1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifndef _CUT_AUTHENTICATE_
17
18 #include "hks_keynode.h"
19
20 #include <stddef.h>
21
22 #include "hks_crypto_hal.h"
23 #include "hks_keyblob.h"
24 #include "hks_log.h"
25 #include "hks_mem.h"
26 #include "hks_param.h"
27 #include "hks_template.h"
28 #include "securec.h"
29 #include "hks_util.h"
30 #include "hks_type_inner.h"
31
32 #define S_TO_MS 1000
33 #define MAX_RETRY_CHECK_UNIQUE_HANDLE_TIME 10
34 #define INVALID_TOKEN_ID 0U
35 #define MAX_KEY_NODES_COUNT 96
36
37 #ifdef HKS_SUPPORT_ACCESS_TOKEN
38 #define MAX_KEY_NODES_EACH_TOKEN_ID 32
39 #else
40 #define MAX_KEY_NODES_EACH_TOKEN_ID MAX_KEY_NODES_COUNT
41 #endif
42
43 static struct DoubleList g_keyNodeList = { &g_keyNodeList, &g_keyNodeList };
44 static uint32_t g_keyNodeCount = 0;
45 static HksMutex *g_huksMutex = NULL; /* global mutex using in keynode */
46
HksGetHuksMutex(void)47 HksMutex *HksGetHuksMutex(void)
48 {
49 if (g_huksMutex == NULL) {
50 HKS_LOG_E("Hks mutex init failed, reinit!");
51 g_huksMutex = HksMutexCreate();
52 HKS_IF_NULL_LOGE_RETURN(g_huksMutex, NULL, "Hks mutex reinit failed!")
53 }
54
55 return g_huksMutex;
56 }
57
HksInitHuksMutex(void)58 int32_t HksInitHuksMutex(void)
59 {
60 if (g_huksMutex == NULL) {
61 g_huksMutex = HksMutexCreate();
62 if (g_huksMutex == NULL) {
63 HKS_LOG_E("create huks mutex failed!");
64 return HKS_ERROR_NULL_POINTER;
65 }
66 }
67 return HKS_SUCCESS;
68 }
69
HksDestroyHuksMutex(void)70 void HksDestroyHuksMutex(void)
71 {
72 if (g_huksMutex != NULL) {
73 HksMutexClose(g_huksMutex);
74 g_huksMutex = NULL;
75 }
76 }
77
FreeKeyBlobParamSet(struct HksParamSet ** paramSet)78 static void FreeKeyBlobParamSet(struct HksParamSet **paramSet)
79 {
80 if ((paramSet == NULL) || (*paramSet == NULL)) {
81 HKS_LOG_E("invalid keyblob paramset");
82 return;
83 }
84 struct HksParam *keyParam = NULL;
85 int32_t ret = HksGetParam(*paramSet, HKS_TAG_KEY, &keyParam);
86 if (ret != HKS_SUCCESS) {
87 HKS_LOG_E("get key param failed!");
88 HksFreeParamSet(paramSet);
89 return;
90 }
91 (void)memset_s(keyParam->blob.data, keyParam->blob.size, 0, keyParam->blob.size);
92 HksFreeParamSet(paramSet);
93 }
94
SetAesCcmModeTag(struct HksParamSet * paramSet,const uint32_t alg,const uint32_t pur,bool * tag)95 static int32_t SetAesCcmModeTag(struct HksParamSet *paramSet, const uint32_t alg, const uint32_t pur, bool *tag)
96 {
97 if (alg != HKS_ALG_AES) {
98 *tag = false;
99 return HKS_SUCCESS;
100 }
101
102 if (pur != HKS_KEY_PURPOSE_ENCRYPT && pur != HKS_KEY_PURPOSE_DECRYPT) {
103 *tag = false;
104 return HKS_SUCCESS;
105 }
106
107 struct HksParam *modParam = NULL;
108 int32_t ret = HksGetParam(paramSet, HKS_TAG_BLOCK_MODE, &modParam);
109 if (ret != HKS_SUCCESS) {
110 HKS_LOG_E("aes get block mode tag fail");
111 return HKS_ERROR_UNKNOWN_ERROR;
112 }
113
114 *tag = (modParam->uint32Param == HKS_MODE_CCM);
115 return HKS_SUCCESS;
116 }
117
FreeCachedData(void ** ctx)118 static void FreeCachedData(void **ctx)
119 {
120 struct HksBlob *cachedData = (struct HksBlob *)*ctx;
121 if (cachedData == NULL) {
122 return;
123 }
124 if (cachedData->data != NULL) {
125 (void)memset_s(cachedData->data, cachedData->size, 0, cachedData->size);
126 HKS_FREE(cachedData->data);
127 }
128 HKS_FREE(*ctx);
129 }
130
KeyNodeFreeCtx(uint32_t purpose,uint32_t alg,bool hasCalcHash,void ** ctx)131 static void KeyNodeFreeCtx(uint32_t purpose, uint32_t alg, bool hasCalcHash, void **ctx)
132 {
133 switch (purpose) {
134 case HKS_KEY_PURPOSE_AGREE:
135 case HKS_KEY_PURPOSE_DERIVE:
136 FreeCachedData(ctx);
137 break;
138 case HKS_KEY_PURPOSE_SIGN:
139 case HKS_KEY_PURPOSE_VERIFY:
140 if (hasCalcHash) {
141 HksCryptoHalHashFreeCtx(ctx);
142 } else {
143 FreeCachedData(ctx);
144 }
145 break;
146 case HKS_KEY_PURPOSE_ENCRYPT:
147 case HKS_KEY_PURPOSE_DECRYPT:
148 if (alg != HKS_ALG_RSA) {
149 HksCryptoHalEncryptFreeCtx(ctx, alg);
150 } else {
151 FreeCachedData(ctx);
152 }
153 break;
154 case HKS_KEY_PURPOSE_MAC:
155 HksCryptoHalHmacFreeCtx(ctx);
156 break;
157 default:
158 return;
159 }
160 }
161
FreeRuntimeParamSet(struct HksParamSet ** paramSet)162 static void FreeRuntimeParamSet(struct HksParamSet **paramSet)
163 {
164 if ((paramSet == NULL) || (*paramSet == NULL)) {
165 HKS_LOG_E("invalid keyblob paramset");
166 return;
167 }
168
169 struct HksParam *ctxParam = NULL;
170 int32_t ret = HksGetParam(*paramSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
171 if (ret != HKS_SUCCESS) {
172 HksFreeParamSet(paramSet);
173 HKS_LOG_E("get ctx from keyNode failed!");
174 return;
175 }
176
177 if (ctxParam->uint64Param != 0) {
178 void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
179 struct HksParam *param1 = NULL;
180 struct HksParam *param2 = NULL;
181 if (HksGetParam(*paramSet, HKS_TAG_PURPOSE, ¶m1) != HKS_SUCCESS ||
182 HksGetParam(*paramSet, HKS_TAG_ALGORITHM, ¶m2) != HKS_SUCCESS) {
183 HksFreeParamSet(paramSet);
184 return;
185 }
186 struct HksParam *param3 = NULL;
187 ret = HksGetParam(*paramSet, HKS_TAG_DIGEST, ¶m3);
188 if (ret == HKS_ERROR_INVALID_ARGUMENT) {
189 HksFreeParamSet(paramSet);
190 return;
191 }
192 bool hasCalcHash = true;
193 /* If the algorithm is ed25519, the plaintext is directly cached, and if the digest is HKS_DIGEST_NONE, the
194 hash value has been passed in by the user. So the hash value does not need to be free.
195 */
196 if (ret == HKS_SUCCESS) {
197 hasCalcHash = param3->uint32Param != HKS_DIGEST_NONE;
198 }
199 hasCalcHash &= (param2->uint32Param != HKS_ALG_ED25519);
200
201 bool isAesCcm = false;
202 ret = SetAesCcmModeTag(*paramSet, param2->uint32Param, param1->uint32Param, &isAesCcm);
203 if (ret != HKS_SUCCESS) {
204 HksFreeParamSet(paramSet);
205 return;
206 }
207
208 if (isAesCcm) {
209 HKS_LOG_D("FreeRuntimeParamSet fee ccm cache data!");
210 FreeCachedData(&ctx);
211 } else {
212 KeyNodeFreeCtx(param1->uint32Param, param2->uint32Param, hasCalcHash, &ctx);
213 }
214
215 ctxParam->uint64Param = 0; /* clear ctx to NULL */
216 }
217 HksFreeParamSet(paramSet);
218 }
219
DeleteKeyNodeFree(struct HuksKeyNode * keyNode)220 static void DeleteKeyNodeFree(struct HuksKeyNode *keyNode)
221 {
222 RemoveDoubleListNode(&keyNode->listHead);
223 FreeKeyBlobParamSet(&keyNode->keyBlobParamSet);
224 FreeRuntimeParamSet(&keyNode->runtimeParamSet);
225 FreeRuntimeParamSet(&keyNode->authRuntimeParamSet);
226 HKS_FREE(keyNode);
227 --g_keyNodeCount;
228 HKS_LOG_I("delete keynode count:%" LOG_PUBLIC "u", g_keyNodeCount);
229 }
230
BuildRuntimeParamSet(const struct HksParamSet * inParamSet,struct HksParamSet ** outParamSet)231 static int32_t BuildRuntimeParamSet(const struct HksParamSet *inParamSet, struct HksParamSet **outParamSet)
232 {
233 struct HksParamSet *paramSet = NULL;
234 int32_t ret = HksInitParamSet(¶mSet);
235 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "init keyNode param set fail")
236
237 struct HksParam params[] = {
238 {
239 .tag = HKS_TAG_CRYPTO_CTX,
240 .uint64Param = 0
241 },
242 };
243
244 if (inParamSet != NULL) {
245 ret = HksCheckIsTagAlreadyExist(params, HKS_ARRAY_SIZE(params), inParamSet);
246 if (ret != HKS_SUCCESS) {
247 HksFreeParamSet(¶mSet);
248 HKS_LOG_E("check params fail");
249 return ret;
250 }
251
252 ret = HksAddParams(paramSet, inParamSet->params, inParamSet->paramsCnt);
253 if (ret != HKS_SUCCESS) {
254 HksFreeParamSet(¶mSet);
255 HKS_LOG_E("add in params fail");
256 return ret;
257 }
258 }
259
260 ret = HksAddParams(paramSet, params, sizeof(params) / sizeof(params[0]));
261 if (ret != HKS_SUCCESS) {
262 HksFreeParamSet(¶mSet);
263 HKS_LOG_E("add runtime params fail");
264 return ret;
265 }
266
267 ret = HksBuildParamSet(¶mSet);
268 if (ret != HKS_SUCCESS) {
269 HksFreeParamSet(¶mSet);
270 HKS_LOG_E("build paramSet fail");
271 return ret;
272 }
273
274 *outParamSet = paramSet;
275 return HKS_SUCCESS;
276 }
277
HksCheckUniqueHandle(uint64_t handle)278 static int32_t HksCheckUniqueHandle(uint64_t handle)
279 {
280 struct HuksKeyNode *keyNode = NULL;
281 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
282 if ((keyNode != NULL) && (keyNode->handle == handle)) {
283 HKS_LOG_E("The handle already exists!");
284 return HKS_FAILURE;
285 }
286 }
287 return HKS_SUCCESS;
288 }
289
GenerateKeyNodeHandle(uint64_t * handle)290 static int32_t GenerateKeyNodeHandle(uint64_t *handle)
291 {
292 uint32_t handleData = 0;
293 struct HksBlob opHandle = {
294 .size = sizeof(uint32_t),
295 .data = (uint8_t *)&handleData
296 };
297
298 int32_t ret = HKS_FAILURE;
299 for (uint32_t i = 0; i < MAX_RETRY_CHECK_UNIQUE_HANDLE_TIME; i++) {
300 ret = HksCryptoHalFillRandom(&opHandle);
301 if (ret != HKS_SUCCESS) {
302 HKS_LOG_E("fill keyNode handle failed");
303 return ret;
304 }
305 ret = HksCheckUniqueHandle(handleData);
306 if (ret == HKS_SUCCESS) {
307 *handle = handleData; /* Temporarily only use 32 bit handle */
308 return ret;
309 }
310 }
311 return ret;
312 }
313
DeleteFirstTimeOutBatchKeyNode(void)314 static void DeleteFirstTimeOutBatchKeyNode(void)
315 {
316 if (g_keyNodeCount < MAX_KEY_NODES_COUNT) {
317 return;
318 }
319 struct HuksKeyNode *keyNode = NULL;
320 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
321 if (keyNode == NULL || !keyNode->isBatchOperation) {
322 continue;
323 }
324 uint64_t curTime = 0;
325 int32_t ret = HksElapsedRealTime(&curTime);
326 if (ret != HKS_SUCCESS) {
327 HKS_LOG_E("DeleteFirstTimeOutBatchKeyNode HksElapsedRealTime failed %" LOG_PUBLIC "d", ret);
328 continue;
329 }
330 if (keyNode->batchOperationTimestamp >= curTime) {
331 continue;
332 }
333 HKS_LOG_E("Batch operation timeout, delete keyNode!");
334 DeleteKeyNodeFree(keyNode); // IAR iccarm can not compile `return DeleteKeyNodeFree(keyNode)`
335 return; // IAR iccarm will report `a void function may not return a value`
336 }
337 }
338
GetTokenIdFromParamSet(const struct HksParamSet * p)339 static uint32_t GetTokenIdFromParamSet(const struct HksParamSet *p)
340 {
341 struct HksParam *accessTokenId = NULL;
342 int32_t ret = HksGetParam(p, HKS_TAG_ACCESS_TOKEN_ID, &accessTokenId);
343 if (ret != HKS_SUCCESS) {
344 HKS_LOG_W("find token id failed");
345 return INVALID_TOKEN_ID;
346 }
347 return accessTokenId->uint32Param;
348 }
349
DeleteFirstKeyNodeForTokenId(uint32_t tokenId)350 static bool DeleteFirstKeyNodeForTokenId(uint32_t tokenId)
351 {
352 struct HuksKeyNode *keyNode = NULL;
353 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
354 if (keyNode == NULL) {
355 continue;
356 }
357 if (GetTokenIdFromParamSet(keyNode->runtimeParamSet) != tokenId) {
358 continue;
359 }
360 HKS_LOG_E("DeleteFirstKeyNodeForTokenId delete old not using key node!");
361 DeleteKeyNodeFree(keyNode);
362 return true;
363 }
364 return false;
365 }
366
DeleteKeyNodeForTokenIdIfExceedLimit(uint32_t tokenId)367 static int32_t DeleteKeyNodeForTokenIdIfExceedLimit(uint32_t tokenId)
368 {
369 if (g_keyNodeCount < MAX_KEY_NODES_EACH_TOKEN_ID) {
370 return HKS_SUCCESS;
371 }
372 uint32_t ownedNodeCount = 0;
373 struct HuksKeyNode *keyNode = NULL;
374 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
375 if (keyNode != NULL && GetTokenIdFromParamSet(keyNode->runtimeParamSet) == tokenId) {
376 ++ownedNodeCount;
377 }
378 }
379 if (ownedNodeCount >= MAX_KEY_NODES_EACH_TOKEN_ID) {
380 HKS_LOG_E("current token id have owned too many %" LOG_PUBLIC "u nodes", ownedNodeCount);
381 if (DeleteFirstKeyNodeForTokenId(tokenId)) {
382 return HKS_SUCCESS;
383 }
384 return HKS_ERROR_SESSION_REACHED_LIMIT;
385 }
386 return HKS_SUCCESS;
387 }
388
DeleteFirstKeyNode(void)389 static bool DeleteFirstKeyNode(void)
390 {
391 struct HuksKeyNode *keyNode = NULL;
392 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
393 HKS_LOG_E("DeleteFirstKeyNode delete old not using key node!");
394 DeleteKeyNodeFree(keyNode);
395 return true;
396 }
397 return false;
398 }
399
AddKeyNode(struct HuksKeyNode * keyNode,uint32_t tokenId)400 static int32_t AddKeyNode(struct HuksKeyNode *keyNode, uint32_t tokenId)
401 {
402 int32_t ret = HKS_SUCCESS;
403 HksMutexLock(HksGetHuksMutex());
404 do {
405 DeleteFirstTimeOutBatchKeyNode();
406
407 ret = DeleteKeyNodeForTokenIdIfExceedLimit(tokenId);
408 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "CheckKeyNodeEachTokenId fail %" LOG_PUBLIC "d", ret)
409
410 if (g_keyNodeCount >= MAX_KEY_NODES_COUNT) {
411 HKS_LOG_E("maximum number of keyNode reached");
412 if (!DeleteFirstKeyNode()) {
413 HKS_LOG_E("DeleteFirstKeyNode fail!");
414 ret = HKS_ERROR_SESSION_REACHED_LIMIT;
415 break;
416 }
417 }
418
419 AddNodeAtDoubleListTail(&g_keyNodeList, &keyNode->listHead);
420 ++g_keyNodeCount;
421 HKS_LOG_I("add keynode count:%" LOG_PUBLIC "u", g_keyNodeCount);
422 } while (0);
423
424 HksMutexUnlock(HksGetHuksMutex());
425 return ret;
426 }
427
428
429 //create batch update keynode
HksCreateBatchKeyNode(const struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet)430 struct HuksKeyNode *HksCreateBatchKeyNode(const struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet)
431 {
432 struct HuksKeyNode *updateKeyNode = (struct HuksKeyNode *)HksMalloc(sizeof(struct HuksKeyNode));
433 HKS_IF_NULL_LOGE_RETURN(updateKeyNode, NULL, "malloc hks keyNode failed")
434
435 int32_t ret;
436 struct HksParamSet *runtimeParamSet = NULL;
437
438 ret = BuildRuntimeParamSet(paramSet, &runtimeParamSet);
439 if (ret != HKS_SUCCESS) {
440 HKS_FREE(updateKeyNode);
441 HKS_LOG_E("get runtime paramSet failed");
442 return NULL;
443 }
444
445 updateKeyNode->keyBlobParamSet = keyNode->keyBlobParamSet;
446 updateKeyNode->runtimeParamSet = runtimeParamSet;
447 updateKeyNode->authRuntimeParamSet = keyNode->authRuntimeParamSet;
448 return updateKeyNode;
449 }
450
451 #ifdef _STORAGE_LITE_
HksCreateKeyNode(const struct HksBlob * key,const struct HksParamSet * paramSet)452 struct HuksKeyNode *HksCreateKeyNode(const struct HksBlob *key, const struct HksParamSet *paramSet)
453 {
454 struct HuksKeyNode *keyNode = (struct HuksKeyNode *)HksMalloc(sizeof(struct HuksKeyNode));
455 HKS_IF_NULL_LOGE_RETURN(keyNode, NULL, "malloc hks keyNode failed")
456
457 int32_t ret = GenerateKeyNodeHandle(&keyNode->handle);
458 if (ret != HKS_SUCCESS) {
459 HKS_FREE(keyNode);
460 HKS_LOG_E("get keynode handle failed");
461 return NULL;
462 }
463
464 struct HksParamSet *runtimeParamSet = NULL;
465 ret = BuildRuntimeParamSet(paramSet, &runtimeParamSet);
466 if (ret != HKS_SUCCESS) {
467 HKS_FREE(keyNode);
468 HKS_LOG_E("get runtime paramSet failed");
469 return NULL;
470 }
471
472 struct HksBlob rawKey = { 0, NULL };
473 ret = HksGetRawKeyMaterial(key, &rawKey);
474 if (ret != HKS_SUCCESS) {
475 HKS_LOG_E("get raw key material failed, ret = %" LOG_PUBLIC "d", ret);
476 HksFreeParamSet(&runtimeParamSet);
477 HKS_FREE(keyNode);
478 return NULL;
479 }
480
481 struct HksParamSet *keyBlobParamSet = NULL;
482 ret = HksTranslateKeyInfoBlobToParamSet(&rawKey, key, &keyBlobParamSet);
483 (void)memset_s(rawKey.data, rawKey.size, 0, rawKey.size);
484 HKS_FREE_BLOB(rawKey);
485 if (ret != HKS_SUCCESS) {
486 HKS_LOG_E("translate key info to paramset failed, ret = %" LOG_PUBLIC "d", ret);
487 HksFreeParamSet(&runtimeParamSet);
488 HKS_FREE(keyNode);
489 return NULL;
490 }
491
492 ret = AddKeyNode(keyNode, GetTokenIdFromParamSet(runtimeParamSet));
493 if (ret != HKS_SUCCESS) {
494 HKS_LOG_E("add keyNode failed");
495 HksFreeParamSet(&runtimeParamSet);
496 HKS_FREE(keyNode);
497 return NULL;
498 }
499
500 keyNode->keyBlobParamSet = keyBlobParamSet;
501 keyNode->runtimeParamSet = runtimeParamSet;
502 return keyNode;
503 }
504 #else // _STORAGE_LITE_
FreeParamsForBuildKeyNode(struct HksBlob * aad,struct HksParamSet ** runtimeParamSet,struct HksParamSet ** keyblobParamSet,struct HuksKeyNode * keyNode)505 static void FreeParamsForBuildKeyNode(struct HksBlob *aad, struct HksParamSet **runtimeParamSet,
506 struct HksParamSet **keyblobParamSet, struct HuksKeyNode *keyNode)
507 {
508 if (aad != NULL && aad->data != NULL) {
509 HKS_FREE_BLOB(*aad);
510 }
511
512 if (runtimeParamSet != NULL && *runtimeParamSet != NULL) {
513 HksFreeParamSet(runtimeParamSet);
514 }
515
516 if (keyblobParamSet != NULL && *keyblobParamSet != NULL) {
517 FreeKeyBlobParamSet(keyblobParamSet);
518 }
519
520 if (keyNode != NULL) {
521 HKS_FREE(keyNode);
522 }
523 }
524
HksCreateKeyNode(const struct HksBlob * key,const struct HksParamSet * paramSet)525 struct HuksKeyNode *HksCreateKeyNode(const struct HksBlob *key, const struct HksParamSet *paramSet)
526 {
527 struct HuksKeyNode *keyNode = (struct HuksKeyNode *)HksMalloc(sizeof(struct HuksKeyNode));
528 HKS_IF_NULL_LOGE_RETURN(keyNode, NULL, "malloc hks keyNode failed")
529
530 int32_t ret;
531 struct HksBlob aad = { 0, NULL };
532 struct HksParamSet *runtimeParamSet = NULL;
533 struct HksParamSet *keyBlobParamSet = NULL;
534 do {
535 ret = GenerateKeyNodeHandle(&keyNode->handle);
536 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get keynode handle failed")
537
538 ret = BuildRuntimeParamSet(paramSet, &runtimeParamSet);
539 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get runtime paramSet failed")
540
541 ret = HksGetAadAndParamSet(key, &aad, &keyBlobParamSet);
542 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get aad and paramSet failed")
543
544 ret = HksDecryptKeyBlob(&aad, keyBlobParamSet);
545 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "decrypt keyBlob failed")
546
547 ret = AddKeyNode(keyNode, GetTokenIdFromParamSet(runtimeParamSet));
548 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "add keyNode failed")
549 } while (0);
550
551 if (ret != HKS_SUCCESS) {
552 FreeParamsForBuildKeyNode(&aad, &runtimeParamSet, &keyBlobParamSet, keyNode);
553 return NULL;
554 }
555
556 keyNode->keyBlobParamSet = keyBlobParamSet;
557 keyNode->runtimeParamSet = runtimeParamSet;
558 keyNode->authRuntimeParamSet = NULL;
559
560 HKS_FREE_BLOB(aad);
561 return keyNode;
562 }
563 #endif // _STORAGE_LITE_
564
HksQueryKeyNode(uint64_t handle)565 struct HuksKeyNode *HksQueryKeyNode(uint64_t handle)
566 {
567 struct HuksKeyNode *keyNode = NULL;
568 HksMutexLock(HksGetHuksMutex());
569 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
570 if (keyNode != NULL && keyNode->handle == handle) {
571 HksMutexUnlock(HksGetHuksMutex());
572 return keyNode;
573 }
574 }
575 HksMutexUnlock(HksGetHuksMutex());
576 return NULL;
577 }
578
HksDeleteKeyNode(uint64_t handle)579 void HksDeleteKeyNode(uint64_t handle)
580 {
581 struct HuksKeyNode *keyNode = NULL;
582 HksMutexLock(HksGetHuksMutex());
583 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
584 if (keyNode != NULL && keyNode->handle == handle) {
585 DeleteKeyNodeFree(keyNode);
586 HksMutexUnlock(HksGetHuksMutex());
587 return;
588 }
589 }
590 HksMutexUnlock(HksGetHuksMutex());
591 }
592
593 // free batch update keynode
HksFreeUpdateKeyNode(struct HuksKeyNode * keyNode)594 void HksFreeUpdateKeyNode(struct HuksKeyNode *keyNode)
595 {
596 if (keyNode == NULL) {
597 return;
598 }
599 FreeRuntimeParamSet(&keyNode->runtimeParamSet);
600 HKS_FREE(keyNode);
601 }
602 #endif /* _CUT_AUTHENTICATE_ */