diff --git a/frameworks/crypto_operation/sm2_crypto_util.c b/frameworks/crypto_operation/sm2_crypto_util.c index a28cece0b31016348193ac5e23cd3dab407a63f1..88ef81ce479b1d11b58027bd52a353bb5c512093 100644 --- a/frameworks/crypto_operation/sm2_crypto_util.c +++ b/frameworks/crypto_operation/sm2_crypto_util.c @@ -105,6 +105,10 @@ HcfResult HcfGenCipherTextBySpec(Sm2CipherTextSpec *spec, const char *mode, HcfB return HCF_INVALID_PARAMS; } HcfSm2SpecToASN1CreateFunc createFunc = FindAbility(mode); + if (createFunc == NULL) { + LOGE("Failed to find create function"); + return HCF_INVALID_PARAMS; + } HcfResult res = createFunc(spec, output); if (res != HCF_SUCCESS) { LOGE("Failed to convert construct to asn1!"); diff --git a/frameworks/js/ani/inc/ani_common.h b/frameworks/js/ani/inc/ani_common.h index 87abbc699bb5acd1bb889a4706d4a557a4b8b8be..0952c8cfcc84f91d65ba79338870c06d8a7be1fa 100644 --- a/frameworks/js/ani/inc/ani_common.h +++ b/frameworks/js/ani/inc/ani_common.h @@ -52,7 +52,7 @@ constexpr int SPEC_ITEM_TYPE_UINT8ARR = 4; #define ANI_LOGE_THROW(code, msg) \ do { \ int rc = ConvertResultCode(code); \ - LOGE("%{public}s, code: %{public}d", msg, rc); \ + LOGE("%{public}s code: %{public}d", msg, rc); \ set_business_error(rc, msg); \ } while (0) diff --git a/frameworks/js/ani/src/ani_common.cpp b/frameworks/js/ani/src/ani_common.cpp index 6ca979e8af53721023b703f81f4d4618156af923..80409d7ebc50a10f3b053f4b493f5dd37b814638 100644 --- a/frameworks/js/ani/src/ani_common.cpp +++ b/frameworks/js/ani/src/ani_common.cpp @@ -134,7 +134,7 @@ bool ArrayU8ToBigInteger(const T &arr, HcfBigInteger &bigint) void BigIntegerToArrayU8(const HcfBigInteger &bigint, array &arr) { - arr = array(bigint.len + 1); + arr = array(bigint.len + 1, 0); std::copy(bigint.data, bigint.data + bigint.len, arr.data()); // 0x00 is the sign bit of big integer, it's always a positive number in this implementation arr[bigint.len] = 0x00; diff --git a/frameworks/js/ani/src/ani_signature_utils.cpp b/frameworks/js/ani/src/ani_signature_utils.cpp index 0e99e161f8cdaefbfbb6f98e30340d71e65cdac8..6b5b883f48110b774c0d71bff54784e3862c400b 100644 --- a/frameworks/js/ani/src/ani_signature_utils.cpp +++ b/frameworks/js/ani/src/ani_signature_utils.cpp @@ -14,18 +14,48 @@ */ #include "ani_signature_utils.h" +#include "sm2_ec_signature_data.h" +#include "sm2_crypto_params.h" namespace ANI::CryptoFramework { EccSignatureSpec GenEccSignatureSpec(array_view data) { - // api 20 - TH_THROW(std::runtime_error, "GenEccSignatureSpec not implemented"); + HcfBlob inBlob = {}; + ArrayU8ToDataBlob(data, inBlob); + Sm2EcSignatureDataSpec *hcfSpec = nullptr; + HcfResult res = HcfGenEcSignatureSpecByData(&inBlob, &hcfSpec); + if (res != HCF_SUCCESS) { + ANI_LOGE_THROW(res, "gen ec signature spec fail."); + return {}; + } + EccSignatureSpec spec = {}; + BigIntegerToArrayU8(hcfSpec->rCoordinate, spec.r); + BigIntegerToArrayU8(hcfSpec->sCoordinate, spec.s); + DestroySm2EcSignatureSpec(hcfSpec); + return spec; } array GenEccSignature(EccSignatureSpec const& spec) { - // api 20 - TH_THROW(std::runtime_error, "GenEccSignature not implemented"); + Sm2EcSignatureDataSpec hcfSpec = {}; + bool bigintValid = true; + bigintValid &= ArrayU8ToBigInteger(spec.r, hcfSpec.rCoordinate); + bigintValid &= ArrayU8ToBigInteger(spec.s, hcfSpec.sCoordinate); + if (!bigintValid) { + ANI_LOGE_THROW(HCF_INVALID_PARAMS, "params is invalid."); + return {}; + } + + HcfBlob outBlob = {}; + HcfResult res = HcfGenEcSignatureDataBySpec(&hcfSpec, &outBlob); + if (res != HCF_SUCCESS) { + ANI_LOGE_THROW(res, "gen ec signature data fail."); + return {}; + } + array data = {}; + DataBlobToArrayU8(outBlob, data); + HcfBlobDataClearAndFree(&outBlob); + return data; } } // namespace ANI::CryptoFramework diff --git a/frameworks/js/jsi/src/jsi_list.cpp b/frameworks/js/jsi/src/jsi_list.cpp index d5dc4ade38188190cc46ec4736bcd9b6bf1c2f9d..3f74a126f55786ac5b46748e31faf598f3fd2e32 100644 --- a/frameworks/js/jsi/src/jsi_list.cpp +++ b/frameworks/js/jsi/src/jsi_list.cpp @@ -16,8 +16,8 @@ #include "jsi_list.h" #include "memory.h" -static LOS_DL_LIST g_mdObjListHeader = { 0 }; -static LOS_DL_LIST g_randObjListHeader = { 0 }; +static LOS_DL_LIST g_mdObjListHeader = { .pstPrev = nullptr, .pstNext = nullptr }; +static LOS_DL_LIST g_randObjListHeader = { .pstPrev = nullptr, .pstNext = nullptr }; namespace OHOS { namespace ACELite { diff --git a/frameworks/js/jsi/src/jsi_md.cpp b/frameworks/js/jsi/src/jsi_md.cpp index 9c50ede16f40611a48216034dc113d172e2edb8f..ae5a91ac12077e0a3b236771b0411bcf12f0be51 100644 --- a/frameworks/js/jsi/src/jsi_md.cpp +++ b/frameworks/js/jsi/src/jsi_md.cpp @@ -26,6 +26,7 @@ namespace ACELite { JSIValue CryptoFrameworkLiteModule::CreateMd(const JSIValue thisVal, const JSIValue *args, uint8_t argsNum) { + (void)thisVal; if ((args == nullptr) || (argsNum != ARRAY_INDEX_ONE)) { LOGE("CreateMd args is err!"); return ThrowErrorCodeResult(HCF_INVALID_PARAMS); @@ -160,6 +161,8 @@ JSIValue CryptoFrameworkLiteModule::Digest(const JSIValue thisVal, const JSIValu JSIValue CryptoFrameworkLiteModule::DigestSync(const JSIValue thisVal, const JSIValue *args, uint8_t argsNum) { + (void)args; + (void)argsNum; HcfMd *mdObj = reinterpret_cast((uint32_t)JSI::GetNumberProperty(thisVal, "mdObj")); if (mdObj == nullptr) { LOGE("DigestSync mdObj is null!!"); @@ -182,6 +185,8 @@ JSIValue CryptoFrameworkLiteModule::DigestSync(const JSIValue thisVal, const JSI JSIValue CryptoFrameworkLiteModule::GetMdLength(const JSIValue thisVal, const JSIValue *args, uint8_t argsNum) { + (void)args; + (void)argsNum; HcfMd *mdObj = reinterpret_cast((uint32_t)JSI::GetNumberProperty(thisVal, "mdObj")); if (mdObj == nullptr) { LOGE("GetMdLength mdObj is null!"); diff --git a/frameworks/js/jsi/src/jsi_rand.cpp b/frameworks/js/jsi/src/jsi_rand.cpp index 9cb57bb5ce0e7b36baa54a835e6d4943271974ec..0997234414e796d7420bb66e807b900b953cf920 100644 --- a/frameworks/js/jsi/src/jsi_rand.cpp +++ b/frameworks/js/jsi/src/jsi_rand.cpp @@ -28,6 +28,9 @@ namespace ACELite { JSIValue CryptoFrameworkLiteModule::CreateRandom(const JSIValue thisVal, const JSIValue *args, uint8_t argsNum) { + (void)argsNum; + (void)thisVal; + (void)args; HcfRand *randObj = nullptr; HcfResult res = HcfRandCreate(&randObj); if (res != HCF_SUCCESS) { diff --git a/frameworks/js/napi/crypto/inc/napi_utils.h b/frameworks/js/napi/crypto/inc/napi_utils.h index 53cec12a8bd295d45e1f89e615702c79e55717b4..79ff66b73ab39c5314c2af5f962ac4b7ba2893b9 100644 --- a/frameworks/js/napi/crypto/inc/napi_utils.h +++ b/frameworks/js/napi/crypto/inc/napi_utils.h @@ -89,6 +89,8 @@ HcfResult GetNapiUint8ArrayDataNoCopy(napi_env env, napi_value arg, HcfBlob *blo HcfResult CreateNapiUint8ArrayNoCopy(napi_env env, HcfBlob *blob, napi_value *napiValue); +HcfBlob *GetBlobFromStringJSParams(napi_env env, napi_value arg); + } // namespace CryptoFramework } // namespace OHOS #endif diff --git a/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp b/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp index bec90491656502f2fac29eb0190e5b9674ac87d8..425e15144c1ea0a93326a8dc13f34ab0aa4a71a3 100644 --- a/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp +++ b/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp @@ -75,8 +75,8 @@ struct ConvertPemKeyCtx { HcfAsyKeyGenerator *generator = nullptr; HcfParamsSpec *params = nullptr; - std::string pubKey = ""; - std::string priKey = ""; + HcfBlob *pubKey = nullptr; + HcfBlob *priKey = nullptr; HcfResult errCode = HCF_SUCCESS; const char *errMsg = nullptr; @@ -172,11 +172,27 @@ static void FreeConvertPemKeyCtx(napi_env env, ConvertPemKeyCtx *ctx) FreeDecodeParamsSpec(ctx->params); ctx->errMsg = nullptr; - ctx->pubKey = ""; - ctx->priKey = ""; + if (ctx->pubKey != nullptr) { + HcfBlobDataFree(ctx->pubKey); + HcfFree(ctx->pubKey); + ctx->pubKey = nullptr; + } + if (ctx->priKey != nullptr) { + HcfBlobDataClearAndFree(ctx->priKey); + HcfFree(ctx->priKey); + ctx->priKey = nullptr; + } HcfFree(ctx); } +static void HcfFreePubKeyAndPriKey(HcfBlob *pubKey, HcfBlob *priKey) +{ + HcfBlobDataFree(pubKey); + HCF_FREE_PTR(pubKey); + HcfBlobDataClearAndFree(priKey); + HCF_FREE_PTR(priKey); +} + static bool BuildGenKeyPairCtx(napi_env env, napi_callback_info info, GenKeyPairCtx *ctx) { napi_value thisVar = nullptr; @@ -248,9 +264,8 @@ static bool GetPkAndSkBlobFromNapiValueIfInput(napi_env env, napi_value pkValue, } static bool GetPkAndSkStringFromNapiValueIfInput(napi_env env, napi_value pkValue, napi_value skValue, - std::string &returnPubKey, std::string &returnPriKey) + HcfBlob **returnPubKey, HcfBlob **returnPriKey) { - size_t length = 0; napi_valuetype valueTypePk; napi_valuetype valueTypeSk; napi_typeof(env, pkValue, &valueTypePk); @@ -259,38 +274,27 @@ static bool GetPkAndSkStringFromNapiValueIfInput(napi_env env, napi_value pkValu LOGE("valueTypePk and valueTypeSk is all null."); return false; } + HcfBlob *pubKey = nullptr; if (valueTypePk != napi_null) { - if (valueTypePk != napi_string) { - LOGE("valueTypePk wrong argument type, expect string type."); - return false; - } - if (napi_get_value_string_utf8(env, pkValue, nullptr, 0, &length) != napi_ok) { - LOGE("pkValue can not get string length."); - return false; - } - returnPubKey.reserve(length + 1); - returnPubKey.resize(length); - if (napi_get_value_string_utf8(env, pkValue, returnPubKey.data(), (length + 1), &length) != napi_ok) { - LOGE("pkValue can not get string value."); + pubKey = GetBlobFromStringJSParams(env, pkValue); + if (pubKey == nullptr) { + LOGE("GetBlobFromStringJSParams failed for pubKey."); return false; } } + HcfBlob *priKey = nullptr; if (valueTypeSk != napi_null) { - if (valueTypeSk != napi_string) { - LOGE("valueTypeSk wrong argument type. expect string type."); - return false; - } - if (napi_get_value_string_utf8(env, skValue, nullptr, 0, &length) != napi_ok) { - LOGE("skValue can not get string length."); - return false; - } - returnPriKey.reserve(length + 1); - returnPriKey.resize(length); - if (napi_get_value_string_utf8(env, skValue, returnPriKey.data(), (length + 1), &length) != napi_ok) { - LOGE("skValue can not get string value."); + priKey = GetBlobFromStringJSParams(env, skValue); + if (priKey == nullptr) { + HcfBlobDataFree(pubKey); + HcfFree(pubKey); + pubKey = nullptr; + LOGE("GetBlobFromStringJSParams failed for priKey."); return false; } } + *returnPubKey = pubKey; + *returnPriKey = priKey; return true; } @@ -339,7 +343,7 @@ static bool BuildConvertKeyCtx(napi_env env, napi_callback_info info, ConvertKey } } -static bool ValidateAndGetParams(napi_env env, napi_callback_info info, std::string &pubKey, std::string &priKey, +static bool ValidateAndGetParams(napi_env env, napi_callback_info info, HcfBlob **pubKey, HcfBlob **priKey, HcfParamsSpec **paramsSpec) { napi_value thisVar = nullptr; @@ -361,6 +365,7 @@ static bool ValidateAndGetParams(napi_env env, napi_callback_info info, std::str if (argc == expectedArgc) { if (!GetDecodingParamsSpec(env, argv[PARAM2], paramsSpec)) { + HcfFreePubKeyAndPriKey(*pubKey, *priKey); LOGE("get params failed!"); napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "get napi paramsSpec failed!")); return false; @@ -379,10 +384,10 @@ static bool BuildConvertPemKeyCtx(napi_env env, napi_callback_info info, Convert LOGE("failed to unwrap napi asyKeyGenerator obj."); return false; } - std::string pubKey; - std::string priKey; + HcfBlob *pubKey = nullptr; + HcfBlob *priKey = nullptr; HcfParamsSpec *paramsSpec = nullptr; - if (!ValidateAndGetParams(env, info, pubKey, priKey, ¶msSpec)) { + if (!ValidateAndGetParams(env, info, &pubKey, &priKey, ¶msSpec)) { return false; } @@ -528,8 +533,16 @@ static void ConvertKeyAsyncWorkProcess(napi_env env, void *data) static void ConvertPemKeyAsyncWorkProcess(napi_env env, void *data) { ConvertPemKeyCtx *ctx = static_cast(data); + const char *pubKeyStr = nullptr; + const char *priKeyStr = nullptr; + if (ctx->pubKey != nullptr) { + pubKeyStr = reinterpret_cast(ctx->pubKey->data); + } + if (ctx->priKey != nullptr) { + priKeyStr = reinterpret_cast(ctx->priKey->data); + } ctx->errCode = ctx->generator->convertPemKey(ctx->generator, ctx->params, - ctx->pubKey.c_str(), ctx->priKey.c_str(), &(ctx->returnKeyPair)); + pubKeyStr, priKeyStr, &(ctx->returnKeyPair)); if (ctx->errCode != HCF_SUCCESS) { LOGE("ConvertPemKey fail."); ctx->errMsg = "ConvertPemKey fail."; @@ -803,14 +816,6 @@ napi_value NapiAsyKeyGenerator::JsConvertKey(napi_env env, napi_callback_info in return NewConvertKeyAsyncWork(env, ctx); } -static void HcfFreePubKeyAndPriKey(HcfBlob *pubKey, HcfBlob *priKey) -{ - HcfBlobDataFree(pubKey); - HCF_FREE_PTR(pubKey); - HcfBlobDataClearAndFree(priKey); - HCF_FREE_PTR(priKey); -} - napi_value NapiAsyKeyGenerator::JsConvertKeySync(napi_env env, napi_callback_info info) { napi_value thisVar = nullptr; @@ -884,11 +889,19 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKey(napi_env env, napi_callback_info return NewConvertPemKeyAsyncWork(env, ctx); } -static HcfResult ConvertPemKeySync(std::string &pubKey, std::string &priKey, HcfAsyKeyGenerator *generator, +static HcfResult ConvertPemKeySync(HcfBlob *pubKey, HcfBlob *priKey, HcfAsyKeyGenerator *generator, HcfParamsSpec *paramsSpec, HcfKeyPair **returnKeyPair) { + const char *pubKeyStr = nullptr; + const char *priKeyStr = nullptr; + if (pubKey != nullptr) { + pubKeyStr = reinterpret_cast(pubKey->data); + } + if (priKey != nullptr) { + priKeyStr = reinterpret_cast(priKey->data); + } HcfResult errCode = generator->convertPemKey(generator, paramsSpec, - pubKey.c_str(), priKey.c_str(), returnKeyPair); + pubKeyStr, priKeyStr, returnKeyPair); if (errCode != HCF_SUCCESS) { LOGE("convertPemKey error!"); return errCode; @@ -900,10 +913,10 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKeySync(napi_env env, napi_callback_ { napi_value thisVar = nullptr; napi_get_cb_info(env, info, nullptr, nullptr, &thisVar, nullptr); - std::string pubKey; - std::string priKey; + HcfBlob *pubKey = nullptr; + HcfBlob *priKey = nullptr; HcfParamsSpec *paramsSpec = nullptr; - if (!ValidateAndGetParams(env, info, pubKey, priKey, ¶msSpec)) { + if (!ValidateAndGetParams(env, info, &pubKey, &priKey, ¶msSpec)) { FreeDecodeParamsSpec(paramsSpec); napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "invalid parameters.")); return NapiGetNull(env); @@ -913,6 +926,7 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKeySync(napi_env env, napi_callback_ napi_status status = napi_unwrap(env, thisVar, reinterpret_cast(&napiGenerator)); if (status != napi_ok || napiGenerator == nullptr) { FreeDecodeParamsSpec(paramsSpec); + HcfFreePubKeyAndPriKey(pubKey, priKey); LOGE("failed to unwrap napi asyKeyGenerator obj."); napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "failed to unwrap napi asyKeyGenerator obj.")); return nullptr; @@ -921,6 +935,7 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKeySync(napi_env env, napi_callback_ HcfAsyKeyGenerator *generator = napiGenerator->GetAsyKeyGenerator(); if (generator == nullptr) { FreeDecodeParamsSpec(paramsSpec); + HcfFreePubKeyAndPriKey(pubKey, priKey); LOGE("GetAsyKeyGenerator failed!"); napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "GetAsyKeyGenerator failed!")); return nullptr; @@ -928,6 +943,7 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKeySync(napi_env env, napi_callback_ HcfKeyPair *returnKeyPair = nullptr; HcfResult errCode = ConvertPemKeySync(pubKey, priKey, generator, paramsSpec, &(returnKeyPair)); + HcfFreePubKeyAndPriKey(pubKey, priKey); if (errCode != HCF_SUCCESS) { FreeDecodeParamsSpec(paramsSpec); LOGE("ConvertPemKeySync error!"); diff --git a/frameworks/js/napi/crypto/src/napi_kdf.cpp b/frameworks/js/napi/crypto/src/napi_kdf.cpp index 3867c25209a07f5c066f5cf8fcb031e275166a96..19e50c7ed66076195aa9ef24b1522409d1ebb525 100644 --- a/frameworks/js/napi/crypto/src/napi_kdf.cpp +++ b/frameworks/js/napi/crypto/src/napi_kdf.cpp @@ -505,11 +505,6 @@ static bool GetScryptParamsSpec(napi_env env, napi_value arg, HcfKdfParamsSpec * return false; } - if (n < 0 || r < 0 || p < 0 || maxMemory < 0) { - LOGE("n, r, p, or maxMemory cannot be negative number."); - return false; - } - HcfBlob out = { .data = static_cast(HcfMalloc(keySize, 0)), .len = keySize }; if (out.data == nullptr) { LOGE("output malloc failed!"); diff --git a/frameworks/js/napi/crypto/src/napi_utils.cpp b/frameworks/js/napi/crypto/src/napi_utils.cpp index 7b431ac9ce8679c7cbcd51ffd36eac640ada8d8f..1f52bfa5d184336558420402f5e77be5ec371eb1 100644 --- a/frameworks/js/napi/crypto/src/napi_utils.cpp +++ b/frameworks/js/napi/crypto/src/napi_utils.cpp @@ -662,7 +662,7 @@ bool GetEncodingParamsSpec(napi_env env, napi_value arg, HcfParamsSpec **returnS return true; } -static HcfBlob *GetBlobFromStringJSParams(napi_env env, napi_value arg) +HcfBlob *GetBlobFromStringJSParams(napi_env env, napi_value arg) { napi_valuetype valueType; napi_typeof(env, arg, &valueType); @@ -728,6 +728,8 @@ bool GetDecodingParamsSpec(napi_env env, napi_value arg, HcfParamsSpec **returnS if (tmpPw->len > PASSWORD_MAX_LENGTH) { LOGE("Password length exceeds max length limit of 4096 bytes!"); HcfBlobDataClearAndFree(tmpPw); + HcfFree(tmpPw); + tmpPw = nullptr; HcfFree(decodingParamsSpec); decodingParamsSpec = nullptr; return false; diff --git a/frameworks/native/include/native_common.h b/frameworks/native/include/native_common.h index 03c924c1ff14168d2f82d6913fe8bd1871e86352..a324e2e620a91ab5d33094bb9c35b2518d4baef8 100644 --- a/frameworks/native/include/native_common.h +++ b/frameworks/native/include/native_common.h @@ -27,10 +27,8 @@ OH_Crypto_ErrCode GetOhCryptoErrCode(HcfResult errCode); OH_Crypto_ErrCode GetOhCryptoErrCodeNew(HcfResult errCode); void ReverseUint8Arr(uint8_t *data, size_t len); -int32_t bigEndianArrToInt32(const uint8_t *data, size_t len); -void Int32TobigEndianArr(int32_t value, uint8_t *data, size_t len); -int32_t bigEndianArrToInt(const uint8_t *data, size_t len); -void IntTobigEndianArr(int value, uint8_t *data, size_t len); +uint32_t BigEndianArrToUint32(const uint8_t *data, size_t len); +void Uint32TobigEndianArr(uint32_t value, uint8_t *data, size_t len); #ifdef __cplusplus } #endif diff --git a/frameworks/native/src/asym_key.c b/frameworks/native/src/asym_key.c index 55494d5255a5caabed1d7d59653172798a3cdcd8..fd4037932992a69b430ce016459bfcd44ccbefdf 100644 --- a/frameworks/native/src/asym_key.c +++ b/frameworks/native/src/asym_key.c @@ -861,7 +861,11 @@ static OH_Crypto_ErrCode SetEccCommSpec(HcfEccCommParamsSpec *spec, CryptoAsymKe if (value->len != sizeof(spec->h)) { return CRYPTO_PARAMETER_CHECK_FAILED; } - spec->h = bigEndianArrToInt32(value->data, value->len); + uint32_t tmp = BigEndianArrToUint32(value->data, value->len); + if (tmp > INT32_MAX) { + return CRYPTO_PARAMETER_CHECK_FAILED; + } + spec->h = (int32_t)tmp; break; default: return CRYPTO_PARAMETER_CHECK_FAILED; @@ -936,7 +940,11 @@ static OH_Crypto_ErrCode SetDhCommSpec(HcfDhCommParamsSpec *spec, CryptoAsymKey_ if (value->len != sizeof(spec->length)) { return CRYPTO_PARAMETER_CHECK_FAILED; } - spec->length = bigEndianArrToInt(value->data, value->len); + uint32_t tmp = BigEndianArrToUint32(value->data, value->len); + if (tmp > INT32_MAX) { + return CRYPTO_PARAMETER_CHECK_FAILED; + } + spec->length = (int)tmp; break; default: return CRYPTO_PARAMETER_CHECK_FAILED; @@ -1309,7 +1317,13 @@ static OH_Crypto_ErrCode GetEccCommSpec(HcfEccCommParamsSpec *spec, CryptoAsymKe return CRYPTO_MEMORY_ERROR; } value->len = sizeof(spec->h); - Int32TobigEndianArr(spec->h, value->data, value->len); + if (spec->h < 0) { + HcfFree(value->data); + value->data = NULL; + return CRYPTO_PARAMETER_CHECK_FAILED; + } + uint32_t tmp = (uint32_t)spec->h; + Uint32TobigEndianArr(tmp, value->data, value->len); break; default: return CRYPTO_PARAMETER_CHECK_FAILED; @@ -1386,7 +1400,13 @@ static OH_Crypto_ErrCode GetDhCommSpec(HcfDhCommParamsSpec *spec, CryptoAsymKey_ return CRYPTO_MEMORY_ERROR; } value->len = sizeof(spec->length); - IntTobigEndianArr(spec->length, value->data, value->len); + if (spec->length < 0) { + HcfFree(value->data); + value->data = NULL; + return CRYPTO_PARAMETER_CHECK_FAILED; + } + uint32_t tmp = (uint32_t)spec->length; + Uint32TobigEndianArr(tmp, value->data, value->len); break; default: return CRYPTO_PARAMETER_CHECK_FAILED; diff --git a/frameworks/native/src/native_common.c b/frameworks/native/src/native_common.c index 62b7fd3da093a1ed09dc4bcffe06188e5658be7c..a92b10acdd4c398e623d99c47711b8f3992c3f0d 100644 --- a/frameworks/native/src/native_common.c +++ b/frameworks/native/src/native_common.c @@ -58,36 +58,19 @@ void ReverseUint8Arr(uint8_t *data, size_t len) #define NATIVE_BITS_SIZE 8 -int32_t bigEndianArrToInt32(const uint8_t *data, size_t len) +uint32_t BigEndianArrToUint32(const uint8_t *data, size_t len) { - int32_t value = 0; + uint32_t value = 0; for (size_t i = 0; i < len; ++i) { - value |= (int32_t)(data[i] << ((sizeof(int32_t) - 1 - i) * NATIVE_BITS_SIZE)); + value |= (uint32_t)(data[i] << ((sizeof(int32_t) - 1 - i) * NATIVE_BITS_SIZE)); } return value; } -void Int32TobigEndianArr(int32_t value, uint8_t *data, size_t len) +void Uint32TobigEndianArr(uint32_t value, uint8_t *data, size_t len) { for (size_t i = 0; i < len; ++i) { - data[i] = (value >> ((sizeof(int32_t) - i - 1) * NATIVE_BITS_SIZE)) & 0xFF; - } -} - -int32_t bigEndianArrToInt(const uint8_t *data, size_t len) -{ - int value = 0; - - for (size_t i = 0; i < len; ++i) { - value |= (int)(data[i] << ((sizeof(int) - 1 - i) * NATIVE_BITS_SIZE)); - } - return value; -} - -void IntTobigEndianArr(int value, uint8_t *data, size_t len) -{ - for (size_t i = 0; i < len; ++i) { - data[i] = (value >> ((sizeof(int) - i - 1) * NATIVE_BITS_SIZE)) & 0xFF; + data[i] = (value >> ((sizeof(uint32_t) - i - 1) * NATIVE_BITS_SIZE)) & 0xFF; } } diff --git a/interfaces/kits/native/include/crypto_asym_cipher.h b/interfaces/kits/native/include/crypto_asym_cipher.h index d6ab307212546b8c8b7bbfa768a63b67b7bc1cd7..3846be1733cfac6c843e75f837bb7f97065647d9 100644 --- a/interfaces/kits/native/include/crypto_asym_cipher.h +++ b/interfaces/kits/native/include/crypto_asym_cipher.h @@ -102,6 +102,7 @@ OH_Crypto_ErrCode OH_CryptoAsymCipher_Final(OH_CryptoAsymCipher *ctx, const Cryp * @brief Destroys the asymmetric cipher context. * * @param ctx Indicates the asymmetric cipher context. + * @since 20 */ void OH_CryptoAsymCipher_Destroy(OH_CryptoAsymCipher *ctx); diff --git a/interfaces/kits/native/include/crypto_asym_key.h b/interfaces/kits/native/include/crypto_asym_key.h index 4997e5e5589a486c9e68d1808fb409ac4a1cfee7..44803b8328177a8b86ec63a7e5309b51f087cbf4 100644 --- a/interfaces/kits/native/include/crypto_asym_key.h +++ b/interfaces/kits/native/include/crypto_asym_key.h @@ -279,7 +279,7 @@ OH_Crypto_ErrCode OH_CryptoPubKey_GetParam(OH_CryptoPubKey *key, CryptoAsymKey_P * @brief Sets the password to the asymmetric key generator context. * * Call this method to set the password if you need to convert encrypted private key data to a key pair using - * {@link OH_CryptoAsymKeyGenerator_Convert} + * {@link OH_CryptoAsymKeyGenerator_Convert}.\n * * @param ctx Indicates the asymmetric key generator context. * @param password Indicates the password. diff --git a/interfaces/kits/native/include/crypto_common.h b/interfaces/kits/native/include/crypto_common.h index 9da7d4e654d5fe911c3cfdb2be9801fed1a6796f..12ae6d224cd1b0b7727ff3ff7c9a339f25e28176 100644 --- a/interfaces/kits/native/include/crypto_common.h +++ b/interfaces/kits/native/include/crypto_common.h @@ -28,7 +28,7 @@ * @brief Defines the crypto common APIs. * * @library libohcrypto.so - * @kit Crypto Architecture Kit + * @kit CryptoArchitectureKit * @syscap SystemCapability.Security.CryptoFramework * @since 12 */ @@ -69,7 +69,10 @@ typedef enum { CRYPTO_NOT_SUPPORTED = 801, /** Indicates the memory error. */ CRYPTO_MEMORY_ERROR = 17620001, - /** Indicates that parameter check failed. */ + /** + * Indicates that parameter check failed. + * @since 20 + */ CRYPTO_PARAMETER_CHECK_FAILED = 17620003, /** Indicates that crypto operation error. */ CRYPTO_OPERTION_ERROR = 17630001, diff --git a/interfaces/kits/native/include/crypto_digest.h b/interfaces/kits/native/include/crypto_digest.h index 1af61159d717dfe12e8161b076556e38be7ef105..bac24951a8b1c1fdc48364749b839435dd28ebcc 100644 --- a/interfaces/kits/native/include/crypto_digest.h +++ b/interfaces/kits/native/include/crypto_digest.h @@ -25,10 +25,10 @@ /** * @file crypto_digest.h * - * @brief Defines the digest apis. + * @brief Defines the digest APIs. * * @library libohcrypto.so - * @kit Crypto Architecture Kit + * @kit CryptoArchitectureKit * @syscap SystemCapability.Security.CryptoFramework * @since 12 */ diff --git a/interfaces/kits/native/include/crypto_sym_cipher.h b/interfaces/kits/native/include/crypto_sym_cipher.h index 3e4245fef0110e7ff3980d04e11ed573e949dd5d..95a6e46a523bcc2dc2a0aebb94c0e0da16b76935 100644 --- a/interfaces/kits/native/include/crypto_sym_cipher.h +++ b/interfaces/kits/native/include/crypto_sym_cipher.h @@ -29,7 +29,7 @@ * @brief Defines the symmetric key cipher APIs. * * @library libohcrypto.so - * @kit Crypto Architecture Kit + * @kit CryptoArchitectureKit * @syscap SystemCapability.Security.CryptoFramework * @since 12 */ diff --git a/interfaces/kits/native/include/crypto_sym_key.h b/interfaces/kits/native/include/crypto_sym_key.h index 840d104c6a7c6ba115ace4fa9ca6a4f702d9e932..b2ebf9ebbd61ff08faf0fa40a827780c46e8d9c9 100644 --- a/interfaces/kits/native/include/crypto_sym_key.h +++ b/interfaces/kits/native/include/crypto_sym_key.h @@ -28,7 +28,7 @@ * @brief Defines the symmetric key APIs. * * @library libohcrypto.so - * @kit Crypto Architecture Kit + * @kit CryptoArchitectureKit * @syscap SystemCapability.Security.CryptoFramework * @since 12 */ diff --git a/plugin/mbedtls_plugin/rand/src/mbedtls_rand.c b/plugin/mbedtls_plugin/rand/src/mbedtls_rand.c index 0ab9714b54667de03ace063f5eae912d0401bc16..67fd4da4b490af9a5cfdbe0294dbab40692c181f 100644 --- a/plugin/mbedtls_plugin/rand/src/mbedtls_rand.c +++ b/plugin/mbedtls_plugin/rand/src/mbedtls_rand.c @@ -200,6 +200,8 @@ HcfResult MbedtlsRandSpiCreate(HcfRandSpi **spiObj) int32_t ret = MbedtlsRandInitEx(&(returnSpiImpl->entropy), &(returnSpiImpl->ctrDrbg)); if (ret != HCF_SUCCESS) { LOGE("Failed to allocate entropy ctrDrbg memory!"); + HcfFree(returnSpiImpl); + returnSpiImpl = NULL; return HCF_ERR_MALLOC; } returnSpiImpl->base.base.getClass = GetMbedtlsRandClass; diff --git a/plugin/openssl_plugin/crypto_operation/cipher/src/cipher_des_openssl.c b/plugin/openssl_plugin/crypto_operation/cipher/src/cipher_des_openssl.c index 9c50c2f542444619c6aadfa97ad83e3b6d4e8dcd..2fd8553fd25e1560ab9d44adbac97c56c20dc42c 100644 --- a/plugin/openssl_plugin/crypto_operation/cipher/src/cipher_des_openssl.c +++ b/plugin/openssl_plugin/crypto_operation/cipher/src/cipher_des_openssl.c @@ -222,7 +222,7 @@ static HcfResult EngineCipherInit(HcfCipherGeneratorSpi *self, enum HcfCryptoMod goto clearup; } const unsigned char *iv = GetIvData(cipherImpl, params); - if (iv == NULL && cipherImpl->attr.mode != HCF_ALG_MODE_ECB) { + if ((iv == NULL) && (cipherImpl->attr.mode != HCF_ALG_MODE_ECB) && (cipherImpl->attr.algo == HCF_ALG_DES)) { LOGE("IV is required for non-ECB modes."); ret = HCF_INVALID_PARAMS; goto clearup; diff --git a/plugin/openssl_plugin/crypto_operation/kdf/src/scrypt_openssl.c b/plugin/openssl_plugin/crypto_operation/kdf/src/scrypt_openssl.c index 38fda9d20919d6d673ba0889f242dcc46402b2c5..ef2220840a4934aa807c189aa9ca1ec82e72d1f4 100644 --- a/plugin/openssl_plugin/crypto_operation/kdf/src/scrypt_openssl.c +++ b/plugin/openssl_plugin/crypto_operation/kdf/src/scrypt_openssl.c @@ -128,7 +128,7 @@ static bool GetScryptSaltFromSpec(HcfScryptData *data, HcfScryptParamsSpec *para return false; } (void)memcpy_s(data->salt, params->salt.len, params->salt.data, params->salt.len); - data->saltLen = params->salt.len; + data->saltLen = (int)params->salt.len; return true; } @@ -140,7 +140,7 @@ static bool GetScryptPasswordFromSpec(HcfScryptData *data, HcfScryptParamsSpec * return false; } (void)memcpy_s(data->password, params->passPhrase.len, params->passPhrase.data, params->passPhrase.len); - data->passwordLen = params->passPhrase.len; + data->passwordLen = (int)params->passPhrase.len; } else { data->passwordLen = 0; data->password = NULL; @@ -161,7 +161,7 @@ static HcfResult InitScryptData(OpensslScryptSpiImpl *self, HcfScryptParamsSpec break; } if (!GetScryptPasswordFromSpec(data, params)) { - LOGE("malloc salt failed!"); + LOGE("malloc password failed!"); break; } data->out = (unsigned char *)HcfMalloc(params->output.len, 0); @@ -173,7 +173,7 @@ static HcfResult InitScryptData(OpensslScryptSpiImpl *self, HcfScryptParamsSpec data->p = params->p; data->r = params->r; data->maxBytes = params->maxMem; - data->outLen = params->output.len; + data->outLen = (int)params->output.len; self->kdfData = data; return HCF_SUCCESS; } while (0); diff --git a/plugin/openssl_plugin/key/sym_key_generator/src/sym_key_openssl.c b/plugin/openssl_plugin/key/sym_key_generator/src/sym_key_openssl.c index af635f9d0c62e1b6d7a70354854bdb5e1de22420..ab72bfad9ec75fb187f9cec6a56db395931f67a4 100644 --- a/plugin/openssl_plugin/key/sym_key_generator/src/sym_key_openssl.c +++ b/plugin/openssl_plugin/key/sym_key_generator/src/sym_key_openssl.c @@ -186,7 +186,7 @@ static HcfResult HcfDesSymmKeySpiCreate(int32_t keyLen, SymKeyImpl *symKey) EVP_CIPHER_CTX_free(ctx); symKey->keyMaterial.data = keyMaterial; - symKey->keyMaterial.len = keyLen; + symKey->keyMaterial.len = (size_t)keyLen; return HCF_SUCCESS; }