1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_core_service_key_other.h"
23
24 #include <stdbool.h>
25 #include <stddef.h>
26
27 #include "hks_ability.h"
28 #include "dcm_attest.h"
29 #include "hks_auth.h"
30 #include "hks_base_check.h"
31 #include "hks_check_paramset.h"
32 #include "hks_chipset_platform_decrypt.h"
33 #include "hks_client_service_adapter_common.h"
34 #include "hks_cmd_id.h"
35 #include "hks_common_check.h"
36 #include "hks_core_service_three_stage.h"
37 #include "hks_crypto_adapter.h"
38 #include "hks_crypto_hal.h"
39 #include "hks_log.h"
40 #include "hks_mem.h"
41 #include "hks_param.h"
42 #include "hks_secure_access.h"
43 #include "hks_sm_import_wrap_key.h"
44 #include "hks_template.h"
45 #include "hks_type_inner.h"
46 #include "hks_util.h"
47 #include "hks_keynode.h"
48
49 #include "securec.h"
50
51 #ifndef _HARDWARE_ROOT_KEY_
52 #include "hks_rkc.h"
53 #endif
54
55 #ifndef _CUT_AUTHENTICATE_
56
HksCoreModuleInit(void)57 int32_t HksCoreModuleInit(void)
58 {
59 int32_t ret = HksInitHuksMutex();
60 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Hks mutex init failed, ret = %" LOG_PUBLIC "d", ret)
61
62 ret = HksCryptoAbilityInit();
63 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Hks init crypto ability failed, ret = %" LOG_PUBLIC "d", ret)
64
65 ret = HksCoreInitAuthTokenKey();
66 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Hks init auth token key failed, ret = %" LOG_PUBLIC "d", ret)
67 #ifndef _HARDWARE_ROOT_KEY_
68 ret = HksRkcInit();
69 HKS_IF_NOT_SUCC_LOGE(ret, "Hks rkc init failed! ret = 0x%" LOG_PUBLIC "X", ret)
70 #endif
71
72 return ret;
73 }
74
HksCoreModuleDestroy(void)75 int32_t HksCoreModuleDestroy(void)
76 {
77 HksDestroyHuksMutex();
78 HksCoreDestroyAuthTokenKey();
79 #ifndef _HARDWARE_ROOT_KEY_
80 HksCfgDestroy();
81 HksMkDestroy();
82 #endif
83 return HKS_SUCCESS;
84 }
85
HksCoreRefreshKeyInfo(void)86 int32_t HksCoreRefreshKeyInfo(void)
87 {
88 #ifndef _HARDWARE_ROOT_KEY_
89 HksCfgDestroy();
90 HksMkDestroy();
91 int32_t ret = HksRkcInit();
92 HKS_IF_NOT_SUCC_LOGE(ret, "Hks rkc refresh info failed! ret = 0x%" LOG_PUBLIC "X", ret)
93
94 return ret;
95 #else
96 return HKS_SUCCESS;
97 #endif
98 }
99
100 #ifdef _STORAGE_LITE_
GetMacKey(const struct HksBlob * salt,struct HksBlob * macKey)101 static int32_t GetMacKey(const struct HksBlob *salt, struct HksBlob *macKey)
102 {
103 uint8_t keyBuf[HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256)] = {0};
104 struct HksBlob mk = { HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256), keyBuf };
105
106 int32_t ret = HksCryptoHalGetMainKey(NULL, &mk);
107 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get kek failed, ret = %" LOG_PUBLIC "d", ret)
108
109 struct HksKeyDerivationParam derParam = {
110 .salt = *salt,
111 .iterations = HKS_KEY_BLOB_DERIVE_CNT,
112 .digestAlg = HKS_DIGEST_SHA256,
113 };
114 struct HksKeySpec derivationSpec = { HKS_ALG_PBKDF2, HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256), &derParam };
115 ret = HksCryptoHalDeriveKey(&mk, &derivationSpec, macKey);
116 HKS_IF_NOT_SUCC_LOGE(ret, "get keyblob derive key failed!")
117
118 (void)memset_s(mk.data, mk.size, 0, mk.size);
119 return ret;
120 }
121
HksCoreCalcMacHeader(const struct HksParamSet * paramSet,const struct HksBlob * salt,const struct HksBlob * srcData,struct HksBlob * mac)122 int32_t HksCoreCalcMacHeader(const struct HksParamSet *paramSet, const struct HksBlob *salt,
123 const struct HksBlob *srcData, struct HksBlob *mac)
124 {
125 /* 1. get mac key by derive from salt */
126 uint8_t keyBuf[HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256)] = {0};
127 struct HksBlob macKey = { HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256), keyBuf };
128 int32_t ret = GetMacKey(salt, &macKey);
129 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get mac key failed, ret = %" LOG_PUBLIC "d", ret)
130
131 struct HksParam *digestParam = NULL;
132 ret = HksGetParam(paramSet, HKS_TAG_DIGEST, &digestParam);
133 if (ret != HKS_SUCCESS) {
134 HKS_LOG_E("calc mac header get HKS_TAG_DIGEST param failed, ret = %" LOG_PUBLIC "d", ret);
135 (void)memset_s(macKey.data, macKey.size, 0, macKey.size);
136 return ret;
137 }
138
139 /* 2. do mac */
140 ret = HksCryptoHalHmac(&macKey, digestParam->uint32Param, srcData, mac);
141 (void)memset_s(macKey.data, macKey.size, 0, macKey.size);
142 return ret;
143 }
144 #endif
145
HksCoreRefresh(void)146 int32_t HksCoreRefresh(void)
147 {
148 return HksCoreRefreshKeyInfo();
149 }
150
HksCoreGetAbility(int32_t funcType)151 int32_t HksCoreGetAbility(int32_t funcType)
152 {
153 (void)(funcType);
154 return 0;
155 }
156
HksCoreGetHardwareInfo(void)157 int32_t HksCoreGetHardwareInfo(void)
158 {
159 return 0;
160 }
161
162 #endif /* _CUT_AUTHENTICATE_ */