1 /*
2  * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @file hks_hdi.h
18  *
19  * @brief Declares hdi interface
20  *
21  * @since 8
22  */
23 
24 #ifndef HUKS_HDI_H
25 #define HUKS_HDI_H
26 
27 #include "hks_param.h"
28 #include "hks_type.h"
29 
30 #define HDI_ADAPTER_PARAM(oldParamPtr, newParamPtr) ((oldParamPtr) == NULL ?  NULL : (newParamPtr))
31 
32 #define HDI_CONVERTER_PARAM_IN_BLOB(fromHksBlobPtr, toHuksBlob) \
33     if ((fromHksBlobPtr) != NULL) {     \
34         (toHuksBlob).data = (fromHksBlobPtr)->data;            \
35         (toHuksBlob).dataLen = (fromHksBlobPtr)->size;         \
36     }
37 
38 #define HDI_CONVERTER_PARAM_IN_PARAMSET(fromHksParamSetPtr, toHuksParamSet)               \
39     if ((fromHksParamSetPtr) != NULL && (fromHksParamSetPtr)->paramSetSize >= sizeof(struct HksParamSet)) {  \
40         (toHuksParamSet).data = (uint8_t *)(fromHksParamSetPtr);                         \
41         (toHuksParamSet).dataLen = (fromHksParamSetPtr)->paramSetSize;                   \
42     }
43 
44 #define HDI_CONVERTER_PARAM_OUT_BLOB(fromHuksBlob, toHksBlobPtr)  \
45     if ((toHksBlobPtr) != NULL) {       \
46         (toHksBlobPtr)->data = (fromHuksBlob).data;              \
47         (toHksBlobPtr)->size = (fromHuksBlob).dataLen;           \
48     }
49 
50 
51 #define HDI_CONVERTER_FUNC_GENERATEKEY(keyAlias, paramSet, keyIn, keyOut, ret, func) \
52     struct HuksBlob keyAliasCore = {0};  \
53     struct HuksParamSet paramSetCore = {0};  \
54     struct HuksBlob keyInCore = {0};  \
55     struct HuksBlob keyOutCore = {0};  \
56     HDI_CONVERTER_PARAM_IN_BLOB(keyAlias, keyAliasCore)  \
57     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
58     HDI_CONVERTER_PARAM_IN_BLOB(keyIn, keyInCore)  \
59     HDI_CONVERTER_PARAM_IN_BLOB(keyOut, keyOutCore)  \
60     ret = (func)(HDI_ADAPTER_PARAM(keyAlias, &keyAliasCore),  \
61                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
62                  HDI_ADAPTER_PARAM(keyIn, &keyInCore),        \
63                  HDI_ADAPTER_PARAM(keyOut, &keyOutCore));  \
64     HDI_CONVERTER_PARAM_OUT_BLOB(keyOutCore, keyOut)
65 
66 #define HDI_CONVERTER_FUNC_IMPORTKEY(keyAlias, key, paramSet, keyOut, ret, func) \
67     struct HuksBlob keyAliasCore = {0};   \
68     struct HuksParamSet paramSetCore = {0};   \
69     struct HuksBlob keyCore = {0};   \
70     struct HuksBlob keyOutCore = {0};   \
71     HDI_CONVERTER_PARAM_IN_BLOB(keyAlias, keyAliasCore)   \
72     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)   \
73     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)   \
74     HDI_CONVERTER_PARAM_IN_BLOB(keyOut, keyOutCore)   \
75     ret = (func)(HDI_ADAPTER_PARAM(keyAlias, &keyAliasCore), \
76                  HDI_ADAPTER_PARAM(key, &keyCore),   \
77                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore), \
78                  HDI_ADAPTER_PARAM(keyOut, &keyOutCore));   \
79     HDI_CONVERTER_PARAM_OUT_BLOB(keyOutCore, keyOut)
80 
81 #define HDI_CONVERTER_FUNC_IMPORTWRAPPEDKEY(wrappedKeyAlias, key, wrappedKeyData, paramSet, keyOut, ret, func)   \
82     struct HuksBlob wrappingKeyAliasCore = {0};  \
83     struct HuksBlob keyCore = {0};  \
84     struct HuksBlob wrappedKeyDataCore = {0};  \
85     struct HuksParamSet paramSetCore = {0};  \
86     struct HuksBlob keyOutCore = {0};  \
87     HDI_CONVERTER_PARAM_IN_BLOB(wrappingKeyAlias, wrappingKeyAliasCore)  \
88     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
89     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
90     HDI_CONVERTER_PARAM_IN_BLOB(wrappedKeyData, wrappedKeyDataCore)  \
91     HDI_CONVERTER_PARAM_IN_BLOB(keyOut, keyOutCore)  \
92     ret = (func)(HDI_ADAPTER_PARAM(wrappingKeyAlias, &wrappedKeyDataCore),  \
93                  HDI_ADAPTER_PARAM(key, &keyCore),  \
94                  HDI_ADAPTER_PARAM(wrappedKeyData, &wrappedKeyDataCore),  \
95                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
96                  HDI_ADAPTER_PARAM(keyOut, &keyOutCore));  \
97     HDI_CONVERTER_PARAM_OUT_BLOB(keyOutCore, keyOut)
98 
99 #define HDI_CONVERTER_FUNC_EXPORTPUBLICKEY(key, paramSet, keyOut, ret, func)  \
100     struct HuksBlob keyCore = {0};  \
101     struct HuksParamSet paramSetCore = {0};  \
102     struct HuksBlob keyOutCore = {0};  \
103     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
104     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
105     HDI_CONVERTER_PARAM_IN_BLOB(keyOut, keyOutCore)  \
106     ret = (func)(HDI_ADAPTER_PARAM(key, &keyCore),  \
107                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
108                  HDI_ADAPTER_PARAM(keyOut, &keyOutCore));  \
109     HDI_CONVERTER_PARAM_OUT_BLOB(keyOutCore, keyOut)
110 
111 #define HDI_CONVERTER_FUNC_INIT(key, paramSet, handle, token, ret, func)  \
112     struct HuksBlob keyCore = {0};  \
113     struct HuksParamSet paramSetCore = {0};  \
114     struct HuksBlob handleCore = {0};  \
115     struct HuksBlob tokenCore = {0};  \
116     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
117     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
118     HDI_CONVERTER_PARAM_IN_BLOB(handle, handleCore)  \
119     HDI_CONVERTER_PARAM_IN_BLOB(token, tokenCore)  \
120     ret = (func)(HDI_ADAPTER_PARAM(key, &keyCore),  \
121                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
122                  HDI_ADAPTER_PARAM(handle, &handleCore),  \
123                  HDI_ADAPTER_PARAM(token, &tokenCore));  \
124     HDI_CONVERTER_PARAM_OUT_BLOB(handleCore, handle)  \
125     HDI_CONVERTER_PARAM_OUT_BLOB(tokenCore, token)
126 
127 #define HDI_CONVERTER_FUNC_UPDATE(handle, paramSet, inData, outData, ret, func)  \
128     struct HuksBlob handleCore = {0};  \
129     struct HuksParamSet paramSetCore = {0};  \
130     struct HuksBlob inDataCore = {0};  \
131     struct HuksBlob outDataCore = {0};  \
132     HDI_CONVERTER_PARAM_IN_BLOB(handle, handleCore)  \
133     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
134     HDI_CONVERTER_PARAM_IN_BLOB(inData, inDataCore)  \
135     HDI_CONVERTER_PARAM_IN_BLOB(outData, outDataCore)  \
136     ret = (func)(HDI_ADAPTER_PARAM(handle, &handleCore),  \
137                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
138                  HDI_ADAPTER_PARAM(inData, &inDataCore),  \
139                  HDI_ADAPTER_PARAM(outData, &outDataCore));  \
140     HDI_CONVERTER_PARAM_OUT_BLOB(outDataCore, outData)
141 
142 #define HDI_CONVERTER_FUNC_FINISH(handle, paramSet, inData, outData, ret, func)  \
143     struct HuksBlob handleCore = {0};  \
144     struct HuksParamSet paramSetCore = {0};  \
145     struct HuksBlob inDataCore = {0};  \
146     struct HuksBlob outDataCore = {0};  \
147     HDI_CONVERTER_PARAM_IN_BLOB(handle, handleCore)  \
148     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
149     HDI_CONVERTER_PARAM_IN_BLOB(inData, inDataCore)  \
150     HDI_CONVERTER_PARAM_IN_BLOB(outData, outDataCore)  \
151     ret = (func)(HDI_ADAPTER_PARAM(handle, &handleCore),  \
152                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
153                  HDI_ADAPTER_PARAM(inData, &inDataCore),  \
154                  HDI_ADAPTER_PARAM(outData, &outDataCore));  \
155     HDI_CONVERTER_PARAM_OUT_BLOB(outDataCore, outData)
156 
157 #define HDI_CONVERTER_FUNC_ABORT(handle, paramSet, ret, func)  \
158     struct HuksBlob handleCore = {0};  \
159     struct HuksParamSet paramSetCore = {0};  \
160     HDI_CONVERTER_PARAM_IN_BLOB(handle, handleCore)  \
161     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
162     ret = (func)(HDI_ADAPTER_PARAM(handle, &handleCore),  \
163                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore));
164 
165 #define HDI_CONVERTER_FUNC_CHECKKEYVALIDITY(paramSet, key, ret, func)  \
166     struct HuksBlob keyCore = {0};  \
167     struct HuksParamSet paramSetCore = {0};  \
168     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
169     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
170     ret = (func)(HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
171                  HDI_ADAPTER_PARAM(key, &keyCore));
172 
173 #define HDI_CONVERTER_FUNC_ATTESTKEY(key, paramSet, certChain, ret, func)  \
174     struct HuksBlob keyCore = {0};  \
175     struct HuksParamSet paramSetCore = {0};  \
176     struct HuksBlob certChainCore = {0};  \
177     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
178     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
179     HDI_CONVERTER_PARAM_IN_BLOB(certChain, certChainCore)  \
180     ret = (func)(HDI_ADAPTER_PARAM(key, &keyCore),  \
181                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
182                  HDI_ADAPTER_PARAM(certChain, &certChainCore));  \
183     HDI_CONVERTER_PARAM_OUT_BLOB(certChainCore, certChain)
184 
185 #define HDI_CONVERTER_FUNC_GENERATERANDOM(paramSet, random, ret, func)  \
186     struct HuksParamSet paramSetCore = {0};  \
187     struct HuksBlob randomCore = {0};  \
188     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
189     HDI_CONVERTER_PARAM_IN_BLOB(random, randomCore)  \
190     ret = (func)(HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
191                  HDI_ADAPTER_PARAM(random, &randomCore));  \
192     HDI_CONVERTER_PARAM_OUT_BLOB(randomCore, random)
193 
194 #define HDI_CONVERTER_FUNC_SIGN(key, paramSet, srcData, signature, ret, func) \
195     struct HuksBlob keyCore = {0}; \
196     struct HuksParamSet paramSetCore = {0}; \
197     struct HuksBlob srcDataCore = {0}; \
198     struct HuksBlob signatureCore = {0}; \
199     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore) \
200     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore) \
201     HDI_CONVERTER_PARAM_IN_BLOB(srcData, srcDataCore) \
202     HDI_CONVERTER_PARAM_IN_BLOB(signature, signatureCore) \
203     ret = (func)(HDI_ADAPTER_PARAM(key, &keyCore), \
204                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore), \
205                  HDI_ADAPTER_PARAM(srcData, &srcDataCore), \
206                  HDI_ADAPTER_PARAM(signature, &signatureCore)); \
207     HDI_CONVERTER_PARAM_OUT_BLOB(signatureCore, signature)
208 
209 #define HDI_CONVERTER_FUNC_VERIFY(key, paramSet, srcData, signature, ret, func)  \
210     struct HuksBlob keyCore = {0};  \
211     struct HuksParamSet paramSetCore = {0};  \
212     struct HuksBlob srcDataCore = {0};  \
213     struct HuksBlob signatureCore = {0};  \
214     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
215     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
216     HDI_CONVERTER_PARAM_IN_BLOB(srcData, srcDataCore)  \
217     HDI_CONVERTER_PARAM_IN_BLOB(signature, signatureCore)  \
218     ret = (func)(HDI_ADAPTER_PARAM(key, &keyCore),  \
219                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
220                  HDI_ADAPTER_PARAM(srcData, &srcDataCore),  \
221                  HDI_ADAPTER_PARAM(signature, &signatureCore));
222 
223 #define HDI_CONVERTER_FUNC_ENCRYPT(key, paramSet, plainText, cipherText, ret, func)  \
224     struct HuksBlob keyCore = {0};  \
225     struct HuksParamSet paramSetCore = {0};  \
226     struct HuksBlob plainTextCore = {0};  \
227     struct HuksBlob cipherTextCore = {0};  \
228     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
229     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
230     HDI_CONVERTER_PARAM_IN_BLOB(plainText, plainTextCore)  \
231     HDI_CONVERTER_PARAM_IN_BLOB(cipherText, cipherTextCore)  \
232     ret = (func)(HDI_ADAPTER_PARAM(key, &keyCore),  \
233                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
234                  HDI_ADAPTER_PARAM(plainText, &plainTextCore),  \
235                  HDI_ADAPTER_PARAM(cipherText, &cipherTextCore));  \
236     HDI_CONVERTER_PARAM_OUT_BLOB(cipherTextCore, cipherText)
237 
238 #define HDI_CONVERTER_FUNC_DECRYPT(key, paramSet, cipherText, plainText, ret, func)  \
239     struct HuksBlob keyCore = {0};  \
240     struct HuksParamSet paramSetCore = {0};  \
241     struct HuksBlob cipherTextCore = {0};  \
242     struct HuksBlob plainTextCore = {0};  \
243     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
244     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
245     HDI_CONVERTER_PARAM_IN_BLOB(cipherText, cipherTextCore)  \
246     HDI_CONVERTER_PARAM_IN_BLOB(plainText, plainTextCore)  \
247     ret = (func)(HDI_ADAPTER_PARAM(key, &keyCore),  \
248                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
249                  HDI_ADAPTER_PARAM(cipherText, &cipherTextCore),  \
250                  HDI_ADAPTER_PARAM(plainText, &plainTextCore));  \
251     HDI_CONVERTER_PARAM_OUT_BLOB(plainTextCore, plainText)
252 
253 #define HDI_CONVERTER_FUNC_AGREEKEY(paramSet, privateKey, peerPublicKey, agreedKey, ret, func)  \
254     struct HuksParamSet paramSetCore = {0};  \
255     struct HuksBlob privateKeyCore = {0};  \
256     struct HuksBlob peerPublicKeyCore = {0};  \
257     struct HuksBlob agreedKeyCore = {0};  \
258     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
259     HDI_CONVERTER_PARAM_IN_BLOB(privateKey, privateKeyCore)  \
260     HDI_CONVERTER_PARAM_IN_BLOB(peerPublicKey, peerPublicKeyCore)  \
261     HDI_CONVERTER_PARAM_IN_BLOB(agreedKey, agreedKeyCore)  \
262     ret = (func)(HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
263                  HDI_ADAPTER_PARAM(privateKey, &privateKeyCore),  \
264                  HDI_ADAPTER_PARAM(peerPublicKey, &peerPublicKeyCore),  \
265                  HDI_ADAPTER_PARAM(agreedKey, &agreedKeyCore));  \
266     HDI_CONVERTER_PARAM_OUT_BLOB(agreedKeyCore, agreedKey)
267 
268 
269 #define HDI_CONVERTER_FUNC_DERIVEKEY(paramSet, kdfKey, derivedKey, ret, func)  \
270     struct HuksParamSet paramSetCore = {0};  \
271     struct HuksBlob kdfKeyCore = {0};  \
272     struct HuksBlob derivedKeyCore = {0};  \
273     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
274     HDI_CONVERTER_PARAM_IN_BLOB(kdfKey, kdfKeyCore)  \
275     HDI_CONVERTER_PARAM_IN_BLOB(derivedKey, derivedKeyCore)  \
276     ret = (func)(HDI_ADAPTER_PARAM(paramSet, &paramSetCore), \
277                  HDI_ADAPTER_PARAM(kdfKey, &kdfKeyCore),  \
278                  HDI_ADAPTER_PARAM(derivedKey, &derivedKeyCore));  \
279     HDI_CONVERTER_PARAM_OUT_BLOB(derivedKeyCore, derivedKey)
280 
281 #define HDI_CONVERTER_FUNC_MAC(key, paramSet, srcData, mac, ret, func)  \
282     struct HuksParamSet paramSetCore = {0};  \
283     struct HuksBlob keyCore = {0};  \
284     struct HuksBlob srcDataCore = {0};  \
285     struct HuksBlob macCore = {0};  \
286     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
287     HDI_CONVERTER_PARAM_IN_BLOB(key, keyCore)  \
288     HDI_CONVERTER_PARAM_IN_BLOB(srcData, srcDataCore)  \
289     HDI_CONVERTER_PARAM_IN_BLOB(mac, macCore)  \
290     ret = (func)(HDI_ADAPTER_PARAM(key, &keyCore),  \
291                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
292                  HDI_ADAPTER_PARAM(srcData, &srcDataCore),  \
293                  HDI_ADAPTER_PARAM(mac, &macCore));  \
294     HDI_CONVERTER_PARAM_OUT_BLOB(macCore, mac)
295 
296 #define HDI_CONVERTER_FUNC_UPGRADEKEY(oldKey, paramSet, newKey, ret, func)  \
297     struct HuksParamSet paramSetCore = {0};  \
298     struct HuksBlob oldKeyCore = {0};  \
299     struct HuksBlob newKeyCore = {0};  \
300     HDI_CONVERTER_PARAM_IN_PARAMSET(paramSet, paramSetCore)  \
301     HDI_CONVERTER_PARAM_IN_BLOB(oldKey, oldKeyCore)  \
302     HDI_CONVERTER_PARAM_IN_BLOB(newKey, newKeyCore)  \
303     ret = (func)(HDI_ADAPTER_PARAM(oldKey, &oldKeyCore),  \
304                  HDI_ADAPTER_PARAM(paramSet, &paramSetCore),  \
305                  HDI_ADAPTER_PARAM(newKey, &newKeyCore));  \
306     HDI_CONVERTER_PARAM_OUT_BLOB(newKeyCore, newKey)
307 
308 #define HDI_CONVERTER_FUNC_EXPORTCHIPSETPLATFORMPUBLICKEY(salt, scene, publicKey, ret, func)  \
309     struct HuksBlob saltCore = {0};  \
310     struct HuksBlob publicKeyCore = {0};  \
311     uint32_t sceneInt = (uint32_t) scene;  \
312     HDI_CONVERTER_PARAM_IN_BLOB(salt, saltCore)  \
313     HDI_CONVERTER_PARAM_IN_BLOB(publicKey, publicKeyCore)  \
314     ret = (func)(HDI_ADAPTER_PARAM(salt, &saltCore),  \
315               sceneInt,  \
316               HDI_ADAPTER_PARAM(publicKey, &publicKeyCore));  \
317     HDI_CONVERTER_PARAM_OUT_BLOB(publicKeyCore, publicKey)
318 
319 struct HuksHdi {
320     /**
321      * @brief HUKS initialize
322      * @return error code, see hks_type.h
323      */
324     int32_t (*HuksHdiModuleInit)(void);
325 
326     /**
327      * @brief HUKS destroy
328      * @return error code, see hks_type.h
329      */
330     int32_t (*HuksHdiModuleDestroy)(void);
331 
332     /**
333      * @brief HUKS fresh key info
334      * @return error code, see hks_type.h
335      */
336     int32_t (*HuksHdiRefresh)(void);
337 
338     /**
339      * @brief Generate key
340      * @param keyAlias key alias
341      * @param paramSet required parameter set
342      * @param keyIn key to generate key
343      * @param keyOut output key
344      * @return error code, see hks_type.h
345      */
346     int32_t (*HuksHdiGenerateKey)(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
347         const struct HksBlob *keyIn, struct HksBlob *keyOut);
348 
349     /**
350      * @brief Import key
351      * @param keyAlias key alias
352      * @param key the key needs to be imported
353      * @param paramSet required parameter set
354      * @param keyOut output key
355      * @return error code, see hks_type.h
356      */
357     int32_t (*HuksHdiImportKey)(const struct HksBlob *keyAlias, const struct HksBlob *key,
358         const struct HksParamSet *paramSet, struct HksBlob *keyOut);
359 
360     /**
361      * @brief Import wrapped key
362      * @param wrappingKeyAlias alias used to decrypt the key data after the wrap
363      * @param key the key to wrap key
364      * @param wrappedKeyData wrapped key data out
365      * @param paramSet required parameter set
366      * @param keyOut output key
367      * @return error code, see hks_type.h
368      */
369     int32_t (*HuksHdiImportWrappedKey)(const struct HksBlob *wrappingKeyAlias, const struct HksBlob *key,
370         const struct HksBlob *wrappedKeyData, const struct HksParamSet *paramSet, struct HksBlob *keyOut);
371 
372     /**
373      * @brief Export public key
374      * @param key key need to export
375      * @param paramSet required parameter set
376      * @param keyOut exported key
377      * @return error code, see hks_type.h
378      */
379     int32_t (*HuksHdiExportPublicKey)(const struct HksBlob *key, const struct HksParamSet *paramSet,
380         struct HksBlob *keyOut);
381 
382     /**
383      * @brief Init operation
384      * @param key the key
385      * @param paramSet required parameter set
386      * @param handle operation handle
387      * @param token token
388      * @return error code, see hks_type.h
389      */
390     int32_t (*HuksHdiInit)(const struct HksBlob *key, const struct HksParamSet *paramSet, struct HksBlob *handle,
391         struct HksBlob *token);
392 
393     /**
394      * @brief Update operation
395      * @param handle operation handle
396      * @param paramSet required parameter set
397      * @param inData the data to update
398      * @param outData output data
399      * @return error code, see hks_type.h
400      */
401     int32_t (*HuksHdiUpdate)(const struct HksBlob *handle, const struct HksParamSet *paramSet,
402         const struct HksBlob *inData, struct HksBlob *outData);
403 
404     /**
405      * @brief Finish operation
406      * @param handle operation handle
407      * @param paramSet required parameter set
408      * @param inData the data to update
409      * @param outData output data
410      * @return error code, see hks_type.h
411      */
412     int32_t (*HuksHdiFinish)(const struct HksBlob *handle, const struct HksParamSet *paramSet,
413         const struct HksBlob *inData, struct HksBlob *outData);
414 
415     /**
416      * @brief Finish operation
417      * @param handle operation handle
418      * @param paramSet required parameter set
419      * @return error code, see hks_type.h
420      */
421     int32_t (*HuksHdiAbort)(const struct HksBlob *handle, const struct HksParamSet *paramSet);
422 
423     /**
424      * @brief Get key properties
425      * @param paramSet required parameter set
426      * @param key the key
427      * @return error code, see hks_type.h
428      */
429     int32_t (*HuksHdiGetKeyProperties)(const struct HksParamSet *paramSet, const struct HksBlob *key);
430 
431     /**
432      * @brief Attest key
433      * @param key the key
434      * @param paramSet required parameter set
435      * @param certChain cert chain
436      * @return error code, see hks_type.h
437      */
438     int32_t (*HuksHdiAttestKey)(const struct HksBlob *key, const struct HksParamSet *paramSet,
439         struct HksBlob *certChain);
440 
441     /**
442      * @brief Get ability
443      * @param funcType the function type
444      * @return error code, see hks_type.h
445      */
446     int32_t (*HuksHdiGetAbility)(int32_t funcType);
447 
448     /**
449      * @brief Get hardware info
450      * @return error code, see hks_type.h
451      */
452     int32_t (*HuksHdiGetHardwareInfo)(void);
453 
454     /**
455      * @brief Calculate mac header
456      * @param paramSet required parameter set
457      * @param salt the salt value
458      * @param srcData the data to calculte
459      * @param mac output mac value
460      * @return error code, see hks_type.h
461      */
462     int32_t (*HuksHdiCalcMacHeader)(const struct HksParamSet *paramSet, const struct HksBlob *salt,
463         const struct HksBlob *srcData, struct HksBlob *mac);
464 
465     /**
466      * @brief Upgrade key info
467      * @param keyAlias key alias
468      * @param keyInfo key info
469      * @param keyOut output key value
470      * @return error code, see hks_type.h
471      */
472     int32_t (*HuksHdiUpgradeKeyInfo)(const struct HksBlob *keyAlias, const struct HksBlob *keyInfo,
473         struct HksBlob *keyOut);
474 
475     /**
476      * @brief Generate random
477      * @param paramSet required parameter set
478      * @param random output random
479      * @return error code, see hks_type.h
480      */
481     int32_t (*HuksHdiGenerateRandom)(const struct HksParamSet *paramSet, struct HksBlob *random);
482 
483     /**
484      * @brief Sign operation
485      * @param key required key to sign data
486      * @param paramSet required parameter set
487      * @param srcData the data needs to sign
488      * @param signature signatured data
489      * @return error code, see hks_type.h
490      */
491     int32_t (*HuksHdiSign)(const struct HksBlob *key, const struct HksParamSet *paramSet,
492         const struct HksBlob *srcData, struct HksBlob *signature);
493 
494     /**
495      * @brief Verify operation
496      * @param key required key to verify data
497      * @param paramSet required parameter set
498      * @param srcData the data needs to verify
499      * @param signature verified data
500      * @return error code, see hks_type.h
501      */
502     int32_t (*HuksHdiVerify)(const struct HksBlob *key, const struct HksParamSet *paramSet,
503         const struct HksBlob *srcData, const struct HksBlob *signature);
504 
505     /**
506      * @brief Encrypt operation
507      * @param key required key to encrypt data
508      * @param paramSet required parameter set
509      * @param plainText the data needs to encrypt
510      * @param cipherText encrypted data
511      * @return error code, see hks_type.h
512      */
513     int32_t (*HuksHdiEncrypt)(const struct HksBlob *key, const struct HksParamSet *paramSet,
514         const struct HksBlob *plainText, struct HksBlob *cipherText);
515 
516     /**
517      * @brief Decrypt operation
518      * @param key required key to decrypt data
519      * @param paramSet required parameter set
520      * @param cipherText the data needs to decrypt
521      * @param plainText decrypted data
522      * @return error code, see hks_type.h
523      */
524     int32_t (*HuksHdiDecrypt)(const struct HksBlob *key, const struct HksParamSet *paramSet,
525         const struct HksBlob *cipherText, struct HksBlob *plainText);
526 
527     /**
528      * @brief Agree key
529      * @param paramSet required parameter set
530      * @param privateKey self private key
531      * @param peerPublicKey peer public key
532      * @param agreedKey agreed key
533      * @return error code, see hks_type.h
534      */
535     int32_t (*HuksHdiAgreeKey)(const struct HksParamSet *paramSet, const struct HksBlob *privateKey,
536         const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey);
537 
538     /**
539      * @brief Derive key
540      * @param paramSet required parameter set
541      * @param kdfKey main key to derive key
542      * @param derivedKey derived key
543      * @return error code, see hks_type.h
544      */
545     int32_t (*HuksHdiDeriveKey)(const struct HksParamSet *paramSet, const struct HksBlob *kdfKey,
546         struct HksBlob *derivedKey);
547 
548     /**
549      * @brief Mac operation
550      * @param key main key to derive key
551      * @param paramSet required parameter set
552      * @param srcData data needs to mac
553      * @param mac mac value
554      * @return error code, see hks_type.h
555      */
556     int32_t (*HuksHdiMac)(const struct HksBlob *key, const struct HksParamSet *paramSet,
557         const struct HksBlob *srcData, struct HksBlob *mac);
558 
559     /**
560      * @brief Upgrade key
561      * @param oldKey old key to be upgraded
562      * @param paramSet required parameter set
563      * @param newKey new key
564      * @return error code, see hks_type.h
565      */
566     int32_t (*HuksHdiUpgradeKey)(const struct HksBlob *oldKey, const struct HksParamSet *paramSet,
567         struct HksBlob *newKey);
568 
569     /**
570      * @brief Export chipset platform publicKey
571      * @param salt salt value
572      * @param scene scene
573      * @param publicKey public key
574      * @return error code, see hks_type.h
575      */
576     int32_t (*HuksHdiExportChipsetPlatformPublicKey)(const struct HksBlob *salt,
577         enum HksChipsetPlatformDecryptScene scene, struct HksBlob *publicKey);
578 };
579 
580 #endif /* HUKS_HDI_H */
581