1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21
22 #include "hks_api.h"
23
24 #include <inttypes.h>
25 #include <stddef.h>
26 #include <string.h>
27
28 #include "hks_api_adapter.h"
29
30 #include "hks_client_ipc.h"
31 #include "hks_local_engine.h"
32 #include "hks_ability.h"
33 #include "hks_log.h"
34 #include "hks_mem.h"
35 #include "hks_param.h"
36 #include "hks_template.h"
37 #include "hks_type.h"
38 #include "hks_util.h"
39
40 #include "securec.h"
41
42 #ifdef HKS_SUPPORT_API_ATTEST_KEY
43 #include "hks_verifier.h"
44 #endif
45
46 #ifdef _CUT_AUTHENTICATE_
47 #undef HKS_SUPPORT_API_GENERATE_KEY
48 #undef HKS_SUPPORT_API_IMPORT
49 #undef HKS_SUPPORT_API_EXPORT
50 #undef HKS_SUPPORT_API_DELETE_KEY
51 #undef HKS_SUPPORT_API_GET_KEY_PARAM_SET
52 #undef HKS_SUPPORT_API_KEY_EXIST
53 #undef HKS_SUPPORT_API_SIGN_VERIFY
54 #undef HKS_SUPPORT_API_SIGN_VERIFY
55 #undef HKS_SUPPORT_API_AGREE_KEY
56 #undef HKS_SUPPORT_API_HASH
57 #undef HKS_SUPPORT_API_GET_KEY_INFO_LIST
58 #undef HKS_SUPPORT_API_ATTEST_KEY
59 #undef HKS_SUPPORT_API_GET_CERTIFICATE_CHAIN
60 #endif
61
HksGetSdkVersion(struct HksBlob * sdkVersion)62 HKS_API_EXPORT int32_t HksGetSdkVersion(struct HksBlob *sdkVersion)
63 {
64 if ((sdkVersion == NULL) || (sdkVersion->data == NULL)) {
65 return HKS_ERROR_NULL_POINTER;
66 }
67
68 uint32_t versionLen = strlen(HKS_SDK_VERSION);
69 if (sdkVersion->size < (versionLen + 1)) {
70 return HKS_ERROR_INVALID_ARGUMENT;
71 }
72
73 (void)memcpy_s(sdkVersion->data, sdkVersion->size, HKS_SDK_VERSION, versionLen);
74
75 sdkVersion->data[versionLen] = '\0';
76 sdkVersion->size = versionLen;
77 return HKS_SUCCESS;
78 }
79
HksInitialize(void)80 HKS_API_EXPORT int32_t HksInitialize(void)
81 {
82 #ifndef _CUT_AUTHENTICATE_
83 HKS_LOG_D("enter initialize");
84 int32_t ret = HksClientInitialize();
85 HKS_LOG_D("leave initialize, result = %" LOG_PUBLIC "d", ret);
86 return ret;
87 #else
88 (void)HksCryptoAbilityInit();
89 return HKS_SUCCESS;
90 #endif
91 }
92
HksRefreshKeyInfo(void)93 HKS_API_EXPORT int32_t HksRefreshKeyInfo(void)
94 {
95 #ifndef _CUT_AUTHENTICATE_
96 HKS_LOG_D("enter refresh key info");
97 int32_t ret = HksClientRefreshKeyInfo();
98 HKS_LOG_D("leave refresh key info, result = %" LOG_PUBLIC "d", ret);
99 return ret;
100 #else
101 return HKS_ERROR_API_NOT_SUPPORTED;
102 #endif
103 }
104
HksGenerateKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)105 HKS_API_EXPORT int32_t HksGenerateKey(const struct HksBlob *keyAlias,
106 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut)
107 {
108 #ifdef HKS_SUPPORT_API_GENERATE_KEY
109 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
110 struct HksParam *storageFlag = NULL;
111 int32_t ret = HksGetParam(paramSetIn, HKS_TAG_KEY_STORAGE_FLAG, &storageFlag);
112 if ((ret == HKS_SUCCESS) && (storageFlag->uint32Param == HKS_STORAGE_TEMP)) {
113 if ((paramSetIn == NULL) || (paramSetOut == NULL)) {
114 return HKS_ERROR_NULL_POINTER;
115 }
116 ret = HksLocalGenerateKey(paramSetIn, paramSetOut);
117 HKS_LOG_D("leave generate temp key, result = %" LOG_PUBLIC "d", ret);
118 return ret;
119 }
120
121 /* generate persistent keys */
122 if ((paramSetIn == NULL) || (keyAlias == NULL)) {
123 return HKS_ERROR_NULL_POINTER;
124 }
125 ret = HksClientGenerateKey(keyAlias, paramSetIn, paramSetOut);
126 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
127 return ret;
128 #else
129 (void)keyAlias;
130 (void)paramSetIn;
131 (void)paramSetOut;
132 return HKS_ERROR_API_NOT_SUPPORTED;
133 #endif
134 }
135
HksImportKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,const struct HksBlob * key)136 HKS_API_EXPORT int32_t HksImportKey(const struct HksBlob *keyAlias,
137 const struct HksParamSet *paramSet, const struct HksBlob *key)
138 {
139 #ifdef HKS_SUPPORT_API_IMPORT
140 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
141 if ((keyAlias == NULL) || (paramSet == NULL) || (key == NULL)) {
142 return HKS_ERROR_NULL_POINTER;
143 }
144 int32_t ret = HksImportKeyAdapter(keyAlias, paramSet, key);
145 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
146 return ret;
147 #else
148 (void)keyAlias;
149 (void)paramSet;
150 (void)key;
151 return HKS_ERROR_API_NOT_SUPPORTED;
152 #endif
153 }
154
HksImportWrappedKey(const struct HksBlob * keyAlias,const struct HksBlob * wrappingKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * wrappedKeyData)155 HKS_API_EXPORT int32_t HksImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias,
156 const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData)
157 {
158 #ifdef HKS_SUPPORT_API_IMPORT_WRAPPED_KEY
159 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
160 if ((keyAlias == NULL) || (wrappingKeyAlias == NULL)|| (paramSet == NULL) || (wrappedKeyData == NULL)) {
161 return HKS_ERROR_NULL_POINTER;
162 }
163 int32_t ret = HksClientImportWrappedKey(keyAlias, wrappingKeyAlias, paramSet, wrappedKeyData);
164 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
165 return ret;
166 #else
167 (void)keyAlias;
168 (void)wrappingKeyAlias;
169 (void)paramSet;
170 (void)wrappedKeyData;
171 return HKS_ERROR_API_NOT_SUPPORTED;
172 #endif
173 }
174
HksExportPublicKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * key)175 HKS_API_EXPORT int32_t HksExportPublicKey(const struct HksBlob *keyAlias,
176 const struct HksParamSet *paramSet, struct HksBlob *key)
177 {
178 #ifdef HKS_SUPPORT_API_EXPORT
179 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
180 if ((keyAlias == NULL) || (key == NULL)) {
181 return HKS_ERROR_NULL_POINTER;
182 }
183 int32_t ret = HksExportPublicKeyAdapter(keyAlias, paramSet, key);
184 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
185 return ret;
186 #else
187 (void)keyAlias;
188 (void)paramSet;
189 (void)key;
190 return HKS_ERROR_API_NOT_SUPPORTED;
191 #endif
192 }
193
HksDeleteKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)194 HKS_API_EXPORT int32_t HksDeleteKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet)
195 {
196 #ifdef HKS_SUPPORT_API_DELETE_KEY
197 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
198 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER)
199 int32_t ret = HksClientDeleteKey(keyAlias, paramSet);
200 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
201 return ret;
202 #else
203 (void)keyAlias;
204 (void)paramSet;
205 return HKS_ERROR_API_NOT_SUPPORTED;
206 #endif
207 }
208
HksGetKeyParamSet(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)209 HKS_API_EXPORT int32_t HksGetKeyParamSet(const struct HksBlob *keyAlias,
210 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut)
211 {
212 #ifdef HKS_SUPPORT_API_GET_KEY_PARAM_SET
213 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
214 if ((keyAlias == NULL) || (paramSetOut == NULL)) {
215 return HKS_ERROR_NULL_POINTER;
216 }
217 int32_t ret = HksClientGetKeyParamSet(keyAlias, paramSetIn, paramSetOut);
218 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
219 return ret;
220 #else
221 (void)keyAlias;
222 (void)paramSetIn;
223 (void)paramSetOut;
224 return HKS_ERROR_API_NOT_SUPPORTED;
225 #endif
226 }
227
HksKeyExist(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)228 HKS_API_EXPORT int32_t HksKeyExist(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet)
229 {
230 #ifdef HKS_SUPPORT_API_KEY_EXIST
231 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
232 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER)
233 int32_t ret = HksClientKeyExist(keyAlias, paramSet);
234 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
235 return ret;
236 #else
237 (void)keyAlias;
238 (void)paramSet;
239 return HKS_ERROR_API_NOT_SUPPORTED;
240 #endif
241 }
242
HksGenerateRandom(const struct HksParamSet * paramSet,struct HksBlob * random)243 HKS_API_EXPORT int32_t HksGenerateRandom(const struct HksParamSet *paramSet, struct HksBlob *random)
244 {
245 #ifdef HKS_SUPPORT_API_GENERATE_RANDOM
246 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
247 HKS_IF_NULL_RETURN(random, HKS_ERROR_NULL_POINTER)
248 int32_t ret = HksClientGenerateRandom(random, paramSet);
249 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
250 return ret;
251 #else
252 (void)paramSet;
253 (void)random;
254 return HKS_ERROR_API_NOT_SUPPORTED;
255 #endif
256 }
257
HksSign(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * signature)258 HKS_API_EXPORT int32_t HksSign(const struct HksBlob *key, const struct HksParamSet *paramSet,
259 const struct HksBlob *srcData, struct HksBlob *signature)
260 {
261 #ifdef HKS_SUPPORT_API_SIGN_VERIFY
262 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
263 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) {
264 return HKS_ERROR_NULL_POINTER;
265 }
266
267 struct HksParam *isKeyAlias = NULL;
268 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
269 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
270 return HksLocalSign(key, paramSet, srcData, signature);
271 }
272
273 ret = HksClientSign(key, paramSet, srcData, signature);
274 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
275 return ret;
276 #else
277 (void)key;
278 (void)paramSet;
279 (void)srcData;
280 (void)signature;
281 return HKS_ERROR_API_NOT_SUPPORTED;
282 #endif
283 }
284
HksVerify(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,const struct HksBlob * signature)285 HKS_API_EXPORT int32_t HksVerify(const struct HksBlob *key, const struct HksParamSet *paramSet,
286 const struct HksBlob *srcData, const struct HksBlob *signature)
287 {
288 #ifdef HKS_SUPPORT_API_SIGN_VERIFY
289 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
290 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) {
291 return HKS_ERROR_NULL_POINTER;
292 }
293
294 struct HksParam *isKeyAlias = NULL;
295 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
296 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
297 ret = HksLocalVerify(key, paramSet, srcData, signature);
298 HKS_LOG_D("leave verify with plain key, result = %" LOG_PUBLIC "d", ret);
299 return ret;
300 }
301 ret = HksClientVerify(key, paramSet, srcData, signature);
302 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
303 return ret;
304 #else
305 (void)key;
306 (void)paramSet;
307 (void)srcData;
308 (void)signature;
309 return HKS_ERROR_API_NOT_SUPPORTED;
310 #endif
311 }
312
HksEncrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * plainText,struct HksBlob * cipherText)313 HKS_API_EXPORT int32_t HksEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
314 const struct HksBlob *plainText, struct HksBlob *cipherText)
315 {
316 #ifdef HKS_SUPPORT_API_CIPHER
317 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
318 if ((key == NULL) || (paramSet == NULL) || (plainText == NULL) || (cipherText == NULL)) {
319 return HKS_ERROR_NULL_POINTER;
320 }
321
322 struct HksParam *isKeyAlias = NULL;
323 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
324 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
325 ret = HksLocalEncrypt(key, paramSet, plainText, cipherText);
326 HKS_LOG_D("leave encrypt with plain key, result = %" LOG_PUBLIC "d", ret);
327 return ret;
328 }
329 #ifndef _CUT_AUTHENTICATE_
330 ret = HksClientEncrypt(key, paramSet, plainText, cipherText);
331 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
332 return ret;
333 #else
334 return HKS_ERROR_NOT_SUPPORTED;
335 #endif
336 #else
337 (void)key;
338 (void)paramSet;
339 (void)plainText;
340 (void)cipherText;
341 return HKS_ERROR_API_NOT_SUPPORTED;
342 #endif
343 }
344
HksDecrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * cipherText,struct HksBlob * plainText)345 HKS_API_EXPORT int32_t HksDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
346 const struct HksBlob *cipherText, struct HksBlob *plainText)
347 {
348 #ifdef HKS_SUPPORT_API_CIPHER
349 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
350 if ((key == NULL) || (paramSet == NULL) || (cipherText == NULL) || (plainText == NULL)) {
351 return HKS_ERROR_NULL_POINTER;
352 }
353
354 struct HksParam *isKeyAlias = NULL;
355 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
356 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
357 ret = HksLocalDecrypt(key, paramSet, cipherText, plainText);
358 HKS_LOG_D("leave decrypt with plain key, result = %" LOG_PUBLIC "d", ret);
359 return ret;
360 }
361 #ifndef _CUT_AUTHENTICATE_
362 ret = HksClientDecrypt(key, paramSet, cipherText, plainText);
363 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
364 return ret;
365 #else
366 return HKS_ERROR_NOT_SUPPORTED;
367 #endif
368 #else
369 (void)key;
370 (void)paramSet;
371 (void)plainText;
372 (void)cipherText;
373 return HKS_ERROR_API_NOT_SUPPORTED;
374 #endif
375 }
376
HksAgreeKey(const struct HksParamSet * paramSet,const struct HksBlob * privateKey,const struct HksBlob * peerPublicKey,struct HksBlob * agreedKey)377 HKS_API_EXPORT int32_t HksAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey,
378 const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey)
379 {
380 #ifdef HKS_SUPPORT_API_AGREE_KEY
381 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
382 if ((paramSet == NULL) || (privateKey == NULL) || (peerPublicKey == NULL) || (agreedKey == NULL)) {
383 return HKS_ERROR_NULL_POINTER;
384 }
385
386 struct HksParam *isKeyAlias = NULL;
387 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
388 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
389 ret = HksLocalAgreeKey(paramSet, privateKey, peerPublicKey, agreedKey);
390 HKS_LOG_D("leave agree key with plain key, result = %" LOG_PUBLIC "d", ret);
391 return ret;
392 }
393
394 ret = HksAgreeKeyAdapter(paramSet, privateKey, peerPublicKey, agreedKey);
395 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
396 return ret;
397 #else
398 (void)paramSet;
399 (void)privateKey;
400 (void)peerPublicKey;
401 (void)agreedKey;
402 return HKS_ERROR_API_NOT_SUPPORTED;
403 #endif
404 }
405
HksDeriveKey(const struct HksParamSet * paramSet,const struct HksBlob * mainKey,struct HksBlob * derivedKey)406 HKS_API_EXPORT int32_t HksDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey,
407 struct HksBlob *derivedKey)
408 {
409 #ifdef HKS_SUPPORT_API_DERIVE_KEY
410 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
411 if ((paramSet == NULL) || (mainKey == NULL) || (derivedKey == NULL)) {
412 return HKS_ERROR_NULL_POINTER;
413 }
414
415 struct HksParam *isKeyAlias = NULL;
416 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
417 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
418 ret = HksLocalDeriveKey(paramSet, mainKey, derivedKey);
419 HKS_LOG_D("leave derive key with plain key, result = %" LOG_PUBLIC "d", ret);
420 return ret;
421 }
422 #ifndef _CUT_AUTHENTICATE_
423 ret = HksClientDeriveKey(paramSet, mainKey, derivedKey);
424 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
425 return ret;
426 #else
427 return HKS_ERROR_NOT_SUPPORTED;
428 #endif
429 #else
430 (void)paramSet;
431 (void)mainKey;
432 (void)derivedKey;
433 return HKS_ERROR_API_NOT_SUPPORTED;
434 #endif
435 }
436
HksMac(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * mac)437 HKS_API_EXPORT int32_t HksMac(const struct HksBlob *key, const struct HksParamSet *paramSet,
438 const struct HksBlob *srcData, struct HksBlob *mac)
439 {
440 #ifdef HKS_SUPPORT_API_MAC
441 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
442 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (mac == NULL)) {
443 return HKS_ERROR_NULL_POINTER;
444 }
445
446 struct HksParam *isKeyAlias = NULL;
447 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
448 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
449 ret = HksLocalMac(key, paramSet, srcData, mac);
450 HKS_LOG_D("leave mac with plain key, result = %" LOG_PUBLIC "d", ret);
451 return ret;
452 }
453 #ifndef _CUT_AUTHENTICATE_
454 ret = HksClientMac(key, paramSet, srcData, mac);
455 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
456 return ret;
457 #else
458 return HKS_ERROR_NOT_SUPPORTED;
459 #endif
460 #else
461 (void)key;
462 (void)paramSet;
463 (void)srcData;
464 (void)mac;
465 return HKS_ERROR_API_NOT_SUPPORTED;
466 #endif
467 }
468
HksHash(const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * hash)469 HKS_API_EXPORT int32_t HksHash(const struct HksParamSet *paramSet,
470 const struct HksBlob *srcData, struct HksBlob *hash)
471 {
472 #ifdef HKS_SUPPORT_API_HASH
473 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
474 if ((paramSet == NULL) || (srcData == NULL) || (hash == NULL)) {
475 return HKS_ERROR_NULL_POINTER;
476 }
477 int32_t ret = HksLocalHash(paramSet, srcData, hash);
478 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
479 return ret;
480 #else
481 (void)paramSet;
482 (void)srcData;
483 (void)hash;
484 return HKS_ERROR_API_NOT_SUPPORTED;
485 #endif
486 }
487
HksGetKeyInfoList(const struct HksParamSet * paramSet,struct HksKeyInfo * keyInfoList,uint32_t * listCount)488 HKS_API_EXPORT int32_t HksGetKeyInfoList(const struct HksParamSet *paramSet,
489 struct HksKeyInfo *keyInfoList, uint32_t *listCount)
490 {
491 #ifdef HKS_SUPPORT_API_GET_KEY_INFO_LIST
492 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
493 if ((keyInfoList == NULL) || (listCount == NULL)) {
494 return HKS_ERROR_NULL_POINTER;
495 }
496 int32_t ret = HksClientGetKeyInfoList(paramSet, keyInfoList, listCount);
497 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
498 return ret;
499 #else
500 (void)paramSet;
501 (void)keyInfoList;
502 (void)listCount;
503 return HKS_ERROR_API_NOT_SUPPORTED;
504 #endif
505 }
506
507 #ifdef HKS_SUPPORT_API_ATTEST_KEY
ConstructNewAttestParamSet(const struct HksParamSet * paramSet,enum HksAttestationMode mode,struct HksParamSet ** newParamSet)508 static int32_t ConstructNewAttestParamSet(const struct HksParamSet *paramSet, enum HksAttestationMode mode,
509 struct HksParamSet **newParamSet)
510 {
511 int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize);
512 if (ret != HKS_SUCCESS) {
513 HKS_LOG_E("check paramSet fail");
514 return ret;
515 }
516 ret = HksInitParamSet(newParamSet);
517 if (ret != HKS_SUCCESS) {
518 HKS_LOG_E("init paramSet fail");
519 return ret;
520 }
521 do {
522 ret = HksAddParams(*newParamSet, paramSet->params, paramSet->paramsCnt);
523 if (ret != HKS_SUCCESS) {
524 HKS_LOG_E("copy params fail");
525 break;
526 }
527 struct HksParam attestMode = {
528 .tag = HKS_TAG_ATTESTATION_MODE,
529 .uint32Param = mode,
530 };
531 ret = HksAddParams(*newParamSet, &attestMode, 1);
532 if (ret != HKS_SUCCESS) {
533 HKS_LOG_E("add param attestMode fail");
534 break;
535 }
536 ret = HksBuildParamSet(newParamSet);
537 if (ret != HKS_SUCCESS) {
538 HKS_LOG_E("build paramSet fail");
539 break;
540 }
541 return HKS_SUCCESS;
542 } while (false);
543 HksFreeParamSet(newParamSet);
544 return ret;
545 }
546 #endif
547
HksAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)548 HKS_API_EXPORT int32_t HksAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
549 struct HksCertChain *certChain)
550 {
551 #ifdef HKS_SUPPORT_API_ATTEST_KEY
552 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
553 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) {
554 return HKS_ERROR_NULL_POINTER;
555 }
556 struct HksParamSet *newParamSet = NULL;
557 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_DEFAULT, &newParamSet);
558 if (ret != HKS_SUCCESS) {
559 HKS_LOG_E("construct new paramSet for attest key fail");
560 return ret;
561 }
562
563 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, false);
564 HksFreeParamSet(&newParamSet);
565 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
566 return ret;
567 #else
568 (void)keyAlias;
569 (void)paramSet;
570 (void)certChain;
571 return HKS_ERROR_API_NOT_SUPPORTED;
572 #endif
573 }
574
HksAnonAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)575 HKS_API_EXPORT int32_t HksAnonAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
576 struct HksCertChain *certChain)
577 {
578 #ifdef HKS_SUPPORT_API_ATTEST_KEY
579 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
580 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) {
581 return HKS_ERROR_NULL_POINTER;
582 }
583 struct HksParamSet *newParamSet = NULL;
584 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_ANONYMOUS, &newParamSet);
585 if (ret != HKS_SUCCESS) {
586 HKS_LOG_E("construct new paramSet for anonn attest key fail");
587 return ret;
588 }
589
590 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, true);
591 HksFreeParamSet(&newParamSet);
592 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
593 return ret;
594 #else
595 (void)keyAlias;
596 (void)paramSet;
597 (void)certChain;
598 return HKS_ERROR_API_NOT_SUPPORTED;
599 #endif
600 }
601
HksGetCertificateChain(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)602 HKS_API_EXPORT int32_t HksGetCertificateChain(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
603 struct HksCertChain *certChain)
604 {
605 (void)keyAlias;
606 (void)paramSet;
607 (void)certChain;
608 return HKS_ERROR_API_NOT_SUPPORTED;
609 }
610
HksWrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksParamSet * paramSet,struct HksBlob * wrappedData)611 HKS_API_EXPORT int32_t HksWrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias,
612 const struct HksParamSet *paramSet, struct HksBlob *wrappedData)
613 {
614 (void)keyAlias;
615 (void)targetKeyAlias;
616 (void)paramSet;
617 (void)wrappedData;
618 return HKS_ERROR_API_NOT_SUPPORTED;
619 }
620
HksUnwrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksBlob * wrappedData,const struct HksParamSet * paramSet)621 HKS_API_EXPORT int32_t HksUnwrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias,
622 const struct HksBlob *wrappedData, const struct HksParamSet *paramSet)
623 {
624 (void)keyAlias;
625 (void)targetKeyAlias;
626 (void)paramSet;
627 (void)wrappedData;
628 return HKS_ERROR_API_NOT_SUPPORTED;
629 }
630
HksBnExpMod(struct HksBlob * x,const struct HksBlob * a,const struct HksBlob * e,const struct HksBlob * n)631 HKS_API_EXPORT int32_t HksBnExpMod(struct HksBlob *x, const struct HksBlob *a,
632 const struct HksBlob *e, const struct HksBlob *n)
633 {
634 #ifdef HKS_SUPPORT_API_BN_EXP_MOD
635 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
636 if ((x == NULL) || (a == NULL) || (e == NULL) || (n == NULL)) {
637 return HKS_ERROR_NULL_POINTER;
638 }
639
640 int32_t ret = HksLocalBnExpMod(x, a, e, n);
641 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
642 return ret;
643 #else
644 (void)x;
645 (void)a;
646 (void)e;
647 (void)n;
648 return HKS_ERROR_API_NOT_SUPPORTED;
649 #endif
650 }
651
652 /*
653 * Currently, the device certificate and device key are implemented using stubs.
654 * By default, the device key exists.
655 */
HcmIsDeviceKeyExist(const struct HksParamSet * paramSet)656 HKS_API_EXPORT int32_t HcmIsDeviceKeyExist(const struct HksParamSet *paramSet)
657 {
658 (void)paramSet;
659 return HKS_SUCCESS;
660 }
661
HksValidateCertChain(const struct HksCertChain * certChain,struct HksParamSet * paramSetOut)662 HKS_API_EXPORT int32_t HksValidateCertChain(const struct HksCertChain *certChain, struct HksParamSet *paramSetOut)
663 {
664 #ifdef HKS_SUPPORT_API_ATTEST_KEY
665 HKS_LOG_D("enter validate cert chain");
666 if ((paramSetOut == NULL) || (certChain == NULL)) {
667 return HKS_ERROR_NULL_POINTER;
668 }
669 int32_t ret = HksClientValidateCertChain(certChain, paramSetOut);
670 HKS_LOG_D("leave validate cert chain, result = %" LOG_PUBLIC "d", ret);
671 return ret;
672 #else
673 (void)certChain;
674 (void)paramSetOut;
675 return HKS_ERROR_API_NOT_SUPPORTED;
676 #endif
677 }
678
HksInit(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * handle,struct HksBlob * token)679 HKS_API_EXPORT int32_t HksInit(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
680 struct HksBlob *handle, struct HksBlob *token)
681 {
682 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
683 if ((keyAlias == NULL) || (paramSet == NULL) || (handle == NULL)) { /* token can be null */
684 HKS_LOG_E("the pointer param entered is invalid");
685 return HKS_ERROR_NULL_POINTER;
686 }
687
688 int32_t ret = HksClientInit(keyAlias, paramSet, handle, token);
689 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
690 return ret;
691 }
692
HksUpdate(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)693 HKS_API_EXPORT int32_t HksUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet,
694 const struct HksBlob *inData, struct HksBlob *outData)
695 {
696 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
697 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) {
698 HKS_LOG_E("the pointer param entered is invalid");
699 return HKS_ERROR_NULL_POINTER;
700 }
701
702 int32_t ret = HksClientUpdate(handle, paramSet, inData, outData);
703 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
704 return ret;
705 }
706
HksFinish(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)707 HKS_API_EXPORT int32_t HksFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet,
708 const struct HksBlob *inData, struct HksBlob *outData)
709 {
710 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
711 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) {
712 HKS_LOG_E("the pointer param entered is invalid");
713 return HKS_ERROR_NULL_POINTER;
714 }
715
716 int32_t ret = HksClientFinish(handle, paramSet, inData, outData);
717 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
718 return ret;
719 }
720
HksAbort(const struct HksBlob * handle,const struct HksParamSet * paramSet)721 HKS_API_EXPORT int32_t HksAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet)
722 {
723 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
724 if ((handle == NULL) || (paramSet == NULL)) {
725 HKS_LOG_E("the pointer param entered is invalid");
726 return HKS_ERROR_NULL_POINTER;
727 }
728
729 int32_t ret = HksClientAbort(handle, paramSet);
730 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
731 return ret;
732 }
733
HksExportChipsetPlatformPublicKey(const struct HksBlob * salt,enum HksChipsetPlatformDecryptScene scene,struct HksBlob * publicKey)734 HKS_API_EXPORT int32_t HksExportChipsetPlatformPublicKey(const struct HksBlob *salt,
735 enum HksChipsetPlatformDecryptScene scene, struct HksBlob *publicKey)
736 {
737 #ifdef HKS_SUPPORT_CHIPSET_PLATFORM_DECRYPT
738 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
739 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(salt), HKS_ERROR_INVALID_ARGUMENT, "invalid salt")
740 HKS_IF_NOT_SUCC_LOGE_RETURN(CheckBlob(publicKey), HKS_ERROR_INVALID_ARGUMENT, "invalid publicKey")
741 int32_t ret = HksClientExportChipsetPlatformPublicKey(salt, scene, publicKey);
742 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
743 return ret;
744 #else
745 (void)(salt);
746 (void)(scene);
747 (void)(publicKey);
748 return HKS_ERROR_API_NOT_SUPPORTED;
749 #endif
750 }
751
HksListAliases(const struct HksParamSet * paramSet,struct HksKeyAliasSet ** outData)752 HKS_API_EXPORT int32_t HksListAliases(const struct HksParamSet *paramSet, struct HksKeyAliasSet **outData)
753 {
754 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
755 if (paramSet == NULL || outData == NULL) {
756 return HKS_ERROR_NULL_POINTER;
757 }
758 int32_t ret = HksClientListAliases(paramSet, outData);
759 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
760 return ret;
761 }