1 /*
2 * Copyright (c) 2020-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "huks_adapter.h"
17 #include <stdio.h>
18 #include "securec.h"
19 #include "commonutil_test.h"
20 #include "hks_api.h"
21 #include "hks_param.h"
22 #include "log.h"
23 #include "mem_stat.h"
24
25 #define X25519_KEY_LEN 256
26 #define ED25519_KEY_LEN 256
27 #define X25519_KEY_PARAM_SET_SIZE 128 /* priv key size: 32, pub key size: 32, add two tag, no larger than 128 */
28 #define DEFAULT_PARAM_SET_OUT_SIZE 1024
29 #define HC_PARAM_CHAIN_LEN 255
30 #define HC_PARAM_KEY_LEN 256
31 #define BITS_PER_BYTE 8
32 #define HC_CCM_NONCE_LEN 7
33 #define PLAIN_LENGTH 64
34
35 #if (defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_))
36 static const uint8_t g_factor[] = "hichain_key_enc_key";
37 static const int32_t g_cert_chain_cnt = 4;
38 #endif
39
40 union huks_key_type_union {
41 struct huks_key_type type_struct;
42 uint32_t key_type;
43 };
44
45 #define CREATE_STRUCT(T) \
46 struct T *create_struct_##T(void) \
47 { \
48 struct T *val = (struct T *)MALLOC(sizeof(struct T)); \
49 if (val == NULL) { \
50 return NULL; \
51 } \
52 (void)memset_s(val, sizeof(*val), 0, sizeof(*val)); \
53 return val; \
54 }
55
56 #define CONVERT_TO_BLOB(T, field_name) \
57 struct HksBlob convert_to_blob_from_##T(struct T *val) \
58 { \
59 struct HksBlob hks_blob_val; \
60 (void)memset_s(&hks_blob_val, sizeof(hks_blob_val), 0, sizeof(hks_blob_val)); \
61 check_ptr_return_val(val->field_name, hks_blob_val); \
62 check_num_return_val(val->length, hks_blob_val); \
63 hks_blob_val.data = val->field_name; \
64 hks_blob_val.size = val->length; \
65 return hks_blob_val; \
66 }
67
68 CREATE_STRUCT(hc_key_alias)
69 CREATE_STRUCT(sha256_value)
70 CREATE_STRUCT(uint8_buff)
71
72 CONVERT_TO_BLOB(hc_key_alias, key_alias)
73 CONVERT_TO_BLOB(ltpk, ltpk)
74 CONVERT_TO_BLOB(sha256_value, sha256_value)
75 CONVERT_TO_BLOB(sha512_value, sha512_value)
76 CONVERT_TO_BLOB(signature, signature)
77 CONVERT_TO_BLOB(stpk, stpk)
78 CONVERT_TO_BLOB(stsk, stsk)
79 CONVERT_TO_BLOB(hc_auth_id, auth_id)
80
81 static const uint8_t g_key_type_pairs[HC_MAX_KEY_TYPE_NUM][HC_KEY_TYPE_PAIR_LEN] = {
82 { 0x00, 0x00 }, /* ACCESSOR_PK */
83 { 0x00, 0x01 }, /* CONTROLLER_PK */
84 { 0x00, 0x02 }, /* ed25519 KEYPAIR */
85 { 0x00, 0x03 }, /* KEK, key encryption key, used only by DeviceAuthService */
86 { 0x00, 0x04 }, /* DEK, data encryption key, used only by upper apps */
87 { 0x00, 0x05 }, /* key tmp */
88 { 0x00, 0x06 } /* PSK, preshared key index */
89 };
90
91 static const char *g_large_prime_number_hex_384 =
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74"\
93 "020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437"\
94 "4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"\
95 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05"\
96 "98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB"\
97 "9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"\
98 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"\
99 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33"\
100 "A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"\
101 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864"\
102 "D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E2"\
103 "08E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
104
105 static const char *g_large_prime_number_hex_256 =
106 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74"\
107 "020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437"\
108 "4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"\
109 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05"\
110 "98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB"\
111 "9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"\
112 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"\
113 "3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF";
114
hks_hex_string_to_byte(const char * src,uint8_t * dst,uint32_t dst_size)115 static int32_t hks_hex_string_to_byte(const char *src, uint8_t *dst, uint32_t dst_size)
116 {
117 size_t length = strlen(src);
118 if (length % 2 != 0) { /* 2 : odd number or not */
119 LOGE("Invalid hex_string length: %zu, even num is expected", length);
120 return ERROR_CODE_FAILED;
121 }
122
123 uint32_t hex_length = length / BYTE_TO_HEX_OPER_LENGTH; /* Calculate hexadecimal length */
124 if (dst_size < hex_length) {
125 LOGE("Invalid dst_size: %u is smaller than hex_length: %u", dst_size, hex_length);
126 return ERROR_CODE_FAILED;
127 }
128
129 uint8_t nibble[2]; /* create an array of two elements */
130 for (uint32_t i = 0; i < hex_length; i++) {
131 nibble[0] = src[i * BYTE_TO_HEX_OPER_LENGTH];
132 nibble[1] = src[i * BYTE_TO_HEX_OPER_LENGTH + 1];
133 for (uint32_t j = 0; j < BYTE_TO_HEX_OPER_LENGTH; j++) { /* iterate through array */
134 if ((nibble[j] <= 'F') && (nibble[j] >= 'A')) {
135 nibble[j] = nibble[j] - 'A' + 10; /* 10 : hex conversion */
136 } else if ((nibble[j] <= 'f') && (nibble[j] >= 'a')) {
137 nibble[j] = nibble[j] - 'a' + 10; /* 10 : hex conversion */
138 } else if ((nibble[j] >= '0') && (nibble[j] <= '9')) {
139 nibble[j] = nibble[j] - '0';
140 } else {
141 LOGE("Invalid char: [%c] in hex string, [0-9]|[A-F]|[a-f] expected", (char)nibble[j]);
142 return ERROR_CODE_FAILED;
143 }
144 }
145 dst[i] = nibble[0] << 4; /* 4 : shift left for filling */
146 dst[i] |= nibble[1];
147 }
148 return ERROR_CODE_SUCCESS;
149 }
150
construct_param_set(struct HksParamSet ** out,const struct HksParam * in_param,const uint32_t in_param_num)151 static int32_t construct_param_set(struct HksParamSet **out, const struct HksParam *in_param,
152 const uint32_t in_param_num)
153 {
154 struct HksParamSet *param_set = NULL;
155 int32_t status = HksInitParamSet(¶m_set);
156 if (status != ERROR_CODE_SUCCESS) {
157 LOGE("init param set failed, status=%d", status);
158 return ERROR_CODE_INIT_PARAM_SET;
159 }
160
161 status = HksAddParams(param_set, in_param, in_param_num);
162 if (status != ERROR_CODE_SUCCESS) {
163 LOGE("add digest param failed, status=%d", status);
164 HksFreeParamSet(¶m_set);
165 return ERROR_CODE_ADD_PARAM;
166 }
167
168 status = HksBuildParamSet(¶m_set);
169 if (status != ERROR_CODE_SUCCESS) {
170 LOGE("build param set failed, status=%d", status);
171 HksFreeParamSet(¶m_set);
172 return ERROR_CODE_BUILD_PARAM_SET;
173 }
174
175 *out = param_set;
176 return ERROR_CODE_SUCCESS;
177 }
178
sha256(const struct uint8_buff * message)179 static struct sha256_value sha256(const struct uint8_buff *message)
180 {
181 struct sha256_value sha256_value;
182 (void)memset_s(&sha256_value, sizeof(sha256_value), 0, sizeof(sha256_value));
183
184 struct HksBlob src_data = { message->length, message->val };
185
186 struct HksBlob hash = { 0, NULL };
187 hash.data = (uint8_t *)MALLOC(HC_SHA256_LEN * sizeof(uint8_t));
188 if (hash.data == NULL) {
189 LOGE("SHA256 malloc failed");
190 return sha256_value;
191 }
192 hash.size = HC_SHA256_LEN;
193
194 struct HksParamSet *param_set = NULL;
195 struct HksParam digest_param[] = {
196 {
197 .tag = HKS_TAG_DIGEST,
198 .uint32Param = HKS_DIGEST_SHA256
199 }
200 };
201 int32_t status = construct_param_set(¶m_set, digest_param, array_size(digest_param));
202 if (status != ERROR_CODE_SUCCESS) {
203 safe_free(hash.data);
204 LOGE("construct param set in the sha256 failed, status=%d", status);
205 return sha256_value;
206 }
207 status = HksHash(param_set, &src_data, &hash);
208 if ((status == 0) && (hash.size == HC_SHA256_LEN)) {
209 (void)memcpy_s(sha256_value.sha256_value, sizeof(sha256_value.sha256_value), hash.data, HC_SHA256_LEN);
210 sha256_value.length = HC_SHA256_LEN;
211 } else {
212 LOGE("SHA256 failed, status=%d", status);
213 sha256_value.length = 0;
214 }
215 safe_free(hash.data);
216 HksFreeParamSet(¶m_set);
217 return sha256_value;
218 }
219
Compare(const uint8_t * a,uint32_t lenA,const uint8_t * b,uint32_t lenB)220 static int32_t Compare(const uint8_t *a, uint32_t lenA, const uint8_t *b, uint32_t lenB)
221 {
222 const uint8_t *tmpA = a;
223 const uint8_t *tmpB = b;
224 uint32_t len = lenA;
225 if (lenA < lenB) {
226 for (uint32_t i = 0; i < lenB - lenA; i++) {
227 if (b[i] > 0) {
228 return 1; // a < b: 1
229 }
230 }
231 tmpA = a;
232 tmpB = b + lenB - lenA;
233 len = lenA;
234 }
235 if (lenA > lenB) {
236 for (uint32_t i = 0; i < lenA - lenB; i++) {
237 if (a[i] > 0) {
238 return -1; // a > b: -1
239 }
240 }
241 tmpA = a + lenA - lenB;
242 tmpB = b;
243 len = lenB;
244 }
245 for (uint32_t i = 0; i < len; i++) {
246 if (*(tmpA + i) > *(tmpB + i)) {
247 return -1;
248 }
249 if (*(tmpA + i) < *(tmpB + i)) {
250 return 1;
251 }
252 }
253 return 0;
254 }
255
CheckDlSpekePublicKey(const struct var_buffer * key,uint32_t bigNumLen)256 int32_t CheckDlSpekePublicKey(const struct var_buffer *key, uint32_t bigNumLen)
257 {
258 if (key == NULL) {
259 LOGE("Param is null.");
260 return HC_INPUT_PTR_NULL;
261 }
262 const char *primeHex = NULL;
263 if (bigNumLen == HC_BIG_PRIME_MAX_LEN_384) {
264 primeHex = g_large_prime_number_hex_384;
265 } else {
266 primeHex = g_large_prime_number_hex_256;
267 }
268 uint8_t min = 1;
269 uint32_t primeLen = strlen(primeHex) / BYTE_TO_HEX_OPER_LENGTH;
270 if (key->length > primeLen) {
271 LOGE("key->length > primeLen.");
272 return HC_INPUT_ERROR;
273 }
274 uint8_t *primeVal = (uint8_t *)MALLOC(primeLen);
275 if (primeVal == NULL) {
276 LOGE("Malloc primeVal failed.");
277 return HC_MALLOC_FAILED;
278 }
279 if (hex_string_to_byte(primeHex, strlen(primeHex), primeVal) != ERROR_CODE_SUCCESS) {
280 LOGE("hex_string_to_byte for prime num failed");
281 FREE(primeVal);
282 return HC_INPUT_ERROR;
283 }
284 /*
285 * P - 1, since the last byte of large prime number must be greater than 1,
286 * do not need to think about borrowing forward
287 */
288 primeVal[primeLen - 1] -= 1;
289 if (Compare(key->data, key->length, &min, sizeof(uint8_t)) >= 0) {
290 LOGE("key <= 1, invalid.");
291 FREE(primeVal);
292 return HC_MEMCPY_ERROR;
293 }
294 if (Compare(key->data, key->length, primeVal, primeLen) <= 0) {
295 LOGE("key >= p - 1, invalid.");
296 FREE(primeVal);
297 return HC_MEMCPY_ERROR;
298 }
299 FREE(primeVal);
300 return HC_OK;
301 }
302
cal_bignum_exp(struct var_buffer * base,struct var_buffer * exp,const uint32_t big_num_len,struct big_num * out_result)303 int32_t cal_bignum_exp(struct var_buffer *base, struct var_buffer *exp,
304 const uint32_t big_num_len, struct big_num *out_result)
305 {
306 check_ptr_return_val(base, HC_INPUT_ERROR);
307 check_ptr_return_val(exp, HC_INPUT_ERROR);
308 check_ptr_return_val(out_result, HC_INPUT_ERROR);
309
310 if ((big_num_len != HC_BIG_PRIME_MAX_LEN_384) && (big_num_len != HC_BIG_PRIME_MAX_LEN_256)) {
311 LOGE("Not support big number len %d", big_num_len);
312 return HC_LARGE_PRIME_NUMBER_LEN_UNSUPPORT;
313 }
314
315 struct HksBlob big_num_a = { base->length, base->data };
316 struct HksBlob big_num_e = { exp->length, exp->data };
317
318 uint8_t *large_num = (uint8_t *)MALLOC(big_num_len);
319 if (large_num == NULL) {
320 LOGE("Malloc big num buff fail");
321 return ERROR_CODE_FAILED;
322 }
323
324 (void)memset_s(large_num, big_num_len, 0, big_num_len);
325 int32_t status;
326
327 if (big_num_len == HC_BIG_PRIME_MAX_LEN_384) {
328 status = hks_hex_string_to_byte(g_large_prime_number_hex_384, large_num, big_num_len);
329 } else {
330 status = hks_hex_string_to_byte(g_large_prime_number_hex_256, large_num, big_num_len);
331 }
332 if (status != ERROR_CODE_SUCCESS) {
333 FREE(large_num);
334 return ERROR_CODE_FAILED;
335 }
336
337 struct HksBlob big_num_n = { big_num_len, large_num };
338 struct HksBlob big_num_x = { big_num_len, out_result->big_num };
339 if (big_num_len > sizeof(out_result->big_num)) {
340 LOGE("The big num array is shorter than the expected output len.");
341 FREE(large_num);
342 return ERROR_CODE_FAILED;
343 }
344
345 status = HksBnExpMod(&big_num_x, &big_num_a, &big_num_e, &big_num_n);
346 FREE(large_num);
347 if (status != ERROR_CODE_SUCCESS) {
348 LOGE("Huks bn exp mod error, status=%d", status);
349 return ERROR_CODE_FAILED;
350 }
351 out_result->length = big_num_x.size;
352
353 return ERROR_CODE_SUCCESS;
354 }
355
generate_random(uint32_t length)356 struct random_value generate_random(uint32_t length)
357 {
358 struct random_value rand;
359 (void)memset_s(&rand, sizeof(rand), 0, sizeof(rand));
360 if ((length == 0) || (length > HC_RAMDOM_MAX_LEN)) {
361 LOGE("Generate random failed, invalid param length: %d", length);
362 return rand;
363 }
364 rand.length = length;
365 (void)memset_s(rand.random_value, HC_RAMDOM_MAX_LEN, 1, HC_RAMDOM_MAX_LEN);
366 return rand;
367 }
368
compute_hmac(struct var_buffer * key,const struct uint8_buff * message,struct hmac * out_hmac)369 int32_t compute_hmac(struct var_buffer *key, const struct uint8_buff *message, struct hmac *out_hmac)
370 {
371 check_ptr_return_val(key, HC_INPUT_ERROR);
372 check_ptr_return_val(message, HC_INPUT_ERROR);
373 check_ptr_return_val(out_hmac, HC_INPUT_ERROR);
374
375 struct HksBlob hks_key = { key->length, key->data };
376 struct HksBlob src_data = { message->length, message->val };
377 struct HksBlob output = { HC_HMAC_LEN, out_hmac->hmac };
378 struct HksParamSet *param_set = NULL;
379
380 struct HksParam hmac_param[] = {
381 {
382 .tag = HKS_TAG_PURPOSE,
383 .uint32Param = HKS_KEY_PURPOSE_MAC
384 }, {
385 .tag = HKS_TAG_DIGEST,
386 .uint32Param = HKS_DIGEST_SHA256
387 }, {
388 .tag = HKS_TAG_IS_KEY_ALIAS, /* temporary key, is_key_alias is set to false determined using REE for MAC */
389 .boolParam = false
390 }
391 };
392 int32_t status = construct_param_set(¶m_set, hmac_param, array_size(hmac_param));
393 if (status != ERROR_CODE_SUCCESS) {
394 LOGE("construct HMAC param set failed, status=%d", status);
395 return ERROR_CODE_BUILD_PARAM_SET;
396 }
397
398 /* make hmac */
399 status = HksMac(&hks_key, param_set, &src_data, &output);
400 if (status != ERROR_CODE_SUCCESS) {
401 LOGE("Huks hmac failed, status: %d", status);
402 HksFreeParamSet(¶m_set);
403 return ERROR_CODE_FAILED;
404 }
405 out_hmac->length = output.size;
406 HksFreeParamSet(¶m_set);
407
408 return ERROR_CODE_SUCCESS;
409 }
410
compute_hkdf(struct var_buffer * shared_secret,struct hc_salt * salt,char * key_info,uint32_t hkdf_len,struct var_buffer * out_hkdf)411 int32_t compute_hkdf(struct var_buffer *shared_secret, struct hc_salt *salt,
412 char *key_info, uint32_t hkdf_len, struct var_buffer *out_hkdf)
413 {
414 check_ptr_return_val(shared_secret, HC_INPUT_ERROR);
415 check_ptr_return_val(salt, HC_INPUT_ERROR);
416 check_ptr_return_val(out_hkdf, HC_INPUT_ERROR);
417 check_ptr_return_val(key_info, HC_INPUT_ERROR);
418
419 struct HksBlob derived_key = { hkdf_len, out_hkdf->data };
420 struct HksBlob hks_salt = { salt->length, salt->salt };
421 struct HksBlob hks_key_info = { (uint32_t)strlen(key_info), (uint8_t *)key_info };
422
423 /* original key */
424 struct HksBlob kdf_key = { shared_secret->length, shared_secret->data };
425
426 /* derived key param */
427 struct HksParamSet *param_set = NULL;
428 struct HksParam hkdf_param[] = {
429 {
430 .tag = HKS_TAG_PURPOSE,
431 .uint32Param = HKS_KEY_PURPOSE_DERIVE
432 }, {
433 .tag = HKS_TAG_ALGORITHM,
434 .uint32Param = HKS_ALG_HKDF
435 }, {
436 .tag = HKS_TAG_DIGEST,
437 .uint32Param = HKS_DIGEST_SHA256
438 }, {
439 .tag = HKS_TAG_SALT,
440 .blob = hks_salt
441 }, {
442 .tag = HKS_TAG_INFO,
443 .blob = hks_key_info
444 }, {
445 .tag = HKS_TAG_IS_KEY_ALIAS,
446 .boolParam = false
447 }
448 };
449 int32_t status = construct_param_set(¶m_set, hkdf_param, array_size(hkdf_param));
450 if (status != ERROR_CODE_SUCCESS) {
451 LOGE("construct hkdf param set failed, status=%d", status);
452 return ERROR_CODE_BUILD_PARAM_SET;
453 }
454
455 /* make hkdf */
456 status = HksDeriveKey(param_set, &kdf_key, &derived_key);
457 if (status != ERROR_CODE_SUCCESS) {
458 LOGE("Huks key derivation failed, status: %d", status);
459 HksFreeParamSet(¶m_set);
460 return ERROR_CODE_FAILED;
461 }
462 out_hkdf->length = derived_key.size;
463
464 HksFreeParamSet(¶m_set);
465 return ERROR_CODE_SUCCESS;
466 }
467
init_aes_gcm_encrypt_param_set(struct HksParamSet ** param_set,struct random_value * nonce,struct aes_aad * aad,uint32_t key_byte_size)468 static int32_t init_aes_gcm_encrypt_param_set(struct HksParamSet **param_set,
469 struct random_value *nonce, struct aes_aad *aad, uint32_t key_byte_size)
470 {
471 struct HksParam encrypt_param[] = {
472 {
473 .tag = HKS_TAG_PURPOSE,
474 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT
475 }, {
476 .tag = HKS_TAG_ALGORITHM,
477 .uint32Param = HKS_ALG_AES
478 }, {
479 .tag = HKS_TAG_BLOCK_MODE,
480 .uint32Param = HKS_MODE_GCM
481 }, {
482 .tag = HKS_TAG_PADDING,
483 .uint32Param = HKS_PADDING_NONE
484 }, {
485 .tag = HKS_TAG_NONCE,
486 .blob = { nonce->length, nonce->random_value }
487 }, {
488 .tag = HKS_TAG_ASSOCIATED_DATA,
489 .blob = { aad->length, aad->aad }
490 }, {
491 .tag = HKS_TAG_IS_KEY_ALIAS,
492 .boolParam = false
493 }, {
494 .tag = HKS_TAG_KEY_SIZE,
495 .uint32Param = key_byte_size * BITS_PER_BYTE
496 }
497 };
498
499 return construct_param_set(param_set, encrypt_param, array_size(encrypt_param));
500 }
501
aes_gcm_encrypt(struct var_buffer * key,const struct uint8_buff * plain,struct aes_aad * aad,struct uint8_buff * out_cipher)502 int32_t aes_gcm_encrypt(struct var_buffer *key, const struct uint8_buff *plain,
503 struct aes_aad *aad, struct uint8_buff *out_cipher)
504 {
505 check_ptr_return_val(key, HC_INPUT_ERROR);
506 check_ptr_return_val(plain, HC_INPUT_ERROR);
507 check_ptr_return_val(aad, HC_INPUT_ERROR);
508 check_ptr_return_val(out_cipher, HC_INPUT_ERROR);
509 struct random_value nonce = generate_random(HC_AES_GCM_NONCE_LEN);
510 if (nonce.length == 0) {
511 LOGE("Generate random to make nonce failed");
512 return HC_GEN_RANDOM_FAILED;
513 }
514
515 struct HksBlob hks_key = { key->length, key->data };
516 struct HksBlob hks_plain_text = { plain->length, plain->val };
517
518 if (memcpy_s(out_cipher->val, out_cipher->size, nonce.random_value, nonce.length) != EOK) {
519 LOGE("memcpy nonce fail");
520 return ERROR_CODE_FAILED;
521 }
522
523 struct HksBlob tag_cipher = { out_cipher->size - nonce.length, out_cipher->val + nonce.length };
524 struct HksParamSet *param_set = NULL;
525 int32_t status = init_aes_gcm_encrypt_param_set(¶m_set, &nonce, aad, hks_key.size);
526 if (status != ERROR_CODE_SUCCESS) {
527 LOGE("init encrypt param set failed, status=%d", status);
528 return ERROR_CODE_BUILD_PARAM_SET;
529 }
530
531 status = HksEncrypt(&hks_key, param_set, &hks_plain_text, &tag_cipher);
532 if (status != ERROR_CODE_SUCCESS) {
533 LOGE("Huks aead encrypt error, status: %d", status);
534 HksFreeParamSet(¶m_set);
535 return ERROR_CODE_FAILED;
536 }
537
538 out_cipher->length = tag_cipher.size + nonce.length;
539 HksFreeParamSet(¶m_set);
540 return ERROR_CODE_SUCCESS;
541 }
542
543 /*
544 * aes_gcm_decrypt_mock
545 */
aes_gcm_decrypt(struct var_buffer * key,const struct uint8_buff * cipher,struct aes_aad * aad,struct uint8_buff * out_plain)546 int32_t aes_gcm_decrypt(struct var_buffer *key, const struct uint8_buff *cipher,
547 struct aes_aad *aad, struct uint8_buff *out_plain)
548 {
549 check_ptr_return_val(key, HC_INPUT_ERROR);
550 check_ptr_return_val(cipher, HC_INPUT_ERROR);
551 check_ptr_return_val(aad, HC_INPUT_ERROR);
552 check_ptr_return_val(out_plain, HC_INPUT_ERROR);
553
554 out_plain->length = PLAIN_LENGTH;
555 return ERROR_CODE_SUCCESS;
556 }
557
generate_service_id(const struct session_identity * identity)558 struct service_id generate_service_id(const struct session_identity *identity)
559 {
560 struct service_id service_id;
561 (void)memset_s(&service_id, sizeof(service_id), 0, sizeof(service_id));
562 if (identity == NULL) {
563 LOGE("Input is null");
564 return service_id;
565 }
566
567 uint32_t pack_name_len = identity->package_name.length;
568 if ((pack_name_len == 0) || (pack_name_len > HC_PACKAGE_NAME_BUFF_LEN)) {
569 LOGE("Pack name length is: %u", pack_name_len);
570 return service_id;
571 }
572 uint32_t type_len = identity->service_type.length;
573 if ((type_len == 0) || (type_len > HC_SERVICE_TYPE_BUFF_LEN)) {
574 LOGE("Service type length is: %u", type_len);
575 return service_id;
576 }
577 uint32_t srv_len = type_len + pack_name_len;
578 struct uint8_buff id_buff = {
579 .length = srv_len,
580 .size = srv_len
581 };
582
583 id_buff.val = (uint8_t *)MALLOC(srv_len);
584 if (id_buff.val == NULL) {
585 LOGE("Malloc mem failed");
586 return service_id;
587 }
588
589 if (memcpy_s(id_buff.val, srv_len, identity->package_name.name, pack_name_len) != EOK) {
590 LOGE("Copy service id buff failed");
591 safe_free(id_buff.val);
592 return service_id;
593 }
594 if (memcpy_s(id_buff.val + pack_name_len, srv_len - pack_name_len, identity->service_type.type, type_len) != EOK) {
595 LOGE("Copy service id buff failed");
596 safe_free(id_buff.val);
597 return service_id;
598 }
599
600 struct sha256_value srv_sha256 = sha256(&id_buff);
601 safe_free(id_buff.val);
602 id_buff.val = NULL;
603
604 if (srv_sha256.length > 0) {
605 if (memcpy_s(service_id.service_id, HC_SERVICE_ID_BUFF_LEN, srv_sha256.sha256_value, HC_SHA256_LEN) == EOK) {
606 service_id.length = srv_sha256.length;
607 } else {
608 LOGE("Copy hash value failed");
609 }
610 }
611
612 return service_id;
613 }
614
convert_byte_to_hex_string(const uint8_t * byte_array,uint32_t byte_array_size,uint8_t * hex_string,uint32_t out_size)615 static int32_t convert_byte_to_hex_string(const uint8_t *byte_array, uint32_t byte_array_size,
616 uint8_t *hex_string, uint32_t out_size)
617 {
618 int32_t length = 0;
619
620 check_num_return_val(byte_array_size, length);
621 if (out_size < (byte_array_size * BYTE_TO_HEX_OPER_LENGTH)) { /* doubleword, length*2 */
622 return length;
623 }
624 uint32_t hex_str_arr_len = (uint32_t)(out_size + 1);
625 char *hex_str_arr = (char *)MALLOC(hex_str_arr_len);
626 if (hex_str_arr == NULL) {
627 LOGE("Copy hex arr to string failed");
628 return 0;
629 }
630 (void)memset_s(hex_str_arr, hex_str_arr_len, 0, hex_str_arr_len);
631 for (uint32_t i = 0; i < byte_array_size; i++) {
632 if (sprintf_s((char *)(hex_str_arr + length), hex_str_arr_len - length, "%02x", byte_array[i]) < 0) {
633 LOGE("What happened was that the probability was zero"); /* caller perceives memery error, no return */
634 }
635 length += BYTE_TO_HEX_OPER_LENGTH; /* doubleword, length increases 2 each time */
636 }
637 if (memcpy_s(hex_string, out_size, hex_str_arr, length) != EOK) {
638 LOGE("Copy hex arr to string failed");
639 length = 0;
640 }
641
642 safe_free(hex_str_arr);
643 hex_str_arr = NULL;
644 return length;
645 }
646
generate_key_alias(const struct service_id * service_id,const struct hc_auth_id * auth_id,enum huks_key_alias_type key_type)647 struct hc_key_alias generate_key_alias(const struct service_id *service_id,
648 const struct hc_auth_id *auth_id, enum huks_key_alias_type key_type)
649 {
650 struct hc_key_alias temp_alias;
651 (void)memset_s(&temp_alias, sizeof(temp_alias), 0, sizeof(temp_alias));
652 check_ptr_return_val(service_id, temp_alias);
653 check_ptr_return_val(auth_id, temp_alias);
654 if (key_type >= HC_MAX_KEY_TYPE_NUM) {
655 LOGE("Invalid user type");
656 return temp_alias;
657 }
658 if (service_id->length > HC_SERVICE_ID_BUFF_LEN) {
659 LOGE("service_id length is error");
660 return temp_alias;
661 }
662 if (auth_id->length > HC_AUTH_ID_BUFF_LEN) {
663 LOGE("auth_id length is error");
664 return temp_alias;
665 }
666
667 uint32_t key_type_pair_size = HC_KEY_TYPE_PAIR_LEN;
668 const uint8_t *key_type_pair = g_key_type_pairs[key_type];
669 uint32_t total_len = service_id->length + auth_id->length + key_type_pair_size;
670 struct uint8_buff key_alias_buff;
671
672 (void)memset_s(&key_alias_buff, sizeof(key_alias_buff), 0, sizeof(key_alias_buff));
673 key_alias_buff.val = (uint8_t *)MALLOC(total_len + 1);
674 if (key_alias_buff.val == NULL) {
675 LOGE("Malloc key alias buff failed");
676 return temp_alias;
677 }
678
679 key_alias_buff.size = total_len + 1; /* one character longer for terminator */
680 key_alias_buff.length = total_len;
681 (void)memset_s(key_alias_buff.val, key_alias_buff.size, 0, key_alias_buff.size);
682 (void)memcpy_s(key_alias_buff.val, key_alias_buff.size, service_id->service_id, service_id->length);
683 (void)memcpy_s(key_alias_buff.val + service_id->length, key_alias_buff.size - service_id->length,
684 key_type_pair, key_type_pair_size);
685 (void)memcpy_s(key_alias_buff.val + service_id->length + key_type_pair_size,
686 key_alias_buff.size - service_id->length - key_type_pair_size,
687 auth_id->auth_id, auth_id->length);
688
689 struct hc_key_alias key_alias;
690 (void)memset_s(&key_alias, sizeof(key_alias), 0, sizeof(key_alias));
691 struct sha256_value alias_sha256 = sha256(&key_alias_buff);
692
693 safe_free(key_alias_buff.val);
694 key_alias_buff.val = NULL;
695 if (alias_sha256.length > 0) {
696 int32_t length = convert_byte_to_hex_string(alias_sha256.sha256_value, alias_sha256.length,
697 key_alias.key_alias, HC_KEY_ALIAS_MAX_LEN);
698 key_alias.length = length;
699 }
700 return key_alias;
701 }
702
init_x25519_generate_key_input_param_set(struct HksParamSet ** input_param_set)703 static int32_t init_x25519_generate_key_input_param_set(struct HksParamSet **input_param_set)
704 {
705 struct HksParam key_param[] = {
706 {
707 .tag = HKS_TAG_KEY_STORAGE_FLAG,
708 .uint32Param = HKS_STORAGE_TEMP
709 }, {
710 .tag = HKS_TAG_PURPOSE,
711 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
712 }, {
713 .tag = HKS_TAG_ALGORITHM,
714 .uint32Param = HKS_ALG_X25519
715 }, {
716 .tag = HKS_TAG_KEY_SIZE,
717 .uint32Param = X25519_KEY_LEN
718 }, {
719 .tag = HKS_TAG_IS_ALLOWED_WRAP,
720 .boolParam = true
721 }
722 };
723
724 int32_t status = construct_param_set(input_param_set, key_param, array_size(key_param));
725 if (status != ERROR_CODE_SUCCESS) {
726 LOGE("construct encrypt param set failed, status=%d", status);
727 return ERROR_CODE_BUILD_PARAM_SET;
728 }
729
730 return ERROR_CODE_SUCCESS;
731 }
732
parse_x25519_output_param_set(struct HksParamSet * output_param_set,struct st_key_pair * out_key_pair)733 static int32_t parse_x25519_output_param_set(struct HksParamSet *output_param_set,
734 struct st_key_pair *out_key_pair)
735 {
736 int32_t status = HksFreshParamSet(output_param_set, false); /* false means fresh by local, not though IPC */
737 if (status != ERROR_CODE_SUCCESS) {
738 LOGE("fresh param set failed, status:%d", status);
739 return ERROR_CODE_FRESH_PARAM_SET;
740 }
741
742 struct HksParam *pub_key_param = NULL;
743 status = HksGetParam(output_param_set, HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA, &pub_key_param);
744 if (status != ERROR_CODE_SUCCESS) {
745 LOGE("get pub key from param set failed, status:%d", status);
746 return ERROR_CODE_GET_PUB_KEY_FROM_PARAM_SET;
747 }
748
749 struct HksParam *priv_key_param = NULL;
750 status = HksGetParam(output_param_set, HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA, &priv_key_param);
751 if (status != ERROR_CODE_SUCCESS) {
752 LOGE("get priv key from param set failed, status:%d", status);
753 return ERROR_CODE_GET_PRIV_KEY_FROM_PARAM_SET;
754 }
755
756 if (memcpy_s(out_key_pair->st_public_key.stpk, HC_ST_PUBLIC_KEY_LEN,
757 pub_key_param->blob.data, pub_key_param->blob.size) != EOK) {
758 LOGE("parse x25519 output param set memcpy public key failed!");
759 return ERROR_CODE_FAILED;
760 }
761 out_key_pair->st_public_key.length = pub_key_param->blob.size;
762
763 if (memcpy_s(out_key_pair->st_private_key.stsk, HC_ST_PRIVATE_KEY_LEN,
764 priv_key_param->blob.data, priv_key_param->blob.size) != EOK) {
765 LOGE("parse x25519 output param set memcpy private key failed!");
766 return ERROR_CODE_FAILED;
767 }
768 out_key_pair->st_private_key.length = priv_key_param->blob.size;
769
770 return ERROR_CODE_SUCCESS;
771 }
772
generate_st_key_pair(struct st_key_pair * out_key_pair)773 int32_t generate_st_key_pair(struct st_key_pair *out_key_pair)
774 {
775 check_ptr_return_val(out_key_pair, HC_INPUT_ERROR);
776 (void)memset_s(out_key_pair, sizeof(*out_key_pair), 0, sizeof(*out_key_pair));
777
778 struct HksParamSet *input_param_set = NULL;
779 int32_t status = init_x25519_generate_key_input_param_set(&input_param_set);
780 if (status != ERROR_CODE_SUCCESS) {
781 LOGE("init x25519 generate key input param set failed! status:%d", status);
782 return status;
783 }
784
785 struct HksParamSet *output_param_set = (struct HksParamSet *)MALLOC(X25519_KEY_PARAM_SET_SIZE);
786 if (output_param_set == NULL) {
787 LOGE("allocate buffer for output param set failed");
788 HksFreeParamSet(&input_param_set);
789 return ERROR_CODE_FAILED;
790 }
791
792 (void)memset_s(output_param_set, X25519_KEY_PARAM_SET_SIZE, 0, X25519_KEY_PARAM_SET_SIZE);
793 output_param_set->paramSetSize = X25519_KEY_PARAM_SET_SIZE;
794
795 do {
796 status = HksGenerateKey(NULL, input_param_set, output_param_set);
797 if (status != ERROR_CODE_SUCCESS) {
798 LOGE("generate x25519 key failed! status:%d", status);
799 status = ERROR_CODE_GENERATE_KEY;
800 break;
801 }
802
803 status = parse_x25519_output_param_set(output_param_set, out_key_pair);
804 if (status != ERROR_CODE_SUCCESS) {
805 LOGE("parse x25519 output param set failed! status:%d", status);
806 break;
807 }
808 } while (0);
809
810 HksFreeParamSet(&input_param_set);
811 safe_free(output_param_set);
812 return status;
813 }
814
generate_lt_key_pair(struct hc_key_alias * key_alias,const struct hc_auth_id * auth_id)815 int32_t generate_lt_key_pair(struct hc_key_alias *key_alias, const struct hc_auth_id *auth_id)
816 {
817 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
818 check_ptr_return_val(auth_id, HC_INPUT_ERROR);
819
820 struct HksBlob key_alias_blob = convert_to_blob_from_hc_key_alias(key_alias);
821 check_num_return_val(key_alias_blob.size, ERROR_CODE_FAILED);
822
823 struct hc_auth_id tmp_id = *auth_id;
824 struct HksParamSet *param_set = NULL;
825 struct HksParam key_param[] = {
826 {
827 .tag = HKS_TAG_ALGORITHM,
828 .uint32Param = HKS_ALG_ED25519
829 }, {
830 .tag = HKS_TAG_KEY_STORAGE_FLAG,
831 .uint32Param = HKS_STORAGE_PERSISTENT
832 }, {
833 .tag = HKS_TAG_PURPOSE,
834 .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
835 }, {
836 .tag = HKS_TAG_KEY_SIZE,
837 .uint32Param = ED25519_KEY_LEN
838 }, {
839 .tag = HKS_TAG_PADDING,
840 .uint32Param = HKS_PADDING_NONE
841 }, {
842 .tag = HKS_TAG_DIGEST,
843 .uint32Param = HKS_DIGEST_SHA256
844 }, {
845 .tag = HKS_TAG_KEY_AUTH_ID,
846 .blob = convert_to_blob_from_hc_auth_id(&tmp_id)
847 }, {
848 .tag = HKS_TAG_IS_ALLOWED_WRAP,
849 .boolParam = true
850 }
851 };
852
853 int32_t status = construct_param_set(¶m_set, key_param, array_size(key_param));
854 if (status != ERROR_CODE_SUCCESS) {
855 LOGE("construct encrypt param set failed, status=%d", status);
856 return ERROR_CODE_BUILD_PARAM_SET;
857 }
858
859 status = HksGenerateKey(&key_alias_blob, param_set, NULL);
860 if (status != ERROR_CODE_SUCCESS) {
861 LOGE("Hks generate failed, status=%d", status);
862 HksFreeParamSet(¶m_set);
863 return ERROR_CODE_GENERATE_KEY;
864 }
865
866 HksFreeParamSet(¶m_set);
867 return ERROR_CODE_SUCCESS;
868 }
869
export_lt_public_key(struct hc_key_alias * key_alias,struct ltpk * out_public_key)870 int32_t export_lt_public_key(struct hc_key_alias *key_alias, struct ltpk *out_public_key)
871 {
872 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
873 check_ptr_return_val(out_public_key, HC_INPUT_ERROR);
874
875 struct HksBlob key_alias_blob = convert_to_blob_from_hc_key_alias(key_alias);
876 check_num_return_val(key_alias_blob.size, ERROR_CODE_FAILED);
877
878 struct HksBlob key = { HC_LT_PUBLIC_KEY_LEN, out_public_key->ltpk };
879 int32_t hks_status = HksExportPublicKey(&key_alias_blob, NULL, &key);
880 if (hks_status != ERROR_CODE_SUCCESS) {
881 LOGE("Export public key failed, status=%d", hks_status);
882 return ERROR_CODE_FAILED;
883 }
884 out_public_key->length = key.size;
885
886 return ERROR_CODE_SUCCESS;
887 }
888
delete_key(struct hc_key_alias * key_alias)889 int32_t delete_key(struct hc_key_alias *key_alias)
890 {
891 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
892
893 struct HksBlob key_alias_blob = convert_to_blob_from_hc_key_alias(key_alias);
894 check_num_return_val(key_alias_blob.size, ERROR_CODE_FAILED);
895
896 int32_t hks_status = HksDeleteKey(&key_alias_blob, NULL);
897 if (hks_status != ERROR_CODE_SUCCESS) {
898 LOGE("Delete key failed, status=%d", hks_status);
899 return ERROR_CODE_FAILED;
900 }
901
902 return ERROR_CODE_SUCCESS;
903 }
904
905 /*
906 * delete long time public key
907 *
908 * @key_alias: long time public key alias
909 * @return 0 -- success, others -- failed
910 */
delete_lt_public_key(struct hc_key_alias * key_alias)911 int32_t delete_lt_public_key(struct hc_key_alias *key_alias)
912 {
913 int32_t hks_status = delete_key(key_alias);
914 if (hks_status != ERROR_CODE_SUCCESS) {
915 LOGE("Delete lt public key failed, status=%d", hks_status);
916 }
917
918 return hks_status;
919 }
920
init_import_lt_public_key_param_set(struct HksParamSet ** param_set,const int32_t user_type,const int32_t pair_type,struct hc_auth_id * auth_id)921 static int32_t init_import_lt_public_key_param_set(struct HksParamSet **param_set,
922 const int32_t user_type, const int32_t pair_type, struct hc_auth_id *auth_id)
923 {
924 #if !(defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_))
925 union huks_key_type_union huks_key_type;
926 huks_key_type.type_struct.user_type = (uint8_t)user_type;
927 huks_key_type.type_struct.pair_type = (uint8_t)pair_type;
928 huks_key_type.type_struct.reserved1 = (uint8_t)0;
929 huks_key_type.type_struct.reserved2 = (uint8_t)0;
930 #endif
931
932 (void)pair_type;
933 struct HksParam key_param[] = {
934 {
935 .tag = HKS_TAG_ALGORITHM,
936 .uint32Param = HKS_ALG_ED25519
937 }, {
938 .tag = HKS_TAG_KEY_SIZE,
939 .uint32Param = ED25519_KEY_LEN
940 }, {
941 .tag = HKS_TAG_PADDING,
942 .uint32Param = HKS_PADDING_NONE
943 }, {
944 .tag = HKS_TAG_DIGEST,
945 .uint32Param = HKS_DIGEST_SHA256
946 }, {
947 .tag = HKS_TAG_KEY_AUTH_ID,
948 .blob = convert_to_blob_from_hc_auth_id(auth_id)
949 }, {
950 .tag = HKS_TAG_IS_ALLOWED_WRAP,
951 .boolParam = true
952 },
953 #if (defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_))
954 {
955 .tag = HKS_TAG_PURPOSE,
956 .uint32Param = HKS_KEY_PURPOSE_VERIFY
957 }, {
958 .tag = HKS_TAG_KEY_ROLE,
959 .uint32Param = user_type
960 }
961 #else
962 {
963 .tag = HKS_TAG_PURPOSE,
964 .uint32Param = HKS_KEY_PURPOSE_VERIFY
965 }, {
966 .tag = HKS_TAG_KEY_ROLE,
967 .uint32Param = (uint32_t)huks_key_type.key_type
968 }
969 #endif
970 };
971
972 return construct_param_set(param_set, key_param, array_size(key_param));
973 }
974
import_lt_public_key(struct hc_key_alias * key_alias,struct ltpk * peer_public_key,const int32_t user_type,const int32_t pair_type,struct hc_auth_id * auth_id)975 int32_t import_lt_public_key(struct hc_key_alias *key_alias, struct ltpk *peer_public_key,
976 const int32_t user_type, const int32_t pair_type, struct hc_auth_id *auth_id)
977 {
978 if ((pair_type < 0) || (pair_type >= HC_MAX_PAIR_TYPE_NUM)) {
979 return HC_INPUT_ERROR;
980 }
981 if ((user_type < 0) || (user_type >= HC_MAX_KEY_TYPE_NUM)) {
982 return HC_INPUT_ERROR;
983 }
984 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
985 check_ptr_return_val(peer_public_key, HC_INPUT_ERROR);
986 check_ptr_return_val(auth_id, HC_INPUT_ERROR);
987
988 struct HksBlob key_alias_blob = convert_to_blob_from_hc_key_alias(key_alias);
989 if (key_alias_blob.size == 0) {
990 LOGE("Convert key alias to blob failed");
991 return ERROR_CODE_FAILED;
992 }
993
994 struct HksBlob ltpk_key_blob = convert_to_blob_from_ltpk(peer_public_key);
995 if (ltpk_key_blob.size == 0) {
996 LOGE("Convert ltpk key to blob failed");
997 return ERROR_CODE_FAILED;
998 }
999
1000 struct HksParamSet *param_set = NULL;
1001 int32_t status = init_import_lt_public_key_param_set(¶m_set, user_type, pair_type, auth_id);
1002 if (status != ERROR_CODE_SUCCESS) {
1003 LOGE("init import lt public key input param set failed! status:%d", status);
1004 return status;
1005 }
1006
1007 status = HksImportKey(&key_alias_blob, param_set, <pk_key_blob);
1008
1009 HksFreeParamSet(¶m_set);
1010 return status;
1011 }
1012
check_lt_public_key_exist(struct hc_key_alias * key_alias)1013 int32_t check_lt_public_key_exist(struct hc_key_alias *key_alias)
1014 {
1015 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
1016 check_num_return_val(key_alias->length, HC_INPUT_ERROR);
1017 struct HksBlob key_alias_blob = convert_to_blob_from_hc_key_alias(key_alias);
1018 int32_t hks_status = HksKeyExist(&key_alias_blob, NULL);
1019 if (hks_status == 0) {
1020 return ERROR_CODE_SUCCESS;
1021 } else {
1022 LOGI("Check lt public key exist failed, status = %d", hks_status);
1023 return ERROR_CODE_FAILED;
1024 }
1025 }
1026
check_key_exist(struct hc_key_alias * key_alias)1027 int32_t check_key_exist(struct hc_key_alias *key_alias)
1028 {
1029 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
1030 check_num_return_val(key_alias->length, HC_INPUT_ERROR);
1031 struct HksBlob key_alias_blob = convert_to_blob_from_hc_key_alias(key_alias);
1032 int32_t hks_status = HksKeyExist(&key_alias_blob, NULL);
1033 if (hks_status == 0) {
1034 return ERROR_CODE_SUCCESS;
1035 } else {
1036 LOGI("Check key exist failed, status = %d", hks_status);
1037 return ERROR_CODE_FAILED;
1038 }
1039 }
1040
init_key_info_list(struct HksKeyInfo * key_info_list,int32_t len)1041 static int32_t init_key_info_list(struct HksKeyInfo *key_info_list, int32_t len)
1042 {
1043 (void)memset_s(key_info_list, sizeof(struct HksKeyInfo) * len, 0, sizeof(struct HksKeyInfo) * len);
1044 for (int32_t i = 0; i < len; ++i) {
1045 struct HksKeyInfo key_info_tmp;
1046
1047 key_info_tmp.alias.data = (uint8_t *)MALLOC(HC_KEY_ALIAS_MAX_LEN);
1048 if (key_info_tmp.alias.data == NULL) {
1049 LOGE("allocate space for key info alias data failed");
1050 return ERROR_CODE_NO_SPACE;
1051 }
1052 (void)memset_s(key_info_tmp.alias.data, HC_KEY_ALIAS_MAX_LEN, 0, HC_KEY_ALIAS_MAX_LEN);
1053 key_info_tmp.alias.size = HC_KEY_ALIAS_MAX_LEN;
1054
1055 key_info_tmp.paramSet = (struct HksParamSet *)MALLOC(DEFAULT_PARAM_SET_OUT_SIZE);
1056 if (key_info_tmp.paramSet == NULL) {
1057 safe_free(key_info_tmp.alias.data);
1058 key_info_tmp.alias.data = NULL;
1059 LOGE("allocate space for key param set failed");
1060 return ERROR_CODE_NO_SPACE;
1061 }
1062 (void)memset_s(key_info_tmp.paramSet, DEFAULT_PARAM_SET_OUT_SIZE, 0, DEFAULT_PARAM_SET_OUT_SIZE);
1063 key_info_tmp.paramSet->paramSetSize = DEFAULT_PARAM_SET_OUT_SIZE;
1064
1065 key_info_list[i] = key_info_tmp;
1066 }
1067 return 0;
1068 }
1069
inner_get_lt_info_by_key_info(struct HksKeyInfo * key_info,struct huks_key_type * out_key_type,struct hc_auth_id * out_auth_id)1070 static int32_t inner_get_lt_info_by_key_info(struct HksKeyInfo *key_info,
1071 struct huks_key_type *out_key_type, struct hc_auth_id *out_auth_id)
1072 {
1073 union huks_key_type_union key_type_union;
1074 struct HksParam *key_role = NULL;
1075 int32_t status = HksGetParam(key_info->paramSet, HKS_TAG_KEY_ROLE, &key_role);
1076 if (status != ERROR_CODE_SUCCESS) {
1077 LOGE("get key role from param set failed, status:%d", status);
1078 return ERROR_CODE_FAILED;
1079 }
1080
1081 key_type_union.key_type = key_role->uint32Param;
1082 out_key_type->user_type = key_type_union.type_struct.user_type;
1083 out_key_type->pair_type = key_type_union.type_struct.pair_type;
1084 out_key_type->reserved1 = key_type_union.type_struct.reserved1;
1085 out_key_type->reserved2 = key_type_union.type_struct.reserved2;
1086
1087 struct HksParam *auth_id = NULL;
1088 status = HksGetParam(key_info->paramSet, HKS_TAG_KEY_AUTH_ID, &auth_id);
1089 if (status != ERROR_CODE_SUCCESS) {
1090 LOGE("get auth id from param set failed, status:%d", status);
1091 return ERROR_CODE_FAILED;
1092 }
1093
1094 if (memcpy_s(out_auth_id->auth_id, HC_AUTH_ID_BUFF_LEN,
1095 auth_id->blob.data, auth_id->blob.size) != EOK) {
1096 LOGE("Copy key param failed");
1097 return ERROR_CODE_FAILED;
1098 }
1099 out_auth_id->length = auth_id->blob.size;
1100
1101 return status;
1102 }
1103
inner_get_lt_info_by_key_alias(struct HksBlob * key_alias,struct huks_key_type * out_key_type,struct hc_auth_id * out_auth_id)1104 static int32_t inner_get_lt_info_by_key_alias(struct HksBlob *key_alias,
1105 struct huks_key_type *out_key_type, struct hc_auth_id *out_auth_id)
1106 {
1107 struct HksParamSet *output_param_set = (struct HksParamSet *)MALLOC(DEFAULT_PARAM_SET_OUT_SIZE);
1108 if (output_param_set == NULL) {
1109 LOGE("allocate space for param set out failed");
1110 return ERROR_CODE_FAILED;
1111 }
1112 (void)memset_s(output_param_set, DEFAULT_PARAM_SET_OUT_SIZE, 0, DEFAULT_PARAM_SET_OUT_SIZE);
1113 output_param_set->paramSetSize = DEFAULT_PARAM_SET_OUT_SIZE;
1114
1115 int32_t status = HksGetKeyParamSet(key_alias, NULL, output_param_set);
1116 if (status != ERROR_CODE_SUCCESS) {
1117 LOGE("Get huks key param set failed");
1118 goto get_key_info_free;
1119 }
1120
1121 status = HksFreshParamSet(output_param_set, false);
1122 if (status != ERROR_CODE_SUCCESS) {
1123 LOGE("fresh param set failed, status:%d", status);
1124 goto get_key_info_free;
1125 }
1126
1127 struct HksParam *key_role = NULL;
1128 status = HksGetParam(output_param_set, HKS_TAG_KEY_ROLE, &key_role);
1129 if (status != ERROR_CODE_SUCCESS) {
1130 LOGE("get key role from param set failed, status:%d", status);
1131 goto get_key_info_free;
1132 }
1133
1134 union huks_key_type_union key_type_union;
1135 key_type_union.key_type = key_role->uint32Param;
1136 out_key_type->user_type = key_type_union.type_struct.user_type;
1137 out_key_type->pair_type = key_type_union.type_struct.pair_type;
1138 out_key_type->reserved1 = key_type_union.type_struct.reserved1;
1139 out_key_type->reserved2 = key_type_union.type_struct.reserved2;
1140
1141 struct HksParam *auth_id = NULL;
1142 status = HksGetParam(output_param_set, HKS_TAG_KEY_AUTH_ID, &auth_id);
1143 if (status != ERROR_CODE_SUCCESS) {
1144 LOGE("get auth id from param set failed, status:%d", status);
1145 goto get_key_info_free;
1146 }
1147
1148 if (memcpy_s(out_auth_id->auth_id, HC_AUTH_ID_BUFF_LEN, auth_id->blob.data, auth_id->blob.size) != EOK) {
1149 LOGE("Copy key param failed");
1150 goto get_key_info_free;
1151 }
1152 out_auth_id->length = auth_id->blob.size;
1153
1154 get_key_info_free:
1155 safe_free(output_param_set);
1156 return status;
1157 }
1158
get_lt_key_info(struct hc_key_alias * alias,struct huks_key_type * out_key_type,struct hc_auth_id * out_auth_id)1159 int32_t get_lt_key_info(struct hc_key_alias *alias, struct huks_key_type *out_key_type, struct hc_auth_id *out_auth_id)
1160 {
1161 check_ptr_return_val(alias, HC_INPUT_ERROR);
1162 check_ptr_return_val(out_key_type, HC_INPUT_ERROR);
1163 check_ptr_return_val(out_auth_id, HC_INPUT_ERROR);
1164
1165 struct HksBlob alias_blob = convert_to_blob_from_hc_key_alias(alias);
1166 return inner_get_lt_info_by_key_alias(&alias_blob, out_key_type, out_auth_id);
1167 }
1168
check_key_alias_is_owner(struct hc_key_alias * key_alias)1169 int32_t check_key_alias_is_owner(struct hc_key_alias *key_alias)
1170 {
1171 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
1172 check_num_return_val(key_alias->length, HC_INPUT_ERROR);
1173
1174 int32_t error_code = check_lt_public_key_exist(key_alias);
1175 if (error_code != ERROR_CODE_SUCCESS) {
1176 LOGE("Key is not exist");
1177 return error_code;
1178 }
1179
1180 struct huks_key_type key_type;
1181 struct hc_auth_id auth_id;
1182
1183 struct HksBlob key_alias_blob = convert_to_blob_from_hc_key_alias(key_alias);
1184 error_code = inner_get_lt_info_by_key_alias(&key_alias_blob, &key_type, &auth_id);
1185 if (error_code != ERROR_CODE_SUCCESS) {
1186 LOGE("Get key info failed");
1187 return error_code;
1188 }
1189
1190 if (key_type.user_type != (uint8_t)HC_USER_TYPE_CONTROLLER) {
1191 return ERROR_CODE_FAILED;
1192 }
1193 if (key_type.pair_type == (uint8_t)HC_PAIR_TYPE_BIND) {
1194 return ERROR_CODE_SUCCESS;
1195 } else {
1196 return ERROR_CODE_FAILED;
1197 }
1198 }
1199
load_lt_public_key_list(const struct hc_auth_id * owner_id,int32_t trust_user_type,struct HksKeyInfo * key_info_list,uint32_t list_count,struct hc_auth_id * out_auth_list)1200 static uint32_t load_lt_public_key_list(const struct hc_auth_id *owner_id, int32_t trust_user_type,
1201 struct HksKeyInfo *key_info_list, uint32_t list_count, struct hc_auth_id *out_auth_list)
1202 {
1203 uint8_t pair_type = owner_id == NULL ? (uint8_t)HC_PAIR_TYPE_BIND : (uint8_t)HC_PAIR_TYPE_AUTH;
1204 uint8_t user_type = (uint8_t)trust_user_type;
1205 int32_t err_code;
1206 struct huks_key_type key_type;
1207 struct hc_auth_id auth_id;
1208 uint32_t effect_count = 0;
1209
1210 if ((trust_user_type < 0) || (trust_user_type >= HC_MAX_KEY_TYPE_NUM)) {
1211 return effect_count;
1212 }
1213 for (uint32_t i = 0; i < list_count; i++) {
1214 struct HksParam *key_flag_param = NULL;
1215 int32_t status = HksGetParam(key_info_list[i].paramSet, HKS_TAG_KEY_FLAG, &key_flag_param);
1216 if (status != ERROR_CODE_SUCCESS) {
1217 LOGE("get key flag from param set failed, status:%d", status);
1218 return ERROR_CODE_FAILED;
1219 }
1220 if (key_flag_param->uint32Param == HKS_KEY_FLAG_GENERATE_KEY) {
1221 continue;
1222 }
1223 err_code = inner_get_lt_info_by_key_info(&key_info_list[i], &key_type, &auth_id);
1224 if (err_code != ERROR_CODE_SUCCESS) {
1225 continue;
1226 }
1227 if (key_type.user_type != user_type) {
1228 continue;
1229 }
1230 if (user_type == (uint8_t)HC_USER_TYPE_CONTROLLER) {
1231 if (key_type.pair_type != pair_type) {
1232 continue;
1233 }
1234 }
1235 if (memcpy_s(out_auth_list[effect_count].auth_id, HC_AUTH_ID_BUFF_LEN,
1236 auth_id.auth_id, auth_id.length) != EOK) {
1237 LOGE("Copy from temp hc_auth_id to out_auth_list failed");
1238 continue;
1239 }
1240 out_auth_list[effect_count].length = auth_id.length;
1241 effect_count++;
1242 }
1243 return effect_count;
1244 }
1245
get_lt_public_key_list(const struct hc_auth_id * owner_auth_id,int32_t trust_user_type,struct hc_auth_id * out_auth_list,uint32_t * out_count)1246 int32_t get_lt_public_key_list(const struct hc_auth_id *owner_auth_id, int32_t trust_user_type,
1247 struct hc_auth_id *out_auth_list, uint32_t *out_count)
1248 {
1249 check_ptr_return_val(out_auth_list, HC_INPUT_ERROR);
1250 check_ptr_return_val(out_count, HC_INPUT_ERROR);
1251
1252 int32_t error_code = ERROR_CODE_SUCCESS;
1253 struct HksKeyInfo key_info_list[HC_PUB_KEY_ALIAS_MAX_NUM];
1254 int32_t status = init_key_info_list(key_info_list, HC_PUB_KEY_ALIAS_MAX_NUM);
1255 if (status != ERROR_CODE_SUCCESS) {
1256 LOGE("Init key info list failed, status=%d", status);
1257 error_code = ERROR_CODE_FAILED;
1258 goto exit;
1259 }
1260
1261 uint32_t list_count = HC_PUB_KEY_ALIAS_MAX_NUM;
1262 status = HksGetKeyInfoList(NULL, key_info_list, &list_count);
1263 if (status != ERROR_CODE_SUCCESS) {
1264 LOGE("Huks get pub key info list failed, status=%d", status);
1265 error_code = ERROR_CODE_FAILED;
1266 goto exit;
1267 }
1268
1269 /* filter with trust_user_type */
1270 uint32_t effect_count = load_lt_public_key_list(owner_auth_id, trust_user_type, key_info_list,
1271 list_count, out_auth_list);
1272 /* output param */
1273 *out_count = effect_count;
1274
1275 exit:
1276 for (int32_t i = 0; i < HC_PUB_KEY_ALIAS_MAX_NUM; ++i) {
1277 safe_free(key_info_list[i].alias.data);
1278 safe_free(key_info_list[i].paramSet);
1279 }
1280 return error_code;
1281 }
1282
gen_sign_key_param_set(struct HksParamSet ** param_set)1283 static int32_t gen_sign_key_param_set(struct HksParamSet **param_set)
1284 {
1285 struct HksParam params[] = {
1286 {
1287 .tag = HKS_TAG_PURPOSE,
1288 .uint32Param = HKS_KEY_PURPOSE_SIGN /* correspond to old key usage */
1289 }, {
1290 .tag = HKS_TAG_ALGORITHM,
1291 .uint32Param = HKS_ALG_ED25519 /* alg, correspond to old key type */
1292 }, {
1293 .tag = HKS_TAG_PADDING,
1294 .uint32Param = HKS_PADDING_NONE
1295 }, {
1296 .tag = HKS_TAG_DIGEST,
1297 .uint32Param = HKS_DIGEST_SHA256
1298 }
1299 };
1300
1301 int32_t status = construct_param_set(param_set, params, array_size(params));
1302 if (status != ERROR_CODE_SUCCESS) {
1303 LOGE("construct param set for sign failed, status:%d", status);
1304 }
1305
1306 return status;
1307 }
1308
sign(struct hc_key_alias * key_alias,const struct uint8_buff * message,struct signature * out_signature)1309 int32_t sign(struct hc_key_alias *key_alias, const struct uint8_buff *message, struct signature *out_signature)
1310 {
1311 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
1312 check_ptr_return_val(message, HC_INPUT_ERROR);
1313 check_ptr_return_val(out_signature, HC_INPUT_ERROR);
1314 check_num_return_val(key_alias->length, HC_INPUT_ERROR);
1315
1316 struct HksBlob key_alias_blob = convert_to_blob_from_hc_key_alias(key_alias);
1317 if (key_alias_blob.size == 0) {
1318 LOGE("Convert hks key alias to blob failed");
1319 return ERROR_CODE_FAILED;
1320 }
1321
1322 struct sha256_value sha256_value = sha256(message);
1323 if (sha256_value.length == 0) {
1324 LOGE("Get sha256 hash failed");
1325 return ERROR_CODE_FAILED;
1326 }
1327
1328 struct HksBlob hash = convert_to_blob_from_sha256_value(&sha256_value);
1329 if (hash.size == 0) {
1330 LOGE("Convert sha256 hash to blob failed");
1331 return ERROR_CODE_FAILED;
1332 }
1333
1334 struct HksParamSet *key_param_set = NULL;
1335 int32_t hks_status = gen_sign_key_param_set(&key_param_set);
1336 if (hks_status != ERROR_CODE_SUCCESS) {
1337 LOGE("gen sign key param set failed, status:%d", hks_status);
1338 return ERROR_CODE_FAILED;
1339 }
1340
1341 struct HksBlob signature = { HC_SIGNATURE_LEN, out_signature->signature };
1342 hks_status = HksSign(&key_alias_blob, key_param_set, &hash, &signature);
1343 if ((hks_status == ERROR_CODE_SUCCESS) && (signature.size == HC_SIGNATURE_LEN)) {
1344 out_signature->length = HC_SIGNATURE_LEN;
1345 } else {
1346 LOGE("Sign failed, status=%d", hks_status);
1347 hks_status = ERROR_CODE_FAILED;
1348 }
1349
1350 HksFreeParamSet(&key_param_set);
1351 return hks_status;
1352 }
1353
gen_verify_key_param_set(const bool is_keyalias,const uint32_t key_size,const int32_t user_type,struct HksParamSet ** param_set)1354 static int gen_verify_key_param_set(const bool is_keyalias, const uint32_t key_size,
1355 const int32_t user_type, struct HksParamSet **param_set)
1356 {
1357 struct HksParam params[] = {
1358 {
1359 .tag = HKS_TAG_PURPOSE,
1360 .uint32Param = HKS_KEY_PURPOSE_VERIFY
1361 }, {
1362 .tag = HKS_TAG_ALGORITHM,
1363 .uint32Param = HKS_ALG_ED25519
1364 }, {
1365 .tag = HKS_TAG_DIGEST,
1366 .uint32Param = HKS_DIGEST_SHA256
1367 }, {
1368 .tag = HKS_TAG_PADDING,
1369 .uint32Param = HKS_PADDING_NONE
1370 }, {
1371 .tag = HKS_TAG_KEY_ROLE,
1372 .uint32Param = (uint32_t)user_type
1373 }, {
1374 .tag = HKS_TAG_IS_KEY_ALIAS,
1375 .boolParam = is_keyalias
1376 }, {
1377 .tag = HKS_TAG_KEY_SIZE,
1378 .uint32Param = (is_keyalias ? 0 : key_size)
1379 }
1380 };
1381
1382 int32_t status = construct_param_set(param_set, params, array_size(params));
1383 if (status != ERROR_CODE_SUCCESS) {
1384 LOGE("construct param set for verify failed, status:%d", status);
1385 }
1386
1387 return status;
1388 }
1389
verify(struct hc_key_alias * key_alias,const int32_t user_type,const struct uint8_buff * message,struct signature * signature)1390 int32_t verify(struct hc_key_alias *key_alias, const int32_t user_type,
1391 const struct uint8_buff *message, struct signature *signature)
1392 {
1393 check_ptr_return_val(key_alias, HC_INPUT_ERROR);
1394 check_ptr_return_val(message, HC_INPUT_ERROR);
1395 check_ptr_return_val(signature, HC_INPUT_ERROR);
1396 check_num_return_val(key_alias->length, HC_INPUT_ERROR);
1397
1398 return ERROR_CODE_SUCCESS;
1399 }
1400
verify_with_public_key(const int32_t user_type,const struct uint8_buff * message,struct var_buffer * public_key,struct signature * signature)1401 int32_t verify_with_public_key(const int32_t user_type, const struct uint8_buff *message,
1402 struct var_buffer *public_key, struct signature *signature)
1403 {
1404 check_ptr_return_val(message, HC_INPUT_ERROR);
1405 check_ptr_return_val(public_key, HC_INPUT_ERROR);
1406 check_ptr_return_val(signature, HC_INPUT_ERROR);
1407
1408 int32_t error_code = ERROR_CODE_FAILED;
1409 struct sha256_value sha256_value = sha256(message);
1410 if (sha256_value.length == 0) {
1411 LOGE("Get sha256 hash failed");
1412 return error_code;
1413 }
1414
1415 struct HksBlob hash = convert_to_blob_from_sha256_value(&sha256_value);
1416 if (hash.size == 0) {
1417 LOGE("Convert sha256 hash to blob failed");
1418 return error_code;
1419 }
1420
1421 struct HksBlob signature_blob = convert_to_blob_from_signature(signature);
1422 if (signature_blob.size == 0) {
1423 LOGE("Convert hks signature to blob failed");
1424 return error_code;
1425 }
1426
1427 struct HksParamSet *key_param_set = NULL;
1428 int32_t hks_status = gen_verify_key_param_set(false, /* false: is public key */
1429 public_key->length * BITS_PER_BYTE, user_type, &key_param_set);
1430 if (hks_status != ERROR_CODE_SUCCESS) {
1431 LOGE("gen verify with public key param set failed, status:%d", hks_status);
1432 return error_code;
1433 }
1434
1435 struct HksBlob public_key_blob = { public_key->length, public_key->data };
1436 hks_status = HksVerify(&public_key_blob, key_param_set, &hash, &signature_blob);
1437 if (hks_status == 0) {
1438 error_code = ERROR_CODE_SUCCESS;
1439 } else {
1440 LOGE("Verify failed, status=%d", hks_status);
1441 error_code = ERROR_CODE_FAILED;
1442 }
1443
1444 HksFreeParamSet(&key_param_set);
1445 return error_code;
1446 }
1447
gen_agreed_key_param_set(struct HksParamSet ** param_set)1448 static int32_t gen_agreed_key_param_set(struct HksParamSet **param_set)
1449 {
1450 struct HksParam params[] = {
1451 {
1452 .tag = HKS_TAG_PURPOSE,
1453 .uint32Param = HKS_KEY_PURPOSE_DERIVE
1454 }, {
1455 .tag = HKS_TAG_ALGORITHM,
1456 .uint32Param = HKS_ALG_X25519
1457 }, {
1458 .tag = HKS_TAG_KEY_SIZE,
1459 .uint32Param = HC_ST_PUBLIC_KEY_LEN * BITS_PER_BYTE
1460 }, {
1461 .tag = HKS_TAG_IS_KEY_ALIAS,
1462 .boolParam = false
1463 }
1464 };
1465
1466 int32_t status = construct_param_set(param_set, params, array_size(params));
1467 if (status != ERROR_CODE_SUCCESS) {
1468 LOGE("construct param set for agreed key failed, status:%d", status);
1469 }
1470
1471 return status;
1472 }
1473
compute_sts_shared_secret(struct stsk * self_private_key,struct stpk * peer_public_key,struct sts_shared_secret * out_shared_key)1474 int32_t compute_sts_shared_secret(struct stsk *self_private_key, struct stpk *peer_public_key,
1475 struct sts_shared_secret *out_shared_key)
1476 {
1477 check_ptr_return_val(self_private_key, HC_INPUT_ERROR);
1478 check_num_return_val(self_private_key->length, HC_INPUT_ERROR);
1479 check_ptr_return_val(peer_public_key, HC_INPUT_ERROR);
1480 check_num_return_val(peer_public_key->length, HC_INPUT_ERROR);
1481 check_ptr_return_val(out_shared_key, HC_INPUT_ERROR);
1482
1483 (void)memset_s(out_shared_key, sizeof(*out_shared_key), 0, sizeof(*out_shared_key));
1484 int32_t error_code = ERROR_CODE_FAILED;
1485 struct HksBlob self_private_key_blob = convert_to_blob_from_stsk(self_private_key);
1486 if (self_private_key_blob.size == 0) {
1487 LOGE("Convert key alias for private key to blob failed");
1488 return error_code;
1489 }
1490
1491 struct HksBlob peer_public_key_blob = convert_to_blob_from_stpk(peer_public_key);
1492 if (peer_public_key_blob.size == 0) {
1493 LOGE("Convert key alias for peer public key to blob failed");
1494 return error_code;
1495 }
1496
1497 struct HksParamSet *param_set = NULL;
1498 int32_t hks_status = gen_agreed_key_param_set(¶m_set);
1499 if (hks_status != ERROR_CODE_SUCCESS) {
1500 LOGE("gen agreed key param set failed! status:%d", hks_status);
1501 return error_code;
1502 }
1503
1504 struct HksBlob key_alias_for_agreed_key = { HC_STS_SHARED_SECRET_LENGTH, out_shared_key->sts_shared_secret };
1505 hks_status = HksAgreeKey(param_set, &self_private_key_blob, &peer_public_key_blob, &key_alias_for_agreed_key);
1506 if ((hks_status == 0) && (key_alias_for_agreed_key.size == HC_STS_SHARED_SECRET_LENGTH)) {
1507 out_shared_key->length = key_alias_for_agreed_key.size;
1508 error_code = ERROR_CODE_SUCCESS;
1509 } else {
1510 LOGE("Key agreement by alias failed, status:%d", hks_status);
1511 }
1512 return error_code;
1513 }
1514
key_info_init(void)1515 int32_t key_info_init(void)
1516 {
1517 int32_t ret = HksInitialize();
1518 if (ret == HKS_SUCCESS) {
1519 return ERROR_CODE_SUCCESS;
1520 }
1521
1522 if ((ret != HKS_ERROR_INVALID_KEY_FILE) && (ret != HKS_ERROR_CRYPTO_ENGINE_ERROR) &&
1523 (ret != HKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL)) {
1524 LOGE("Hks: Init hks failed, ret: %d", ret);
1525 return ERROR_CODE_FAILED;
1526 }
1527
1528 DBG_OUT("Hks: The local hks file needs to be refreshed!");
1529 LOGI("Start to delete local database file!");
1530 ret = HksRefreshKeyInfo();
1531 if (ret != HKS_SUCCESS) {
1532 LOGE("Hks: HksRefreshKeyInfo failed, ret:%d", ret);
1533 return ERROR_CODE_FAILED;
1534 }
1535 ret = HksInitialize();
1536 if (ret != HKS_SUCCESS) {
1537 LOGE("Hks: Init hks failed, ret:%d", ret);
1538 return ERROR_CODE_FAILED;
1539 }
1540 return ERROR_CODE_SUCCESS;
1541 }