1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_crypto_adapter.h"
23
24 #include <stddef.h>
25
26 #include "hks_common_check.h"
27 #include "hks_log.h"
28 #include "hks_mem.h"
29 #include "hks_param.h"
30 #include "hks_template.h"
31 #include "securec.h"
32
HksFillKeySpec(const struct HksParamSet * paramSet,struct HksKeySpec * spec)33 void HksFillKeySpec(const struct HksParamSet *paramSet, struct HksKeySpec *spec)
34 {
35 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
36 switch (paramSet->params[i].tag) {
37 case HKS_TAG_ALGORITHM:
38 spec->algType = paramSet->params[i].uint32Param;
39 break;
40 case HKS_TAG_KEY_SIZE:
41 spec->keyLen = paramSet->params[i].uint32Param;
42 break;
43 default:
44 break;
45 }
46 }
47 }
48
HksFillUsageSpec(const struct HksParamSet * paramSet,struct HksUsageSpec * usageSpec)49 void HksFillUsageSpec(const struct HksParamSet *paramSet, struct HksUsageSpec *usageSpec)
50 {
51 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
52 switch (paramSet->params[i].tag) {
53 case HKS_TAG_ALGORITHM:
54 usageSpec->algType = paramSet->params[i].uint32Param;
55 break;
56 case HKS_TAG_PADDING:
57 usageSpec->padding = paramSet->params[i].uint32Param;
58 break;
59 case HKS_TAG_DIGEST:
60 usageSpec->digest = paramSet->params[i].uint32Param;
61 break;
62 case HKS_TAG_BLOCK_MODE:
63 usageSpec->mode = paramSet->params[i].uint32Param;
64 break;
65 case HKS_TAG_PURPOSE:
66 usageSpec->purpose = paramSet->params[i].uint32Param;
67 break;
68 case HKS_TAG_MGF_DIGEST:
69 usageSpec->mgfDigest = paramSet->params[i].uint32Param;
70 break;
71 default:
72 break;
73 }
74 }
75 usageSpec->algParam = NULL;
76 }
77
HksFreeUsageSpec(struct HksUsageSpec ** usageSpec)78 void HksFreeUsageSpec(struct HksUsageSpec **usageSpec)
79 {
80 if ((usageSpec == NULL) || (*usageSpec == NULL)) {
81 return;
82 }
83
84 if ((*usageSpec)->algParam != NULL) {
85 HKS_FREE((*usageSpec)->algParam);
86 }
87 HKS_FREE(*usageSpec);
88 }
89
HksFillKeyDerivationParam(const struct HksParamSet * paramSet,struct HksKeyDerivationParam * param)90 void HksFillKeyDerivationParam(const struct HksParamSet *paramSet, struct HksKeyDerivationParam *param)
91 {
92 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
93 switch (paramSet->params[i].tag) {
94 case HKS_TAG_DIGEST:
95 param->digestAlg = paramSet->params[i].uint32Param;
96 break;
97 case HKS_TAG_SALT:
98 param->salt = paramSet->params[i].blob;
99 break;
100 case HKS_TAG_INFO:
101 param->info = paramSet->params[i].blob;
102 break;
103 case HKS_TAG_ITERATION:
104 param->iterations = paramSet->params[i].uint32Param;
105 break;
106 default:
107 break;
108 }
109 }
110 }
111
HksFillAeadParam(const struct HksParamSet * paramSet,struct HksBlob * inputText,struct HksUsageSpec * usageSpec,bool isEncrypt)112 int32_t HksFillAeadParam(
113 const struct HksParamSet *paramSet, struct HksBlob *inputText, struct HksUsageSpec *usageSpec, bool isEncrypt)
114 {
115 struct HksParam *nonceParam = NULL;
116 int32_t ret = HksGetParam(paramSet, HKS_TAG_NONCE, &nonceParam);
117 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksFillAeadParam get nonce param failed!")
118
119 struct HksParam emptyAadParam = {
120 .tag = HKS_TAG_ASSOCIATED_DATA,
121 .blob = {
122 .size = 0,
123 .data = NULL
124 }
125 };
126 struct HksParam *aadParam = NULL;
127 ret = HksGetParam(paramSet, HKS_TAG_ASSOCIATED_DATA, &aadParam);
128 if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
129 HKS_LOG_W("HksFillAeadParam no input aad, do not use aad");
130 aadParam = &emptyAadParam;
131 } else if (ret != HKS_SUCCESS) {
132 HKS_LOG_E("HksFillAeadParam get aad param failed!");
133 return ret;
134 }
135
136 struct HksParam tagParam;
137 if (!isEncrypt) {
138 if (inputText->size <= HKS_AE_TAG_LEN) {
139 HKS_LOG_E("too small inputText size");
140 return HKS_ERROR_INVALID_ARGUMENT;
141 }
142 inputText->size -= HKS_AE_TAG_LEN;
143
144 tagParam.blob.size = HKS_AE_TAG_LEN;
145 tagParam.blob.data = inputText->data + inputText->size;
146 }
147
148 struct HksAeadParam *aeadParam = (struct HksAeadParam *)HksMalloc(sizeof(struct HksAeadParam));
149 HKS_IF_NULL_LOGE_RETURN(aeadParam, HKS_ERROR_MALLOC_FAIL, "aeadParam malloc failed!")
150
151 if (!isEncrypt) {
152 aeadParam->tagDec = tagParam.blob;
153 } else {
154 aeadParam->tagLenEnc = HKS_AE_TAG_LEN;
155 }
156
157 aeadParam->nonce = nonceParam->blob;
158 aeadParam->aad = aadParam->blob;
159 aeadParam->payloadLen = 0;
160 usageSpec->algParam = aeadParam;
161 return HKS_SUCCESS;
162 }
163
HksFillIvParam(const struct HksParamSet * paramSet,struct HksUsageSpec * usageSpec)164 int32_t HksFillIvParam(const struct HksParamSet *paramSet, struct HksUsageSpec *usageSpec)
165 {
166 struct HksParam *ivParam = NULL;
167 int32_t ret = HksGetParam(paramSet, HKS_TAG_IV, &ivParam);
168 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher get iv param failed!")
169
170 struct HksCipherParam *param = (struct HksCipherParam *)HksMalloc(sizeof(struct HksCipherParam));
171 HKS_IF_NULL_LOGE_RETURN(param, HKS_ERROR_MALLOC_FAIL, "param malloc failed!")
172
173 param->iv = ivParam->blob;
174 usageSpec->algParam = param;
175 return HKS_SUCCESS;
176 }
177
HksIsAlgorithmSm4(const struct HksParamSet * paramSet)178 static bool HksIsAlgorithmSm4(const struct HksParamSet *paramSet)
179 {
180 struct HksParam *algParam = NULL;
181 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
182 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, false, "check sm4 get alg param failed!")
183 return (algParam->uint32Param == HKS_ALG_SM4);
184 }
185
HksBuildCipherUsageSpec(const struct HksParamSet * paramSet,bool isEncrypt,struct HksBlob * inputText,struct HksUsageSpec ** outUsageSpec)186 int32_t HksBuildCipherUsageSpec(
187 const struct HksParamSet *paramSet, bool isEncrypt, struct HksBlob *inputText, struct HksUsageSpec **outUsageSpec)
188 {
189 bool isAes = false;
190 bool isAeMode = false;
191 int32_t ret = HksCheckAesAeMode(paramSet, &isAes, &isAeMode);
192 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get aeMode failed!")
193
194 struct HksUsageSpec *usageSpec = (struct HksUsageSpec *)HksMalloc(sizeof(struct HksUsageSpec));
195 HKS_IF_NULL_LOGE_RETURN(usageSpec, HKS_ERROR_MALLOC_FAIL, "cipher usageSpec malloc failed!")
196
197 HksFillUsageSpec(paramSet, usageSpec);
198
199 if (usageSpec->algType == HKS_ALG_RSA && usageSpec->digest == HKS_DIGEST_NONE) {
200 usageSpec->digest = HKS_DIGEST_SHA1;
201 }
202
203 if (HksIsAlgorithmSm4(paramSet)) { // is sm4
204 ret = HksFillIvParam(paramSet, usageSpec);
205 } else if (!isAes) { // not sm4, not aes
206 *outUsageSpec = usageSpec;
207 return HKS_SUCCESS;
208 } else if (isAeMode) { // is aes, is ae mode
209 ret = HksFillAeadParam(paramSet, inputText, usageSpec, isEncrypt);
210 } else { // is aes, not ae mode
211 ret = HksFillIvParam(paramSet, usageSpec);
212 }
213
214 if (ret != HKS_SUCCESS) {
215 HksFreeUsageSpec(&usageSpec);
216 HKS_LOG_E("fill[%" LOG_PUBLIC "x] param failed!", isAeMode);
217 return ret;
218 }
219
220 *outUsageSpec = usageSpec;
221 return HKS_SUCCESS;
222 }
223
HksGetEncryptAeTag(const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData,struct HksBlob * tagAead)224 int32_t HksGetEncryptAeTag(
225 const struct HksParamSet *paramSet, const struct HksBlob *inData, struct HksBlob *outData, struct HksBlob *tagAead)
226 {
227 bool isAes = false;
228 bool isAeMode = false;
229 int32_t ret = HksCheckAesAeMode(paramSet, &isAes, &isAeMode);
230 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get aeMode failed!")
231
232 if ((!isAes) || (!isAeMode)) {
233 tagAead->data = NULL;
234 tagAead->size = 0;
235 return HKS_SUCCESS;
236 }
237
238 if (outData->size < (inData->size + HKS_AE_TAG_LEN)) {
239 HKS_LOG_E("too small out buf!");
240 return HKS_ERROR_INVALID_ARGUMENT;
241 }
242
243 tagAead->data = outData->data + inData->size;
244 tagAead->size = HKS_AE_TAG_LEN;
245 return HKS_SUCCESS;
246 }
247
HksGetDecryptAeTag(const struct HksParamSet * runtimeParamSet,struct HksUsageSpec * spec)248 int32_t HksGetDecryptAeTag(const struct HksParamSet *runtimeParamSet, struct HksUsageSpec *spec)
249 {
250 if (runtimeParamSet == NULL || spec == NULL) {
251 HKS_LOG_E("input param is NULL!");
252 return HKS_ERROR_INVALID_ARGUMENT;
253 }
254
255 bool isAes = false;
256 bool isAeMode = false;
257 (void)HksCheckAesAeMode(runtimeParamSet, &isAes, &isAeMode);
258 if (!(isAes && isAeMode)) {
259 HKS_LOG_E("not aes aead mode!");
260 return HKS_ERROR_INVALID_ARGUMENT;
261 }
262
263 struct HksAeadParam *aeadParam = (struct HksAeadParam *)spec->algParam;
264 if (aeadParam == NULL) {
265 HKS_LOG_E("spec algParam is NULL!");
266 return HKS_ERROR_INVALID_ARGUMENT;
267 }
268
269 struct HksParam *tagParam = NULL;
270 int32_t ret = HksGetParam(runtimeParamSet, HKS_TAG_AE_TAG, &tagParam);
271 if (ret != HKS_SUCCESS) {
272 HKS_LOG_E("get aead tag failed!");
273 return ret;
274 }
275
276 aeadParam->tagDec = tagParam->blob;
277 return HKS_SUCCESS;
278 }
279
BuildParamSetOut(const struct HksParam * params,uint32_t paramCnt,struct HksParamSet * paramSetOut)280 static int32_t BuildParamSetOut(const struct HksParam *params, uint32_t paramCnt, struct HksParamSet *paramSetOut)
281 {
282 int32_t ret;
283 struct HksParamSet *tmpParamSetOut = NULL;
284
285 ret = HksInitParamSet(&tmpParamSetOut);
286 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "init paramSet failed!")
287
288 ret = HksAddParams(tmpParamSetOut, params, paramCnt);
289 if (ret != HKS_SUCCESS) {
290 HKS_LOG_E("add params failed");
291 HksFreeParamSet(&tmpParamSetOut);
292 return ret;
293 }
294
295 ret = HksBuildParamSet(&tmpParamSetOut);
296 if (ret != HKS_SUCCESS) {
297 HKS_LOG_E("build paramSet failed");
298 HksFreeParamSet(&tmpParamSetOut);
299 return ret;
300 }
301
302 if (memcpy_s(paramSetOut, paramSetOut->paramSetSize, tmpParamSetOut, tmpParamSetOut->paramSetSize) != EOK) {
303 HksFreeParamSet(&tmpParamSetOut);
304 HKS_LOG_E("memcpy paramSet out failed, paramSetOut size = %" LOG_PUBLIC "u", paramSetOut->paramSetSize);
305 return HKS_ERROR_INSUFFICIENT_MEMORY;
306 }
307
308 HksFreeParamSet(&tmpParamSetOut);
309 return HksFreshParamSet(paramSetOut, false);
310 }
311
312 #if defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)
FormatKeyInner(uint32_t publicKeySize,uint8_t * publicKey,const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)313 static int32_t FormatKeyInner(uint32_t publicKeySize, uint8_t *publicKey, const struct HksBlob *keyIn,
314 struct HksParamSet *paramSetOut)
315 {
316 struct HksParam params[] = {
317 {
318 .tag = HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA,
319 .blob = { publicKeySize, publicKey },
320 },
321 {
322 .tag = HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA,
323 .blob = { keyIn->size, keyIn->data },
324 },
325 };
326 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
327 }
328 #endif
329
330 #ifndef _CUT_AUTHENTICATE_
SetCurve25519KeyMaterial(bool isPubKey,const struct HksBlob * keyIn,struct HksBlob * keyOut)331 static int32_t SetCurve25519KeyMaterial(bool isPubKey, const struct HksBlob *keyIn, struct HksBlob *keyOut)
332 {
333 struct KeyMaterial25519 curve25519Km = {HKS_ALG_ED25519, 0, 0, 0, 0};
334 curve25519Km.keySize = HKS_CURVE25519_KEY_SIZE_256;
335 curve25519Km.reserved = 0;
336
337 uint32_t offset = sizeof(struct KeyMaterial25519);
338 if (isPubKey) {
339 curve25519Km.pubKeySize = keyIn->size;
340 curve25519Km.priKeySize = 0;
341 } else {
342 curve25519Km.pubKeySize = 0;
343 curve25519Km.priKeySize = keyIn->size;
344 }
345
346 keyOut->size = sizeof(struct KeyMaterial25519) + curve25519Km.pubKeySize + curve25519Km.priKeySize;
347 keyOut->data = (uint8_t *)HksMalloc(keyOut->size);
348 HKS_IF_NULL_RETURN(keyOut->data, HKS_ERROR_MALLOC_FAIL)
349
350 (void)memcpy_s(keyOut->data, keyOut->size, &curve25519Km, sizeof(struct KeyMaterial25519));
351
352 (void)memcpy_s(keyOut->data + offset, keyOut->size - offset, keyIn->data, keyIn->size);
353
354 return HKS_SUCCESS;
355 }
356
CheckCurve25519KeySize(const struct HksBlob * keyIn)357 static int32_t CheckCurve25519KeySize(const struct HksBlob *keyIn)
358 {
359 if (keyIn->size < sizeof(struct KeyMaterial25519)) {
360 HKS_LOG_E("keyIn buffer too small");
361 return HKS_ERROR_INVALID_ARGUMENT;
362 }
363
364 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
365
366 /* input pubKeySize and priKeySize of keyMaterial have been guaranteed that the addition will not overflow */
367 if (keyIn->size < (sizeof(struct KeyMaterial25519) + keyMaterial->pubKeySize + keyMaterial->priKeySize)) {
368 HKS_LOG_E("keyIn is not a valid key material");
369 return HKS_ERROR_INVALID_ARGUMENT;
370 }
371
372 return HKS_SUCCESS;
373 }
374
CheckFormatCurve25519Key(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)375 static int32_t CheckFormatCurve25519Key(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
376 {
377 int32_t ret = CheckCurve25519KeySize(keyIn);
378 HKS_IF_NOT_SUCC_RETURN(ret, ret)
379
380 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
381 uint32_t offset = sizeof(struct HksParamSet) + (sizeof(struct HksParam) << 1);
382 if (keyMaterial->pubKeySize > MAX_KEY_SIZE || keyMaterial->priKeySize > MAX_KEY_SIZE) {
383 HKS_LOG_E("pubKey or priKey buffer too big");
384 return HKS_ERROR_INVALID_ARGUMENT;
385 }
386 if (paramSetOut->paramSetSize < (offset + keyMaterial->pubKeySize + keyMaterial->priKeySize)) {
387 HKS_LOG_E("pubKey or priKey buffer too small");
388 return HKS_ERROR_BUFFER_TOO_SMALL;
389 }
390
391 return HKS_SUCCESS;
392 }
393
FormatCurve25519Key(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)394 static int32_t FormatCurve25519Key(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
395 {
396 int32_t ret = CheckFormatCurve25519Key(keyIn, paramSetOut);
397 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check curve 25519 key failed")
398
399 struct KeyMaterial25519 *keyMaterial = (struct KeyMaterial25519 *)keyIn->data;
400 struct HksParam params[] = {
401 {
402 .tag = HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA,
403 .blob = { keyMaterial->pubKeySize, keyIn->data + sizeof(struct KeyMaterial25519) },
404 },
405 {
406 .tag = HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA,
407 .blob = { keyMaterial->priKeySize,
408 keyIn->data + sizeof(struct KeyMaterial25519) + keyMaterial->pubKeySize },
409 },
410 };
411
412 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
413 }
414
GetCurve25519FromKeyMaterial(const bool isPubKey,const struct HksBlob * keyMaterial,struct HksBlob * keyOut)415 int32_t GetCurve25519FromKeyMaterial(const bool isPubKey, const struct HksBlob *keyMaterial,
416 struct HksBlob *keyOut)
417 {
418 int32_t ret = CheckCurve25519KeySize(keyMaterial);
419 HKS_IF_NOT_SUCC_RETURN(ret, ret)
420
421 const struct KeyMaterial25519 *km = (struct KeyMaterial25519 *)(keyMaterial->data);
422
423 uint32_t size = (isPubKey ? km->pubKeySize : km->priKeySize);
424 if (size == 0) {
425 HKS_LOG_E("get key material size invalid, pubSize = %" LOG_PUBLIC "u, priSize = %" LOG_PUBLIC "u",
426 km->pubKeySize, km->priKeySize);
427 return HKS_ERROR_INVALID_KEY_INFO;
428 }
429 uint8_t *buffer = (uint8_t *)HksMalloc(size);
430 HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL)
431
432 uint32_t offset = sizeof(struct KeyMaterial25519);
433 uint8_t *tmp = (isPubKey ? (keyMaterial->data + offset) : (keyMaterial->data + offset + km->pubKeySize));
434 (void)memcpy_s(buffer, size, tmp, size);
435
436 keyOut->data = buffer;
437 keyOut->size = size;
438 return HKS_SUCCESS;
439 }
440
441 #if defined(HKS_SUPPORT_AES_C) || (defined(HKS_SUPPORT_HMAC_C) && defined(HKS_SUPPORT_HMAC_GENERATE_KEY))
FormatAesOrHmacKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)442 static int32_t FormatAesOrHmacKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
443 {
444 struct HksParam params[] = {
445 {
446 .tag = HKS_TAG_SYMMETRIC_KEY_DATA,
447 .blob = { keyIn->size, keyIn->data },
448 },
449 };
450 return BuildParamSetOut(params, HKS_ARRAY_SIZE(params), paramSetOut);
451 }
452 #endif
453
454 #if defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY)
FormatRsaKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)455 static int32_t FormatRsaKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
456 {
457 if (keyIn->size < sizeof(struct KeyMaterialRsa)) {
458 return HKS_ERROR_INVALID_ARGUMENT;
459 }
460
461 struct KeyMaterialRsa *keyMaterial = (struct KeyMaterialRsa *)keyIn->data;
462 uint32_t publicKeySize = sizeof(struct KeyMaterialRsa) + keyMaterial->nSize + keyMaterial->eSize;
463 if (keyIn->size < publicKeySize) {
464 HKS_LOG_E("invalid key info.");
465 return HKS_ERROR_INVALID_KEY_INFO;
466 }
467
468 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
469 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
470
471 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
472 ((struct KeyMaterialRsa *)publicKey)->dSize = 0;
473
474 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
475 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
476 HKS_FREE(publicKey);
477 return ret;
478 }
479 #endif
480
481 #if defined(HKS_SUPPORT_DSA_C) && defined(HKS_SUPPORT_DSA_GENERATE_KEY)
FormatDsaKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)482 static int32_t FormatDsaKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
483 {
484 if (keyIn->size < sizeof(struct KeyMaterialDsa)) {
485 return HKS_ERROR_INVALID_ARGUMENT;
486 }
487
488 struct KeyMaterialDsa *keyMaterial = (struct KeyMaterialDsa *)keyIn->data;
489 uint32_t publicKeySize = sizeof(struct KeyMaterialDsa) + keyMaterial->ySize + keyMaterial->pSize +
490 keyMaterial->qSize + keyMaterial->gSize;
491 if (keyIn->size < publicKeySize) {
492 HKS_LOG_E("invalid key info.");
493 return HKS_ERROR_INVALID_KEY_INFO;
494 }
495
496 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
497 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc key failed.")
498
499 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, sizeof(struct KeyMaterialDsa));
500 uint32_t inOffset = sizeof(struct KeyMaterialDsa);
501 uint32_t outOffset = sizeof(struct KeyMaterialDsa) + keyMaterial->xSize;
502 (void)memcpy_s(publicKey + inOffset, publicKeySize - inOffset, keyIn->data + outOffset, publicKeySize - inOffset);
503 ((struct KeyMaterialDsa *)publicKey)->xSize = 0;
504
505 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
506 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
507 HKS_FREE(publicKey);
508 return ret;
509 }
510 #endif
511
512 #if defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)
FormatEccKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)513 static int32_t FormatEccKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
514 {
515 if (keyIn->size < sizeof(struct KeyMaterialEcc)) {
516 return HKS_ERROR_INVALID_ARGUMENT;
517 }
518
519 struct KeyMaterialEcc *keyMaterial = (struct KeyMaterialEcc *)keyIn->data;
520 uint32_t publicKeySize = sizeof(struct KeyMaterialEcc) + keyMaterial->xSize + keyMaterial->ySize;
521 if (keyIn->size < publicKeySize) {
522 HKS_LOG_E("invalid key info.");
523 return HKS_ERROR_INVALID_KEY_INFO;
524 }
525
526 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
527 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
528
529 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
530 ((struct KeyMaterialEcc *)publicKey)->zSize = 0;
531 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
532 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
533 HKS_FREE(publicKey);
534 return ret;
535 }
536 #endif
537
538 #if defined(HKS_SUPPORT_DH_C) && defined(HKS_SUPPORT_DH_GENERATE_KEY)
FormatDhKey(const struct HksBlob * keyIn,struct HksParamSet * paramSetOut)539 static int32_t FormatDhKey(const struct HksBlob *keyIn, struct HksParamSet *paramSetOut)
540 {
541 if (keyIn->size < sizeof(struct KeyMaterialDh)) {
542 return HKS_ERROR_INVALID_ARGUMENT;
543 }
544
545 struct KeyMaterialDh *keyMaterial = (struct KeyMaterialDh *)keyIn->data;
546 uint32_t publicKeySize = sizeof(struct KeyMaterialDh) + keyMaterial->pubKeySize;
547 if (keyIn->size < publicKeySize) {
548 HKS_LOG_E("invalid key info.");
549 return HKS_ERROR_INVALID_KEY_INFO;
550 }
551
552 uint8_t *publicKey = (uint8_t *)HksMalloc(publicKeySize);
553 HKS_IF_NULL_LOGE_RETURN(publicKey, HKS_ERROR_MALLOC_FAIL, "malloc public key failed.")
554
555 (void)memcpy_s(publicKey, publicKeySize, keyIn->data, publicKeySize);
556 ((struct KeyMaterialDh *)publicKey)->priKeySize = 0;
557 int32_t ret = FormatKeyInner(publicKeySize, publicKey, keyIn, paramSetOut);
558 (void)memset_s(publicKey, publicKeySize, 0, publicKeySize);
559 HKS_FREE(publicKey);
560 return ret;
561 }
562 #endif
563
HksSetKeyToMaterial(uint32_t alg,bool isPubKey,const struct HksBlob * key,struct HksBlob * keyMaterial)564 int32_t HksSetKeyToMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *key, struct HksBlob *keyMaterial)
565 {
566 switch (alg) {
567 case HKS_ALG_X25519:
568 case HKS_ALG_ED25519:
569 return SetCurve25519KeyMaterial(isPubKey, key, keyMaterial);
570 case HKS_ALG_RSA:
571 case HKS_ALG_DSA:
572 case HKS_ALG_ECC:
573 case HKS_ALG_ECDH:
574 case HKS_ALG_DH:
575 keyMaterial->size = key->size;
576 keyMaterial->data = (uint8_t *)HksMalloc(keyMaterial->size);
577 if (keyMaterial->data != NULL) {
578 (void)memcpy_s(keyMaterial->data, keyMaterial->size, key->data, key->size);
579 return HKS_SUCCESS;
580 } else {
581 return HKS_ERROR_MALLOC_FAIL;
582 }
583 break;
584 default:
585 HKS_LOG_E("alg not support");
586 return HKS_ERROR_INVALID_ALGORITHM;
587 }
588 }
589
HksGetKeyFromMaterial(uint32_t alg,bool isPubKey,const struct HksBlob * keyMaterial,struct HksBlob * key)590 int32_t HksGetKeyFromMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *keyMaterial, struct HksBlob *key)
591 {
592 switch (alg) {
593 case HKS_ALG_X25519:
594 case HKS_ALG_ED25519:
595 return GetCurve25519FromKeyMaterial(isPubKey, keyMaterial, key);
596 default:
597 HKS_LOG_E("alg not support");
598 return HKS_ERROR_INVALID_ALGORITHM;
599 }
600 }
601
HksFormatKeyFromMaterial(uint32_t alg,const struct HksBlob * keyMaterial,struct HksParamSet * paramSetOut)602 int32_t HksFormatKeyFromMaterial(uint32_t alg, const struct HksBlob *keyMaterial,
603 struct HksParamSet *paramSetOut)
604 {
605 switch (alg) {
606 case HKS_ALG_X25519:
607 case HKS_ALG_ED25519:
608 return FormatCurve25519Key(keyMaterial, paramSetOut);
609 #if defined(HKS_SUPPORT_AES_C) && defined(HKS_SUPPORT_AES_GENERATE_KEY)
610 case HKS_ALG_AES:
611 return FormatAesOrHmacKey(keyMaterial, paramSetOut);
612 #endif
613 #if defined(HKS_SUPPORT_RSA_C) && defined(HKS_SUPPORT_RSA_GENERATE_KEY)
614 case HKS_ALG_RSA:
615 return FormatRsaKey(keyMaterial, paramSetOut);
616 #endif
617 #if defined(HKS_SUPPORT_HMAC_C) && defined(HKS_SUPPORT_HMAC_GENERATE_KEY)
618 case HKS_ALG_HMAC:
619 return FormatAesOrHmacKey(keyMaterial, paramSetOut);
620 #endif
621 #if defined(HKS_SUPPORT_DSA_C) && defined(HKS_SUPPORT_DSA_GENERATE_KEY)
622 case HKS_ALG_DSA:
623 return FormatDsaKey(keyMaterial, paramSetOut);
624 #endif
625 #if defined(HKS_SUPPORT_ECC_C) && defined(HKS_SUPPORT_ECC_GENERATE_KEY)
626 case HKS_ALG_ECC:
627 case HKS_ALG_ECDH:
628 return FormatEccKey(keyMaterial, paramSetOut);
629 #endif
630 #if defined(HKS_SUPPORT_DH_C) && defined(HKS_SUPPORT_DH_GENERATE_KEY)
631 case HKS_ALG_DH:
632 return FormatDhKey(keyMaterial, paramSetOut);
633 #endif
634 default:
635 HKS_LOG_E("alg not support");
636 return HKS_ERROR_INVALID_ALGORITHM;
637 }
638 }
639 #endif
640