1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifndef HKS_TYPE_H
17 #define HKS_TYPE_H
18
19 #include <stdbool.h>
20 #include <stdint.h>
21 #include <stdlib.h>
22
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26
27 #ifndef HKS_API_PUBLIC
28 #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */
29 #define HKS_API_EXPORT
30 #else
31 #define HKS_API_EXPORT __attribute__ ((visibility("default")))
32 #endif
33 #else
34 #define HKS_API_EXPORT __attribute__ ((visibility("default")))
35 #endif
36
37 #define HKS_SDK_VERSION "2.0.0.4"
38
39 /*
40 * Align to 4-tuple
41 * Before calling this function, ensure that the size does not overflow after 3 is added.
42 */
43 #define ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2)
44 #define DEFAULT_ALIGN_MASK_SIZE 3
45
46 #define HKS_AE_TAG_LEN 16
47 #define HKS_BITS_PER_BYTE 8
48 #define MAX_KEY_SIZE 2048
49 #define HKS_AE_TAG_LEN 16
50 #define HKS_AE_NONCE_LEN 12
51 #define HKS_MAX_KEY_ALIAS_LEN 64
52 #define HKS_MAX_PROCESS_NAME_LEN 50
53 #define HKS_MAX_RANDOM_LEN 1024
54 #define HKS_KEY_BYTES(keySize) (((keySize) + HKS_BITS_PER_BYTE - 1) / HKS_BITS_PER_BYTE)
55 #define HKS_SIGNATURE_MIN_SIZE 64
56 #define HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
57 #define MAX_OUT_BLOB_SIZE (5 * 1024 * 1024)
58 #define HKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024)
59 #define HKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10
60
61 #define TOKEN_CHALLENGE_LEN 32
62 #define SHA256_SIGN_LEN 32
63 #define TOKEN_SIZE 32
64 #define MAX_AUTH_TIMEOUT_SECOND 60
65 #define SECURE_SIGN_VERSION 0x01000001
66
67 #define HKS_CERT_COUNT 4
68 #define HKS_CERT_ROOT_SIZE 2048
69 #define HKS_CERT_CA_SIZE 2048
70 #define HKS_CERT_DEVICE_SIZE 2048
71 #define HKS_CERT_APP_SIZE 4096
72
73 enum HksKeyType {
74 HKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000,
75 HKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000,
76
77 HKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000,
78 HKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000,
79 HKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000,
80 HKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000,
81 HKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000,
82 HKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000,
83
84 HKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000,
85 HKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000,
86 HKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000,
87 HKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000,
88
89 HKS_KEY_TYPE_AES = 0x03000000,
90 HKS_KEY_TYPE_CHACHA20 = 0x04010000,
91 HKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000,
92
93 HKS_KEY_TYPE_HMAC = 0x05000000,
94 HKS_KEY_TYPE_HKDF = 0x06000000,
95 HKS_KEY_TYPE_PBKDF2 = 0x07000000,
96 };
97
98 enum HksKeyPurpose {
99 HKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, and SM4 keys. */
100 HKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, and SM4 keys. */
101 HKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */
102 HKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */
103 HKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */
104 HKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */
105 HKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */
106 HKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */
107 HKS_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */
108 };
109
110 enum HksKeyDigest {
111 HKS_DIGEST_NONE = 0,
112 HKS_DIGEST_MD5 = 1,
113 HKS_DIGEST_SM3 = 2,
114 HKS_DIGEST_SHA1 = 10,
115 HKS_DIGEST_SHA224 = 11,
116 HKS_DIGEST_SHA256 = 12,
117 HKS_DIGEST_SHA384 = 13,
118 HKS_DIGEST_SHA512 = 14,
119 };
120
121 enum HksKeyPadding {
122 HKS_PADDING_NONE = 0,
123 HKS_PADDING_OAEP = 1,
124 HKS_PADDING_PSS = 2,
125 HKS_PADDING_PKCS1_V1_5 = 3,
126 HKS_PADDING_PKCS5 = 4,
127 HKS_PADDING_PKCS7 = 5,
128 };
129
130 enum HksCipherMode {
131 HKS_MODE_ECB = 1,
132 HKS_MODE_CBC = 2,
133 HKS_MODE_CTR = 3,
134 HKS_MODE_OFB = 4,
135 HKS_MODE_CCM = 31,
136 HKS_MODE_GCM = 32,
137 };
138
139 enum HksKeySize {
140 HKS_RSA_KEY_SIZE_512 = 512,
141 HKS_RSA_KEY_SIZE_768 = 768,
142 HKS_RSA_KEY_SIZE_1024 = 1024,
143 HKS_RSA_KEY_SIZE_2048 = 2048,
144 HKS_RSA_KEY_SIZE_3072 = 3072,
145 HKS_RSA_KEY_SIZE_4096 = 4096,
146
147 HKS_ECC_KEY_SIZE_224 = 224,
148 HKS_ECC_KEY_SIZE_256 = 256,
149 HKS_ECC_KEY_SIZE_384 = 384,
150 HKS_ECC_KEY_SIZE_521 = 521,
151
152 HKS_AES_KEY_SIZE_128 = 128,
153 HKS_AES_KEY_SIZE_192 = 192,
154 HKS_AES_KEY_SIZE_256 = 256,
155 HKS_AES_KEY_SIZE_512 = 512,
156
157 HKS_CURVE25519_KEY_SIZE_256 = 256,
158
159 HKS_DH_KEY_SIZE_2048 = 2048,
160 HKS_DH_KEY_SIZE_3072 = 3072,
161 HKS_DH_KEY_SIZE_4096 = 4096,
162
163 HKS_SM2_KEY_SIZE_256 = 256,
164 HKS_SM4_KEY_SIZE_128 = 128,
165 };
166
167 enum HksKeyAlg {
168 HKS_ALG_RSA = 1,
169 HKS_ALG_ECC = 2,
170 HKS_ALG_DSA = 3,
171
172 HKS_ALG_AES = 20,
173 HKS_ALG_HMAC = 50,
174 HKS_ALG_HKDF = 51,
175 HKS_ALG_PBKDF2 = 52,
176
177 HKS_ALG_ECDH = 100,
178 HKS_ALG_X25519 = 101,
179 HKS_ALG_ED25519 = 102,
180 HKS_ALG_DH = 103,
181
182 HKS_ALG_SM2 = 150,
183 HKS_ALG_SM3 = 151,
184 HKS_ALG_SM4 = 152,
185 };
186
187 enum HuksAlgSuite {
188 /* Algorithm suites of unwrapping wrapped-key by huks */
189 /* Unwrap suite of key agreement type */
190 /* WrappedData format(Bytes Array):
191 * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad
192 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag
193 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad
194 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag
195 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data
196 */
197 HKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1,
198
199 /* WrappedData format(Bytes Array):
200 * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad
201 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag
202 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad
203 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag
204 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data
205 */
206 HKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2,
207 };
208
209 enum HksKeyGenerateType {
210 HKS_KEY_GENERATE_TYPE_DEFAULT = 0,
211 HKS_KEY_GENERATE_TYPE_DERIVE = 1,
212 HKS_KEY_GENERATE_TYPE_AGREE = 2,
213 };
214
215 enum HksKeyFlag {
216 HKS_KEY_FLAG_IMPORT_KEY = 1,
217 HKS_KEY_FLAG_GENERATE_KEY = 2,
218 HKS_KEY_FLAG_AGREE_KEY = 3,
219 HKS_KEY_FLAG_DERIVE_KEY = 4,
220 };
221
222 enum HksKeyStorageType {
223 HKS_STORAGE_TEMP = 0,
224 HKS_STORAGE_PERSISTENT = 1,
225 };
226
227 enum HksImportKeyType {
228 HKS_KEY_TYPE_PUBLIC_KEY = 0,
229 HKS_KEY_TYPE_PRIVATE_KEY = 1,
230 HKS_KEY_TYPE_KEY_PAIR = 2,
231 };
232
233 enum HksErrorCode {
234 HKS_SUCCESS = 0,
235 HKS_FAILURE = -1,
236 HKS_ERROR_BAD_STATE = -2,
237 HKS_ERROR_INVALID_ARGUMENT = -3,
238 HKS_ERROR_NOT_SUPPORTED = -4,
239 HKS_ERROR_NO_PERMISSION = -5,
240 HKS_ERROR_INSUFFICIENT_DATA = -6,
241 HKS_ERROR_BUFFER_TOO_SMALL = -7,
242 HKS_ERROR_INSUFFICIENT_MEMORY = -8,
243 HKS_ERROR_COMMUNICATION_FAILURE = -9,
244 HKS_ERROR_STORAGE_FAILURE = -10,
245 HKS_ERROR_HARDWARE_FAILURE = -11,
246 HKS_ERROR_ALREADY_EXISTS = -12,
247 HKS_ERROR_NOT_EXIST = -13,
248 HKS_ERROR_NULL_POINTER = -14,
249 HKS_ERROR_FILE_SIZE_FAIL = -15,
250 HKS_ERROR_READ_FILE_FAIL = -16,
251 HKS_ERROR_INVALID_PUBLIC_KEY = -17,
252 HKS_ERROR_INVALID_PRIVATE_KEY = -18,
253 HKS_ERROR_INVALID_KEY_INFO = -19,
254 HKS_ERROR_HASH_NOT_EQUAL = -20,
255 HKS_ERROR_MALLOC_FAIL = -21,
256 HKS_ERROR_WRITE_FILE_FAIL = -22,
257 HKS_ERROR_REMOVE_FILE_FAIL = -23,
258 HKS_ERROR_OPEN_FILE_FAIL = -24,
259 HKS_ERROR_CLOSE_FILE_FAIL = -25,
260 HKS_ERROR_MAKE_DIR_FAIL = -26,
261 HKS_ERROR_INVALID_KEY_FILE = -27,
262 HKS_ERROR_IPC_MSG_FAIL = -28,
263 HKS_ERROR_REQUEST_OVERFLOWS = -29,
264 HKS_ERROR_PARAM_NOT_EXIST = -30,
265 HKS_ERROR_CRYPTO_ENGINE_ERROR = -31,
266 HKS_ERROR_COMMUNICATION_TIMEOUT = -32,
267 HKS_ERROR_IPC_INIT_FAIL = -33,
268 HKS_ERROR_IPC_DLOPEN_FAIL = -34,
269 HKS_ERROR_EFUSE_READ_FAIL = -35,
270 HKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36,
271 HKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37,
272 HKS_ERROR_VERIFICATION_FAILED = -38,
273 HKS_ERROR_SESSION_REACHED_LIMIT = -39,
274
275 HKS_ERROR_GET_USERIAM_SECINFO_FAILED = -40,
276 HKS_ERROR_GET_USERIAM_AUTHINFO_FAILED = -41,
277 HKS_ERROR_USER_AUTH_TYPE_NOT_SUPPORT = -42,
278 HKS_ERROR_KEY_AUTH_FAILED = -43,
279 HKS_ERROR_DEVICE_NO_CREDENTIAL = -44,
280 HKS_ERROR_API_NOT_SUPPORTED = -45,
281 HKS_ERROR_KEY_AUTH_PERMANENTLY_INVALIDATED = -46,
282 HKS_ERROR_KEY_AUTH_VERIFY_FAILED = -47,
283 HKS_ERROR_KEY_AUTH_TIME_OUT = -48,
284
285 HKS_ERROR_CREDENTIAL_NOT_EXIST = -49,
286
287 HKS_ERROR_CHECK_GET_ALG_FAIL = -100,
288 HKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101,
289 HKS_ERROR_CHECK_GET_PADDING_FAIL = -102,
290 HKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103,
291 HKS_ERROR_CHECK_GET_DIGEST_FAIL = -104,
292 HKS_ERROR_CHECK_GET_MODE_FAIL = -105,
293 HKS_ERROR_CHECK_GET_NONCE_FAIL = -106,
294 HKS_ERROR_CHECK_GET_AAD_FAIL = -107,
295 HKS_ERROR_CHECK_GET_IV_FAIL = -108,
296 HKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109,
297 HKS_ERROR_CHECK_GET_SALT_FAIL = -110,
298 HKS_ERROR_CHECK_GET_ITERATION_FAIL = -111,
299 HKS_ERROR_INVALID_ALGORITHM = -112,
300 HKS_ERROR_INVALID_KEY_SIZE = -113,
301 HKS_ERROR_INVALID_PADDING = -114,
302 HKS_ERROR_INVALID_PURPOSE = -115,
303 HKS_ERROR_INVALID_MODE = -116,
304 HKS_ERROR_INVALID_DIGEST = -117,
305 HKS_ERROR_INVALID_SIGNATURE_SIZE = -118,
306 HKS_ERROR_INVALID_IV = -119,
307 HKS_ERROR_INVALID_AAD = -120,
308 HKS_ERROR_INVALID_NONCE = -121,
309 HKS_ERROR_INVALID_AE_TAG = -122,
310 HKS_ERROR_INVALID_SALT = -123,
311 HKS_ERROR_INVALID_ITERATION = -124,
312 HKS_ERROR_INVALID_OPERATION = -125,
313 HKS_ERROR_INVALID_WRAPPED_FORMAT = -126,
314 HKS_ERROR_INVALID_USAGE_OF_KEY = -127,
315 HKS_ERROR_CHECK_GET_AUTH_TYP_FAILED = -128,
316 HKS_ERROR_CHECK_GET_CHALLENGE_TYPE_FAILED = -129,
317 HKS_ERROR_CHECK_GET_ACCESS_TYPE_FAILED = -130,
318 HKS_ERROR_CHECK_GET_AUTH_TOKEN_FAILED = -131,
319 HKS_ERROR_INVALID_TIME_OUT = -132,
320 HKS_ERROR_INVALID_AUTH_TYPE = -133,
321 HKS_ERROR_INVALID_CHALLENGE_TYPE = -134,
322 HKS_ERROR_INVALID_ACCESS_TYPE = -135,
323 HKS_ERROR_INVALID_AUTH_TOKEN = -136,
324 HKS_ERROR_INVALID_SECURE_SIGN_TYPE = -137,
325
326 HKS_ERROR_INTERNAL_ERROR = -999,
327 HKS_ERROR_UNKNOWN_ERROR = -1000,
328 };
329
330 enum HksErrCode {
331 HUKS_ERR_CODE_PERMISSION_FAIL = 201,
332 HUKS_ERR_CODE_ILLEGAL_ARGUMENT = 401,
333 HUKS_ERR_CODE_NOT_SUPPORTED_API = 801,
334
335 HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED = 12000001,
336 HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT = 12000002,
337 HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT = 12000003,
338 HUKS_ERR_CODE_FILE_OPERATION_FAIL = 12000004,
339 HUKS_ERR_CODE_COMMUNICATION_FAIL = 12000005,
340 HUKS_ERR_CODE_CRYPTO_FAIL = 12000006,
341 HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED = 12000007,
342 HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED = 12000008,
343 HUKS_ERR_CODE_KEY_AUTH_TIME_OUT = 12000009,
344 HUKS_ERR_CODE_SESSION_LIMIT = 12000010,
345 HUKS_ERR_CODE_ITEM_NOT_EXIST = 12000011,
346 HUKS_ERR_CODE_EXTERNAL_ERROR = 12000012,
347 HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST = 12000013,
348 HUKS_ERR_CODE_INSUFFICIENT_MEMORY = 12000014,
349 HUKS_ERR_CODE_CALL_SERVICE_FAILED = 12000015,
350 };
351
352 enum HksTagType {
353 HKS_TAG_TYPE_INVALID = 0 << 28,
354 HKS_TAG_TYPE_INT = 1 << 28,
355 HKS_TAG_TYPE_UINT = 2 << 28,
356 HKS_TAG_TYPE_ULONG = 3 << 28,
357 HKS_TAG_TYPE_BOOL = 4 << 28,
358 HKS_TAG_TYPE_BYTES = 5 << 28,
359 };
360
361 enum HksSendType {
362 HKS_SEND_TYPE_ASYNC = 0,
363 HKS_SEND_TYPE_SYNC,
364 };
365
366 enum HksUserAuthType {
367 HKS_USER_AUTH_TYPE_FINGERPRINT = 1 << 0,
368 HKS_USER_AUTH_TYPE_FACE = 1 << 1,
369 HKS_USER_AUTH_TYPE_PIN = 1 << 2,
370 };
371
372 enum HksAuthAccessType {
373 HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD = 1 << 0,
374 HKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL = 1 << 1,
375 };
376
377 enum HksChallengeType {
378 HKS_CHALLENGE_TYPE_NORMAL = 0,
379 HKS_CHALLENGE_TYPE_CUSTOM = 1,
380 HKS_CHALLENGE_TYPE_NONE = 2,
381 };
382
383 enum HksChallengePosition {
384 HKS_CHALLENGE_POS_0 = 0,
385 HKS_CHALLENGE_POS_1,
386 HKS_CHALLENGE_POS_2,
387 HKS_CHALLENGE_POS_3,
388 };
389
390 enum HksSecureSignType {
391 HKS_SECURE_SIGN_WITH_AUTHINFO = 1,
392 };
393
394 enum HksTag {
395 /* Invalid TAG */
396 HKS_TAG_INVALID = HKS_TAG_TYPE_INVALID | 0,
397
398 /* Base algrithom TAG: 1 - 200 */
399 HKS_TAG_ALGORITHM = HKS_TAG_TYPE_UINT | 1,
400 HKS_TAG_PURPOSE = HKS_TAG_TYPE_UINT | 2,
401 HKS_TAG_KEY_SIZE = HKS_TAG_TYPE_UINT | 3,
402 HKS_TAG_DIGEST = HKS_TAG_TYPE_UINT | 4,
403 HKS_TAG_PADDING = HKS_TAG_TYPE_UINT | 5,
404 HKS_TAG_BLOCK_MODE = HKS_TAG_TYPE_UINT | 6,
405 HKS_TAG_KEY_TYPE = HKS_TAG_TYPE_UINT | 7,
406 HKS_TAG_ASSOCIATED_DATA = HKS_TAG_TYPE_BYTES | 8,
407 HKS_TAG_NONCE = HKS_TAG_TYPE_BYTES | 9,
408 HKS_TAG_IV = HKS_TAG_TYPE_BYTES | 10,
409
410 /* Key derivation TAG */
411 HKS_TAG_INFO = HKS_TAG_TYPE_BYTES | 11,
412 HKS_TAG_SALT = HKS_TAG_TYPE_BYTES | 12,
413 HKS_TAG_PWD = HKS_TAG_TYPE_BYTES | 13,
414 HKS_TAG_ITERATION = HKS_TAG_TYPE_UINT | 14,
415
416 HKS_TAG_KEY_GENERATE_TYPE = HKS_TAG_TYPE_UINT | 15, /* choose from enum HksKeyGenerateType */
417 HKS_TAG_DERIVE_MAIN_KEY = HKS_TAG_TYPE_BYTES | 16,
418 HKS_TAG_DERIVE_FACTOR = HKS_TAG_TYPE_BYTES | 17,
419 HKS_TAG_DERIVE_ALG = HKS_TAG_TYPE_UINT | 18,
420 HKS_TAG_AGREE_ALG = HKS_TAG_TYPE_UINT | 19,
421 HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = HKS_TAG_TYPE_BOOL | 20,
422 HKS_TAG_AGREE_PRIVATE_KEY_ALIAS = HKS_TAG_TYPE_BYTES | 21,
423 HKS_TAG_AGREE_PUBLIC_KEY = HKS_TAG_TYPE_BYTES | 22,
424 HKS_TAG_KEY_ALIAS = HKS_TAG_TYPE_BYTES | 23,
425 HKS_TAG_DERIVE_KEY_SIZE = HKS_TAG_TYPE_UINT | 24,
426 HKS_TAG_IMPORT_KEY_TYPE = HKS_TAG_TYPE_UINT | 25, /* choose from enum HksImportKeyType */
427 HKS_TAG_UNWRAP_ALGORITHM_SUITE = HKS_TAG_TYPE_UINT | 26,
428
429 /*
430 * Key authentication related TAG: 201 - 300
431 *
432 * Start of validity
433 */
434 HKS_TAG_ACTIVE_DATETIME = HKS_TAG_TYPE_ULONG | 201,
435
436 /* Date when new "messages" should not be created. */
437 HKS_TAG_ORIGINATION_EXPIRE_DATETIME = HKS_TAG_TYPE_ULONG | 202,
438
439 /* Date when existing "messages" should not be used. */
440 HKS_TAG_USAGE_EXPIRE_DATETIME = HKS_TAG_TYPE_ULONG | 203,
441
442 /* Key creation time */
443 HKS_TAG_CREATION_DATETIME = HKS_TAG_TYPE_ULONG | 204,
444
445 /* Other authentication related TAG: 301 - 500 */
446 HKS_TAG_ALL_USERS = HKS_TAG_TYPE_BOOL | 301,
447 HKS_TAG_USER_ID = HKS_TAG_TYPE_UINT | 302,
448 HKS_TAG_NO_AUTH_REQUIRED = HKS_TAG_TYPE_BOOL | 303,
449 HKS_TAG_USER_AUTH_TYPE = HKS_TAG_TYPE_UINT | 304,
450 HKS_TAG_AUTH_TIMEOUT = HKS_TAG_TYPE_UINT | 305,
451 HKS_TAG_AUTH_TOKEN = HKS_TAG_TYPE_BYTES | 306,
452
453 /*
454 * Key secure access control and user auth TAG
455 */
456 HKS_TAG_KEY_AUTH_ACCESS_TYPE = HKS_TAG_TYPE_UINT | 307,
457 HKS_TAG_KEY_SECURE_SIGN_TYPE = HKS_TAG_TYPE_UINT | 308,
458 HKS_TAG_CHALLENGE_TYPE = HKS_TAG_TYPE_UINT | 309,
459 HKS_TAG_CHALLENGE_POS = HKS_TAG_TYPE_UINT | 310,
460
461 /* Attestation related TAG: 501 - 600 */
462 HKS_TAG_ATTESTATION_CHALLENGE = HKS_TAG_TYPE_BYTES | 501,
463 HKS_TAG_ATTESTATION_APPLICATION_ID = HKS_TAG_TYPE_BYTES | 502,
464 HKS_TAG_ATTESTATION_ID_BRAND = HKS_TAG_TYPE_BYTES | 503,
465 HKS_TAG_ATTESTATION_ID_DEVICE = HKS_TAG_TYPE_BYTES | 504,
466 HKS_TAG_ATTESTATION_ID_PRODUCT = HKS_TAG_TYPE_BYTES | 505,
467 HKS_TAG_ATTESTATION_ID_SERIAL = HKS_TAG_TYPE_BYTES | 506,
468 HKS_TAG_ATTESTATION_ID_IMEI = HKS_TAG_TYPE_BYTES | 507,
469 HKS_TAG_ATTESTATION_ID_MEID = HKS_TAG_TYPE_BYTES | 508,
470 HKS_TAG_ATTESTATION_ID_MANUFACTURER = HKS_TAG_TYPE_BYTES | 509,
471 HKS_TAG_ATTESTATION_ID_MODEL = HKS_TAG_TYPE_BYTES | 510,
472 HKS_TAG_ATTESTATION_ID_ALIAS = HKS_TAG_TYPE_BYTES | 511,
473 HKS_TAG_ATTESTATION_ID_SOCID = HKS_TAG_TYPE_BYTES | 512,
474 HKS_TAG_ATTESTATION_ID_UDID = HKS_TAG_TYPE_BYTES | 513,
475 HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO = HKS_TAG_TYPE_BYTES | 514,
476 HKS_TAG_ATTESTATION_ID_VERSION_INFO = HKS_TAG_TYPE_BYTES | 515,
477 HKS_TAG_ATTESTATION_BASE64 = HKS_TAG_TYPE_BOOL | 516,
478
479 /*
480 * Other reserved TAG: 601 - 1000
481 *
482 * Extention TAG: 1001 - 9999
483 */
484 HKS_TAG_IS_KEY_ALIAS = HKS_TAG_TYPE_BOOL | 1001,
485 HKS_TAG_KEY_STORAGE_FLAG = HKS_TAG_TYPE_UINT | 1002, /* choose from enum HksKeyStorageType */
486 HKS_TAG_IS_ALLOWED_WRAP = HKS_TAG_TYPE_BOOL | 1003,
487 HKS_TAG_KEY_WRAP_TYPE = HKS_TAG_TYPE_UINT | 1004,
488 HKS_TAG_KEY_AUTH_ID = HKS_TAG_TYPE_BYTES | 1005,
489 HKS_TAG_KEY_ROLE = HKS_TAG_TYPE_UINT | 1006,
490 HKS_TAG_KEY_FLAG = HKS_TAG_TYPE_UINT | 1007, /* choose from enum HksKeyFlag */
491 HKS_TAG_IS_ASYNCHRONIZED = HKS_TAG_TYPE_UINT | 1008,
492 HKS_TAG_SECURE_KEY_ALIAS = HKS_TAG_TYPE_BOOL | 1009,
493 HKS_TAG_SECURE_KEY_UUID = HKS_TAG_TYPE_BYTES | 1010,
494 HKS_TAG_KEY_DOMAIN = HKS_TAG_TYPE_UINT | 1011,
495
496 /* Inner-use TAG: 10001 - 10999 */
497 HKS_TAG_PROCESS_NAME = HKS_TAG_TYPE_BYTES | 10001,
498 HKS_TAG_PACKAGE_NAME = HKS_TAG_TYPE_BYTES | 10002,
499 HKS_TAG_ACCESS_TIME = HKS_TAG_TYPE_UINT | 10003,
500 HKS_TAG_USES_TIME = HKS_TAG_TYPE_UINT | 10004,
501 HKS_TAG_CRYPTO_CTX = HKS_TAG_TYPE_ULONG | 10005,
502 HKS_TAG_KEY = HKS_TAG_TYPE_BYTES | 10006,
503 HKS_TAG_KEY_VERSION = HKS_TAG_TYPE_UINT | 10007,
504 HKS_TAG_PAYLOAD_LEN = HKS_TAG_TYPE_UINT | 10008,
505 HKS_TAG_AE_TAG = HKS_TAG_TYPE_BYTES | 10009,
506 HKS_TAG_IS_KEY_HANDLE = HKS_TAG_TYPE_ULONG | 10010,
507 HKS_TAG_KEY_INIT_CHALLENGE = HKS_TAG_TYPE_BYTES | 10011,
508 HKS_TAG_IS_USER_AUTH_ACCESS = HKS_TAG_TYPE_BOOL | 10012,
509 HKS_TAG_USER_AUTH_CHALLENGE = HKS_TAG_TYPE_BYTES | 10013,
510 HKS_TAG_USER_AUTH_ENROLL_ID_INFO = HKS_TAG_TYPE_BYTES | 10014,
511 HKS_TAG_USER_AUTH_SECURE_UID = HKS_TAG_TYPE_BYTES | 10015,
512 HKS_TAG_KEY_AUTH_RESULT = HKS_TAG_TYPE_INT | 10016,
513 HKS_TAG_IF_NEED_APPEND_AUTH_INFO = HKS_TAG_TYPE_BOOL | 10017,
514 HKS_TAG_VERIFIED_AUTH_TOKEN = HKS_TAG_TYPE_BYTES | 10018,
515 HKS_TAG_IS_APPEND_UPDATE_DATA = HKS_TAG_TYPE_BOOL | 10019,
516 HKS_TAG_KEY_ACCESS_TIME = HKS_TAG_TYPE_ULONG | 10020,
517
518 /* Os version related TAG */
519 HKS_TAG_OS_VERSION = HKS_TAG_TYPE_UINT | 10101,
520 HKS_TAG_OS_PATCHLEVEL = HKS_TAG_TYPE_UINT | 10102,
521
522 /*
523 * Reversed TAGs for SOTER: 11000 - 12000
524 *
525 * Other TAGs: 20001 - N
526 * TAGs used for paramSetOut
527 */
528 HKS_TAG_SYMMETRIC_KEY_DATA = HKS_TAG_TYPE_BYTES | 20001,
529 HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = HKS_TAG_TYPE_BYTES | 20002,
530 HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = HKS_TAG_TYPE_BYTES | 20003,
531 };
532
533 struct HksBlob {
534 uint32_t size;
535 uint8_t *data;
536 };
537
538 struct HksParam {
539 uint32_t tag;
540 union {
541 bool boolParam;
542 int32_t int32Param;
543 uint32_t uint32Param;
544 uint64_t uint64Param;
545 struct HksBlob blob;
546 };
547 };
548
549 struct HksParamSet {
550 uint32_t paramSetSize;
551 uint32_t paramsCnt;
552 struct HksParam params[];
553 };
554
555 struct HksCertChain {
556 struct HksBlob *certs;
557 uint32_t certsCount;
558 };
559
560 struct HksKeyInfo {
561 struct HksBlob alias;
562 struct HksParamSet *paramSet;
563 };
564
565 struct HksPubKeyInfo {
566 enum HksKeyAlg keyAlg;
567 uint32_t keySize;
568 uint32_t nOrXSize;
569 uint32_t eOrYSize;
570 uint32_t placeHolder;
571 };
572
573 struct HksKeyMaterialRsa {
574 enum HksKeyAlg keyAlg;
575 uint32_t keySize;
576 uint32_t nSize;
577 uint32_t eSize;
578 uint32_t dSize;
579 };
580
581 struct HksKeyMaterialEcc {
582 enum HksKeyAlg keyAlg;
583 uint32_t keySize;
584 uint32_t xSize;
585 uint32_t ySize;
586 uint32_t zSize;
587 };
588
589 struct HksKeyMaterialDsa {
590 enum HksKeyAlg keyAlg;
591 uint32_t keySize;
592 uint32_t xSize;
593 uint32_t ySize;
594 uint32_t pSize;
595 uint32_t qSize;
596 uint32_t gSize;
597 };
598
599 struct HksKeyMaterialDh {
600 enum HksKeyAlg keyAlg;
601 uint32_t keySize;
602 uint32_t pubKeySize;
603 uint32_t priKeySize;
604 uint32_t reserved;
605 };
606
607 struct HksKeyMaterial25519 {
608 enum HksKeyAlg keyAlg;
609 uint32_t keySize;
610 uint32_t pubKeySize;
611 uint32_t priKeySize;
612 uint32_t reserved;
613 };
614
615 typedef struct __attribute__((__packed__)) HksUserAuthToken {
616 uint32_t version;
617 uint8_t challenge[TOKEN_SIZE];
618 uint64_t secureUid;
619 uint64_t enrolledId;
620 uint64_t credentialId;
621 uint64_t time;
622 uint32_t authTrustLevel;
623 uint32_t authType;
624 uint32_t authMode;
625 uint32_t securityLevel;
626 uint8_t sign[SHA256_SIGN_LEN];
627 } __attribute__((__packed__)) HksUserAuthToken;
628
629 typedef struct __attribute__((__packed__)) HksSecureSignAuthInfo {
630 uint32_t userAuthType;
631 uint64_t authenticatorId;
632 uint64_t credentialId;
633 } __attribute__((__packed__)) HksSecureSignAuthInfo;
634
635 #define HKS_DERIVE_DEFAULT_SALT_LEN 16
636 #define HKS_HMAC_DIGEST_SHA512_LEN 64
637 #define HKS_DEFAULT_RANDOM_LEN 16
638 #define HKS_MAX_KEY_AUTH_ID_LEN 64
639 #define HKS_KEY_MATERIAL_NUM 3
640 #define HKS_MAX_KEY_LEN (HKS_KEY_BYTES(HKS_RSA_KEY_SIZE_4096) * HKS_KEY_MATERIAL_NUM)
641 #define HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct HksPubKeyInfo) + HKS_MAX_KEY_LEN + HKS_AE_TAG_LEN)
642
643 struct HksStoreHeaderInfo {
644 uint16_t version;
645 uint16_t keyCount;
646 uint32_t totalLen; /* key buffer total len */
647 uint32_t sealingAlg;
648 uint8_t salt[HKS_DERIVE_DEFAULT_SALT_LEN];
649 uint8_t hmac[HKS_HMAC_DIGEST_SHA512_LEN];
650 };
651
652 struct HksStoreKeyInfo {
653 uint16_t keyInfoLen; /* current keyinfo len */
654 uint16_t keySize; /* keySize of key from crypto hal after encrypted */
655 uint8_t random[HKS_DEFAULT_RANDOM_LEN];
656 uint8_t flag; /* import or generate key */
657 uint8_t keyAlg;
658 uint8_t keyMode;
659 uint8_t digest;
660 uint8_t padding;
661 uint8_t rsv;
662 uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */
663 uint32_t purpose;
664 uint32_t role;
665 uint16_t domain;
666 uint8_t aliasSize;
667 uint8_t authIdSize;
668 };
669
670 struct Hks25519KeyPair {
671 uint32_t publicBufferSize;
672 uint32_t privateBufferSize;
673 };
674
IsAdditionOverflow(uint32_t a,uint32_t b)675 static inline bool IsAdditionOverflow(uint32_t a, uint32_t b)
676 {
677 return (UINT32_MAX - a) < b;
678 }
679
IsInvalidLength(uint32_t length)680 static inline bool IsInvalidLength(uint32_t length)
681 {
682 return (length == 0) || (length > MAX_OUT_BLOB_SIZE);
683 }
684
CheckBlob(const struct HksBlob * blob)685 static inline int32_t CheckBlob(const struct HksBlob *blob)
686 {
687 if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) {
688 return HKS_ERROR_INVALID_ARGUMENT;
689 }
690 return HKS_SUCCESS;
691 }
692
693 #ifdef __cplusplus
694 }
695 #endif
696
697 #endif /* HKS_TYPE_H */
698