iv */
        uint8_t tmpIv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
        if (memcpy_s(tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE, des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE) != EOK) {
            HKS_LOG_E("Memcpy temp iv failed!");
            ret = HKS_ERROR_INVALID_IV;
            break;
        }
        ret = mbedtls_des3_crypt_cbc(cbcNoPaddingCtx,
            (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
            message->size,
            tmpIv,
            message->data,
            cipherText->data);
        if (ret != HKS_MBEDTLS_SUCCESS) {
            HKS_LOG_E("Mbedtks 3des cbc nopadding crypt failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
            (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
            ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
            break;
        }
        cipherText->size = message->size;
        (void)memcpy_s(des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE, tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE);
    } while (0);
    return ret;
 }
 static int32_t Des3CbcNoPaddingCryptFinal(
    void **cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
 {
    struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
    mbedtls_des3_context *cbcNoPaddingCtx = (mbedtls_des3_context *)des3Ctx->append;
    if (cbcNoPaddingCtx == NULL) {
        HKS_FREE(*cryptoCtx);
        return HKS_ERROR_NULL_POINTER;
    }
    int32_t ret = HKS_SUCCESS;
    do {
        if (message->size % HKS_3DES_CBC_DATA_BLOB_SIZE != 0) {
            HKS_LOG_E("Des3CbcNoPaddingCryptFinal data size invalid!");
            ret = HKS_ERROR_INVALID_ARGUMENT;
            break;
        }
        if (message->size != 0) {
            /* mbedtls_des3_crypt_cbc will refresh iv, so need a temp iv */
            uint8_t tmpIv[HKS_3DES_CBC_NOPADDING_IV_SIZE];
            if (memcpy_s(tmpIv, HKS_3DES_CBC_NOPADDING_IV_SIZE, des3Ctx->iv, HKS_3DES_CBC_NOPADDING_IV_SIZE) != EOK) {
                HKS_LOG_E("Memcpy temp iv failed!");
                ret = HKS_ERROR_INVALID_IV;
                break;
            }
            ret = mbedtls_des3_crypt_cbc(cbcNoPaddingCtx,
                (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
                message->size,
                tmpIv,
                message->data,
                cipherText->data);
            if (ret != HKS_MBEDTLS_SUCCESS) {
                HKS_LOG_E("Mbedtls 3des gcm encryot failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
                (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
                ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
                break;
            }
        }
        cipherText->size = message->size;
    } while (0);
    mbedtls_des3_free(cbcNoPaddingCtx);
    HKS_FREE(des3Ctx->append);
    HKS_FREE(*cryptoCtx);
    return ret;
 }
 #endif /* HKS_SUPPORT_3DES_CBC_NOPADDING */
 static int32_t Des3CbcCryptInit(
    void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
 {
    switch (usageSpec->padding) {
 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
        case HKS_PADDING_NONE:
            return Des3CbcNoPaddingCryptInit(cryptoCtx, key, usageSpec, encrypt);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 static int32_t Des3CbcCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
    struct HksBlob *cipherText, const bool encrypt)
 {
    switch (padding) {
 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
        case HKS_PADDING_NONE:
            return Des3CbcNoPaddingCryptUpdate(cryptoCtx, message, encrypt, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 static int32_t Des3CbcCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
    struct HksBlob *cipherText, const bool encrypt)
 {
    switch (padding) {
 #ifdef HKS_SUPPORT_3DES_CBC_NOPADDING
        case HKS_PADDING_NONE:
            return Des3CbcNoPaddingCryptFinal(cryptoCtx, message, encrypt, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
 static int32_t Des3EcbNoPaddingCryptInitParam(const struct HksBlob *key, mbedtls_cipher_context_t *ecbCtx,
    const bool encrypt)
 {
    const mbedtls_cipher_info_t *info = NULL;
    if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_128)) {
        info = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
    } else if (key->size == HKS_KEY_BYTES(HKS_3DES_KEY_SIZE_192)) {
        info = mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_3DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
    }
    if (info == NULL) {
        HKS_LOG_E("get cipher info from values failed!");
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    int32_t ret = mbedtls_cipher_setup(ecbCtx, info);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls cipher setup failed ret = %" LOG_PUBLIC "d", ret);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    ret = mbedtls_cipher_setkey(
        ecbCtx, key->data, key->size * HKS_BITS_PER_BYTE, encrypt ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls setkey failed ret = %" LOG_PUBLIC "d", ret);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    ret = mbedtls_cipher_set_iv(ecbCtx, NULL, 0);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls set iv failed ret = %" LOG_PUBLIC "d", ret);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    return HKS_SUCCESS;
 }
 static int32_t Des3EcbNoPaddingCryptInit(void **cryptoCtx, const struct HksUsageSpec *usageSpec,
    const struct HksBlob *key, const bool encrypt)
 {
    mbedtls_cipher_context_t *ecbCtx = (mbedtls_cipher_context_t *)HksMalloc(sizeof(mbedtls_cipher_context_t));
    HKS_IF_NULL_LOGE_RETURN(ecbCtx, HKS_ERROR_MALLOC_FAIL, "Ecb ecbCtx malloc fail")
    mbedtls_cipher_init(ecbCtx);
    int32_t ret = Des3EcbNoPaddingCryptInitParam(key, ecbCtx, encrypt);
    if (ret != HKS_SUCCESS) {
        HKS_LOG_E("Des3EcbNoPaddingCryptInitParam failed ret = %" LOG_PUBLIC "d", ret);
        mbedtls_cipher_free(ecbCtx);
        HKS_FREE(ecbCtx);
        return ret;
    }
    ret = mbedtls_cipher_reset(ecbCtx);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls reset failed ret = %" LOG_PUBLIC "d", ret);
        mbedtls_cipher_free(ecbCtx);
        HKS_FREE(ecbCtx);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    struct HksMbedtls3DesCtx *outCtx = (struct HksMbedtls3DesCtx *)HksMalloc(sizeof(struct HksMbedtls3DesCtx));
    if (outCtx == NULL) {
        HKS_LOG_E("initialize outCtx fail");
        mbedtls_cipher_free(ecbCtx);
        HKS_FREE(ecbCtx);
        return HKS_ERROR_MALLOC_FAIL;
    }
    outCtx->algType = usageSpec->algType;
    outCtx->mode = usageSpec->mode;
    outCtx->padding = usageSpec->padding;
    outCtx->append = (void *)ecbCtx;
    *cryptoCtx = (void *)outCtx;
    return ret;
 }
 static int32_t Des3EcbNoPaddingData(mbedtls_cipher_context_t *ecbNoPadingctx, size_t blockSize,
    const struct HksBlob *message, struct HksBlob *cipherText, size_t *outLenTotal)
 {
    int32_t ret;
    uint8_t *tmpMessage = (uint8_t *)HksMalloc(blockSize);
    HKS_IF_NULL_LOGE_RETURN(tmpMessage, HKS_ERROR_INSUFFICIENT_MEMORY, "EcbNoPaddingUpdate tmpMessage is null")
    if (message->size <= blockSize) {
        (void)memset_s(tmpMessage, blockSize, 0, blockSize);
        (void)memcpy_s(tmpMessage, message->size, message->data, message->size);
        ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, blockSize, cipherText->data, outLenTotal);
        if (ret != HKS_MBEDTLS_SUCCESS) {
            HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
            HKS_FREE(tmpMessage);
            return HKS_ERROR_CRYPTO_ENGINE_ERROR;
        }
    } else {
        uint32_t point = 0;
        while (point < message->size) {
            (void)memset_s(tmpMessage, blockSize, 0, blockSize);
            uint32_t tmpSize = (message->size - point) >= blockSize ? blockSize : (message->size - point);
            ret = memcpy_s(tmpMessage, blockSize, message->data + point, tmpSize);
            if (ret != HKS_MBEDTLS_SUCCESS) {
                HKS_LOG_E("copy data failed");
                HKS_FREE(tmpMessage);
                return HKS_ERROR_INSUFFICIENT_MEMORY;
            }
            size_t olen;
            ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, tmpSize, cipherText->data + point, &olen);
            if (ret != HKS_MBEDTLS_SUCCESS) {
                HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
                HKS_FREE(tmpMessage);
                return HKS_ERROR_CRYPTO_ENGINE_ERROR;
            }
            *outLenTotal += olen;
            point += blockSize;
        }
    }
    HKS_FREE(tmpMessage);
    return HKS_SUCCESS;
 }
 static mbedtls_cipher_context_t *Get3DesEcbNoPaddingCtx(void *cryptoCtx, const struct HksBlob *message,
    struct HksBlob *cipherText, size_t *outLenTotal)
 {
    struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)cryptoCtx;
    mbedtls_cipher_context_t *ecbNoPadingctx = (mbedtls_cipher_context_t *)des3Ctx->append;
    HKS_IF_NULL_LOGE_RETURN(ecbNoPadingctx, NULL, "EcbNoPaddingUpdate ecbNoPadingctx is null")
    int32_t ret = HKS_SUCCESS;
    do {
        if (message == NULL) {
            HKS_LOG_E("The message is null.");
            ret = HKS_FAILURE;
            break;
        }
        if (message->size != 0) {
            size_t blockSize = mbedtls_cipher_get_block_size(ecbNoPadingctx);
            HKS_LOG_E("Ecb No padding update!message.size[%" LOG_PUBLIC "d] blockSize[%" LOG_PUBLIC "d]",
                message->size, blockSize);
            if (blockSize == 0 || (message->size % blockSize != 0)) {
                HKS_LOG_E("The size of message is invalid.");
                ret = HKS_ERROR_INVALID_ARGUMENT;
                break;
            }
            ret = Des3EcbNoPaddingData(ecbNoPadingctx, blockSize, message, cipherText, outLenTotal);
            HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DesEcbNoPaddingData failed")
        }
    } while (0);
    HKS_IF_NOT_SUCC_RETURN(ret, NULL)
    return ecbNoPadingctx;
 }
 static int32_t Des3EcbNoPaddingCryptUpdate(void *cryptoCtx, const struct HksBlob *message,
    struct HksBlob *cipherText)
 {
    size_t outLenTotal = 0;
    HKS_IF_NULL_RETURN(Get3DesEcbNoPaddingCtx(cryptoCtx, message, cipherText, &outLenTotal), HKS_ERROR_NULL_POINTER)
    cipherText->size = outLenTotal;
    return HKS_SUCCESS;
 }
 static int32_t Des3EcbNoPaddingCryptFinal(void **cryptoCtx, const struct HksBlob *message,
    struct HksBlob *cipherText)
 {
    size_t outLenTotal = 0;
    mbedtls_cipher_context_t *ecbNoPadingctx = Get3DesEcbNoPaddingCtx(*cryptoCtx, message, cipherText, &outLenTotal);
    if (ecbNoPadingctx == NULL) {
        HKS_FREE(*cryptoCtx);
        return HKS_ERROR_NULL_POINTER;
    }
    struct HksMbedtls3DesCtx *des3Ctx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
    size_t finishOlen;
    size_t olen = outLenTotal;
    int32_t ret = mbedtls_cipher_finish(ecbNoPadingctx, cipherText->data + olen, &finishOlen);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls ecb nopadding crypt update failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
        (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
        ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
    } else {
        cipherText->size = olen + finishOlen;
    }
    mbedtls_cipher_free(ecbNoPadingctx);
    HKS_FREE(des3Ctx->append);
    HKS_FREE(*cryptoCtx);
    return ret;
 }
 #endif
 static int32_t Des3EcbCryptInit(void **cryptoCtx, const struct HksBlob *key,
    const struct HksUsageSpec *usageSpec, const bool encrypt)
 {
    switch (usageSpec->padding) {
 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
        case HKS_PADDING_NONE:
            return Des3EcbNoPaddingCryptInit(cryptoCtx, usageSpec, key, encrypt);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 static int32_t Des3EcbCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
    struct HksBlob *cipherText)
 {
    switch (padding) {
 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
        case HKS_PADDING_NONE:
            return Des3EcbNoPaddingCryptUpdate(cryptoCtx, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 static int32_t Des3EcbCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
    struct HksBlob *cipherText)
 {
    switch (padding) {
 #ifdef HKS_SUPPORT_3DES_ECB_NOPADDING
        case HKS_PADDING_NONE:
            return Des3EcbNoPaddingCryptFinal(cryptoCtx, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 int32_t HksMbedtls3DesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
 {
    if (CheckKeySize(key) != HKS_SUCCESS || cryptoCtx == NULL || usageSpec == NULL) {
        HKS_LOG_E("Invalid des3 keySiz = 0x%" LOG_PUBLIC "X", key->size);
        return HKS_ERROR_INVALID_ARGUMENT;
    }
    switch (usageSpec->mode) {
 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return Des3CbcCryptInit(cryptoCtx, key, usageSpec, true);
 #endif
 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return Des3EcbCryptInit(cryptoCtx, key, usageSpec, true);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
            return HKS_ERROR_NOT_SUPPORTED;
    }
 }
 int32_t HksMbedtls3DesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
 {
    HKS_IF_NULL_LOGE_RETURN(cryptoCtx, HKS_ERROR_INVALID_ARGUMENT, "Mbedtls 3DES encrypt update param is null")
    struct HksMbedtls3DesCtx *des3EncryptCtx = (struct HksMbedtls3DesCtx *)cryptoCtx;
    switch (des3EncryptCtx->mode) {
 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return Des3CbcCryptUpdate(cryptoCtx, des3EncryptCtx->padding, message, cipherText, true);
 #endif
 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return Des3EcbCryptUpdate(cryptoCtx, des3EncryptCtx->padding, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3EncryptCtx->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtls3DesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
 {
    struct HksMbedtls3DesCtx *des3EncryptCtx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
    switch (des3EncryptCtx->mode) {
 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return Des3CbcCryptFinal(cryptoCtx, des3EncryptCtx->padding, message, cipherText, true);
 #endif
 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return Des3EcbCryptFinal(cryptoCtx, des3EncryptCtx->padding, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3EncryptCtx->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtls3DesDecryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
 {
    HKS_IF_NOT_SUCC_LOGE_RETURN(
        CheckKeySize(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid des3 keySize = 0x%" LOG_PUBLIC "X", key->size)
    switch (usageSpec->mode) {
 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return Des3CbcCryptInit(cryptoCtx, key, usageSpec, false);
 #endif
 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return Des3EcbCryptInit(cryptoCtx, key, usageSpec, false);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtls3DesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
 {
    struct HksMbedtls3DesCtx *des3DecryptCtx = (struct HksMbedtls3DesCtx *)cryptoCtx;
    switch (des3DecryptCtx->mode) {
 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return Des3CbcCryptUpdate(cryptoCtx, des3DecryptCtx->padding, message, cipherText, false);
 #endif
 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return Des3EcbCryptUpdate(cryptoCtx, des3DecryptCtx->padding, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3DecryptCtx->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtls3DesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
 {
    struct HksMbedtls3DesCtx *des3DecryptCtx = (struct HksMbedtls3DesCtx *)*cryptoCtx;
    switch (des3DecryptCtx->mode) {
 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return Des3CbcCryptFinal(cryptoCtx, des3DecryptCtx->padding, message, cipherText, false);
 #endif
 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return Des3EcbCryptFinal(cryptoCtx, des3DecryptCtx->padding, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", des3DecryptCtx->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtls3DesCryptoInit(
    void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
 {
    if (encrypt) {
        return HksMbedtls3DesEncryptInit(cryptoCtx, key, usageSpec);
    } else {
        return HksMbedtls3DesDecryptInit(cryptoCtx, key, usageSpec);
    }
 }
 int32_t HksMbedtls3DesCryptoUpdate(
    void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt)
 {
    if (encrypt) {
        return HksMbedtls3DesEncryptUpdate(cryptoCtx, message, cipherText);
    } else {
        return HksMbedtls3DesDecryptUpdate(cryptoCtx, message, cipherText);
    }
 }
 int32_t HksMbedtls3DesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
    const bool encrypt)
 {
    if (encrypt) {
        return HksMbedtls3DesEncryptFinal(cryptoCtx, message, cipherText);
    } else {
        return HksMbedtls3DesDecryptFinal(cryptoCtx, message, cipherText);
    }
 }
 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
 void HksMbedtls3DesHalModeCbcFreeCtx(void **cryptCtx)
 {
    if (cryptCtx == NULL || *cryptCtx == NULL) {
        HKS_LOG_E("FreeCtx cryptCtx param is null");
        return;
    }
    struct HksMbedtls3DesCtx *mbedtls3DesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
    if (mbedtls3DesCtx->padding == HKS_PADDING_NONE) {
        if (mbedtls3DesCtx->append != NULL) {
            mbedtls_des3_free((mbedtls_des3_context *)(mbedtls3DesCtx->append));
            HKS_FREE(mbedtls3DesCtx->append);
        }
    }
 }
 #endif
 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
 void HksMbedtls3DesHalModeEcbFreeCtx(void **cryptCtx)
 {
    if (cryptCtx == NULL || *cryptCtx == NULL) {
        HKS_LOG_E("FreeCtx cryptCtx param is null");
        return;
    }
    struct HksMbedtls3DesCtx *mbedtlsDesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
    if (mbedtlsDesCtx->padding == HKS_PADDING_NONE) {
        if (mbedtlsDesCtx->append != NULL) {
            mbedtls_cipher_free((mbedtls_cipher_context_t *)mbedtlsDesCtx->append);
            HKS_FREE(mbedtlsDesCtx->append);
        }
    }
 }
 #endif
 void HksMbedtls3DesHalFreeCtx(void **cryptCtx)
 {
    if (cryptCtx == NULL || *cryptCtx == NULL) {
        HKS_LOG_E("FreeCtx param context null");
        return;
    }
    struct HksMbedtls3DesCtx *mbedtls3DesCtx = (struct HksMbedtls3DesCtx *)*cryptCtx;
    switch (mbedtls3DesCtx->mode) {
 #if defined(HKS_SUPPORT_3DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            HksMbedtls3DesHalModeCbcFreeCtx(cryptCtx);
            break;
 #endif
 #if defined(HKS_SUPPORT_3DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            HksMbedtls3DesHalModeEcbFreeCtx(cryptCtx);
            break;
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", mbedtls3DesCtx->mode);
            break;
    }
    HKS_FREE(*cryptCtx);
 }
 #endif /* HKS_SUPPORT_3DES_C */
--- a/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c
+++ b/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c
@ -27,6 +27,8 @@
 #include "hks_mbedtls_aes.h"
 #include "hks_mbedtls_bn.h"
 #include "hks_mbedtls_common.h"
 #include "hks_mbedtls_des.h"
 #include "hks_mbedtls_3des.h"
 #include "hks_mbedtls_dh.h"
 #include "hks_mbedtls_dsa.h"
 #include "hks_mbedtls_ecc.h"
@ -52,6 +54,12 @@ static void RegisterAbilityGenerateKey(void)
 #if defined(HKS_SUPPORT_AES_C) && defined(HKS_SUPPORT_AES_GENERATE_KEY)
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(HKS_ALG_AES), (void *)HksMbedtlsAesGenerateKey);
 #endif
 #if defined(HKS_SUPPORT_DES_C) && defined(HKS_SUPPORT_DES_GENERATE_KEY)
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(HKS_ALG_DES), (void *)HksMbedtlsDesGenerateKey);
 #endif
 #if defined(HKS_SUPPORT_3DES_C) && defined(HKS_SUPPORT_3DES_GENERATE_KEY)
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(HKS_ALG_3DES), (void *)HksMbedtls3DesGenerateKey);
 #endif
 #if defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY)
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_GENERATE_KEY(HKS_ALG_RSA), (void *)HksMbedtlsRsaGenerateKey);
 #endif
@ -136,6 +144,26 @@ static void RegisterAbilityEncrypt(void)
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FREE_CTX(HKS_ALG_AES),
        (void *)HksMbedtlsAesHalFreeCtx);
 #endif
 #ifdef HKS_SUPPORT_DES_C
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_INIT(HKS_ALG_DES),
        (void *)HksMbedtlsDesCryptoInit);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_UPDATE(HKS_ALG_DES),
        (void *)HksMbedtlsDesCryptoUpdate);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FINAL(HKS_ALG_DES),
        (void *)HksMbedtlsDesCryptoFinal);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FREE_CTX(HKS_ALG_DES),
        (void *)HksMbedtlsDesHalFreeCtx);
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_INIT(HKS_ALG_3DES),
        (void *)HksMbedtls3DesCryptoInit);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_UPDATE(HKS_ALG_3DES),
        (void *)HksMbedtls3DesCryptoUpdate);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FINAL(HKS_ALG_3DES),
        (void *)HksMbedtls3DesCryptoFinal);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_ENCRYPT_FREE_CTX(HKS_ALG_3DES),
        (void *)HksMbedtls3DesHalFreeCtx);
 #endif
 }
 static void RegisterAbilityDecrypt(void)
@ -154,6 +182,26 @@ static void RegisterAbilityDecrypt(void)
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FREE_CTX(HKS_ALG_AES),
        (void *)HksMbedtlsAesHalFreeCtx);
 #endif
 #ifdef HKS_SUPPORT_DES_C
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_INIT(HKS_ALG_DES),
        (void *)HksMbedtlsDesCryptoInit);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_UPDATE(HKS_ALG_DES),
        (void *)HksMbedtlsDesCryptoUpdate);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(HKS_ALG_DES),
        (void *)HksMbedtlsDesCryptoFinal);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FREE_CTX(HKS_ALG_DES),
        (void *)HksMbedtlsDesHalFreeCtx);
 #endif
 #ifdef HKS_SUPPORT_3DES_C
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_INIT(HKS_ALG_3DES),
        (void *)HksMbedtls3DesCryptoInit);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_UPDATE(HKS_ALG_3DES),
        (void *)HksMbedtls3DesCryptoUpdate);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(HKS_ALG_3DES),
        (void *)HksMbedtls3DesCryptoFinal);
    (void)RegisterAbility(HKS_CRYPTO_ABILITY_DECRYPT_FREE_CTX(HKS_ALG_3DES),
        (void *)HksMbedtls3DesHalFreeCtx);
 #endif
 }
 static void RegisterAbilityAgree(void)
--- a/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_des.c
+++ b/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_des.c
@ -0,0 +1,706 @@
 /*
 * Copyright (c) 2024 Huawei Device Co., Ltd.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 #ifdef HKS_CONFIG_FILE
 #include HKS_CONFIG_FILE
 #else
 #include "hks_config.h"
 #endif
 #ifdef HKS_SUPPORT_DES_C
 #include "hks_mbedtls_des.h"
 #include <mbedtls/des.h>
 #include <mbedtls/ccm.h>
 #include <mbedtls/cipher.h>
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/gcm.h>
 #include "hks_log.h"
 #include "hks_mbedtls_common.h"
 #include "hks_mem.h"
 #include "hks_template.h"
 #define HKS_DES_CBC_NOPADDING_IV_SIZE 8
 #define HKS_DES_CBC_DATA_BLOB_SIZE 8
 struct HksMbedtlsDesCtx {
    uint32_t algType;
    uint32_t mode;
    uint32_t padding;
    uint8_t *append;
    uint8_t iv[HKS_DES_CBC_NOPADDING_IV_SIZE];
    uint8_t *nonce;
    uint32_t nonceSize;
    uint8_t *aad;
    uint32_t aadSize;
 } HksMbedtlsDesCtx;
 static int32_t CheckKeySize(const struct HksBlob *key)
 {
    if (key->size != HKS_KEY_BYTES(HKS_DES_KEY_SIZE_64)) {
        return HKS_ERROR_INVALID_KEY_SIZE;
    }
    return HKS_SUCCESS;
 }
 #ifdef HKS_SUPPORT_DES_GENERATE_KEY
 int32_t HksMbedtlsDesGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key)
 {
    if (spec->keyLen != HKS_DES_KEY_SIZE_64) {
        return HKS_ERROR_INVALID_KEY_SIZE;
    }
    const uint32_t keyByteLen = spec->keyLen / HKS_BITS_PER_BYTE;
    uint8_t *outKey = (uint8_t *)HksMalloc(keyByteLen);
    HKS_IF_NULL_RETURN(outKey, HKS_ERROR_MALLOC_FAIL)
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctrDrbg;
    (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
    (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
    int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
    if (ret != HKS_SUCCESS) {
        HKS_FREE(outKey);
        return ret;
    }
    do {
        ret = mbedtls_ctr_drbg_random(&ctrDrbg, outKey, keyByteLen);
        if (ret != HKS_MBEDTLS_SUCCESS) {
            HKS_LOG_E("Mbedtls ctr drbg random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
            (void)memset_s(outKey, keyByteLen, 0, keyByteLen);
            HKS_FREE(outKey);
            ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
            break;
        }
        key->data = outKey;
        key->size = keyByteLen;
    } while (0);
    mbedtls_ctr_drbg_free(&ctrDrbg);
    mbedtls_entropy_free(&entropy);
    return ret;
 }
 #endif /* HKS_SUPPORT_DES_GENERATE_KEY */
 #ifdef HKS_SUPPORT_DES_CBC_NOPADDING
 static int32_t DesCbcNoPaddingCryptInit(
    void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
 {
    mbedtls_des_context *ctx = (mbedtls_des_context *)HksMalloc(sizeof(mbedtls_des_context));
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_MALLOC_FAIL, "initialize ctx fail")
    mbedtls_des_init(ctx);
    int32_t ret;
    if (encrypt) {
        ret = mbedtls_des_setkey_enc(ctx, key->data);
    } else {
        ret = mbedtls_des_setkey_dec(ctx, key->data);
    }
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls des set key failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
        mbedtls_des_free(ctx);
        HKS_FREE(ctx);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    struct HksMbedtlsDesCtx *outCtx = (struct HksMbedtlsDesCtx *)HksMalloc(sizeof(struct HksMbedtlsDesCtx));
    if (outCtx == NULL) {
        HKS_LOG_E("initialize outCtx fail");
        mbedtls_des_free(ctx);
        HKS_FREE(ctx);
        return HKS_ERROR_MALLOC_FAIL;
    }
    outCtx->append = (void *)ctx;
    outCtx->mode = usageSpec->mode;
    outCtx->padding = usageSpec->padding;
    struct HksCipherParam *iv = (struct HksCipherParam *)(usageSpec->algParam);
    (void)memcpy_s(outCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE, iv->iv.data, HKS_DES_CBC_NOPADDING_IV_SIZE);
    *cryptoCtx = (void *)outCtx;
    return ret;
 }
 static int32_t DesCbcNoPaddingCryptUpdate(
    void *cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
 {
    struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
    HKS_IF_NULL_RETURN(desCtx, HKS_ERROR_NULL_POINTER)
    mbedtls_des_context *cbcNoPaddingCtx = (mbedtls_des_context *)desCtx->append;
    HKS_IF_NULL_RETURN(cbcNoPaddingCtx, HKS_ERROR_NULL_POINTER)
    int32_t ret;
    do {
        if (message->size % HKS_DES_CBC_DATA_BLOB_SIZE != 0) {
            HKS_LOG_E("DesCbcNoPaddingCryptUpdate data size invalid!");
            ret = HKS_ERROR_INVALID_ARGUMENT;
            break;
        }
        /* mbedtls_des_crypt_cbc will refresh iv, so need a temp iv */
        uint8_t tmpIv[HKS_DES_CBC_NOPADDING_IV_SIZE];
        if (memcpy_s(tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE, desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE) != EOK) {
            HKS_LOG_E("Memcpy temp iv failed!");
            ret = HKS_ERROR_INVALID_IV;
            break;
        }
        ret = mbedtls_des_crypt_cbc(cbcNoPaddingCtx,
            (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
            message->size,
            tmpIv,
            message->data,
            cipherText->data);
        if (ret != HKS_MBEDTLS_SUCCESS) {
            HKS_LOG_E("Mbedtks des cbc nopadding crypt failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
            (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
            ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
            break;
        }
        cipherText->size = message->size;
        (void)memcpy_s(desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE, tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE);
    } while (0);
    return ret;
 }
 static int32_t DesCbcNoPaddingCryptFinal(
    void **cryptoCtx, const struct HksBlob *message, const bool encrypt, struct HksBlob *cipherText)
 {
    struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
    mbedtls_des_context *cbcNoPaddingCtx = (mbedtls_des_context *)desCtx->append;
    if (cbcNoPaddingCtx == NULL) {
        HKS_FREE(*cryptoCtx);
        return HKS_ERROR_NULL_POINTER;
    }
    int32_t ret = HKS_SUCCESS;
    do {
        if (message->size % HKS_DES_CBC_DATA_BLOB_SIZE != 0) {
            HKS_LOG_E("DesCbcNoPaddingCryptFinal data size invalid!");
            ret = HKS_ERROR_INVALID_ARGUMENT;
            break;
        }
        if (message->size != 0) {
            /* mbedtls_des_crypt_cbc will refresh iv, so need a temp iv */
            uint8_t tmpIv[HKS_DES_CBC_NOPADDING_IV_SIZE];
            if (memcpy_s(tmpIv, HKS_DES_CBC_NOPADDING_IV_SIZE, desCtx->iv, HKS_DES_CBC_NOPADDING_IV_SIZE) != EOK) {
                HKS_LOG_E("Memcpy temp iv failed!");
                ret = HKS_ERROR_INVALID_IV;
                break;
            }
            ret = mbedtls_des_crypt_cbc(cbcNoPaddingCtx,
                (encrypt ? MBEDTLS_DES_ENCRYPT : MBEDTLS_DES_DECRYPT),
                message->size,
                tmpIv,
                message->data,
                cipherText->data);
            if (ret != HKS_MBEDTLS_SUCCESS) {
                HKS_LOG_E("Mbedtls des gcm encryot failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
                (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
                ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
                break;
            }
        }
        cipherText->size = message->size;
    } while (0);
    mbedtls_des_free(cbcNoPaddingCtx);
    HKS_FREE(desCtx->append);
    HKS_FREE(*cryptoCtx);
    return ret;
 }
 #endif /* HKS_SUPPORT_DES_CBC_NOPADDING */
 static int32_t DesCbcCryptInit(
    void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
 {
    switch (usageSpec->padding) {
 #ifdef HKS_SUPPORT_DES_CBC_NOPADDING
        case HKS_PADDING_NONE:
            return DesCbcNoPaddingCryptInit(cryptoCtx, key, usageSpec, encrypt);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 static int32_t DesCbcCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
    struct HksBlob *cipherText, const bool encrypt)
 {
    switch (padding) {
 #ifdef HKS_SUPPORT_DES_CBC_NOPADDING
        case HKS_PADDING_NONE:
            return DesCbcNoPaddingCryptUpdate(cryptoCtx, message, encrypt, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 static int32_t DesCbcCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
    struct HksBlob *cipherText, const bool encrypt)
 {
    switch (padding) {
 #ifdef HKS_SUPPORT_DES_CBC_NOPADDING
        case HKS_PADDING_NONE:
            return DesCbcNoPaddingCryptFinal(cryptoCtx, message, encrypt, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 #ifdef HKS_SUPPORT_DES_ECB_NOPADDING
 static int32_t DesEcbNoPaddingCryptInitParam(const struct HksBlob *key, mbedtls_cipher_context_t *ecbCtx,
    const bool encrypt)
 {
    const mbedtls_cipher_info_t *info =
        mbedtls_cipher_info_from_values(MBEDTLS_CIPHER_ID_DES, key->size * HKS_BITS_PER_BYTE, MBEDTLS_MODE_ECB);
    if (info == NULL) {
        HKS_LOG_E("get cipher info from values failed!");
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    int32_t ret = mbedtls_cipher_setup(ecbCtx, info);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls cipher setup failed ret = %" LOG_PUBLIC "d", ret);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    ret = mbedtls_cipher_setkey(
        ecbCtx, key->data, key->size * HKS_BITS_PER_BYTE, encrypt ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls setkey failed ret = %" LOG_PUBLIC "d", ret);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    ret = mbedtls_cipher_set_iv(ecbCtx, NULL, 0);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls set iv failed ret = %" LOG_PUBLIC "d", ret);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    return HKS_SUCCESS;
 }
 static int32_t DesEcbNoPaddingCryptInit(void **cryptoCtx, const struct HksUsageSpec *usageSpec,
    const struct HksBlob *key, const bool encrypt)
 {
    mbedtls_cipher_context_t *ecbCtx = (mbedtls_cipher_context_t *)HksMalloc(sizeof(mbedtls_cipher_context_t));
    HKS_IF_NULL_LOGE_RETURN(ecbCtx, HKS_ERROR_MALLOC_FAIL, "Ecb ecbCtx malloc fail")
    mbedtls_cipher_init(ecbCtx);
    int32_t ret = DesEcbNoPaddingCryptInitParam(key, ecbCtx, encrypt);
    if (ret != HKS_SUCCESS) {
        HKS_LOG_E("DesEcbNoPaddingCryptInitParam failed ret = %" LOG_PUBLIC "d", ret);
        mbedtls_cipher_free(ecbCtx);
        HKS_FREE(ecbCtx);
        return ret;
    }
    ret = mbedtls_cipher_reset(ecbCtx);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls reset failed ret = %" LOG_PUBLIC "d", ret);
        mbedtls_cipher_free(ecbCtx);
        HKS_FREE(ecbCtx);
        return HKS_ERROR_CRYPTO_ENGINE_ERROR;
    }
    struct HksMbedtlsDesCtx *outCtx = (struct HksMbedtlsDesCtx *)HksMalloc(sizeof(struct HksMbedtlsDesCtx));
    if (outCtx == NULL) {
        HKS_LOG_E("initialize outCtx fail");
        mbedtls_cipher_free(ecbCtx);
        HKS_FREE(ecbCtx);
        return HKS_ERROR_MALLOC_FAIL;
    }
    outCtx->algType = usageSpec->algType;
    outCtx->mode = usageSpec->mode;
    outCtx->padding = usageSpec->padding;
    outCtx->append = (void *)ecbCtx;
    *cryptoCtx = (void *)outCtx;
    return ret;
 }
 static int32_t DesEcbNoPaddingData(mbedtls_cipher_context_t *ecbNoPadingctx, size_t blockSize,
    const struct HksBlob *message, struct HksBlob *cipherText, size_t *outLenTotal)
 {
    int32_t ret;
    uint8_t *tmpMessage = (uint8_t *)HksMalloc(blockSize);
    HKS_IF_NULL_LOGE_RETURN(tmpMessage, HKS_ERROR_INSUFFICIENT_MEMORY, "EcbNoPaddingUpdate tmpMessage is null")
    if (message->size <= blockSize) {
        (void)memset_s(tmpMessage, blockSize, 0, blockSize);
        (void)memcpy_s(tmpMessage, message->size, message->data, message->size);
        ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, blockSize, cipherText->data, outLenTotal);
        if (ret != HKS_MBEDTLS_SUCCESS) {
            HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
            HKS_FREE(tmpMessage);
            return HKS_ERROR_CRYPTO_ENGINE_ERROR;
        }
    } else {
        uint32_t point = 0;
        while (point < message->size) {
            (void)memset_s(tmpMessage, blockSize, 0, blockSize);
            uint32_t tmpSize = (message->size - point) >= blockSize ? blockSize : (message->size - point);
            ret = memcpy_s(tmpMessage, blockSize, message->data + point, tmpSize);
            if (ret != HKS_MBEDTLS_SUCCESS) {
                HKS_LOG_E("copy data failed");
                HKS_FREE(tmpMessage);
                return HKS_ERROR_INSUFFICIENT_MEMORY;
            }
            size_t olen;
            ret = mbedtls_cipher_update(ecbNoPadingctx, tmpMessage, tmpSize, cipherText->data + point, &olen);
            if (ret != HKS_MBEDTLS_SUCCESS) {
                HKS_LOG_E("Mbedtls ecb no padding update failed ret = 0x%" LOG_PUBLIC "X", ret);
                HKS_FREE(tmpMessage);
                return HKS_ERROR_CRYPTO_ENGINE_ERROR;
            }
            *outLenTotal += olen;
            point += blockSize;
        }
    }
    HKS_FREE(tmpMessage);
    return HKS_SUCCESS;
 }
 static mbedtls_cipher_context_t *GetDesEcbNoPaddingCtx(void *cryptoCtx, const struct HksBlob *message,
    struct HksBlob *cipherText, size_t *outLenTotal)
 {
    struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
    mbedtls_cipher_context_t *ecbNoPadingctx = (mbedtls_cipher_context_t *)desCtx->append;
    HKS_IF_NULL_LOGE_RETURN(ecbNoPadingctx, NULL, "EcbNoPaddingUpdate ecbNoPadingctx is null")
    int32_t ret = HKS_SUCCESS;
    do {
        if (message == NULL) {
            HKS_LOG_E("The message is null.");
            ret = HKS_FAILURE;
            break;
        }
        if (message->size != 0) {
            size_t blockSize = mbedtls_cipher_get_block_size(ecbNoPadingctx);
            HKS_LOG_E("Ecb No padding update!message.size[%" LOG_PUBLIC "d] blockSize[%" LOG_PUBLIC "d]",
                message->size, blockSize);
            if (blockSize == 0 || (message->size % blockSize != 0)) {
                HKS_LOG_E("The size of message is invalid.");
                ret = HKS_ERROR_INVALID_ARGUMENT;
                break;
            }
            ret = DesEcbNoPaddingData(ecbNoPadingctx, blockSize, message, cipherText, outLenTotal);
            HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DesEcbNoPaddingData failed")
        }
    } while (0);
    HKS_IF_NOT_SUCC_RETURN(ret, NULL)
    return ecbNoPadingctx;
 }
 static int32_t DesEcbNoPaddingCryptUpdate(void *cryptoCtx, const struct HksBlob *message,
    struct HksBlob *cipherText)
 {
    size_t outLenTotal = 0;
    HKS_IF_NULL_RETURN(GetDesEcbNoPaddingCtx(cryptoCtx, message, cipherText, &outLenTotal), HKS_ERROR_NULL_POINTER)
    cipherText->size = outLenTotal;
    return HKS_SUCCESS;
 }
 static int32_t DesEcbNoPaddingCryptFinal(void **cryptoCtx, const struct HksBlob *message,
    struct HksBlob *cipherText)
 {
    size_t outLenTotal = 0;
    mbedtls_cipher_context_t *ecbNoPadingctx = GetDesEcbNoPaddingCtx(*cryptoCtx, message, cipherText, &outLenTotal);
    if (ecbNoPadingctx == NULL) {
        HKS_FREE(*cryptoCtx);
        return HKS_ERROR_NULL_POINTER;
    }
    struct HksMbedtlsDesCtx *desCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
    size_t finishOlen;
    size_t olen = outLenTotal;
    int32_t ret = mbedtls_cipher_finish(ecbNoPadingctx, cipherText->data + olen, &finishOlen);
    if (ret != HKS_MBEDTLS_SUCCESS) {
        HKS_LOG_E("Mbedtls ecb nopadding crypt update failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
        (void)memset_s(cipherText->data, cipherText->size, 0, cipherText->size);
        ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
    } else {
        cipherText->size = olen + finishOlen;
    }
    mbedtls_cipher_free(ecbNoPadingctx);
    HKS_FREE(desCtx->append);
    HKS_FREE(*cryptoCtx);
    return ret;
 }
 #endif
 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
 static int32_t DesEcbCryptInit(void **cryptoCtx, const struct HksBlob *key,
    const struct HksUsageSpec *usageSpec, const bool encrypt)
 {
    switch (usageSpec->padding) {
 #ifdef HKS_SUPPORT_DES_ECB_NOPADDING
        case HKS_PADDING_NONE:
            return DesEcbNoPaddingCryptInit(cryptoCtx, usageSpec, key, encrypt);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", usageSpec->padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 static int32_t DesEcbCryptUpdate(void *cryptoCtx, const uint8_t padding, const struct HksBlob *message,
    struct HksBlob *cipherText)
 {
    switch (padding) {
 #ifdef HKS_SUPPORT_DES_ECB_NOPADDING
        case HKS_PADDING_NONE:
            return DesEcbNoPaddingCryptUpdate(cryptoCtx, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 static int32_t DesEcbCryptFinal(void **cryptoCtx, const uint8_t padding, const struct HksBlob *message,
    struct HksBlob *cipherText)
 {
    switch (padding) {
 #ifdef HKS_SUPPORT_DES_ECB_NOPADDING
        case HKS_PADDING_NONE:
            return DesEcbNoPaddingCryptFinal(cryptoCtx, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport padding! mode = 0x%" LOG_PUBLIC "X", padding);
            return HKS_ERROR_INVALID_PADDING;
    }
 }
 #endif
 int32_t HksMbedtlsDesEncryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
 {
    if (CheckKeySize(key) != HKS_SUCCESS || cryptoCtx == NULL || usageSpec == NULL) {
        HKS_LOG_E("Invalid des keySiz = 0x%" LOG_PUBLIC "X", key->size);
        return HKS_ERROR_INVALID_ARGUMENT;
    }
    switch (usageSpec->mode) {
 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return DesCbcCryptInit(cryptoCtx, key, usageSpec, true);
 #endif
 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return DesEcbCryptInit(cryptoCtx, key, usageSpec, true);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
            return HKS_ERROR_NOT_SUPPORTED;
    }
 }
 int32_t HksMbedtlsDesEncryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
 {
    HKS_IF_NULL_LOGE_RETURN(cryptoCtx, HKS_ERROR_INVALID_ARGUMENT, "Mbedtls DES encrypt update param is null")
    struct HksMbedtlsDesCtx *desEncryptCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
    switch (desEncryptCtx->mode) {
 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return DesCbcCryptUpdate(cryptoCtx, desEncryptCtx->padding, message, cipherText, true);
 #endif
 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return DesEcbCryptUpdate(cryptoCtx, desEncryptCtx->padding, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desEncryptCtx->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtlsDesEncryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
 {
    struct HksMbedtlsDesCtx *desEncryptCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
    switch (desEncryptCtx->mode) {
 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return DesCbcCryptFinal(cryptoCtx, desEncryptCtx->padding, message, cipherText, true);
 #endif
 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return DesEcbCryptFinal(cryptoCtx, desEncryptCtx->padding, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desEncryptCtx->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtlsDesDecryptInit(void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec)
 {
    HKS_IF_NOT_SUCC_LOGE_RETURN(
        CheckKeySize(key), HKS_ERROR_INVALID_ARGUMENT, "Invalid des keySize = 0x%" LOG_PUBLIC "X", key->size)
    switch (usageSpec->mode) {
 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return DesCbcCryptInit(cryptoCtx, key, usageSpec, false);
 #endif
 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return DesEcbCryptInit(cryptoCtx, key, usageSpec, false);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", usageSpec->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtlsDesDecryptUpdate(void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
 {
    struct HksMbedtlsDesCtx *desDecryptCtx = (struct HksMbedtlsDesCtx *)cryptoCtx;
    switch (desDecryptCtx->mode) {
 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return DesCbcCryptUpdate(cryptoCtx, desDecryptCtx->padding, message, cipherText, false);
 #endif
 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return DesEcbCryptUpdate(cryptoCtx, desDecryptCtx->padding, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desDecryptCtx->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtlsDesDecryptFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText)
 {
    struct HksMbedtlsDesCtx *desDecryptCtx = (struct HksMbedtlsDesCtx *)*cryptoCtx;
    switch (desDecryptCtx->mode) {
 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            return DesCbcCryptFinal(cryptoCtx, desDecryptCtx->padding, message, cipherText, false);
 #endif
 #if defined(HKS_SUPPORT_DES_ECB_NOPADDING)
        case HKS_MODE_ECB:
            return DesEcbCryptFinal(cryptoCtx, desDecryptCtx->padding, message, cipherText);
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", desDecryptCtx->mode);
            return HKS_ERROR_INVALID_ARGUMENT;
    }
 }
 int32_t HksMbedtlsDesCryptoInit(
    void **cryptoCtx, const struct HksBlob *key, const struct HksUsageSpec *usageSpec, const bool encrypt)
 {
    if (encrypt) {
        return HksMbedtlsDesEncryptInit(cryptoCtx, key, usageSpec);
    } else {
        return HksMbedtlsDesDecryptInit(cryptoCtx, key, usageSpec);
    }
 }
 int32_t HksMbedtlsDesCryptoUpdate(
    void *cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText, const bool encrypt)
 {
    if (encrypt) {
        return HksMbedtlsDesEncryptUpdate(cryptoCtx, message, cipherText);
    } else {
        return HksMbedtlsDesDecryptUpdate(cryptoCtx, message, cipherText);
    }
 }
 int32_t HksMbedtlsDesCryptoFinal(void **cryptoCtx, const struct HksBlob *message, struct HksBlob *cipherText,
    const bool encrypt)
 {
    if (encrypt) {
        return HksMbedtlsDesEncryptFinal(cryptoCtx, message, cipherText);
    } else {
        return HksMbedtlsDesDecryptFinal(cryptoCtx, message, cipherText);
    }
 }
 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
 void HksMbedtlsDesHalModecbcFreeCtx(void **cryptCtx)
 {
    if (cryptCtx == NULL || *cryptCtx == NULL) {
        HKS_LOG_E("FreeCtx cryptCtx param is null");
        return;
    }
    struct HksMbedtlsDesCtx *mbedtlsDesCtx = (struct HksMbedtlsDesCtx *)*cryptCtx;
    if (mbedtlsDesCtx->padding == HKS_PADDING_NONE) {
        if (mbedtlsDesCtx->append != NULL) {
            mbedtls_des_free((mbedtls_des_context *)(mbedtlsDesCtx->append));
            HKS_FREE(mbedtlsDesCtx->append);
        }
    }
 }
 #endif
 void HksMbedtlsDesHalFreeCtx(void **cryptCtx)
 {
    if (cryptCtx == NULL || *cryptCtx == NULL) {
        HKS_LOG_E("FreeCtx param context null");
        return;
    }
    struct HksMbedtlsDesCtx *mbedtlsDesCtx = (struct HksMbedtlsDesCtx *)*cryptCtx;
    switch (mbedtlsDesCtx->mode) {
 #if defined(HKS_SUPPORT_DES_CBC_NOPADDING)
        case HKS_MODE_CBC:
            HksMbedtlsDesHalModecbcFreeCtx(cryptCtx);
            break;
 #endif
        default:
            HKS_LOG_E("Unsupport key alg! mode = 0x%" LOG_PUBLIC "X", mbedtlsDesCtx->mode);
            break;
    }
    HKS_FREE(*cryptCtx);
 }
 #endif /* HKS_SUPPORT_DES_C */
--- a/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_engine.c
+++ b/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_engine.c
@ -99,6 +99,58 @@ void HksCryptoHalHmacFreeCtx(void **ctx)
    func(ctx);
 }
 #ifdef HKS_SUPPORT_CMAC_C
 int32_t HksCryptoHalCmacInit(const struct HksBlob *key, uint32_t digestAlg, void **ctx)
 {
    if (CheckBlob(key) != HKS_SUCCESS || ctx == NULL) {
        HKS_LOG_E("Crypt Hal Cmac init msg is NULL");
        return HKS_ERROR_INVALID_ARGUMENT;
    }
    CmacInit func = (CmacInit)GetAbility(HKS_CRYPTO_ABILITY_CMAC_INIT);
    HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
    return func(ctx, key, digestAlg);
 }
 int32_t HksCryptoHalCmacUpdate(const struct HksBlob *chunk, void *ctx)
 {
    if (CheckBlob(chunk) != HKS_SUCCESS || ctx == NULL) {
        HKS_LOG_E("Crypt Hal Cmac update chunk is invalid param");
        return HKS_ERROR_INVALID_ARGUMENT;
    }
    CmacUpdate func = (CmacUpdate)GetAbility(HKS_CRYPTO_ABILITY_CMAC_UPDATE);
    HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
    return func(ctx, chunk);
 }
 int32_t HksCryptoHalCmacFinal(const struct HksBlob *msg, void **ctx, struct HksBlob *mac)
 {
    if (msg == NULL || ctx == NULL || *ctx == NULL || CheckBlob(mac) != HKS_SUCCESS) {
        HKS_LOG_E("Crypt Hal Cmac final msg or mac is NULL");
        return HKS_ERROR_INVALID_ARGUMENT;
    }
    CmacFinal func = (CmacFinal)GetAbility(HKS_CRYPTO_ABILITY_CMAC_FINAL);
    HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
    return func(ctx, msg, mac);
 }
 void HksCryptoHalCmacFreeCtx(void **ctx)
 {
    FreeCtx func = (FreeCtx)GetAbility(HKS_CRYPTO_ABILITY_CMAC_FREE_CTX);
    if (func == NULL) {
        HKS_LOG_E("CryptoHalCmacFreeCtx func is null");
        return;
    }
    func(ctx);
 }
 #endif
 #ifndef _CUT_AUTHENTICATE_
 int32_t HksCryptoHalHash(uint32_t alg, const struct HksBlob *msg, struct HksBlob *hash)
 {
@ -365,6 +417,12 @@ int32_t HksCryptoHalDecryptFinal(const struct HksBlob *message, void **ctx, stru
        return HKS_ERROR_INVALID_ARGUMENT;
    }
    if ((algtype == HKS_ALG_DES) || (algtype == HKS_ALG_3DES)) {
        DecryptFinalDes func = (DecryptFinalDes)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(algtype));
        HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
        return func(ctx, message, cipherText, false);
    }
    DecryptFinal func = (DecryptFinal)GetAbility(HKS_CRYPTO_ABILITY_DECRYPT_FINAL(algtype));
    HKS_IF_NULL_RETURN(func, HKS_ERROR_INVALID_ARGUMENT)
--- a/interfaces/inner_api/huks_lite/BUILD.gn
+++ b/interfaces/inner_api/huks_lite/BUILD.gn
@ -129,10 +129,12 @@ if (ohos_kernel_type == "liteos_m") {
        "../../../frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c",
        "../../../frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_get_main_key.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_crypto_ed25519.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_3des.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_aes.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_bn.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_common.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_des.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ecc.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ecdh.c",
        "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ecdsa.c",
--- a/interfaces/kits/liteapi/src/hks_lite_api_export_key_item.cpp
+++ b/interfaces/kits/liteapi/src/hks_lite_api_export_key_item.cpp
@ -24,13 +24,33 @@
 namespace OHOS {
 namespace ACELite {
 // key size 512 plus aead 16
 #define RESERVED_PADDING_AREA 528
 static int32_t HksCallExportKeyItem(
    const struct HksBlob *aliasBlob, const struct HksParamSet *paramSet, struct HksBlob *outData)
 {
    int32_t ret = InitHuksModule();
    if (ret != HKS_SUCCESS) {
        HKS_LOG_E("init huks failed");
        return ret;
    }
    ret = HksExportPublicKey(aliasBlob, paramSet, outData);
    return ret;
 }
 static int32_t InitOutDataBuffer(struct HksBlob *inData, struct HksBlob *outData)
 {
    outData->size = inData->size + RESERVED_PADDING_AREA;
    outData->data = static_cast<uint8_t*>(HksMalloc(outData->size));
    if (outData->data == NULL) {
        return HKS_ERROR_MALLOC_FAIL;
    }
    return HKS_SUCCESS;
 }
 JSIValue HksLiteModule::exportKeyItem(const JSIValue thisVal, const JSIValue* args, uint8_t argsNum)
 {
    (void)thisVal;
    (void)args;
    (void)argsNum;
    JSIValue undefValue = JSI::CreateUndefined();
    uint32_t minNumArgs = 3;
    if (argsNum < minNumArgs || args == nullptr) {
@ -38,7 +58,38 @@ JSIValue HksLiteModule::exportKeyItem(const JSIValue thisVal, const JSIValue* ar
        return undefValue;
    }
-    HksCallbackResultFailure(thisVal, args[ARGS_INDEX_2], HKS_ERROR_API_NOT_SUPPORTED);
+    struct HksBlob aliasBlob = { 0, nullptr };
    struct HksParamSet *paramSet = nullptr;
    struct HksBlob outData = { 0, nullptr };
    struct HksBlob inData = { 0, nullptr };
    int32_t ret;
    do {
        ret = HksParseKeyAlias(args, ARGS_INDEX_0, &aliasBlob);
        if (ret != HKS_SUCCESS) {
            break;
        }
        ret = HksParseParamSetWithAdd(args, ARGS_INDEX_1, &paramSet, nullptr, 0);
        if (ret != HKS_SUCCESS) {
            break;
        }
        ret = InitOutDataBuffer(&inData, &outData);
        if (ret != HKS_SUCCESS) {
            HKS_LOG_E("init outdata buffer failed!");
            break;
        }
        ret = HksCallExportKeyItem(&aliasBlob, paramSet, &outData);
    } while (0);
    if (ret == HKS_SUCCESS) {
        struct HksLiteApiResult result = { &outData, nullptr, false };
        HksCallbackResultSuccess(thisVal, args[ARGS_INDEX_2], &result);
    } else {
        HksCallbackResultFailure(thisVal, args[ARGS_INDEX_2], ret);
    }
    HKS_FREE_BLOB(aliasBlob);
    HKS_FREE_BLOB(inData);
    HKS_FREE_BLOB(outData);
    HksFreeParamSet(&paramSet);
    return undefValue;
 }
 }
--- a/interfaces/kits/liteapi/src/hks_lite_api_import_key_item.cpp
+++ b/interfaces/kits/liteapi/src/hks_lite_api_import_key_item.cpp
@ -24,13 +24,33 @@
 namespace OHOS {
 namespace ACELite {
 // key size 512 plus aead 16
 #define RESERVED_PADDING_AREA 528
 static int32_t HksCallImportKeyItem(
    const struct HksBlob *aliasBlob, const struct HksParamSet *paramSet, struct HksBlob *inData)
 {
    int32_t ret = InitHuksModule();
    if (ret != HKS_SUCCESS) {
        HKS_LOG_E("init huks failed");
        return ret;
    }
    ret = HksImportKey(aliasBlob, paramSet, inData);
    return ret;
 }
 static int32_t InitOutDataBuffer(struct HksBlob *inData, struct HksBlob *outData)
 {
    outData->size = inData->size + RESERVED_PADDING_AREA;
    outData->data = static_cast<uint8_t *>(HksMalloc(outData->size));
    if (outData->data == NULL) {
        return HKS_ERROR_MALLOC_FAIL;
    }
    return HKS_SUCCESS;
 }
 JSIValue HksLiteModule::importKeyItem(const JSIValue thisVal, const JSIValue* args, uint8_t argsNum)
 {
    (void)thisVal;
    (void)args;
    (void)argsNum;
    JSIValue undefValue = JSI::CreateUndefined();
    uint32_t minNumArgs = 3;
    if (argsNum < minNumArgs || args == nullptr) {
@ -38,7 +58,43 @@ JSIValue HksLiteModule::importKeyItem(const JSIValue thisVal, const JSIValue* ar
        return undefValue;
    }
-    HksCallbackResultFailure(thisVal, args[ARGS_INDEX_2], HKS_ERROR_API_NOT_SUPPORTED);
+    struct HksBlob aliasBlob = { 0, nullptr };
    struct HksParamSet *paramSet = nullptr;
    struct HksBlob outData = { 0, nullptr };
    struct HksBlob inData = { 0, nullptr };
    int32_t ret;
    do {
        ret = HksParseKeyAlias(args, ARGS_INDEX_0, &aliasBlob);
        if (ret != HKS_SUCCESS) {
            break;
        }
        ret = HksParseParamSetWithAdd(args, ARGS_INDEX_1, &paramSet, nullptr, 0);
        if (ret != HKS_SUCCESS) {
            break;
        }
        ret = HksParseInData(args, ARGS_INDEX_1, &inData);
        if (ret != HKS_SUCCESS) {
            HKS_LOG_E("parse indata failed!");
            break;
        }
        ret = InitOutDataBuffer(&inData, &outData);
        if (ret != HKS_SUCCESS) {
            HKS_LOG_E("init outdata buffer failed!");
            break;
        }
        ret = HksCallImportKeyItem(&aliasBlob, paramSet, &inData);
    } while (0);
    if (ret == HKS_SUCCESS) {
        struct HksLiteApiResult result = { nullptr, nullptr, false };
        HksCallbackResultSuccess(thisVal, args[ARGS_INDEX_2], &result);
    } else {
        HksCallbackResultFailure(thisVal, args[ARGS_INDEX_2], ret);
    }
    HKS_FREE_BLOB(aliasBlob);
    HKS_FREE_BLOB(inData);
    HKS_FREE_BLOB(outData);
    HksFreeParamSet(&paramSet);
    return undefValue;
 }
 }
--- a/services/huks_standard/huks_engine/main/core/include/hks_auth.h
+++ b/services/huks_standard/huks_engine/main/core/include/hks_auth.h
@ -32,6 +32,7 @@ enum HksAuthId {
    HKS_AUTH_ID_DERIVE = 0x7,
    HKS_AUTH_ID_SIGN_VERIFY_ED25519 = 0x8,
    HKS_AUTH_ID_AGREE = 0x9,
    HKS_AUTH_ID_MAC_CMAC = 0x10,
 };
 #ifdef __cplusplus
--- a/services/huks_standard/huks_engine/main/core/src/hks_auth.c
+++ b/services/huks_standard/huks_engine/main/core/src/hks_auth.c
@ -37,6 +37,7 @@ static uint32_t g_signVerifyEccPolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_DIGEST
 static uint32_t g_signVerifyEd25519PolicyTag[] = { HKS_TAG_PURPOSE };
 static uint32_t g_macPolicyTag[] = { HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
 static uint32_t g_macSm3PolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
 static uint32_t g_macCmacPolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_PURPOSE };
 static uint32_t g_derivePolicyTag[] = { HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
 static uint32_t g_agreePolicyTag[] = { HKS_TAG_PURPOSE };
@ -49,7 +50,8 @@ struct HksAuthPolicy g_authPolicyList[] = {
    { HKS_AUTH_ID_MAC_HMAC, HKS_ARRAY_SIZE(g_macPolicyTag), g_macPolicyTag },
    { HKS_AUTH_ID_MAC_SM3, HKS_ARRAY_SIZE(g_macSm3PolicyTag), g_macSm3PolicyTag },
    { HKS_AUTH_ID_DERIVE, HKS_ARRAY_SIZE(g_derivePolicyTag), g_derivePolicyTag },
-    { HKS_AUTH_ID_AGREE, HKS_ARRAY_SIZE(g_agreePolicyTag), g_agreePolicyTag }
+    { HKS_AUTH_ID_AGREE, HKS_ARRAY_SIZE(g_agreePolicyTag), g_agreePolicyTag },
    { HKS_AUTH_ID_MAC_CMAC, HKS_ARRAY_SIZE(g_macCmacPolicyTag), g_macCmacPolicyTag },
 };
 static int32_t CheckPurpose(const struct HksParam *authParam, const struct HksParam *requestParam)
--- a/services/huks_standard/huks_engine/main/core/src/hks_core_service_three_stage.c
+++ b/services/huks_standard/huks_engine/main/core/src/hks_core_service_three_stage.c
@ -208,6 +208,8 @@ static int32_t HksCheckFinishOutSize(bool isEncrypt, struct HksParamSet *paramSe
        case HKS_ALG_SM2:
            return CheckSm2CipherData(isEncrypt, &usageSpec, inData, outData);
        case HKS_ALG_AES:
        case HKS_ALG_DES:
        case HKS_ALG_3DES:
            return CheckBlockCipherData(isEncrypt, &usageSpec, inData, outData);
        case HKS_ALG_SM4:
            return CheckBlockCipherData(isEncrypt, &usageSpec, inData, outData);
@ -262,6 +264,8 @@ static int32_t HmacAuth(const struct HuksKeyNode *keyNode, const struct HksParam
    if (algParam->uint32Param == HKS_ALG_HMAC) {
        return HksThreeStageAuth(HKS_AUTH_ID_MAC_HMAC, keyNode);
    } else if (algParam->uint32Param == HKS_ALG_3DES) {  // CMACinit校验密钥算法，只支持3DES
        return HksThreeStageAuth(HKS_AUTH_ID_MAC_CMAC, keyNode);
    } else if (algParam->uint32Param == HKS_ALG_SM3) {
        return HksThreeStageAuth(HKS_AUTH_ID_MAC_SM3, keyNode);
    }
@ -274,7 +278,8 @@ static int32_t CipherAuth(const struct HuksKeyNode *keyNode, const struct HksPar
    int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append cipher get alg param failed!")
-    if (algParam->uint32Param == HKS_ALG_AES) {
+    if ((algParam->uint32Param == HKS_ALG_AES) || (algParam->uint32Param == HKS_ALG_DES) ||
        (algParam->uint32Param == HKS_ALG_3DES)) {
        return HksThreeStageAuth(HKS_AUTH_ID_SYM_CIPHER, keyNode);
    } else if ((algParam->uint32Param == HKS_ALG_RSA) || (algParam->uint32Param == HKS_ALG_SM2)) {
        return HksThreeStageAuth(HKS_AUTH_ID_ASYM_CIPHER, keyNode);
@ -992,6 +997,168 @@ static int32_t CoreAesCipherFinish(const struct HuksKeyNode *keyNode, const bool
    return CoreAesDecryptFinish(keyNode, inData, outData, alg);
 }
 static int32_t CoreDesCipherInit(const struct HuksKeyNode *keyNode)
 {
    struct HksParam *modeParam = NULL;
    int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher init get block mode failed")
    return CoreCipherInit(keyNode);
 }
 static int32_t CoreDesCipherUpdate(const struct HuksKeyNode *keyNode, const struct HksBlob *inData,
    struct HksBlob *outData, uint32_t alg)
 {
    struct HksParam *modeParam = NULL;
    int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher update get block mode failed")
    return CoreCipherUpdate(keyNode, inData, outData, alg);
 }
 static int32_t CoreDesEncryptFinish(
    const struct HuksKeyNode *keyNode, const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
 {
    struct HksBlob tag = {0, NULL};
    int32_t ret = HksCheckFinishOutSize(true, keyNode->runtimeParamSet, inData, outData);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "des encrypt finish check data size failed")
    struct HksParam *ctxParam = NULL;
    ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get ctx from keyNode failed!")
    void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is invalid: null!")
    ret = HksCryptoHalEncryptFinal(inData, &ctx, outData, &tag, alg);
    ctxParam->uint64Param = 0; /* clear ctx to NULL */
    if (ret != HKS_SUCCESS) {
        HKS_LOG_E("des encrypt Finish failed! ret : %" LOG_PUBLIC "d", ret);
        return ret;
    }
    outData->size += tag.size;
    return HKS_SUCCESS;
 }
 static int32_t CoreDesDecryptFinish(
    const struct HuksKeyNode *keyNode, const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
 {
    struct HksBlob tag = {0, NULL};
    int32_t ret = HksCheckFinishOutSize(false, keyNode->runtimeParamSet, inData, outData);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "des decrypt finish check data size failed")
    struct HksParam *ctxParam = NULL;
    ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get ctx from keyNode failed!")
    void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is invalid: null!")
    ret = HksCryptoHalDecryptFinal(inData, &ctx, outData, &tag, alg);
    HKS_IF_NOT_SUCC_LOGE(ret, "cipher DecryptFinish failed! ret : %" LOG_PUBLIC "d", ret)
    ctxParam->uint64Param = 0; /* clear ctx to NULL */
    return ret;
 }
 static int32_t CoreDesCipherFinish(const struct HuksKeyNode *keyNode, const bool isEncrypt,
    const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
 {
    struct HksParam *modeParam = NULL;
    int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher finish get block mode failed")
    if (isEncrypt) {
        return CoreDesEncryptFinish(keyNode, inData, outData, alg);
    }
    return CoreDesDecryptFinish(keyNode, inData, outData, alg);
 }
 static int32_t Core3DesCipherInit(const struct HuksKeyNode *keyNode)
 {
    struct HksParam *modeParam = NULL;
    int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher init get block mode failed")
    return CoreCipherInit(keyNode);
 }
 static int32_t Core3DesCipherUpdate(const struct HuksKeyNode *keyNode, const struct HksBlob *inData,
    struct HksBlob *outData, uint32_t alg)
 {
    struct HksParam *modeParam = NULL;
    int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher update get block mode failed")
    return CoreCipherUpdate(keyNode, inData, outData, alg);
 }
 static int32_t Core3DesEncryptFinish(
    const struct HuksKeyNode *keyNode, const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
 {
    struct HksBlob tag = {0, NULL};
    int32_t ret = HksCheckFinishOutSize(true, keyNode->runtimeParamSet, inData, outData);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "3des encrypt finish check data size failed")
    struct HksParam *ctxParam = NULL;
    ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get ctx from keyNode failed!")
    void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is invalid: null!")
    ret = HksCryptoHalEncryptFinal(inData, &ctx, outData, &tag, alg);
    ctxParam->uint64Param = 0; /* clear ctx to NULL */
    if (ret != HKS_SUCCESS) {
        HKS_LOG_E("3des encrypt Finish failed! ret : %" LOG_PUBLIC "d", ret);
        return ret;
    }
    outData->size += tag.size;
    return HKS_SUCCESS;
 }
 static int32_t Core3DesDecryptFinish(
    const struct HuksKeyNode *keyNode, const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
 {
    struct HksBlob tag = {0, NULL};
    int32_t ret = HksCheckFinishOutSize(false, keyNode->runtimeParamSet, inData, outData);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "3des decrypt finish check data size failed")
    struct HksParam *ctxParam = NULL;
    ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get ctx from keyNode failed!")
    void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is invalid: null!")
    ret = HksCryptoHalDecryptFinal(inData, &ctx, outData, &tag, alg);
    HKS_IF_NOT_SUCC_LOGE(ret, "cipher DecryptFinish failed! ret : %" LOG_PUBLIC "d", ret)
    ctxParam->uint64Param = 0; /* clear ctx to NULL */
    return ret;
 }
 static int32_t Core3DesCipherFinish(const struct HuksKeyNode *keyNode, const bool isEncrypt,
    const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
 {
    struct HksParam *modeParam = NULL;
    int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher finish get block mode failed")
    if (isEncrypt) {
        return Core3DesEncryptFinish(keyNode, inData, outData, alg);
    }
    return Core3DesDecryptFinish(keyNode, inData, outData, alg);
 }
 static int32_t CoreSm4EncryptFinish(const struct HuksKeyNode *keyNode,
    const struct HksBlob *inData, struct HksBlob *outData, uint32_t alg)
 {
@ -1142,7 +1309,7 @@ static void FreeCryptoCtx(const struct HuksKeyNode *keyNode, uint32_t alg)
        return;
    }
-    if (alg == HKS_ALG_AES) {
+    if ((alg == HKS_ALG_AES) || (alg == HKS_ALG_DES) || (alg == HKS_ALG_3DES)) {
        struct HksParam *modeParam = NULL;
        ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_BLOCK_MODE, &modeParam);
        if (ret != HKS_SUCCESS) {
@ -1300,12 +1467,13 @@ int32_t HksCoreSignVerifyThreeStageFinish(const struct HuksKeyNode *keyNode, con
    uint32_t digest = alg;  // In signature or verify scenario, alg represents digest. See code {GetPurposeAndAlgorithm}
-    struct HksBlob signVerifyData = { 0, NULL };
+    struct HksBlob signVerifyData = {0, NULL};
    if (HksCheckNeedCache(algParam->uint32Param, digest) == HKS_SUCCESS) {
        ret = FinishCachedData(keyNode, &message, &signVerifyData);
    } else {
        ret = CoreHashFinish(keyNode, &message, &signVerifyData);
    }
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "signVerify Finish get Data failed, ret = %" LOG_PUBLIC "d", ret)
    /* inData indicates signature when processing verify */
@ -1344,6 +1512,10 @@ int32_t HksCoreCryptoThreeStageInit(const struct HuksKeyNode *keyNode, const str
        return SetCacheModeCtx(keyNode);
    } else if (algParam->uint32Param == HKS_ALG_AES) {
        return CoreAesCipherInit(keyNode);
    } else if (algParam->uint32Param == HKS_ALG_DES) {
        return CoreDesCipherInit(keyNode);
    } else if (algParam->uint32Param == HKS_ALG_3DES) {
        return Core3DesCipherInit(keyNode);
    } else if (algParam->uint32Param == HKS_ALG_SM4) {
        return CoreCipherInit(keyNode);
    } else {
@ -1364,6 +1536,10 @@ int32_t HksCoreCryptoThreeStageUpdate(const struct HuksKeyNode *keyNode, const s
        return UpdateCachedData(keyNode, inData);
    } else if (algParam->uint32Param == HKS_ALG_AES) {
        return CoreAesCipherUpdate(keyNode, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_DES) {
        return CoreDesCipherUpdate(keyNode, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_3DES) {
        return Core3DesCipherUpdate(keyNode, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_SM4) {
        return CoreCipherUpdate(keyNode, inData, outData, alg);
    } else {
@ -1388,6 +1564,10 @@ int32_t HksCoreEncryptThreeStageFinish(const struct HuksKeyNode *keyNode, const
        return CoreSm2CipherFinish(keyNode, inData, outData);
    } else if (algParam->uint32Param == HKS_ALG_AES) {
        return CoreAesCipherFinish(keyNode, true, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_DES) {
        return CoreDesCipherFinish(keyNode, true, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_3DES) {
        return Core3DesCipherFinish(keyNode, true, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_SM4) {
        return CoreSm4EncryptFinish(keyNode, inData, outData, alg);
    } else {
@ -1412,6 +1592,10 @@ int32_t HksCoreDecryptThreeStageFinish(const struct HuksKeyNode *keyNode, const
        return CoreSm2CipherFinish(keyNode, inData, outData);
    } else if (algParam->uint32Param == HKS_ALG_AES) {
        return CoreAesCipherFinish(keyNode, false, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_DES) {
        return CoreDesCipherFinish(keyNode, false, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_3DES) {
        return Core3DesCipherFinish(keyNode, false, inData, outData, alg);
    } else if (algParam->uint32Param == HKS_ALG_SM4) {
        return CoreSm4DecryptFinish(keyNode, inData, outData, alg);
    } else {
@ -1695,7 +1879,16 @@ int32_t HksCoreMacThreeStageInit(const struct HuksKeyNode *keyNode, const struct
        HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Derive get raw key failed!")
        void *ctx = NULL;
-        ret = HksCryptoHalHmacInit(&rawKey, alg, &ctx);
+        struct HksParam *algParam = NULL;
        ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
        HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append hmac get alg param failed!");
        if (algParam->uint32Param == HKS_ALG_3DES) {  // CMACinit阶段校验密钥，只支持3DES
 #ifdef HKS_SUPPORT_CMAC_C
            ret = HksCryptoHalCmacInit(&rawKey, alg, &ctx);
 #endif
        } else {
            ret = HksCryptoHalHmacInit(&rawKey, alg, &ctx);
        }
        HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hmac init failed! ret : %" LOG_PUBLIC "d", ret)
        ctxParam->uint64Param = (uint64_t)(uintptr_t)ctx;
@ -1720,7 +1913,17 @@ int32_t HksCoreMacThreeStageUpdate(const struct HuksKeyNode *keyNode, const stru
    void *ctx = GetCryptoCtx(keyNode);
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx is NULL!")
-    ret = HksCryptoHalHmacUpdate(srcData, ctx);
+    struct HksParam *algParam = NULL;
    ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append hmac get alg param failed!");
    if (algParam->uint32Param == HKS_ALG_CMAC) {
 #ifdef HKS_SUPPORT_CMAC_C
        ret = HksCryptoHalCmacUpdate(srcData, ctx);
 #endif
    } else {
        ret = HksCryptoHalHmacUpdate(srcData, ctx);
    }
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hmac update failed! ret : %" LOG_PUBLIC "d", ret)
    return HKS_SUCCESS;
@ -1732,17 +1935,23 @@ int32_t HksCoreMacThreeStageFinish(const struct HuksKeyNode *keyNode, const stru
    (void)paramSet;
    (void)alg;
-    struct HksParam *digestParam = NULL;
+    struct HksParam *algParam = NULL;
-    int32_t ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_DIGEST, &digestParam);
+    int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
-    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_CHECK_GET_DIGEST_FAIL, "get ctx from keyNode failed!")
+    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append hmac get alg param failed!")
-    uint32_t macLen;
+    if (algParam->uint32Param != HKS_ALG_CMAC) {
-    ret = HksGetDigestLen(digestParam->uint32Param, &macLen);
+        struct HksParam *digestParam = NULL;
-    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get digest len failed")
+        ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_DIGEST, &digestParam);
        HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_CHECK_GET_DIGEST_FAIL, "get ctx from keyNode failed!")
-    if ((CheckBlob(outData) != HKS_SUCCESS) || (outData->size < macLen)) {
+        uint32_t macLen;
-        HKS_LOG_E("out buffer too small");
+        ret = HksGetDigestLen(digestParam->uint32Param, &macLen);
-        return HKS_ERROR_BUFFER_TOO_SMALL;
+        HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get digest len failed")
        if ((CheckBlob(outData) != HKS_SUCCESS) || (outData->size < macLen)) {
            HKS_LOG_E("out buffer too small");
            return HKS_ERROR_BUFFER_TOO_SMALL;
        }
    }
    struct HksParam *ctxParam = NULL;
@ -1752,7 +1961,14 @@ int32_t HksCoreMacThreeStageFinish(const struct HuksKeyNode *keyNode, const stru
    void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx invalid")
-    ret = HksCryptoHalHmacFinal(inData, &ctx, outData);
+    if (algParam->uint32Param == HKS_ALG_CMAC) {
 #ifdef HKS_SUPPORT_CMAC_C
        ret = HksCryptoHalCmacFinal(inData, &ctx, outData);
 #endif
    } else {
        ret = HksCryptoHalHmacFinal(inData, &ctx, outData);
    }
    HKS_IF_NOT_SUCC_LOGE(ret, "hmac final failed! ret : %" LOG_PUBLIC "d", ret)
    ctxParam->uint64Param = 0; /* clear ctx to NULL */
@ -1766,8 +1982,17 @@ int32_t HksCoreMacThreeStageAbort(const struct HuksKeyNode *keyNode, const struc
    void *ctx = GetCryptoCtx(keyNode);
    HKS_IF_NULL_LOGE_RETURN(ctx, HKS_ERROR_NULL_POINTER, "ctx invalid")
-
+    
-    HksCryptoHalHmacFreeCtx(&ctx);
+    struct HksParam *algParam = NULL;
    int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append hmac get alg param failed!")
    if (algParam->uint32Param == HKS_ALG_CMAC) {
 #ifdef HKS_SUPPORT_CMAC_C
        HksCryptoHalCmacFreeCtx(&ctx);
 #endif
    } else {
        HksCryptoHalHmacFreeCtx(&ctx);
    }
    ClearCryptoCtx(keyNode);
    return HKS_SUCCESS;