1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifndef CM_TYPE_H
17 #define CM_TYPE_H
18
19 #include <stdbool.h>
20 #include <stdint.h>
21 #include <stdlib.h>
22
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26 #ifndef CM_API_PUBLIC
27 #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */
28 #define CM_API_EXPORT
29 #else
30 #define CM_API_EXPORT __attribute__ ((visibility("default")))
31 #endif
32 #else
33 #define CM_API_EXPORT __attribute__ ((visibility("default")))
34 #endif
35
36 #define MAX_LEN_CERTIFICATE 8196
37
38 #define MAX_LEN_CERTIFICATE_CHAIN (3 * MAX_LEN_CERTIFICATE)
39
40 #define MAX_SUFFIX_LEN 16
41 #define MAX_COUNT_CERTIFICATE 256
42 #define MAX_LEN_URI 256
43 #define MAX_AUTH_LEN_URI 256
44 #define MAX_LEN_CERT_ALIAS 129 /* include 1 byte: the terminator('\0') */
45 #define MAX_LEN_SUBJECT_NAME 1025 /* include 1 byte: the terminator('\0') */
46 #define MAX_LEN_PACKGE_NAME 64
47 #define MAX_LEN_MAC_KEY 64
48 #define MAX_UINT32_LEN 16
49 #define MAX_LEN_CERT_TYPE 8
50 #define MAX_LEN_PRI_CRED_ALIAS 33 /* include 1 byte: the terminator('\0') */
51
52 #define MAX_LEN_ISSUER_NAME 256
53 #define MAX_LEN_SERIAL 64
54 #define MAX_LEN_NOT_BEFORE 32
55 #define MAX_LEN_NOT_AFTER 32
56 #define MAX_LEN_FINGER_PRINT_SHA256 128
57 #define MAX_LEN_APP_CERT 20480
58 #define MAX_LEN_APP_CERT_PASSWD 33 /* 32位密码 + 1位结束符 */
59
60 #define CERT_MAX_PATH_LEN 256
61 #define CM_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
62 #define INIT_INVALID_VALUE 0xFFFFFFFF
63
64 #define CERT_STATUS_ENABLED ((uint32_t) 0)
65 #define CERT_STATUS_DISABLED ((uint32_t) 1)
66
67 /*
68 * Align to 4-tuple
69 * Before calling this function, ensure that the size does not overflow after 3 is added.
70 */
71 #define ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2)
72
73 #define CM_BITS_PER_BYTE 8
74 #define CM_KEY_BYTES(keySize) (((keySize) + CM_BITS_PER_BYTE - 1) / CM_BITS_PER_BYTE)
75 #define MAX_OUT_BLOB_SIZE (5 * 1024 * 1024)
76
77 #define CM_CREDENTIAL_STORE 0
78 #define CM_SYSTEM_TRUSTED_STORE 1
79 #define CM_USER_TRUSTED_STORE 2
80 #define CM_PRI_CREDENTIAL_STORE 3
81 #define CM_SYS_CREDENTIAL_STORE 4
82 #define CM_STORE_CHECK(a) \
83 (((a) != CM_CREDENTIAL_STORE) && ((a) != CM_PRI_CREDENTIAL_STORE) && ((a) != CM_SYS_CREDENTIAL_STORE))
84
85 enum CmKeyDigest {
86 CM_DIGEST_NONE = 0,
87 CM_DIGEST_MD5 = 1,
88 CM_DIGEST_SHA1 = 10,
89 CM_DIGEST_SHA224 = 11,
90 CM_DIGEST_SHA256 = 12,
91 CM_DIGEST_SHA384 = 13,
92 CM_DIGEST_SHA512 = 14,
93 };
94
95 enum CmKeyPurpose {
96 CM_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, and SM4 keys. */
97 CM_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, and SM4 keys. */
98 CM_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */
99 CM_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */
100 CM_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */
101 CM_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */
102 CM_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */
103 CM_KEY_PURPOSE_MAC = 128, /* Usable with mac. */
104 CM_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */
105 };
106
107 enum CmKeyPadding {
108 CM_PADDING_NONE = 0,
109 CM_PADDING_OAEP = 1,
110 CM_PADDING_PSS = 2,
111 CM_PADDING_PKCS1_V1_5 = 3,
112 CM_PADDING_PKCS5 = 4,
113 CM_PADDING_PKCS7 = 5,
114 };
115
116 enum CmErrorCode {
117 CM_SUCCESS = 0,
118 CM_FAILURE = -1,
119
120 CMR_ERROR_NOT_PERMITTED = -2,
121 CMR_ERROR_NOT_SUPPORTED = -3,
122 CMR_ERROR_STORAGE = -4,
123 CMR_ERROR_NOT_FOUND = -5,
124 CMR_ERROR_NULL_POINTER = -6,
125 CMR_ERROR_INVALID_ARGUMENT = -7,
126 CMR_ERROR_MAKE_DIR_FAIL = -8,
127 CMR_ERROR_INVALID_OPERATION = -9,
128 CMR_ERROR_OPEN_FILE_FAIL = -10,
129 CMR_ERROR_READ_FILE_ERROR = -11,
130 CMR_ERROR_WRITE_FILE_FAIL = -12,
131 CMR_ERROR_REMOVE_FILE_FAIL = -13,
132 CMR_ERROR_CLOSE_FILE_FAIL = -14,
133 CMR_ERROR_MALLOC_FAIL = -15,
134 CMR_ERROR_NOT_EXIST = -16,
135 CMR_ERROR_ALREADY_EXISTS = -17,
136 CMR_ERROR_INSUFFICIENT_DATA = -18,
137 CMR_ERROR_BUFFER_TOO_SMALL = -19,
138 CMR_ERROR_INVALID_CERT_FORMAT = -20,
139 CMR_ERROR_PARAM_NOT_EXIST = -21,
140 CMR_ERROR_SESSION_REACHED_LIMIT = -22,
141 CMR_ERROR_PERMISSION_DENIED = -23,
142 CMR_ERROR_AUTH_CHECK_FAILED = -24,
143 CMR_ERROR_KEY_OPERATION_FAILED = -25,
144 CMR_ERROR_NOT_SYSTEMP_APP = -26,
145 CMR_ERROR_MAX_CERT_COUNT_REACHED = -27,
146 CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT = -28,
147 CMR_ERROR_GET_ADVSECMODE_PARAM_FAIL = -29,
148 CMR_ERROR_DEVICE_ENTER_ADVSECMODE = -30,
149 CMR_ERROR_CREATE_RDB_TABLE_FAIL = -31,
150 CMR_ERROR_INSERT_RDB_DATA_FAIL = -32,
151 CMR_ERROR_UPDATE_RDB_DATA_FAIL = -33,
152 CMR_ERROR_DELETE_RDB_DATA_FAIL = -34,
153 CMR_ERROR_QUERY_RDB_DATA_FAIL = -35,
154 CMR_ERROR_PASSWORD_IS_ERR = -36,
155 };
156
157 enum CMDialogErrorCode {
158 CMR_DIALOG_OK = 0,
159 CMR_DIALOG_ERROR = -1,
160 CMR_DIALOG_ERROR_INVALID_ARGUMENT = -2,
161 CMR_DIALOG_ERROR_INTERNAL = -3,
162 CMR_DIALOG_ERROR_OPERATION_CANCELS = -4,
163 CMR_DIALOG_ERROR_INSTALL_FAILED = -5,
164 CMR_DIALOG_ERROR_NOT_SUPPORTED = -6,
165 CMR_DIALOG_ERROR_PERMISSION_DENIED = 1011,
166 };
167
168 enum CMErrorCode { /* temp use */
169 CMR_OK = 0,
170 CMR_ERROR = -1,
171 };
172
173 enum CmTagType {
174 CM_TAG_TYPE_INVALID = 0 << 28,
175 CM_TAG_TYPE_INT = 1 << 28,
176 CM_TAG_TYPE_UINT = 2 << 28,
177 CM_TAG_TYPE_ULONG = 3 << 28,
178 CM_TAG_TYPE_BOOL = 4 << 28,
179 CM_TAG_TYPE_BYTES = 5 << 28,
180 };
181
182 enum CmTag {
183 /* Inner-use TAGS used for ipc serialization */
184 CM_TAG_PARAM0_BUFFER = CM_TAG_TYPE_BYTES | 30001,
185 CM_TAG_PARAM1_BUFFER = CM_TAG_TYPE_BYTES | 30002,
186 CM_TAG_PARAM2_BUFFER = CM_TAG_TYPE_BYTES | 30003,
187 CM_TAG_PARAM3_BUFFER = CM_TAG_TYPE_BYTES | 30004,
188 CM_TAG_PARAM4_BUFFER = CM_TAG_TYPE_BYTES | 30005,
189 CM_TAG_PARAM0_UINT32 = CM_TAG_TYPE_UINT | 30006,
190 CM_TAG_PARAM1_UINT32 = CM_TAG_TYPE_UINT | 30007,
191 CM_TAG_PARAM2_UINT32 = CM_TAG_TYPE_UINT | 30008,
192 CM_TAG_PARAM3_UINT32 = CM_TAG_TYPE_UINT | 30009,
193 CM_TAG_PARAM4_UINT32 = CM_TAG_TYPE_UINT | 30010,
194 CM_TAG_PARAM0_BOOL = CM_TAG_TYPE_BOOL | 30011,
195 CM_TAG_PARAM1_BOOL = CM_TAG_TYPE_BOOL | 30012,
196 CM_TAG_PARAM2_BOOL = CM_TAG_TYPE_BOOL | 30013,
197 CM_TAG_PARAM3_BOOL = CM_TAG_TYPE_BOOL | 30014,
198 CM_TAG_PARAM4_BOOL = CM_TAG_TYPE_BOOL | 30015,
199 CM_TAG_PARAM0_NULL = CM_TAG_TYPE_BYTES | 30016,
200 CM_TAG_PARAM1_NULL = CM_TAG_TYPE_BYTES | 30017,
201 CM_TAG_PARAM2_NULL = CM_TAG_TYPE_BYTES | 30018,
202 CM_TAG_PARAM3_NULL = CM_TAG_TYPE_BYTES | 30019,
203 CM_TAG_PARAM4_NULL = CM_TAG_TYPE_BYTES | 30020,
204 };
205
206 #define CM_PARAM_BUFFER_NULL_INTERVAL ((CM_TAG_PARAM0_NULL) - (CM_TAG_PARAM0_BUFFER))
207
208 enum CmSendType {
209 CM_SEND_TYPE_ASYNC = 0,
210 CM_SEND_TYPE_SYNC,
211 };
212
213 struct CmMutableBlob {
214 uint32_t size;
215 uint8_t *data;
216 };
217
218 struct CmContext {
219 uint32_t userId;
220 uint32_t uid;
221 char packageName[MAX_LEN_PACKGE_NAME];
222 };
223
224 struct CmBlob {
225 uint32_t size;
226 uint8_t *data;
227 };
228
229 struct CertBlob {
230 struct CmBlob uri[MAX_COUNT_CERTIFICATE];
231 struct CmBlob certAlias[MAX_COUNT_CERTIFICATE];
232 struct CmBlob subjectName[MAX_COUNT_CERTIFICATE];
233 };
234
235 struct CmAppCertInfo {
236 struct CmBlob appCert;
237 struct CmBlob appCertPwd;
238 };
239
240 struct CertListAbtInfo {
241 uint32_t uriSize;
242 char uri[MAX_LEN_URI];
243 uint32_t aliasSize;
244 char certAlias[MAX_LEN_CERT_ALIAS];
245 uint32_t status;
246 uint32_t subjectNameSize;
247 char subjectName[MAX_LEN_SUBJECT_NAME];
248 };
249
250 struct CertAbstract {
251 char uri[MAX_LEN_URI];
252 char certAlias[MAX_LEN_CERT_ALIAS];
253 bool status;
254 char subjectName[MAX_LEN_SUBJECT_NAME];
255 };
256
257 struct CertList {
258 uint32_t certsCount;
259 struct CertAbstract *certAbstract;
260 };
261
262 struct CertAbtInfo {
263 uint32_t aliasSize;
264 char certAlias[MAX_LEN_CERT_ALIAS];
265 uint32_t status;
266 uint32_t certsize;
267 uint8_t certData[MAX_LEN_CERTIFICATE];
268 };
269
270 struct CertInfo {
271 char uri[MAX_LEN_URI];
272 char certAlias[MAX_LEN_CERT_ALIAS];
273 bool status;
274 char issuerName[MAX_LEN_ISSUER_NAME];
275 char subjectName[MAX_LEN_SUBJECT_NAME];
276 char serial[MAX_LEN_SERIAL];
277 char notBefore[MAX_LEN_NOT_BEFORE];
278 char notAfter[MAX_LEN_NOT_AFTER];
279 char fingerprintSha256[MAX_LEN_FINGER_PRINT_SHA256];
280 struct CmBlob certInfo;
281 };
282
283 struct CertFile {
284 const struct CmBlob *fileName;
285 const struct CmBlob *path;
286 };
287
288 struct CertFileInfo {
289 struct CmBlob fileName;
290 struct CmBlob path;
291 };
292
293 struct CMApp {
294 uint32_t userId;
295 uint32_t uid;
296 const char *packageName;
297 struct CmBlob *appId; // for attestation
298 };
299
300 struct Credential {
301 uint32_t isExist;
302 char type[MAX_LEN_SUBJECT_NAME];
303 char alias[MAX_LEN_CERT_ALIAS];
304 char keyUri[MAX_LEN_URI];
305 uint32_t certNum;
306 uint32_t keyNum;
307 struct CmBlob credData;
308 };
309
310 struct CredentialAbstract {
311 char type[MAX_LEN_SUBJECT_NAME];
312 char alias[MAX_LEN_CERT_ALIAS];
313 char keyUri[MAX_LEN_URI];
314 };
315
316 struct CredentialList {
317 uint32_t credentialCount;
318 struct CredentialAbstract *credentialAbstract;
319 };
320
321 struct AppCert {
322 uint32_t certCount;
323 uint32_t keyCount;
324 uint32_t certSize;
325 uint8_t appCertdata[MAX_LEN_CERTIFICATE_CHAIN];
326 };
327
328 struct CmParam {
329 uint32_t tag;
330 union {
331 bool boolParam;
332 int32_t int32Param;
333 uint32_t uint32Param;
334 uint64_t uint64Param;
335 struct CmBlob blob;
336 };
337 };
338
339 struct CmParamOut {
340 uint32_t tag;
341 union {
342 bool *boolParam;
343 int32_t *int32Param;
344 uint32_t *uint32Param;
345 uint64_t *uint64Param;
346 struct CmBlob *blob;
347 };
348 };
349
350 struct CmParamSet {
351 uint32_t paramSetSize;
352 uint32_t paramsCnt;
353 struct CmParam params[];
354 };
355
356 struct CmAppUidList {
357 uint32_t appUidCount;
358 uint32_t *appUid;
359 };
360
361 struct CmSignatureSpec {
362 uint32_t purpose;
363 uint32_t padding;
364 uint32_t digest;
365 };
366
367 struct CmAppCertParam {
368 struct CmBlob *appCert;
369 struct CmBlob *appCertPwd;
370 struct CmBlob *certAlias;
371 uint32_t store;
372 uint32_t userId;
373 };
374
375 struct CertName {
376 struct CmBlob *displayName;
377 struct CmBlob *objectName;
378 struct CmBlob *subjectName;
379 };
380
CmIsAdditionOverflow(uint32_t a,uint32_t b)381 static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b)
382 {
383 return (UINT32_MAX - a) < b;
384 }
385
CmCheckBlob(const struct CmBlob * blob)386 static inline int32_t CmCheckBlob(const struct CmBlob *blob)
387 {
388 if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) {
389 return CMR_ERROR_INVALID_ARGUMENT;
390 }
391 return CM_SUCCESS;
392 }
393
394 #ifdef __cplusplus
395 }
396 #endif
397
398 #endif /* CM_TYPE_H */
399