1 /*
2  * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef HKS_BASE_CHECK_H
17 #define HKS_BASE_CHECK_H
18 
19 #include "hks_param.h"
20 #include "hks_type_inner.h"
21 
22 enum CheckKeyType {
23     HKS_CHECK_TYPE_GEN_KEY,
24     HKS_CHECK_TYPE_USE_KEY,
25     HKS_CHECK_TYPE_GEN_MAC_KEY,
26     HKS_CHECK_TYPE_GEN_DERIVE_KEY,
27 };
28 
29 struct Params {
30     bool needCheck;
31     uint32_t value;
32     bool isAbsent;
33 };
34 
35 struct ParamsValues {
36     struct Params keyLen;
37     struct Params padding;
38     struct Params purpose;
39     struct Params digest;
40     struct Params mode;
41 };
42 
43 struct ParamsValuesChecker {
44     enum CheckKeyType checkType;
45     struct ParamsValues paramValues;
46 };
47 
48 struct ExpectParams {
49     bool needCheck;
50     const uint32_t *values;
51     uint32_t valueCnt;
52 };
53 
54 struct ExpectParamsValues {
55     const struct ExpectParams keyLen;
56     const struct ExpectParams padding;
57     const struct ExpectParams purpose;
58     const struct ExpectParams digest;
59     const struct ExpectParams mode;
60 };
61 #define EXPECT_PARAMS_VALUES_INIT {{0}, {0}, {0}, {0}, {0}}
62 
63 struct ExpectParamsValuesChecker {
64     enum CheckKeyType checkType;
65     const struct ExpectParamsValues paramValues;
66 };
67 
68 struct AuthAccessTypeChecker {
69     enum HksUserAuthType userAuthType;
70     const struct ExpectParams allowAuthAccessTypes;
71 };
72 
73 struct KeyInfoParams {
74     bool needCheck;
75     enum HksTag tag;
76     const uint32_t *values;
77     uint32_t valueCnt;
78 };
79 
80 struct AuthAcceessKeyInfoChecker {
81     enum HksKeyAlg keyAlg;
82     const struct KeyInfoParams *params;
83     uint32_t paramsCnt;
84 };
85 
86 #define HKS_ROOT_USER_UPPERBOUND 100
87 
88 #ifdef __cplusplus
89 extern "C" {
90 #endif
91 
92 int32_t HksCheckValue(uint32_t inputValue, const uint32_t *expectValues, uint32_t valuesCount);
93 
94 int32_t HksGetKeySize(uint32_t alg, const struct HksBlob *key, uint32_t *keySize);
95 
96 int32_t HksCheckGenKeyPurpose(uint32_t alg, uint32_t inputPurpose, uint32_t keyFlag);
97 
98 int32_t HksGetInputParmasByAlg(uint32_t alg, enum CheckKeyType checkType, const struct HksParamSet *paramSet,
99     struct ParamsValues *inputParams);
100 
101 int32_t HksCheckFixedParams(uint32_t alg, enum CheckKeyType checkType, const struct ParamsValues *inputParams);
102 
103 int32_t HksCheckGenKeyMutableParams(uint32_t alg, const struct ParamsValues *inputParams);
104 
105 int32_t CheckImportMutableParams(uint32_t alg, const struct ParamsValues *params);
106 
107 int32_t HksCheckSignature(uint32_t cmdId, uint32_t alg, uint32_t keySize, const struct HksBlob *signature);
108 
109 int32_t HksCheckSignVerifyMutableParams(uint32_t cmdId, uint32_t alg, const struct ParamsValues *inputParams);
110 
111 int32_t HksCheckCipherMutableParams(uint32_t cmdId, uint32_t alg, const struct ParamsValues *inputParams);
112 
113 int32_t HksCheckCipherData(uint32_t cmdId, uint32_t alg, const struct ParamsValues *inputParams,
114     const struct HksBlob *inData, const struct HksBlob *outData);
115 
116 int32_t HksCheckCipherMaterialParams(uint32_t alg, const struct ParamsValues *inputParams,
117     const struct HksParamSet *paramSet);
118 
119 int32_t HksCheckUserAuthParams(uint32_t userAuthType, uint32_t authAccessType, uint32_t challengeType);
120 
121 int32_t HksCheckSecureSignParams(uint32_t secureSignType);
122 
123 int32_t GetInputParams(const struct HksParamSet *paramSet, struct ParamsValues *inputParams);
124 
125 int32_t HksCheckOptionalParam(uint32_t tag, uint32_t alg, uint32_t purpose, bool isAbsent, struct HksParam *param);
126 
127 int32_t HksCheckNeedCache(uint32_t alg, uint32_t digest);
128 
129 int32_t HksCheckUserAuthKeyInfoValidity(const struct HksParamSet *paramSet);
130 
HksAttestIsAnonymous(const struct HksParamSet * paramSet)131 inline bool HksAttestIsAnonymous(const struct HksParamSet *paramSet)
132 {
133     struct HksParam *attestParam = NULL;
134     if (HksGetParam(paramSet, HKS_TAG_ATTESTATION_MODE, &attestParam) == HKS_SUCCESS) {
135         return attestParam->uint32Param == HKS_ATTESTATION_MODE_ANONYMOUS;
136     }
137     return false;
138 }
139 
140 #ifdef __cplusplus
141 }
142 #endif
143 
144 #endif /* HKS_BASE_CHECK_H */
145 
146