• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "hks_adapter.h"
17 
18 #include <stddef.h>
19 
20 #include "securec.h"
21 #include "hks_api.h"
22 #include "hks_type.h"
23 #include "hks_param.h"
24 
25 #include "device_security_defines.h"
26 #include "utils_log.h"
27 #include "utils_mem.h"
28 #include "utils_tlv.h"
29 
30 #define MAX_ENTRY 8
31 #define TYPE_NONCE 0x200
32 #define TYPE_CERT_BASE 0x100
33 #define TYPE_CERT_END (TYPE_CERT_BASE + MAX_ENTRY)
34 #define LIST_MAX_SIZE 10240
35 
36 // need free
FillHksParamSet(struct HksParamSet ** paramSet,struct HksParam * param,int32_t paramNums)37 int32_t FillHksParamSet(struct HksParamSet **paramSet, struct HksParam *param, int32_t paramNums)
38 {
39     if (param == NULL) {
40         SECURITY_LOG_ERROR("param is null");
41         return ERR_INVALID_PARA;
42     }
43     int32_t ret = HksInitParamSet(paramSet);
44     if (ret != HKS_SUCCESS) {
45         SECURITY_LOG_ERROR("HksInitParamSet failed, hks ret = %{public}d", ret);
46         return ERR_INVALID_PARA;
47     }
48     ret = HksAddParams(*paramSet, param, paramNums);
49     if (ret != HKS_SUCCESS) {
50         SECURITY_LOG_ERROR("HksAddParams failed, hks ret = %{public}d", ret);
51         HksFreeParamSet(paramSet);
52         return ERR_INVALID_PARA;
53     }
54     ret = HksBuildParamSet(paramSet);
55     if (ret != HKS_SUCCESS) {
56         SECURITY_LOG_ERROR("HksBuildParamSet failed, hks ret = %{public}d", ret);
57         HksFreeParamSet(paramSet);
58         return ERR_INVALID_PARA;
59     }
60     return SUCCESS;
61 }
62 
HksGenerateKeyAdapter(const struct HksBlob * keyAlias)63 int32_t HksGenerateKeyAdapter(const struct HksBlob *keyAlias)
64 {
65     if (keyAlias == NULL) {
66         SECURITY_LOG_ERROR("keyAlias is null");
67         return ERR_INVALID_PARA;
68     }
69     struct HksParam tmpParams[] = {
70         {.tag = HKS_TAG_KEY_STORAGE_FLAG, .uint32Param = HKS_STORAGE_PERSISTENT},
71         {.tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA},
72         {.tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048},
73         {.tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_VERIFY},
74         {.tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256},
75         {.tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS},
76         {.tag = HKS_TAG_KEY_GENERATE_TYPE, .uint32Param = HKS_KEY_GENERATE_TYPE_DEFAULT},
77         {.tag = HKS_TAG_BLOCK_MODE, .uint32Param = HKS_MODE_ECB},
78     };
79     struct HksParamSet *paramSet = NULL;
80     if (FillHksParamSet(&paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])) != SUCCESS) {
81         SECURITY_LOG_ERROR("FillHksParamSet failed");
82         return ERR_HUKS_ERR;
83     }
84     int32_t ret = HksGenerateKey(keyAlias, paramSet, NULL);
85     if (ret != HKS_SUCCESS) {
86         SECURITY_LOG_ERROR("HksGenerateKey failed, hks ret = %{public}d", ret);
87         HksFreeParamSet(&paramSet);
88         return ERR_HUKS_ERR;
89     }
90     HksFreeParamSet(&paramSet);
91     return SUCCESS;
92 }
93 
94 // need free
ConstructHksCertChain(struct HksCertChain ** certChain,const struct HksCertChainInitParams * certChainParam)95 int32_t ConstructHksCertChain(struct HksCertChain **certChain, const struct HksCertChainInitParams *certChainParam)
96 {
97     if (certChainParam == NULL || certChainParam->certChainExist == false ||
98         certChainParam->certCountValid == false || certChainParam->certDataExist == false) {
99         return ERR_INVALID_PARA;
100     }
101 
102     *certChain = (struct HksCertChain *)MALLOC(sizeof(struct HksCertChain));
103     if (*certChain == NULL) {
104         return ERR_NO_MEMORY;
105     }
106     (*certChain)->certsCount = CERT_CHAIN_CERT_NUM;
107     (*certChain)->certs = (struct HksBlob *)MALLOC(sizeof(struct HksBlob) * ((*certChain)->certsCount));
108     if ((*certChain)->certs == NULL) {
109         FREE(*certChain);
110         *certChain = NULL;
111         return ERR_NO_MEMORY;
112     }
113     for (uint32_t i = 0; i < (*certChain)->certsCount; i++) {
114         (*certChain)->certs[i].size = 0;
115         (*certChain)->certs[i].data = NULL;
116     }
117     for (uint32_t i = 0; i < (*certChain)->certsCount; i++) {
118         (*certChain)->certs[i].size = certChainParam->certDataSize;
119         (*certChain)->certs[i].data = (uint8_t *)MALLOC((*certChain)->certs[i].size);
120         if ((*certChain)->certs[i].data == NULL) {
121             DestroyHksCertChain(*certChain);
122             *certChain = NULL;
123             return ERR_NO_MEMORY;
124         }
125         (void)memset_s((*certChain)->certs[i].data, certChainParam->certDataSize, 0, certChainParam->certDataSize);
126     }
127     return SUCCESS;
128 }
129 
DestroyHksCertChain(struct HksCertChain * certChain)130 void DestroyHksCertChain(struct HksCertChain *certChain)
131 {
132     if (certChain == NULL || certChain->certs == NULL || certChain->certsCount <= 0) {
133         return;
134     }
135     for (uint32_t i = 0; i < certChain->certsCount; i++) {
136         if (certChain->certs[i].data != NULL) {
137             FREE(certChain->certs[i].data);
138             certChain->certs[i].data = NULL;
139         }
140     }
141     FREE(certChain->certs);
142     certChain->certs = NULL;
143     FREE(certChain);
144 }
145 
146 // need free
HksCertChainToBuffer(const struct HksCertChain * hksCertChain,uint8_t ** data,uint32_t * dataLen)147 int32_t HksCertChainToBuffer(const struct HksCertChain *hksCertChain, uint8_t **data, uint32_t *dataLen)
148 {
149     if (hksCertChain == NULL) {
150         return ERR_INVALID_PARA;
151     }
152 
153     TlvCommon tlvs[MAX_ENTRY];
154     (void)memset_s(&tlvs[0], sizeof(tlvs), 0, sizeof(tlvs));
155     uint32_t tlvCnt = 0;
156     for (uint32_t i = 0; i < hksCertChain->certsCount; i++) {
157         tlvs[tlvCnt].tag = TYPE_CERT_BASE + 1;
158         tlvs[tlvCnt].len = hksCertChain->certs[i].size;
159         tlvs[tlvCnt].value = hksCertChain->certs[i].data;
160         tlvCnt++;
161     }
162 
163     uint8_t *out = MALLOC(LIST_MAX_SIZE);
164     if (out == NULL) {
165         return ERR_NO_MEMORY;
166     }
167     (void)memset_s(out, LIST_MAX_SIZE, 0, LIST_MAX_SIZE);
168     if (Serialize(tlvs, tlvCnt, out, LIST_MAX_SIZE, dataLen) != TLV_OK) {
169         FREE(out);
170         return ERR_NO_MEMORY;
171     }
172     *data = out;
173     return SUCCESS;
174 }
175 
176 // point to exist memory, no need free but can not change data
BufferToHksCertChain(const uint8_t * data,uint32_t dataLen,struct HksCertChain * hksCertChain)177 int32_t BufferToHksCertChain(const uint8_t *data, uint32_t dataLen, struct HksCertChain *hksCertChain)
178 {
179     if (data == NULL || dataLen == 0) {
180         return ERR_INVALID_PARA;
181     }
182     TlvCommon tlvs[MAX_ENTRY];
183     (void)memset_s(&tlvs[0], sizeof(tlvs), 0, sizeof(tlvs));
184 
185     uint32_t cnt = 0;
186     uint32_t ret = Deserialize(data, dataLen, &tlvs[0], MAX_ENTRY, &cnt);
187     if (ret != TLV_OK || cnt == 0 || cnt > MAX_ENTRY) {
188         return ERR_INVALID_PARA;
189     }
190     uint32_t certCnt = 0;
191     for (uint32_t i = 0; i < cnt; i++) {
192         if ((tlvs[i].tag >= TYPE_CERT_BASE) && (tlvs[i].tag <= TYPE_CERT_END)) {
193             hksCertChain->certs[certCnt].data = tlvs[i].value;
194             hksCertChain->certs[certCnt].size = tlvs[i].len;
195             certCnt++;
196         }
197     }
198     hksCertChain->certsCount = certCnt;
199     return SUCCESS;
200 }