diff options
Diffstat (limited to 'security_hal/src/security_hal.cpp')
| -rw-r--r-- | security_hal/src/security_hal.cpp | 615 |
1 files changed, 615 insertions, 0 deletions
diff --git a/security_hal/src/security_hal.cpp b/security_hal/src/security_hal.cpp new file mode 100644 index 00000000..ee9f7ea0 --- /dev/null +++ b/security_hal/src/security_hal.cpp @@ -0,0 +1,615 @@ +/* + * @copyright Copyright (c) 2018-2020 TOYOTA MOTOR CORPORATION. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "security_hal.h" + +#include <errno.h> +#include <stdlib.h> +#include <string.h> + +#include "security_hal_securityhallog.h" + +#define MD5_DIGEST_LENGTH 16 // md5 digest length +#define SHA1_DIGEST_LENGTH 20 // sha1 digest length +#define SHA224_DIGEST_LENGTH 28 // sha224 digest length +#define SHA256_DIGEST_LENGTH 32 // sha256 digest length +#define SHA384_DIGEST_LENGTH 48 // sha384 digest length +#define SHA512_DIGEST_LENGTH 64 // sha512 digest length +#define BITS_PER_BYTE 8 // the number of bits per byte +#define KEY_SOURCE_SIZE_128 16 // the size of key source is 128 bits +#define KEY_SOURCE_SIZE_192 24 // the size of key source is 192 bits +#define KEY_SOURCE_SIZE_256 32 // the size of key source is 256 bits + +/** + * the max length of input buffer for RSA asymmetric encrypt or + * the minimum length of output buffer for RSA asymmetric decrypt + */ +#define RSA_PRIVATE_MAX_SIZE_BYTE \ + (RSA_PRIVATE_EXPONENT_MAX_SIZE/BITS_PER_BYTE - RSA_PADDING_MINIMUM_SIZE) + +/** + * cipher context information + */ +struct CipherContext { + enum CipherType cipher_type; + union CipherParameter cipher_parameter; + union KeyParam key_param; +}; + +/** + * hash context information + */ +struct HashContext { + enum HashType hash_type; +}; + +/** + * random number context information + */ +struct RandomContext { + uint8_t* seed_buffer; + uint32_t buffer_len; +}; + +bool CheckParameterVaildity(enum CipherType cipher_type, + union CipherParameter* param, union KeyParam* key) { + if (SYMMETRIC_CIPHER_AES == cipher_type) { + // check cipher mode for symmetric encrypt/decrypt + if (SYMMETRIC_CIPHER_MODE_BLOCK_ECB != param->symmetric.mode && + SYMMETRIC_CIPHER_MODE_BLOCK_CBC != param->symmetric.mode && + SYMMETRIC_CIPHER_MODE_BLOCK_CFB != param->symmetric.mode && + SYMMETRIC_CIPHER_MODE_BLOCK_OFB != param->symmetric.mode) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "don't support the cipher mode for AES symmetric encrypt/decrypt"); + return false; + } + // check cipher block size for AES symmetric encrypt/decrypt + if (SYMMETRIC_CIPHER_BLOCK_SIZE_16 != param->symmetric.block_size) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "don't support the block size for AES symmetric encrypt/decrypt"); + return false; + } + // check cipher key type for AES symmetric encrypt/decrypt + if (SYMMETRIC_CIPHER_KEY_TYPE_MANAGED != key->symmetric.key_type && + SYMMETRIC_CIPHER_KEY_TYPE_USER != key->symmetric.key_type) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "don't support the cipher key type for AES symmetric encrypt/decrypt"); + return false; + } + if (SYMMETRIC_CIPHER_KEY_TYPE_MANAGED == key->symmetric.key_type) { + // check cipher rounds for AES symmetric encrypt/decrypt + if (SYMMETRIC_CIPHER_ROUND_10 != param->symmetric.round && + SYMMETRIC_CIPHER_ROUND_12 != param->symmetric.round && + SYMMETRIC_CIPHER_ROUND_14 != param->symmetric.round) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "don't support the cipher round for AES symmetric encrypt/decrypt"); + return false; + } + } else { + // check parameter of key provided by user for AES symmetric encrypt/decrypt + if (NULL == key->symmetric.key_param.user_key.key) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "user_key.key is NULL"); + return false; + } + if (KEY_SOURCE_SIZE_128 == key->symmetric.key_param.user_key.key_len) { + if (SYMMETRIC_CIPHER_ROUND_10 != param->symmetric.round) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "cipher round should be 10 if key len is 128 bits"); + return false; + } + } else if (KEY_SOURCE_SIZE_192 == key->symmetric.key_param.user_key.key_len) { + if (SYMMETRIC_CIPHER_ROUND_12 != param->symmetric.round) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "cipher round should be 12 if key len is 192 bits"); + return false; + } + } else if (KEY_SOURCE_SIZE_256 == key->symmetric.key_param.user_key.key_len) { + if (SYMMETRIC_CIPHER_ROUND_14 != param->symmetric.round) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "cipher round should be 14 if key len is 256 bits"); + return false; + } + } else { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "key len should be 128, 192 or 256 bits for AES symmetric encrypt/decrypt"); + return false; + } + if (SYMMETRIC_CIPHER_MODE_BLOCK_ECB != param->symmetric.mode) { + if (NULL == key->symmetric.key_param.user_key.iv) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "user_key.iv is NULL"); + return false; + } + if (key->symmetric.key_param.user_key.iv_len != param->symmetric.block_size) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "user_key.iv_len is not equal to block size for AES symmetric encrypt/decrypt"); + return false; + } + } + } + } else if (ASYMMETRIC_CIPHER_RSA == cipher_type) { + // check the padding mode for RSA asymmetric encrypt/decrypt + if (ASYMMETRIC_PADDING_MODE_RSA_PKCS1 != param->asymmetric.mode && + ASYMMETRIC_PADDING_MODE_RSA_SSLV23 != param->asymmetric.mode && + ASYMMETRIC_PADDING_MODE_RSA_NOPADDING != param->asymmetric.mode && + ASYMMETRIC_PADDING_MODE_RSA_OAEP != param->asymmetric.mode && + ASYMMETRIC_PADDING_MODE_RSA_PSS != param->asymmetric.mode) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "don't support the cipher mode for asymmetric encrypt/decrypt"); + return false; + } + // check cipher key type for RSA asymmetric encrypt/decrypt + if (ASYMMETRIC_CIPHER_KEY_TYPE_MANAGED != key->asymmetric.key_type && + ASYMMETRIC_CIPHER_KEY_TYPE_USER_PUBLIC != key->asymmetric.key_type && + ASYMMETRIC_CIPHER_KEY_TYPE_USER_PRIVATE != key->asymmetric.key_type) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "don't support the cipher key type for asymmetric encrypt/decrypt"); + return false; + } + if (ASYMMETRIC_CIPHER_KEY_TYPE_USER_PUBLIC == key->asymmetric.key_type) { + // check parameter of public key provided by user for RSA asymmetric encrypt/decrypt + if (NULL == key->asymmetric.key_param.user_key.public_key) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "public_key is NULL"); + return false; + } + if (RSA_PUBLIC_EXPONENT_MAX_SIZE < + key->asymmetric.key_param.user_key.public_key->rsa.e_length || + RSA_MODULUS_MAX_SIZE < + key->asymmetric.key_param.user_key.public_key->rsa.n_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "e_length or n_length is too large, e_length:%d, n_length:%d", + key->asymmetric.key_param.user_key.public_key->rsa.e_length, + key->asymmetric.key_param.user_key.public_key->rsa.n_length); + return false; + } + } else if (ASYMMETRIC_CIPHER_KEY_TYPE_USER_PRIVATE == key->asymmetric.key_type) { + // check parameter of key provided by user for RSA asymmetric encrypt/decrypt + if (NULL == key->asymmetric.key_param.user_key.private_key) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "private_key is NULL"); + return false; + } + if (RSA_PRIVATE_EXPONENT_MAX_SIZE < + key->asymmetric.key_param.user_key.private_key->rsa.d_length || + RSA_MODULUS_MAX_SIZE < + key->asymmetric.key_param.user_key.private_key->rsa.n_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "d_length or n_length is too large, d_length:%d, n_length:%d", + key->asymmetric.key_param.user_key.private_key->rsa.d_length, + key->asymmetric.key_param.user_key.private_key->rsa.n_length); + return false; + } + } + } else { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "the cipher_type isn't support"); + return false; + } + return true; +} + +// Initialize the encrypt context information +EFrameworkunifiedStatus EncryptStart(enum CipherType cipher_type, union CipherParameter* param, + union KeyParam* key, void** ctx) { + if (SYMMETRIC_CIPHER_AES != cipher_type && ASYMMETRIC_CIPHER_RSA != cipher_type) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "the cipher_type isn't support"); + return eFrameworkunifiedStatusInvldParam; + } + if (NULL == param || NULL == key || NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "param, key or ctx is NULL, param:%p key:%p ctx:%p", param, key, ctx); + return eFrameworkunifiedStatusInvldParam; + } + bool ret = CheckParameterVaildity(cipher_type, param, key); + if (true != ret) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "parameter error"); + return eFrameworkunifiedStatusInvldParam; + } + + void* ctx_temp = malloc(sizeof(CipherContext)); + if (NULL == ctx_temp) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "Failed to malloc %lu byte for ctx, errno=%d", + sizeof(CipherContext), errno); + return eFrameworkunifiedStatusFail; + } + memset(ctx_temp, 0, sizeof(CipherContext)); + CipherContext* pcipher_context = reinterpret_cast<CipherContext*>(ctx_temp); + pcipher_context->cipher_type = cipher_type; + pcipher_context->cipher_parameter = *param; + pcipher_context->key_param = *key; + *ctx = ctx_temp; + return eFrameworkunifiedStatusOK; +} + +// Encrypt plaintext information +EFrameworkunifiedStatus EncryptUpdate(void* ctx, const uint8_t* in, uint32_t in_len, + uint8_t* out, uint32_t out_len, uint32_t* true_length) { + if (NULL == ctx || NULL == in || NULL == out || NULL == true_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "ctx, in, out or true_length is NULL, ctx:%p in:%p out:%p true_length:%p", + ctx, in, out, true_length); + return eFrameworkunifiedStatusInvldParam; + } + if (0 == in_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "in_len is equal to 0"); + return eFrameworkunifiedStatusInvldParam; + } + + CipherContext* pcipher_context = reinterpret_cast<CipherContext*>(ctx); + if (SYMMETRIC_CIPHER_AES == pcipher_context->cipher_type) { // symmetric encrypt + uint32_t block_size = pcipher_context->cipher_parameter.symmetric.block_size; + if (out_len < in_len + block_size) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "out_len is less than in_len plus block_size"); + return eFrameworkunifiedStatusInvldParam; + } + memcpy(out, in, in_len); + *true_length = in_len; + } else if (ASYMMETRIC_CIPHER_RSA == pcipher_context->cipher_type) { // asymmetric encrypt + if (RSA_PRIVATE_MAX_SIZE_BYTE < in_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "in_len is greater than RSA_PRIVATE_MAX_SIZE_BYTE"); + return eFrameworkunifiedStatusInvldParam; + } + if (RSA_PRIVATE_EXPONENT_MAX_SIZE/BITS_PER_BYTE > out_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "out_len is less than RSA_PRIVATE_EXPONENT_MAX_SIZE/BITS_PER_BYTE"); + return eFrameworkunifiedStatusInvldParam; + } + // out_len is greater than in_len + memcpy(out, in, in_len); + *true_length = in_len; + } else { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "the cipher_type isn't support, cipher_type:%d", pcipher_context->cipher_type); + return eFrameworkunifiedStatusInvldParam; + } + + return eFrameworkunifiedStatusOK; +} + +// Encrypt the final plaintext information +EFrameworkunifiedStatus EncryptFinish(void* ctx, uint8_t* out, uint32_t out_len, uint32_t* true_length) { + if (NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "ctx is NULL"); + return eFrameworkunifiedStatusInvldParam; + } + CipherContext* pcipher_context = reinterpret_cast<CipherContext*>(ctx); + if (SYMMETRIC_CIPHER_AES == pcipher_context->cipher_type) { // symmetric encrypt + if (NULL == out || NULL == true_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "out or true_length is NULL, out:%p true_length:%p", out, true_length); + return eFrameworkunifiedStatusInvldParam; + } + uint32_t block_size = pcipher_context->cipher_parameter.symmetric.block_size; + if (out_len < block_size) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "out_len is less than block_size"); + return eFrameworkunifiedStatusInvldParam; + } + if (true == pcipher_context->cipher_parameter.symmetric.to_pad) { + // Padding on, the true_length is equal to block_size. + *true_length = block_size; + } else { + // Padding off, true_length is equal to 0. + *true_length = 0; + } + } else if (ASYMMETRIC_CIPHER_RSA == pcipher_context->cipher_type) { + // EncryptFinish is useless for RSA asymmetric encrypt. So do nothing. + } else { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "the cipher_type isn't support, cipher_type:%d", pcipher_context->cipher_type); + return eFrameworkunifiedStatusInvldParam; + } + return eFrameworkunifiedStatusOK; +} + +// Clean up encrypt context information +EFrameworkunifiedStatus EncryptCleanup(void* ctx) { + if (NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "ctx is NULL"); + return eFrameworkunifiedStatusInvldParam; + } + memset(ctx, 0, sizeof(CipherContext)); + free(ctx); + return eFrameworkunifiedStatusOK; +} + +// Initialize the decrypt context information +EFrameworkunifiedStatus DecryptStart(enum CipherType cipher_type, union CipherParameter* param, + union KeyParam *key, void** ctx) { + if (SYMMETRIC_CIPHER_AES != cipher_type && ASYMMETRIC_CIPHER_RSA != cipher_type) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "the cipher_type isn't support"); + return eFrameworkunifiedStatusInvldParam; + } + if (NULL == param || NULL == key || NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "param, key or ctx is NULL, param:%p key:%p ctx:%p", param, key, ctx); + return eFrameworkunifiedStatusInvldParam; + } + bool ret = CheckParameterVaildity(cipher_type, param, key); + if (true != ret) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "parameter error"); + return eFrameworkunifiedStatusInvldParam; + } + + void* ctx_temp = malloc(sizeof(CipherContext)); + if (NULL == ctx_temp) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "Failed to malloc %lu byte for ctx, errno=%d", + sizeof(CipherContext), errno); + return eFrameworkunifiedStatusFail; + } + memset(ctx_temp, 0, sizeof(CipherContext)); + CipherContext* pcipher_context = reinterpret_cast<CipherContext*>(ctx_temp); + pcipher_context->cipher_type = cipher_type; + pcipher_context->cipher_parameter = *param; + pcipher_context->key_param = *key; + *ctx = ctx_temp; + return eFrameworkunifiedStatusOK; +} + +// Decrypt ciphertext information +EFrameworkunifiedStatus DecryptUpdate(void* ctx, const uint8_t* in, uint32_t in_len, + uint8_t* out, uint32_t out_len, uint32_t* true_length) { + if (NULL == ctx || NULL == in || NULL == out || NULL == true_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "ctx, in, out or true_length is NULL, ctx:%p in:%p out:%p true_length:%p", + ctx, in, out, true_length); + return eFrameworkunifiedStatusInvldParam; + } + + CipherContext* pcipher_context = reinterpret_cast<CipherContext*>(ctx); + if (SYMMETRIC_CIPHER_AES == pcipher_context->cipher_type) { // symmetric decrypt + if (0 == in_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "in_len is equal to 0"); + return eFrameworkunifiedStatusInvldParam; + } + uint32_t block_size = pcipher_context->cipher_parameter.symmetric.block_size; + if (out_len < in_len + block_size) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "out_len is less than in_len plus block_size"); + return eFrameworkunifiedStatusInvldParam; + } + memcpy(out, in, in_len); + *true_length = in_len; + } else if (ASYMMETRIC_CIPHER_RSA == pcipher_context->cipher_type) { // asymmetric decrypt + if (RSA_PRIVATE_EXPONENT_MAX_SIZE/BITS_PER_BYTE != in_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "in_len isn't equal to RSA_PRIVATE_EXPONENT_MAX_SIZE/BITS_PER_BYTE"); + return eFrameworkunifiedStatusInvldParam; + } + if (SHA256_DIGEST_LENGTH > out_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "out_len is less than SHA256_DIGEST_LENGTH"); + return eFrameworkunifiedStatusInvldParam; + } + memcpy(out, in, SHA256_DIGEST_LENGTH); + *true_length = SHA256_DIGEST_LENGTH; + } else { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "the cipher_type isn't support, cipher_type:%d", pcipher_context->cipher_type); + return eFrameworkunifiedStatusInvldParam; + } + + return eFrameworkunifiedStatusOK; +} + +// Decrypt the final ciphertext information +EFrameworkunifiedStatus DecryptFinish(void* ctx, uint8_t* out, uint32_t out_len, uint32_t* true_length) { + if (NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "ctx is NULL"); + return eFrameworkunifiedStatusInvldParam; + } + CipherContext* pcipher_context = reinterpret_cast<CipherContext*>(ctx); + if (SYMMETRIC_CIPHER_AES == pcipher_context->cipher_type) { // symmetric encrypt + if (NULL == out || NULL == true_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "out or true_length is NULL, out:%p true_length:%p", out, true_length); + return eFrameworkunifiedStatusInvldParam; + } + uint32_t block_size = pcipher_context->cipher_parameter.symmetric.block_size; + if (out_len < block_size) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "out_len is less than block_size"); + return eFrameworkunifiedStatusInvldParam; + } + if (true == pcipher_context->cipher_parameter.symmetric.to_pad) { + // Padding on, the true_length is equal to block_size - padding_length. Because security_hal + // is stub implement, padding_length is unknown. Set true_length to 0. + *true_length = 0; + } else { + // Padding off, true_length is equal to 0. + *true_length = 0; + } + } else if (ASYMMETRIC_CIPHER_RSA == pcipher_context->cipher_type) { + // EncryptFinish is useless for RSA asymmetric decrypt. So do nothing. + } else { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "the cipher_type isn't support, cipher_type:%d", pcipher_context->cipher_type); + return eFrameworkunifiedStatusInvldParam; + } + return eFrameworkunifiedStatusOK; +} + +// Clean up decrypt context information +EFrameworkunifiedStatus DecryptCleanup(void* ctx) { + if (NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "ctx is NULL"); + return eFrameworkunifiedStatusInvldParam; + } + memset(ctx, 0, sizeof(CipherContext)); + free(ctx); + return eFrameworkunifiedStatusOK; +} + +// Initialize hash context information +EFrameworkunifiedStatus HashStart(enum HashType hash_type, void** ctx) { + if (HASH_TYPE_MD5 > hash_type || HASH_TYPE_SHA512 < hash_type) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "the hash_type isn't support"); + return eFrameworkunifiedStatusInvldParam; + } + if (NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "ctx is NULL"); + return eFrameworkunifiedStatusInvldParam; + } + void* ctx_temp = malloc(sizeof(HashContext)); + if (NULL == ctx_temp) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "Failed to malloc %lu byte for ctx, errno=%d", + sizeof(HashContext), errno); + return eFrameworkunifiedStatusFail; + } + memset(ctx_temp, 0, sizeof(HashContext)); + HashContext* phash_context = reinterpret_cast<HashContext*>(ctx_temp); + phash_context->hash_type = hash_type; + *ctx = ctx_temp; + return eFrameworkunifiedStatusOK; +} + +// Caculate hash value of input data +EFrameworkunifiedStatus HashUpdate(void* ctx, const uint8_t* in, uint32_t in_len) { + if (NULL == ctx || NULL == in) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "ctx or in is NULL, ctx:%p in:%p", ctx, in); + return eFrameworkunifiedStatusInvldParam; + } + if (0 == in_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "in_len is equal to 0"); + return eFrameworkunifiedStatusInvldParam; + } + return eFrameworkunifiedStatusOK; +} + +// Caculate final message digest +EFrameworkunifiedStatus HashFinish(void* ctx, uint8_t* out, uint32_t out_len, uint32_t* true_length) { + if (NULL == ctx || NULL == out || NULL == true_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "ctx, out or true_length is NULL, ctx:%p out:%p true_length:%p", + ctx, out, true_length); + return eFrameworkunifiedStatusInvldParam; + } + HashContext* phash_context = reinterpret_cast<HashContext*>(ctx); + uint32_t digest_length = 0; + switch (phash_context->hash_type) { + case HASH_TYPE_MD5: + digest_length = HASH_TYPE_MD5; + break; + case HASH_TYPE_SHA1: + digest_length = SHA1_DIGEST_LENGTH; + break; + case HASH_TYPE_SHA224: + digest_length = SHA224_DIGEST_LENGTH; + break; + case HASH_TYPE_SHA256: + digest_length = SHA256_DIGEST_LENGTH; + break; + case HASH_TYPE_SHA384: + digest_length = SHA384_DIGEST_LENGTH; + break; + case HASH_TYPE_SHA512: + digest_length = SHA512_DIGEST_LENGTH; + break; + default: + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "the hash_type isn't support, hash_type:%d", phash_context->hash_type); + return eFrameworkunifiedStatusInvldParam; + } + if (out_len < digest_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "out_len is less than %u", digest_length); + return eFrameworkunifiedStatusInvldParam; + } + memset(out, 0x00, digest_length); + *true_length = digest_length; + return eFrameworkunifiedStatusOK; +} + +// Clean up hash context information +EFrameworkunifiedStatus HashCleanup(void* ctx) { + if (NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "ctx is NULL"); + return eFrameworkunifiedStatusInvldParam; + } + memset(ctx, 0, sizeof(HashContext)); + free(ctx); + return eFrameworkunifiedStatusOK; +} + +// Initialize random number context information +EFrameworkunifiedStatus RandomInit(void** ctx, uint8_t* seed_buffer, uint32_t buffer_len) { + if (NULL == ctx || NULL == seed_buffer) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "ctx or seed_buffer is NULL, ctx:%p seed_buffer:%p", ctx, seed_buffer); + return eFrameworkunifiedStatusInvldParam; + } + if (0 == buffer_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "buffer_len is equal to 0"); + return eFrameworkunifiedStatusInvldParam; + } + void* ctx_temp = malloc(sizeof(RandomContext)); + if (NULL == ctx_temp) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "Failed to malloc %lu byte for ctx, errno=%d", + sizeof(RandomContext), errno); + return eFrameworkunifiedStatusFail; + } + memset(ctx_temp, 0, sizeof(RandomContext)); + RandomContext* prandom_context = reinterpret_cast<RandomContext*>(ctx_temp); + prandom_context->seed_buffer = reinterpret_cast<uint8_t*>(malloc(buffer_len)); + if (NULL == prandom_context->seed_buffer) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "Failed to malloc %d byte for seed_buffer, errno=%d", + buffer_len, errno); + free(ctx_temp); + ctx_temp = NULL; + return eFrameworkunifiedStatusFail; + } + memcpy(prandom_context->seed_buffer, seed_buffer, buffer_len); + prandom_context->buffer_len = buffer_len; + *ctx = ctx_temp; + return eFrameworkunifiedStatusOK; +} + +// Get random number +EFrameworkunifiedStatus RandomGet(void* ctx, uint8_t* out, uint32_t out_len, uint32_t* true_length) { + if (NULL == ctx || NULL == out || NULL == true_length) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, + "ctx, out or true_length is NULL, ctx:%p out:%p true_length:%p", + ctx, out, true_length); + return eFrameworkunifiedStatusInvldParam; + } + if (0 == out_len) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "out_len is equal to 0"); + return eFrameworkunifiedStatusInvldParam; + } + // Because security_hal is stub implement, don't assignment value to out or true_length. + return eFrameworkunifiedStatusOK; +} + +// Clean up random number context information +EFrameworkunifiedStatus RandomCleanup(void* ctx) { + if (NULL == ctx) { + FRAMEWORKUNIFIEDLOG(ZONE_ERR, __FUNCTION__, "ctx is NULL"); + return eFrameworkunifiedStatusInvldParam; + } + RandomContext* prandom_context; + prandom_context = reinterpret_cast<RandomContext*>(ctx); + if (NULL != prandom_context->seed_buffer) { + memset(prandom_context->seed_buffer, 0, prandom_context->buffer_len); + free(prandom_context->seed_buffer); + prandom_context->seed_buffer = NULL; + } + memset(prandom_context, 0, sizeof(RandomContext)); + free(prandom_context); + prandom_context = NULL; + return eFrameworkunifiedStatusOK; +} + +// Reset Security IC +EFrameworkunifiedStatus ResetSecurityIC(void) { + /* + * Note. + * This feature needs to be implemented by the vendor. + */ + return eFrameworkunifiedStatusOK; +} |