/* 7.3.43 */
int SAF_SymmDecryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cipher_ctx) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, SAF_R_DECRYPT_NOT_INITIALIZED);
return SAR_NotInitializeErr;
}
if (!EVP_DecryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
return ret;
}
/* 7.3.31 */
int SAF_GenerateKeyWithEPK(
void *hSymmKeyObj,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int *puiSymmKeyLen,
void **phKeyHandle)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
const EVP_CIPHER *cipher;
unsigned char keybuf[32];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pkctx = NULL;
size_t outlen;
if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey
|| !puiSymmKeyLen || !phKeyHandle) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
outlen = (size_t)*puiSymmKeyLen;
if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID))
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|| !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
|| !EVP_PKEY_encrypt_init(pkctx)
|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE);
goto end;
}
// init EVP_CIPHER_CTX
if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE);
goto end;
}
*puiSymmKeyLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pkctx);
return ret;
}
/* 7.3.42 */
int SAF_SymmDecryptUpdate(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cipher_ctx) {
const EVP_CIPHER *cipher;
//Get feedbitlen from keyhandle
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!EVP_DecryptInit_ex(hkey->cipher_ctx, cipher,
hkey->hSymmKeyObj->app->engine,
hkey->key, hkey->hSymmKeyObj->pucIV)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
}
if (!EVP_DecryptUpdate(hkey->cipher_ctx, pucOutData, &outlen,
pucInData, (int)uiInDataLen)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cipher_ctx) {
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
}
return ret;
}
/* 7.3.46 */
int SAF_MacFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
size_t outlen = *puiOutDataLen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_MACFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen < EVP_MAX_MD_SIZE) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!hkey->cmac_ctx) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_OPERATION_NOT_INITIALIZED);
return SAR_UnknownErr;
}
if (!CMAC_Final(hkey->cmac_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
return ret;
}
/* 7.3.45 */
int SAF_MacUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
if (!hKeyHandle || !pucInData) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cmac_ctx) {
const EVP_CIPHER *cipher;
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID))) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cmac_ctx = CMAC_CTX_new())) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, cipher,
hkey->hSymmKeyObj->app->engine)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
goto end;
}
}
if (!CMAC_Update(hkey->cmac_ctx, pucInData, uiInDataLen)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
return SAR_UnknownErr;
}
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cmac_ctx) {
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
}
return ret;
}
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *hSymmKeyObj)
{
SAF_KEY *ret = NULL;
SAF_KEY *key = NULL;
if (!(key = OPENSSL_zalloc(sizeof(*key)))
|| !(key->hSymmKeyObj = SAF_SYMMKEYOBJ_dup(hSymmKeyObj))) {
SAFerr(SAF_F_SAF_KEY_NEW, ERR_R_MALLOC_FAILURE);
goto end;
}
ret = key;
key = NULL;
end:
SAF_KEY_free(key);
return ret;
}
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a)
{
SAF_SYMMKEYOBJ *ret = NULL;
SAF_SYMMKEYOBJ *obj = NULL;
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))
|| !(obj->pucContainerName = OPENSSL_memdup(a->pucContainerName, a->uiContainerLen))
|| !(obj->pucIV = OPENSSL_memdup(a->pucIV, a->uiIVLen))) {
SAFerr(SAF_F_SAF_SYMMKEYOBJ_DUP, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->uiContainerLen = a->uiContainerLen;
obj->uiIVLen = a->uiIVLen;
obj->uiEncOrDec = a->uiEncOrDec;
obj->uiCryptoAlgID = a->uiCryptoAlgID;
ret = obj;
obj = NULL;
end:
SAF_SYMMKEYOBJ_free(obj);
return ret;
}
