1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_core_service_key_operate_three_stage.h"
23
24 #include <stdbool.h>
25 #include <stddef.h>
26
27 #include "hks_ability.h"
28 #include "dcm_attest.h"
29 #include "hks_auth.h"
30 #include "hks_base_check.h"
31 #include "hks_check_paramset.h"
32 #include "hks_chipset_platform_decrypt.h"
33 #include "hks_client_service_adapter_common.h"
34 #include "hks_cmd_id.h"
35 #include "hks_common_check.h"
36 #include "hks_core_service_three_stage.h"
37 #include "hks_crypto_adapter.h"
38 #include "hks_crypto_hal.h"
39 #include "hks_log.h"
40 #include "hks_mem.h"
41 #include "hks_param.h"
42 #include "hks_secure_access.h"
43 #include "hks_sm_import_wrap_key.h"
44 #include "hks_template.h"
45 #include "hks_type_inner.h"
46 #include "hks_util.h"
47
48 #include "securec.h"
49
50 #ifndef _HARDWARE_ROOT_KEY_
51 #include "hks_rkc.h"
52 #endif
53
54 #ifndef _CUT_AUTHENTICATE_
55
56 #define S_TO_MS 1000
57
58 static struct HksCoreInitHandler g_hksCoreInitHandler[] = {
59 { HKS_KEY_PURPOSE_SIGN, HksCoreSignVerifyThreeStageInit },
60 { HKS_KEY_PURPOSE_VERIFY, HksCoreSignVerifyThreeStageInit },
61 { HKS_KEY_PURPOSE_ENCRYPT, HksCoreCryptoThreeStageInit },
62 { HKS_KEY_PURPOSE_DECRYPT, HksCoreCryptoThreeStageInit },
63 { HKS_KEY_PURPOSE_DERIVE, HksCoreDeriveThreeStageInit },
64 { HKS_KEY_PURPOSE_AGREE, HksCoreAgreeThreeStageInit },
65 { HKS_KEY_PURPOSE_MAC, HksCoreMacThreeStageInit }
66 };
67
68 static struct HksCoreUpdateHandler g_hksCoreUpdateHandler[] = {
69 { HKS_KEY_PURPOSE_SIGN, HksCoreSignVerifyThreeStageUpdate },
70 { HKS_KEY_PURPOSE_VERIFY, HksCoreSignVerifyThreeStageUpdate },
71 { HKS_KEY_PURPOSE_ENCRYPT, HksCoreCryptoThreeStageUpdate },
72 { HKS_KEY_PURPOSE_DECRYPT, HksCoreCryptoThreeStageUpdate },
73 { HKS_KEY_PURPOSE_DERIVE, HksCoreDeriveThreeStageUpdate },
74 { HKS_KEY_PURPOSE_AGREE, HksCoreAgreeThreeStageUpdate },
75 { HKS_KEY_PURPOSE_MAC, HksCoreMacThreeStageUpdate }
76 };
77
78 static struct HksCoreFinishHandler g_hksCoreFinishHandler[] = {
79 { HKS_KEY_PURPOSE_SIGN, HksCoreSignVerifyThreeStageFinish },
80 { HKS_KEY_PURPOSE_VERIFY, HksCoreSignVerifyThreeStageFinish },
81 { HKS_KEY_PURPOSE_ENCRYPT, HksCoreEncryptThreeStageFinish },
82 { HKS_KEY_PURPOSE_DECRYPT, HksCoreDecryptThreeStageFinish },
83 { HKS_KEY_PURPOSE_DERIVE, HksCoreDeriveThreeStageFinish },
84 { HKS_KEY_PURPOSE_AGREE, HksCoreAgreeThreeStageFinish },
85 { HKS_KEY_PURPOSE_MAC, HksCoreMacThreeStageFinish }
86 };
87
88 static struct HksCoreAbortHandler g_hksCoreAbortHandler[] = {
89 { HKS_KEY_PURPOSE_SIGN, HksCoreSignVerifyThreeStageAbort },
90 { HKS_KEY_PURPOSE_VERIFY, HksCoreSignVerifyThreeStageAbort },
91 { HKS_KEY_PURPOSE_ENCRYPT, HksCoreCryptoThreeStageAbort },
92 { HKS_KEY_PURPOSE_DECRYPT, HksCoreCryptoThreeStageAbort },
93 { HKS_KEY_PURPOSE_DERIVE, HksCoreDeriveThreeStageAbort },
94 { HKS_KEY_PURPOSE_AGREE, HksCoreAgreeThreeStageAbort },
95 { HKS_KEY_PURPOSE_MAC, HksCoreMacThreeStageAbort }
96 };
97
GetPurposeAndAlgorithm(const struct HksParamSet * paramSet,uint32_t * pur,uint32_t * alg)98 static int32_t GetPurposeAndAlgorithm(const struct HksParamSet *paramSet, uint32_t *pur, uint32_t *alg)
99 {
100 HKS_IF_NULL_LOGE_RETURN(paramSet, HKS_ERROR_NULL_POINTER, "paramSet == NULL")
101 HKS_LOG_D("Get paramSet->paramsCnt %" LOG_PUBLIC "u", paramSet->paramsCnt);
102
103 uint32_t i;
104
105 for (i = 0; i < paramSet->paramsCnt; i++) {
106 if (paramSet->params[i].tag == HKS_TAG_PURPOSE) {
107 *pur = paramSet->params[i].uint32Param;
108 }
109
110 if (paramSet->params[i].tag == HKS_TAG_ALGORITHM) {
111 *alg = paramSet->params[i].uint32Param;
112 }
113
114 if (*pur != 0 && *alg != 0) {
115 HKS_LOG_E("found purpose : %" LOG_PUBLIC "u, algorithm : %" LOG_PUBLIC "u", *pur, *alg);
116 break;
117 }
118 }
119
120 if (i == paramSet->paramsCnt) {
121 HKS_LOG_E("don't found purpose or algrithm");
122 return HKS_ERROR_INVALID_ARGUMENT;
123 }
124
125 if (*alg == HKS_ALG_HMAC || *alg == HKS_ALG_SM3 || *pur == HKS_KEY_PURPOSE_SIGN || *pur == HKS_KEY_PURPOSE_VERIFY) {
126 for (i = 0; i < paramSet->paramsCnt; i++) {
127 if (paramSet->params[i].tag == HKS_TAG_DIGEST) {
128 *alg = paramSet->params[i].uint32Param;
129 break;
130 }
131 }
132
133 if (i == paramSet->paramsCnt) {
134 HKS_LOG_E("don't found digest");
135 return HKS_ERROR_INVALID_ARGUMENT;
136 }
137 }
138
139 return HKS_SUCCESS;
140 }
141
CoreInitPreCheck(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * handle,const struct HksBlob * token)142 static int32_t CoreInitPreCheck(const struct HksBlob *key, const struct HksParamSet *paramSet,
143 const struct HksBlob *handle, const struct HksBlob *token)
144 {
145 if (key == NULL || paramSet == NULL || handle == NULL || token == NULL) {
146 HKS_LOG_E("the pointer param entered is invalid");
147 return HKS_ERROR_NULL_POINTER;
148 }
149
150 if (handle->size < sizeof(uint64_t)) {
151 HKS_LOG_E("handle size is too small, size : %" LOG_PUBLIC "u", handle->size);
152 return HKS_ERROR_INSUFFICIENT_MEMORY;
153 }
154
155 if (HksCheckParamSet(paramSet, paramSet->paramSetSize) != HKS_SUCCESS ||
156 HksCheckParamSetTag(paramSet) != HKS_SUCCESS) {
157 HKS_LOG_E("paramSet is invalid");
158 return HKS_ERROR_INVALID_ARGUMENT;
159 }
160
161 return HKS_SUCCESS;
162 }
163
HksBatchCheck(struct HuksKeyNode * keyNode)164 static int32_t HksBatchCheck(struct HuksKeyNode *keyNode)
165 {
166 if (keyNode == NULL) {
167 return HKS_ERROR_NULL_POINTER;
168 }
169 int32_t ret = HKS_ERROR_PARAM_NOT_EXIST;
170 if (keyNode->isBatchOperation) {
171 struct HksParam *purposeParam = NULL;
172 struct HksParam *batchPurposeParam = NULL;
173 ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_PURPOSE, &purposeParam);
174 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "get purpose param failed!")
175 ret = HksGetParam(keyNode->keyBlobParamSet, HKS_TAG_BATCH_PURPOSE, &batchPurposeParam);
176 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "get batch purpose param failed!")
177 if ((purposeParam->uint32Param | batchPurposeParam->uint32Param) != batchPurposeParam->uint32Param) {
178 HKS_LOG_E("purposeParam should falll within the scope of batchPurposeParam");
179 return HKS_ERROR_INVALID_PURPOSE;
180 }
181 }
182 return ret;
183 }
184
HksCoreInitProcess(const struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet,uint32_t pur,uint32_t alg)185 static int32_t HksCoreInitProcess(const struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet,
186 uint32_t pur, uint32_t alg)
187 {
188 if (keyNode == NULL || paramSet == NULL) {
189 return HKS_ERROR_NULL_POINTER;
190 }
191 uint32_t i;
192 uint32_t size = HKS_ARRAY_SIZE(g_hksCoreInitHandler);
193 int32_t ret = HKS_ERROR_BAD_STATE;
194 for (i = 0; i < size; i++) {
195 if (g_hksCoreInitHandler[i].pur == pur) {
196 HKS_LOG_E("Core HksCoreInit pur = %" LOG_PUBLIC "d", pur);
197 ret = g_hksCoreInitHandler[i].handler(keyNode, paramSet, alg);
198 break;
199 }
200 }
201
202 if (ret != HKS_SUCCESS || i == size) {
203 HKS_LOG_E("CoreInit failed, pur : %u, ret : %d", pur, ret);
204 ret = ((i == size) ? HKS_ERROR_INVALID_ARGUMENT : ret);
205 }
206 return ret;
207 }
208
HksCoreUpdateProcess(struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)209 static int32_t HksCoreUpdateProcess(struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet,
210 const struct HksBlob *inData, struct HksBlob *outData)
211 {
212 if (keyNode == NULL || paramSet == NULL) {
213 return HKS_ERROR_NULL_POINTER;
214 }
215 uint32_t i;
216 uint32_t pur = 0;
217 uint32_t alg = 0;
218 int32_t ret = GetPurposeAndAlgorithm(keyNode->runtimeParamSet, &pur, &alg);
219 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "GetPurposeAndAlgorithm failed")
220 uint32_t size = HKS_ARRAY_SIZE(g_hksCoreUpdateHandler);
221 for (i = 0; i < size; i++) {
222 if (g_hksCoreUpdateHandler[i].pur == pur) {
223 struct HksBlob appendInData = { 0, NULL };
224 ret = HksCoreAppendAuthInfoBeforeUpdate(keyNode, pur, paramSet, inData, &appendInData);
225 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "before update: append auth info failed")
226
227 ret = g_hksCoreUpdateHandler[i].handler(keyNode, paramSet,
228 appendInData.data == NULL ? inData : &appendInData, outData, alg);
229 if (appendInData.data != NULL) {
230 HKS_FREE_BLOB(appendInData);
231 }
232 break;
233 }
234 }
235
236 if (ret != HKS_SUCCESS || i == size) {
237 HKS_LOG_E("CoreUpdate failed, pur : %" LOG_PUBLIC "u, ret : %" LOG_PUBLIC "d", pur, ret);
238 ret = ((i == size) ? HKS_ERROR_INVALID_ARGUMENT : ret);
239 }
240 return ret;
241 }
242
HksCoreFinishProcess(struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)243 static int32_t HksCoreFinishProcess(struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet,
244 const struct HksBlob *inData, struct HksBlob *outData)
245 {
246 if (keyNode == NULL || paramSet == NULL) {
247 return HKS_ERROR_NULL_POINTER;
248 }
249 uint32_t i;
250 uint32_t size = HKS_ARRAY_SIZE(g_hksCoreFinishHandler);
251 uint32_t pur = 0;
252 uint32_t alg = 0;
253 int32_t ret = GetPurposeAndAlgorithm(keyNode->runtimeParamSet, &pur, &alg);
254 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "GetPurposeAndAlgorithm failed")
255 for (i = 0; i < size; i++) {
256 if (g_hksCoreFinishHandler[i].pur == pur) {
257 uint32_t outDataBufferSize = (outData == NULL) ? 0 : outData->size;
258 struct HksBlob appendInData = { 0, NULL };
259 ret = HksCoreAppendAuthInfoBeforeFinish(keyNode, pur, paramSet, inData, &appendInData);
260 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "before finish: append auth info failed")
261
262 ret = g_hksCoreFinishHandler[i].handler(keyNode, paramSet,
263 appendInData.data == NULL ? inData : &appendInData, outData, alg);
264 if (appendInData.data != NULL) {
265 HKS_FREE_BLOB(appendInData);
266 }
267 HKS_IF_NOT_SUCC_BREAK(ret)
268
269 ret = HksCoreAppendAuthInfoAfterFinish(keyNode, pur, paramSet, outDataBufferSize, outData);
270 break;
271 }
272 }
273
274 if (i == size) {
275 HKS_LOG_E("don't found purpose, pur : %" LOG_PUBLIC "d", pur);
276 ret = HKS_ERROR_INVALID_ARGUMENT;
277 }
278 return ret;
279 }
280
HksAddBatchTimeToKeyNode(const struct HksParamSet * paramSet,struct HuksKeyNode * keyNode)281 static int32_t HksAddBatchTimeToKeyNode(const struct HksParamSet *paramSet, struct HuksKeyNode *keyNode)
282 {
283 if (keyNode == NULL || paramSet == NULL) {
284 return HKS_ERROR_NULL_POINTER;
285 }
286 uint64_t curTime = 0;
287 int32_t ret = HksElapsedRealTime(&curTime);
288 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksElapsedRealTime failed")
289 keyNode->isBatchOperation = false;
290 keyNode->batchOperationTimestamp = curTime + DEFAULT_BATCH_TIME_OUT * S_TO_MS;
291 bool findOperation = false;
292 bool findTimeout = false;
293 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
294 if (paramSet->params[i].tag == HKS_TAG_IS_BATCH_OPERATION) {
295 keyNode->isBatchOperation = paramSet->params[i].boolParam;
296 findOperation = true;
297 continue;
298 }
299 if (paramSet->params[i].tag == HKS_TAG_BATCH_OPERATION_TIMEOUT) {
300 if ((uint64_t)paramSet->params[i].uint32Param > MAX_BATCH_TIME_OUT) {
301 HKS_LOG_E("Batch time is too big.");
302 return HKS_ERROR_NOT_SUPPORTED;
303 }
304 keyNode->batchOperationTimestamp = curTime + (uint64_t)paramSet->params[i].uint32Param * S_TO_MS;
305 findTimeout = true;
306 continue;
307 }
308 if (findOperation && findTimeout) {
309 break;
310 }
311 }
312 // HKS_TAG_IS_BATCH_OPERATION must be passed
313 if (!findOperation && findTimeout) {
314 keyNode->batchOperationTimestamp = 0;
315 HKS_LOG_E("can not find HKS_TAG_IS_BATCH_OPERATION.");
316 return HKS_ERROR_NOT_SUPPORTED;
317 }
318 if (!findOperation) {
319 keyNode->batchOperationTimestamp = 0;
320 }
321 return ret;
322 }
323
HksCoreInit(const struct HksBlob * key,const struct HksParamSet * paramSet,struct HksBlob * handle,struct HksBlob * token)324 int32_t HksCoreInit(const struct HksBlob *key, const struct HksParamSet *paramSet, struct HksBlob *handle,
325 struct HksBlob *token)
326 {
327 HKS_LOG_D("HksCoreInit in Core start");
328 uint32_t pur = 0;
329 uint32_t alg = 0;
330
331 int32_t ret = CoreInitPreCheck(key, paramSet, handle, token);
332 HKS_IF_NOT_SUCC_RETURN(ret, ret)
333
334 struct HuksKeyNode *keyNode = HksCreateKeyNode(key, paramSet);
335 if (keyNode == NULL || handle == NULL) {
336 HKS_LOG_E("the pointer param entered is invalid");
337 return HKS_ERROR_BAD_STATE;
338 }
339 do {
340 ret = HksAddBatchTimeToKeyNode(paramSet, keyNode);
341 HKS_IF_NOT_SUCC_BREAK(ret)
342
343 ret = HksProcessIdentityVerify(keyNode->keyBlobParamSet, paramSet);
344 HKS_IF_NOT_SUCC_BREAK(ret)
345
346 handle->size = sizeof(uint64_t);
347 (void)memcpy_s(handle->data, handle->size, &(keyNode->handle), handle->size);
348
349 ret = GetPurposeAndAlgorithm(paramSet, &pur, &alg);
350 HKS_IF_NOT_SUCC_BREAK(ret)
351
352 ret = HksCoreSecureAccessInitParams(keyNode, paramSet, token);
353 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "init secure access params failed")
354
355 ret = HksBatchCheck(keyNode);
356 if (ret == HKS_SUCCESS) {
357 HKS_LOG_I("HksBatchCheck success");
358 return HKS_SUCCESS;
359 }
360 if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
361 ret = HksCoreInitProcess(keyNode, paramSet, pur, alg);
362 }
363 } while (0);
364 if (ret != HKS_SUCCESS) {
365 HksDeleteKeyNode(keyNode->handle);
366 }
367
368 HKS_LOG_D("HksCoreInit in Core end");
369 return ret;
370 }
371
GetParamsForUpdateAndFinish(const struct HksBlob * handle,uint64_t * sessionId,struct HuksKeyNode ** keyNode)372 static int32_t GetParamsForUpdateAndFinish(const struct HksBlob *handle, uint64_t *sessionId,
373 struct HuksKeyNode **keyNode)
374 {
375 if (handle == NULL || sessionId == NULL || keyNode == NULL) {
376 HKS_LOG_E("invalid input for GetSessionAndKeyNode");
377 return HKS_ERROR_NULL_POINTER;
378 }
379 if (memcpy_s(sessionId, sizeof(*sessionId), handle->data, handle->size) != EOK) {
380 HKS_LOG_E("memcpy handle value fail");
381 return HKS_ERROR_INSUFFICIENT_MEMORY;
382 }
383 *keyNode = HksQueryKeyNode(*sessionId);
384 HKS_IF_NULL_LOGE_RETURN(*keyNode, HKS_ERROR_BAD_STATE, "HksCoreUpdate query keynode failed")
385
386 return HKS_SUCCESS;
387 }
388
HksCheckBatchUpdateTime(struct HuksKeyNode * keyNode)389 static int32_t HksCheckBatchUpdateTime(struct HuksKeyNode *keyNode)
390 {
391 if (keyNode == NULL) {
392 return HKS_ERROR_NULL_POINTER;
393 }
394 uint64_t curTime = 0;
395 int32_t ret = HksElapsedRealTime(&curTime);
396 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksElapsedRealTime failed");
397 if (keyNode->batchOperationTimestamp < curTime) {
398 HKS_LOG_E("Batch operation timeout");
399 return HKS_ERROR_INVALID_TIME_OUT;
400 }
401 return ret;
402 }
403
HksBatchUpdate(struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)404 static int32_t HksBatchUpdate(struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet,
405 const struct HksBlob *inData, struct HksBlob *outData)
406 {
407 if (keyNode == NULL || paramSet == NULL) {
408 return HKS_ERROR_NULL_POINTER;
409 }
410
411 // enable verify authtoken when is multi batch operation
412 struct HksParam *authResult = NULL;
413 int32_t ret = HksGetParam(keyNode->authRuntimeParamSet, HKS_TAG_KEY_AUTH_RESULT, &authResult);
414 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_BAD_STATE, "get authResult failed!")
415 authResult->uint32Param = HKS_AUTH_RESULT_INIT;
416 struct HksParam *isNeedSecureSignInfo = NULL;
417 ret = HksGetParam(keyNode->authRuntimeParamSet, HKS_TAG_IF_NEED_APPEND_AUTH_INFO, &isNeedSecureSignInfo);
418 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_BAD_STATE, "get is secure sign failed!")
419 isNeedSecureSignInfo->boolParam = false;
420 ret = HksCheckBatchUpdateTime(keyNode);
421 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksCheckBatchUpdateTime failed!")
422 struct HuksKeyNode *batchKeyNode = HksCreateBatchKeyNode(keyNode, paramSet);
423 HKS_IF_NULL_LOGE_RETURN(batchKeyNode, HKS_ERROR_BAD_STATE, "the batchKeyNode is null")
424 do {
425 uint32_t pur = 0;
426 uint32_t alg = 0;
427 ret = GetPurposeAndAlgorithm(paramSet, &pur, &alg);
428 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetPurposeAndAlgorithm failed")
429 ret = HksCoreInitProcess(batchKeyNode, paramSet, pur, alg);
430 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCoreInitProcess failed")
431 ret = HksCoreFinishProcess(batchKeyNode, paramSet, inData, outData);
432 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCoreFinishProcess failed")
433 } while (0);
434
435 HksFreeUpdateKeyNode(batchKeyNode);
436 return ret;
437 }
438
HksCoreUpdate(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)439 int32_t HksCoreUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet,
440 const struct HksBlob *inData, struct HksBlob *outData)
441 {
442 HKS_LOG_D("HksCoreUpdate in Core start");
443
444 if (handle == NULL || paramSet == NULL || inData == NULL) {
445 HKS_LOG_E("the pointer param entered is invalid");
446 return HKS_ERROR_NULL_POINTER;
447 }
448
449 int32_t ret = HksCheckParamSetTag(paramSet);
450 HKS_IF_NOT_SUCC_RETURN(ret, ret)
451
452 uint64_t sessionId;
453 struct HuksKeyNode *keyNode = NULL;
454
455 ret = GetParamsForUpdateAndFinish(handle, &sessionId, &keyNode);
456 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "GetParamsForCoreUpdate failed")
457
458 ret = CheckIfNeedIsDevicePasswordSet(keyNode->keyBlobParamSet);
459 if (ret != HKS_SUCCESS) {
460 HksDeleteKeyNode(sessionId);
461 HKS_LOG_E("check device password status failed");
462 return ret;
463 }
464
465 ret = HksCoreSecureAccessVerifyParams(keyNode, paramSet);
466 if (ret != HKS_SUCCESS) {
467 HksDeleteKeyNode(sessionId);
468 HKS_LOG_E("HksCoreUpdate secure access verify failed");
469 return ret;
470 }
471
472 ret = HksBatchCheck(keyNode);
473 if (ret == HKS_SUCCESS) {
474 HKS_LOG_I("HksBatchCheck success");
475 ret = HksBatchUpdate(keyNode, paramSet, inData, outData);
476 if (ret != HKS_SUCCESS) {
477 HksDeleteKeyNode(sessionId);
478 }
479 return ret;
480 }
481
482 if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
483 ret = HksCoreUpdateProcess(keyNode, paramSet, inData, outData);
484 }
485
486 if (ret != HKS_SUCCESS) {
487 HksDeleteKeyNode(keyNode->handle);
488 }
489 return ret;
490 }
491
HksCoreFinish(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)492 int32_t HksCoreFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet, const struct HksBlob *inData,
493 struct HksBlob *outData)
494 {
495 HKS_LOG_D("HksCoreFinish in Core start");
496
497 if (handle == NULL || inData == NULL || paramSet == NULL || HksCheckParamSetTag(paramSet) != HKS_SUCCESS) {
498 HKS_LOG_E("the pointer param entered is invalid");
499 return HKS_ERROR_NULL_POINTER;
500 }
501
502 uint64_t sessionId;
503 struct HuksKeyNode *keyNode = NULL;
504
505 int32_t ret = GetParamsForUpdateAndFinish(handle, &sessionId, &keyNode);
506 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "GetParamsForCoreUpdate failed")
507
508 ret = CheckIfNeedIsDevicePasswordSet(keyNode->keyBlobParamSet);
509 if (ret != HKS_SUCCESS) {
510 HksDeleteKeyNode(sessionId);
511 HKS_LOG_E("check device password status failed");
512 return ret;
513 }
514
515 ret = HksBatchCheck(keyNode);
516 if (ret != HKS_ERROR_PARAM_NOT_EXIST) {
517 HksDeleteKeyNode(sessionId);
518 return ret;
519 }
520
521 ret = HksCoreSecureAccessVerifyParams(keyNode, paramSet);
522 if (ret != HKS_SUCCESS) {
523 HksDeleteKeyNode(sessionId);
524 HKS_LOG_E("HksCoreFinish secure access verify failed");
525 return ret;
526 }
527
528 ret = HksCoreFinishProcess(keyNode, paramSet, inData, outData);
529 HksDeleteKeyNode(sessionId);
530 HKS_LOG_D("HksCoreFinish in Core end");
531 return ret;
532 }
533
HksCoreAbort(const struct HksBlob * handle,const struct HksParamSet * paramSet)534 int32_t HksCoreAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet)
535 {
536 HKS_LOG_D("HksCoreAbort in Core start");
537 uint32_t pur = 0;
538 uint32_t alg = 0;
539
540 if (handle == NULL || paramSet == NULL) {
541 HKS_LOG_E("the pointer param entered is invalid");
542 return HKS_ERROR_NULL_POINTER;
543 }
544
545 int32_t ret = HksCheckParamSetTag(paramSet);
546 HKS_IF_NOT_SUCC_RETURN(ret, ret)
547
548 uint64_t sessionId;
549 if (memcpy_s(&sessionId, sizeof(sessionId), handle->data, handle->size) != EOK) {
550 HKS_LOG_E("memcpy handle fail");
551 return HKS_ERROR_INSUFFICIENT_MEMORY;
552 }
553
554 struct HuksKeyNode *keyNode = HksQueryKeyNode(sessionId);
555 HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_SUCCESS, "abort get key node failed")
556
557 ret = GetPurposeAndAlgorithm(keyNode->runtimeParamSet, &pur, &alg);
558 if (ret != HKS_SUCCESS) {
559 HksDeleteKeyNode(sessionId);
560 return ret;
561 }
562
563 uint32_t i;
564 uint32_t size = HKS_ARRAY_SIZE(g_hksCoreAbortHandler);
565 for (i = 0; i < size; i++) {
566 if (g_hksCoreAbortHandler[i].pur == pur) {
567 ret = g_hksCoreAbortHandler[i].handler(keyNode, paramSet, alg);
568 break;
569 }
570 }
571
572 if (i == size) {
573 HksDeleteKeyNode(sessionId);
574 HKS_LOG_E("don't found purpose, pur : %" LOG_PUBLIC "d", pur);
575 return HKS_ERROR_INVALID_ARGUMENT;
576 }
577
578 HksDeleteKeyNode(sessionId);
579 HKS_LOG_D("HksCoreAbort in Core end");
580
581 return ret;
582 }
583
584 #endif /* _CUT_AUTHENTICATE_ */