1 /* 2 * Copyright (c) 2020-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef HKS_RKC_H 17 #define HKS_RKC_H 18 19 #include "hks_rkc_rw.h" 20 #include "hks_type_inner.h" 21 22 #define HKS_RKC_RMK_LEN 64 /* the length of root main key */ 23 #define HKS_RKC_RMK_EK_LEN 32 /* the encryption key length of root main key */ 24 #define HKS_RKC_RAW_KEY_LEN 64 /* the raw key length of root key component */ 25 #define HKS_HARDWARE_UDID_LEN 32 /* the length of hardware UDID */ 26 #define HKS_RKC_MK_ADD_DATA_LEN 8 /* the additional data length of main key */ 27 #define HKS_KSF_NAME_LEN_MAX 256 /* the max length of rkc keystore filename */ 28 29 /* the configuration of root key component */ 30 struct HksRkcCfg { 31 uint8_t state; /* system state */ 32 uint16_t rkVersion; /* the version of root key component */ 33 uint16_t mkVersion; /* the version of main key */ 34 uint8_t storageType; /* the storage type of root key component */ 35 struct HksTime rkCreatedTime; /* the created time of root key */ 36 struct HksTime rkExpiredTime; /* the expired time of root key */ 37 struct HksKsfAttr ksfAttrRkc; /* the attribute of rkc keystore file */ 38 struct HksKsfAttr ksfAttrMk; /* the attribute of mk keystore file */ 39 uint32_t rmkIter; /* the iterator number of times which derive Root Main Key */ 40 uint32_t rmkHashAlg; /* the hash algorithm which derive Root Main Key */ 41 uint8_t mkMask[HKS_RKC_MK_LEN]; /* the mask of main key */ 42 uint32_t mkEncryptAlg; /* the encrption algorithm of main key */ 43 uint8_t reserve[HKS_RKC_CFG_RSV_LEN]; /* reserve data, 32 byte */ 44 }; 45 46 /* main key */ 47 struct HksRkcMk { 48 bool valid; /* whether main key is valid */ 49 struct HksTime mkCreatedTime; /* the created time of main key */ 50 struct HksTime mkExpiredTime; /* the expired time of main key */ 51 uint8_t mkWithMask[HKS_RKC_MK_LEN]; /* the main key with mask */ 52 }; 53 54 #ifdef __cplusplus 55 extern "C" { 56 #endif 57 58 const struct HksKsfAttr *GetGlobalKsfAttrRkc(void); 59 60 const struct HksKsfAttr *GetGlobalKsfAttrMk(void); 61 62 uint32_t RkcDigestToHks(const uint32_t rkcDigest); 63 64 void RkcRecoverRkTime(struct HksTime createdTime, struct HksTime expiredTime); 65 66 void RkcRecoverMkTime(struct HksTime createdTime, struct HksTime expiredTime); 67 68 int32_t ExecuteMkCrypt(const struct HksKsfDataMk *ksfDataMk, const struct HksBlob *rmk, 69 struct HksBlob *plainText, struct HksBlob *cipherText, const bool encrypt); 70 71 int32_t RkcMkCrypt(const struct HksKsfDataRkc *ksfDataRkc, const struct HksKsfDataMk *ksfDataMk, 72 struct HksBlob *plainText, struct HksBlob *cipherText, const bool encrypt); 73 74 int32_t RkcMaskMk(const struct HksBlob *mk); 75 76 int32_t InitKsfAttr(const struct HksKsfAttr *ksfAttr, uint8_t ksfType); 77 78 int32_t FillKsfDataRkcWithVer(struct HksKsfDataRkcWithVer *ksfDataRkcWithVer); 79 80 void FillKsfDataMkWithVer(struct HksKsfDataMkWithVer *ksfDataMkWithVer); 81 82 int32_t RkcWriteAllKsf(const struct HksKsfDataRkcWithVer *ksfDataRkcWithVer, 83 const struct HksKsfDataMkWithVer *ksfDataMkWithVer); 84 85 int32_t HksRkcInit(void); 86 87 void HksCfgDestroy(void); 88 89 void HksMkDestroy(void); 90 91 void HksCfgClearMem(void); 92 93 void HksMkClearMem(void); 94 95 int32_t HksRkcGetMainKey(struct HksBlob *mainKey); 96 97 int32_t HksRkcBuildParamSet(struct HksParamSet **paramSetOut); 98 99 #ifdef __cplusplus 100 } 101 #endif 102 103 #endif /* HKS_RKC_H */ 104