1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_core_service_key_operate_one_stage.h"
23
24 #include <stdbool.h>
25 #include <stddef.h>
26
27 #include "hks_ability.h"
28 #include "dcm_attest.h"
29 #include "hks_auth.h"
30 #include "hks_base_check.h"
31 #include "hks_check_paramset.h"
32 #include "hks_chipset_platform_decrypt.h"
33 #include "hks_client_service_adapter_common.h"
34 #include "hks_cmd_id.h"
35 #include "hks_common_check.h"
36 #include "hks_core_service_three_stage.h"
37 #include "hks_crypto_adapter.h"
38 #include "hks_crypto_hal.h"
39 #include "hks_log.h"
40 #include "hks_mem.h"
41 #include "hks_param.h"
42 #include "hks_secure_access.h"
43 #include "hks_sm_import_wrap_key.h"
44 #include "hks_template.h"
45 #include "hks_type_inner.h"
46 #include "hks_util.h"
47
48 #ifdef HKS_ENABLE_UPGRADE_KEY
49 #include "hks_upgrade_key.h"
50 #endif
51
52 #include "securec.h"
53
54 #ifndef _HARDWARE_ROOT_KEY_
55 #include "hks_rkc.h"
56 #endif
57
58 #ifndef _CUT_AUTHENTICATE_
59
CipherAuth(const struct HksKeyNode * keyNode,const struct HksParamSet * paramSet)60 static int32_t CipherAuth(const struct HksKeyNode *keyNode, const struct HksParamSet *paramSet)
61 {
62 struct HksParam *algParam = NULL;
63 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
64 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append cipher get alg param failed!")
65
66 if ((algParam->uint32Param == HKS_ALG_AES) || (algParam->uint32Param == HKS_ALG_SM4)) {
67 return HksAuth(HKS_AUTH_ID_SYM_CIPHER, keyNode, paramSet);
68 } else if ((algParam->uint32Param == HKS_ALG_RSA) || (algParam->uint32Param == HKS_ALG_SM2)) {
69 return HksAuth(HKS_AUTH_ID_ASYM_CIPHER, keyNode, paramSet);
70 } else {
71 return HKS_ERROR_INVALID_ALGORITHM;
72 }
73 }
74
SignVerifyAuth(const struct HksKeyNode * keyNode,const struct HksParamSet * paramSet)75 static int32_t SignVerifyAuth(const struct HksKeyNode *keyNode, const struct HksParamSet *paramSet)
76 {
77 struct HksParam *algParam = NULL;
78 int32_t ret = HksGetParam(paramSet, HKS_TAG_ALGORITHM, &algParam);
79 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append cipher get alg param failed!")
80
81 if (algParam->uint32Param == HKS_ALG_RSA) {
82 struct HksParam *padding = NULL;
83 ret = HksGetParam(paramSet, HKS_TAG_PADDING, &padding);
84 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "append sign/verify get padding param failed!")
85 if (padding->uint32Param == HKS_PADDING_PSS) {
86 ret = HksCheckKeyBlobParamSetEqualRuntimeParamSet(keyNode->paramSet,
87 paramSet, HKS_TAG_RSA_PSS_SALT_LEN_TYPE);
88 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksCheckKeyBlobParamSetEqualRuntimeParamSet failed!")
89 }
90 return HksAuth(HKS_AUTH_ID_SIGN_VERIFY_RSA, keyNode, paramSet);
91 } else if (algParam->uint32Param == HKS_ALG_ECC) {
92 return HksAuth(HKS_AUTH_ID_SIGN_VERIFY_ECC, keyNode, paramSet);
93 } else if (algParam->uint32Param == HKS_ALG_DSA) {
94 return HKS_SUCCESS;
95 } else if (algParam->uint32Param == HKS_ALG_ED25519) {
96 return HksAuth(HKS_AUTH_ID_SIGN_VERIFY_ED25519, keyNode, paramSet);
97 } else {
98 return HKS_ERROR_INVALID_ALGORITHM;
99 }
100 }
101
GetSignVerifyMessage(const struct HksParamSet * nodeParamSet,const struct HksBlob * srcData,struct HksBlob * message,bool * needFree,const struct HksParamSet * paramSet)102 static int32_t GetSignVerifyMessage(const struct HksParamSet *nodeParamSet, const struct HksBlob *srcData,
103 struct HksBlob *message, bool *needFree, const struct HksParamSet *paramSet)
104 {
105 struct HksParam *algParam = NULL;
106 int32_t ret = HksGetParam(nodeParamSet, HKS_TAG_ALGORITHM, &algParam);
107 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_CHECK_GET_ALG_FAIL, "get param get 0x%" LOG_PUBLIC "x failed",
108 HKS_TAG_ALGORITHM)
109 struct HksParam *digestParam = NULL;
110 ret = HksGetParam(nodeParamSet, HKS_TAG_DIGEST, &digestParam);
111 if (ret == HKS_ERROR_INVALID_ARGUMENT) {
112 HKS_LOG_E("SignVerify get digestParam failed!");
113 return HKS_ERROR_CHECK_GET_DIGEST_FAIL;
114 }
115 if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
116 HKS_LOG_I("nodeParamSet get digest failed, now get digest from paramSet");
117 ret = HksGetParam(paramSet, HKS_TAG_DIGEST, &digestParam);
118 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_CHECK_GET_DIGEST_FAIL, "SignVerify get digestParam failed!");
119 }
120
121 if (HksCheckNeedCache(algParam->uint32Param, digestParam->uint32Param) == HKS_SUCCESS) {
122 message->size = srcData->size;
123 message->data = srcData->data;
124 *needFree = false;
125 } else {
126 message->size = MAX_HASH_SIZE;
127 message->data = (uint8_t *)HksMalloc(MAX_HASH_SIZE);
128 if (message->data == NULL) {
129 HKS_LOG_E("SignVerify malloc message data failed!");
130 return HKS_ERROR_MALLOC_FAIL;
131 }
132
133 ret = HksCryptoHalHash(digestParam->uint32Param, srcData, message);
134 if (ret != HKS_SUCCESS) {
135 HKS_LOG_E("SignVerify calc hash failed!");
136 HKS_FREE(message->data);
137 return ret;
138 }
139
140 *needFree = true;
141 }
142 return HKS_SUCCESS;
143 }
144
SignVerifyPreCheck(const struct HksKeyNode * keyNode,const struct HksParamSet * paramSet)145 static int32_t SignVerifyPreCheck(const struct HksKeyNode *keyNode, const struct HksParamSet *paramSet)
146 {
147 int32_t ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
148 HKS_IF_NOT_SUCC_RETURN(ret, ret)
149
150 return SignVerifyAuth(keyNode, paramSet);
151 }
152
SignVerify(uint32_t cmdId,const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * signature)153 static int32_t SignVerify(uint32_t cmdId, const struct HksBlob *key, const struct HksParamSet *paramSet,
154 const struct HksBlob *srcData, struct HksBlob *signature)
155 {
156 int32_t ret = HksCoreCheckSignVerifyParams(cmdId, key, paramSet, srcData, signature);
157 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
158 "hks failed to check signature or verify params, cmdId:%" LOG_PUBLIC "x, ret:%" LOG_PUBLIC "x!\n", cmdId, ret)
159
160 struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
161 HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
162
163 bool needFree = true;
164 struct HksBlob message = { 0, NULL };
165 do {
166 ret = SignVerifyPreCheck(keyNode, paramSet);
167 HKS_IF_NOT_SUCC_BREAK(ret)
168
169 ret = GetSignVerifyMessage(keyNode->paramSet, srcData, &message, &needFree, paramSet);
170 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "SignVerify calc hash failed!")
171
172 struct HksBlob rawKey = { 0, NULL };
173 ret = HksGetRawKey(keyNode->paramSet, &rawKey);
174 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "SignVerify get raw key failed!")
175
176 struct HksUsageSpec usageSpec = {0};
177 HksFillUsageSpec(paramSet, &usageSpec);
178 SetRsaPssSaltLenType(paramSet, &usageSpec);
179 HKS_LOG_I("Sign or verify.");
180 if (cmdId == HKS_CMD_ID_SIGN) {
181 ret = HksCryptoHalSign(&rawKey, &usageSpec, &message, signature);
182 } else {
183 ret = HksCryptoHalVerify(&rawKey, &usageSpec, &message, signature);
184 }
185 (void)memset_s(rawKey.data, rawKey.size, 0, rawKey.size);
186 HKS_FREE(rawKey.data);
187 }while (0);
188
189 HksFreeKeyNode(&keyNode);
190 if (needFree) {
191 HKS_FREE(message.data);
192 }
193 return ret;
194 }
195
CipherPreCheck(const struct HksKeyNode * keyNode,const struct HksParamSet * paramSet)196 static int32_t CipherPreCheck(const struct HksKeyNode *keyNode, const struct HksParamSet *paramSet)
197 {
198 int32_t ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
199 HKS_IF_NOT_SUCC_RETURN(ret, ret)
200
201 return CipherAuth(keyNode, paramSet);
202 }
203
CipherEncrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksUsageSpec * usageSpec,const struct HksBlob * inData,struct HksBlob * outData)204 static int32_t CipherEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
205 const struct HksUsageSpec *usageSpec, const struct HksBlob *inData, struct HksBlob *outData)
206 {
207 struct HksBlob tag = { 0, NULL };
208 int32_t ret = HksGetEncryptAeTag(paramSet, inData, outData, &tag);
209 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher encrypt get ae tag failed!")
210
211 ret = HksCryptoHalEncrypt(key, usageSpec, inData, outData, &tag);
212 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "cipher encrypt failed!")
213
214 outData->size += tag.size;
215 return HKS_SUCCESS;
216 }
217
Cipher(uint32_t cmdId,const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)218 static int32_t Cipher(uint32_t cmdId, const struct HksBlob *key, const struct HksParamSet *paramSet,
219 const struct HksBlob *inData, struct HksBlob *outData)
220 {
221 int32_t ret = HksCoreCheckCipherParams(cmdId, key, paramSet, inData, outData);
222 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret,
223 "hks core check cipher params failed, cmdId:%" LOG_PUBLIC "x, ret:%" LOG_PUBLIC "x!\n", cmdId, ret)
224
225 struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
226 HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "Cipher generate keynode failed")
227
228 do {
229 ret = CipherPreCheck(keyNode, paramSet);
230 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "cipher pre check failed!")
231
232 struct HksBlob rawKey = { 0, NULL };
233 ret = HksGetRawKey(keyNode->paramSet, &rawKey);
234 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "cipher get raw key failed!")
235
236 struct HksUsageSpec *usageSpec = NULL;
237 bool isEncrypt = (cmdId == HKS_CMD_ID_ENCRYPT);
238 struct HksBlob tmpInData = { inData->size, inData->data };
239 ret = HksBuildCipherUsageSpec(paramSet, isEncrypt, &tmpInData, &usageSpec);
240 if (ret != HKS_SUCCESS) {
241 HKS_LOG_E("build cipher usageSpec failed!");
242 (void)memset_s(rawKey.data, rawKey.size, 0, rawKey.size);
243 HKS_FREE(rawKey.data);
244 break;
245 }
246
247 if (cmdId == HKS_CMD_ID_ENCRYPT) {
248 ret = CipherEncrypt(&rawKey, paramSet, usageSpec, &tmpInData, outData);
249 } else {
250 ret = HksCryptoHalDecrypt(&rawKey, usageSpec, &tmpInData, outData);
251 }
252 (void)memset_s(rawKey.data, rawKey.size, 0, rawKey.size);
253 HKS_FREE(rawKey.data);
254
255 HksFreeUsageSpec(&usageSpec);
256 HKS_IF_NOT_SUCC_LOGE(ret, "cipher[%" LOG_PUBLIC "x] failed!", cmdId)
257 }while (0);
258
259 HksFreeKeyNode(&keyNode);
260 return ret;
261 }
262
HksCoreSign(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * signature)263 int32_t HksCoreSign(const struct HksBlob *key, const struct HksParamSet *paramSet,
264 const struct HksBlob *srcData, struct HksBlob *signature)
265 {
266 return SignVerify(HKS_CMD_ID_SIGN, key, paramSet, srcData, signature);
267 }
268
HksCoreVerify(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,const struct HksBlob * signature)269 int32_t HksCoreVerify(const struct HksBlob *key, const struct HksParamSet *paramSet,
270 const struct HksBlob *srcData, const struct HksBlob *signature)
271 {
272 return SignVerify(HKS_CMD_ID_VERIFY, key, paramSet, srcData, (struct HksBlob *)signature);
273 }
274
HksCoreEncrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * plainText,struct HksBlob * cipherText)275 int32_t HksCoreEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
276 const struct HksBlob *plainText, struct HksBlob *cipherText)
277 {
278 return Cipher(HKS_CMD_ID_ENCRYPT, key, paramSet, plainText, cipherText);
279 }
280
HksCoreDecrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * cipherText,struct HksBlob * plainText)281 int32_t HksCoreDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
282 const struct HksBlob *cipherText, struct HksBlob *plainText)
283 {
284 return Cipher(HKS_CMD_ID_DECRYPT, key, paramSet, cipherText, plainText);
285 }
286
HksCheckKeyValidity(const struct HksParamSet * paramSet,const struct HksBlob * key)287 static int32_t HksCheckKeyValidity(const struct HksParamSet *paramSet, const struct HksBlob *key)
288 {
289 struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
290 HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "check key legality failed")
291
292 int32_t ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
293
294 HksFreeKeyNode(&keyNode);
295 return ret;
296 }
297
HksCoreGetKeyProperties(const struct HksParamSet * paramSet,const struct HksBlob * key)298 int32_t HksCoreGetKeyProperties(const struct HksParamSet *paramSet, const struct HksBlob *key)
299 {
300 return HksCheckKeyValidity(paramSet, key);
301 }
302
HksCoreExportPublicKey(const struct HksBlob * key,const struct HksParamSet * paramSet,struct HksBlob * keyOut)303 int32_t HksCoreExportPublicKey(const struct HksBlob *key,
304 const struct HksParamSet *paramSet, struct HksBlob *keyOut)
305 {
306 (void)paramSet;
307 if (CheckBlob(key) != HKS_SUCCESS || CheckBlob(keyOut) != HKS_SUCCESS) {
308 HKS_LOG_E("input param invalid");
309 return HKS_ERROR_INVALID_ARGUMENT;
310 }
311
312 struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
313 HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
314
315 int32_t ret;
316 do {
317 ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
318 HKS_IF_NOT_SUCC_BREAK(ret)
319
320 struct HksBlob rawKey = { 0, NULL };
321 ret = HksGetRawKey(keyNode->paramSet, &rawKey);
322 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get raw key when exporting public key failed!")
323
324 ret = HksCryptoHalGetPubKey(&rawKey, keyOut);
325 (void)memset_s(rawKey.data, rawKey.size, 0, rawKey.size);
326 HKS_FREE(rawKey.data);
327 } while (0);
328
329 HksFreeKeyNode(&keyNode);
330 return ret;
331 }
332
HksCoreAgreeKey(const struct HksParamSet * paramSet,const struct HksBlob * privateKey,const struct HksBlob * peerPublicKey,struct HksBlob * agreedKey)333 int32_t HksCoreAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey,
334 const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey)
335 {
336 int32_t ret = HksCoreCheckAgreeKeyParams(paramSet, privateKey, peerPublicKey, agreedKey, false);
337 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check agreeKey params failed")
338
339 struct HksKeyNode *privateKeyNode = HksGenerateKeyNode(privateKey);
340 HKS_IF_NULL_LOGE_RETURN(privateKeyNode, HKS_ERROR_CORRUPT_FILE, "agree key generate keynode failed")
341
342 do {
343 ret = HksProcessIdentityVerify(privateKeyNode->paramSet, paramSet);
344 HKS_IF_NOT_SUCC_BREAK(ret)
345
346 bool isSupportUserAuth = false;
347 ret = HksCheckKeybBlobIsSupportUserAuth(privateKeyNode->paramSet, &isSupportUserAuth);
348 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckKeybBlobIsSupportUserAuth failed");
349
350 if (isSupportUserAuth) {
351 ret = HKS_ERROR_NOT_SUPPORTED;
352 HKS_LOG_E("key should do user auth, but one stage api do not support user auth operation");
353 break;
354 }
355
356 struct HksBlob key = { 0, NULL };
357 ret = HksGetRawKey(privateKeyNode->paramSet, &key);
358 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get raw key when agreeing key failed!")
359
360 struct HksKeySpec agreeSpec = { 0 };
361 HksFillKeySpec(paramSet, &agreeSpec);
362
363 ret = HksCryptoHalAgreeKey(&key, peerPublicKey, &agreeSpec, agreedKey);
364 (void)memset_s(key.data, key.size, 0, key.size);
365 HKS_FREE(key.data);
366 } while (0);
367
368 HksFreeKeyNode(&privateKeyNode);
369 return ret;
370 }
371
HksCoreDeriveKey(const struct HksParamSet * paramSet,const struct HksBlob * mainKey,struct HksBlob * derivedKey)372 int32_t HksCoreDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey, struct HksBlob *derivedKey)
373 {
374 int32_t ret = HksCoreCheckDeriveKeyParams(paramSet, mainKey, derivedKey, false);
375 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check deriveKey params failed")
376
377 struct HksKeyNode *keyNode = HksGenerateKeyNode(mainKey);
378 HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
379
380 do {
381 ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
382 HKS_IF_NOT_SUCC_BREAK(ret)
383
384 ret = HksAuth(HKS_AUTH_ID_DERIVE, keyNode, paramSet);
385 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "derive auth failed!")
386
387 struct HksBlob key = { 0, NULL };
388 ret = HksGetRawKey(keyNode->paramSet, &key);
389 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "derive get raw key failed!")
390
391 struct HksKeyDerivationParam derParam = { { 0, NULL }, { 0, NULL }, 0, 0 };
392 struct HksKeySpec derivationSpec = { 0, 0, &derParam };
393 HksFillKeySpec(paramSet, &derivationSpec);
394 HksFillKeyDerivationParam(paramSet, &derParam);
395
396 ret = HksCryptoHalDeriveKey(&key, &derivationSpec, derivedKey);
397 (void)memset_s(key.data, key.size, 0, key.size);
398 HKS_FREE(key.data);
399 } while (0);
400
401 HksFreeKeyNode(&keyNode);
402 return ret;
403 }
404
HksCoreMac(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * mac)405 int32_t HksCoreMac(const struct HksBlob *key, const struct HksParamSet *paramSet, const struct HksBlob *srcData,
406 struct HksBlob *mac)
407 {
408 int32_t ret = HksCoreCheckMacParams(key, paramSet, srcData, mac, false);
409 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check mac params failed")
410
411 struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
412 HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "mac generate keynode failed")
413
414 do {
415 ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
416 HKS_IF_NOT_SUCC_BREAK(ret)
417
418 ret = HksAuth(HKS_AUTH_ID_MAC_HMAC, keyNode, paramSet);
419 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "mac auth failed!")
420
421 struct HksParam *digestParam = NULL;
422 ret = HksGetParam(paramSet, HKS_TAG_DIGEST, &digestParam);
423 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "mac get HKS_TAG_DIGEST param failed!")
424
425 struct HksBlob rawKey = { 0, NULL };
426 ret = HksGetRawKey(keyNode->paramSet, &rawKey);
427 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "mac get raw key failed!")
428
429 ret = HksCryptoHalHmac(&rawKey, digestParam->uint32Param, srcData, mac);
430 (void)memset_s(rawKey.data, rawKey.size, 0, rawKey.size);
431 HKS_FREE(rawKey.data);
432 } while (0);
433
434 HksFreeKeyNode(&keyNode);
435 return ret;
436 }
437
438 #ifdef HKS_ENABLE_UPGRADE_KEY
HksCoreUpgradeKey(const struct HksBlob * oldKey,const struct HksParamSet * paramSet,struct HksBlob * newKey)439 int32_t HksCoreUpgradeKey(const struct HksBlob *oldKey, const struct HksParamSet *paramSet, struct HksBlob *newKey)
440 {
441 return HksUpgradeKey(oldKey, paramSet, newKey);
442 }
443
444 #else
HksCoreUpgradeKey(const struct HksBlob * oldKey,const struct HksParamSet * paramSet,struct HksBlob * newKey)445 int32_t HksCoreUpgradeKey(const struct HksBlob *oldKey, const struct HksParamSet *paramSet, struct HksBlob *newKey)
446 {
447 (void)oldKey;
448 (void)paramSet;
449 (void)newKey;
450 return HKS_ERROR_NOT_SUPPORTED;
451 }
452 #endif
453
454 #endif /* _CUT_AUTHENTICATE_ */