1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_type_enum.h"
17 #ifdef HKS_CONFIG_FILE
18 #include HKS_CONFIG_FILE
19 #else
20 #include "hks_config.h"
21 #endif
22
23 #include "hks_api.h"
24
25 #include <inttypes.h>
26 #include <stddef.h>
27 #include <string.h>
28
29 #include "hks_api_adapter.h"
30
31 #include "hks_client_ipc.h"
32 #include "hks_local_engine.h"
33 #include "hks_ability.h"
34 #include "hks_log.h"
35 #include "hks_mem.h"
36 #include "hks_param.h"
37 #include "hks_template.h"
38 #include "hks_type.h"
39 #include "hks_util.h"
40
41 #include "securec.h"
42
43 #ifdef HKS_SUPPORT_API_ATTEST_KEY
44 #include "hks_verifier.h"
45 #endif
46
47 #ifdef _CUT_AUTHENTICATE_
48 #undef HKS_SUPPORT_API_GENERATE_KEY
49 #undef HKS_SUPPORT_API_IMPORT
50 #undef HKS_SUPPORT_API_EXPORT
51 #undef HKS_SUPPORT_API_DELETE_KEY
52 #undef HKS_SUPPORT_API_GET_KEY_PARAM_SET
53 #undef HKS_SUPPORT_API_KEY_EXIST
54 #undef HKS_SUPPORT_API_SIGN_VERIFY
55 #undef HKS_SUPPORT_API_SIGN_VERIFY
56 #undef HKS_SUPPORT_API_AGREE_KEY
57 #undef HKS_SUPPORT_API_HASH
58 #undef HKS_SUPPORT_API_GET_KEY_INFO_LIST
59 #undef HKS_SUPPORT_API_ATTEST_KEY
60 #undef HKS_SUPPORT_API_GET_CERTIFICATE_CHAIN
61 #endif
62
HksGetSdkVersion(struct HksBlob * sdkVersion)63 HKS_API_EXPORT int32_t HksGetSdkVersion(struct HksBlob *sdkVersion)
64 {
65 if ((sdkVersion == NULL) || (sdkVersion->data == NULL)) {
66 return HKS_ERROR_NULL_POINTER;
67 }
68
69 uint32_t versionLen = strlen(HKS_SDK_VERSION);
70 if (sdkVersion->size < (versionLen + 1)) {
71 return HKS_ERROR_INVALID_ARGUMENT;
72 }
73
74 (void)memcpy_s(sdkVersion->data, sdkVersion->size, HKS_SDK_VERSION, versionLen);
75
76 sdkVersion->data[versionLen] = '\0';
77 sdkVersion->size = versionLen;
78 return HKS_SUCCESS;
79 }
80
HksInitialize(void)81 HKS_API_EXPORT int32_t HksInitialize(void)
82 {
83 #ifndef _CUT_AUTHENTICATE_
84 HKS_LOG_D("enter initialize");
85 int32_t ret = HksClientInitialize();
86 HKS_LOG_D("leave initialize, result = %" LOG_PUBLIC "d", ret);
87 return ret;
88 #else
89 (void)HksCryptoAbilityInit();
90 return HKS_SUCCESS;
91 #endif
92 }
93
HksRefreshKeyInfo(void)94 HKS_API_EXPORT int32_t HksRefreshKeyInfo(void)
95 {
96 #ifndef _CUT_AUTHENTICATE_
97 HKS_LOG_D("enter refresh key info");
98 int32_t ret = HksClientRefreshKeyInfo();
99 HKS_LOG_D("leave refresh key info, result = %" LOG_PUBLIC "d", ret);
100 return ret;
101 #else
102 return HKS_ERROR_API_NOT_SUPPORTED;
103 #endif
104 }
105
HksGenerateKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)106 HKS_API_EXPORT int32_t HksGenerateKey(const struct HksBlob *keyAlias,
107 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut)
108 {
109 #ifdef HKS_SUPPORT_API_GENERATE_KEY
110 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
111 struct HksParam *storageFlag = NULL;
112 int32_t ret = HksGetParam(paramSetIn, HKS_TAG_KEY_STORAGE_FLAG, &storageFlag);
113 if ((ret == HKS_SUCCESS) && (storageFlag->uint32Param == HKS_STORAGE_TEMP)) {
114 if ((paramSetIn == NULL) || (paramSetOut == NULL)) {
115 return HKS_ERROR_NULL_POINTER;
116 }
117 ret = HksLocalGenerateKey(paramSetIn, paramSetOut);
118 HKS_LOG_D("leave generate temp key, result = %" LOG_PUBLIC "d", ret);
119 return ret;
120 }
121
122 /* generate persistent keys */
123 if ((paramSetIn == NULL) || (keyAlias == NULL)) {
124 return HKS_ERROR_NULL_POINTER;
125 }
126 ret = HksClientGenerateKey(keyAlias, paramSetIn, paramSetOut);
127 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
128 return ret;
129 #else
130 (void)keyAlias;
131 (void)paramSetIn;
132 (void)paramSetOut;
133 return HKS_ERROR_API_NOT_SUPPORTED;
134 #endif
135 }
136
HksImportKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,const struct HksBlob * key)137 HKS_API_EXPORT int32_t HksImportKey(const struct HksBlob *keyAlias,
138 const struct HksParamSet *paramSet, const struct HksBlob *key)
139 {
140 #ifdef HKS_SUPPORT_API_IMPORT
141 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
142 if ((keyAlias == NULL) || (paramSet == NULL) || (key == NULL)) {
143 return HKS_ERROR_NULL_POINTER;
144 }
145 int32_t ret = HksImportKeyAdapter(keyAlias, paramSet, key);
146 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
147 return ret;
148 #else
149 (void)keyAlias;
150 (void)paramSet;
151 (void)key;
152 return HKS_ERROR_API_NOT_SUPPORTED;
153 #endif
154 }
155
HksImportWrappedKey(const struct HksBlob * keyAlias,const struct HksBlob * wrappingKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * wrappedKeyData)156 HKS_API_EXPORT int32_t HksImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias,
157 const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData)
158 {
159 #ifdef HKS_SUPPORT_API_IMPORT_WRAPPED_KEY
160 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
161 if ((keyAlias == NULL) || (wrappingKeyAlias == NULL)|| (paramSet == NULL) || (wrappedKeyData == NULL)) {
162 return HKS_ERROR_NULL_POINTER;
163 }
164 int32_t ret = HksClientImportWrappedKey(keyAlias, wrappingKeyAlias, paramSet, wrappedKeyData);
165 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
166 return ret;
167 #else
168 (void)keyAlias;
169 (void)wrappingKeyAlias;
170 (void)paramSet;
171 (void)wrappedKeyData;
172 return HKS_ERROR_API_NOT_SUPPORTED;
173 #endif
174 }
175
HksExportPublicKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * key)176 HKS_API_EXPORT int32_t HksExportPublicKey(const struct HksBlob *keyAlias,
177 const struct HksParamSet *paramSet, struct HksBlob *key)
178 {
179 #ifdef HKS_SUPPORT_API_EXPORT
180 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
181 if ((keyAlias == NULL) || (key == NULL)) {
182 return HKS_ERROR_NULL_POINTER;
183 }
184 int32_t ret = HksExportPublicKeyAdapter(keyAlias, paramSet, key);
185 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
186 return ret;
187 #else
188 (void)keyAlias;
189 (void)paramSet;
190 (void)key;
191 return HKS_ERROR_API_NOT_SUPPORTED;
192 #endif
193 }
194
HksDeleteKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)195 HKS_API_EXPORT int32_t HksDeleteKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet)
196 {
197 #ifdef HKS_SUPPORT_API_DELETE_KEY
198 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
199 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER)
200 int32_t ret = HksClientDeleteKey(keyAlias, paramSet);
201 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
202 return ret;
203 #else
204 (void)keyAlias;
205 (void)paramSet;
206 return HKS_ERROR_API_NOT_SUPPORTED;
207 #endif
208 }
209
HksGetKeyParamSet(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)210 HKS_API_EXPORT int32_t HksGetKeyParamSet(const struct HksBlob *keyAlias,
211 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut)
212 {
213 #ifdef HKS_SUPPORT_API_GET_KEY_PARAM_SET
214 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
215 if ((keyAlias == NULL) || (paramSetOut == NULL)) {
216 return HKS_ERROR_NULL_POINTER;
217 }
218 int32_t ret = HksClientGetKeyParamSet(keyAlias, paramSetIn, paramSetOut);
219 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
220 return ret;
221 #else
222 (void)keyAlias;
223 (void)paramSetIn;
224 (void)paramSetOut;
225 return HKS_ERROR_API_NOT_SUPPORTED;
226 #endif
227 }
228
HksKeyExist(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)229 HKS_API_EXPORT int32_t HksKeyExist(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet)
230 {
231 #ifdef HKS_SUPPORT_API_KEY_EXIST
232 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
233 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER)
234 int32_t ret = HksClientKeyExist(keyAlias, paramSet);
235 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
236 return ret;
237 #else
238 (void)keyAlias;
239 (void)paramSet;
240 return HKS_ERROR_API_NOT_SUPPORTED;
241 #endif
242 }
243
HksGenerateRandom(const struct HksParamSet * paramSet,struct HksBlob * random)244 HKS_API_EXPORT int32_t HksGenerateRandom(const struct HksParamSet *paramSet, struct HksBlob *random)
245 {
246 #ifdef HKS_SUPPORT_API_GENERATE_RANDOM
247 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
248 HKS_IF_NULL_RETURN(random, HKS_ERROR_NULL_POINTER)
249 int32_t ret = HksClientGenerateRandom(random, paramSet);
250 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
251 return ret;
252 #else
253 (void)paramSet;
254 (void)random;
255 return HKS_ERROR_API_NOT_SUPPORTED;
256 #endif
257 }
258
HksSign(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * signature)259 HKS_API_EXPORT int32_t HksSign(const struct HksBlob *key, const struct HksParamSet *paramSet,
260 const struct HksBlob *srcData, struct HksBlob *signature)
261 {
262 #ifdef HKS_SUPPORT_API_SIGN_VERIFY
263 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
264 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) {
265 return HKS_ERROR_NULL_POINTER;
266 }
267
268 struct HksParam *isKeyAlias = NULL;
269 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
270 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
271 return HksLocalSign(key, paramSet, srcData, signature);
272 }
273
274 ret = HksClientSign(key, paramSet, srcData, signature);
275 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
276 return ret;
277 #else
278 (void)key;
279 (void)paramSet;
280 (void)srcData;
281 (void)signature;
282 return HKS_ERROR_API_NOT_SUPPORTED;
283 #endif
284 }
285
HksVerify(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,const struct HksBlob * signature)286 HKS_API_EXPORT int32_t HksVerify(const struct HksBlob *key, const struct HksParamSet *paramSet,
287 const struct HksBlob *srcData, const struct HksBlob *signature)
288 {
289 #ifdef HKS_SUPPORT_API_SIGN_VERIFY
290 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
291 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) {
292 return HKS_ERROR_NULL_POINTER;
293 }
294
295 struct HksParam *isKeyAlias = NULL;
296 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
297 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
298 ret = HksLocalVerify(key, paramSet, srcData, signature);
299 HKS_LOG_D("leave verify with plain key, result = %" LOG_PUBLIC "d", ret);
300 return ret;
301 }
302 ret = HksClientVerify(key, paramSet, srcData, signature);
303 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
304 return ret;
305 #else
306 (void)key;
307 (void)paramSet;
308 (void)srcData;
309 (void)signature;
310 return HKS_ERROR_API_NOT_SUPPORTED;
311 #endif
312 }
313
HksEncrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * plainText,struct HksBlob * cipherText)314 HKS_API_EXPORT int32_t HksEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
315 const struct HksBlob *plainText, struct HksBlob *cipherText)
316 {
317 #ifdef HKS_SUPPORT_API_CIPHER
318 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
319 if ((key == NULL) || (paramSet == NULL) || (plainText == NULL) || (cipherText == NULL)) {
320 return HKS_ERROR_NULL_POINTER;
321 }
322
323 struct HksParam *isKeyAlias = NULL;
324 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
325 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
326 ret = HksLocalEncrypt(key, paramSet, plainText, cipherText);
327 HKS_LOG_D("leave encrypt with plain key, result = %" LOG_PUBLIC "d", ret);
328 return ret;
329 }
330 #ifndef _CUT_AUTHENTICATE_
331 ret = HksClientEncrypt(key, paramSet, plainText, cipherText);
332 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
333 return ret;
334 #else
335 return HKS_ERROR_NOT_SUPPORTED;
336 #endif
337 #else
338 (void)key;
339 (void)paramSet;
340 (void)plainText;
341 (void)cipherText;
342 return HKS_ERROR_API_NOT_SUPPORTED;
343 #endif
344 }
345
HksDecrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * cipherText,struct HksBlob * plainText)346 HKS_API_EXPORT int32_t HksDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
347 const struct HksBlob *cipherText, struct HksBlob *plainText)
348 {
349 #ifdef HKS_SUPPORT_API_CIPHER
350 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
351 if ((key == NULL) || (paramSet == NULL) || (cipherText == NULL) || (plainText == NULL)) {
352 return HKS_ERROR_NULL_POINTER;
353 }
354
355 struct HksParam *isKeyAlias = NULL;
356 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
357 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
358 ret = HksLocalDecrypt(key, paramSet, cipherText, plainText);
359 HKS_LOG_D("leave decrypt with plain key, result = %" LOG_PUBLIC "d", ret);
360 return ret;
361 }
362 #ifndef _CUT_AUTHENTICATE_
363 ret = HksClientDecrypt(key, paramSet, cipherText, plainText);
364 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
365 return ret;
366 #else
367 return HKS_ERROR_NOT_SUPPORTED;
368 #endif
369 #else
370 (void)key;
371 (void)paramSet;
372 (void)plainText;
373 (void)cipherText;
374 return HKS_ERROR_API_NOT_SUPPORTED;
375 #endif
376 }
377
HksAgreeKey(const struct HksParamSet * paramSet,const struct HksBlob * privateKey,const struct HksBlob * peerPublicKey,struct HksBlob * agreedKey)378 HKS_API_EXPORT int32_t HksAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey,
379 const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey)
380 {
381 #ifdef HKS_SUPPORT_API_AGREE_KEY
382 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
383 if ((paramSet == NULL) || (privateKey == NULL) || (peerPublicKey == NULL) || (agreedKey == NULL)) {
384 return HKS_ERROR_NULL_POINTER;
385 }
386
387 struct HksParam *isKeyAlias = NULL;
388 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
389 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
390 ret = HksLocalAgreeKey(paramSet, privateKey, peerPublicKey, agreedKey);
391 HKS_LOG_D("leave agree key with plain key, result = %" LOG_PUBLIC "d", ret);
392 return ret;
393 }
394
395 ret = HksAgreeKeyAdapter(paramSet, privateKey, peerPublicKey, agreedKey);
396 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
397 return ret;
398 #else
399 (void)paramSet;
400 (void)privateKey;
401 (void)peerPublicKey;
402 (void)agreedKey;
403 return HKS_ERROR_API_NOT_SUPPORTED;
404 #endif
405 }
406
HksDeriveKey(const struct HksParamSet * paramSet,const struct HksBlob * mainKey,struct HksBlob * derivedKey)407 HKS_API_EXPORT int32_t HksDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey,
408 struct HksBlob *derivedKey)
409 {
410 #ifdef HKS_SUPPORT_API_DERIVE_KEY
411 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
412 if ((paramSet == NULL) || (mainKey == NULL) || (derivedKey == NULL)) {
413 return HKS_ERROR_NULL_POINTER;
414 }
415
416 struct HksParam *isKeyAlias = NULL;
417 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
418 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
419 ret = HksLocalDeriveKey(paramSet, mainKey, derivedKey);
420 HKS_LOG_D("leave derive key with plain key, result = %" LOG_PUBLIC "d", ret);
421 return ret;
422 }
423 #ifndef _CUT_AUTHENTICATE_
424 ret = HksClientDeriveKey(paramSet, mainKey, derivedKey);
425 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
426 return ret;
427 #else
428 return HKS_ERROR_NOT_SUPPORTED;
429 #endif
430 #else
431 (void)paramSet;
432 (void)mainKey;
433 (void)derivedKey;
434 return HKS_ERROR_API_NOT_SUPPORTED;
435 #endif
436 }
437
HksMac(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * mac)438 HKS_API_EXPORT int32_t HksMac(const struct HksBlob *key, const struct HksParamSet *paramSet,
439 const struct HksBlob *srcData, struct HksBlob *mac)
440 {
441 #ifdef HKS_SUPPORT_API_MAC
442 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
443 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (mac == NULL)) {
444 return HKS_ERROR_NULL_POINTER;
445 }
446
447 struct HksParam *isKeyAlias = NULL;
448 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
449 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
450 ret = HksLocalMac(key, paramSet, srcData, mac);
451 HKS_LOG_D("leave mac with plain key, result = %" LOG_PUBLIC "d", ret);
452 return ret;
453 }
454 #ifndef _CUT_AUTHENTICATE_
455 ret = HksClientMac(key, paramSet, srcData, mac);
456 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
457 return ret;
458 #else
459 return HKS_ERROR_NOT_SUPPORTED;
460 #endif
461 #else
462 (void)key;
463 (void)paramSet;
464 (void)srcData;
465 (void)mac;
466 return HKS_ERROR_API_NOT_SUPPORTED;
467 #endif
468 }
469
HksHash(const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * hash)470 HKS_API_EXPORT int32_t HksHash(const struct HksParamSet *paramSet,
471 const struct HksBlob *srcData, struct HksBlob *hash)
472 {
473 #ifdef HKS_SUPPORT_API_HASH
474 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
475 if ((paramSet == NULL) || (srcData == NULL) || (hash == NULL)) {
476 return HKS_ERROR_NULL_POINTER;
477 }
478 int32_t ret = HksLocalHash(paramSet, srcData, hash);
479 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
480 return ret;
481 #else
482 (void)paramSet;
483 (void)srcData;
484 (void)hash;
485 return HKS_ERROR_API_NOT_SUPPORTED;
486 #endif
487 }
488
HksGetKeyInfoList(const struct HksParamSet * paramSet,struct HksKeyInfo * keyInfoList,uint32_t * listCount)489 HKS_API_EXPORT int32_t HksGetKeyInfoList(const struct HksParamSet *paramSet,
490 struct HksKeyInfo *keyInfoList, uint32_t *listCount)
491 {
492 #ifdef HKS_SUPPORT_API_GET_KEY_INFO_LIST
493 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
494 if ((keyInfoList == NULL) || (listCount == NULL)) {
495 return HKS_ERROR_NULL_POINTER;
496 }
497 int32_t ret = HksClientGetKeyInfoList(paramSet, keyInfoList, listCount);
498 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
499 return ret;
500 #else
501 (void)paramSet;
502 (void)keyInfoList;
503 (void)listCount;
504 return HKS_ERROR_API_NOT_SUPPORTED;
505 #endif
506 }
507
508 #ifdef HKS_SUPPORT_API_ATTEST_KEY
ConstructNewAttestParamSet(const struct HksParamSet * paramSet,enum HksAttestationMode mode,struct HksParamSet ** newParamSet)509 static int32_t ConstructNewAttestParamSet(const struct HksParamSet *paramSet, enum HksAttestationMode mode,
510 struct HksParamSet **newParamSet)
511 {
512 int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize);
513 if (ret != HKS_SUCCESS) {
514 HKS_LOG_E("check paramSet fail");
515 return ret;
516 }
517 ret = HksInitParamSet(newParamSet);
518 if (ret != HKS_SUCCESS) {
519 HKS_LOG_E("init paramSet fail");
520 return ret;
521 }
522 do {
523 ret = HksAddParams(*newParamSet, paramSet->params, paramSet->paramsCnt);
524 if (ret != HKS_SUCCESS) {
525 HKS_LOG_E("copy params fail");
526 break;
527 }
528 struct HksParam attestMode = {
529 .tag = HKS_TAG_ATTESTATION_MODE,
530 .uint32Param = mode,
531 };
532 ret = HksAddParams(*newParamSet, &attestMode, 1);
533 if (ret != HKS_SUCCESS) {
534 HKS_LOG_E("add param attestMode fail");
535 break;
536 }
537 ret = HksBuildParamSet(newParamSet);
538 if (ret != HKS_SUCCESS) {
539 HKS_LOG_E("build paramSet fail");
540 break;
541 }
542 return HKS_SUCCESS;
543 } while (false);
544 HksFreeParamSet(newParamSet);
545 return ret;
546 }
547 #endif
548
HksAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)549 HKS_API_EXPORT int32_t HksAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
550 struct HksCertChain *certChain)
551 {
552 #ifdef HKS_SUPPORT_API_ATTEST_KEY
553 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
554 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) {
555 return HKS_ERROR_NULL_POINTER;
556 }
557 struct HksParamSet *newParamSet = NULL;
558 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_DEFAULT, &newParamSet);
559 if (ret != HKS_SUCCESS) {
560 HKS_LOG_E("construct new paramSet for attest key fail");
561 return ret;
562 }
563
564 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, false);
565 HksFreeParamSet(&newParamSet);
566 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
567 return ret;
568 #else
569 (void)keyAlias;
570 (void)paramSet;
571 (void)certChain;
572 return HKS_ERROR_API_NOT_SUPPORTED;
573 #endif
574 }
575
HksAnonAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)576 HKS_API_EXPORT int32_t HksAnonAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
577 struct HksCertChain *certChain)
578 {
579 #ifdef HKS_SUPPORT_API_ATTEST_KEY
580 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
581 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) {
582 return HKS_ERROR_NULL_POINTER;
583 }
584 struct HksParamSet *newParamSet = NULL;
585 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_ANONYMOUS, &newParamSet);
586 if (ret != HKS_SUCCESS) {
587 HKS_LOG_E("construct new paramSet for anonn attest key fail");
588 return ret;
589 }
590
591 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, true);
592 HksFreeParamSet(&newParamSet);
593 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
594 return ret;
595 #else
596 (void)keyAlias;
597 (void)paramSet;
598 (void)certChain;
599 return HKS_ERROR_API_NOT_SUPPORTED;
600 #endif
601 }
602
HksGetCertificateChain(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)603 HKS_API_EXPORT int32_t HksGetCertificateChain(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
604 struct HksCertChain *certChain)
605 {
606 (void)keyAlias;
607 (void)paramSet;
608 (void)certChain;
609 return HKS_ERROR_API_NOT_SUPPORTED;
610 }
611
HksWrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksParamSet * paramSet,struct HksBlob * wrappedData)612 HKS_API_EXPORT int32_t HksWrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias,
613 const struct HksParamSet *paramSet, struct HksBlob *wrappedData)
614 {
615 (void)keyAlias;
616 (void)targetKeyAlias;
617 (void)paramSet;
618 (void)wrappedData;
619 return HKS_ERROR_API_NOT_SUPPORTED;
620 }
621
HksUnwrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksBlob * wrappedData,const struct HksParamSet * paramSet)622 HKS_API_EXPORT int32_t HksUnwrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias,
623 const struct HksBlob *wrappedData, const struct HksParamSet *paramSet)
624 {
625 (void)keyAlias;
626 (void)targetKeyAlias;
627 (void)paramSet;
628 (void)wrappedData;
629 return HKS_ERROR_API_NOT_SUPPORTED;
630 }
631
HksBnExpMod(struct HksBlob * x,const struct HksBlob * a,const struct HksBlob * e,const struct HksBlob * n)632 HKS_API_EXPORT int32_t HksBnExpMod(struct HksBlob *x, const struct HksBlob *a,
633 const struct HksBlob *e, const struct HksBlob *n)
634 {
635 #ifdef HKS_SUPPORT_API_BN_EXP_MOD
636 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
637 if ((x == NULL) || (a == NULL) || (e == NULL) || (n == NULL)) {
638 return HKS_ERROR_NULL_POINTER;
639 }
640
641 int32_t ret = HksLocalBnExpMod(x, a, e, n);
642 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
643 return ret;
644 #else
645 (void)x;
646 (void)a;
647 (void)e;
648 (void)n;
649 return HKS_ERROR_API_NOT_SUPPORTED;
650 #endif
651 }
652
653 /*
654 * Currently, the device certificate and device key are implemented using stubs.
655 * By default, the device key exists.
656 */
HcmIsDeviceKeyExist(const struct HksParamSet * paramSet)657 HKS_API_EXPORT int32_t HcmIsDeviceKeyExist(const struct HksParamSet *paramSet)
658 {
659 (void)paramSet;
660 return HKS_SUCCESS;
661 }
662
HksValidateCertChain(const struct HksCertChain * certChain,struct HksParamSet * paramSetOut)663 HKS_API_EXPORT int32_t HksValidateCertChain(const struct HksCertChain *certChain, struct HksParamSet *paramSetOut)
664 {
665 #ifdef HKS_SUPPORT_API_ATTEST_KEY
666 HKS_LOG_D("enter validate cert chain");
667 if ((paramSetOut == NULL) || (certChain == NULL)) {
668 return HKS_ERROR_NULL_POINTER;
669 }
670 int32_t ret = HksClientValidateCertChain(certChain, paramSetOut);
671 HKS_LOG_D("leave validate cert chain, result = %" LOG_PUBLIC "d", ret);
672 return ret;
673 #else
674 (void)certChain;
675 (void)paramSetOut;
676 return HKS_ERROR_API_NOT_SUPPORTED;
677 #endif
678 }
679
HksInit(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * handle,struct HksBlob * token)680 HKS_API_EXPORT int32_t HksInit(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
681 struct HksBlob *handle, struct HksBlob *token)
682 {
683 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
684 if ((keyAlias == NULL) || (paramSet == NULL) || (handle == NULL)) { /* token can be null */
685 HKS_LOG_E("the pointer param entered is invalid");
686 return HKS_ERROR_NULL_POINTER;
687 }
688
689 int32_t ret = HksClientInit(keyAlias, paramSet, handle, token);
690 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
691 return ret;
692 }
693
HksUpdate(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)694 HKS_API_EXPORT int32_t HksUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet,
695 const struct HksBlob *inData, struct HksBlob *outData)
696 {
697 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
698 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) {
699 HKS_LOG_E("the pointer param entered is invalid");
700 return HKS_ERROR_NULL_POINTER;
701 }
702
703 int32_t ret = HksClientUpdate(handle, paramSet, inData, outData);
704 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
705 return ret;
706 }
707
HksFinish(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)708 HKS_API_EXPORT int32_t HksFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet,
709 const struct HksBlob *inData, struct HksBlob *outData)
710 {
711 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
712 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) {
713 HKS_LOG_E("the pointer param entered is invalid");
714 return HKS_ERROR_NULL_POINTER;
715 }
716
717 int32_t ret = HksClientFinish(handle, paramSet, inData, outData);
718 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
719 return ret;
720 }
721
HksAbort(const struct HksBlob * handle,const struct HksParamSet * paramSet)722 HKS_API_EXPORT int32_t HksAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet)
723 {
724 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
725 if ((handle == NULL) || (paramSet == NULL)) {
726 HKS_LOG_E("the pointer param entered is invalid");
727 return HKS_ERROR_NULL_POINTER;
728 }
729
730 int32_t ret = HksClientAbort(handle, paramSet);
731 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
732 return ret;
733 }
734
HksExportChipsetPlatformPublicKey(const struct HksBlob * salt,enum HksChipsetPlatformDecryptScene scene,struct HksBlob * publicKey)735 HKS_API_EXPORT int32_t HksExportChipsetPlatformPublicKey(const struct HksBlob *salt,
736 enum HksChipsetPlatformDecryptScene scene, struct HksBlob *publicKey)
737 {
738 #ifdef HKS_SUPPORT_CHIPSET_PLATFORM_DECRYPT
739 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
740 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(salt), HKS_ERROR_INVALID_ARGUMENT, "invalid salt")
741 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(publicKey), HKS_ERROR_INVALID_ARGUMENT, "invalid publicKey")
742 int32_t ret = HksClientExportChipsetPlatformPublicKey(salt, scene, publicKey);
743 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
744 return ret;
745 #else
746 (void)(salt);
747 (void)(scene);
748 (void)(publicKey);
749 return HKS_ERROR_API_NOT_SUPPORTED;
750 #endif
751 }
752
HksListAliases(const struct HksParamSet * paramSet,struct HksKeyAliasSet ** outData)753 HKS_API_EXPORT int32_t HksListAliases(const struct HksParamSet *paramSet, struct HksKeyAliasSet **outData)
754 {
755 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
756 if (paramSet == NULL || outData == NULL) {
757 return HKS_ERROR_NULL_POINTER;
758 }
759 int32_t ret = HksClientListAliases(paramSet, outData);
760 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
761 return ret;
762 }
763
HksRenameKeyAlias(const struct HksBlob * oldKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * newKeyAlias)764 HKS_API_EXPORT int32_t HksRenameKeyAlias(const struct HksBlob *oldKeyAlias, const struct HksParamSet *paramSet,
765 const struct HksBlob *newKeyAlias)
766 {
767 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
768 if (oldKeyAlias == NULL || paramSet == NULL || newKeyAlias == NULL) {
769 return HKS_ERROR_NULL_POINTER;
770 }
771 int32_t ret = HksClientRenameKeyAlias(oldKeyAlias, paramSet, newKeyAlias);
772 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
773 return ret;
774 }
775
HksChangeStorageLevel(const struct HksBlob * keyAlias,const struct HksParamSet * srcParamSet,const struct HksParamSet * destParamSet)776 HKS_API_EXPORT int32_t HksChangeStorageLevel(const struct HksBlob *keyAlias, const struct HksParamSet *srcParamSet,
777 const struct HksParamSet *destParamSet)
778 {
779 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
780 if (keyAlias == NULL || srcParamSet == NULL || destParamSet == NULL) {
781 HKS_LOG_E("the pointer param entered is invalid");
782 return HKS_ERROR_NULL_POINTER;
783 }
784 int32_t ret = HksClientChangeStorageLevel(keyAlias, srcParamSet, destParamSet);
785 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
786 return ret;
787 }