From: Dongsun Lee Date: Thu, 4 Jul 2019 03:00:14 +0000 (+0900) Subject: hal_init isn't called and hal_hash_type is set from MessageDigestType X-Git-Tag: submit/tizen/20190704.052831^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F53%2F209253%2F3;p=platform%2Fcore%2Fsecurity%2Fdevice-certificate-manager-backend.git hal_init isn't called and hal_hash_type is set from MessageDigestType - When hal_init is not called, Konai SE is initialized with default values. - hal_hash_type can be given from MessageDigestType which a client delivers. Change-Id: I3c47bb0b0de3ef2957b12b01232c16046058bbc4 Signed-off-by: Dongsun Lee --- diff --git a/src/kse-backend/konaise.h b/src/kse-backend/konaise.h index 1b3f908..baa7425 100644 --- a/src/kse-backend/konaise.h +++ b/src/kse-backend/konaise.h @@ -1,39 +1,56 @@ -/****************************************************************** - * - * Copyright 2019 Samsung Electronics All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - ******************************************************************/ - -#ifdef USE_KONAISE_HEADERS -#include -#else - -#ifndef _KONAISE_SECURITY_H_ -#define _KONAISE_SECURITY_H_ +#ifndef _KONAISE_H_ +#define _KONAISE_H_ -typedef struct _hal_init_param { - uint32_t i2c_port; - uint32_t gpio; -} hal_init_param; +// real header file name is security_hal.h +/** + * This header file is included to define _EXPORT_. + */ +#include +#include +#include +#include -typedef struct _hal_data { - void *data; - uint32_t data_len; - void *priv; -} hal_data; +#define _IN_ +#define _OUT_ +#define _INOUT_ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Common + */ + +/* Enumerator */ +enum hal_result_e { + HAL_SUCCESS, + + HAL_NOT_INITIALIZED, + HAL_INVALID_ARGS, + + HAL_INVALID_SLOT_RANGE, + HAL_INVALID_SLOT_TYPE, //ex. request to save key into cert slot + HAL_EMPTY_SLOT, + + HAL_BAD_KEY, + HAL_BAD_KEY_PAIR, //public and private keys do not match + HAL_BAD_CERT, + HAL_BAD_CERTKEY_PAIR, //certificate and key do not match + + HAL_NOT_ENOUGH_MEMORY, + HAL_ALLOC_FAIL, + HAL_KEY_IN_USE, + HAL_CERT_IN_USE, + HAL_DATA_IN_USE, + + HAL_NOT_SUPPORTED, + HAL_NOT_IMPLEMENTED, + + HAL_BUSY, + HAL_FAIL, +}; typedef enum { HAL_HASH_MD5, @@ -45,6 +62,32 @@ typedef enum { HAL_HASH_UNKNOWN, } hal_hash_type; +typedef enum { + HAL_DH_1024, + HAL_DH_2048, +} hal_dh_key_type; + +typedef enum{ + HAL_RSA_1024, + HAL_RSA_2048, +} hal_rsa_key_type; + +typedef enum { + HAL_AES_128, + HAL_AES_192, + HAL_AES_256, +} hal_aes_key_type; + +typedef enum { + HAL_HMAC_MD5, + HAL_HMAC_SHA1, + HAL_HMAC_SHA224, + HAL_HMAC_SHA256, + HAL_HMAC_SHA384, + HAL_HMAC_SHA512, + HAL_HMAC_UNKNOWN, +} hal_hmac_type; + typedef enum { HAL_ECDSA_BRAINPOOL_P256R1, HAL_ECDSA_BRAINPOOL_P384R1, @@ -54,12 +97,437 @@ typedef enum { HAL_ECDSA_SEC_P512R1, } hal_ecdsa_curve; +typedef enum { + HAL_AES_ECB_NOPAD, + HAL_AES_ECB_ISO9797_M1, + HAL_AES_ECB_ISO9797_M2, + HAL_AES_ECB_PKCS5, + HAL_AES_ECB_PKCS7, + HAL_AES_CBC_NOPAD, + HAL_AES_CBC_ISO9797_M1, + HAL_AES_CBC_ISO9797_M2, + HAL_AES_CBC_PKCS5, + HAL_AES_CBC_PKCS7, + HAL_AES_CTR, +} hal_aes_algo; + +typedef enum { + HAL_RSASSA_PKCS1_V1_5, + HAL_RSASSA_PKCS1_PSS_MGF1, +} hal_rsa_algo; + +typedef enum { + /* AES */ + HAL_KEY_AES_128,// 128 bits aes algorithm + HAL_KEY_AES_192, // 192 bits aes algorithm + HAL_KEY_AES_256, // 256 bits aes algorithm + /* RSA */ + HAL_KEY_RSA_1024, // 1024 bits rsa algorithm + HAL_KEY_RSA_2048, // 2048 bits rsa algorithm + HAL_KEY_RSA_3072, // 3072 bits rsa algorithm + HAL_KEY_RSA_4096, + /* ECC: it doesn't support whole algorithm that mbedTLS support. it's have to be added*/ + HAL_KEY_ECC_BRAINPOOL_P256R1, // ecc brainpool curve for p256r1 + HAL_KEY_ECC_BRAINPOOL_P384R1, // ecc brainpool curve for p384r1 + HAL_KEY_ECC_BRAINPOOL_P512R1, // ecc brainpool curve for p512r1 + HAL_KEY_ECC_SEC_P256R1, // nist curve for p256r1 + HAL_KEY_ECC_SEC_P384R1, // nist curve for p384r1 + HAL_KEY_ECC_SEC_P512R1, // nist curve for p512r1 + /* Hmac */ + HAL_KEY_HMAC_MD5, // hmac with md5 + HAL_KEY_HMAC_SHA1, // hmac with sha1 + HAL_KEY_HMAC_SHA224, // hmac with sha224 + HAL_KEY_HMAC_SHA256, // hmac with sha256 + HAL_KEY_HMAC_SHA384, // hmac with sha384 + HAL_KEY_HMAC_SHA512, // hmac with sha512 + /* DH */ + HAL_KEY_DH_1024, + HAL_KEY_DH_2048, + HAL_KEY_UNKNOWN, +} hal_key_type; + +/* Structure */ +typedef struct _hal_init_param { + uint32_t i2c_port; + uint32_t i2c_speed; + uint32_t gpio; + uint8_t i2c_slave_address; +} hal_init_param; + +typedef struct _hal_data { + void *data; + uint32_t data_len; + void *priv; +} hal_data; + +typedef struct _hal_rsa_mode { + hal_rsa_algo rsa_a; + hal_hash_type hash_t; + hal_hash_type mgf; + uint32_t salt_byte_len; +} hal_rsa_mode; + +typedef struct _hal_aes_param { + hal_aes_algo mode; + unsigned char *iv; + unsigned int iv_len; +} hal_aes_param; + typedef struct _hal_ecdsa_mode { hal_ecdsa_curve curve; hal_hash_type hash_t; } hal_ecdsa_mode; +typedef struct _hal_dh_data { + hal_dh_key_type mode; + hal_data *G; + hal_data *P; + hal_data *pubkey; +} hal_dh_data; -#endif +typedef struct _hal_ecdh_data { + hal_ecdsa_curve curve; + hal_data *pubkey_x; + hal_data *pubkey_y; +} hal_ecdh_data; +typedef struct _hal_ss_info { + unsigned int size; + struct _hal_ss_info *next; +} hal_ss_info; + + +// ====================================== +// Function +// ====================================== + +/** + * Common + */ + +/* + * Reference + * Desc: Initialize HAL + * Artik SEE API: + * TizenRT SEE API: + * ISP: + * NOTE: Initialize secure channel + */ +EXPORT_API int hal_init(_IN_ hal_init_param *params); + +/* + * Reference + * Desc: Deinitialize HAL + * Artik SEE API: + * TizenRT SEE API: + * ISP: + * NOTE: Deinitialize secure channel + */ +EXPORT_API int hal_deinit(void); + +/* + * Reference + * Desc: free memory allocated within HAL + * Artik SEE API: + * TizenRT SEE API: + * ISP: + */ +EXPORT_API int hal_free_data(_IN_ hal_data *data); + +/* + * Reference + * Desc: get status of SE + * Artik SEE API: + * TizenRT SEE API: + * ISP: + * return value: busy, not initialized, ... + * NOTE: BUSY/IDLE check should be conducted within each HAL APIs as well. + */ +EXPORT_API int hal_get_status(void); + +/** + * Key Manager + */ +/* + * Reference + * Desc: If key type is asymmetric then private key can be stored. + * Artik SEE API: int see_set_key(see_algorithm algo, const char *key_name, see_data key); + * TizenRT SEE API: + * ISP: + */ +EXPORT_API int hal_set_key(_IN_ hal_key_type mode, _IN_ uint32_t key_idx, _IN_ hal_data *key, _IN_ hal_data *prikey); + + +/* + * Reference + * Desc: + * Artik SEE API: int see_get_pubkey(see_algorithm algo, const char *key_name, see_data *pub_key); + * TizenRT SEE API: + * ISP: + * NOTE: Return key type in key->priv + */ +EXPORT_API int hal_get_key(_IN_ hal_key_type mode, _IN_ uint32_t key_idx, _OUT_ hal_data *key); + + +/* + * Reference + * Desc: + * Artik SEE API: int see_remove_key(see_algorithm algo, const char *key_name); + * TizenRT SEE API: + * ISP: + */ +EXPORT_API int hal_remove_key(_IN_ hal_key_type mode, _IN_ uint32_t key_idx); + + +/* + * Reference + * Desc: + * Artik SEE API: int see_generate_key(see_algorithm algo, const char *key_name, see_data *pub_key) + * TizenRT SEE API: + * ISP: + */ +EXPORT_API int hal_generate_key(_IN_ hal_key_type mode, _IN_ uint32_t key_idx); + + +/** + * Authenticate + */ + +/* + * Reference + * Desc: Generate random + * Artik SEE API: int see_generate_random(unsigned int size, see_data *random) + * TizenRT SEE API: int see_generate_random(unsigned int *data, unsigned int len) + * ISP: int isp_generate_random(unsigned int *random, unsigned int wlen); + */ +EXPORT_API int hal_generate_random(_IN_ uint32_t len, _OUT_ hal_data *random); + +/* + * Reference + * Desc: Get HASH + * Artik SEE API: int see_get_hash(see_algorithm algo, see_data data, see_data *hash); + * TizenRT SEE API: int see_get_hash(struct sHASH_MSG *h_param, unsigned char *hash, unsigned int mode) + * ISP: int isp_hash(unsigned char *hash, struct sHASH_MSG *hash_msg, unsigned int object_id); + */ +EXPORT_API int hal_get_hash(_IN_ hal_hash_type mode, _IN_ hal_data *input, _OUT_ hal_data *hash); + +/* + * Reference + * Desc: Get HMAC + * Artik SEE API: int see_get_hmac(see_algorithm algo, const char *key_name, see_data data, see_data *hmac); + * TizenRT SEE API: int see_get_hmac(struct sHMAC_MSG *hmac_msg, unsigned char *output, unsigned int object_id, unsigned int key_index) + * ISP: int isp_hmac_securekey(unsigned char *mac, struct sHMAC_MSG *hmac_msg, unsigned int object_id, unsigned int key_index) + * w + */ +EXPORT_API int hal_get_hmac(_IN_ hal_hmac_type mode, _IN_ hal_data *input, _IN_ uint32_t key_idx, _OUT_ hal_data *hmac); + +/* + * Reference + * Desc: get signature using RSA key + * Artik SEE API: int see_get_rsa_signature(see_rsa_mode mode, const char *key_name, see_data hash, see_data *sign) + * TizenRT SEE API: int see_get_rsa_signature(struct sRSA_SIGN *rsa_sign, unsigned char *hash, unsigned int hash_len, unsigned int key_index) + * ISP: int isp_rsa_sign_md_securekey(struct sRSA_SIGN *rsa_sign, unsigned char *msg_digest, unsigned int msg_digest_byte_len, unsigned int key_index) + */ +EXPORT_API int hal_rsa_sign_md(_IN_ hal_rsa_mode mode, _IN_ hal_data *hash, _IN_ uint32_t key_idx, _OUT_ hal_data *sign); + +/* + * Reference + * Desc: + * Artik SEE API: int see_verify_rsa_signature(see_rsa_mode mode, const char *key_name, see_data hash, see_data sign) + * TizenRT SEE API: int see_verify_rsa_signature(struct sRSA_SIGN *rsa_sign, unsigned char *hash, unsigned int hash_len, unsigned int key_index) + * ISP: int isp_rsa_verify_md_securekey(struct sRSA_SIGN *rsa_sign, unsigned char *msg_digest, unsigned int msg_digest_byte_len, unsigned int key_index); + */ +EXPORT_API int hal_rsa_verify_md(_IN_ hal_rsa_mode mode, _IN_ hal_data *hash, _IN_ hal_data *sign, _IN_ uint32_t key_idx); + +/* + * Reference + * Desc: Get signature + * Artik SEE API: int see_get_ecdsa_signature(see_ecdsa_curve curve, const char *key_name, see_data hash, see_data *sign) + * TizenRT SEE API: int see_get_ecdsa_signature(struct sECC_SIGN *ecc_sign, unsigned char *hash, unsigned int hash_len, unsigned int key_index) + * ISP: int isp_ecdsa_sign_md_securekey(struct sECC_SIGN *ecc_sign, unsigned char *msg_digest, unsigned int msg_digest_byte_len, unsigned int key_index) + */ +EXPORT_API int hal_ecdsa_sign_md(_IN_ hal_data *hash, _IN_ uint32_t key_idx, _INOUT_ hal_ecdsa_mode *mode, _OUT_ hal_data *sign); + +/* + * Reference + * Artik SEE API: + * TizenRT SEE API: int see_verify_ecdsa_signature(struct sECC_SIGN *ecc_sign, unsigned char *hash, unsigned int hash_len, unsigned int key_index) + * ISP: int isp_ecdsa_verify_md_securekey(struct sECC_SIGN *ecc_sign, unsigned char *msg_digest, unsigned int msg_digest_byte_len, unsigned int key_index) + */ +EXPORT_API int hal_ecdsa_verify_md(_IN_ hal_ecdsa_mode mode, _IN_ hal_data *hash, _IN_ hal_data *sign, _IN_ uint32_t key_idx); + + +/* + * Reference + * Desc: Generate key at slot of index + * Artik SEE API: - + * TizenRT SEE API: int see_generate_dhm_params(struct sDH_PARAM *d_param, unsigned int key_index) + * ISP: int isp_dh_generate_keypair_userparam_securestorage(struct sDH_PARAM *i_dh_param, unsigned int dh_param_index); + */ +/* + * The function generates GX (G^X mod P) which is pubkey in dh_param with given G, P + * X will be generate and will be protected inside slot in SE + * X have to be removed by using hal_remove_key() + */ +EXPORT_API int hal_dh_generate_param(_IN_ uint32_t dh_idx, _INOUT_ hal_dh_data *dh_param); + +/* + * Reference + * Desc: Get shared secret + * Artik SEE API: - + * TizenRT SEE API: int see_compute_dhm_param(struct sDH_PARAM *d_param, unsigned int key_index, unsigned char *output, unsigned int *olen) + * ISP: int isp_dh_compute_shared_secret_securekey(unsigned char *shared_secret, unsigned int *shared_secret_byte_len, struct sDH_PARAM dh_publickey, unsigned int key_index); + */ +EXPORT_API int hal_dh_compute_shared_secret(_IN_ hal_dh_data *dh_param, _IN_ uint32_t dh_idx, _OUT_ hal_data *shared_secret); + +/* + * Reference + * Desc: Get ECDH shared secret + * Artik SEE API: - + * TizenRT SEE API: int see_compute_ecdh_param(struct sECC_KEY *ecc_pub, unsigned int key_index, unsigned char *output, unsigned int *olen) + * ISP: int isp_compute_ecdh_securekey(unsigned char *shared_secret, unsigned int *shared_secret_byte_len, struct sECC_KEY ecc_publickey, unsigned int key_index); + * NOTE: pubkey denotes a public key from the target which tries to share a secret + */ +EXPORT_API int hal_ecdh_compute_shared_secret(_IN_ hal_ecdh_data *ecdh_mode, _IN_ uint32_t key_idx, _OUT_ hal_data *shared_secret); + +/* + * Reference + * Desc: Set certificate in secure storage + * Artik SEE API: - + * TizenRT SEE API: int see_set_certificate(unsigned char *cert, unsigned int cert_len, unsigned int cert_index, unsigned int cert_type) + * ISP: int isp_write_cert(unsigned char *data, unsigned int data_byte_len, unsigned int index) + * NOTE: When cert_in consists of chains, cert_in->data represents the last certificate, and then, cert_in->priv denotes the next chain formatted hal_data. + * (Root CA has to be the end of hal_data) + */ +EXPORT_API int hal_set_certificate(_IN_ uint32_t cert_idx, _IN_ hal_data *cert_in); + +/* + * Reference + * Desc: Get certificate in secure storage + * Artik SEE API: - + * TizenRT SEE API: int see_get_certificate(unsigned char *cert, unsigned int *cert_len, unsigned int cert_index, unsigned int cert_type) + * ISP: int isp_read_cert(unsigned char *data, unsigned int *data_byte_len, unsigned int index); + * NOTE: When cert_out consists of chains, cert_out->data represents the last certificate, and then, cert_out->priv denotes the next chain formatted hal_data. + * (Root CA has to be the end of hal_data) + */ +EXPORT_API int hal_get_certificate(_IN_ uint32_t cert_idx, _OUT_ hal_data *cert_out); +/* + * Reference + * Desc: Remove certificate in secure storage + * Artik SEE API: - + * TizenRT SEE API: - + * ISP: - + */ +EXPORT_API int hal_remove_certificate(_IN_ uint32_t cert_idx); + +EXPORT_API int hal_get_factorykey_data(_IN_ uint32_t key_idx, _IN_ hal_data *data); // old api +/* + * Reference + * Desc: Get factory key + * Artik SEE API: - + * TizenRT SEE API: int see_get_publickey(unsigned char *key_der, unsigned int *key_len) + * ISP: int isp_get_factorykey_data(unsigned char *data, unsigned int *data_byte_len, unsigned int data_id); + */ + +EXPORT_API int hal_get_factory_key(_IN_ uint32_t key_idx, _IN_ hal_data *key); +/* + * Reference + * Desc: Get factory cert + * Artik SEE API: - + * TizenRT SEE API: + * ISP: int isp_get_factorykey2_data(unsigned char *data, unsigned int *data_byte_len, unsigned int data_id); + */ +EXPORT_API int hal_get_factory_cert(_IN_ uint32_t cert_idx, _IN_ hal_data *cert); + +/* + * Reference + * Desc: Get factory data + * Artik SEE API: - + * TizenRT SEE API: + * ISP: int isp_get_factorykey2_data(unsigned char *data, unsigned int *data_byte_len, unsigned int data_id); + */ +EXPORT_API int hal_get_factory_data(_IN_ uint32_t data_idx, _IN_ hal_data *data); + + +/** + * Crypto + */ + +/* + * Reference + * Desc: Encrypt data using AES + * Artik SEE API: - + * TizenRT SEE API: int see_aes_encrypt(unsigned int key_index, struct sAES_PARAM *aes_param) + * ISP: int isp_aes_encrypt_securekey(struct sAES_PARAM *aes_param, unsigned int key_index) + */ +EXPORT_API int hal_aes_encrypt(_IN_ hal_data *dec_data, _IN_ hal_aes_param *aes_param, _IN_ uint32_t key_idx, _OUT_ hal_data *enc_data); + +/* + * Reference + * Desc: Decrypt data using AES + * Artik SEE API: - + * TizenRT SEE API: int see_aes_decrypt(unsigned int key_index, struct sAES_PARAM *aes_param) + * ISP: int isp_aes_decrypt_securekey(struct sAES_PARAM *aes_param, unsigned int key_index) + */ +EXPORT_API int hal_aes_decrypt(_IN_ hal_data *enc_data, _IN_ hal_aes_param *aes_param, _IN_ uint32_t key_idx, _OUT_ hal_data *dec_data); + +/* + * Reference + * Desc: Encrypt data using RSA + * Artik SEE API: - + * TizenRT SEE API: int see_rsa_encryption(unsigned int key_index, unsigned int pad_type, unsigned char *output, unsigned int *outlen, unsigned char *input, unsigned int inlen) + * ISP: int isp_rsa_encrypt_securekey(unsigned char *output, unsigned int *output_byte_len, unsigned char *input, unsigned int input_byte_len, unsigned int key_index) + */ +EXPORT_API int hal_rsa_encrypt(_IN_ hal_data *dec_data, _IN_ hal_rsa_mode *mode, _IN_ uint32_t key_idx, _OUT_ hal_data *enc_data); + +/* + * Reference + * Desc: Decrypt data using RSA + * Artik SEE API: - + * TizenRT SEE API: + * ISP: + */ +EXPORT_API int hal_rsa_decrypt(_IN_ hal_data *enc_data, _IN_ hal_rsa_mode *mode, _IN_ uint32_t key_idx, _OUT_ hal_data *dec_data); + + +/** + * Secure Storage + */ + +/* + * Reference + * Desc: write data in secure storage of ss_idx + * Artik SEE API: - + * TizenRT SEE API: int see_read_secure_storage(unsigned char *data, unsigned int *data_len, unsigned index) + * ISP: int isp_read_storage(unsigned char *data, unsigned int *data_byte_len, unsigned int index) + */ +EXPORT_API int hal_write_storage(_IN_ uint32_t ss_idx, _IN_ hal_data *data); + +/* + * Reference + * Desc: Read data from secure storage of ss_idx + * Artik SEE API: - + * TizenRT SEE API: int see_read_secure_storage(unsigned char *data, unsigned int *data_len, unsigned index) + * ISP: int isp_read_storage(unsigned char *data, unsigned int *data_byte_len, unsigned int index) + */ +EXPORT_API int hal_read_storage(_IN_ uint32_t ss_idx, _OUT_ hal_data *data); + +/* + * Reference + * Desc: Delete data in secure storage of ss_idx + * Artik SEE API: - + * TizenRT SEE API: int see_read_secure_storage(unsigned char *data, unsigned int *data_len, unsigned index) + * ISP: int isp_read_storage(unsigned char *data, unsigned int *data_byte_len, unsigned int index) + */ +EXPORT_API int hal_delete_storage(_IN_ uint32_t ss_idx); + +// This method is dummy. + +EXPORT_API bool tizenkonaise(void); + + +#ifdef __cplusplus +} #endif +#endif // _KONAISE_H_ + diff --git a/src/kse-backend/ksebackend.cpp b/src/kse-backend/ksebackend.cpp index ce301c3..7f9a70e 100644 --- a/src/kse-backend/ksebackend.cpp +++ b/src/kse-backend/ksebackend.cpp @@ -55,20 +55,4 @@ void kse_backend::initialize_kse() { fKseInitOK = false; return; } - - try { - hal_init_param init_parm = {}; - int error = fSoResolver.invoke(nullptr, "hal_init", &init_parm); - - if(error != 0) { - BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "KSE framework init failure: " << error; - fKseInitOK = false; - } else { - BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "KSE framework initialized"; - fKseInitOK = true; - } - } catch(...) { - BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Caught exception when initializing KSE backend"; - fKseInitOK = false; - } } diff --git a/src/kse-backend/ksebackendcontext.cpp b/src/kse-backend/ksebackendcontext.cpp index 50bcdb1..a7b2c36 100644 --- a/src/kse-backend/ksebackendcontext.cpp +++ b/src/kse-backend/ksebackendcontext.cpp @@ -137,12 +137,24 @@ int kse_backend_context::request_certificate_chain(std::string& mutable_chain) return 0; } +hal_hash_type _get_hal_hash_type(MessageDigestType digestType) { + switch(digestType) { + case MD_MD5: return HAL_HASH_MD5; + case MD_SHA1: return HAL_HASH_SHA1; + case MD_SHA224: return HAL_HASH_SHA224; + case MD_SHA256: return HAL_HASH_SHA256; + case MD_SHA384: return HAL_HASH_SHA384; + case MD_SHA512: return HAL_HASH_SHA512; + defalut: return HAL_HASH_UNKNOWN; + } +} + int kse_backend_context::sign_crypto_data(MessageDigestType digestType, const std::string& dataToSign, std::string& digestResult) { BOOST_LOG_FUNCTION(); - hal_data hashed_data = { }; - hal_data signed_data = { }; + hal_data hashed_data = {0}; + hal_data signed_data = {0}; hashed_data.data = (void *)dataToSign.c_str(); hashed_data.data_len = dataToSign.size(); @@ -170,7 +182,7 @@ int kse_backend_context::sign_crypto_data(MessageDigestType digestType, const st #endif const char *method_name = "hal_ecdsa_sign_md"; - hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, HAL_HASH_UNKNOWN}; + hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, _get_hal_hash_type(digestType)}; int error = resolver.invoke( &kse_get_ecdsa_signature_key, method_name, diff --git a/src/kse-backend/tools/konaise_tool.cpp b/src/kse-backend/tools/konaise_tool.cpp index aa1bf50..58d39ea 100644 --- a/src/kse-backend/tools/konaise_tool.cpp +++ b/src/kse-backend/tools/konaise_tool.cpp @@ -36,37 +36,6 @@ static int kse_ec_sign = 0x21; static int kse_ec_verify= 0x22; -typedef enum { - /* AES */ - HAL_KEY_AES_128,// 128 bits aes algorithm - HAL_KEY_AES_192, // 192 bits aes algorithm - HAL_KEY_AES_256, // 256 bits aes algorithm - /* RSA */ - HAL_KEY_RSA_1024, // 1024 bits rsa algorithm - HAL_KEY_RSA_2048, // 2048 bits rsa algorithm - HAL_KEY_RSA_3072, // 3072 bits rsa algorithm - HAL_KEY_RSA_4096, - /* ECC: it doesn't support whole algorithm that mbedTLS support. it's have to be added*/ - HAL_KEY_ECC_BRAINPOOL_P256R1, // ecc brainpool curve for p256r1 - HAL_KEY_ECC_BRAINPOOL_P384R1, // ecc brainpool curve for p384r1 - HAL_KEY_ECC_BRAINPOOL_P512R1, // ecc brainpool curve for p512r1 - HAL_KEY_ECC_SEC_P256R1, // nist curve for p256r1 - HAL_KEY_ECC_SEC_P384R1, // nist curve for p384r1 - HAL_KEY_ECC_SEC_P512R1, // nist curve for p512r1 - /* Hmac */ - HAL_KEY_HMAC_MD5, // hmac with md5 - HAL_KEY_HMAC_SHA1, // hmac with sha1 - HAL_KEY_HMAC_SHA224, // hmac with sha224 - HAL_KEY_HMAC_SHA256, // hmac with sha256 - HAL_KEY_HMAC_SHA384, // hmac with sha384 - HAL_KEY_HMAC_SHA512, // hmac with sha512 - /* DH */ - HAL_KEY_DH_1024, - HAL_KEY_DH_2048, - HAL_KEY_UNKNOWN, -} hal_key_type; - - class SEKonai { public: SEKonai(const std::string& libraryName) : @@ -164,9 +133,8 @@ public: void ec_sec_p256r1_sign(std::string hash_file, int key_idx, std::string sig_file) { hal_data *hashed_data = read_file(hash_file); hal_data signed_data = {0}; - const char *method_name = "hal_ecdsa_sign_md"; - hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, HAL_HASH_UNKNOWN}; + hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, HAL_HASH_SHA256}; int error = fSoResolver.invoke( &kse_ec_sign, method_name, @@ -187,7 +155,8 @@ public: hal_data *signed_data = read_file(sig_file); const char *method_name = "hal_ecdsa_verify_md"; - hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, HAL_HASH_UNKNOWN}; + hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, HAL_HASH_SHA256}; + int error = fSoResolver.invoke( &kse_ec_verify, method_name,