1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_param.h"
17
18 #include <stddef.h>
19
20 #include "hks_log.h"
21 #include "hks_mem.h"
22 #include "hks_template.h"
23 #include "hks_type_inner.h"
24
25 #include "securec.h"
26
27 static uint32_t g_validTags[] = {
28 HKS_TAG_ALGORITHM,
29 HKS_TAG_PURPOSE,
30 HKS_TAG_KEY_SIZE,
31 HKS_TAG_DIGEST,
32 HKS_TAG_PADDING,
33 HKS_TAG_BLOCK_MODE,
34 HKS_TAG_KEY_TYPE,
35 HKS_TAG_ASSOCIATED_DATA,
36 HKS_TAG_NONCE,
37 HKS_TAG_IV,
38
39 HKS_TAG_SALT,
40 HKS_TAG_PWD,
41 HKS_TAG_INFO,
42 HKS_TAG_ITERATION,
43
44 HKS_TAG_KEY_GENERATE_TYPE,
45 HKS_TAG_DERIVE_MAIN_KEY,
46 HKS_TAG_DERIVE_FACTOR,
47 HKS_TAG_DERIVE_ALG,
48 HKS_TAG_AGREE_ALG,
49 HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS,
50 HKS_TAG_AGREE_PRIVATE_KEY_ALIAS,
51 HKS_TAG_AGREE_PUBLIC_KEY,
52 HKS_TAG_KEY_ALIAS,
53 HKS_TAG_DERIVE_KEY_SIZE,
54 HKS_TAG_IMPORT_KEY_TYPE,
55 HKS_TAG_UNWRAP_ALGORITHM_SUITE,
56 HKS_TAG_DERIVE_AGREE_KEY_STORAGE_FLAG,
57 HKS_TAG_RSA_PSS_SALT_LEN_TYPE,
58
59 HKS_TAG_ACTIVE_DATETIME,
60 HKS_TAG_ORIGINATION_EXPIRE_DATETIME,
61 HKS_TAG_USAGE_EXPIRE_DATETIME,
62 HKS_TAG_CREATION_DATETIME,
63
64 HKS_TAG_ALL_USERS,
65 HKS_TAG_USER_ID,
66 HKS_TAG_NO_AUTH_REQUIRED,
67 HKS_TAG_USER_AUTH_TYPE,
68 HKS_TAG_AUTH_TIMEOUT,
69 HKS_TAG_AUTH_TOKEN,
70
71 HKS_TAG_OS_VERSION,
72 HKS_TAG_OS_PATCHLEVEL,
73
74 HKS_TAG_ATTESTATION_CHALLENGE,
75 HKS_TAG_ATTESTATION_APPLICATION_ID,
76 HKS_TAG_ATTESTATION_ID_BRAND,
77 HKS_TAG_ATTESTATION_ID_DEVICE,
78 HKS_TAG_ATTESTATION_ID_PRODUCT,
79 HKS_TAG_ATTESTATION_ID_SERIAL,
80 HKS_TAG_ATTESTATION_ID_IMEI,
81 HKS_TAG_ATTESTATION_ID_MEID,
82 HKS_TAG_ATTESTATION_ID_MANUFACTURER,
83 HKS_TAG_ATTESTATION_ID_MODEL,
84 HKS_TAG_ATTESTATION_ID_ALIAS,
85 HKS_TAG_ATTESTATION_ID_SOCID,
86 HKS_TAG_ATTESTATION_ID_UDID,
87 HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO,
88 HKS_TAG_ATTESTATION_ID_VERSION_INFO,
89 HKS_TAG_ATTESTATION_BASE64,
90
91 HKS_TAG_IS_KEY_ALIAS,
92 HKS_TAG_KEY_STORAGE_FLAG,
93 HKS_TAG_IS_ALLOWED_WRAP,
94 HKS_TAG_KEY_WRAP_TYPE,
95 HKS_TAG_KEY_AUTH_ID,
96 HKS_TAG_KEY_ROLE,
97 HKS_TAG_KEY_FLAG,
98 HKS_TAG_KEY_DOMAIN,
99
100 HKS_TAG_KEY_AUTH_ACCESS_TYPE,
101 HKS_TAG_KEY_SECURE_SIGN_TYPE,
102 HKS_TAG_CHALLENGE_TYPE,
103 HKS_TAG_CHALLENGE_POS,
104 HKS_TAG_KEY_AUTH_PURPOSE,
105
106 HKS_TAG_KEY_INIT_CHALLENGE,
107 HKS_TAG_IS_USER_AUTH_ACCESS,
108 HKS_TAG_USER_AUTH_CHALLENGE,
109 HKS_TAG_USER_AUTH_ENROLL_ID_INFO,
110 HKS_TAG_USER_AUTH_SECURE_UID,
111 HKS_TAG_KEY_AUTH_RESULT,
112 HKS_TAG_IF_NEED_APPEND_AUTH_INFO,
113 HKS_TAG_VERIFIED_AUTH_TOKEN,
114 HKS_TAG_IS_APPEND_UPDATE_DATA,
115
116 HKS_TAG_PROCESS_NAME,
117 HKS_TAG_PACKAGE_NAME,
118 HKS_TAG_PAYLOAD_LEN,
119 HKS_TAG_AE_TAG,
120 HKS_TAG_CRYPTO_CTX,
121 HKS_TAG_KEY,
122 HKS_TAG_KEY_VERSION,
123 HKS_TAG_IS_KEY_HANDLE,
124 HKS_TAG_SYMMETRIC_KEY_DATA,
125 HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA,
126 HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA,
127 HKS_TAG_KEY_ACCESS_TIME,
128
129 HKS_TAG_ACCESS_TOKEN_ID,
130 HKS_TAG_BUNDLE_NAME,
131 };
132
GetTagType(enum HksTag tag)133 HKS_API_EXPORT enum HksTagType GetTagType(enum HksTag tag)
134 {
135 return (enum HksTagType)((uint32_t)tag & (uint32_t)HKS_TAG_TYPE_MASK);
136 }
137
IsValidTag(uint32_t tag)138 static bool IsValidTag(uint32_t tag)
139 {
140 uint32_t tagSize = HKS_ARRAY_SIZE(g_validTags);
141 for (uint32_t i = 0; i < tagSize; ++i) {
142 if (tag == g_validTags[i]) {
143 return true;
144 }
145 }
146 return false;
147 }
148
HksCheckParamSetTag(const struct HksParamSet * paramSet)149 HKS_API_EXPORT int32_t HksCheckParamSetTag(const struct HksParamSet *paramSet)
150 {
151 HKS_IF_NULL_RETURN(paramSet, HKS_ERROR_NULL_POINTER)
152
153 for (uint32_t i = 0; i < paramSet->paramsCnt; ++i) {
154 uint32_t curTag = paramSet->params[i].tag;
155 if (!IsValidTag(curTag)) {
156 HKS_LOG_E("paramSet contains invalid tag! 0x%" LOG_PUBLIC "x", curTag);
157 return HKS_ERROR_INVALID_ARGUMENT;
158 }
159
160 for (uint32_t j = i + 1; j < paramSet->paramsCnt; ++j) {
161 if (curTag == paramSet->params[j].tag) {
162 HKS_LOG_E("paramSet contains multi-tags! 0x%" LOG_PUBLIC "x", curTag);
163 return HKS_ERROR_INVALID_ARGUMENT;
164 }
165 }
166 }
167
168 return HKS_SUCCESS;
169 }
170
CheckBeforeAddParams(const struct HksParamSet * paramSet,const struct HksParam * params,uint32_t paramCnt)171 static int32_t CheckBeforeAddParams(const struct HksParamSet *paramSet, const struct HksParam *params,
172 uint32_t paramCnt)
173 {
174 if ((params == NULL) || (paramSet == NULL) || (paramSet->paramSetSize > HKS_PARAM_SET_MAX_SIZE) ||
175 (paramCnt > HKS_DEFAULT_PARAM_CNT) || (paramSet->paramsCnt > (HKS_DEFAULT_PARAM_CNT - paramCnt))) {
176 HKS_LOG_E("invalid params or paramset!");
177 return HKS_ERROR_INVALID_ARGUMENT;
178 }
179
180 for (uint32_t i = 0; i < paramCnt; i++) {
181 if ((GetTagType((enum HksTag)(params[i].tag)) == HKS_TAG_TYPE_BYTES) &&
182 (params[i].blob.data == NULL)) {
183 HKS_LOG_E("invalid blob param!");
184 return HKS_ERROR_INVALID_ARGUMENT;
185 }
186 }
187 return HKS_SUCCESS;
188 }
189
BuildParamSet(struct HksParamSet ** paramSet)190 static int32_t BuildParamSet(struct HksParamSet **paramSet)
191 {
192 struct HksParamSet *freshParamSet = *paramSet;
193 uint32_t size = freshParamSet->paramSetSize;
194 uint32_t offset = sizeof(struct HksParamSet) + sizeof(struct HksParam) * freshParamSet->paramsCnt;
195
196 if (size > HKS_DEFAULT_PARAM_SET_SIZE) {
197 freshParamSet = (struct HksParamSet *)HksMalloc(size);
198 HKS_IF_NULL_LOGE_RETURN(freshParamSet, HKS_ERROR_MALLOC_FAIL, "malloc params failed!")
199
200 if (memcpy_s(freshParamSet, size, *paramSet, offset) != EOK) {
201 HKS_FREE_PTR(freshParamSet);
202 HKS_LOG_E("copy params failed!");
203 return HKS_ERROR_INSUFFICIENT_MEMORY;
204 }
205 HKS_FREE_PTR(*paramSet);
206 *paramSet = freshParamSet;
207 }
208
209 return HksFreshParamSet(freshParamSet, true);
210 }
211
212
HksCheckParamSet(const struct HksParamSet * paramSet,uint32_t size)213 HKS_API_EXPORT int32_t HksCheckParamSet(const struct HksParamSet *paramSet, uint32_t size)
214 {
215 HKS_IF_NULL_RETURN(paramSet, HKS_ERROR_NULL_POINTER)
216
217 if ((size < sizeof(struct HksParamSet)) || (size > HKS_PARAM_SET_MAX_SIZE) ||
218 (paramSet->paramSetSize != size) ||
219 (paramSet->paramsCnt > ((size - sizeof(struct HksParamSet)) / sizeof(struct HksParam)))) {
220 HKS_LOG_E("invalid param set!");
221 return HKS_ERROR_INVALID_ARGUMENT;
222 }
223 return HKS_SUCCESS;
224 }
225
HksInitParamSet(struct HksParamSet ** paramSet)226 HKS_API_EXPORT int32_t HksInitParamSet(struct HksParamSet **paramSet)
227 {
228 HKS_IF_NULL_LOGE_RETURN(paramSet, HKS_ERROR_NULL_POINTER, "invalid init params!")
229
230 *paramSet = (struct HksParamSet *)HksMalloc(HKS_DEFAULT_PARAM_SET_SIZE);
231 HKS_IF_NULL_LOGE_RETURN(*paramSet, HKS_ERROR_MALLOC_FAIL, "malloc init param set failed!")
232
233 (*paramSet)->paramsCnt = 0;
234 (*paramSet)->paramSetSize = sizeof(struct HksParamSet);
235 return HKS_SUCCESS;
236 }
237
HksAddParams(struct HksParamSet * paramSet,const struct HksParam * params,uint32_t paramCnt)238 HKS_API_EXPORT int32_t HksAddParams(struct HksParamSet *paramSet,
239 const struct HksParam *params, uint32_t paramCnt)
240 {
241 int32_t ret = CheckBeforeAddParams(paramSet, params, paramCnt);
242 HKS_IF_NOT_SUCC_RETURN(ret, ret)
243
244 for (uint32_t i = 0; i < paramCnt; i++) {
245 paramSet->paramSetSize += sizeof(struct HksParam);
246 if (GetTagType((enum HksTag)(params[i].tag)) == HKS_TAG_TYPE_BYTES) {
247 if (IsAdditionOverflow(paramSet->paramSetSize, params[i].blob.size)) {
248 HKS_LOG_E("params size overflow!");
249 paramSet->paramSetSize -= sizeof(struct HksParam);
250 return HKS_ERROR_INVALID_ARGUMENT;
251 }
252 paramSet->paramSetSize += params[i].blob.size;
253 }
254 (void)memcpy_s(¶mSet->params[paramSet->paramsCnt++], sizeof(struct HksParam), ¶ms[i],
255 sizeof(struct HksParam));
256 }
257 return HKS_SUCCESS;
258 }
259
HksBuildParamSet(struct HksParamSet ** paramSet)260 HKS_API_EXPORT int32_t HksBuildParamSet(struct HksParamSet **paramSet)
261 {
262 if ((paramSet == NULL) || (*paramSet == NULL)) {
263 return HKS_ERROR_NULL_POINTER;
264 }
265
266 int ret = HksCheckParamSet(*paramSet, (*paramSet)->paramSetSize);
267 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "invalid build params!")
268
269 return BuildParamSet(paramSet);
270 }
271
HksFreeParamSet(struct HksParamSet ** paramSet)272 HKS_API_EXPORT void HksFreeParamSet(struct HksParamSet **paramSet)
273 {
274 if (paramSet == NULL) {
275 HKS_LOG_E("invalid free paramset!");
276 return;
277 }
278 HKS_FREE_PTR(*paramSet);
279 }
280
FreshParamSet(struct HksParamSet * paramSet,bool isCopy)281 static int32_t FreshParamSet(struct HksParamSet *paramSet, bool isCopy)
282 {
283 uint32_t size = paramSet->paramSetSize;
284 uint32_t offset = sizeof(struct HksParamSet) + sizeof(struct HksParam) * paramSet->paramsCnt;
285
286 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
287 if (offset > size) {
288 HKS_LOG_E("invalid param set offset!");
289 return HKS_ERROR_INVALID_ARGUMENT;
290 }
291 if (GetTagType((enum HksTag)(paramSet->params[i].tag)) == HKS_TAG_TYPE_BYTES) {
292 if (IsAdditionOverflow(offset, paramSet->params[i].blob.size)) {
293 HKS_LOG_E("blob size overflow!");
294 return HKS_ERROR_INVALID_ARGUMENT;
295 }
296 if (isCopy && (memcpy_s((uint8_t *)paramSet + offset, size - offset,
297 paramSet->params[i].blob.data, paramSet->params[i].blob.size) != EOK)) {
298 HKS_LOG_E("copy param blob failed!");
299 return HKS_ERROR_INSUFFICIENT_MEMORY;
300 }
301 paramSet->params[i].blob.data = (uint8_t *)paramSet + offset;
302 offset += paramSet->params[i].blob.size;
303 }
304 }
305
306 if (paramSet->paramSetSize != offset) {
307 HKS_LOG_E("invalid param set size!");
308 return HKS_ERROR_INVALID_ARGUMENT;
309 }
310 return HKS_SUCCESS;
311 }
312
313
HksFreshParamSet(struct HksParamSet * paramSet,bool isCopy)314 HKS_API_EXPORT int32_t HksFreshParamSet(struct HksParamSet *paramSet, bool isCopy)
315 {
316 HKS_IF_NULL_LOGE_RETURN(paramSet, HKS_ERROR_NULL_POINTER, "invalid NULL paramSet")
317
318 int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize);
319 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "invalid fresh paramSet")
320
321 return FreshParamSet(paramSet, isCopy);
322 }
323
HksGetParam(const struct HksParamSet * paramSet,uint32_t tag,struct HksParam ** param)324 HKS_API_EXPORT int32_t HksGetParam(const struct HksParamSet *paramSet, uint32_t tag, struct HksParam **param)
325 {
326 if ((paramSet == NULL) || (param == NULL)) {
327 HKS_LOG_E("invalid params!");
328 return HKS_ERROR_INVALID_ARGUMENT;
329 }
330
331 HKS_IF_NOT_SUCC_LOGE_RETURN(HksCheckParamSet(paramSet, paramSet->paramSetSize),
332 HKS_ERROR_INVALID_ARGUMENT, "invalid paramSet!")
333
334 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
335 if (tag == paramSet->params[i].tag) {
336 *param = (struct HksParam *)¶mSet->params[i];
337 return HKS_SUCCESS;
338 }
339 }
340
341 return HKS_ERROR_PARAM_NOT_EXIST;
342 }
343
HksGetParamSet(const struct HksParamSet * inParamSet,uint32_t inParamSetSize,struct HksParamSet ** outParamSet)344 HKS_API_EXPORT int32_t HksGetParamSet(const struct HksParamSet *inParamSet,
345 uint32_t inParamSetSize, struct HksParamSet **outParamSet)
346 {
347 int32_t ret = HksCheckParamSet(inParamSet, inParamSetSize);
348 HKS_IF_NOT_SUCC_RETURN(ret, ret)
349
350 HKS_IF_NULL_RETURN(outParamSet, HKS_ERROR_NULL_POINTER)
351
352 uint32_t size = inParamSet->paramSetSize;
353 struct HksParamSet *buf = (struct HksParamSet *)HksMalloc(size);
354 HKS_IF_NULL_LOGE_RETURN(buf, HKS_ERROR_MALLOC_FAIL, "malloc from param set failed!")
355
356 (void)memcpy_s(buf, size, inParamSet, size);
357
358 ret = FreshParamSet(buf, false);
359 if (ret != HKS_SUCCESS) {
360 HKS_FREE_PTR(buf);
361 return ret;
362 }
363 *outParamSet = buf;
364 return HKS_SUCCESS;
365 }
366
HksCheckParamMatch(const struct HksParam * baseParam,const struct HksParam * param)367 HKS_API_EXPORT int32_t HksCheckParamMatch(const struct HksParam *baseParam, const struct HksParam *param)
368 {
369 if (baseParam == NULL || param == NULL) {
370 return HKS_ERROR_NULL_POINTER;
371 }
372
373 if (baseParam->tag != param->tag) {
374 HKS_LOG_E("unmatch param type!");
375 return HKS_ERROR_INVALID_ARGUMENT;
376 }
377
378 switch (GetTagType((enum HksTag)(baseParam->tag))) {
379 case HKS_TAG_TYPE_INT:
380 return (baseParam->int32Param == param->int32Param) ? HKS_SUCCESS : HKS_ERROR_INVALID_ARGUMENT;
381 case HKS_TAG_TYPE_UINT:
382 return (baseParam->uint32Param == param->uint32Param) ? HKS_SUCCESS : HKS_ERROR_INVALID_ARGUMENT;
383 case HKS_TAG_TYPE_ULONG:
384 return (baseParam->uint64Param == param->uint64Param) ? HKS_SUCCESS : HKS_ERROR_INVALID_ARGUMENT;
385 case HKS_TAG_TYPE_BOOL:
386 return (baseParam->boolParam == param->boolParam) ? HKS_SUCCESS : HKS_ERROR_INVALID_ARGUMENT;
387 case HKS_TAG_TYPE_BYTES:
388 if (baseParam->blob.size != param->blob.size ||
389 baseParam->blob.data == NULL ||(param->blob.data == NULL)) {
390 HKS_LOG_E("unmatch byte type len!");
391 return HKS_ERROR_INVALID_ARGUMENT;
392 }
393 if (HksMemCmp(baseParam->blob.data, param->blob.data, baseParam->blob.size)) {
394 HKS_LOG_E("unmatch byte type content!");
395 return HKS_ERROR_INVALID_ARGUMENT;
396 }
397 return HKS_SUCCESS;
398 default:
399 HKS_LOG_E("invalid tag type:%" LOG_PUBLIC "x", GetTagType((enum HksTag)(baseParam->tag)));
400 return HKS_ERROR_INVALID_ARGUMENT;
401 }
402 }
403
HksCheckIsTagAlreadyExist(const struct HksParam * params,uint32_t paramsCnt,const struct HksParamSet * targetParamSet)404 HKS_API_EXPORT int32_t HksCheckIsTagAlreadyExist(const struct HksParam *params, uint32_t paramsCnt,
405 const struct HksParamSet *targetParamSet)
406 {
407 if (params == NULL || targetParamSet == NULL) {
408 return HKS_ERROR_NULL_POINTER;
409 }
410
411 int32_t ret = HksCheckParamSet(targetParamSet, targetParamSet->paramSetSize);
412 HKS_IF_NOT_SUCC_RETURN(ret, ret)
413
414 for (uint32_t i = 0; i < targetParamSet->paramsCnt; ++i) {
415 for (uint32_t j = 0; j < paramsCnt; ++j) {
416 if (params[j].tag == targetParamSet->params[i].tag) {
417 return HKS_ERROR_INVALID_ARGUMENT;
418 }
419 }
420 }
421
422 return HKS_SUCCESS;
423 }
424
HksDeleteTagsFromParamSet(const uint32_t * tag,uint32_t tagCount,const struct HksParamSet * paramSet,struct HksParamSet ** outParamSet)425 HKS_API_EXPORT int32_t HksDeleteTagsFromParamSet(const uint32_t *tag, uint32_t tagCount,
426 const struct HksParamSet *paramSet, struct HksParamSet **outParamSet)
427 {
428 if (tag == NULL || paramSet == NULL || outParamSet == NULL) {
429 return HKS_ERROR_NULL_POINTER;
430 }
431 int32_t ret = HksFreshParamSet((struct HksParamSet *)paramSet, false);
432 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "fresh paramset failed")
433
434 struct HksParamSet *newParamSet = NULL;
435 ret = HksInitParamSet(&newParamSet);
436 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "init param set failed")
437
438 for (uint32_t i = 0; i < paramSet->paramsCnt; ++i) {
439 bool isDeleteTag = false;
440 for (uint32_t j = 0; j < tagCount; ++j) {
441 if (paramSet->params[i].tag == tag[j]) {
442 isDeleteTag = true;
443 break;
444 }
445 }
446 if (!isDeleteTag) {
447 ret = HksAddParams(newParamSet, ¶mSet->params[i], 1);
448 if (ret != HKS_SUCCESS) {
449 HKS_LOG_E("add in params failed");
450 HksFreeParamSet(&newParamSet);
451 return ret;
452 }
453 }
454 }
455
456 ret = HksBuildParamSet(&newParamSet);
457 if (ret != HKS_SUCCESS) {
458 HKS_LOG_E("build paramset failed");
459 HksFreeParamSet(&newParamSet);
460 return ret;
461 }
462
463 *outParamSet = newParamSet;
464 return HKS_SUCCESS;
465 }
466