1 /* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include "hks_type_enum.h" 17 #ifdef HKS_CONFIG_FILE 18 #include HKS_CONFIG_FILE 19 #else 20 #include "hks_config.h" 21 #endif 22 23 #include "hks_api.h" 24 25 #include <inttypes.h> 26 #include <stddef.h> 27 #include <string.h> 28 29 #include "hks_api_adapter.h" 30 31 #include "hks_client_ipc.h" 32 #include "hks_local_engine.h" 33 #include "hks_ability.h" 34 #include "hks_log.h" 35 #include "hks_mem.h" 36 #include "hks_param.h" 37 #include "hks_template.h" 38 #include "hks_type.h" 39 #include "hks_util.h" 40 41 #include "securec.h" 42 43 #ifdef HKS_SUPPORT_API_ATTEST_KEY 44 #include "hks_verifier.h" 45 #endif 46 47 #ifdef _CUT_AUTHENTICATE_ 48 #undef HKS_SUPPORT_API_GENERATE_KEY 49 #undef HKS_SUPPORT_API_IMPORT 50 #undef HKS_SUPPORT_API_EXPORT 51 #undef HKS_SUPPORT_API_DELETE_KEY 52 #undef HKS_SUPPORT_API_GET_KEY_PARAM_SET 53 #undef HKS_SUPPORT_API_KEY_EXIST 54 #undef HKS_SUPPORT_API_SIGN_VERIFY 55 #undef HKS_SUPPORT_API_SIGN_VERIFY 56 #undef HKS_SUPPORT_API_AGREE_KEY 57 #undef HKS_SUPPORT_API_HASH 58 #undef HKS_SUPPORT_API_GET_KEY_INFO_LIST 59 #undef HKS_SUPPORT_API_ATTEST_KEY 60 #undef HKS_SUPPORT_API_GET_CERTIFICATE_CHAIN 61 #endif 62 HksGetSdkVersion(struct HksBlob * sdkVersion)63 HKS_API_EXPORT int32_t HksGetSdkVersion(struct HksBlob *sdkVersion) 64 { 65 if ((sdkVersion == NULL) || (sdkVersion->data == NULL)) { 66 return HKS_ERROR_NULL_POINTER; 67 } 68 69 uint32_t versionLen = strlen(HKS_SDK_VERSION); 70 if (sdkVersion->size < (versionLen + 1)) { 71 return HKS_ERROR_INVALID_ARGUMENT; 72 } 73 74 (void)memcpy_s(sdkVersion->data, sdkVersion->size, HKS_SDK_VERSION, versionLen); 75 76 sdkVersion->data[versionLen] = '\0'; 77 sdkVersion->size = versionLen; 78 return HKS_SUCCESS; 79 } 80 HksInitialize(void)81 HKS_API_EXPORT int32_t HksInitialize(void) 82 { 83 #ifndef _CUT_AUTHENTICATE_ 84 HKS_LOG_D("enter initialize"); 85 int32_t ret = HksClientInitialize(); 86 HKS_LOG_D("leave initialize, result = %" LOG_PUBLIC "d", ret); 87 return ret; 88 #else 89 (void)HksCryptoAbilityInit(); 90 return HKS_SUCCESS; 91 #endif 92 } 93 HksRefreshKeyInfo(void)94 HKS_API_EXPORT int32_t HksRefreshKeyInfo(void) 95 { 96 #ifndef _CUT_AUTHENTICATE_ 97 HKS_LOG_D("enter refresh key info"); 98 int32_t ret = HksClientRefreshKeyInfo(); 99 HKS_LOG_D("leave refresh key info, result = %" LOG_PUBLIC "d", ret); 100 return ret; 101 #else 102 return HKS_ERROR_API_NOT_SUPPORTED; 103 #endif 104 } 105 HksGenerateKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)106 HKS_API_EXPORT int32_t HksGenerateKey(const struct HksBlob *keyAlias, 107 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut) 108 { 109 #ifdef HKS_SUPPORT_API_GENERATE_KEY 110 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 111 struct HksParam *storageFlag = NULL; 112 int32_t ret = HksGetParam(paramSetIn, HKS_TAG_KEY_STORAGE_FLAG, &storageFlag); 113 if ((ret == HKS_SUCCESS) && (storageFlag->uint32Param == HKS_STORAGE_TEMP)) { 114 if ((paramSetIn == NULL) || (paramSetOut == NULL)) { 115 return HKS_ERROR_NULL_POINTER; 116 } 117 ret = HksLocalGenerateKey(paramSetIn, paramSetOut); 118 HKS_LOG_D("leave generate temp key, result = %" LOG_PUBLIC "d", ret); 119 return ret; 120 } 121 122 /* generate persistent keys */ 123 if ((paramSetIn == NULL) || (keyAlias == NULL)) { 124 return HKS_ERROR_NULL_POINTER; 125 } 126 ret = HksClientGenerateKey(keyAlias, paramSetIn, paramSetOut); 127 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 128 return ret; 129 #else 130 (void)keyAlias; 131 (void)paramSetIn; 132 (void)paramSetOut; 133 return HKS_ERROR_API_NOT_SUPPORTED; 134 #endif 135 } 136 HksImportKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,const struct HksBlob * key)137 HKS_API_EXPORT int32_t HksImportKey(const struct HksBlob *keyAlias, 138 const struct HksParamSet *paramSet, const struct HksBlob *key) 139 { 140 #ifdef HKS_SUPPORT_API_IMPORT 141 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 142 if ((keyAlias == NULL) || (paramSet == NULL) || (key == NULL)) { 143 return HKS_ERROR_NULL_POINTER; 144 } 145 int32_t ret = HksImportKeyAdapter(keyAlias, paramSet, key); 146 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 147 return ret; 148 #else 149 (void)keyAlias; 150 (void)paramSet; 151 (void)key; 152 return HKS_ERROR_API_NOT_SUPPORTED; 153 #endif 154 } 155 HksImportWrappedKey(const struct HksBlob * keyAlias,const struct HksBlob * wrappingKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * wrappedKeyData)156 HKS_API_EXPORT int32_t HksImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias, 157 const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData) 158 { 159 #ifdef HKS_SUPPORT_API_IMPORT_WRAPPED_KEY 160 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 161 if ((keyAlias == NULL) || (wrappingKeyAlias == NULL)|| (paramSet == NULL) || (wrappedKeyData == NULL)) { 162 return HKS_ERROR_NULL_POINTER; 163 } 164 int32_t ret = HksClientImportWrappedKey(keyAlias, wrappingKeyAlias, paramSet, wrappedKeyData); 165 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 166 return ret; 167 #else 168 (void)keyAlias; 169 (void)wrappingKeyAlias; 170 (void)paramSet; 171 (void)wrappedKeyData; 172 return HKS_ERROR_API_NOT_SUPPORTED; 173 #endif 174 } 175 HksExportPublicKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * key)176 HKS_API_EXPORT int32_t HksExportPublicKey(const struct HksBlob *keyAlias, 177 const struct HksParamSet *paramSet, struct HksBlob *key) 178 { 179 #ifdef HKS_SUPPORT_API_EXPORT 180 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 181 if ((keyAlias == NULL) || (key == NULL)) { 182 return HKS_ERROR_NULL_POINTER; 183 } 184 int32_t ret = HksExportPublicKeyAdapter(keyAlias, paramSet, key); 185 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 186 return ret; 187 #else 188 (void)keyAlias; 189 (void)paramSet; 190 (void)key; 191 return HKS_ERROR_API_NOT_SUPPORTED; 192 #endif 193 } 194 HksDeleteKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)195 HKS_API_EXPORT int32_t HksDeleteKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet) 196 { 197 #ifdef HKS_SUPPORT_API_DELETE_KEY 198 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 199 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER) 200 int32_t ret = HksClientDeleteKey(keyAlias, paramSet); 201 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 202 return ret; 203 #else 204 (void)keyAlias; 205 (void)paramSet; 206 return HKS_ERROR_API_NOT_SUPPORTED; 207 #endif 208 } 209 HksGetKeyParamSet(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)210 HKS_API_EXPORT int32_t HksGetKeyParamSet(const struct HksBlob *keyAlias, 211 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut) 212 { 213 #ifdef HKS_SUPPORT_API_GET_KEY_PARAM_SET 214 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 215 if ((keyAlias == NULL) || (paramSetOut == NULL)) { 216 return HKS_ERROR_NULL_POINTER; 217 } 218 int32_t ret = HksClientGetKeyParamSet(keyAlias, paramSetIn, paramSetOut); 219 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 220 return ret; 221 #else 222 (void)keyAlias; 223 (void)paramSetIn; 224 (void)paramSetOut; 225 return HKS_ERROR_API_NOT_SUPPORTED; 226 #endif 227 } 228 HksKeyExist(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)229 HKS_API_EXPORT int32_t HksKeyExist(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet) 230 { 231 #ifdef HKS_SUPPORT_API_KEY_EXIST 232 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 233 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER) 234 int32_t ret = HksClientKeyExist(keyAlias, paramSet); 235 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 236 return ret; 237 #else 238 (void)keyAlias; 239 (void)paramSet; 240 return HKS_ERROR_API_NOT_SUPPORTED; 241 #endif 242 } 243 HksGenerateRandom(const struct HksParamSet * paramSet,struct HksBlob * random)244 HKS_API_EXPORT int32_t HksGenerateRandom(const struct HksParamSet *paramSet, struct HksBlob *random) 245 { 246 #ifdef HKS_SUPPORT_API_GENERATE_RANDOM 247 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 248 HKS_IF_NULL_RETURN(random, HKS_ERROR_NULL_POINTER) 249 int32_t ret = HksClientGenerateRandom(random, paramSet); 250 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 251 return ret; 252 #else 253 (void)paramSet; 254 (void)random; 255 return HKS_ERROR_API_NOT_SUPPORTED; 256 #endif 257 } 258 HksSign(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * signature)259 HKS_API_EXPORT int32_t HksSign(const struct HksBlob *key, const struct HksParamSet *paramSet, 260 const struct HksBlob *srcData, struct HksBlob *signature) 261 { 262 #ifdef HKS_SUPPORT_API_SIGN_VERIFY 263 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 264 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) { 265 return HKS_ERROR_NULL_POINTER; 266 } 267 268 struct HksParam *isKeyAlias = NULL; 269 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias); 270 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) { 271 return HksLocalSign(key, paramSet, srcData, signature); 272 } 273 274 ret = HksClientSign(key, paramSet, srcData, signature); 275 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 276 return ret; 277 #else 278 (void)key; 279 (void)paramSet; 280 (void)srcData; 281 (void)signature; 282 return HKS_ERROR_API_NOT_SUPPORTED; 283 #endif 284 } 285 HksVerify(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,const struct HksBlob * signature)286 HKS_API_EXPORT int32_t HksVerify(const struct HksBlob *key, const struct HksParamSet *paramSet, 287 const struct HksBlob *srcData, const struct HksBlob *signature) 288 { 289 #ifdef HKS_SUPPORT_API_SIGN_VERIFY 290 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 291 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) { 292 return HKS_ERROR_NULL_POINTER; 293 } 294 295 struct HksParam *isKeyAlias = NULL; 296 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias); 297 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) { 298 ret = HksLocalVerify(key, paramSet, srcData, signature); 299 HKS_LOG_D("leave verify with plain key, result = %" LOG_PUBLIC "d", ret); 300 return ret; 301 } 302 ret = HksClientVerify(key, paramSet, srcData, signature); 303 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 304 return ret; 305 #else 306 (void)key; 307 (void)paramSet; 308 (void)srcData; 309 (void)signature; 310 return HKS_ERROR_API_NOT_SUPPORTED; 311 #endif 312 } 313 HksEncrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * plainText,struct HksBlob * cipherText)314 HKS_API_EXPORT int32_t HksEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet, 315 const struct HksBlob *plainText, struct HksBlob *cipherText) 316 { 317 #ifdef HKS_SUPPORT_API_CIPHER 318 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 319 if ((key == NULL) || (paramSet == NULL) || (plainText == NULL) || (cipherText == NULL)) { 320 return HKS_ERROR_NULL_POINTER; 321 } 322 323 struct HksParam *isKeyAlias = NULL; 324 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias); 325 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) { 326 ret = HksLocalEncrypt(key, paramSet, plainText, cipherText); 327 HKS_LOG_D("leave encrypt with plain key, result = %" LOG_PUBLIC "d", ret); 328 return ret; 329 } 330 #ifndef _CUT_AUTHENTICATE_ 331 ret = HksClientEncrypt(key, paramSet, plainText, cipherText); 332 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 333 return ret; 334 #else 335 return HKS_ERROR_NOT_SUPPORTED; 336 #endif 337 #else 338 (void)key; 339 (void)paramSet; 340 (void)plainText; 341 (void)cipherText; 342 return HKS_ERROR_API_NOT_SUPPORTED; 343 #endif 344 } 345 HksDecrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * cipherText,struct HksBlob * plainText)346 HKS_API_EXPORT int32_t HksDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet, 347 const struct HksBlob *cipherText, struct HksBlob *plainText) 348 { 349 #ifdef HKS_SUPPORT_API_CIPHER 350 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 351 if ((key == NULL) || (paramSet == NULL) || (cipherText == NULL) || (plainText == NULL)) { 352 return HKS_ERROR_NULL_POINTER; 353 } 354 355 struct HksParam *isKeyAlias = NULL; 356 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias); 357 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) { 358 ret = HksLocalDecrypt(key, paramSet, cipherText, plainText); 359 HKS_LOG_D("leave decrypt with plain key, result = %" LOG_PUBLIC "d", ret); 360 return ret; 361 } 362 #ifndef _CUT_AUTHENTICATE_ 363 ret = HksClientDecrypt(key, paramSet, cipherText, plainText); 364 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 365 return ret; 366 #else 367 return HKS_ERROR_NOT_SUPPORTED; 368 #endif 369 #else 370 (void)key; 371 (void)paramSet; 372 (void)plainText; 373 (void)cipherText; 374 return HKS_ERROR_API_NOT_SUPPORTED; 375 #endif 376 } 377 HksAgreeKey(const struct HksParamSet * paramSet,const struct HksBlob * privateKey,const struct HksBlob * peerPublicKey,struct HksBlob * agreedKey)378 HKS_API_EXPORT int32_t HksAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey, 379 const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey) 380 { 381 #ifdef HKS_SUPPORT_API_AGREE_KEY 382 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 383 if ((paramSet == NULL) || (privateKey == NULL) || (peerPublicKey == NULL) || (agreedKey == NULL)) { 384 return HKS_ERROR_NULL_POINTER; 385 } 386 387 struct HksParam *isKeyAlias = NULL; 388 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias); 389 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) { 390 ret = HksLocalAgreeKey(paramSet, privateKey, peerPublicKey, agreedKey); 391 HKS_LOG_D("leave agree key with plain key, result = %" LOG_PUBLIC "d", ret); 392 return ret; 393 } 394 395 ret = HksAgreeKeyAdapter(paramSet, privateKey, peerPublicKey, agreedKey); 396 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 397 return ret; 398 #else 399 (void)paramSet; 400 (void)privateKey; 401 (void)peerPublicKey; 402 (void)agreedKey; 403 return HKS_ERROR_API_NOT_SUPPORTED; 404 #endif 405 } 406 HksDeriveKey(const struct HksParamSet * paramSet,const struct HksBlob * mainKey,struct HksBlob * derivedKey)407 HKS_API_EXPORT int32_t HksDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey, 408 struct HksBlob *derivedKey) 409 { 410 #ifdef HKS_SUPPORT_API_DERIVE_KEY 411 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 412 if ((paramSet == NULL) || (mainKey == NULL) || (derivedKey == NULL)) { 413 return HKS_ERROR_NULL_POINTER; 414 } 415 416 struct HksParam *isKeyAlias = NULL; 417 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias); 418 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) { 419 ret = HksLocalDeriveKey(paramSet, mainKey, derivedKey); 420 HKS_LOG_D("leave derive key with plain key, result = %" LOG_PUBLIC "d", ret); 421 return ret; 422 } 423 #ifndef _CUT_AUTHENTICATE_ 424 ret = HksClientDeriveKey(paramSet, mainKey, derivedKey); 425 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 426 return ret; 427 #else 428 return HKS_ERROR_NOT_SUPPORTED; 429 #endif 430 #else 431 (void)paramSet; 432 (void)mainKey; 433 (void)derivedKey; 434 return HKS_ERROR_API_NOT_SUPPORTED; 435 #endif 436 } 437 HksMac(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * mac)438 HKS_API_EXPORT int32_t HksMac(const struct HksBlob *key, const struct HksParamSet *paramSet, 439 const struct HksBlob *srcData, struct HksBlob *mac) 440 { 441 #ifdef HKS_SUPPORT_API_MAC 442 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 443 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (mac == NULL)) { 444 return HKS_ERROR_NULL_POINTER; 445 } 446 447 struct HksParam *isKeyAlias = NULL; 448 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias); 449 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) { 450 ret = HksLocalMac(key, paramSet, srcData, mac); 451 HKS_LOG_D("leave mac with plain key, result = %" LOG_PUBLIC "d", ret); 452 return ret; 453 } 454 #ifndef _CUT_AUTHENTICATE_ 455 ret = HksClientMac(key, paramSet, srcData, mac); 456 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 457 return ret; 458 #else 459 return HKS_ERROR_NOT_SUPPORTED; 460 #endif 461 #else 462 (void)key; 463 (void)paramSet; 464 (void)srcData; 465 (void)mac; 466 return HKS_ERROR_API_NOT_SUPPORTED; 467 #endif 468 } 469 HksHash(const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * hash)470 HKS_API_EXPORT int32_t HksHash(const struct HksParamSet *paramSet, 471 const struct HksBlob *srcData, struct HksBlob *hash) 472 { 473 #ifdef HKS_SUPPORT_API_HASH 474 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 475 if ((paramSet == NULL) || (srcData == NULL) || (hash == NULL)) { 476 return HKS_ERROR_NULL_POINTER; 477 } 478 int32_t ret = HksLocalHash(paramSet, srcData, hash); 479 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 480 return ret; 481 #else 482 (void)paramSet; 483 (void)srcData; 484 (void)hash; 485 return HKS_ERROR_API_NOT_SUPPORTED; 486 #endif 487 } 488 HksGetKeyInfoList(const struct HksParamSet * paramSet,struct HksKeyInfo * keyInfoList,uint32_t * listCount)489 HKS_API_EXPORT int32_t HksGetKeyInfoList(const struct HksParamSet *paramSet, 490 struct HksKeyInfo *keyInfoList, uint32_t *listCount) 491 { 492 #ifdef HKS_SUPPORT_API_GET_KEY_INFO_LIST 493 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 494 if ((keyInfoList == NULL) || (listCount == NULL)) { 495 return HKS_ERROR_NULL_POINTER; 496 } 497 int32_t ret = HksClientGetKeyInfoList(paramSet, keyInfoList, listCount); 498 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 499 return ret; 500 #else 501 (void)paramSet; 502 (void)keyInfoList; 503 (void)listCount; 504 return HKS_ERROR_API_NOT_SUPPORTED; 505 #endif 506 } 507 508 #ifdef HKS_SUPPORT_API_ATTEST_KEY ConstructNewAttestParamSet(const struct HksParamSet * paramSet,enum HksAttestationMode mode,struct HksParamSet ** newParamSet)509 static int32_t ConstructNewAttestParamSet(const struct HksParamSet *paramSet, enum HksAttestationMode mode, 510 struct HksParamSet **newParamSet) 511 { 512 int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize); 513 if (ret != HKS_SUCCESS) { 514 HKS_LOG_E("check paramSet fail"); 515 return ret; 516 } 517 ret = HksInitParamSet(newParamSet); 518 if (ret != HKS_SUCCESS) { 519 HKS_LOG_E("init paramSet fail"); 520 return ret; 521 } 522 do { 523 ret = HksAddParams(*newParamSet, paramSet->params, paramSet->paramsCnt); 524 if (ret != HKS_SUCCESS) { 525 HKS_LOG_E("copy params fail"); 526 break; 527 } 528 struct HksParam attestMode = { 529 .tag = HKS_TAG_ATTESTATION_MODE, 530 .uint32Param = mode, 531 }; 532 ret = HksAddParams(*newParamSet, &attestMode, 1); 533 if (ret != HKS_SUCCESS) { 534 HKS_LOG_E("add param attestMode fail"); 535 break; 536 } 537 ret = HksBuildParamSet(newParamSet); 538 if (ret != HKS_SUCCESS) { 539 HKS_LOG_E("build paramSet fail"); 540 break; 541 } 542 return HKS_SUCCESS; 543 } while (false); 544 HksFreeParamSet(newParamSet); 545 return ret; 546 } 547 #endif 548 HksAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)549 HKS_API_EXPORT int32_t HksAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, 550 struct HksCertChain *certChain) 551 { 552 #ifdef HKS_SUPPORT_API_ATTEST_KEY 553 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 554 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) { 555 return HKS_ERROR_NULL_POINTER; 556 } 557 struct HksParamSet *newParamSet = NULL; 558 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_DEFAULT, &newParamSet); 559 if (ret != HKS_SUCCESS) { 560 HKS_LOG_E("construct new paramSet for attest key fail"); 561 return ret; 562 } 563 564 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, false); 565 HksFreeParamSet(&newParamSet); 566 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 567 return ret; 568 #else 569 (void)keyAlias; 570 (void)paramSet; 571 (void)certChain; 572 return HKS_ERROR_API_NOT_SUPPORTED; 573 #endif 574 } 575 HksAnonAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)576 HKS_API_EXPORT int32_t HksAnonAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, 577 struct HksCertChain *certChain) 578 { 579 #ifdef HKS_SUPPORT_API_ATTEST_KEY 580 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 581 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) { 582 return HKS_ERROR_NULL_POINTER; 583 } 584 struct HksParamSet *newParamSet = NULL; 585 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_ANONYMOUS, &newParamSet); 586 if (ret != HKS_SUCCESS) { 587 HKS_LOG_E("construct new paramSet for anonn attest key fail"); 588 return ret; 589 } 590 591 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, true); 592 HksFreeParamSet(&newParamSet); 593 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 594 return ret; 595 #else 596 (void)keyAlias; 597 (void)paramSet; 598 (void)certChain; 599 return HKS_ERROR_API_NOT_SUPPORTED; 600 #endif 601 } 602 HksGetCertificateChain(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)603 HKS_API_EXPORT int32_t HksGetCertificateChain(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, 604 struct HksCertChain *certChain) 605 { 606 (void)keyAlias; 607 (void)paramSet; 608 (void)certChain; 609 return HKS_ERROR_API_NOT_SUPPORTED; 610 } 611 HksWrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksParamSet * paramSet,struct HksBlob * wrappedData)612 HKS_API_EXPORT int32_t HksWrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias, 613 const struct HksParamSet *paramSet, struct HksBlob *wrappedData) 614 { 615 (void)keyAlias; 616 (void)targetKeyAlias; 617 (void)paramSet; 618 (void)wrappedData; 619 return HKS_ERROR_API_NOT_SUPPORTED; 620 } 621 HksUnwrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksBlob * wrappedData,const struct HksParamSet * paramSet)622 HKS_API_EXPORT int32_t HksUnwrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias, 623 const struct HksBlob *wrappedData, const struct HksParamSet *paramSet) 624 { 625 (void)keyAlias; 626 (void)targetKeyAlias; 627 (void)paramSet; 628 (void)wrappedData; 629 return HKS_ERROR_API_NOT_SUPPORTED; 630 } 631 HksBnExpMod(struct HksBlob * x,const struct HksBlob * a,const struct HksBlob * e,const struct HksBlob * n)632 HKS_API_EXPORT int32_t HksBnExpMod(struct HksBlob *x, const struct HksBlob *a, 633 const struct HksBlob *e, const struct HksBlob *n) 634 { 635 #ifdef HKS_SUPPORT_API_BN_EXP_MOD 636 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 637 if ((x == NULL) || (a == NULL) || (e == NULL) || (n == NULL)) { 638 return HKS_ERROR_NULL_POINTER; 639 } 640 641 int32_t ret = HksLocalBnExpMod(x, a, e, n); 642 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 643 return ret; 644 #else 645 (void)x; 646 (void)a; 647 (void)e; 648 (void)n; 649 return HKS_ERROR_API_NOT_SUPPORTED; 650 #endif 651 } 652 653 /* 654 * Currently, the device certificate and device key are implemented using stubs. 655 * By default, the device key exists. 656 */ HcmIsDeviceKeyExist(const struct HksParamSet * paramSet)657 HKS_API_EXPORT int32_t HcmIsDeviceKeyExist(const struct HksParamSet *paramSet) 658 { 659 (void)paramSet; 660 return HKS_SUCCESS; 661 } 662 HksValidateCertChain(const struct HksCertChain * certChain,struct HksParamSet * paramSetOut)663 HKS_API_EXPORT int32_t HksValidateCertChain(const struct HksCertChain *certChain, struct HksParamSet *paramSetOut) 664 { 665 #ifdef HKS_SUPPORT_API_ATTEST_KEY 666 HKS_LOG_D("enter validate cert chain"); 667 if ((paramSetOut == NULL) || (certChain == NULL)) { 668 return HKS_ERROR_NULL_POINTER; 669 } 670 int32_t ret = HksClientValidateCertChain(certChain, paramSetOut); 671 HKS_LOG_D("leave validate cert chain, result = %" LOG_PUBLIC "d", ret); 672 return ret; 673 #else 674 (void)certChain; 675 (void)paramSetOut; 676 return HKS_ERROR_API_NOT_SUPPORTED; 677 #endif 678 } 679 HksInit(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * handle,struct HksBlob * token)680 HKS_API_EXPORT int32_t HksInit(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, 681 struct HksBlob *handle, struct HksBlob *token) 682 { 683 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 684 if ((keyAlias == NULL) || (paramSet == NULL) || (handle == NULL)) { /* token can be null */ 685 HKS_LOG_E("the pointer param entered is invalid"); 686 return HKS_ERROR_NULL_POINTER; 687 } 688 689 int32_t ret = HksClientInit(keyAlias, paramSet, handle, token); 690 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 691 return ret; 692 } 693 HksUpdate(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)694 HKS_API_EXPORT int32_t HksUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet, 695 const struct HksBlob *inData, struct HksBlob *outData) 696 { 697 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 698 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) { 699 HKS_LOG_E("the pointer param entered is invalid"); 700 return HKS_ERROR_NULL_POINTER; 701 } 702 703 int32_t ret = HksClientUpdate(handle, paramSet, inData, outData); 704 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 705 return ret; 706 } 707 HksFinish(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)708 HKS_API_EXPORT int32_t HksFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet, 709 const struct HksBlob *inData, struct HksBlob *outData) 710 { 711 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 712 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) { 713 HKS_LOG_E("the pointer param entered is invalid"); 714 return HKS_ERROR_NULL_POINTER; 715 } 716 717 int32_t ret = HksClientFinish(handle, paramSet, inData, outData); 718 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 719 return ret; 720 } 721 HksAbort(const struct HksBlob * handle,const struct HksParamSet * paramSet)722 HKS_API_EXPORT int32_t HksAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet) 723 { 724 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 725 if ((handle == NULL) || (paramSet == NULL)) { 726 HKS_LOG_E("the pointer param entered is invalid"); 727 return HKS_ERROR_NULL_POINTER; 728 } 729 730 int32_t ret = HksClientAbort(handle, paramSet); 731 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 732 return ret; 733 } 734 HksExportChipsetPlatformPublicKey(const struct HksBlob * salt,enum HksChipsetPlatformDecryptScene scene,struct HksBlob * publicKey)735 HKS_API_EXPORT int32_t HksExportChipsetPlatformPublicKey(const struct HksBlob *salt, 736 enum HksChipsetPlatformDecryptScene scene, struct HksBlob *publicKey) 737 { 738 #ifdef HKS_SUPPORT_CHIPSET_PLATFORM_DECRYPT 739 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 740 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(salt), HKS_ERROR_INVALID_ARGUMENT, "invalid salt") 741 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(publicKey), HKS_ERROR_INVALID_ARGUMENT, "invalid publicKey") 742 int32_t ret = HksClientExportChipsetPlatformPublicKey(salt, scene, publicKey); 743 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 744 return ret; 745 #else 746 (void)(salt); 747 (void)(scene); 748 (void)(publicKey); 749 return HKS_ERROR_API_NOT_SUPPORTED; 750 #endif 751 } 752 HksListAliases(const struct HksParamSet * paramSet,struct HksKeyAliasSet ** outData)753 HKS_API_EXPORT int32_t HksListAliases(const struct HksParamSet *paramSet, struct HksKeyAliasSet **outData) 754 { 755 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 756 if (paramSet == NULL || outData == NULL) { 757 return HKS_ERROR_NULL_POINTER; 758 } 759 int32_t ret = HksClientListAliases(paramSet, outData); 760 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 761 return ret; 762 } 763 HksRenameKeyAlias(const struct HksBlob * oldKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * newKeyAlias)764 HKS_API_EXPORT int32_t HksRenameKeyAlias(const struct HksBlob *oldKeyAlias, const struct HksParamSet *paramSet, 765 const struct HksBlob *newKeyAlias) 766 { 767 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 768 if (oldKeyAlias == NULL || paramSet == NULL || newKeyAlias == NULL) { 769 return HKS_ERROR_NULL_POINTER; 770 } 771 int32_t ret = HksClientRenameKeyAlias(oldKeyAlias, paramSet, newKeyAlias); 772 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 773 return ret; 774 } 775 HksChangeStorageLevel(const struct HksBlob * keyAlias,const struct HksParamSet * srcParamSet,const struct HksParamSet * destParamSet)776 HKS_API_EXPORT int32_t HksChangeStorageLevel(const struct HksBlob *keyAlias, const struct HksParamSet *srcParamSet, 777 const struct HksParamSet *destParamSet) 778 { 779 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__); 780 if (keyAlias == NULL || srcParamSet == NULL || destParamSet == NULL) { 781 HKS_LOG_E("the pointer param entered is invalid"); 782 return HKS_ERROR_NULL_POINTER; 783 } 784 int32_t ret = HksClientChangeStorageLevel(keyAlias, srcParamSet, destParamSet); 785 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret); 786 return ret; 787 }