各种加密算法参数和模式的校对和检查
知识总结
关于各种加密算法的大致描述可以从我的另一篇博客入手
鸿蒙涉及的各种加密算法概述
总体概述
下面介绍的函数主要封装了对于单个参数结构体的有效性的检查以及从参数集合中根据tag取值取得输入参数并进行唯一性和有效性检查的功能函数
代码详解
hks_base_check.h
- 通过枚举变量定义了密钥的类型
- 封装了参数和期望参数的结构体用于参数的check
//参数的格式:两个参数一个布尔型标识该参数是否需要检查,一个是参数本身的值
struct Params {
bool needCheck;
uint32_t value;
};
//封装了几个Params类型的参数
struct ParamsValues {
struct Params keyLen;
struct Params padding;
struct Params purpose;
struct Params digest;
struct Params mode;
};
//封装了密钥类型和参数值结构体
struct ParamsValuesChecker {
enum CheckKeyType checkType;
struct ParamsValues paramValues;
};
//期望参数
struct ExpectParams {
bool needCheck;
const uint32_t *values;
uint32_t valueCnt;
};
struct ExpectParamsValues {
const struct ExpectParams keyLen;
const struct ExpectParams padding;
const struct ExpectParams purpose;
const struct ExpectParams digest;
const struct ExpectParams mode;
};
struct ExpectParamsValuesChecker {
enum CheckKeyType checkType;
const struct ExpectParamsValues paramValues;
};
hks_base_check.c
整体封装了各种算法参数验证和检查的函数方法
-
加密算法的类型定义
这里定义了五种非对称加密算法
有基于椭圆曲线的加密算法和基于大数难分解的RSA算法 -
CheckAndGetKeySize
根据HKS_TAG_KEY_SIZE找到对应的参数组并进行检查赋给*keysize
这里值得注意的是,由于使用的是纯C语言,所以使用了条件编译来替代函数重载
//根据HKS_TAG_KEY_SIZE找到对应的参数组并进行检查赋给*keysize
static int32_t CheckAndGetKeySize(const struct HksBlob *key, const uint32_t *expectKeySize,
uint32_t expectCnt, uint32_t *keySize)
{
if (key->size < sizeof(struct HksParamSet)) {
HKS_LOG_E("check key size: invalid keyfile size: %u", key->size);
return HKS_ERROR_INVALID_KEY_FILE;
}
//将key.data赋给keyParamSet
struct HksParamSet *keyParamSet = (struct HksParamSet *)key->data;
//检查参数的有效性
int32_t ret = HksCheckParamSetValidity(keyParamSet);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("check key size: paramset invalid failed");
return HKS_ERROR_INVALID_KEY_FILE;
}
struct HksParam *keySizeParam = NULL;
//通过HKS_TAG_KEY_SIZE在keyParamSet中找到对应tag的param存入keySizeParam
ret = HksGetParam(keyParamSet, HKS_TAG_KEY_SIZE, &keySizeParam);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("check key size: get param get tag:0x%x failed", HKS_TAG_KEY_SIZE);
return HKS_ERROR_INVALID_KEY_FILE;
}
//检查参数是否等于预期值
ret = HksCheckValue(keySizeParam->uint32Param, expectKeySize, expectCnt);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("check key size: key size value %u not expected", keySizeParam->uint32Param);
return HKS_ERROR_INVALID_KEY_FILE;
}
//将获取的参数存入*keysize所指数据块中
*keySize = keySizeParam->uint32Param;
return ret;
}
#else
//HksBlob类型key的检查(不需要通过tag从集合中取)
static int32_t CheckAndGetKeySize(const struct HksBlob *key, const uint32_t *expectKeySize,
uint32_t expectCnt, uint32_t *keySize)
{
if (key->size < sizeof(struct HksStoreKeyInfo)) {
HKS_LOG_E("check key size: invalid keyfile size: %u", key->size);
return HKS_ERROR_INVALID_KEY_FILE;
}
struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)key->data;
uint32_t keyLen = keyInfo->keyLen;
int32_t ret = HksCheckValue(keyLen, expectKeySize, expectCnt);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("check key size: keySize value %u not expected", keyLen);
return HKS_ERROR_INVALID_KEY_FILE;
}
*keySize = keyLen;
return ret;
}
#endif
- 两个验证函数分别验证inputPurpose的唯一性和有效性
- 从参数集合中获取输入参数
//通过HKS_TAG_KEY_SIZE在paramSet中找到相应的param进行检查后封装入inputParams(keylen padding purpose digest mode)
static int32_t GetInputParams(const struct HksParamSet *paramSet, struct ParamsValues *inputParams)
{
int32_t ret = HKS_SUCCESS;
struct HksParam *checkParam = NULL;
//当needCheck==1
if (inputParams->keyLen.needCheck) {
//将需要检查的参数存入&checkParam
ret = HksGetParam(paramSet, HKS_TAG_KEY_SIZE, &checkParam);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get Param get tag:0x%x failed", HKS_TAG_KEY_SIZE);
return HKS_ERROR_CHECK_GET_KEY_SIZE_FAIL;
}
//将检查完毕的参数赋给inputParams的对应地方
inputParams->keyLen.value = checkParam->uint32Param;
}
if (inputParams->padding.needCheck) {
ret = HksGetParam(paramSet, HKS_TAG_PADDING, &checkParam);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get Param get tag:0x%x failed", HKS_TAG_PADDING);
return HKS_ERROR_CHECK_GET_PADDING_FAIL;
}
inputParams->padding.value = checkParam->uint32Param;
}
if (inputParams->purpose.needCheck) {
ret = HksGetParam(paramSet, HKS_TAG_PURPOSE, &checkParam);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get Param get tag:0x%x failed", HKS_TAG_PURPOSE);
return HKS_ERROR_CHECK_GET_PURPOSE_FAIL;
}
inputParams->purpose.value = checkParam->uint32Param;
}
if (inputParams->digest.needCheck) {
ret = HksGetParam(paramSet, HKS_TAG_DIGEST, &checkParam);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get Param get tag:0x%x failed", HKS_TAG_DIGEST);
return HKS_ERROR_CHECK_GET_DIGEST_FAIL;
}
inputParams->digest.value = checkParam->uint32Param;
}
if (inputParams->mode.needCheck) {
ret = HksGetParam(paramSet, HKS_TAG_BLOCK_MODE, &checkParam);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get Param get tag:0x%x failed", HKS_TAG_BLOCK_MODE);
return HKS_ERROR_CHECK_GET_MODE_FAIL;
}
inputParams->mode.value = checkParam->uint32Param;
}
return ret;
}
- 输入参数的初始化函数
- 通过条件编译根据不同的加密算法和switch实现不同参数的inputParams的初始化
- 期望参数的初始化跟输入参数的一致,这里直接贴代码注释了
//初始化期望参数(checkSet->expectValues)
static int32_t InitExpectParams(enum CheckKeyType checkType, struct ExpectParamsValues *expectValues,
const struct ExpectParamsValuesChecker *checkSet, uint32_t checkSetSize)
{
for (uint32_t i = 0; i < checkSetSize; ++i) {
if (checkType == checkSet[i].checkType) {
if (memcpy_s(expectValues, sizeof(*expectValues), &checkSet[i].paramValues,
sizeof(checkSet[i].paramValues)) != EOK) {
HKS_LOG_E("init expect params: memcpy failed");
return HKS_ERROR_BAD_STATE;
}
return HKS_SUCCESS;
}
}
return HKS_ERROR_NOT_SUPPORTED;
}
//通过alg和条件编译,传入不同的参数进行期望参数的初始化
static int32_t GetExpectParams(uint32_t alg, enum CheckKeyType checkType, struct ExpectParamsValues *expectValues)
{
switch (alg) {
#ifdef HKS_SUPPORT_RSA_C
case HKS_ALG_RSA:
return InitExpectParams(checkType, expectValues, g_expectRsaParams, HKS_ARRAY_SIZE(g_expectRsaParams));
#endif
#ifdef HKS_SUPPORT_AES_C
case HKS_ALG_AES:
return InitExpectParams(checkType, expectValues, g_expectAesParams, HKS_ARRAY_SIZE(g_expectAesParams));
#endif
#ifdef HKS_SUPPORT_ECC_C
case HKS_ALG_ECC:
return InitExpectParams(checkType, expectValues, g_expectEccParams, HKS_ARRAY_SIZE(g_expectEccParams));
#endif
#if defined(HKS_SUPPORT_X25519_C) || defined(HKS_SUPPORT_ED25519_C)
case HKS_ALG_X25519:
case HKS_ALG_ED25519:
return InitExpectParams(checkType, expectValues, g_expectCurve25519Params,
HKS_ARRAY_SIZE(g_expectCurve25519Params));
#endif
default:
return HKS_ERROR_INVALID_ALGORITHM;
}
}
剩余的部分将在下一篇博客中讲解
感谢阅读点赞和评论!