1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @file hks_type.h
18  *
19  * @brief Declares huks type.
20  *
21  * @since 8
22  */
23 
24 #ifndef HKS_TYPE_H
25 #define HKS_TYPE_H
26 
27 #include "hks_type_enum.h"
28 
29 #include <stdbool.h>
30 #include <stdint.h>
31 #include <stdlib.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 #ifndef HKS_API_PUBLIC
38     #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */
39         #define HKS_API_EXPORT
40     #else
41         #define HKS_API_EXPORT __attribute__ ((visibility("default")))
42     #endif
43 #else
44     #define HKS_API_EXPORT __attribute__ ((visibility("default")))
45 #endif
46 
47 #define HKS_SDK_VERSION "2.0.0.4"
48 
49 /*
50  * Align to 4-tuple
51  * Before calling this function, ensure that the size does not overflow after 3 is added.
52  */
53 #define ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2)
54 #define DEFAULT_ALIGN_MASK_SIZE 3
55 
56 #define HKS_AE_TAG_LEN 16
57 #define HKS_BITS_PER_BYTE 8
58 #define MAX_KEY_SIZE 2048
59 #define HKS_AE_TAG_LEN 16
60 #define HKS_AE_NONCE_LEN 12
61 #define HKS_MAX_KEY_ALIAS_LEN 128
62 #define HKS_MAX_PROCESS_NAME_LEN 50
63 #define HKS_MAX_RANDOM_LEN 1024
64 #define HKS_KEY_BYTES(keySize) (((keySize) + HKS_BITS_PER_BYTE - 1) / HKS_BITS_PER_BYTE)
65 #define HKS_SIGNATURE_MIN_SIZE 64
66 #define HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
67 #define MAX_OUT_BLOB_SIZE (5 * 1024 * 1024)
68 #define HKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024)
69 #define HKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10
70 
71 #define TOKEN_CHALLENGE_LEN 32
72 #define UDID_LEN 64
73 #define SHA256_SIGN_LEN 32
74 #define TOKEN_SIZE 32
75 #define MAX_AUTH_TIMEOUT_SECOND 600
76 #define SECURE_SIGN_VERSION 0x01000001
77 
78 #define HKS_CERT_COUNT 4
79 #define HKS_CERT_ROOT_SIZE 2048
80 #define HKS_CERT_CA_SIZE 2048
81 #define HKS_CERT_DEVICE_SIZE 2048
82 #define HKS_CERT_APP_SIZE 4096
83 
84 #define HKS_MAX_FILE_SIZE 10240
85 
86 #define HKS_KEY_BLOB_AT_KEY_SIZE 256
87 #define HKS_KEY_BLOB_AT_KEY_BYTES 32
88 
89 #define HKS_MAX_KEY_ALIAS_COUNT 2048
90 
91 /**
92  * @brief hks blob
93  */
94 struct HksBlob {
95     uint32_t size;
96     uint8_t *data;
97 };
98 
99 /**
100  * @brief hks param
101  */
102 struct HksParam {
103     uint32_t tag;
104     union {
105         bool boolParam;
106         int32_t int32Param;
107         uint32_t uint32Param;
108         uint64_t uint64Param;
109         struct HksBlob blob;
110     };
111 };
112 
113 /**
114  * @brief hks param set
115  */
116 struct HksParamSet {
117     uint32_t paramSetSize;
118     uint32_t paramsCnt;
119     struct HksParam params[];
120 };
121 
122 /**
123  * @brief hks certificate chain
124  */
125 struct HksCertChain {
126     struct HksBlob *certs;
127     uint32_t certsCount;
128 };
129 
130 /**
131  * @brief hks key info
132  */
133 struct HksKeyInfo {
134     struct HksBlob alias;
135     struct HksParamSet *paramSet;
136 };
137 
138 /**
139  * @brief hks public key info
140  */
141 struct HksPubKeyInfo {
142     enum HksKeyAlg keyAlg;
143     uint32_t keySize;
144     uint32_t nOrXSize;
145     uint32_t eOrYSize;
146     uint32_t placeHolder;
147 };
148 
149 /**
150  * @brief hks rsa key material
151  */
152 struct HksKeyMaterialRsa {
153     enum HksKeyAlg keyAlg;
154     uint32_t keySize;
155     uint32_t nSize;
156     uint32_t eSize;
157     uint32_t dSize;
158 };
159 
160 /**
161  * @brief hks ecc key material
162  */
163 struct HksKeyMaterialEcc {
164     enum HksKeyAlg keyAlg;
165     uint32_t keySize;
166     uint32_t xSize;
167     uint32_t ySize;
168     uint32_t zSize;
169 };
170 
171 /**
172  * @brief hks dsa key material
173  */
174 struct HksKeyMaterialDsa {
175     enum HksKeyAlg keyAlg;
176     uint32_t keySize;
177     uint32_t xSize;
178     uint32_t ySize;
179     uint32_t pSize;
180     uint32_t qSize;
181     uint32_t gSize;
182 };
183 
184 /**
185  * @brief hks dh key material
186  */
187 struct HksKeyMaterialDh {
188     enum HksKeyAlg keyAlg;
189     uint32_t keySize;
190     uint32_t pubKeySize;
191     uint32_t priKeySize;
192     uint32_t reserved;
193 };
194 
195 /**
196  * @brief hks 25519 key material
197  */
198 struct HksKeyMaterial25519 {
199     enum HksKeyAlg keyAlg;
200     uint32_t keySize;
201     uint32_t pubKeySize;
202     uint32_t priKeySize;
203     uint32_t reserved;
204 };
205 
206 /**
207  * @brief hks user auth token plaintext data
208  * @see `TokenDataPlain` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
209  */
210 typedef struct HksPlaintextData {
211     uint8_t challenge[TOKEN_SIZE];
212     uint64_t time;
213     uint32_t authTrustLevel;
214     uint32_t authType;
215     uint32_t authMode;
216     uint32_t securityLevel;
217     /**
218      * @see `enum TokenType` in `drivers/peripheral/user_auth/hdi_service/common/inc/defines.h`
219      */
220     uint32_t tokenType;
221 } __attribute__((__packed__)) HksPlaintextData;
222 
223 /**
224  * @brief hks user auth token ciphertext data
225  * @see `TokenDataToEncrypt` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
226  */
227 typedef struct HksCiphertextData {
228     int32_t userId;
229     uint64_t secureUid;
230     uint64_t enrolledId;
231     uint64_t credentialId;
232     uint8_t collectorUdid[UDID_LEN];
233     uint8_t verifierUdid[UDID_LEN];
234 } __attribute__((__packed__)) HksCiphertextData;
235 
236 /**
237  * @brief hks user auth token
238  * @see `UserAuthTokenHal` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
239  */
240 typedef struct __attribute__((__packed__)) HksUserAuthToken {
241     uint32_t version;
242     HksPlaintextData plaintextData;
243     HksCiphertextData ciphertextData;
244     uint8_t tag[HKS_AE_TAG_LEN];
245     uint8_t iv[HKS_AE_NONCE_LEN];
246     uint8_t sign[SHA256_SIGN_LEN];
247 } __attribute__((__packed__)) HksUserAuthToken;
248 
249 /**
250  * @brief hks user auth token key
251  */
252 struct HksAuthTokenKey {
253     uint8_t macKey[HKS_KEY_BLOB_AT_KEY_BYTES];
254     uint8_t cipherKey[HKS_KEY_BLOB_AT_KEY_BYTES];
255 };
256 
257 /**
258  * @brief hks secure sign auth info
259  */
260 typedef struct __attribute__((__packed__)) HksSecureSignAuthInfo {
261     uint32_t userAuthType;
262     uint64_t authenticatorId;
263     uint64_t credentialId;
264 } __attribute__((__packed__)) HksSecureSignAuthInfo;
265 
266 struct EnrolledInfoWrap {
267     enum HksUserAuthType authType;
268     uint64_t enrolledId;
269 };
270 
271 struct SecInfoWrap {
272     uint64_t secureUid;
273     uint32_t enrolledInfoLen;
274     struct EnrolledInfoWrap *enrolledInfo;
275 };
276 
277 /**
278  * @brief hks alias set
279  */
280 struct HksKeyAliasSet {
281     uint32_t aliasesCnt;
282     struct HksBlob *aliases;
283 };
284 
285 
286 #define HKS_DERIVE_DEFAULT_SALT_LEN 16
287 #define HKS_HMAC_DIGEST_SHA512_LEN 64
288 #define HKS_DEFAULT_RANDOM_LEN 16
289 #define HKS_MAX_KEY_AUTH_ID_LEN 64
290 #define HKS_KEY_MATERIAL_NUM 3
291 #define HKS_MAX_KEY_LEN (HKS_KEY_BYTES(HKS_RSA_KEY_SIZE_4096) * HKS_KEY_MATERIAL_NUM)
292 #define HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct HksPubKeyInfo) + HKS_MAX_KEY_LEN + HKS_AE_TAG_LEN)
293 
294 /**
295  * @brief hks store header info
296  */
297 struct HksStoreHeaderInfo {
298     uint16_t version;
299     uint16_t keyCount;
300     uint32_t totalLen; /* key buffer total len */
301     uint32_t sealingAlg;
302     uint8_t salt[HKS_DERIVE_DEFAULT_SALT_LEN];
303     uint8_t hmac[HKS_HMAC_DIGEST_SHA512_LEN];
304 };
305 
306 /**
307  * @brief hks store key info
308  */
309 struct HksStoreKeyInfo {
310     uint16_t keyInfoLen; /* current keyinfo len */
311     uint16_t keySize;    /* keySize of key from crypto hal after encrypted */
312     uint8_t random[HKS_DEFAULT_RANDOM_LEN];
313     uint8_t flag;        /* import or generate key */
314     uint8_t keyAlg;
315     uint8_t keyMode;
316     uint8_t digest;
317     uint8_t padding;
318     uint8_t rsv;
319     uint16_t keyLen;     /* keyLen from paramset, e.g. aes-256 */
320     uint32_t purpose;
321     uint32_t role;
322     uint16_t domain;
323     uint8_t aliasSize;
324     uint8_t authIdSize;
325 };
326 
327 /**
328  * @brief hks 25519 key pair
329  */
330 struct Hks25519KeyPair {
331     uint32_t publicBufferSize;
332     uint32_t privateBufferSize;
333 };
334 
IsAdditionOverflow(uint32_t a,uint32_t b)335 static inline bool IsAdditionOverflow(uint32_t a, uint32_t b)
336 {
337     return (UINT32_MAX - a) < b;
338 }
339 
IsInvalidLength(uint32_t length)340 static inline bool IsInvalidLength(uint32_t length)
341 {
342     return (length == 0) || (length > MAX_OUT_BLOB_SIZE);
343 }
344 
CheckBlob(const struct HksBlob * blob)345 static inline int32_t CheckBlob(const struct HksBlob *blob)
346 {
347     if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) {
348         return HKS_ERROR_INVALID_ARGUMENT;
349     }
350     return HKS_SUCCESS;
351 }
352 
353 #ifdef __cplusplus
354 }
355 #endif
356 
357 #endif /* HKS_TYPE_H */
358