1 /*
2  * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "hks_client_check.h"
17 
18 #include <stddef.h>
19 
20 #include "hks_log.h"
21 #include "hks_param.h"
22 #include "hks_mem.h"
23 #include "hks_template.h"
24 #include "hks_storage_manager.h"
25 
26 #ifdef _STORAGE_LITE_
27 #include "hks_storage_adapter.h"
28 #endif
29 
30 #ifndef _CUT_AUTHENTICATE_
31 #ifdef _STORAGE_LITE_
32 
GetKeyParamSet(const struct HksBlob * key,struct HksParamSet * paramSet)33 int32_t GetKeyParamSet(const struct HksBlob *key, struct HksParamSet *paramSet)
34 {
35     struct HksParamSet *tmpParamSet = NULL;
36     int32_t ret = TranslateKeyInfoBlobToParamSet(NULL, key, &tmpParamSet);
37     HKS_IF_NOT_SUCC_RETURN(ret, ret)
38 
39     if (paramSet->paramSetSize < tmpParamSet->paramSetSize) {
40         HksFreeParamSet(&tmpParamSet);
41         return HKS_ERROR_BUFFER_TOO_SMALL;
42     }
43     if (memcpy_s(paramSet, paramSet->paramSetSize, tmpParamSet, tmpParamSet->paramSetSize) != EOK) {
44         HKS_LOG_E("memcpy paramSet failed");
45         ret = HKS_ERROR_INSUFFICIENT_MEMORY;
46     } else {
47         ret = HksFreshParamSet(paramSet, false);
48     }
49 
50     HksFreeParamSet(&tmpParamSet);
51     return ret;
52 }
53 
54 #else /* _STORAGE_LITE_ */
55 
56 static const uint32_t SENSITIVE_DELETE_TAG[] = {
57     HKS_TAG_KEY, HKS_TAG_ACCESS_TOKEN_ID, HKS_TAG_USER_AUTH_ENROLL_ID_INFO,
58     HKS_TAG_USER_AUTH_SECURE_UID, HKS_TAG_OWNER_ID, HKS_TAG_ACCOUNT_ID
59 };
60 
GetKeyParamSet(const struct HksBlob * key,struct HksParamSet * paramSet)61 int32_t GetKeyParamSet(const struct HksBlob *key, struct HksParamSet *paramSet)
62 {
63     if (key->size < sizeof(struct HksParamSet)) {
64         HKS_LOG_E("get key paramset: invalid key size: %" LOG_PUBLIC "u", key->size);
65         return HKS_ERROR_INVALID_KEY_INFO;
66     }
67 
68     const struct HksParamSet *tmpParamSet = (const struct HksParamSet *)key->data;
69     struct HksParamSet *outParamSet = NULL;
70     int32_t ret = HksDeleteTagsFromParamSet(SENSITIVE_DELETE_TAG,
71         sizeof(SENSITIVE_DELETE_TAG) / sizeof(SENSITIVE_DELETE_TAG[0]), tmpParamSet, &outParamSet);
72     HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete tag from paramSet failed, ret = %" LOG_PUBLIC "d.", ret)
73 
74     if (paramSet->paramSetSize < outParamSet->paramSetSize) {
75         HksFreeParamSet(&outParamSet);
76         return HKS_ERROR_BUFFER_TOO_SMALL;
77     }
78     (void)memcpy_s(paramSet, paramSet->paramSetSize, outParamSet, outParamSet->paramSetSize);
79 
80     ret = HksFreshParamSet(paramSet, false);
81 
82     HksFreeParamSet(&outParamSet);
83     return ret;
84 }
85 
GetKeyFileData(const struct HksProcessInfo * processInfo,const struct HksParamSet * paramSet,const struct HksBlob * keyAlias,struct HksBlob * key,enum HksStorageType mode)86 int32_t GetKeyFileData(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
87     const struct HksBlob *keyAlias, struct HksBlob *key, enum HksStorageType mode)
88 {
89     uint32_t size;
90     int32_t ret = HksManageStoreGetKeyBlobSize(processInfo, paramSet, keyAlias, &size, mode);
91     HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get keyblob size from storage failed, ret = %" LOG_PUBLIC "d.", ret)
92 
93     if (size > MAX_KEY_SIZE) {
94         HKS_LOG_E("invalid key size, size = %" LOG_PUBLIC "u", size);
95         return HKS_ERROR_INVALID_KEY_FILE;
96     }
97 
98     key->data = (uint8_t *)HksMalloc(size);
99     HKS_IF_NULL_LOGE_RETURN(key->data, HKS_ERROR_MALLOC_FAIL, "get key data: malloc failed")
100 
101     key->size = size;
102     ret = HksManageStoreGetKeyBlob(processInfo, paramSet, keyAlias, key, mode);
103     if (ret != HKS_SUCCESS) {
104         HKS_LOG_E("get keyblob from storage failed, ret = %" LOG_PUBLIC "d", ret);
105         HKS_FREE_BLOB(*key);
106     }
107     return ret;
108 }
109 
110 #ifdef HKS_ENABLE_UPGRADE_KEY
ConstructUpgradeKeyParamSet(const struct HksProcessInfo * processInfo,const struct HksParamSet * srcParamSet,struct HksParamSet ** outParamSet)111 int32_t ConstructUpgradeKeyParamSet(const struct HksProcessInfo *processInfo, const struct HksParamSet *srcParamSet,
112      struct HksParamSet **outParamSet)
113 {
114     (void)srcParamSet;
115     struct HksParamSet *paramSet = NULL;
116     int32_t ret;
117     do {
118         ret = HksInitParamSet(&paramSet);
119         HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "init param set failed!")
120 
121         struct HksParam processNameParam;
122         processNameParam.tag = HKS_TAG_PROCESS_NAME;
123         processNameParam.blob = processInfo->processName;
124 
125         ret = HksAddParams(paramSet, &processNameParam, 1);
126         HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "add param processNameParam failed!")
127 
128         ret = HksBuildParamSet(&paramSet);
129         HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "build param set failed!")
130 
131         *outParamSet = paramSet;
132         return HKS_SUCCESS;
133     } while (0);
134     HksFreeParamSet(&paramSet);
135     return ret;
136 }
137 #endif
138 
139 #endif /* _STORAGE_LITE_ */
140 #endif /* _CUT_AUTHENTICATE_ */