1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cert_manager_api.h"
17
18 #include "cm_advsecmode_check.h"
19 #include "cm_log.h"
20 #include "cm_mem.h"
21 #include "cm_ipc_client.h"
22 #include "cm_type.h"
23
CmGetCertList(uint32_t store,struct CertList * certificateList)24 CM_API_EXPORT int32_t CmGetCertList(uint32_t store, struct CertList *certificateList)
25 {
26 CM_LOG_D("enter get certificate list");
27 if (certificateList == NULL) {
28 CM_LOG_E("invalid input arguments");
29 return CMR_ERROR_NULL_POINTER;
30 }
31
32 if ((certificateList->certAbstract == NULL) || (store != CM_SYSTEM_TRUSTED_STORE)) {
33 CM_LOG_E("invalid input arguments store:%u", store);
34 return CMR_ERROR_INVALID_ARGUMENT;
35 }
36
37 int32_t ret = CmClientGetCertList(store, certificateList);
38 CM_LOG_D("leave get certificate list, result = %d", ret);
39 return ret;
40 }
41
CmGetCertInfo(const struct CmBlob * certUri,uint32_t store,struct CertInfo * certificateInfo)42 CM_API_EXPORT int32_t CmGetCertInfo(const struct CmBlob *certUri, uint32_t store,
43 struct CertInfo *certificateInfo)
44 {
45 CM_LOG_D("enter get certificate info");
46 if ((certUri == NULL) || (certificateInfo == NULL)) {
47 CM_LOG_E("invalid input arguments");
48 return CMR_ERROR_NULL_POINTER;
49 }
50
51 if ((certificateInfo->certInfo.data == NULL) || (certificateInfo->certInfo.size == 0) ||
52 (store != CM_SYSTEM_TRUSTED_STORE)) {
53 CM_LOG_E("invalid input arguments store:%u", store);
54 return CMR_ERROR_INVALID_ARGUMENT;
55 }
56
57 int32_t ret = CmClientGetCertInfo(certUri, store, certificateInfo);
58 CM_LOG_D("leave get certificate info, result = %d", ret);
59 return ret;
60 }
61
CmSetCertStatus(const struct CmBlob * certUri,const uint32_t store,const bool status)62 CM_API_EXPORT int32_t CmSetCertStatus(const struct CmBlob *certUri, const uint32_t store,
63 const bool status)
64 {
65 CM_LOG_D("enter set certificate status");
66 if (certUri == NULL) {
67 CM_LOG_E("invalid input arguments");
68 return CMR_ERROR_NULL_POINTER;
69 }
70
71 if (store != CM_SYSTEM_TRUSTED_STORE) {
72 CM_LOG_E("invalid input arguments store:%u", store);
73 return CMR_ERROR_INVALID_ARGUMENT;
74 }
75
76 uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status
77
78 int32_t ret = CmClientSetCertStatus(certUri, store, uStatus);
79 CM_LOG_D("leave set certificate status, result = %d", ret);
80 return ret;
81 }
82
CmInstallAppCert(const struct CmBlob * appCert,const struct CmBlob * appCertPwd,const struct CmBlob * certAlias,const uint32_t store,struct CmBlob * keyUri)83 CM_API_EXPORT int32_t CmInstallAppCert(const struct CmBlob *appCert, const struct CmBlob *appCertPwd,
84 const struct CmBlob *certAlias, const uint32_t store, struct CmBlob *keyUri)
85 {
86 CM_LOG_D("enter install app certificate");
87 if (appCert == NULL || appCertPwd == NULL || certAlias == NULL ||
88 keyUri == NULL || keyUri->data == NULL || CM_STORE_CHECK(store)) {
89 return CMR_ERROR_INVALID_ARGUMENT;
90 }
91
92 int32_t ret = CmClientInstallAppCert(appCert, appCertPwd, certAlias, store, keyUri);
93 CM_LOG_D("leave install app certificate, result = %d", ret);
94 return ret;
95 }
96
CmUninstallAppCert(const struct CmBlob * keyUri,const uint32_t store)97 CM_API_EXPORT int32_t CmUninstallAppCert(const struct CmBlob *keyUri, const uint32_t store)
98 {
99 CM_LOG_D("enter uninstall app certificate");
100 if (keyUri == NULL || CM_STORE_CHECK(store)) {
101 return CMR_ERROR_INVALID_ARGUMENT;
102 }
103
104 int32_t ret = CmClientUninstallAppCert(keyUri, store);
105 CM_LOG_D("leave uninstall app certificate, result = %d", ret);
106 return ret;
107 }
108
CmUninstallAllAppCert(void)109 CM_API_EXPORT int32_t CmUninstallAllAppCert(void)
110 {
111 CM_LOG_D("enter uninstall all app certificate");
112
113 int32_t ret = CmClientUninstallAllAppCert(CM_MSG_UNINSTALL_ALL_APP_CERTIFICATE);
114
115 CM_LOG_D("leave uninstall all app certificate, result = %d", ret);
116 return ret;
117 }
118
CmGetAppCertList(const uint32_t store,struct CredentialList * certificateList)119 CM_API_EXPORT int32_t CmGetAppCertList(const uint32_t store, struct CredentialList *certificateList)
120 {
121 CM_LOG_D("enter get app certificatelist");
122 if (certificateList == NULL || CM_STORE_CHECK(store)) {
123 return CMR_ERROR_INVALID_ARGUMENT;
124 }
125
126 int32_t ret = CmClientGetAppCertList(store, certificateList);
127 CM_LOG_D("leave get app certificatelist, result = %d", ret);
128 return ret;
129 }
130
CmCallingGetAppCertList(const uint32_t store,struct CredentialList * certificateList)131 CM_API_EXPORT int32_t CmCallingGetAppCertList(const uint32_t store, struct CredentialList *certificateList)
132 {
133 if (certificateList == NULL || CM_STORE_CHECK(store)) {
134 return CMR_ERROR_INVALID_ARGUMENT;
135 }
136
137 int32_t ret = CmClientGetCallingAppCertList(store, certificateList);
138 return ret;
139 }
140
CmGetAppCert(const struct CmBlob * keyUri,const uint32_t store,struct Credential * certificate)141 CM_API_EXPORT int32_t CmGetAppCert(const struct CmBlob *keyUri, const uint32_t store,
142 struct Credential *certificate)
143 {
144 CM_LOG_D("enter get app certificate");
145 if (keyUri == NULL || certificate == NULL || CM_STORE_CHECK(store)) {
146 return CMR_ERROR_INVALID_ARGUMENT;
147 }
148
149 int32_t ret = CmClientGetAppCert(keyUri, store, certificate);
150 CM_LOG_D("leave get app certificate, result = %d", ret);
151 return ret;
152 }
153
CmGrantAppCertificate(const struct CmBlob * keyUri,uint32_t appUid,struct CmBlob * authUri)154 CM_API_EXPORT int32_t CmGrantAppCertificate(const struct CmBlob *keyUri, uint32_t appUid, struct CmBlob *authUri)
155 {
156 CM_LOG_D("enter grant app certificate");
157 if ((keyUri == NULL) || (authUri == NULL)) {
158 CM_LOG_E("invalid input arguments");
159 return CMR_ERROR_INVALID_ARGUMENT;
160 }
161
162 int32_t ret = CmClientGrantAppCertificate(keyUri, appUid, authUri);
163 CM_LOG_D("leave grant app certificate, result = %d", ret);
164 return ret;
165 }
166
CmGetAuthorizedAppList(const struct CmBlob * keyUri,struct CmAppUidList * appUidList)167 CM_API_EXPORT int32_t CmGetAuthorizedAppList(const struct CmBlob *keyUri, struct CmAppUidList *appUidList)
168 {
169 CM_LOG_D("enter get authorized app list");
170 if ((keyUri == NULL) || (appUidList == NULL)) {
171 CM_LOG_E("invalid input arguments");
172 return CMR_ERROR_INVALID_ARGUMENT;
173 }
174
175 int32_t ret = CmClientGetAuthorizedAppList(keyUri, appUidList);
176 CM_LOG_D("leave get authorized app list, result = %d", ret);
177 return ret;
178 }
179
CmIsAuthorizedApp(const struct CmBlob * authUri)180 CM_API_EXPORT int32_t CmIsAuthorizedApp(const struct CmBlob *authUri)
181 {
182 CM_LOG_D("enter check is app authed");
183 if (authUri == NULL) {
184 CM_LOG_E("invalid input arguments");
185 return CMR_ERROR_INVALID_ARGUMENT;
186 }
187
188 int32_t ret = CmClientIsAuthorizedApp(authUri);
189 CM_LOG_D("leave check is app authed, result = %d", ret);
190 return ret;
191 }
192
CmRemoveGrantedApp(const struct CmBlob * keyUri,uint32_t appUid)193 CM_API_EXPORT int32_t CmRemoveGrantedApp(const struct CmBlob *keyUri, uint32_t appUid)
194 {
195 CM_LOG_D("enter remove granted app");
196 if (keyUri == NULL) {
197 CM_LOG_E("invalid input arguments");
198 return CMR_ERROR_INVALID_ARGUMENT;
199 }
200
201 int32_t ret = CmClientRemoveGrantedApp(keyUri, appUid);
202 CM_LOG_D("leave remove granted app, result = %d", ret);
203 return ret;
204 }
205
CmInit(const struct CmBlob * authUri,const struct CmSignatureSpec * spec,struct CmBlob * handle)206 CM_API_EXPORT int32_t CmInit(const struct CmBlob *authUri, const struct CmSignatureSpec *spec, struct CmBlob *handle)
207 {
208 CM_LOG_D("enter cert manager init");
209 if ((authUri == NULL) || (spec == NULL) || (handle == NULL)) {
210 CM_LOG_E("invalid input arguments");
211 return CMR_ERROR_INVALID_ARGUMENT;
212 }
213
214 int32_t ret = CmClientInit(authUri, spec, handle);
215 CM_LOG_D("leave cert manager init, result = %d", ret);
216 return ret;
217 }
218
CmUpdate(const struct CmBlob * handle,const struct CmBlob * inData)219 CM_API_EXPORT int32_t CmUpdate(const struct CmBlob *handle, const struct CmBlob *inData)
220 {
221 CM_LOG_D("enter cert manager update");
222 if ((handle == NULL) || (inData == NULL)) {
223 CM_LOG_E("invalid input arguments");
224 return CMR_ERROR_INVALID_ARGUMENT;
225 }
226
227 int32_t ret = CmClientUpdate(handle, inData);
228 CM_LOG_D("leave cert manager update, result = %d", ret);
229 return ret;
230 }
231
CmFinish(const struct CmBlob * handle,const struct CmBlob * inData,struct CmBlob * outData)232 CM_API_EXPORT int32_t CmFinish(const struct CmBlob *handle, const struct CmBlob *inData, struct CmBlob *outData)
233 {
234 CM_LOG_D("enter cert manager finish");
235 if ((handle == NULL) || (inData == NULL) || (outData == NULL)) {
236 CM_LOG_E("invalid input arguments");
237 return CMR_ERROR_INVALID_ARGUMENT;
238 }
239
240 int32_t ret = CmClientFinish(handle, inData, outData);
241 CM_LOG_D("leave cert manager finish, result = %d", ret);
242 return ret;
243 }
244
CmAbort(const struct CmBlob * handle)245 CM_API_EXPORT int32_t CmAbort(const struct CmBlob *handle)
246 {
247 CM_LOG_D("enter cert manager abort");
248 if (handle == NULL) {
249 CM_LOG_E("invalid input arguments");
250 return CMR_ERROR_INVALID_ARGUMENT;
251 }
252
253 int32_t ret = CmClientAbort(handle);
254 CM_LOG_D("leave cert manager abort, result = %d", ret);
255 return ret;
256 }
257
CmGetUserCertList(uint32_t store,struct CertList * certificateList)258 CM_API_EXPORT int32_t CmGetUserCertList(uint32_t store, struct CertList *certificateList)
259 {
260 CM_LOG_D("enter get cert list");
261 if (certificateList == NULL) {
262 return CMR_ERROR_NULL_POINTER;
263 }
264
265 int32_t ret = CmClientGetUserCertList(store, certificateList);
266 CM_LOG_D("leave get cert list, result = %d", ret);
267 return ret;
268 }
269
CmGetUserCertInfo(const struct CmBlob * certUri,uint32_t store,struct CertInfo * certificateInfo)270 CM_API_EXPORT int32_t CmGetUserCertInfo(const struct CmBlob *certUri, uint32_t store, struct CertInfo *certificateInfo)
271 {
272 CM_LOG_D("enter get cert info");
273 if ((certUri == NULL) || (certificateInfo == NULL)) {
274 return CMR_ERROR_NULL_POINTER;
275 }
276
277 int32_t ret = CmClientGetUserCertInfo(certUri, store, certificateInfo);
278 CM_LOG_D("leave get cert info, result = %d", ret);
279 return ret;
280 }
281
CmSetUserCertStatus(const struct CmBlob * certUri,uint32_t store,const bool status)282 CM_API_EXPORT int32_t CmSetUserCertStatus(const struct CmBlob *certUri, uint32_t store, const bool status)
283 {
284 CM_LOG_D("enter set cert status");
285 if (certUri == NULL) {
286 return CMR_ERROR_NULL_POINTER;
287 }
288
289 uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status
290
291 int32_t ret = CmClientSetUserCertStatus(certUri, store, uStatus);
292 CM_LOG_D("leave set cert status, result = %d", ret);
293 return ret;
294 }
295
CmInstallUserTrustedCert(const struct CmBlob * userCert,const struct CmBlob * certAlias,struct CmBlob * certUri)296 CM_API_EXPORT int32_t CmInstallUserTrustedCert(const struct CmBlob *userCert, const struct CmBlob *certAlias,
297 struct CmBlob *certUri)
298 {
299 CM_LOG_D("enter install user trusted cert");
300 if ((userCert == NULL) || (certAlias == NULL) || (certUri == NULL)) {
301 return CMR_ERROR_INVALID_ARGUMENT;
302 }
303
304 uint32_t userId = INIT_INVALID_VALUE;
305 bool status = true;
306 int32_t ret = CmInstallUserCACert(userCert, certAlias, userId, status, certUri);
307 CM_LOG_D("leave install user trusted cert, result = %d", ret);
308 return ret;
309 }
310
CmUninstallUserTrustedCert(const struct CmBlob * certUri)311 CM_API_EXPORT int32_t CmUninstallUserTrustedCert(const struct CmBlob *certUri)
312 {
313 CM_LOG_D("enter uninstall user trusted cert");
314 if (certUri == NULL) {
315 return CMR_ERROR_INVALID_ARGUMENT;
316 }
317
318 int32_t ret = CmClientUninstallUserTrustedCert(certUri);
319 CM_LOG_D("leave uninstall user trusted cert, result = %d", ret);
320 return ret;
321 }
322
CmUninstallAllUserTrustedCert(void)323 CM_API_EXPORT int32_t CmUninstallAllUserTrustedCert(void)
324 {
325 CM_LOG_D("enter uninstall all user trusted cert");
326
327 int32_t ret = CmClientUninstallAllUserTrustedCert();
328 CM_LOG_D("leave uninstall all user trusted cert, result = %d", ret);
329 return ret;
330 }
331
CmInstallSystemAppCert(const struct CmAppCertParam * certParam,struct CmBlob * keyUri)332 CM_API_EXPORT int32_t CmInstallSystemAppCert(const struct CmAppCertParam *certParam, struct CmBlob *keyUri)
333 {
334 CM_LOG_D("enter install system app certificate");
335 if ((certParam == NULL) || (certParam->appCert == NULL) || (certParam->appCertPwd == NULL) ||
336 (certParam->certAlias == NULL) || (keyUri == NULL) || (keyUri->data == NULL) ||
337 (certParam->store != CM_SYS_CREDENTIAL_STORE) || (certParam->userId == 0) ||
338 (certParam->userId == INIT_INVALID_VALUE)) {
339 return CMR_ERROR_INVALID_ARGUMENT;
340 }
341
342 int32_t ret = CmClientInstallSystemAppCert(certParam, keyUri);
343 CM_LOG_D("leave install system app certificate, result = %d", ret);
344 return ret;
345 }
346
CmInstallUserCACert(const struct CmBlob * userCert,const struct CmBlob * certAlias,const uint32_t userId,const bool status,struct CmBlob * certUri)347 CM_API_EXPORT int32_t CmInstallUserCACert(const struct CmBlob *userCert,
348 const struct CmBlob *certAlias, const uint32_t userId, const bool status, struct CmBlob *certUri)
349 {
350 CM_LOG_D("enter install user ca cert");
351 if ((userCert == NULL) || (certAlias == NULL) || (certUri == NULL)) {
352 return CMR_ERROR_INVALID_ARGUMENT;
353 }
354
355 bool isAdvSecMode = false;
356 int32_t ret = CheckAdvSecMode(&isAdvSecMode);
357 if (ret != CM_SUCCESS) {
358 return ret;
359 }
360 if (isAdvSecMode) {
361 CM_LOG_E("InstallUserTrustedCert: the device enters advanced security mode");
362 return CMR_ERROR_DEVICE_ENTER_ADVSECMODE;
363 }
364
365 uint32_t uStatus = status ? 0 : 1; // 0 indicates the certificate enabled status
366 ret = CmClientInstallUserTrustedCert(userCert, certAlias, userId, uStatus, certUri);
367 CM_LOG_D("leave install user ca cert, result = %d", ret);
368 return ret;
369 }
370