1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "lnn_huks_utils.h"
17
18 #include <securec.h>
19
20 #include "lnn_decision_db.h"
21 #include "lnn_log.h"
22 #include "lnn_ohos_account_adapter.h"
23 #include "softbus_adapter_mem.h"
24 #include "softbus_def.h"
25 #include "softbus_errcode.h"
26
27 #define LNN_HUKS_MAX_UPDATE_RESERVED 32
28 #define LNN_HUKS_MAX_UPDATE_SIZE (8 * 1024)
29 #define LNN_HUKS_MAX_OUTDATA_SIZE (LNN_HUKS_MAX_UPDATE_SIZE + LNN_HUKS_MAX_UPDATE_RESERVED)
30 #define DEFAULT_ACCOUNT_ID 100
31
32 #define LNN_HUKS_IV_SIZE 16
33 static uint8_t g_huksIv[LNN_HUKS_IV_SIZE] = {0};
34 static bool g_isGenCeParams = false;
35 static pthread_mutex_t g_ceParamsLock = PTHREAD_MUTEX_INITIALIZER;
36
37 static struct HksParam g_genParams[] = {
38 {
39 .tag = HKS_TAG_ALGORITHM,
40 .uint32Param = HKS_ALG_AES
41 }, {
42 .tag = HKS_TAG_PURPOSE,
43 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT
44 }, {
45 .tag = HKS_TAG_KEY_SIZE,
46 .uint32Param = HKS_AES_KEY_SIZE_128
47 }, {
48 .tag = HKS_TAG_PADDING,
49 .uint32Param = HKS_PADDING_NONE
50 }, {
51 .tag = HKS_TAG_BLOCK_MODE,
52 .uint32Param = HKS_MODE_CBC
53 }, {
54 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
55 .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE
56 }
57 };
58
59 static struct HksParam g_genCeParams[] = {
60 {
61 .tag = HKS_TAG_ALGORITHM,
62 .uint32Param = HKS_ALG_AES
63 }, {
64 .tag = HKS_TAG_PURPOSE,
65 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT
66 }, {
67 .tag = HKS_TAG_KEY_SIZE,
68 .uint32Param = HKS_AES_KEY_SIZE_128
69 }, {
70 .tag = HKS_TAG_PADDING,
71 .uint32Param = HKS_PADDING_NONE
72 }, {
73 .tag = HKS_TAG_BLOCK_MODE,
74 .uint32Param = HKS_MODE_CBC
75 }, {
76 .tag = HKS_TAG_SPECIFIC_USER_ID,
77 .int32Param = DEFAULT_ACCOUNT_ID
78 }, {
79 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
80 .uint32Param = HKS_AUTH_STORAGE_LEVEL_CE
81 }
82 };
83
84 static struct HksParam g_encryptParams[] = {
85 {
86 .tag = HKS_TAG_ALGORITHM,
87 .uint32Param = HKS_ALG_AES
88 }, {
89 .tag = HKS_TAG_PURPOSE,
90 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT
91 }, {
92 .tag = HKS_TAG_KEY_SIZE,
93 .uint32Param = HKS_AES_KEY_SIZE_128
94 }, {
95 .tag = HKS_TAG_PADDING,
96 .uint32Param = HKS_PADDING_NONE
97 }, {
98 .tag = HKS_TAG_BLOCK_MODE,
99 .uint32Param = HKS_MODE_CBC
100 }, {
101 .tag = HKS_TAG_DIGEST,
102 .uint32Param = HKS_DIGEST_NONE
103 }, {
104 .tag = HKS_TAG_IV,
105 .blob = {
106 .size = LNN_HUKS_IV_SIZE,
107 .data = (uint8_t *)g_huksIv
108 }
109 }, {
110 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
111 .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE
112 }
113 };
114
115 static struct HksParam g_ceEncryptParams[] = {
116 {
117 .tag = HKS_TAG_ALGORITHM,
118 .uint32Param = HKS_ALG_AES
119 }, {
120 .tag = HKS_TAG_PURPOSE,
121 .uint32Param = HKS_KEY_PURPOSE_ENCRYPT
122 }, {
123 .tag = HKS_TAG_KEY_SIZE,
124 .uint32Param = HKS_AES_KEY_SIZE_128
125 }, {
126 .tag = HKS_TAG_PADDING,
127 .uint32Param = HKS_PADDING_NONE
128 }, {
129 .tag = HKS_TAG_BLOCK_MODE,
130 .uint32Param = HKS_MODE_CBC
131 }, {
132 .tag = HKS_TAG_DIGEST,
133 .uint32Param = HKS_DIGEST_NONE
134 }, {
135 .tag = HKS_TAG_IV,
136 .blob = {
137 .size = LNN_HUKS_IV_SIZE,
138 .data = (uint8_t *)g_huksIv
139 }
140 }, {
141 .tag = HKS_TAG_SPECIFIC_USER_ID,
142 .int32Param = DEFAULT_ACCOUNT_ID
143 }, {
144 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
145 .uint32Param = HKS_AUTH_STORAGE_LEVEL_CE
146 }
147 };
148
149 static struct HksParam g_decryptParams[] = {
150 {
151 .tag = HKS_TAG_ALGORITHM,
152 .uint32Param = HKS_ALG_AES
153 }, {
154 .tag = HKS_TAG_PURPOSE,
155 .uint32Param = HKS_KEY_PURPOSE_DECRYPT
156 }, {
157 .tag = HKS_TAG_KEY_SIZE,
158 .uint32Param = HKS_AES_KEY_SIZE_128
159 }, {
160 .tag = HKS_TAG_PADDING,
161 .uint32Param = HKS_PADDING_NONE
162 }, {
163 .tag = HKS_TAG_BLOCK_MODE,
164 .uint32Param = HKS_MODE_CBC
165 }, {
166 .tag = HKS_TAG_DIGEST,
167 .uint32Param = HKS_DIGEST_NONE
168 }, {
169 .tag = HKS_TAG_IV,
170 .blob = {
171 .size = LNN_HUKS_IV_SIZE,
172 .data = (uint8_t *)g_huksIv
173 }
174 }, {
175 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
176 .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE
177 }
178 };
179
180 static struct HksParam g_ceDecryptParams[] = {
181 {
182 .tag = HKS_TAG_ALGORITHM,
183 .uint32Param = HKS_ALG_AES
184 }, {
185 .tag = HKS_TAG_PURPOSE,
186 .uint32Param = HKS_KEY_PURPOSE_DECRYPT
187 }, {
188 .tag = HKS_TAG_KEY_SIZE,
189 .uint32Param = HKS_AES_KEY_SIZE_128
190 }, {
191 .tag = HKS_TAG_PADDING,
192 .uint32Param = HKS_PADDING_NONE
193 }, {
194 .tag = HKS_TAG_BLOCK_MODE,
195 .uint32Param = HKS_MODE_CBC
196 }, {
197 .tag = HKS_TAG_DIGEST,
198 .uint32Param = HKS_DIGEST_NONE
199 }, {
200 .tag = HKS_TAG_IV,
201 .blob = {
202 .size = LNN_HUKS_IV_SIZE,
203 .data = (uint8_t *)g_huksIv
204 }
205 }, {
206 .tag = HKS_TAG_SPECIFIC_USER_ID,
207 .int32Param = DEFAULT_ACCOUNT_ID
208 }, {
209 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
210 .uint32Param = HKS_AUTH_STORAGE_LEVEL_CE
211 }
212 };
213
214 static struct HksParamSet *g_genParamSet = NULL;
215 static struct HksParamSet *g_genCeParamSet = NULL;
216 static struct HksParamSet *g_encryptParamSet = NULL;
217 static struct HksParamSet *g_ceEncryptParamSet = NULL;
218 static struct HksParamSet *g_decryptParamSet = NULL;
219 static struct HksParamSet *g_ceDecryptParamSet = NULL;
220
LoopFinishByHuks(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inDataSeg,uint8_t * cur,uint32_t * outDataSize)221 static int32_t LoopFinishByHuks(const struct HksBlob *handle, const struct HksParamSet *paramSet,
222 const struct HksBlob *inDataSeg, uint8_t *cur, uint32_t *outDataSize)
223 {
224 struct HksBlob outDataFinish = {inDataSeg->size + LNN_HUKS_MAX_UPDATE_RESERVED, NULL};
225 outDataFinish.data = (uint8_t *)SoftBusCalloc(outDataFinish.size);
226 if (outDataFinish.data == NULL) {
227 LNN_LOGE(LNN_LEDGER, "calloc outDataFinish.data fail");
228 return SOFTBUS_MEM_ERR;
229 }
230 int32_t ret = HksFinish(handle, paramSet, inDataSeg, &outDataFinish);
231 if (ret != HKS_SUCCESS) {
232 LNN_LOGE(LNN_LEDGER, "huks finish fail, huks errcode=%{public}d", ret);
233 SoftBusFree(outDataFinish.data);
234 return SOFTBUS_ERR;
235 }
236 (void)memcpy_s(cur, outDataFinish.size, outDataFinish.data, outDataFinish.size);
237 *outDataSize += outDataFinish.size;
238 SoftBusFree(outDataFinish.data);
239 return SOFTBUS_OK;
240 }
241
UpdateLoopFinishByHuks(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)242 static int32_t UpdateLoopFinishByHuks(const struct HksBlob *handle, const struct HksParamSet *paramSet,
243 const struct HksBlob *inData, struct HksBlob *outData)
244 {
245 struct HksBlob inDataSeg = *inData;
246 uint8_t *lastPtr = inData->data + inData->size - 1;
247 struct HksBlob outDataSeg = {LNN_HUKS_MAX_OUTDATA_SIZE, NULL};
248 uint8_t *cur = outData->data;
249 outData->size = 0;
250 inDataSeg.size = LNN_HUKS_MAX_UPDATE_SIZE;
251
252 while (inDataSeg.data <= lastPtr) {
253 if (inDataSeg.data + LNN_HUKS_MAX_UPDATE_SIZE <= lastPtr) {
254 outDataSeg.size = LNN_HUKS_MAX_OUTDATA_SIZE;
255 } else {
256 inDataSeg.size = lastPtr - inDataSeg.data + 1;
257 break;
258 }
259 outDataSeg.data = (uint8_t *)SoftBusCalloc(outDataSeg.size);
260 if (outDataSeg.data == NULL) {
261 LNN_LOGE(LNN_LEDGER, "calloc outDataSeg.data fail");
262 return SOFTBUS_MEM_ERR;
263 }
264 int32_t ret = HksUpdate(handle, paramSet, &inDataSeg, &outDataSeg);
265 if (ret != HKS_SUCCESS) {
266 LNN_LOGE(LNN_LEDGER, "huks update fail, errcode=%{public}d", ret);
267 SoftBusFree(outDataSeg.data);
268 return SOFTBUS_ERR;
269 }
270 (void)memcpy_s(cur, outDataSeg.size, outDataSeg.data, outDataSeg.size);
271 cur += outDataSeg.size;
272 outData->size += outDataSeg.size;
273 SoftBusFree(outDataSeg.data);
274 inDataSeg.data += LNN_HUKS_MAX_UPDATE_SIZE;
275 }
276 LNN_LOGD(LNN_LEDGER, "outDataSize=%{public}d, inDataSegSize=%{public}d", outData->size, inDataSeg.size);
277 return LoopFinishByHuks(handle, paramSet, &inDataSeg, cur, &outData->size);
278 }
279
InitParamSetByHuks(struct HksParamSet ** paramSet,const struct HksParam * params,uint32_t paramcount)280 static int32_t InitParamSetByHuks(struct HksParamSet **paramSet, const struct HksParam *params, uint32_t paramcount)
281 {
282 int32_t ret = HksInitParamSet(paramSet);
283 if (ret != HKS_SUCCESS) {
284 LNN_LOGE(LNN_LEDGER, "huks init param set fail, errcode=%{public}d", ret);
285 return SOFTBUS_ERR;
286 }
287 ret = HksAddParams(*paramSet, params, paramcount);
288 if (ret != HKS_SUCCESS) {
289 LNN_LOGE(LNN_LEDGER, "huks add param set fail, errcode=%{public}d", ret);
290 HksFreeParamSet(paramSet);
291 return SOFTBUS_ERR;
292 }
293 ret = HksBuildParamSet(paramSet);
294 if (ret != HKS_SUCCESS) {
295 LNN_LOGE(LNN_LEDGER, "huks build param set fail, errcode=%{public}d", ret);
296 HksFreeParamSet(paramSet);
297 return SOFTBUS_ERR;
298 }
299 return SOFTBUS_OK;
300 }
301
InitCeParamSetByHuks(void)302 static int32_t InitCeParamSetByHuks(void)
303 {
304 if (InitParamSetByHuks(&g_genCeParamSet, g_genCeParams,
305 sizeof(g_genCeParams) / sizeof(struct HksParam)) != SOFTBUS_OK) {
306 LNN_LOGE(LNN_LEDGER, "huks init gen ce param set fail");
307 return SOFTBUS_ERR;
308 }
309 if (InitParamSetByHuks(&g_ceEncryptParamSet, g_ceEncryptParams,
310 sizeof(g_ceEncryptParams) / sizeof(struct HksParam)) != SOFTBUS_OK) {
311 LNN_LOGE(LNN_LEDGER, "huks init ce encrypt param set fail");
312 return SOFTBUS_ERR;
313 }
314 if (InitParamSetByHuks(&g_ceDecryptParamSet, g_ceDecryptParams,
315 sizeof(g_ceDecryptParams) / sizeof(struct HksParam)) != SOFTBUS_OK) {
316 LNN_LOGE(LNN_LEDGER, "huks init ce decrypt param set fail");
317 return SOFTBUS_ERR;
318 }
319 return SOFTBUS_OK;
320 }
321
LnnInitHuksInterface(void)322 int32_t LnnInitHuksInterface(void)
323 {
324 int32_t ret = HksInitialize();
325 if (ret != HKS_SUCCESS) {
326 LNN_LOGE(LNN_LEDGER, "initialize huks fail, errcode=%{public}d", ret);
327 return SOFTBUS_ERR;
328 }
329 if (InitParamSetByHuks(&g_genParamSet, g_genParams,
330 sizeof(g_genParams) / sizeof(struct HksParam)) != SOFTBUS_OK) {
331 LNN_LOGE(LNN_LEDGER, "huks init gen param set fail");
332 return SOFTBUS_ERR;
333 }
334 if (InitParamSetByHuks(&g_encryptParamSet, g_encryptParams,
335 sizeof(g_encryptParams) / sizeof(struct HksParam)) != SOFTBUS_OK) {
336 LNN_LOGE(LNN_LEDGER, "huks init encrypt param set fail");
337 return SOFTBUS_ERR;
338 }
339 if (InitParamSetByHuks(&g_decryptParamSet, g_decryptParams,
340 sizeof(g_decryptParams) / sizeof(struct HksParam)) != SOFTBUS_OK) {
341 LNN_LOGE(LNN_LEDGER, "huks init decrypt param set fail");
342 return SOFTBUS_ERR;
343 }
344 if (InitCeParamSetByHuks() != SOFTBUS_OK) {
345 LNN_LOGE(LNN_LEDGER, "huks init ce param set fail");
346 return SOFTBUS_ERR;
347 }
348 if (LnnCheckGenerateSoftBusKeyByHuks() != SOFTBUS_OK) {
349 LNN_LOGE(LNN_LEDGER, "check generate huks key failed");
350 }
351 return SOFTBUS_OK;
352 }
353
DeinitHuksCeInterface(void)354 static void DeinitHuksCeInterface(void)
355 {
356 if (g_genCeParamSet != NULL) {
357 HksFreeParamSet(&g_genCeParamSet);
358 }
359 if (g_ceEncryptParamSet != NULL) {
360 HksFreeParamSet(&g_ceEncryptParamSet);
361 }
362 if (g_ceDecryptParamSet != NULL) {
363 HksFreeParamSet(&g_ceDecryptParamSet);
364 }
365 }
366
LnnDeinitHuksInterface(void)367 void LnnDeinitHuksInterface(void)
368 {
369 if (g_genParamSet != NULL) {
370 HksFreeParamSet(&g_genParamSet);
371 }
372 if (g_encryptParamSet != NULL) {
373 HksFreeParamSet(&g_encryptParamSet);
374 }
375 if (g_decryptParamSet != NULL) {
376 HksFreeParamSet(&g_decryptParamSet);
377 }
378 DeinitHuksCeInterface();
379 }
380
ConstructKeyParamSet(struct HksParamSet ** paramSet,const struct HksParam * params,uint32_t paramCount)381 static int32_t ConstructKeyParamSet(struct HksParamSet **paramSet, const struct HksParam *params, uint32_t paramCount)
382 {
383 if (HksInitParamSet(paramSet) != HKS_SUCCESS) {
384 LNN_LOGE(LNN_LEDGER, "HksInitParamSet failed.");
385 return SOFTBUS_HUKS_ERR;
386 }
387 if (HksAddParams(*paramSet, params, paramCount) != HKS_SUCCESS) {
388 LNN_LOGE(LNN_LEDGER, "HksAddParams failed.");
389 HksFreeParamSet(paramSet);
390 *paramSet = NULL;
391 return SOFTBUS_HUKS_ERR;
392 }
393 if (HksBuildParamSet(paramSet) != HKS_SUCCESS) {
394 LNN_LOGE(LNN_LEDGER, "HksBuildParamSet failed.");
395 HksFreeParamSet(paramSet);
396 *paramSet = NULL;
397 return SOFTBUS_HUKS_ERR;
398 }
399 return SOFTBUS_OK;
400 }
401
GenerateCeKeyByHuks(struct HksBlob * keyAlias)402 static int32_t GenerateCeKeyByHuks(struct HksBlob *keyAlias)
403 {
404 struct HksParamSet *paramSet = NULL;
405 struct HksParam keyExistparams[] = {
406 { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = DEFAULT_ACCOUNT_ID},
407 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_CE},
408 };
409 if (ConstructKeyParamSet(¶mSet, keyExistparams, sizeof(keyExistparams) / sizeof(struct HksParam)) !=
410 SOFTBUS_OK) {
411 LNN_LOGE(LNN_LEDGER, "generate ce key ConstructKeyParamSet failed.");
412 return SOFTBUS_HUKS_ERR;
413 }
414 if (HksKeyExist(keyAlias, paramSet) == HKS_SUCCESS) {
415 LNN_LOGI(LNN_LEDGER, "huks ce key has generated");
416 HksFreeParamSet(¶mSet);
417 return SOFTBUS_OK;
418 }
419 HksFreeParamSet(¶mSet);
420 int32_t ret = HksGenerateKey(keyAlias, g_genCeParamSet, NULL);
421 if (ret != HKS_SUCCESS) {
422 LNN_LOGE(LNN_LEDGER, "huks generate ce key fail, errcode=%{public}d", ret);
423 return SOFTBUS_ERR;
424 }
425 LNN_LOGI(LNN_LEDGER, "huks generate new ce key");
426 return SOFTBUS_OK;
427 }
428
GenerateDeKeyByHuks(struct HksBlob * keyAlias)429 static int32_t GenerateDeKeyByHuks(struct HksBlob *keyAlias)
430 {
431 struct HksParamSet *paramSet = NULL;
432 struct HksParam keyExistparams[] = {
433 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE},
434 };
435 if (ConstructKeyParamSet(¶mSet, keyExistparams, sizeof(keyExistparams) / sizeof(struct HksParam)) !=
436 SOFTBUS_OK) {
437 LNN_LOGE(LNN_LEDGER, "generate de key ConstructKeyParamSet failed.");
438 return SOFTBUS_HUKS_ERR;
439 }
440 if (HksKeyExist(keyAlias, paramSet) == HKS_SUCCESS) {
441 LNN_LOGI(LNN_LEDGER, "huks de key has generated");
442 HksFreeParamSet(¶mSet);
443 return SOFTBUS_OK;
444 }
445 HksFreeParamSet(¶mSet);
446 int32_t ret = HksGenerateKey(keyAlias, g_genParamSet, NULL);
447 if (ret != HKS_SUCCESS) {
448 LNN_LOGE(LNN_LEDGER, "huks generate de key fail, errcode=%{public}d", ret);
449 return SOFTBUS_ERR;
450 }
451 LNN_LOGI(LNN_LEDGER, "huks generate new de key");
452 return SOFTBUS_OK;
453 }
454
DeleteDeKeyByHuks(struct HksBlob * keyAlias)455 static int32_t DeleteDeKeyByHuks(struct HksBlob *keyAlias)
456 {
457 struct HksParamSet *paramSet = NULL;
458 struct HksParam keyExistparams[] = {
459 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE},
460 };
461 if (ConstructKeyParamSet(¶mSet, keyExistparams, sizeof(keyExistparams) / sizeof(struct HksParam)) !=
462 SOFTBUS_OK) {
463 LNN_LOGE(LNN_LEDGER, "delete de key ConstructKeyParamSet failed.");
464 return SOFTBUS_HUKS_ERR;
465 }
466 if (HksKeyExist(keyAlias, paramSet) != HKS_SUCCESS) {
467 LNN_LOGD(LNN_LEDGER, "huks de key has deleted");
468 HksFreeParamSet(¶mSet);
469 return SOFTBUS_OK;
470 }
471 HksFreeParamSet(¶mSet);
472 int32_t ret = HksDeleteKey(keyAlias, g_genParamSet);
473 if (ret != HKS_SUCCESS) {
474 LNN_LOGE(LNN_LEDGER, "huks de delete key fail, errcode=%{public}d", ret);
475 return SOFTBUS_ERR;
476 }
477 return SOFTBUS_OK;
478 }
479
DeleteCeKeyByHuks(struct HksBlob * keyAlias)480 static int32_t DeleteCeKeyByHuks(struct HksBlob *keyAlias)
481 {
482 struct HksParamSet *paramSet = NULL;
483 struct HksParam keyExistparams[] = {
484 { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = DEFAULT_ACCOUNT_ID},
485 { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_CE},
486 };
487 if (ConstructKeyParamSet(¶mSet, keyExistparams, sizeof(keyExistparams) / sizeof(struct HksParam)) !=
488 SOFTBUS_OK) {
489 LNN_LOGE(LNN_LEDGER, "delete ce key ConstructKeyParamSet failed.");
490 return SOFTBUS_HUKS_ERR;
491 }
492 if (HksKeyExist(keyAlias, paramSet) != HKS_SUCCESS) {
493 LNN_LOGD(LNN_LEDGER, "huks ce key has deleted");
494 HksFreeParamSet(¶mSet);
495 return SOFTBUS_OK;
496 }
497 HksFreeParamSet(¶mSet);
498 int32_t ret = HksDeleteKey(keyAlias, g_genCeParamSet);
499 if (ret != HKS_SUCCESS) {
500 LNN_LOGE(LNN_LEDGER, "huks delete ce key fail, errcode=%{public}d", ret);
501 return SOFTBUS_ERR;
502 }
503 return SOFTBUS_OK;
504 }
505
LnnGenerateCeKeyByHuks(struct HksBlob * keyAlias)506 int32_t LnnGenerateCeKeyByHuks(struct HksBlob *keyAlias)
507 {
508 if (keyAlias == NULL) {
509 LNN_LOGE(LNN_LEDGER, "gen ce invalid param");
510 return SOFTBUS_INVALID_PARAM;
511 }
512 if (pthread_mutex_lock(&g_ceParamsLock) != SOFTBUS_OK) {
513 LNN_LOGE(LNN_LEDGER, "gen ce mutex fail");
514 return SOFTBUS_LOCK_ERR;
515 }
516 if (!g_isGenCeParams && (GenerateCeKeyByHuks(keyAlias) == SOFTBUS_OK)) {
517 LNN_LOGI(LNN_LEDGER, "gen ce param success");
518 g_isGenCeParams = true;
519 }
520 (void)pthread_mutex_unlock(&g_ceParamsLock);
521 return SOFTBUS_OK;
522 }
523
LnnGenerateKeyByHuks(struct HksBlob * keyAlias)524 int32_t LnnGenerateKeyByHuks(struct HksBlob *keyAlias)
525 {
526 if (keyAlias == NULL) {
527 LNN_LOGE(LNN_LEDGER, "invalid param");
528 return SOFTBUS_INVALID_PARAM;
529 }
530 if (GenerateDeKeyByHuks(keyAlias) != SOFTBUS_OK) {
531 LNN_LOGE(LNN_LEDGER, "generate de key fail");
532 return SOFTBUS_ERR;
533 }
534 return SOFTBUS_OK;
535 }
536
LnnDeleteCeKeyByHuks(struct HksBlob * keyAlias)537 int32_t LnnDeleteCeKeyByHuks(struct HksBlob *keyAlias)
538 {
539 if (keyAlias == NULL) {
540 LNN_LOGE(LNN_LEDGER, "delete ce invalid param");
541 return SOFTBUS_INVALID_PARAM;
542 }
543 if (DeleteCeKeyByHuks(keyAlias) != SOFTBUS_OK) {
544 LNN_LOGE(LNN_LEDGER, "delete ce key fail");
545 return SOFTBUS_ERR;
546 }
547 return SOFTBUS_OK;
548 }
549
LnnDeleteKeyByHuks(struct HksBlob * keyAlias)550 int32_t LnnDeleteKeyByHuks(struct HksBlob *keyAlias)
551 {
552 if (keyAlias == NULL) {
553 LNN_LOGE(LNN_LEDGER, "invalid param");
554 return SOFTBUS_INVALID_PARAM;
555 }
556 if (DeleteDeKeyByHuks(keyAlias) != SOFTBUS_OK) {
557 LNN_LOGE(LNN_LEDGER, "delete de key fail");
558 return SOFTBUS_ERR;
559 }
560 return SOFTBUS_OK;
561 }
562
LnnEncryptDataByHuks(const struct HksBlob * keyAlias,const struct HksBlob * inData,struct HksBlob * outData)563 int32_t LnnEncryptDataByHuks(const struct HksBlob *keyAlias, const struct HksBlob *inData,
564 struct HksBlob *outData)
565 {
566 if (keyAlias == NULL || inData == NULL || outData == NULL) {
567 LNN_LOGE(LNN_LEDGER, "invalid param");
568 return SOFTBUS_INVALID_PARAM;
569 }
570 uint8_t handleE[sizeof(uint64_t)] = {0};
571 struct HksBlob handleEncrypt = {sizeof(uint64_t), handleE};
572 int32_t ret = HksInit(keyAlias, g_encryptParamSet, &handleEncrypt, NULL);
573 if (ret != HKS_SUCCESS) {
574 LNN_LOGE(LNN_LEDGER, "huks encrypt data init fail, errcode=%{public}d", ret);
575 return SOFTBUS_ERR;
576 }
577 uint8_t *cipher = (uint8_t *)SoftBusCalloc(inData->size);
578 if (cipher == NULL) {
579 LNN_LOGE(LNN_LEDGER, "calloc encrypt data fail");
580 return SOFTBUS_MEM_ERR;
581 }
582 struct HksBlob cipherText = {inData->size, cipher};
583 if (UpdateLoopFinishByHuks(&handleEncrypt, g_encryptParamSet, inData, &cipherText) != SOFTBUS_OK) {
584 LNN_LOGE(LNN_LEDGER, "huks encrypt data update and finish fail");
585 (void)memset_s(cipher, inData->size, 0x0, inData->size);
586 SoftBusFree(cipher);
587 return SOFTBUS_ERR;
588 }
589 outData->size = cipherText.size;
590 if (memcpy_s(outData->data, cipherText.size, cipherText.data, cipherText.size) != EOK) {
591 LNN_LOGE(LNN_LEDGER, "huks memcpy_s encrypt data fail");
592 (void)memset_s(cipher, inData->size, 0x0, inData->size);
593 SoftBusFree(cipher);
594 return SOFTBUS_MEM_ERR;
595 }
596 (void)memset_s(cipher, inData->size, 0x0, inData->size);
597 SoftBusFree(cipher);
598 return SOFTBUS_OK;
599 }
600
LnnDecryptDataByHuks(const struct HksBlob * keyAlias,const struct HksBlob * inData,struct HksBlob * outData)601 int32_t LnnDecryptDataByHuks(const struct HksBlob *keyAlias, const struct HksBlob *inData,
602 struct HksBlob *outData)
603 {
604 if (keyAlias == NULL || inData == NULL || outData == NULL) {
605 LNN_LOGE(LNN_LEDGER, "invalid param");
606 return SOFTBUS_INVALID_PARAM;
607 }
608 uint8_t handleD[sizeof(uint64_t)] = {0};
609 struct HksBlob handleDecrypt = {sizeof(uint64_t), handleD};
610 int32_t ret = HksInit(keyAlias, g_decryptParamSet, &handleDecrypt, NULL);
611 if (ret != HKS_SUCCESS) {
612 LNN_LOGE(LNN_LEDGER, "huks decrypt data init fail, errcode=%{public}d", ret);
613 return SOFTBUS_ERR;
614 }
615 uint8_t *plain = (uint8_t *)SoftBusCalloc(inData->size);
616 if (plain == NULL) {
617 LNN_LOGE(LNN_LEDGER, "calloc encrypt data fail");
618 return SOFTBUS_MEM_ERR;
619 }
620 struct HksBlob plainText = {inData->size, plain};
621 if (UpdateLoopFinishByHuks(&handleDecrypt, g_decryptParamSet, inData, &plainText) != SOFTBUS_OK) {
622 LNN_LOGE(LNN_LEDGER, "huks decrypt data update and finish fail");
623 (void)memset_s(plain, inData->size, 0x0, inData->size);
624 SoftBusFree(plain);
625 return SOFTBUS_ERR;
626 }
627 outData->size = plainText.size;
628 if (memcpy_s(outData->data, plainText.size, plainText.data, plainText.size) != EOK) {
629 LNN_LOGE(LNN_LEDGER, "huks memcpy_s decrypt data fail");
630 (void)memset_s(plain, inData->size, 0x0, inData->size);
631 SoftBusFree(plain);
632 return SOFTBUS_MEM_ERR;
633 }
634 (void)memset_s(plain, inData->size, 0x0, inData->size);
635 SoftBusFree(plain);
636 return SOFTBUS_OK;
637 }
638
LnnCeEncryptDataByHuks(const struct HksBlob * keyAlias,const struct HksBlob * inData,struct HksBlob * outData)639 int32_t LnnCeEncryptDataByHuks(const struct HksBlob *keyAlias, const struct HksBlob *inData,
640 struct HksBlob *outData)
641 {
642 if (keyAlias == NULL || inData == NULL || outData == NULL) {
643 LNN_LOGE(LNN_LEDGER, "invalid param");
644 return SOFTBUS_INVALID_PARAM;
645 }
646 uint8_t handleE[sizeof(uint64_t)] = {0};
647 struct HksBlob handleEncrypt = {sizeof(uint64_t), handleE};
648 int32_t ret = HksInit(keyAlias, g_ceEncryptParamSet, &handleEncrypt, NULL);
649 if (ret != HKS_SUCCESS) {
650 LNN_LOGE(LNN_LEDGER, "huks encrypt data init fail, errcode=%{public}d", ret);
651 return SOFTBUS_ERR;
652 }
653 uint8_t *cipher = (uint8_t *)SoftBusCalloc(inData->size);
654 if (cipher == NULL) {
655 LNN_LOGE(LNN_LEDGER, "calloc encrypt data fail");
656 return SOFTBUS_MEM_ERR;
657 }
658 struct HksBlob cipherText = {inData->size, cipher};
659 if (UpdateLoopFinishByHuks(&handleEncrypt, g_ceEncryptParamSet, inData, &cipherText) != SOFTBUS_OK) {
660 LNN_LOGE(LNN_LEDGER, "huks encrypt data update and finish fail");
661 (void)memset_s(cipher, inData->size, 0x0, inData->size);
662 SoftBusFree(cipher);
663 return SOFTBUS_ERR;
664 }
665 outData->size = cipherText.size;
666 if (memcpy_s(outData->data, cipherText.size, cipherText.data, cipherText.size) != EOK) {
667 LNN_LOGE(LNN_LEDGER, "huks memcpy_s encrypt data fail");
668 (void)memset_s(cipher, inData->size, 0x0, inData->size);
669 SoftBusFree(cipher);
670 return SOFTBUS_MEM_ERR;
671 }
672 (void)memset_s(cipher, inData->size, 0x0, inData->size);
673 SoftBusFree(cipher);
674 return SOFTBUS_OK;
675 }
676
LnnCeDecryptDataByHuks(const struct HksBlob * keyAlias,const struct HksBlob * inData,struct HksBlob * outData)677 int32_t LnnCeDecryptDataByHuks(const struct HksBlob *keyAlias, const struct HksBlob *inData,
678 struct HksBlob *outData)
679 {
680 if (keyAlias == NULL || inData == NULL || outData == NULL) {
681 LNN_LOGE(LNN_LEDGER, "invalid param");
682 return SOFTBUS_INVALID_PARAM;
683 }
684 uint8_t handleD[sizeof(uint64_t)] = {0};
685 struct HksBlob handleDecrypt = {sizeof(uint64_t), handleD};
686 int32_t ret = HksInit(keyAlias, g_ceDecryptParamSet, &handleDecrypt, NULL);
687 if (ret != HKS_SUCCESS) {
688 LNN_LOGE(LNN_LEDGER, "huks decrypt data init fail, errcode=%{public}d", ret);
689 return SOFTBUS_ERR;
690 }
691 uint8_t *plain = (uint8_t *)SoftBusCalloc(inData->size);
692 if (plain == NULL) {
693 LNN_LOGE(LNN_LEDGER, "calloc encrypt data fail");
694 return SOFTBUS_MEM_ERR;
695 }
696 struct HksBlob plainText = {inData->size, plain};
697 if (UpdateLoopFinishByHuks(&handleDecrypt, g_ceDecryptParamSet, inData, &plainText) != SOFTBUS_OK) {
698 LNN_LOGE(LNN_LEDGER, "huks decrypt data update and finish fail");
699 (void)memset_s(plain, inData->size, 0x0, inData->size);
700 SoftBusFree(plain);
701 return SOFTBUS_ERR;
702 }
703 outData->size = plainText.size;
704 if (memcpy_s(outData->data, plainText.size, plainText.data, plainText.size) != EOK) {
705 LNN_LOGE(LNN_LEDGER, "huks memcpy_s decrypt data fail");
706 (void)memset_s(plain, inData->size, 0x0, inData->size);
707 SoftBusFree(plain);
708 return SOFTBUS_MEM_ERR;
709 }
710 (void)memset_s(plain, inData->size, 0x0, inData->size);
711 SoftBusFree(plain);
712 return SOFTBUS_OK;
713 }
714
LnnGenerateRandomByHuks(uint8_t * random,uint32_t len)715 int32_t LnnGenerateRandomByHuks(uint8_t *random, uint32_t len)
716 {
717 if (random == NULL) {
718 LNN_LOGE(LNN_LEDGER, "invalid param");
719 return SOFTBUS_INVALID_PARAM;
720 }
721 struct HksBlob tmp = {0};
722 tmp.size = len;
723 tmp.data = (uint8_t *)SoftBusCalloc(tmp.size);
724 if (tmp.data == NULL) {
725 LNN_LOGE(LNN_LEDGER, "malloc random key fail");
726 return SOFTBUS_MALLOC_ERR;
727 }
728 int32_t ret = HksGenerateRandom(NULL, &tmp);
729 if (ret != SOFTBUS_OK) {
730 LNN_LOGE(LNN_LEDGER, "generate random key fail, errcode=%{public}d", ret);
731 SoftBusFree(tmp.data);
732 return SOFTBUS_ERR;
733 }
734 if (memcpy_s(random, len, tmp.data, len) != EOK) {
735 LNN_LOGE(LNN_LEDGER, "memcpy_s random key fail");
736 SoftBusFree(tmp.data);
737 return SOFTBUS_MEM_ERR;
738 }
739 SoftBusFree(tmp.data);
740 return SOFTBUS_OK;
741 }
742