1 /*
2 * Copyright (C) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "signature_rsa_openssl.h"
17
18 #include <string.h>
19
20 #include <openssl/evp.h>
21
22 #include "securec.h"
23
24 #include "algorithm_parameter.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "openssl_adapter.h"
28 #include "openssl_class.h"
29 #include "openssl_common.h"
30 #include "rsa_openssl_common.h"
31 #include "utils.h"
32
33 #define PSS_TRAILER_FIELD_SUPPORTED_INT 1
34 #define PSS_SALTLEN_INVALID_INIT (-9)
35
36 typedef struct {
37 HcfSignSpi base;
38
39 EVP_MD_CTX *mdctx;
40
41 EVP_PKEY_CTX *ctx;
42
43 int32_t padding;
44
45 int32_t md;
46
47 int32_t mgf1md;
48
49 CryptoStatus initFlag;
50
51 int32_t saltLen;
52
53 int32_t operation;
54 } HcfSignSpiRsaOpensslImpl;
55
56 #define RSA_DIGEST_VERIFY 0
57 #define RSA_VERIFY_RECOVER 1
58 typedef struct {
59 HcfVerifySpi base;
60
61 EVP_MD_CTX *mdctx;
62
63 EVP_PKEY_CTX *ctx;
64
65 int32_t padding;
66
67 int32_t md;
68
69 int32_t mgf1md;
70
71 CryptoStatus initFlag;
72
73 int32_t saltLen;
74
75 int32_t operation;
76 } HcfVerifySpiRsaOpensslImpl;
77
GetRsaSignClass(void)78 static const char *GetRsaSignClass(void)
79 {
80 return OPENSSL_RSA_SIGN_CLASS;
81 }
82
GetRsaVerifyClass(void)83 static const char *GetRsaVerifyClass(void)
84 {
85 return OPENSSL_RSA_VERIFY_CLASS;
86 }
87
DestroyRsaSign(HcfObjectBase * self)88 static void DestroyRsaSign(HcfObjectBase *self)
89 {
90 if (self == NULL) {
91 LOGE("Class is null");
92 return;
93 }
94 if (!HcfIsClassMatch(self, OPENSSL_RSA_SIGN_CLASS)) {
95 LOGE("Class not match.");
96 return;
97 }
98 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
99 OpensslEvpMdCtxFree(impl->mdctx);
100 impl->mdctx = NULL;
101 // ctx will be freed with mdctx unless only sign
102 if (impl->operation == HCF_OPERATIOPN_ONLY_SIGN) {
103 OpensslEvpPkeyCtxFree(impl->ctx);
104 impl->ctx = NULL;
105 }
106 HcfFree(impl);
107 }
108
DestroyRsaVerify(HcfObjectBase * self)109 static void DestroyRsaVerify(HcfObjectBase *self)
110 {
111 if (self == NULL) {
112 LOGE("Class is null");
113 return;
114 }
115 if (!HcfIsClassMatch(self, OPENSSL_RSA_VERIFY_CLASS)) {
116 LOGE("Class not match.");
117 return;
118 }
119 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
120 OpensslEvpMdCtxFree(impl->mdctx);
121 impl->mdctx = NULL;
122 if (impl->operation == RSA_VERIFY_RECOVER) {
123 OpensslEvpPkeyCtxFree(impl->ctx);
124 impl->ctx = NULL;
125 }
126 HcfFree(impl);
127 }
128
CheckInitKeyType(HcfKey * key,bool signing)129 static HcfResult CheckInitKeyType(HcfKey *key, bool signing)
130 {
131 if (signing) {
132 if (!HcfIsClassMatch((HcfObjectBase *)key, OPENSSL_RSA_PRIKEY_CLASS)) {
133 LOGE("Input keyType dismatch with sign option, please use priKey.");
134 return HCF_INVALID_PARAMS;
135 }
136 } else {
137 if (!HcfIsClassMatch((HcfObjectBase *)key, OPENSSL_RSA_PUBKEY_CLASS)) {
138 LOGE("Input keyType dismatch with sign option, please use pubKey.");
139 return HCF_INVALID_PARAMS;
140 }
141 }
142 return HCF_SUCCESS;
143 }
144
InitRsaEvpKey(const HcfKey * key,bool signing)145 static EVP_PKEY *InitRsaEvpKey(const HcfKey *key, bool signing)
146 {
147 RSA *rsa = NULL;
148 if (signing == true) {
149 // dup will check if rsa is NULL
150 if (DuplicateRsa(((HcfOpensslRsaPriKey *)key)->sk, signing, &rsa) != HCF_SUCCESS) {
151 LOGE("dup pri RSA fail");
152 return NULL;
153 }
154 } else if (signing == false) {
155 if (DuplicateRsa(((HcfOpensslRsaPubKey *)key)->pk, signing, &rsa) != HCF_SUCCESS) {
156 LOGE("dup pub RSA fail");
157 return NULL;
158 }
159 }
160 if (rsa == NULL) {
161 LOGE("The Key has lost.");
162 return NULL;
163 }
164 EVP_PKEY *pkey = NewEvpPkeyByRsa(rsa, false);
165 if (pkey == NULL) {
166 LOGD("[error] New evp pkey failed");
167 HcfPrintOpensslError();
168 OpensslRsaFree(rsa);
169 return NULL;
170 }
171 return pkey;
172 }
173
174 // the params has been checked in the CheckSignatureParams
SetPaddingAndDigest(EVP_PKEY_CTX * ctx,int32_t hcfPadding,int32_t md,int32_t mgf1md)175 static HcfResult SetPaddingAndDigest(EVP_PKEY_CTX *ctx, int32_t hcfPadding, int32_t md, int32_t mgf1md)
176 {
177 int32_t opensslPadding = 0;
178 (void)GetOpensslPadding(hcfPadding, &opensslPadding);
179 if (OpensslEvpPkeyCtxSetRsaPadding(ctx, opensslPadding) != HCF_OPENSSL_SUCCESS) {
180 LOGD("[error] OpensslEvpPkeyCtxSetRsaPadding fail");
181 HcfPrintOpensslError();
182 return HCF_ERR_CRYPTO_OPERATION;
183 }
184 if (hcfPadding == HCF_OPENSSL_RSA_PSS_PADDING) {
185 LOGD("padding is pss, set mgf1 md");
186 EVP_MD *opensslAlg = NULL;
187 (void)GetOpensslDigestAlg(mgf1md, &opensslAlg);
188 if (OpensslEvpPkeyCtxSetRsaMgf1Md(ctx, opensslAlg) != HCF_OPENSSL_SUCCESS) {
189 LOGD("[error] EVP_PKEY_CTX_set_rsa_mgf1_md fail");
190 HcfPrintOpensslError();
191 return HCF_ERR_CRYPTO_OPERATION;
192 }
193 }
194 return HCF_SUCCESS;
195 }
196
SetOnlySignParams(HcfSignSpiRsaOpensslImpl * impl,HcfPriKey * privateKey)197 static HcfResult SetOnlySignParams(HcfSignSpiRsaOpensslImpl *impl, HcfPriKey *privateKey)
198 {
199 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)privateKey, true);
200 if (dupKey == NULL) {
201 LOGD("InitRsaEvpKey fail.");
202 return HCF_ERR_CRYPTO_OPERATION;
203 }
204 EVP_PKEY_CTX *ctx = NULL;
205 EVP_MD *opensslAlg = NULL;
206 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
207 ctx = OpensslEvpPkeyCtxNewFromPkey(NULL, dupKey, NULL);
208 OpensslEvpPkeyFree(dupKey);
209 if (ctx == NULL) {
210 LOGD("OpensslEvpPkeyCtxNew fail.");
211 return HCF_ERR_CRYPTO_OPERATION;
212 }
213 if (OpensslEvpPkeySignInit(ctx) != HCF_OPENSSL_SUCCESS) {
214 LOGD("OpensslEvpPkeySignInit fail.");
215 OpensslEvpPkeyCtxFree(ctx);
216 return HCF_ERR_CRYPTO_OPERATION;
217 }
218 if (opensslAlg != NULL) {
219 if (OpensslEvpPkeyCtxSetSignatureMd(ctx, opensslAlg) != HCF_OPENSSL_SUCCESS) {
220 LOGD("OpensslEvpPkeyCtxSetSignatureMd fail.");
221 OpensslEvpPkeyCtxFree(ctx);
222 return HCF_ERR_CRYPTO_OPERATION;
223 }
224 }
225 int32_t opensslPadding = 0;
226 (void)GetOpensslPadding(impl->padding, &opensslPadding);
227 if (OpensslEvpPkeyCtxSetRsaPadding(ctx, opensslPadding) != HCF_OPENSSL_SUCCESS) {
228 LOGD("OpensslEvpPkeyCtxSetRsaPadding fail");
229 OpensslEvpPkeyCtxFree(ctx);
230 return HCF_ERR_CRYPTO_OPERATION;
231 }
232 impl->ctx = ctx;
233 return HCF_SUCCESS;
234 }
235
SetSignParams(HcfSignSpiRsaOpensslImpl * impl,HcfPriKey * privateKey)236 static HcfResult SetSignParams(HcfSignSpiRsaOpensslImpl *impl, HcfPriKey *privateKey)
237 {
238 if (impl->operation == HCF_OPERATIOPN_ONLY_SIGN) {
239 return SetOnlySignParams(impl, privateKey);
240 }
241 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)privateKey, true);
242 if (dupKey == NULL) {
243 LOGD("[error] InitRsaEvpKey fail.");
244 return HCF_ERR_CRYPTO_OPERATION;
245 }
246 EVP_PKEY_CTX *ctx = NULL;
247 EVP_MD *opensslAlg = NULL;
248 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
249 if (opensslAlg == NULL) {
250 OpensslEvpPkeyFree(dupKey);
251 LOGE("Get openssl digest alg fail");
252 return HCF_INVALID_PARAMS;
253 }
254 int ret = OpensslEvpDigestSignInit(impl->mdctx, &ctx, opensslAlg, NULL, dupKey);
255 OpensslEvpPkeyFree(dupKey);
256 if (ret != HCF_OPENSSL_SUCCESS) {
257 LOGD("[error] OpensslEvpDigestSignInit fail.");
258 return HCF_ERR_CRYPTO_OPERATION;
259 }
260 if (SetPaddingAndDigest(ctx, impl->padding, impl->md, impl->mgf1md) != HCF_SUCCESS) {
261 LOGD("[error] set padding and digest fail");
262 return HCF_ERR_CRYPTO_OPERATION;
263 }
264 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
265 if (OpensslEvpPkeyCtxSetRsaPssSaltLen(ctx, impl->saltLen) != HCF_OPENSSL_SUCCESS) {
266 LOGD("[error] get saltLen fail");
267 return HCF_ERR_CRYPTO_OPERATION;
268 }
269 }
270 impl->ctx = ctx;
271 return HCF_SUCCESS;
272 }
273
EngineSignInit(HcfSignSpi * self,HcfParamsSpec * params,HcfPriKey * privateKey)274 static HcfResult EngineSignInit(HcfSignSpi *self, HcfParamsSpec *params, HcfPriKey *privateKey)
275 {
276 (void)params;
277 if (self == NULL || privateKey == NULL) {
278 LOGE("Invalid input params");
279 return HCF_INVALID_PARAMS;
280 }
281 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
282 LOGE("Class not match.");
283 return HCF_INVALID_PARAMS;
284 }
285 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
286 if (impl->initFlag != UNINITIALIZED) {
287 LOGE("Sign has been init");
288 return HCF_INVALID_PARAMS;
289 }
290 if (CheckInitKeyType((HcfKey *)privateKey, true) != HCF_SUCCESS) {
291 LOGE("KeyType dismatch.");
292 return HCF_INVALID_PARAMS;
293 }
294
295 HcfResult ret = SetSignParams(impl, privateKey);
296 if (ret == HCF_ERR_CRYPTO_OPERATION) {
297 HcfPrintOpensslError();
298 }
299 if (ret != HCF_SUCCESS) {
300 LOGD("[error] Sign set padding or md fail");
301 return ret;
302 }
303 impl->initFlag = INITIALIZED;
304 return HCF_SUCCESS;
305 }
306
SetVerifyParams(HcfVerifySpiRsaOpensslImpl * impl,HcfPubKey * publicKey)307 static HcfResult SetVerifyParams(HcfVerifySpiRsaOpensslImpl *impl, HcfPubKey *publicKey)
308 {
309 EVP_PKEY_CTX *ctx = NULL;
310 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)publicKey, false);
311 if (dupKey == NULL) {
312 LOGD("[error] InitRsaEvpKey fail.");
313 return HCF_ERR_CRYPTO_OPERATION;
314 }
315 EVP_MD *opensslAlg = NULL;
316 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
317 if (opensslAlg == NULL) {
318 OpensslEvpPkeyFree(dupKey);
319 LOGE("Get openssl digest alg fail");
320 return HCF_INVALID_PARAMS;
321 }
322 int ret = OpensslEvpDigestVerifyInit(impl->mdctx, &ctx, opensslAlg, NULL, dupKey);
323 OpensslEvpPkeyFree(dupKey);
324 if (ret != HCF_OPENSSL_SUCCESS) {
325 LOGD("[error] OpensslEvpDigestVerifyInit fail.");
326 HcfPrintOpensslError();
327 return HCF_ERR_CRYPTO_OPERATION;
328 }
329 if (SetPaddingAndDigest(ctx, impl->padding, impl->md, impl->mgf1md) != HCF_SUCCESS) {
330 LOGD("[error] set padding and digest fail");
331 return HCF_ERR_CRYPTO_OPERATION;
332 }
333 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
334 if (OpensslEvpPkeyCtxSetRsaPssSaltLen(ctx, impl->saltLen) != HCF_OPENSSL_SUCCESS) {
335 LOGD("[error] get saltLen fail");
336 return HCF_ERR_CRYPTO_OPERATION;
337 }
338 }
339 impl->ctx = ctx;
340 return HCF_SUCCESS;
341 }
342
SetVerifyRecoverParams(HcfVerifySpiRsaOpensslImpl * impl,HcfPubKey * publicKey)343 static HcfResult SetVerifyRecoverParams(HcfVerifySpiRsaOpensslImpl *impl, HcfPubKey *publicKey)
344 {
345 EVP_PKEY *dupKey = InitRsaEvpKey((HcfKey *)publicKey, false);
346 if (dupKey == NULL) {
347 LOGD("[error] InitRsaEvpKey fail.");
348 return HCF_ERR_CRYPTO_OPERATION;
349 }
350
351 EVP_PKEY_CTX *ctx = NULL;
352 ctx = OpensslEvpPkeyCtxNewFromPkey(NULL, dupKey, NULL);
353 OpensslEvpPkeyFree(dupKey);
354 if (ctx == NULL) {
355 LOGD("[error] OpensslEvpPkeyCtxNewFromPkey fail.");
356 HcfPrintOpensslError();
357 return HCF_ERR_CRYPTO_OPERATION;
358 }
359
360 if (OpensslEvpPkeyVerifyRecoverInit(ctx) != HCF_OPENSSL_SUCCESS) {
361 LOGD("[error] OpensslEvpPkeyVerifyRecoverInit fail");
362 HcfPrintOpensslError();
363 OpensslEvpPkeyCtxFree(ctx);
364 return HCF_ERR_CRYPTO_OPERATION;
365 }
366
367 int32_t opensslPadding = 0;
368 (void)GetOpensslPadding(impl->padding, &opensslPadding);
369 if (OpensslEvpPkeyCtxSetRsaPadding(ctx, opensslPadding) != HCF_OPENSSL_SUCCESS) {
370 LOGD("[error] OpensslEvpPkeyCtxSetRsaPadding fail");
371 HcfPrintOpensslError();
372 OpensslEvpPkeyCtxFree(ctx);
373 return HCF_ERR_CRYPTO_OPERATION;
374 }
375
376 EVP_MD *opensslAlg = NULL;
377 (void)GetOpensslDigestAlg(impl->md, &opensslAlg);
378 if (opensslAlg != NULL) {
379 if (OpensslEvpPkeyCtxSetSignatureMd(ctx, opensslAlg) != HCF_OPENSSL_SUCCESS) {
380 LOGD("[error] EVP_PKEY_CTX_set_rsa_mgf1_md fail");
381 HcfPrintOpensslError();
382 OpensslEvpPkeyCtxFree(ctx);
383 return HCF_ERR_CRYPTO_OPERATION;
384 }
385 }
386
387 impl->ctx = ctx;
388 return HCF_SUCCESS;
389 }
390
EngineVerifyInit(HcfVerifySpi * self,HcfParamsSpec * params,HcfPubKey * publicKey)391 static HcfResult EngineVerifyInit(HcfVerifySpi *self, HcfParamsSpec *params, HcfPubKey *publicKey)
392 {
393 (void)params;
394 if (self == NULL || publicKey == NULL) {
395 LOGE("Invalid input params.");
396 return HCF_INVALID_PARAMS;
397 }
398 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
399 LOGE("Class not match.");
400 return HCF_INVALID_PARAMS;
401 }
402 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
403 if (impl->initFlag != UNINITIALIZED) {
404 LOGE("Verigy has been init.");
405 return HCF_INVALID_PARAMS;
406 }
407 if (CheckInitKeyType((HcfKey *)publicKey, false) != HCF_SUCCESS) {
408 LOGE("KeyType dismatch.");
409 return HCF_INVALID_PARAMS;
410 }
411
412 if (impl->operation == RSA_DIGEST_VERIFY) {
413 if (SetVerifyParams(impl, publicKey) != HCF_SUCCESS) {
414 LOGD("[error] Verify set padding or md fail");
415 return HCF_ERR_CRYPTO_OPERATION;
416 }
417 } else {
418 if (SetVerifyRecoverParams(impl, publicKey) != HCF_SUCCESS) {
419 LOGD("[error] VerifyRecover set padding or md fail");
420 return HCF_ERR_CRYPTO_OPERATION;
421 }
422 }
423
424 impl->initFlag = INITIALIZED;
425 return HCF_SUCCESS;
426 }
427
EngineSignUpdate(HcfSignSpi * self,HcfBlob * data)428 static HcfResult EngineSignUpdate(HcfSignSpi *self, HcfBlob *data)
429 {
430 if ((self == NULL) || (data == NULL) || (data->data == NULL)) {
431 LOGE("Invalid input parameter.");
432 return HCF_INVALID_PARAMS;
433 }
434 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
435 LOGE("Class not match.");
436 return HCF_INVALID_PARAMS;
437 }
438 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
439 if (impl->initFlag != INITIALIZED) {
440 LOGE("The Sign has not been init");
441 return HCF_INVALID_PARAMS;
442 }
443 if (impl->operation == HCF_OPERATIOPN_ONLY_SIGN) {
444 LOGE("Update cannot support in OnlySign");
445 return HCF_ERR_CRYPTO_OPERATION;
446 }
447 if (OpensslEvpDigestSignUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
448 LOGD("[error] OpensslEvpDigestSignUpdate fail");
449 return HCF_ERR_CRYPTO_OPERATION;
450 }
451 return HCF_SUCCESS;
452 }
453
EngineVerifyUpdate(HcfVerifySpi * self,HcfBlob * data)454 static HcfResult EngineVerifyUpdate(HcfVerifySpi *self, HcfBlob *data)
455 {
456 if ((self == NULL) || (data == NULL) || (data->data == NULL)) {
457 LOGE("Invalid input parameter.");
458 return HCF_INVALID_PARAMS;
459 }
460 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
461 LOGE("Class not match.");
462 return HCF_INVALID_PARAMS;
463 }
464 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
465 if (impl->initFlag != INITIALIZED) {
466 LOGE("The Sign has not been init");
467 return HCF_INVALID_PARAMS;
468 }
469
470 if (impl->operation != RSA_DIGEST_VERIFY) {
471 LOGE("Invalid digest verify operation.");
472 return HCF_ERR_CRYPTO_OPERATION;
473 }
474
475 if (OpensslEvpDigestVerifyUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
476 LOGD("[error] OpensslEvpDigestSignUpdate fail");
477 return HCF_ERR_CRYPTO_OPERATION;
478 }
479 return HCF_SUCCESS;
480 }
481
EnginePkeySign(HcfSignSpiRsaOpensslImpl * impl,HcfBlob * data,HcfBlob * returnSignatureData)482 static HcfResult EnginePkeySign(HcfSignSpiRsaOpensslImpl *impl, HcfBlob *data, HcfBlob *returnSignatureData)
483 {
484 if (data == NULL || data->len == 0 || data->data == NULL) {
485 LOGE("Invalid input params.");
486 return HCF_INVALID_PARAMS;
487 }
488 size_t maxLen;
489 if (OpensslEvpPkeySign(impl->ctx, NULL, &maxLen, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
490 LOGE("OpensslEvpPkeySign get maxLen fail");
491 return HCF_ERR_CRYPTO_OPERATION;
492 }
493 LOGD("sign maxLen is %zu", maxLen);
494 uint8_t *outData = (uint8_t *)HcfMalloc(maxLen, 0);
495 if (outData == NULL) {
496 LOGE("Failed to allocate outData memory!");
497 return HCF_ERR_MALLOC;
498 }
499 size_t actualLen = maxLen;
500 if (OpensslEvpPkeySign(impl->ctx, outData, &actualLen, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
501 LOGE("OpensslEvpPkeySign fail");
502 HcfFree(outData);
503 return HCF_ERR_CRYPTO_OPERATION;
504 }
505 returnSignatureData->data = outData;
506 returnSignatureData->len = (uint32_t)actualLen;
507 return HCF_SUCCESS;
508 }
509
EngineDigestSign(HcfSignSpiRsaOpensslImpl * impl,HcfBlob * data,HcfBlob * returnSignatureData)510 static HcfResult EngineDigestSign(HcfSignSpiRsaOpensslImpl *impl, HcfBlob *data, HcfBlob *returnSignatureData)
511 {
512 if (data != NULL && data->data != NULL) {
513 if (OpensslEvpDigestSignUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
514 LOGD("[error] Dofinal update data fail.");
515 return HCF_ERR_CRYPTO_OPERATION;
516 }
517 }
518
519 size_t maxLen;
520 if (OpensslEvpDigestSignFinal(impl->mdctx, NULL, &maxLen) != HCF_OPENSSL_SUCCESS) {
521 LOGD("[error] OpensslEvpDigestSignFinal fail");
522 return HCF_ERR_CRYPTO_OPERATION;
523 }
524 LOGD("sign maxLen is %zu", maxLen);
525 uint8_t *outData = (uint8_t *)HcfMalloc(maxLen, 0);
526 if (outData == NULL) {
527 LOGE("Failed to allocate outData memory!");
528 return HCF_ERR_MALLOC;
529 }
530
531 if (OpensslEvpDigestSignFinal(impl->mdctx, outData, &maxLen) != HCF_OPENSSL_SUCCESS) {
532 LOGD("[error] OpensslEvpDigestSignFinal fail");
533 HcfFree(outData);
534 HcfPrintOpensslError();
535 return HCF_ERR_CRYPTO_OPERATION;
536 }
537 returnSignatureData->data = outData;
538 returnSignatureData->len = (uint32_t)maxLen;
539 return HCF_SUCCESS;
540 }
541
EngineSign(HcfSignSpi * self,HcfBlob * data,HcfBlob * returnSignatureData)542 static HcfResult EngineSign(HcfSignSpi *self, HcfBlob *data, HcfBlob *returnSignatureData)
543 {
544 if (self == NULL || returnSignatureData == NULL) {
545 LOGE("Invalid input params.");
546 return HCF_INVALID_PARAMS;
547 }
548 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
549 LOGE("Class not match.");
550 return HCF_INVALID_PARAMS;
551 }
552 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
553 if (impl->initFlag != INITIALIZED) {
554 LOGE("The Sign has not been init");
555 return HCF_INVALID_PARAMS;
556 }
557
558 HcfResult ret;
559 if (impl->operation == HCF_OPERATIOPN_ONLY_SIGN) {
560 ret = EnginePkeySign(impl, data, returnSignatureData);
561 } else {
562 ret = EngineDigestSign(impl, data, returnSignatureData);
563 }
564
565 return ret;
566 }
567
EngineVerify(HcfVerifySpi * self,HcfBlob * data,HcfBlob * signatureData)568 static bool EngineVerify(HcfVerifySpi *self, HcfBlob *data, HcfBlob *signatureData)
569 {
570 if (self == NULL || signatureData == NULL || signatureData->data == NULL) {
571 LOGE("Invalid input params");
572 return false;
573 }
574 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
575 LOGE("Class not match.");
576 return false;
577 }
578
579 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
580 if (impl->initFlag != INITIALIZED) {
581 LOGE("The Sign has not been init");
582 return false;
583 }
584
585 if (impl->operation != RSA_DIGEST_VERIFY) {
586 LOGE("Invalid digest verify operation.");
587 return false;
588 }
589
590 if (data != NULL && data->data != NULL) {
591 if (OpensslEvpDigestVerifyUpdate(impl->mdctx, data->data, data->len) != HCF_OPENSSL_SUCCESS) {
592 LOGD("[error] OpensslEvpDigestVerifyUpdate fail");
593 return false;
594 }
595 }
596 if (OpensslEvpDigestVerifyFinal(impl->mdctx, signatureData->data, signatureData->len) != HCF_OPENSSL_SUCCESS) {
597 LOGD("[error] OpensslEvpDigestVerifyFinal fail");
598 return false;
599 }
600 return true;
601 }
602
EngineRecover(HcfVerifySpi * self,HcfBlob * signatureData,HcfBlob * rawSignatureData)603 static HcfResult EngineRecover(HcfVerifySpi *self, HcfBlob *signatureData, HcfBlob *rawSignatureData)
604 {
605 if (self == NULL || signatureData == NULL || signatureData->data == NULL || rawSignatureData == NULL) {
606 LOGE("Invalid input params");
607 return HCF_INVALID_PARAMS;
608 }
609 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
610 LOGE("Class not match.");
611 return HCF_INVALID_PARAMS;
612 }
613
614 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
615 if (impl->initFlag != INITIALIZED) {
616 LOGE("The Sign has not been init.");
617 return HCF_ERR_CRYPTO_OPERATION;
618 }
619
620 if (impl->operation != RSA_VERIFY_RECOVER) {
621 LOGE("Invalid verify recover operation.");
622 return HCF_ERR_CRYPTO_OPERATION;
623 }
624
625 size_t bufLen = 0;
626 if (OpensslEvpPkeyVerifyRecover(impl->ctx, NULL, &bufLen, signatureData->data, signatureData->len)
627 != HCF_OPENSSL_SUCCESS) {
628 LOGE("[error] OpensslEvpPkeyVerifyRecover get len fail.");
629 HcfPrintOpensslError();
630 return HCF_ERR_CRYPTO_OPERATION;
631 }
632
633 uint8_t *buf = (uint8_t *)HcfMalloc((uint32_t)bufLen, 0);
634 if (buf == NULL) {
635 LOGE("[error] HcfMalloc fail");
636 return HCF_ERR_MALLOC;
637 }
638
639 if (OpensslEvpPkeyVerifyRecover(impl->ctx, buf, &bufLen, signatureData->data, signatureData->len)
640 != HCF_OPENSSL_SUCCESS) {
641 LOGE("[error] OpensslEvpPkeyVerifyRecover fail.");
642 HcfPrintOpensslError();
643 HcfFree(buf);
644 buf = NULL;
645 return HCF_ERR_CRYPTO_OPERATION;
646 }
647
648 rawSignatureData->data = buf;
649 rawSignatureData->len = bufLen;
650 return HCF_SUCCESS;
651 }
652
CheckOnlySignatureParams(HcfSignatureParams * params)653 static HcfResult CheckOnlySignatureParams(HcfSignatureParams *params)
654 {
655 int32_t opensslPadding = 0;
656 if (GetOpensslPadding(params->padding, &opensslPadding) != HCF_SUCCESS) {
657 LOGE("getpadding fail.");
658 return HCF_INVALID_PARAMS;
659 }
660 if (opensslPadding != RSA_PKCS1_PADDING && opensslPadding != RSA_NO_PADDING) {
661 LOGE("only signature cannot use that padding mode.");
662 return HCF_INVALID_PARAMS;
663 }
664 EVP_MD *md = NULL;
665 HcfResult ret = GetOpensslDigestAlg(params->md, &md);
666 if (ret != HCF_SUCCESS) {
667 LOGE("Md is invalid.");
668 return HCF_INVALID_PARAMS;
669 }
670
671 return HCF_SUCCESS;
672 }
673
CheckSignatureParams(HcfSignatureParams * params)674 static HcfResult CheckSignatureParams(HcfSignatureParams *params)
675 {
676 if (params->operation == HCF_ALG_ONLY_SIGN) {
677 return CheckOnlySignatureParams(params);
678 }
679 int32_t opensslPadding = 0;
680 if (GetOpensslPadding(params->padding, &opensslPadding) != HCF_SUCCESS) {
681 LOGE("getpadding fail.");
682 return HCF_INVALID_PARAMS;
683 }
684 if (opensslPadding != RSA_PKCS1_PADDING && opensslPadding != RSA_PKCS1_PSS_PADDING) {
685 LOGE("signature cannot use that padding mode");
686 return HCF_INVALID_PARAMS;
687 }
688 EVP_MD *md = NULL;
689 (void)GetOpensslDigestAlg(params->md, &md);
690 if (md == NULL) {
691 LOGE("Md is NULL");
692 return HCF_INVALID_PARAMS;
693 }
694 if (params->padding == HCF_OPENSSL_RSA_PSS_PADDING) {
695 EVP_MD *mgf1md = NULL;
696 (void)GetOpensslDigestAlg(params->mgf1md, &mgf1md);
697 if (mgf1md == NULL) {
698 LOGE("Use pss padding, but mgf1md is NULL");
699 return HCF_INVALID_PARAMS;
700 }
701 }
702 return HCF_SUCCESS;
703 }
704
EngineSetSignSpecInt(HcfSignSpi * self,SignSpecItem item,int32_t saltLen)705 static HcfResult EngineSetSignSpecInt(HcfSignSpi *self, SignSpecItem item, int32_t saltLen)
706 {
707 if (self == NULL) {
708 LOGE("Invalid input parameter");
709 return HCF_INVALID_PARAMS;
710 }
711 if (item != PSS_SALT_LEN_INT) {
712 LOGE("Invalid sign spec item");
713 return HCF_INVALID_PARAMS;
714 }
715 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
716 LOGE("Class not match.");
717 return HCF_INVALID_PARAMS;
718 }
719 if (saltLen < 0) {
720 // RSA_PSS_SALTLEN_MAX_SIGN: max sign is old compatible max salt length for sign only
721 if (saltLen != RSA_PSS_SALTLEN_DIGEST && saltLen != RSA_PSS_SALTLEN_MAX_SIGN &&
722 saltLen != RSA_PSS_SALTLEN_MAX) {
723 LOGE("Invalid salt Len %d", saltLen);
724 return HCF_INVALID_PARAMS;
725 }
726 }
727 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
728 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
729 LOGE("Only support pss parameter");
730 return HCF_INVALID_PARAMS;
731 }
732 impl->saltLen = saltLen;
733 if (impl->initFlag == INITIALIZED) {
734 if (OpensslEvpPkeyCtxSetRsaPssSaltLen(impl->ctx, saltLen) != HCF_OPENSSL_SUCCESS) {
735 LOGD("[error] set saltLen fail");
736 return HCF_ERR_CRYPTO_OPERATION;
737 }
738 }
739 LOGD("Set sign saltLen success");
740 return HCF_SUCCESS;
741 }
742
EngineGetSignSpecInt(HcfSignSpi * self,SignSpecItem item,int32_t * returnInt)743 static HcfResult EngineGetSignSpecInt(HcfSignSpi *self, SignSpecItem item, int32_t *returnInt)
744 {
745 if (self == NULL || returnInt == NULL) {
746 LOGE("Invalid input parameter");
747 return HCF_INVALID_PARAMS;
748 }
749 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
750 LOGE("Class not match.");
751 return HCF_INVALID_PARAMS;
752 }
753 if (item != PSS_TRAILER_FIELD_INT && item != PSS_SALT_LEN_INT) {
754 LOGE("Invalid input spec");
755 return HCF_INVALID_PARAMS;
756 }
757 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
758 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
759 LOGE("Only support pss parameter");
760 return HCF_INVALID_PARAMS;
761 }
762 if (item == PSS_TRAILER_FIELD_INT) {
763 *returnInt = PSS_TRAILER_FIELD_SUPPORTED_INT;
764 return HCF_SUCCESS;
765 }
766 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
767 *returnInt = impl->saltLen;
768 return HCF_SUCCESS;
769 }
770 if (impl->initFlag == INITIALIZED) {
771 if (OpensslEvpPkeyCtxGetRsaPssSaltLen(impl->ctx, returnInt) != HCF_OPENSSL_SUCCESS) {
772 LOGD("[error] get saltLen fail");
773 return HCF_ERR_CRYPTO_OPERATION;
774 }
775 return HCF_SUCCESS;
776 } else {
777 LOGE("No set saltLen and not init!");
778 return HCF_INVALID_PARAMS;
779 }
780 }
781
EngineSetSignSpecUint8Array(HcfSignSpi * self,SignSpecItem item,HcfBlob pSource)782 static HcfResult EngineSetSignSpecUint8Array(HcfSignSpi *self, SignSpecItem item, HcfBlob pSource)
783 {
784 (void)self;
785 (void)item;
786 (void)pSource;
787 return HCF_NOT_SUPPORT;
788 }
789
EngineGetSignSpecString(HcfSignSpi * self,SignSpecItem item,char ** returnString)790 static HcfResult EngineGetSignSpecString(HcfSignSpi *self, SignSpecItem item, char **returnString)
791 {
792 if (self == NULL || returnString == NULL) {
793 LOGE("Invalid input parameter");
794 return HCF_INVALID_PARAMS;
795 }
796 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_SIGN_CLASS)) {
797 LOGE("Class not match.");
798 return HCF_INVALID_PARAMS;
799 }
800 HcfSignSpiRsaOpensslImpl *impl = (HcfSignSpiRsaOpensslImpl *)self;
801 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
802 LOGE("Only support pss parameter");
803 return HCF_INVALID_PARAMS;
804 }
805 HcfResult ret = HCF_INVALID_PARAMS;
806 switch (item) {
807 case PSS_MD_NAME_STR:
808 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->md), returnString);
809 break;
810 case PSS_MGF_NAME_STR:
811 // only support mgf1
812 ret = GetRsaSpecStringMGF(returnString);
813 break;
814 case PSS_MGF1_MD_STR:
815 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->mgf1md), returnString);
816 break;
817 default:
818 LOGE("Invalid input sign spec item");
819 return HCF_INVALID_PARAMS;
820 }
821 return ret;
822 }
823
EngineSetVerifySpecInt(HcfVerifySpi * self,SignSpecItem item,int32_t saltLen)824 static HcfResult EngineSetVerifySpecInt(HcfVerifySpi *self, SignSpecItem item, int32_t saltLen)
825 {
826 if (self == NULL) {
827 LOGE("Invalid input parameter");
828 return HCF_INVALID_PARAMS;
829 }
830 if (item != PSS_SALT_LEN_INT) {
831 LOGE("Invalid verify spec item");
832 return HCF_INVALID_PARAMS;
833 }
834 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
835 LOGE("Class not match.");
836 return HCF_INVALID_PARAMS;
837 }
838 if (saltLen < 0) {
839 // RSA_PSS_SALTLEN_AUTO: Verify only: auto detect salt length(only support verify)
840 if (saltLen != RSA_PSS_SALTLEN_DIGEST && saltLen != RSA_PSS_SALTLEN_AUTO &&
841 saltLen != RSA_PSS_SALTLEN_MAX) {
842 LOGE("Invalid salt Len %d", saltLen);
843 return HCF_INVALID_PARAMS;
844 }
845 }
846 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
847 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
848 LOGE("Only support pss parameter");
849 return HCF_INVALID_PARAMS;
850 }
851 impl->saltLen = saltLen;
852 if (impl->initFlag == INITIALIZED) {
853 if (OpensslEvpPkeyCtxSetRsaPssSaltLen(impl->ctx, saltLen) != HCF_OPENSSL_SUCCESS) {
854 LOGD("[error] set saltLen fail");
855 return HCF_ERR_CRYPTO_OPERATION;
856 }
857 }
858 return HCF_SUCCESS;
859 }
860
EngineGetVerifySpecInt(HcfVerifySpi * self,SignSpecItem item,int32_t * returnInt)861 static HcfResult EngineGetVerifySpecInt(HcfVerifySpi *self, SignSpecItem item, int32_t *returnInt)
862 {
863 if (self == NULL || returnInt == NULL) {
864 LOGE("Invalid input parameter");
865 return HCF_INVALID_PARAMS;
866 }
867 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
868 LOGE("Class not match.");
869 return HCF_INVALID_PARAMS;
870 }
871 if (item != PSS_TRAILER_FIELD_INT && item != PSS_SALT_LEN_INT) {
872 LOGE("Invalid input sign spec item");
873 return HCF_INVALID_PARAMS;
874 }
875 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
876 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
877 LOGE("Only support pss parameter");
878 return HCF_INVALID_PARAMS;
879 }
880 if (item == PSS_TRAILER_FIELD_INT) {
881 *returnInt = PSS_TRAILER_FIELD_SUPPORTED_INT;
882 return HCF_SUCCESS;
883 }
884 if (impl->saltLen != PSS_SALTLEN_INVALID_INIT) {
885 *returnInt = impl->saltLen;
886 return HCF_SUCCESS;
887 }
888 if (impl->initFlag == INITIALIZED) {
889 if (OpensslEvpPkeyCtxGetRsaPssSaltLen(impl->ctx, returnInt) != HCF_OPENSSL_SUCCESS) {
890 LOGD("[error] get saltLen fail");
891 return HCF_ERR_CRYPTO_OPERATION;
892 }
893 return HCF_SUCCESS;
894 } else {
895 LOGE("No set saltLen and not init!");
896 return HCF_INVALID_PARAMS;
897 }
898 }
899
EngineSetVerifySpecUint8Array(HcfVerifySpi * self,SignSpecItem item,HcfBlob pSource)900 static HcfResult EngineSetVerifySpecUint8Array(HcfVerifySpi *self, SignSpecItem item, HcfBlob pSource)
901 {
902 (void)self;
903 (void)item;
904 (void)pSource;
905 return HCF_NOT_SUPPORT;
906 }
907
EngineGetVerifySpecString(HcfVerifySpi * self,SignSpecItem item,char ** returnString)908 static HcfResult EngineGetVerifySpecString(HcfVerifySpi *self, SignSpecItem item, char **returnString)
909 {
910 if (self == NULL || returnString == NULL) {
911 LOGE("Invalid input parameter");
912 return HCF_INVALID_PARAMS;
913 }
914 if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_VERIFY_CLASS)) {
915 LOGE("Class not match.");
916 return HCF_INVALID_PARAMS;
917 }
918 HcfVerifySpiRsaOpensslImpl *impl = (HcfVerifySpiRsaOpensslImpl *)self;
919 if (impl->padding != HCF_OPENSSL_RSA_PSS_PADDING) {
920 LOGE("Only support pss parameter");
921 return HCF_INVALID_PARAMS;
922 }
923 HcfResult ret = HCF_INVALID_PARAMS;
924 switch (item) {
925 case PSS_MD_NAME_STR:
926 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->md), returnString);
927 break;
928 case PSS_MGF_NAME_STR:
929 // only support mgf1
930 ret = GetRsaSpecStringMGF(returnString);
931 break;
932 case PSS_MGF1_MD_STR:
933 ret = GetRsaSpecStringMd((const HcfAlgParaValue)(impl->mgf1md), returnString);
934 break;
935 default:
936 LOGE("Invalid input sign spec item");
937 return HCF_INVALID_PARAMS;
938 }
939 return ret;
940 }
941
HcfSignSpiRsaCreate(HcfSignatureParams * params,HcfSignSpi ** returnObj)942 HcfResult HcfSignSpiRsaCreate(HcfSignatureParams *params, HcfSignSpi **returnObj)
943 {
944 if (params == NULL || returnObj == NULL) {
945 LOGE("Invalid input parameter.");
946 return HCF_INVALID_PARAMS;
947 }
948 if (CheckSignatureParams(params) != HCF_SUCCESS) {
949 return HCF_INVALID_PARAMS;
950 }
951 HcfSignSpiRsaOpensslImpl *returnImpl = (HcfSignSpiRsaOpensslImpl *)HcfMalloc(
952 sizeof(HcfSignSpiRsaOpensslImpl), 0);
953 if (returnImpl == NULL) {
954 LOGE("Failed to allocate returnImpl memroy!");
955 return HCF_ERR_MALLOC;
956 }
957 returnImpl->base.base.getClass = GetRsaSignClass;
958 returnImpl->base.base.destroy = DestroyRsaSign;
959 returnImpl->base.engineInit = EngineSignInit;
960 returnImpl->base.engineUpdate = EngineSignUpdate;
961 returnImpl->base.engineSign = EngineSign;
962 returnImpl->base.engineSetSignSpecInt = EngineSetSignSpecInt;
963 returnImpl->base.engineGetSignSpecInt = EngineGetSignSpecInt;
964 returnImpl->base.engineGetSignSpecString = EngineGetSignSpecString;
965 returnImpl->base.engineSetSignSpecUint8Array = EngineSetSignSpecUint8Array;
966 returnImpl->md = params->md;
967 returnImpl->padding = params->padding;
968 returnImpl->mgf1md = params->mgf1md;
969 returnImpl->mdctx = OpensslEvpMdCtxNew();
970 if (returnImpl->mdctx == NULL) {
971 LOGE("Failed to allocate md ctx!");
972 HcfFree(returnImpl);
973 return HCF_ERR_MALLOC;
974 }
975 returnImpl->initFlag = UNINITIALIZED;
976 returnImpl->saltLen = PSS_SALTLEN_INVALID_INIT;
977 returnImpl->operation = (params->operation == HCF_ALG_ONLY_SIGN) ? HCF_OPERATIOPN_ONLY_SIGN : HCF_OPERATION_SIGN;
978 *returnObj = (HcfSignSpi *)returnImpl;
979 return HCF_SUCCESS;
980 }
981
CheckVerifyRecoverParams(HcfSignatureParams * params)982 static HcfResult CheckVerifyRecoverParams(HcfSignatureParams *params)
983 {
984 int32_t opensslPadding = 0;
985 if (GetOpensslPadding(params->padding, &opensslPadding) != HCF_SUCCESS) {
986 LOGE("getpadding fail.");
987 return HCF_INVALID_PARAMS;
988 }
989 if (opensslPadding != RSA_PKCS1_PADDING && opensslPadding != RSA_NO_PADDING) {
990 LOGE("VerifyRecover cannot use that padding mode");
991 return HCF_INVALID_PARAMS;
992 }
993 return HCF_SUCCESS;
994 }
995
HcfVerifySpiRsaCreate(HcfSignatureParams * params,HcfVerifySpi ** returnObj)996 HcfResult HcfVerifySpiRsaCreate(HcfSignatureParams *params, HcfVerifySpi **returnObj)
997 {
998 if (params == NULL || returnObj == NULL) {
999 LOGE("Invalid input parameter.");
1000 return HCF_INVALID_PARAMS;
1001 }
1002 if (params->operation != HCF_ALG_VERIFY_RECOVER) {
1003 if (CheckSignatureParams(params) != HCF_SUCCESS) {
1004 return HCF_INVALID_PARAMS;
1005 }
1006 } else {
1007 if (CheckVerifyRecoverParams(params) != HCF_SUCCESS) {
1008 return HCF_INVALID_PARAMS;
1009 }
1010 }
1011
1012 HcfVerifySpiRsaOpensslImpl *returnImpl = (HcfVerifySpiRsaOpensslImpl *)HcfMalloc(
1013 sizeof(HcfVerifySpiRsaOpensslImpl), 0);
1014 if (returnImpl == NULL) {
1015 LOGE("Failed to allocate returnImpl memroy!");
1016 return HCF_ERR_MALLOC;
1017 }
1018 returnImpl->base.base.getClass = GetRsaVerifyClass;
1019 returnImpl->base.base.destroy = DestroyRsaVerify;
1020 returnImpl->base.engineInit = EngineVerifyInit;
1021 returnImpl->base.engineUpdate = EngineVerifyUpdate;
1022 returnImpl->base.engineVerify = EngineVerify;
1023 returnImpl->base.engineRecover = EngineRecover;
1024 returnImpl->base.engineSetVerifySpecInt = EngineSetVerifySpecInt;
1025 returnImpl->base.engineGetVerifySpecInt = EngineGetVerifySpecInt;
1026 returnImpl->base.engineGetVerifySpecString = EngineGetVerifySpecString;
1027 returnImpl->base.engineSetVerifySpecUint8Array = EngineSetVerifySpecUint8Array;
1028 returnImpl->md = params->md;
1029 returnImpl->padding = params->padding;
1030 if (params->operation != HCF_ALG_VERIFY_RECOVER) {
1031 returnImpl->mgf1md = params->mgf1md;
1032 returnImpl->mdctx = OpensslEvpMdCtxNew();
1033 if (returnImpl->mdctx == NULL) {
1034 LOGE("Failed to allocate md ctx!");
1035 HcfFree(returnImpl);
1036 return HCF_ERR_MALLOC;
1037 }
1038 returnImpl->saltLen = PSS_SALTLEN_INVALID_INIT;
1039 returnImpl->operation = RSA_DIGEST_VERIFY;
1040 } else {
1041 returnImpl->operation = RSA_VERIFY_RECOVER;
1042 }
1043 returnImpl->initFlag = UNINITIALIZED;
1044 *returnObj = (HcfVerifySpi *)returnImpl;
1045 return HCF_SUCCESS;
1046 }
1047