1 /*
2 * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_param.h"
17
18 #include <stddef.h>
19
20 #include "hks_log.h"
21 #include "hks_mem.h"
22 #include "hks_template.h"
23 #include "hks_type_inner.h"
24
25 #include "securec.h"
26
27 static uint32_t g_validTags[] = {
28 HKS_TAG_ALGORITHM,
29 HKS_TAG_PURPOSE,
30 HKS_TAG_KEY_SIZE,
31 HKS_TAG_DIGEST,
32 HKS_TAG_PADDING,
33 HKS_TAG_BLOCK_MODE,
34 HKS_TAG_KEY_TYPE,
35 HKS_TAG_ASSOCIATED_DATA,
36 HKS_TAG_NONCE,
37 HKS_TAG_IV,
38
39 HKS_TAG_SALT,
40 HKS_TAG_PWD,
41 HKS_TAG_INFO,
42 HKS_TAG_ITERATION,
43
44 HKS_TAG_KEY_GENERATE_TYPE,
45 HKS_TAG_DERIVE_MAIN_KEY,
46 HKS_TAG_DERIVE_FACTOR,
47 HKS_TAG_DERIVE_ALG,
48 HKS_TAG_AGREE_ALG,
49 HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS,
50 HKS_TAG_AGREE_PRIVATE_KEY_ALIAS,
51 HKS_TAG_AGREE_PUBLIC_KEY,
52 HKS_TAG_KEY_ALIAS,
53 HKS_TAG_DERIVE_KEY_SIZE,
54 HKS_TAG_IMPORT_KEY_TYPE,
55 HKS_TAG_UNWRAP_ALGORITHM_SUITE,
56
57 HKS_TAG_ACTIVE_DATETIME,
58 HKS_TAG_ORIGINATION_EXPIRE_DATETIME,
59 HKS_TAG_USAGE_EXPIRE_DATETIME,
60 HKS_TAG_CREATION_DATETIME,
61
62 HKS_TAG_ALL_USERS,
63 HKS_TAG_USER_ID,
64 HKS_TAG_NO_AUTH_REQUIRED,
65 HKS_TAG_USER_AUTH_TYPE,
66 HKS_TAG_AUTH_TIMEOUT,
67 HKS_TAG_AUTH_TOKEN,
68
69 HKS_TAG_OS_VERSION,
70 HKS_TAG_OS_PATCHLEVEL,
71
72 HKS_TAG_ATTESTATION_CHALLENGE,
73 HKS_TAG_ATTESTATION_APPLICATION_ID,
74 HKS_TAG_ATTESTATION_ID_BRAND,
75 HKS_TAG_ATTESTATION_ID_DEVICE,
76 HKS_TAG_ATTESTATION_ID_PRODUCT,
77 HKS_TAG_ATTESTATION_ID_SERIAL,
78 HKS_TAG_ATTESTATION_ID_IMEI,
79 HKS_TAG_ATTESTATION_ID_MEID,
80 HKS_TAG_ATTESTATION_ID_MANUFACTURER,
81 HKS_TAG_ATTESTATION_ID_MODEL,
82 HKS_TAG_ATTESTATION_ID_ALIAS,
83 HKS_TAG_ATTESTATION_ID_SOCID,
84 HKS_TAG_ATTESTATION_ID_UDID,
85 HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
86 HKS_TAG_ATTESTATION_ID_VERSION_INFO,
87 HKS_TAG_ATTESTATION_BASE64,
88
89 HKS_TAG_IS_KEY_ALIAS,
90 HKS_TAG_KEY_STORAGE_FLAG,
91 HKS_TAG_IS_ALLOWED_WRAP,
92 HKS_TAG_KEY_WRAP_TYPE,
93 HKS_TAG_KEY_AUTH_ID,
94 HKS_TAG_KEY_ROLE,
95 HKS_TAG_KEY_FLAG,
96 HKS_TAG_KEY_DOMAIN,
97
98 HKS_TAG_KEY_AUTH_ACCESS_TYPE,
99 HKS_TAG_KEY_SECURE_SIGN_TYPE,
100 HKS_TAG_CHALLENGE_TYPE,
101 HKS_TAG_CHALLENGE_POS,
102
103 HKS_TAG_KEY_INIT_CHALLENGE,
104 HKS_TAG_IS_USER_AUTH_ACCESS,
105 HKS_TAG_USER_AUTH_CHALLENGE,
106 HKS_TAG_USER_AUTH_ENROLL_ID_INFO,
107 HKS_TAG_USER_AUTH_SECURE_UID,
108 HKS_TAG_KEY_AUTH_RESULT,
109 HKS_TAG_IF_NEED_APPEND_AUTH_INFO,
110 HKS_TAG_VERIFIED_AUTH_TOKEN,
111 HKS_TAG_IS_APPEND_UPDATE_DATA,
112
113 HKS_TAG_PROCESS_NAME,
114 HKS_TAG_PACKAGE_NAME,
115 HKS_TAG_PAYLOAD_LEN,
116 HKS_TAG_AE_TAG,
117 HKS_TAG_CRYPTO_CTX,
118 HKS_TAG_KEY,
119 HKS_TAG_KEY_VERSION,
120 HKS_TAG_IS_KEY_HANDLE,
121 HKS_TAG_SYMMETRIC_KEY_DATA,
122 HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA,
123 HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA,
124 HKS_TAG_KEY_ACCESS_TIME,
125
126 HKS_TAG_ACCESS_TOKEN_ID,
127 };
128
GetTagType(enum HksTag tag)129 HKS_API_EXPORT enum HksTagType GetTagType(enum HksTag tag)
130 {
131 return (enum HksTagType)((uint32_t)tag & (uint32_t)HKS_TAG_TYPE_MASK);
132 }
133
IsValidTag(uint32_t tag)134 static bool IsValidTag(uint32_t tag)
135 {
136 uint32_t tagSize = HKS_ARRAY_SIZE(g_validTags);
137 for (uint32_t i = 0; i < tagSize; ++i) {
138 if (tag == g_validTags[i]) {
139 return true;
140 }
141 }
142 return false;
143 }
144
HksCheckParamSetTag(const struct HksParamSet * paramSet)145 HKS_API_EXPORT int32_t HksCheckParamSetTag(const struct HksParamSet *paramSet)
146 {
147 HKS_IF_NULL_RETURN(paramSet, HKS_ERROR_NULL_POINTER)
148
149 for (uint32_t i = 0; i < paramSet->paramsCnt; ++i) {
150 uint32_t curTag = paramSet->params[i].tag;
151 if (!IsValidTag(curTag)) {
152 HKS_LOG_E("paramSet contains invalid tag! 0x%" LOG_PUBLIC "x", curTag);
153 return HKS_ERROR_INVALID_ARGUMENT;
154 }
155
156 for (uint32_t j = i + 1; j < paramSet->paramsCnt; ++j) {
157 if (curTag == paramSet->params[j].tag) {
158 HKS_LOG_E("paramSet contains multi-tags! 0x%" LOG_PUBLIC "x", curTag);
159 return HKS_ERROR_INVALID_ARGUMENT;
160 }
161 }
162 }
163
164 return HKS_SUCCESS;
165 }
166
CheckBeforeAddParams(const struct HksParamSet * paramSet,const struct HksParam * params,uint32_t paramCnt)167 static int32_t CheckBeforeAddParams(const struct HksParamSet *paramSet, const struct HksParam *params,
168 uint32_t paramCnt)
169 {
170 if ((params == NULL) || (paramSet == NULL) || (paramSet->paramSetSize > HKS_PARAM_SET_MAX_SIZE) ||
171 (paramCnt > HKS_DEFAULT_PARAM_CNT) || (paramSet->paramsCnt > (HKS_DEFAULT_PARAM_CNT - paramCnt))) {
172 HKS_LOG_E("invalid params or paramset!");
173 return HKS_ERROR_INVALID_ARGUMENT;
174 }
175
176 for (uint32_t i = 0; i < paramCnt; i++) {
177 if ((GetTagType((enum HksTag)(params[i].tag)) == HKS_TAG_TYPE_BYTES) &&
178 (params[i].blob.data == NULL)) {
179 HKS_LOG_E("invalid blob param!");
180 return HKS_ERROR_INVALID_ARGUMENT;
181 }
182 }
183 return HKS_SUCCESS;
184 }
185
BuildParamSet(struct HksParamSet ** paramSet)186 static int32_t BuildParamSet(struct HksParamSet **paramSet)
187 {
188 struct HksParamSet *freshParamSet = *paramSet;
189 uint32_t size = freshParamSet->paramSetSize;
190 uint32_t offset = sizeof(struct HksParamSet) + sizeof(struct HksParam) * freshParamSet->paramsCnt;
191
192 if (size > HKS_DEFAULT_PARAM_SET_SIZE) {
193 freshParamSet = (struct HksParamSet *)HksMalloc(size);
194 HKS_IF_NULL_LOGE_RETURN(freshParamSet, HKS_ERROR_MALLOC_FAIL, "malloc params failed!")
195
196 if (memcpy_s(freshParamSet, size, *paramSet, offset) != EOK) {
197 HKS_FREE_PTR(freshParamSet);
198 HKS_LOG_E("copy params failed!");
199 return HKS_ERROR_INSUFFICIENT_MEMORY;
200 }
201 HKS_FREE_PTR(*paramSet);
202 *paramSet = freshParamSet;
203 }
204
205 return HksFreshParamSet(freshParamSet, true);
206 }
207
HksFreshParamSet(struct HksParamSet * paramSet,bool isCopy)208 HKS_API_EXPORT int32_t HksFreshParamSet(struct HksParamSet *paramSet, bool isCopy)
209 {
210 HKS_IF_NULL_LOGE_RETURN(paramSet, HKS_ERROR_NULL_POINTER, "invalid NULL paramSet")
211
212 int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize);
213 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "invalid fresh paramSet")
214
215 uint32_t size = paramSet->paramSetSize;
216 uint32_t offset = sizeof(struct HksParamSet) + sizeof(struct HksParam) * paramSet->paramsCnt;
217
218 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
219 if (offset > size) {
220 HKS_LOG_E("invalid param set offset!");
221 return HKS_ERROR_INVALID_ARGUMENT;
222 }
223 if (GetTagType((enum HksTag)(paramSet->params[i].tag)) == HKS_TAG_TYPE_BYTES) {
224 if (IsAdditionOverflow(offset, paramSet->params[i].blob.size)) {
225 HKS_LOG_E("blob size overflow!");
226 return HKS_ERROR_INVALID_ARGUMENT;
227 }
228
229 if (isCopy && (memcpy_s((uint8_t *)paramSet + offset, size - offset,
230 paramSet->params[i].blob.data, paramSet->params[i].blob.size) != EOK)) {
231 HKS_LOG_E("copy param blob failed!");
232 return HKS_ERROR_INSUFFICIENT_MEMORY;
233 }
234 paramSet->params[i].blob.data = (uint8_t *)paramSet + offset;
235 offset += paramSet->params[i].blob.size;
236 }
237 }
238
239 if (paramSet->paramSetSize != offset) {
240 HKS_LOG_E("invalid param set size!");
241 return HKS_ERROR_INVALID_ARGUMENT;
242 }
243 return HKS_SUCCESS;
244 }
245
HksCheckParamSet(const struct HksParamSet * paramSet,uint32_t size)246 HKS_API_EXPORT int32_t HksCheckParamSet(const struct HksParamSet *paramSet, uint32_t size)
247 {
248 HKS_IF_NULL_RETURN(paramSet, HKS_ERROR_NULL_POINTER)
249
250 if ((size < sizeof(struct HksParamSet)) || (size > HKS_PARAM_SET_MAX_SIZE) ||
251 (paramSet->paramSetSize != size) ||
252 (paramSet->paramsCnt > ((size - sizeof(struct HksParamSet)) / sizeof(struct HksParam)))) {
253 HKS_LOG_E("invalid param set!");
254 return HKS_ERROR_INVALID_ARGUMENT;
255 }
256 return HKS_SUCCESS;
257 }
258
HksInitParamSet(struct HksParamSet ** paramSet)259 HKS_API_EXPORT int32_t HksInitParamSet(struct HksParamSet **paramSet)
260 {
261 HKS_IF_NULL_LOGE_RETURN(paramSet, HKS_ERROR_NULL_POINTER, "invalid init params!")
262
263 *paramSet = (struct HksParamSet *)HksMalloc(HKS_DEFAULT_PARAM_SET_SIZE);
264 HKS_IF_NULL_LOGE_RETURN(*paramSet, HKS_ERROR_MALLOC_FAIL, "malloc init param set failed!")
265
266 (*paramSet)->paramsCnt = 0;
267 (*paramSet)->paramSetSize = sizeof(struct HksParamSet);
268 return HKS_SUCCESS;
269 }
270
HksAddParams(struct HksParamSet * paramSet,const struct HksParam * params,uint32_t paramCnt)271 HKS_API_EXPORT int32_t HksAddParams(struct HksParamSet *paramSet,
272 const struct HksParam *params, uint32_t paramCnt)
273 {
274 int32_t ret = CheckBeforeAddParams(paramSet, params, paramCnt);
275 HKS_IF_NOT_SUCC_RETURN(ret, ret)
276
277 for (uint32_t i = 0; i < paramCnt; i++) {
278 paramSet->paramSetSize += sizeof(struct HksParam);
279 if (GetTagType((enum HksTag)(params[i].tag)) == HKS_TAG_TYPE_BYTES) {
280 if (IsAdditionOverflow(paramSet->paramSetSize, params[i].blob.size)) {
281 HKS_LOG_E("params size overflow!");
282 paramSet->paramSetSize -= sizeof(struct HksParam);
283 return HKS_ERROR_INVALID_ARGUMENT;
284 }
285 paramSet->paramSetSize += params[i].blob.size;
286 }
287 (void)memcpy_s(¶mSet->params[paramSet->paramsCnt++], sizeof(struct HksParam), ¶ms[i],
288 sizeof(struct HksParam));
289 }
290 return HKS_SUCCESS;
291 }
292
HksBuildParamSet(struct HksParamSet ** paramSet)293 HKS_API_EXPORT int32_t HksBuildParamSet(struct HksParamSet **paramSet)
294 {
295 if ((paramSet == NULL) || (*paramSet == NULL)) {
296 return HKS_ERROR_NULL_POINTER;
297 }
298
299 int ret = HksCheckParamSet(*paramSet, (*paramSet)->paramSetSize);
300 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "invalid build params!")
301
302 return BuildParamSet(paramSet);
303 }
304
HksFreeParamSet(struct HksParamSet ** paramSet)305 HKS_API_EXPORT void HksFreeParamSet(struct HksParamSet **paramSet)
306 {
307 if (paramSet == NULL) {
308 HKS_LOG_E("invalid free paramset!");
309 return;
310 }
311 HKS_FREE_PTR(*paramSet);
312 }
313
FreshParamSet(struct HksParamSet * paramSet,bool isCopy)314 static int32_t FreshParamSet(struct HksParamSet *paramSet, bool isCopy)
315 {
316 uint32_t size = paramSet->paramSetSize;
317 uint32_t offset = sizeof(struct HksParamSet) + sizeof(struct HksParam) * paramSet->paramsCnt;
318
319 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
320 if (offset > size) {
321 HKS_LOG_E("invalid param set offset!");
322 return HKS_ERROR_INVALID_ARGUMENT;
323 }
324 if (GetTagType((enum HksTag)(paramSet->params[i].tag)) == HKS_TAG_TYPE_BYTES) {
325 if (IsAdditionOverflow(offset, paramSet->params[i].blob.size)) {
326 HKS_LOG_E("blob size overflow!");
327 return HKS_ERROR_INVALID_ARGUMENT;
328 }
329 if (isCopy && memcpy_s((uint8_t *)paramSet + offset, size - offset,
330 paramSet->params[i].blob.data, paramSet->params[i].blob.size) != EOK) {
331 HKS_LOG_E("copy param blob failed!");
332 return HKS_ERROR_INSUFFICIENT_MEMORY;
333 }
334 paramSet->params[i].blob.data = (uint8_t *)paramSet + offset;
335 offset += paramSet->params[i].blob.size;
336 }
337 }
338
339 if (paramSet->paramSetSize != offset) {
340 HKS_LOG_E("invalid param set size!");
341 return HKS_ERROR_INVALID_ARGUMENT;
342 }
343 return HKS_SUCCESS;
344 }
345
HksGetParam(const struct HksParamSet * paramSet,uint32_t tag,struct HksParam ** param)346 HKS_API_EXPORT int32_t HksGetParam(const struct HksParamSet *paramSet, uint32_t tag, struct HksParam **param)
347 {
348 if ((paramSet == NULL) || (param == NULL)) {
349 HKS_LOG_E("invalid params!");
350 return HKS_ERROR_INVALID_ARGUMENT;
351 }
352
353 HKS_IF_NOT_SUCC_LOGE_RETURN(HksCheckParamSet(paramSet, paramSet->paramSetSize),
354 HKS_ERROR_INVALID_ARGUMENT, "invalid paramSet!")
355
356 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
357 if (tag == paramSet->params[i].tag) {
358 *param = (struct HksParam *)¶mSet->params[i];
359 return HKS_SUCCESS;
360 }
361 }
362
363 return HKS_ERROR_PARAM_NOT_EXIST;
364 }
365
HksGetParamSet(const struct HksParamSet * inParamSet,uint32_t inParamSetSize,struct HksParamSet ** outParamSet)366 HKS_API_EXPORT int32_t HksGetParamSet(const struct HksParamSet *inParamSet,
367 uint32_t inParamSetSize, struct HksParamSet **outParamSet)
368 {
369 int32_t ret = HksCheckParamSet(inParamSet, inParamSetSize);
370 HKS_IF_NOT_SUCC_RETURN(ret, ret)
371
372 HKS_IF_NULL_RETURN(outParamSet, HKS_ERROR_NULL_POINTER)
373
374 uint32_t size = inParamSet->paramSetSize;
375 struct HksParamSet *buf = (struct HksParamSet *)HksMalloc(size);
376 HKS_IF_NULL_LOGE_RETURN(buf, HKS_ERROR_MALLOC_FAIL, "malloc from param set failed!")
377
378 (void)memcpy_s(buf, size, inParamSet, size);
379
380 ret = FreshParamSet(buf, false);
381 if (ret != HKS_SUCCESS) {
382 HKS_FREE_PTR(buf);
383 return ret;
384 }
385 *outParamSet = buf;
386 return HKS_SUCCESS;
387 }
388
HksCheckParamMatch(const struct HksParam * baseParam,const struct HksParam * param)389 HKS_API_EXPORT int32_t HksCheckParamMatch(const struct HksParam *baseParam, const struct HksParam *param)
390 {
391 if (baseParam == NULL || param == NULL) {
392 return HKS_ERROR_NULL_POINTER;
393 }
394
395 if (baseParam->tag != param->tag) {
396 HKS_LOG_E("unmatch param type!");
397 return HKS_ERROR_INVALID_ARGUMENT;
398 }
399
400 switch (GetTagType((enum HksTag)(baseParam->tag))) {
401 case HKS_TAG_TYPE_INT:
402 return (baseParam->int32Param == param->int32Param) ? HKS_SUCCESS : HKS_ERROR_INVALID_ARGUMENT;
403 case HKS_TAG_TYPE_UINT:
404 return (baseParam->uint32Param == param->uint32Param) ? HKS_SUCCESS : HKS_ERROR_INVALID_ARGUMENT;
405 case HKS_TAG_TYPE_ULONG:
406 return (baseParam->uint64Param == param->uint64Param) ? HKS_SUCCESS : HKS_ERROR_INVALID_ARGUMENT;
407 case HKS_TAG_TYPE_BOOL:
408 return (baseParam->boolParam == param->boolParam) ? HKS_SUCCESS : HKS_ERROR_INVALID_ARGUMENT;
409 case HKS_TAG_TYPE_BYTES:
410 if (baseParam->blob.size != param->blob.size ||
411 baseParam->blob.data == NULL ||(param->blob.data == NULL)) {
412 HKS_LOG_E("unmatch byte type len!");
413 return HKS_ERROR_INVALID_ARGUMENT;
414 }
415 if (HksMemCmp(baseParam->blob.data, param->blob.data, baseParam->blob.size)) {
416 HKS_LOG_E("unmatch byte type content!");
417 return HKS_ERROR_INVALID_ARGUMENT;
418 }
419 return HKS_SUCCESS;
420 default:
421 HKS_LOG_E("invalid tag type:%" LOG_PUBLIC "x", GetTagType((enum HksTag)(baseParam->tag)));
422 return HKS_ERROR_INVALID_ARGUMENT;
423 }
424 }
425
HksCheckIsTagAlreadyExist(const struct HksParam * params,uint32_t paramsCnt,const struct HksParamSet * targetParamSet)426 HKS_API_EXPORT int32_t HksCheckIsTagAlreadyExist(const struct HksParam *params, uint32_t paramsCnt,
427 const struct HksParamSet *targetParamSet)
428 {
429 if (params == NULL || targetParamSet == NULL) {
430 return HKS_ERROR_NULL_POINTER;
431 }
432
433 int32_t ret = HksCheckParamSet(targetParamSet, targetParamSet->paramSetSize);
434 HKS_IF_NOT_SUCC_RETURN(ret, ret)
435
436 for (uint32_t i = 0; i < targetParamSet->paramsCnt; ++i) {
437 for (uint32_t j = 0; j < paramsCnt; ++j) {
438 if (params[j].tag == targetParamSet->params[i].tag) {
439 return HKS_ERROR_INVALID_ARGUMENT;
440 }
441 }
442 }
443
444 return HKS_SUCCESS;
445 }
446