From 2af3227ccb1efe2ecc16a61949fc6d45bc0e80cb Mon Sep 17 00:00:00 2001 From: kang1024 Date: Wed, 27 Aug 2025 09:15:45 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E5=90=8C=E6=AD=A5=E4=B8=BB=E5=B9=B2?= =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=B6=88=E9=99=A4=E5=88=86=E6=94=AF=E5=B7=AE?= =?UTF-8?q?=E5=BC=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: kang1024 --- frameworks/crypto_operation/sm2_crypto_util.c | 4 + frameworks/js/jsi/src/jsi_list.cpp | 4 +- frameworks/js/jsi/src/jsi_md.cpp | 5 + frameworks/js/jsi/src/jsi_rand.cpp | 3 + frameworks/js/napi/crypto/inc/napi_utils.h | 2 + .../crypto/src/napi_asy_key_generator.cpp | 112 ++++++++++-------- frameworks/js/napi/crypto/src/napi_kdf.cpp | 5 - frameworks/js/napi/crypto/src/napi_utils.cpp | 4 +- frameworks/native/include/native_common.h | 6 +- frameworks/native/src/asym_key.c | 28 ++++- frameworks/native/src/native_common.c | 27 +---- .../kits/native/include/crypto_asym_cipher.h | 1 + .../kits/native/include/crypto_asym_key.h | 2 +- .../kits/native/include/crypto_common.h | 7 +- .../kits/native/include/crypto_digest.h | 4 +- .../kits/native/include/crypto_sym_cipher.h | 2 +- .../kits/native/include/crypto_sym_key.h | 2 +- plugin/mbedtls_plugin/rand/src/mbedtls_rand.c | 2 + .../cipher/src/cipher_des_openssl.c | 2 +- .../crypto_operation/kdf/src/scrypt_openssl.c | 8 +- .../sym_key_generator/src/sym_key_openssl.c | 2 +- 21 files changed, 133 insertions(+), 99 deletions(-) diff --git a/frameworks/crypto_operation/sm2_crypto_util.c b/frameworks/crypto_operation/sm2_crypto_util.c index a28cece..88ef81c 100644 --- a/frameworks/crypto_operation/sm2_crypto_util.c +++ b/frameworks/crypto_operation/sm2_crypto_util.c @@ -105,6 +105,10 @@ HcfResult HcfGenCipherTextBySpec(Sm2CipherTextSpec *spec, const char *mode, HcfB return HCF_INVALID_PARAMS; } HcfSm2SpecToASN1CreateFunc createFunc = FindAbility(mode); + if (createFunc == NULL) { + LOGE("Failed to find create function"); + return HCF_INVALID_PARAMS; + } HcfResult res = createFunc(spec, output); if (res != HCF_SUCCESS) { LOGE("Failed to convert construct to asn1!"); diff --git a/frameworks/js/jsi/src/jsi_list.cpp b/frameworks/js/jsi/src/jsi_list.cpp index d5dc4ad..3f74a12 100644 --- a/frameworks/js/jsi/src/jsi_list.cpp +++ b/frameworks/js/jsi/src/jsi_list.cpp @@ -16,8 +16,8 @@ #include "jsi_list.h" #include "memory.h" -static LOS_DL_LIST g_mdObjListHeader = { 0 }; -static LOS_DL_LIST g_randObjListHeader = { 0 }; +static LOS_DL_LIST g_mdObjListHeader = { .pstPrev = nullptr, .pstNext = nullptr }; +static LOS_DL_LIST g_randObjListHeader = { .pstPrev = nullptr, .pstNext = nullptr }; namespace OHOS { namespace ACELite { diff --git a/frameworks/js/jsi/src/jsi_md.cpp b/frameworks/js/jsi/src/jsi_md.cpp index 9c50ede..ae5a91a 100644 --- a/frameworks/js/jsi/src/jsi_md.cpp +++ b/frameworks/js/jsi/src/jsi_md.cpp @@ -26,6 +26,7 @@ namespace ACELite { JSIValue CryptoFrameworkLiteModule::CreateMd(const JSIValue thisVal, const JSIValue *args, uint8_t argsNum) { + (void)thisVal; if ((args == nullptr) || (argsNum != ARRAY_INDEX_ONE)) { LOGE("CreateMd args is err!"); return ThrowErrorCodeResult(HCF_INVALID_PARAMS); @@ -160,6 +161,8 @@ JSIValue CryptoFrameworkLiteModule::Digest(const JSIValue thisVal, const JSIValu JSIValue CryptoFrameworkLiteModule::DigestSync(const JSIValue thisVal, const JSIValue *args, uint8_t argsNum) { + (void)args; + (void)argsNum; HcfMd *mdObj = reinterpret_cast((uint32_t)JSI::GetNumberProperty(thisVal, "mdObj")); if (mdObj == nullptr) { LOGE("DigestSync mdObj is null!!"); @@ -182,6 +185,8 @@ JSIValue CryptoFrameworkLiteModule::DigestSync(const JSIValue thisVal, const JSI JSIValue CryptoFrameworkLiteModule::GetMdLength(const JSIValue thisVal, const JSIValue *args, uint8_t argsNum) { + (void)args; + (void)argsNum; HcfMd *mdObj = reinterpret_cast((uint32_t)JSI::GetNumberProperty(thisVal, "mdObj")); if (mdObj == nullptr) { LOGE("GetMdLength mdObj is null!"); diff --git a/frameworks/js/jsi/src/jsi_rand.cpp b/frameworks/js/jsi/src/jsi_rand.cpp index 9cb57bb..0997234 100644 --- a/frameworks/js/jsi/src/jsi_rand.cpp +++ b/frameworks/js/jsi/src/jsi_rand.cpp @@ -28,6 +28,9 @@ namespace ACELite { JSIValue CryptoFrameworkLiteModule::CreateRandom(const JSIValue thisVal, const JSIValue *args, uint8_t argsNum) { + (void)argsNum; + (void)thisVal; + (void)args; HcfRand *randObj = nullptr; HcfResult res = HcfRandCreate(&randObj); if (res != HCF_SUCCESS) { diff --git a/frameworks/js/napi/crypto/inc/napi_utils.h b/frameworks/js/napi/crypto/inc/napi_utils.h index 53cec12..79ff66b 100644 --- a/frameworks/js/napi/crypto/inc/napi_utils.h +++ b/frameworks/js/napi/crypto/inc/napi_utils.h @@ -89,6 +89,8 @@ HcfResult GetNapiUint8ArrayDataNoCopy(napi_env env, napi_value arg, HcfBlob *blo HcfResult CreateNapiUint8ArrayNoCopy(napi_env env, HcfBlob *blob, napi_value *napiValue); +HcfBlob *GetBlobFromStringJSParams(napi_env env, napi_value arg); + } // namespace CryptoFramework } // namespace OHOS #endif diff --git a/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp b/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp index bec9049..425e151 100644 --- a/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp +++ b/frameworks/js/napi/crypto/src/napi_asy_key_generator.cpp @@ -75,8 +75,8 @@ struct ConvertPemKeyCtx { HcfAsyKeyGenerator *generator = nullptr; HcfParamsSpec *params = nullptr; - std::string pubKey = ""; - std::string priKey = ""; + HcfBlob *pubKey = nullptr; + HcfBlob *priKey = nullptr; HcfResult errCode = HCF_SUCCESS; const char *errMsg = nullptr; @@ -172,11 +172,27 @@ static void FreeConvertPemKeyCtx(napi_env env, ConvertPemKeyCtx *ctx) FreeDecodeParamsSpec(ctx->params); ctx->errMsg = nullptr; - ctx->pubKey = ""; - ctx->priKey = ""; + if (ctx->pubKey != nullptr) { + HcfBlobDataFree(ctx->pubKey); + HcfFree(ctx->pubKey); + ctx->pubKey = nullptr; + } + if (ctx->priKey != nullptr) { + HcfBlobDataClearAndFree(ctx->priKey); + HcfFree(ctx->priKey); + ctx->priKey = nullptr; + } HcfFree(ctx); } +static void HcfFreePubKeyAndPriKey(HcfBlob *pubKey, HcfBlob *priKey) +{ + HcfBlobDataFree(pubKey); + HCF_FREE_PTR(pubKey); + HcfBlobDataClearAndFree(priKey); + HCF_FREE_PTR(priKey); +} + static bool BuildGenKeyPairCtx(napi_env env, napi_callback_info info, GenKeyPairCtx *ctx) { napi_value thisVar = nullptr; @@ -248,9 +264,8 @@ static bool GetPkAndSkBlobFromNapiValueIfInput(napi_env env, napi_value pkValue, } static bool GetPkAndSkStringFromNapiValueIfInput(napi_env env, napi_value pkValue, napi_value skValue, - std::string &returnPubKey, std::string &returnPriKey) + HcfBlob **returnPubKey, HcfBlob **returnPriKey) { - size_t length = 0; napi_valuetype valueTypePk; napi_valuetype valueTypeSk; napi_typeof(env, pkValue, &valueTypePk); @@ -259,38 +274,27 @@ static bool GetPkAndSkStringFromNapiValueIfInput(napi_env env, napi_value pkValu LOGE("valueTypePk and valueTypeSk is all null."); return false; } + HcfBlob *pubKey = nullptr; if (valueTypePk != napi_null) { - if (valueTypePk != napi_string) { - LOGE("valueTypePk wrong argument type, expect string type."); - return false; - } - if (napi_get_value_string_utf8(env, pkValue, nullptr, 0, &length) != napi_ok) { - LOGE("pkValue can not get string length."); - return false; - } - returnPubKey.reserve(length + 1); - returnPubKey.resize(length); - if (napi_get_value_string_utf8(env, pkValue, returnPubKey.data(), (length + 1), &length) != napi_ok) { - LOGE("pkValue can not get string value."); + pubKey = GetBlobFromStringJSParams(env, pkValue); + if (pubKey == nullptr) { + LOGE("GetBlobFromStringJSParams failed for pubKey."); return false; } } + HcfBlob *priKey = nullptr; if (valueTypeSk != napi_null) { - if (valueTypeSk != napi_string) { - LOGE("valueTypeSk wrong argument type. expect string type."); - return false; - } - if (napi_get_value_string_utf8(env, skValue, nullptr, 0, &length) != napi_ok) { - LOGE("skValue can not get string length."); - return false; - } - returnPriKey.reserve(length + 1); - returnPriKey.resize(length); - if (napi_get_value_string_utf8(env, skValue, returnPriKey.data(), (length + 1), &length) != napi_ok) { - LOGE("skValue can not get string value."); + priKey = GetBlobFromStringJSParams(env, skValue); + if (priKey == nullptr) { + HcfBlobDataFree(pubKey); + HcfFree(pubKey); + pubKey = nullptr; + LOGE("GetBlobFromStringJSParams failed for priKey."); return false; } } + *returnPubKey = pubKey; + *returnPriKey = priKey; return true; } @@ -339,7 +343,7 @@ static bool BuildConvertKeyCtx(napi_env env, napi_callback_info info, ConvertKey } } -static bool ValidateAndGetParams(napi_env env, napi_callback_info info, std::string &pubKey, std::string &priKey, +static bool ValidateAndGetParams(napi_env env, napi_callback_info info, HcfBlob **pubKey, HcfBlob **priKey, HcfParamsSpec **paramsSpec) { napi_value thisVar = nullptr; @@ -361,6 +365,7 @@ static bool ValidateAndGetParams(napi_env env, napi_callback_info info, std::str if (argc == expectedArgc) { if (!GetDecodingParamsSpec(env, argv[PARAM2], paramsSpec)) { + HcfFreePubKeyAndPriKey(*pubKey, *priKey); LOGE("get params failed!"); napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "get napi paramsSpec failed!")); return false; @@ -379,10 +384,10 @@ static bool BuildConvertPemKeyCtx(napi_env env, napi_callback_info info, Convert LOGE("failed to unwrap napi asyKeyGenerator obj."); return false; } - std::string pubKey; - std::string priKey; + HcfBlob *pubKey = nullptr; + HcfBlob *priKey = nullptr; HcfParamsSpec *paramsSpec = nullptr; - if (!ValidateAndGetParams(env, info, pubKey, priKey, ¶msSpec)) { + if (!ValidateAndGetParams(env, info, &pubKey, &priKey, ¶msSpec)) { return false; } @@ -528,8 +533,16 @@ static void ConvertKeyAsyncWorkProcess(napi_env env, void *data) static void ConvertPemKeyAsyncWorkProcess(napi_env env, void *data) { ConvertPemKeyCtx *ctx = static_cast(data); + const char *pubKeyStr = nullptr; + const char *priKeyStr = nullptr; + if (ctx->pubKey != nullptr) { + pubKeyStr = reinterpret_cast(ctx->pubKey->data); + } + if (ctx->priKey != nullptr) { + priKeyStr = reinterpret_cast(ctx->priKey->data); + } ctx->errCode = ctx->generator->convertPemKey(ctx->generator, ctx->params, - ctx->pubKey.c_str(), ctx->priKey.c_str(), &(ctx->returnKeyPair)); + pubKeyStr, priKeyStr, &(ctx->returnKeyPair)); if (ctx->errCode != HCF_SUCCESS) { LOGE("ConvertPemKey fail."); ctx->errMsg = "ConvertPemKey fail."; @@ -803,14 +816,6 @@ napi_value NapiAsyKeyGenerator::JsConvertKey(napi_env env, napi_callback_info in return NewConvertKeyAsyncWork(env, ctx); } -static void HcfFreePubKeyAndPriKey(HcfBlob *pubKey, HcfBlob *priKey) -{ - HcfBlobDataFree(pubKey); - HCF_FREE_PTR(pubKey); - HcfBlobDataClearAndFree(priKey); - HCF_FREE_PTR(priKey); -} - napi_value NapiAsyKeyGenerator::JsConvertKeySync(napi_env env, napi_callback_info info) { napi_value thisVar = nullptr; @@ -884,11 +889,19 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKey(napi_env env, napi_callback_info return NewConvertPemKeyAsyncWork(env, ctx); } -static HcfResult ConvertPemKeySync(std::string &pubKey, std::string &priKey, HcfAsyKeyGenerator *generator, +static HcfResult ConvertPemKeySync(HcfBlob *pubKey, HcfBlob *priKey, HcfAsyKeyGenerator *generator, HcfParamsSpec *paramsSpec, HcfKeyPair **returnKeyPair) { + const char *pubKeyStr = nullptr; + const char *priKeyStr = nullptr; + if (pubKey != nullptr) { + pubKeyStr = reinterpret_cast(pubKey->data); + } + if (priKey != nullptr) { + priKeyStr = reinterpret_cast(priKey->data); + } HcfResult errCode = generator->convertPemKey(generator, paramsSpec, - pubKey.c_str(), priKey.c_str(), returnKeyPair); + pubKeyStr, priKeyStr, returnKeyPair); if (errCode != HCF_SUCCESS) { LOGE("convertPemKey error!"); return errCode; @@ -900,10 +913,10 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKeySync(napi_env env, napi_callback_ { napi_value thisVar = nullptr; napi_get_cb_info(env, info, nullptr, nullptr, &thisVar, nullptr); - std::string pubKey; - std::string priKey; + HcfBlob *pubKey = nullptr; + HcfBlob *priKey = nullptr; HcfParamsSpec *paramsSpec = nullptr; - if (!ValidateAndGetParams(env, info, pubKey, priKey, ¶msSpec)) { + if (!ValidateAndGetParams(env, info, &pubKey, &priKey, ¶msSpec)) { FreeDecodeParamsSpec(paramsSpec); napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "invalid parameters.")); return NapiGetNull(env); @@ -913,6 +926,7 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKeySync(napi_env env, napi_callback_ napi_status status = napi_unwrap(env, thisVar, reinterpret_cast(&napiGenerator)); if (status != napi_ok || napiGenerator == nullptr) { FreeDecodeParamsSpec(paramsSpec); + HcfFreePubKeyAndPriKey(pubKey, priKey); LOGE("failed to unwrap napi asyKeyGenerator obj."); napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "failed to unwrap napi asyKeyGenerator obj.")); return nullptr; @@ -921,6 +935,7 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKeySync(napi_env env, napi_callback_ HcfAsyKeyGenerator *generator = napiGenerator->GetAsyKeyGenerator(); if (generator == nullptr) { FreeDecodeParamsSpec(paramsSpec); + HcfFreePubKeyAndPriKey(pubKey, priKey); LOGE("GetAsyKeyGenerator failed!"); napi_throw(env, GenerateBusinessError(env, HCF_INVALID_PARAMS, "GetAsyKeyGenerator failed!")); return nullptr; @@ -928,6 +943,7 @@ napi_value NapiAsyKeyGenerator::JsConvertPemKeySync(napi_env env, napi_callback_ HcfKeyPair *returnKeyPair = nullptr; HcfResult errCode = ConvertPemKeySync(pubKey, priKey, generator, paramsSpec, &(returnKeyPair)); + HcfFreePubKeyAndPriKey(pubKey, priKey); if (errCode != HCF_SUCCESS) { FreeDecodeParamsSpec(paramsSpec); LOGE("ConvertPemKeySync error!"); diff --git a/frameworks/js/napi/crypto/src/napi_kdf.cpp b/frameworks/js/napi/crypto/src/napi_kdf.cpp index 3867c25..19e50c7 100644 --- a/frameworks/js/napi/crypto/src/napi_kdf.cpp +++ b/frameworks/js/napi/crypto/src/napi_kdf.cpp @@ -505,11 +505,6 @@ static bool GetScryptParamsSpec(napi_env env, napi_value arg, HcfKdfParamsSpec * return false; } - if (n < 0 || r < 0 || p < 0 || maxMemory < 0) { - LOGE("n, r, p, or maxMemory cannot be negative number."); - return false; - } - HcfBlob out = { .data = static_cast(HcfMalloc(keySize, 0)), .len = keySize }; if (out.data == nullptr) { LOGE("output malloc failed!"); diff --git a/frameworks/js/napi/crypto/src/napi_utils.cpp b/frameworks/js/napi/crypto/src/napi_utils.cpp index 7b431ac..1f52bfa 100644 --- a/frameworks/js/napi/crypto/src/napi_utils.cpp +++ b/frameworks/js/napi/crypto/src/napi_utils.cpp @@ -662,7 +662,7 @@ bool GetEncodingParamsSpec(napi_env env, napi_value arg, HcfParamsSpec **returnS return true; } -static HcfBlob *GetBlobFromStringJSParams(napi_env env, napi_value arg) +HcfBlob *GetBlobFromStringJSParams(napi_env env, napi_value arg) { napi_valuetype valueType; napi_typeof(env, arg, &valueType); @@ -728,6 +728,8 @@ bool GetDecodingParamsSpec(napi_env env, napi_value arg, HcfParamsSpec **returnS if (tmpPw->len > PASSWORD_MAX_LENGTH) { LOGE("Password length exceeds max length limit of 4096 bytes!"); HcfBlobDataClearAndFree(tmpPw); + HcfFree(tmpPw); + tmpPw = nullptr; HcfFree(decodingParamsSpec); decodingParamsSpec = nullptr; return false; diff --git a/frameworks/native/include/native_common.h b/frameworks/native/include/native_common.h index 03c924c..a324e2e 100644 --- a/frameworks/native/include/native_common.h +++ b/frameworks/native/include/native_common.h @@ -27,10 +27,8 @@ OH_Crypto_ErrCode GetOhCryptoErrCode(HcfResult errCode); OH_Crypto_ErrCode GetOhCryptoErrCodeNew(HcfResult errCode); void ReverseUint8Arr(uint8_t *data, size_t len); -int32_t bigEndianArrToInt32(const uint8_t *data, size_t len); -void Int32TobigEndianArr(int32_t value, uint8_t *data, size_t len); -int32_t bigEndianArrToInt(const uint8_t *data, size_t len); -void IntTobigEndianArr(int value, uint8_t *data, size_t len); +uint32_t BigEndianArrToUint32(const uint8_t *data, size_t len); +void Uint32TobigEndianArr(uint32_t value, uint8_t *data, size_t len); #ifdef __cplusplus } #endif diff --git a/frameworks/native/src/asym_key.c b/frameworks/native/src/asym_key.c index 55494d5..fd40379 100644 --- a/frameworks/native/src/asym_key.c +++ b/frameworks/native/src/asym_key.c @@ -861,7 +861,11 @@ static OH_Crypto_ErrCode SetEccCommSpec(HcfEccCommParamsSpec *spec, CryptoAsymKe if (value->len != sizeof(spec->h)) { return CRYPTO_PARAMETER_CHECK_FAILED; } - spec->h = bigEndianArrToInt32(value->data, value->len); + uint32_t tmp = BigEndianArrToUint32(value->data, value->len); + if (tmp > INT32_MAX) { + return CRYPTO_PARAMETER_CHECK_FAILED; + } + spec->h = (int32_t)tmp; break; default: return CRYPTO_PARAMETER_CHECK_FAILED; @@ -936,7 +940,11 @@ static OH_Crypto_ErrCode SetDhCommSpec(HcfDhCommParamsSpec *spec, CryptoAsymKey_ if (value->len != sizeof(spec->length)) { return CRYPTO_PARAMETER_CHECK_FAILED; } - spec->length = bigEndianArrToInt(value->data, value->len); + uint32_t tmp = BigEndianArrToUint32(value->data, value->len); + if (tmp > INT32_MAX) { + return CRYPTO_PARAMETER_CHECK_FAILED; + } + spec->length = (int)tmp; break; default: return CRYPTO_PARAMETER_CHECK_FAILED; @@ -1309,7 +1317,13 @@ static OH_Crypto_ErrCode GetEccCommSpec(HcfEccCommParamsSpec *spec, CryptoAsymKe return CRYPTO_MEMORY_ERROR; } value->len = sizeof(spec->h); - Int32TobigEndianArr(spec->h, value->data, value->len); + if (spec->h < 0) { + HcfFree(value->data); + value->data = NULL; + return CRYPTO_PARAMETER_CHECK_FAILED; + } + uint32_t tmp = (uint32_t)spec->h; + Uint32TobigEndianArr(tmp, value->data, value->len); break; default: return CRYPTO_PARAMETER_CHECK_FAILED; @@ -1386,7 +1400,13 @@ static OH_Crypto_ErrCode GetDhCommSpec(HcfDhCommParamsSpec *spec, CryptoAsymKey_ return CRYPTO_MEMORY_ERROR; } value->len = sizeof(spec->length); - IntTobigEndianArr(spec->length, value->data, value->len); + if (spec->length < 0) { + HcfFree(value->data); + value->data = NULL; + return CRYPTO_PARAMETER_CHECK_FAILED; + } + uint32_t tmp = (uint32_t)spec->length; + Uint32TobigEndianArr(tmp, value->data, value->len); break; default: return CRYPTO_PARAMETER_CHECK_FAILED; diff --git a/frameworks/native/src/native_common.c b/frameworks/native/src/native_common.c index 62b7fd3..a92b10a 100644 --- a/frameworks/native/src/native_common.c +++ b/frameworks/native/src/native_common.c @@ -58,36 +58,19 @@ void ReverseUint8Arr(uint8_t *data, size_t len) #define NATIVE_BITS_SIZE 8 -int32_t bigEndianArrToInt32(const uint8_t *data, size_t len) +uint32_t BigEndianArrToUint32(const uint8_t *data, size_t len) { - int32_t value = 0; + uint32_t value = 0; for (size_t i = 0; i < len; ++i) { - value |= (int32_t)(data[i] << ((sizeof(int32_t) - 1 - i) * NATIVE_BITS_SIZE)); + value |= (uint32_t)(data[i] << ((sizeof(int32_t) - 1 - i) * NATIVE_BITS_SIZE)); } return value; } -void Int32TobigEndianArr(int32_t value, uint8_t *data, size_t len) +void Uint32TobigEndianArr(uint32_t value, uint8_t *data, size_t len) { for (size_t i = 0; i < len; ++i) { - data[i] = (value >> ((sizeof(int32_t) - i - 1) * NATIVE_BITS_SIZE)) & 0xFF; - } -} - -int32_t bigEndianArrToInt(const uint8_t *data, size_t len) -{ - int value = 0; - - for (size_t i = 0; i < len; ++i) { - value |= (int)(data[i] << ((sizeof(int) - 1 - i) * NATIVE_BITS_SIZE)); - } - return value; -} - -void IntTobigEndianArr(int value, uint8_t *data, size_t len) -{ - for (size_t i = 0; i < len; ++i) { - data[i] = (value >> ((sizeof(int) - i - 1) * NATIVE_BITS_SIZE)) & 0xFF; + data[i] = (value >> ((sizeof(uint32_t) - i - 1) * NATIVE_BITS_SIZE)) & 0xFF; } } diff --git a/interfaces/kits/native/include/crypto_asym_cipher.h b/interfaces/kits/native/include/crypto_asym_cipher.h index d6ab307..3846be1 100644 --- a/interfaces/kits/native/include/crypto_asym_cipher.h +++ b/interfaces/kits/native/include/crypto_asym_cipher.h @@ -102,6 +102,7 @@ OH_Crypto_ErrCode OH_CryptoAsymCipher_Final(OH_CryptoAsymCipher *ctx, const Cryp * @brief Destroys the asymmetric cipher context. * * @param ctx Indicates the asymmetric cipher context. + * @since 20 */ void OH_CryptoAsymCipher_Destroy(OH_CryptoAsymCipher *ctx); diff --git a/interfaces/kits/native/include/crypto_asym_key.h b/interfaces/kits/native/include/crypto_asym_key.h index 4997e5e..44803b8 100644 --- a/interfaces/kits/native/include/crypto_asym_key.h +++ b/interfaces/kits/native/include/crypto_asym_key.h @@ -279,7 +279,7 @@ OH_Crypto_ErrCode OH_CryptoPubKey_GetParam(OH_CryptoPubKey *key, CryptoAsymKey_P * @brief Sets the password to the asymmetric key generator context. * * Call this method to set the password if you need to convert encrypted private key data to a key pair using - * {@link OH_CryptoAsymKeyGenerator_Convert} + * {@link OH_CryptoAsymKeyGenerator_Convert}.\n * * @param ctx Indicates the asymmetric key generator context. * @param password Indicates the password. diff --git a/interfaces/kits/native/include/crypto_common.h b/interfaces/kits/native/include/crypto_common.h index 9da7d4e..12ae6d2 100644 --- a/interfaces/kits/native/include/crypto_common.h +++ b/interfaces/kits/native/include/crypto_common.h @@ -28,7 +28,7 @@ * @brief Defines the crypto common APIs. * * @library libohcrypto.so - * @kit Crypto Architecture Kit + * @kit CryptoArchitectureKit * @syscap SystemCapability.Security.CryptoFramework * @since 12 */ @@ -69,7 +69,10 @@ typedef enum { CRYPTO_NOT_SUPPORTED = 801, /** Indicates the memory error. */ CRYPTO_MEMORY_ERROR = 17620001, - /** Indicates that parameter check failed. */ + /** + * Indicates that parameter check failed. + * @since 20 + */ CRYPTO_PARAMETER_CHECK_FAILED = 17620003, /** Indicates that crypto operation error. */ CRYPTO_OPERTION_ERROR = 17630001, diff --git a/interfaces/kits/native/include/crypto_digest.h b/interfaces/kits/native/include/crypto_digest.h index 1af6115..bac2495 100644 --- a/interfaces/kits/native/include/crypto_digest.h +++ b/interfaces/kits/native/include/crypto_digest.h @@ -25,10 +25,10 @@ /** * @file crypto_digest.h * - * @brief Defines the digest apis. + * @brief Defines the digest APIs. * * @library libohcrypto.so - * @kit Crypto Architecture Kit + * @kit CryptoArchitectureKit * @syscap SystemCapability.Security.CryptoFramework * @since 12 */ diff --git a/interfaces/kits/native/include/crypto_sym_cipher.h b/interfaces/kits/native/include/crypto_sym_cipher.h index 3e4245f..95a6e46 100644 --- a/interfaces/kits/native/include/crypto_sym_cipher.h +++ b/interfaces/kits/native/include/crypto_sym_cipher.h @@ -29,7 +29,7 @@ * @brief Defines the symmetric key cipher APIs. * * @library libohcrypto.so - * @kit Crypto Architecture Kit + * @kit CryptoArchitectureKit * @syscap SystemCapability.Security.CryptoFramework * @since 12 */ diff --git a/interfaces/kits/native/include/crypto_sym_key.h b/interfaces/kits/native/include/crypto_sym_key.h index 840d104..b2ebf9e 100644 --- a/interfaces/kits/native/include/crypto_sym_key.h +++ b/interfaces/kits/native/include/crypto_sym_key.h @@ -28,7 +28,7 @@ * @brief Defines the symmetric key APIs. * * @library libohcrypto.so - * @kit Crypto Architecture Kit + * @kit CryptoArchitectureKit * @syscap SystemCapability.Security.CryptoFramework * @since 12 */ diff --git a/plugin/mbedtls_plugin/rand/src/mbedtls_rand.c b/plugin/mbedtls_plugin/rand/src/mbedtls_rand.c index 0ab9714..67fd4da 100644 --- a/plugin/mbedtls_plugin/rand/src/mbedtls_rand.c +++ b/plugin/mbedtls_plugin/rand/src/mbedtls_rand.c @@ -200,6 +200,8 @@ HcfResult MbedtlsRandSpiCreate(HcfRandSpi **spiObj) int32_t ret = MbedtlsRandInitEx(&(returnSpiImpl->entropy), &(returnSpiImpl->ctrDrbg)); if (ret != HCF_SUCCESS) { LOGE("Failed to allocate entropy ctrDrbg memory!"); + HcfFree(returnSpiImpl); + returnSpiImpl = NULL; return HCF_ERR_MALLOC; } returnSpiImpl->base.base.getClass = GetMbedtlsRandClass; diff --git a/plugin/openssl_plugin/crypto_operation/cipher/src/cipher_des_openssl.c b/plugin/openssl_plugin/crypto_operation/cipher/src/cipher_des_openssl.c index 9c50c2f..2fd8553 100644 --- a/plugin/openssl_plugin/crypto_operation/cipher/src/cipher_des_openssl.c +++ b/plugin/openssl_plugin/crypto_operation/cipher/src/cipher_des_openssl.c @@ -222,7 +222,7 @@ static HcfResult EngineCipherInit(HcfCipherGeneratorSpi *self, enum HcfCryptoMod goto clearup; } const unsigned char *iv = GetIvData(cipherImpl, params); - if (iv == NULL && cipherImpl->attr.mode != HCF_ALG_MODE_ECB) { + if ((iv == NULL) && (cipherImpl->attr.mode != HCF_ALG_MODE_ECB) && (cipherImpl->attr.algo == HCF_ALG_DES)) { LOGE("IV is required for non-ECB modes."); ret = HCF_INVALID_PARAMS; goto clearup; diff --git a/plugin/openssl_plugin/crypto_operation/kdf/src/scrypt_openssl.c b/plugin/openssl_plugin/crypto_operation/kdf/src/scrypt_openssl.c index 38fda9d..ef22208 100644 --- a/plugin/openssl_plugin/crypto_operation/kdf/src/scrypt_openssl.c +++ b/plugin/openssl_plugin/crypto_operation/kdf/src/scrypt_openssl.c @@ -128,7 +128,7 @@ static bool GetScryptSaltFromSpec(HcfScryptData *data, HcfScryptParamsSpec *para return false; } (void)memcpy_s(data->salt, params->salt.len, params->salt.data, params->salt.len); - data->saltLen = params->salt.len; + data->saltLen = (int)params->salt.len; return true; } @@ -140,7 +140,7 @@ static bool GetScryptPasswordFromSpec(HcfScryptData *data, HcfScryptParamsSpec * return false; } (void)memcpy_s(data->password, params->passPhrase.len, params->passPhrase.data, params->passPhrase.len); - data->passwordLen = params->passPhrase.len; + data->passwordLen = (int)params->passPhrase.len; } else { data->passwordLen = 0; data->password = NULL; @@ -161,7 +161,7 @@ static HcfResult InitScryptData(OpensslScryptSpiImpl *self, HcfScryptParamsSpec break; } if (!GetScryptPasswordFromSpec(data, params)) { - LOGE("malloc salt failed!"); + LOGE("malloc password failed!"); break; } data->out = (unsigned char *)HcfMalloc(params->output.len, 0); @@ -173,7 +173,7 @@ static HcfResult InitScryptData(OpensslScryptSpiImpl *self, HcfScryptParamsSpec data->p = params->p; data->r = params->r; data->maxBytes = params->maxMem; - data->outLen = params->output.len; + data->outLen = (int)params->output.len; self->kdfData = data; return HCF_SUCCESS; } while (0); diff --git a/plugin/openssl_plugin/key/sym_key_generator/src/sym_key_openssl.c b/plugin/openssl_plugin/key/sym_key_generator/src/sym_key_openssl.c index af635f9..ab72bfa 100644 --- a/plugin/openssl_plugin/key/sym_key_generator/src/sym_key_openssl.c +++ b/plugin/openssl_plugin/key/sym_key_generator/src/sym_key_openssl.c @@ -186,7 +186,7 @@ static HcfResult HcfDesSymmKeySpiCreate(int32_t keyLen, SymKeyImpl *symKey) EVP_CIPHER_CTX_free(ctx); symKey->keyMaterial.data = keyMaterial; - symKey->keyMaterial.len = keyLen; + symKey->keyMaterial.len = (size_t)keyLen; return HCF_SUCCESS; } -- Gitee From 9d1086046ac29a318671409abdd1cc3952f083ab Mon Sep 17 00:00:00 2001 From: kang1024 Date: Wed, 27 Aug 2025 09:19:31 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=BC=BA=E5=9F=BAarkts=E9=9D=99=E6=80=81?= =?UTF-8?q?=E5=8C=96api20=E6=8E=A5=E5=8F=A3=E5=AE=9E=E7=8E=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: kang1024 --- frameworks/js/ani/inc/ani_common.h | 2 +- frameworks/js/ani/src/ani_common.cpp | 2 +- frameworks/js/ani/src/ani_signature_utils.cpp | 38 +++++++++++++++++-- 3 files changed, 36 insertions(+), 6 deletions(-) diff --git a/frameworks/js/ani/inc/ani_common.h b/frameworks/js/ani/inc/ani_common.h index 87abbc6..0952c8c 100644 --- a/frameworks/js/ani/inc/ani_common.h +++ b/frameworks/js/ani/inc/ani_common.h @@ -52,7 +52,7 @@ constexpr int SPEC_ITEM_TYPE_UINT8ARR = 4; #define ANI_LOGE_THROW(code, msg) \ do { \ int rc = ConvertResultCode(code); \ - LOGE("%{public}s, code: %{public}d", msg, rc); \ + LOGE("%{public}s code: %{public}d", msg, rc); \ set_business_error(rc, msg); \ } while (0) diff --git a/frameworks/js/ani/src/ani_common.cpp b/frameworks/js/ani/src/ani_common.cpp index 6ca979e..80409d7 100644 --- a/frameworks/js/ani/src/ani_common.cpp +++ b/frameworks/js/ani/src/ani_common.cpp @@ -134,7 +134,7 @@ bool ArrayU8ToBigInteger(const T &arr, HcfBigInteger &bigint) void BigIntegerToArrayU8(const HcfBigInteger &bigint, array &arr) { - arr = array(bigint.len + 1); + arr = array(bigint.len + 1, 0); std::copy(bigint.data, bigint.data + bigint.len, arr.data()); // 0x00 is the sign bit of big integer, it's always a positive number in this implementation arr[bigint.len] = 0x00; diff --git a/frameworks/js/ani/src/ani_signature_utils.cpp b/frameworks/js/ani/src/ani_signature_utils.cpp index 0e99e16..6b5b883 100644 --- a/frameworks/js/ani/src/ani_signature_utils.cpp +++ b/frameworks/js/ani/src/ani_signature_utils.cpp @@ -14,18 +14,48 @@ */ #include "ani_signature_utils.h" +#include "sm2_ec_signature_data.h" +#include "sm2_crypto_params.h" namespace ANI::CryptoFramework { EccSignatureSpec GenEccSignatureSpec(array_view data) { - // api 20 - TH_THROW(std::runtime_error, "GenEccSignatureSpec not implemented"); + HcfBlob inBlob = {}; + ArrayU8ToDataBlob(data, inBlob); + Sm2EcSignatureDataSpec *hcfSpec = nullptr; + HcfResult res = HcfGenEcSignatureSpecByData(&inBlob, &hcfSpec); + if (res != HCF_SUCCESS) { + ANI_LOGE_THROW(res, "gen ec signature spec fail."); + return {}; + } + EccSignatureSpec spec = {}; + BigIntegerToArrayU8(hcfSpec->rCoordinate, spec.r); + BigIntegerToArrayU8(hcfSpec->sCoordinate, spec.s); + DestroySm2EcSignatureSpec(hcfSpec); + return spec; } array GenEccSignature(EccSignatureSpec const& spec) { - // api 20 - TH_THROW(std::runtime_error, "GenEccSignature not implemented"); + Sm2EcSignatureDataSpec hcfSpec = {}; + bool bigintValid = true; + bigintValid &= ArrayU8ToBigInteger(spec.r, hcfSpec.rCoordinate); + bigintValid &= ArrayU8ToBigInteger(spec.s, hcfSpec.sCoordinate); + if (!bigintValid) { + ANI_LOGE_THROW(HCF_INVALID_PARAMS, "params is invalid."); + return {}; + } + + HcfBlob outBlob = {}; + HcfResult res = HcfGenEcSignatureDataBySpec(&hcfSpec, &outBlob); + if (res != HCF_SUCCESS) { + ANI_LOGE_THROW(res, "gen ec signature data fail."); + return {}; + } + array data = {}; + DataBlobToArrayU8(outBlob, data); + HcfBlobDataClearAndFree(&outBlob); + return data; } } // namespace ANI::CryptoFramework -- Gitee