1 /*
2 * Copyright (c) 2020-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_mbedtls_common.h"
23
24 #include <mbedtls/entropy.h>
25 #include <mbedtls/md.h>
26
27 #include "hks_log.h"
28 #include "hks_template.h"
29
30 #ifdef HUKS_LOG_MINI_EXT_ENABLED
31 #include "log.h"
32 #endif
33
34 /* the custom data of random seed */
35 const unsigned char g_hksRandomSeedCustom[] = {
36 /* H K S */
37 0x48, 0x4B, 0x53
38 };
39
HksToMbedtlsDigestAlg(const uint32_t hksAlg,uint32_t * mbedtlsAlg)40 int32_t HksToMbedtlsDigestAlg(const uint32_t hksAlg, uint32_t *mbedtlsAlg)
41 {
42 switch (hksAlg) {
43 case HKS_DIGEST_MD5:
44 *mbedtlsAlg = MBEDTLS_MD_MD5;
45 break;
46 case HKS_DIGEST_SHA1:
47 *mbedtlsAlg = MBEDTLS_MD_SHA1;
48 break;
49 case HKS_DIGEST_SHA224:
50 *mbedtlsAlg = MBEDTLS_MD_SHA224;
51 break;
52 case HKS_DIGEST_SHA256:
53 *mbedtlsAlg = MBEDTLS_MD_SHA256;
54 break;
55 case HKS_DIGEST_SHA384:
56 *mbedtlsAlg = MBEDTLS_MD_SHA384;
57 break;
58 case HKS_DIGEST_SHA512:
59 *mbedtlsAlg = MBEDTLS_MD_SHA512;
60 break;
61 case HKS_DIGEST_NONE:
62 *mbedtlsAlg = MBEDTLS_MD_NONE;
63 break;
64 default:
65 HKS_LOG_E("Unsupported digest algorithm! digestAlg: 0x%" LOG_PUBLIC "X", hksAlg);
66 return HKS_ERROR_INVALID_DIGEST;
67 }
68 return HKS_SUCCESS;
69 }
70
HksCtrDrbgSeed(mbedtls_ctr_drbg_context * ctrDrbg,mbedtls_entropy_context * entropy)71 int32_t HksCtrDrbgSeed(mbedtls_ctr_drbg_context *ctrDrbg, mbedtls_entropy_context *entropy)
72 {
73 mbedtls_ctr_drbg_init(ctrDrbg);
74 mbedtls_entropy_init(entropy);
75
76 /* use the g_hksRandomSeedCustom without string terminator */
77 int32_t ret = mbedtls_ctr_drbg_seed(ctrDrbg, mbedtls_entropy_func,
78 entropy, g_hksRandomSeedCustom, sizeof(g_hksRandomSeedCustom));
79 if (ret != HKS_MBEDTLS_SUCCESS) {
80 HKS_LOG_E("Ctr drbg seed failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
81 mbedtls_ctr_drbg_free(ctrDrbg);
82 mbedtls_entropy_free(entropy);
83 return HKS_ERROR_CRYPTO_ENGINE_ERROR;
84 }
85
86 return HKS_SUCCESS;
87 }
88
HksMbedtlsFillRandom(struct HksBlob * randomData)89 int32_t HksMbedtlsFillRandom(struct HksBlob *randomData)
90 {
91 mbedtls_entropy_context entropy;
92 mbedtls_ctr_drbg_context ctrDrbg;
93 (void)memset_s(&entropy, sizeof(mbedtls_entropy_context), 0, sizeof(mbedtls_entropy_context));
94 (void)memset_s(&ctrDrbg, sizeof(mbedtls_ctr_drbg_context), 0, sizeof(mbedtls_ctr_drbg_context));
95 int32_t ret = HksCtrDrbgSeed(&ctrDrbg, &entropy);
96 HKS_IF_NOT_SUCC_RETURN(ret, ret)
97
98 do {
99 ret = mbedtls_ctr_drbg_random(&ctrDrbg, randomData->data, randomData->size);
100 if (ret != HKS_MBEDTLS_SUCCESS) {
101 HKS_LOG_E("Mbedtls random failed! mbedtls ret = 0x%" LOG_PUBLIC "X", ret);
102 #ifdef HUKS_LOG_MINI_EXT_ENABLED
103 HILOG_ERROR(HILOG_MODULE_SCY, "Mbedtls random failed! mbedtls ret = 0x%{public}X", ret);
104 #endif
105 (void)memset_s(randomData->data, randomData->size, 0, randomData->size);
106 ret = HKS_ERROR_CRYPTO_ENGINE_ERROR;
107 }
108 } while (0);
109
110 mbedtls_ctr_drbg_free(&ctrDrbg);
111 mbedtls_entropy_free(&entropy);
112 return ret;
113 }
114