1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 /**
17 * @file hks_type.h
18 *
19 * @brief Declares huks struct and enum.
20 *
21 * @since 8
22 */
23
24 #ifndef HKS_TYPE_H
25 #define HKS_TYPE_H
26
27 #include <stdbool.h>
28 #include <stdint.h>
29 #include <stdlib.h>
30
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #ifndef HKS_API_PUBLIC
36 #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */
37 #define HKS_API_EXPORT
38 #else
39 #define HKS_API_EXPORT __attribute__ ((visibility("default")))
40 #endif
41 #else
42 #define HKS_API_EXPORT __attribute__ ((visibility("default")))
43 #endif
44
45 #define HKS_SDK_VERSION "2.0.0.4"
46
47 /*
48 * Align to 4-tuple
49 * Before calling this function, ensure that the size does not overflow after 3 is added.
50 */
51 #define ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2)
52 #define DEFAULT_ALIGN_MASK_SIZE 3
53
54 #define HKS_AE_TAG_LEN 16
55 #define HKS_BITS_PER_BYTE 8
56 #define MAX_KEY_SIZE 2048
57 #define HKS_AE_TAG_LEN 16
58 #define HKS_AE_NONCE_LEN 12
59 #define HKS_MAX_KEY_ALIAS_LEN 64
60 #define HKS_MAX_PROCESS_NAME_LEN 50
61 #define HKS_MAX_RANDOM_LEN 1024
62 #define HKS_KEY_BYTES(keySize) (((keySize) + HKS_BITS_PER_BYTE - 1) / HKS_BITS_PER_BYTE)
63 #define HKS_SIGNATURE_MIN_SIZE 64
64 #define HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
65 #define MAX_OUT_BLOB_SIZE (5 * 1024 * 1024)
66 #define HKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024)
67 #define HKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10
68
69 #define TOKEN_CHALLENGE_LEN 32
70 #define UDID_LEN 64
71 #define SHA256_SIGN_LEN 32
72 #define TOKEN_SIZE 32
73 #define MAX_AUTH_TIMEOUT_SECOND 60
74 #define SECURE_SIGN_VERSION 0x01000001
75
76 #define HKS_CERT_COUNT 4
77 #define HKS_CERT_ROOT_SIZE 2048
78 #define HKS_CERT_CA_SIZE 2048
79 #define HKS_CERT_DEVICE_SIZE 2048
80 #define HKS_CERT_APP_SIZE 4096
81
82 #define HKS_MAX_FILE_SIZE 10240
83
84 #define HKS_KEY_BLOB_AT_KEY_SIZE 256
85 #define HKS_KEY_BLOB_AT_KEY_BYTES 32
86
87 #define HKS_MAX_KEY_ALIAS_COUNT 2048
88
89 /**
90 * @brief hks key type
91 */
92 enum HksKeyType {
93 HKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000,
94 HKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000,
95
96 HKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000,
97 HKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000,
98 HKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000,
99 HKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000,
100 HKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000,
101 HKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000,
102
103 HKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000,
104 HKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000,
105 HKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000,
106 HKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000,
107
108 HKS_KEY_TYPE_AES = 0x03000000,
109 HKS_KEY_TYPE_CHACHA20 = 0x04010000,
110 HKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000,
111
112 HKS_KEY_TYPE_HMAC = 0x05000000,
113 HKS_KEY_TYPE_HKDF = 0x06000000,
114 HKS_KEY_TYPE_PBKDF2 = 0x07000000,
115 };
116
117 /**
118 * @brief hks key purpose
119 */
120 enum HksKeyPurpose {
121 HKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, SM2, and SM4 keys. */
122 HKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, SM2, and SM4 keys. */
123 HKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */
124 HKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */
125 HKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */
126 HKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */
127 HKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */
128 HKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */
129 HKS_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */
130 };
131
132 /**
133 * @brief hks key digest
134 */
135 enum HksKeyDigest {
136 HKS_DIGEST_NONE = 0,
137 HKS_DIGEST_MD5 = 1,
138 HKS_DIGEST_SM3 = 2,
139 HKS_DIGEST_SHA1 = 10,
140 HKS_DIGEST_SHA224 = 11,
141 HKS_DIGEST_SHA256 = 12,
142 HKS_DIGEST_SHA384 = 13,
143 HKS_DIGEST_SHA512 = 14,
144 };
145
146 /**
147 * @brief hks key padding
148 */
149 enum HksKeyPadding {
150 HKS_PADDING_NONE = 0,
151 HKS_PADDING_OAEP = 1,
152 HKS_PADDING_PSS = 2,
153 HKS_PADDING_PKCS1_V1_5 = 3,
154 HKS_PADDING_PKCS5 = 4,
155 HKS_PADDING_PKCS7 = 5,
156 };
157
158 /**
159 * @brief hks cipher mode
160 */
161 enum HksCipherMode {
162 HKS_MODE_ECB = 1,
163 HKS_MODE_CBC = 2,
164 HKS_MODE_CTR = 3,
165 HKS_MODE_OFB = 4,
166 HKS_MODE_CFB = 5,
167 HKS_MODE_CCM = 31,
168 HKS_MODE_GCM = 32,
169 };
170
171 /**
172 * @brief hks key size
173 */
174 enum HksKeySize {
175 HKS_RSA_KEY_SIZE_512 = 512,
176 HKS_RSA_KEY_SIZE_768 = 768,
177 HKS_RSA_KEY_SIZE_1024 = 1024,
178 HKS_RSA_KEY_SIZE_2048 = 2048,
179 HKS_RSA_KEY_SIZE_3072 = 3072,
180 HKS_RSA_KEY_SIZE_4096 = 4096,
181
182 HKS_ECC_KEY_SIZE_224 = 224,
183 HKS_ECC_KEY_SIZE_256 = 256,
184 HKS_ECC_KEY_SIZE_384 = 384,
185 HKS_ECC_KEY_SIZE_521 = 521,
186
187 HKS_AES_KEY_SIZE_128 = 128,
188 HKS_AES_KEY_SIZE_192 = 192,
189 HKS_AES_KEY_SIZE_256 = 256,
190 HKS_AES_KEY_SIZE_512 = 512,
191
192 HKS_CURVE25519_KEY_SIZE_256 = 256,
193
194 HKS_DH_KEY_SIZE_2048 = 2048,
195 HKS_DH_KEY_SIZE_3072 = 3072,
196 HKS_DH_KEY_SIZE_4096 = 4096,
197
198 HKS_SM2_KEY_SIZE_256 = 256,
199 HKS_SM4_KEY_SIZE_128 = 128,
200 };
201
202 /**
203 * @brief hks key algorithm
204 */
205 enum HksKeyAlg {
206 HKS_ALG_RSA = 1,
207 HKS_ALG_ECC = 2,
208 HKS_ALG_DSA = 3,
209
210 HKS_ALG_AES = 20,
211 HKS_ALG_HMAC = 50,
212 HKS_ALG_HKDF = 51,
213 HKS_ALG_PBKDF2 = 52,
214 HKS_ALG_GMKDF = 53,
215
216 HKS_ALG_ECDH = 100,
217 HKS_ALG_X25519 = 101,
218 HKS_ALG_ED25519 = 102,
219 HKS_ALG_DH = 103,
220
221 HKS_ALG_SM2 = 150,
222 HKS_ALG_SM3 = 151,
223 HKS_ALG_SM4 = 152,
224 };
225
226 /**
227 * @brief hks algorithm suite
228 */
229 enum HuksAlgSuite {
230 /* Algorithm suites of unwrapping wrapped-key by huks */
231 /* Unwrap suite of key agreement type */
232 /* WrappedData format(Bytes Array):
233 * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad
234 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag
235 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad
236 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag
237 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data
238 */
239 HKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1,
240
241 /* WrappedData format(Bytes Array):
242 * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad
243 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag
244 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad
245 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag
246 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data
247 */
248 HKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2,
249
250 /* WrappedData format(Bytes Array):
251 * | SM2_plain_pubkey_length (4 Byte) | SM2_plain_pubkey | signData_size_length (4 Byte) | signData_size
252 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_material_size_len(4 Byte) | kek_material_size
253 * | factor1_data_len (4 Byte) | factor1_data | factor2_data_len (4 Byte) | factor2_data
254 * | mac_data_length (4 Byte) | mac_data | key_mat_enc_length (4 Byte) | key_mat_enc_data
255 * | iv_data_length (4 Byte) | iv_data |key_material_size_len (4 Byte) | key_material_size
256 */
257 HKS_UNWRAP_SUITE_SM2_SM4_128_CBC_PKCS7_WITH_VERIFY_DIG_SM3 = 3,
258
259 /* WrappedData format(Bytes Array):
260 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_material_size_len(4 Byte) | kek_material_size
261 * | factor1_data_len (4 Byte) | factor1_data | factor2_data_len (4 Byte) | factor2_data
262 * | mac_data_length (4 Byte) | mac_data | key_mat_enc_length (4 Byte) | key_mat_enc_data
263 * | iv_data_length (4 Byte) | iv_data |key_material_size_len (4 Byte) | key_material_size
264 */
265 HKS_UNWRAP_SUITE_SM2_SM4_128_CBC_PKCS7 = 4,
266 };
267
268 /**
269 * @brief hks key generate type
270 */
271 enum HksKeyGenerateType {
272 HKS_KEY_GENERATE_TYPE_DEFAULT = 0,
273 HKS_KEY_GENERATE_TYPE_DERIVE = 1,
274 HKS_KEY_GENERATE_TYPE_AGREE = 2,
275 };
276
277 /**
278 * @brief hks key flag
279 */
280 enum HksKeyFlag {
281 HKS_KEY_FLAG_IMPORT_KEY = 1,
282 HKS_KEY_FLAG_GENERATE_KEY = 2,
283 HKS_KEY_FLAG_AGREE_KEY = 3,
284 HKS_KEY_FLAG_DERIVE_KEY = 4,
285 };
286
287 /**
288 * @brief hks key storage type
289 */
290 enum HksKeyStorageType {
291 HKS_STORAGE_TEMP = 0,
292 HKS_STORAGE_PERSISTENT = 1,
293 HKS_STORAGE_ONLY_USED_IN_HUKS = 2,
294 HKS_STORAGE_ALLOW_KEY_EXPORTED = 3,
295 };
296
297 /**
298 * @brief hks import key type
299 */
300 enum HksImportKeyType {
301 HKS_KEY_TYPE_PUBLIC_KEY = 0,
302 HKS_KEY_TYPE_PRIVATE_KEY = 1,
303 HKS_KEY_TYPE_KEY_PAIR = 2,
304 };
305
306 /**
307 * @brief hks rsa pss salt len type
308 */
309 enum HksRsaPssSaltLenType {
310 HKS_RSA_PSS_SALTLEN_DIGEST = 0, /* Salt length matches digest */
311 HKS_RSA_PSS_SALTLEN_MAX = 1, /* Set salt length to maximum possible, default type */
312 };
313
314 /**
315 * @brief hks error code
316 */
317 enum HksErrorCode {
318 HKS_SUCCESS = 0,
319 HKS_FAILURE = -1,
320 HKS_ERROR_BAD_STATE = -2,
321 HKS_ERROR_INVALID_ARGUMENT = -3,
322 HKS_ERROR_NOT_SUPPORTED = -4,
323 HKS_ERROR_NO_PERMISSION = -5,
324 HKS_ERROR_INSUFFICIENT_DATA = -6,
325 HKS_ERROR_BUFFER_TOO_SMALL = -7,
326 HKS_ERROR_INSUFFICIENT_MEMORY = -8,
327 HKS_ERROR_COMMUNICATION_FAILURE = -9,
328 HKS_ERROR_STORAGE_FAILURE = -10,
329 HKS_ERROR_HARDWARE_FAILURE = -11,
330 HKS_ERROR_ALREADY_EXISTS = -12,
331 HKS_ERROR_NOT_EXIST = -13,
332 HKS_ERROR_NULL_POINTER = -14,
333 HKS_ERROR_FILE_SIZE_FAIL = -15,
334 HKS_ERROR_READ_FILE_FAIL = -16,
335 HKS_ERROR_INVALID_PUBLIC_KEY = -17,
336 HKS_ERROR_INVALID_PRIVATE_KEY = -18,
337 HKS_ERROR_INVALID_KEY_INFO = -19,
338 HKS_ERROR_HASH_NOT_EQUAL = -20,
339 HKS_ERROR_MALLOC_FAIL = -21,
340 HKS_ERROR_WRITE_FILE_FAIL = -22,
341 HKS_ERROR_REMOVE_FILE_FAIL = -23,
342 HKS_ERROR_OPEN_FILE_FAIL = -24,
343 HKS_ERROR_CLOSE_FILE_FAIL = -25,
344 HKS_ERROR_MAKE_DIR_FAIL = -26,
345 HKS_ERROR_INVALID_KEY_FILE = -27,
346 HKS_ERROR_IPC_MSG_FAIL = -28,
347 HKS_ERROR_REQUEST_OVERFLOWS = -29,
348 HKS_ERROR_PARAM_NOT_EXIST = -30,
349 HKS_ERROR_CRYPTO_ENGINE_ERROR = -31,
350 HKS_ERROR_COMMUNICATION_TIMEOUT = -32,
351 HKS_ERROR_IPC_INIT_FAIL = -33,
352 HKS_ERROR_IPC_DLOPEN_FAIL = -34,
353 HKS_ERROR_EFUSE_READ_FAIL = -35,
354 HKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36,
355 HKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37,
356 HKS_ERROR_VERIFICATION_FAILED = -38,
357 HKS_ERROR_SESSION_REACHED_LIMIT = -39,
358
359 HKS_ERROR_GET_USERIAM_SECINFO_FAILED = -40,
360 HKS_ERROR_GET_USERIAM_AUTHINFO_FAILED = -41,
361 HKS_ERROR_USER_AUTH_TYPE_NOT_SUPPORT = -42,
362 HKS_ERROR_KEY_AUTH_FAILED = -43,
363 HKS_ERROR_DEVICE_NO_CREDENTIAL = -44,
364 HKS_ERROR_API_NOT_SUPPORTED = -45,
365 HKS_ERROR_KEY_AUTH_PERMANENTLY_INVALIDATED = -46,
366 HKS_ERROR_KEY_AUTH_VERIFY_FAILED = -47,
367 HKS_ERROR_KEY_AUTH_TIME_OUT = -48,
368
369 HKS_ERROR_CREDENTIAL_NOT_EXIST = -49,
370
371 HKS_ERROR_CHECK_GET_ALG_FAIL = -100,
372 HKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101,
373 HKS_ERROR_CHECK_GET_PADDING_FAIL = -102,
374 HKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103,
375 HKS_ERROR_CHECK_GET_DIGEST_FAIL = -104,
376 HKS_ERROR_CHECK_GET_MODE_FAIL = -105,
377 HKS_ERROR_CHECK_GET_NONCE_FAIL = -106,
378 HKS_ERROR_CHECK_GET_AAD_FAIL = -107,
379 HKS_ERROR_CHECK_GET_IV_FAIL = -108,
380 HKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109,
381 HKS_ERROR_CHECK_GET_SALT_FAIL = -110,
382 HKS_ERROR_CHECK_GET_ITERATION_FAIL = -111,
383 HKS_ERROR_INVALID_ALGORITHM = -112,
384 HKS_ERROR_INVALID_KEY_SIZE = -113,
385 HKS_ERROR_INVALID_PADDING = -114,
386 HKS_ERROR_INVALID_PURPOSE = -115,
387 HKS_ERROR_INVALID_MODE = -116,
388 HKS_ERROR_INVALID_DIGEST = -117,
389 HKS_ERROR_INVALID_SIGNATURE_SIZE = -118,
390 HKS_ERROR_INVALID_IV = -119,
391 HKS_ERROR_INVALID_AAD = -120,
392 HKS_ERROR_INVALID_NONCE = -121,
393 HKS_ERROR_INVALID_AE_TAG = -122,
394 HKS_ERROR_INVALID_SALT = -123,
395 HKS_ERROR_INVALID_ITERATION = -124,
396 HKS_ERROR_INVALID_OPERATION = -125,
397 HKS_ERROR_INVALID_WRAPPED_FORMAT = -126,
398 HKS_ERROR_INVALID_USAGE_OF_KEY = -127,
399 HKS_ERROR_CHECK_GET_AUTH_TYP_FAILED = -128,
400 HKS_ERROR_CHECK_GET_CHALLENGE_TYPE_FAILED = -129,
401 HKS_ERROR_CHECK_GET_ACCESS_TYPE_FAILED = -130,
402 HKS_ERROR_CHECK_GET_AUTH_TOKEN_FAILED = -131,
403 HKS_ERROR_INVALID_TIME_OUT = -132,
404 HKS_ERROR_INVALID_AUTH_TYPE = -133,
405 HKS_ERROR_INVALID_CHALLENGE_TYPE = -134,
406 HKS_ERROR_INVALID_ACCESS_TYPE = -135,
407 HKS_ERROR_INVALID_AUTH_TOKEN = -136,
408 HKS_ERROR_INVALID_SECURE_SIGN_TYPE = -137,
409 HKS_ERROR_NEED_SKIP_ACCESS_CONTROL = -138,
410 HKS_ERROR_DEVICE_PASSWORD_UNSET = -139,
411 HKS_ERROR_NOT_SYSTEM_APP = -140,
412 HKS_ERROR_EXCEED_LIMIT = -141,
413 HKS_ERROR_UPGRADE_FAIL = -142,
414
415 HKS_ERROR_LOAD_PLUGIN_FAIL = -998,
416 HKS_ERROR_INTERNAL_ERROR = -999,
417 HKS_ERROR_UNKNOWN_ERROR = -1000,
418 };
419
420 /**
421 * @brief hks err code
422 */
423 enum HksErrCode {
424 HUKS_ERR_CODE_PERMISSION_FAIL = 201,
425 HUKS_ERR_CODE_NOT_SYSTEM_APP = 202,
426 HUKS_ERR_CODE_ILLEGAL_ARGUMENT = 401,
427 HUKS_ERR_CODE_NOT_SUPPORTED_API = 801,
428
429 HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED = 12000001,
430 HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT = 12000002,
431 HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT = 12000003,
432 HUKS_ERR_CODE_FILE_OPERATION_FAIL = 12000004,
433 HUKS_ERR_CODE_COMMUNICATION_FAIL = 12000005,
434 HUKS_ERR_CODE_CRYPTO_FAIL = 12000006,
435 HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED = 12000007,
436 HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED = 12000008,
437 HUKS_ERR_CODE_KEY_AUTH_TIME_OUT = 12000009,
438 HUKS_ERR_CODE_SESSION_LIMIT = 12000010,
439 HUKS_ERR_CODE_ITEM_NOT_EXIST = 12000011,
440 HUKS_ERR_CODE_EXTERNAL_ERROR = 12000012,
441 HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST = 12000013,
442 HUKS_ERR_CODE_INSUFFICIENT_MEMORY = 12000014,
443 HUKS_ERR_CODE_CALL_SERVICE_FAILED = 12000015,
444 HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET = 12000016,
445 };
446
447 /**
448 * @brief hks tag type
449 */
450 enum HksTagType {
451 HKS_TAG_TYPE_INVALID = 0 << 28,
452 HKS_TAG_TYPE_INT = 1 << 28,
453 HKS_TAG_TYPE_UINT = 2 << 28,
454 HKS_TAG_TYPE_ULONG = 3 << 28,
455 HKS_TAG_TYPE_BOOL = 4 << 28,
456 HKS_TAG_TYPE_BYTES = 5 << 28,
457 };
458
459 /**
460 * @brief hks send type
461 */
462 enum HksSendType {
463 HKS_SEND_TYPE_ASYNC = 0,
464 HKS_SEND_TYPE_SYNC,
465 };
466
467 /**
468 * @brief hks user auth type
469 * @see `enum AuthType` in `drivers/interface/user_auth/v2_0/UserAuthTypes.idl`
470 */
471 enum HksUserAuthType {
472 HKS_USER_AUTH_TYPE_FINGERPRINT = 1 << 0,
473 HKS_USER_AUTH_TYPE_FACE = 1 << 1,
474 HKS_USER_AUTH_TYPE_PIN = 1 << 2,
475 };
476
477 /**
478 * @brief hks auth access type
479 */
480 enum HksAuthAccessType {
481 HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD = 1 << 0,
482 HKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL = 1 << 1,
483 HKS_AUTH_ACCESS_ALWAYS_VALID = 1 << 2,
484 };
485
486 /**
487 * @brief hks challenge type
488 */
489 enum HksChallengeType {
490 HKS_CHALLENGE_TYPE_NORMAL = 0,
491 HKS_CHALLENGE_TYPE_CUSTOM = 1,
492 HKS_CHALLENGE_TYPE_NONE = 2,
493 };
494
495 /**
496 * @brief hks challenge position
497 */
498 enum HksChallengePosition {
499 HKS_CHALLENGE_POS_0 = 0,
500 HKS_CHALLENGE_POS_1,
501 HKS_CHALLENGE_POS_2,
502 HKS_CHALLENGE_POS_3,
503 };
504
505 /**
506 * @brief hks secure sign type
507 */
508 enum HksSecureSignType {
509 HKS_SECURE_SIGN_WITH_AUTHINFO = 1,
510 };
511
512 /**
513 * @brief hks attestation type
514 */
515 enum HksAttestationMode {
516 HKS_ATTESTATION_MODE_DEFAULT = 0,
517 HKS_ATTESTATION_MODE_ANONYMOUS
518 };
519
520 /**
521 * @brief hks attestation Caller Type
522 */
523 enum HksCallerType {
524 HKS_HAP_TYPE = 0x1,
525 HKS_SA_TYPE,
526 HKS_UNIFIED_TYPE,
527 };
528
529 #define HKS_ASSIGN_ENUM_VALUE(x, y) x = y,
530
531 #define HKS_ASSIGN_PARAM_ALG_ENUM \
532 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_INVALID, HKS_TAG_TYPE_INVALID | 0) \
533 /* Base algrithom TAG: 1 - 200 */\
534 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ALGORITHM, HKS_TAG_TYPE_UINT | 1) \
535 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PURPOSE, HKS_TAG_TYPE_UINT | 2) \
536 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_SIZE, HKS_TAG_TYPE_UINT | 3) \
537 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DIGEST, HKS_TAG_TYPE_UINT | 4) \
538 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PADDING, HKS_TAG_TYPE_UINT | 5) \
539 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_BLOCK_MODE, HKS_TAG_TYPE_UINT | 6) \
540 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_TYPE, HKS_TAG_TYPE_UINT | 7) \
541 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ASSOCIATED_DATA, HKS_TAG_TYPE_BYTES | 8) \
542 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_NONCE, HKS_TAG_TYPE_BYTES | 9) \
543 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IV, HKS_TAG_TYPE_BYTES | 10) \
544 /* Key derivation TAG */\
545 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_INFO, HKS_TAG_TYPE_BYTES | 11) \
546 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SALT, HKS_TAG_TYPE_BYTES | 12) \
547 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PWD, HKS_TAG_TYPE_BYTES | 13) \
548 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ITERATION, HKS_TAG_TYPE_UINT | 14) \
549 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_GENERATE_TYPE, HKS_TAG_TYPE_UINT | 15) /* choose from enum HksKeyGenerateType */\
550 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_MAIN_KEY, HKS_TAG_TYPE_BYTES | 16) \
551 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_FACTOR, HKS_TAG_TYPE_BYTES | 17) \
552 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_ALG, HKS_TAG_TYPE_UINT | 18) \
553 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AGREE_ALG, HKS_TAG_TYPE_UINT | 19) \
554 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS, HKS_TAG_TYPE_BOOL | 20) \
555 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AGREE_PRIVATE_KEY_ALIAS, HKS_TAG_TYPE_BYTES | 21) \
556 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AGREE_PUBLIC_KEY, HKS_TAG_TYPE_BYTES | 22) \
557 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_ALIAS, HKS_TAG_TYPE_BYTES | 23) \
558 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_KEY_SIZE, HKS_TAG_TYPE_UINT | 24) \
559 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IMPORT_KEY_TYPE, HKS_TAG_TYPE_UINT | 25) /* choose from enum HksImportKeyType */\
560 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_UNWRAP_ALGORITHM_SUITE, HKS_TAG_TYPE_UINT | 26) \
561 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CIPHER_TEXT, HKS_TAG_TYPE_BYTES | 27) \
562 /* parameters required by HuksCoreChipsetPlatformDecrypt */\
563 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PEER_PUBLIC_KEY, HKS_TAG_TYPE_BYTES | 28) \
564 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_AGREE_KEY_STORAGE_FLAG, HKS_TAG_TYPE_UINT | 29) \
565 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_RSA_PSS_SALT_LEN_TYPE, HKS_TAG_TYPE_UINT | 30) /* only supported for PSS padding */\
566 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_MGF_DIGEST, HKS_TAG_TYPE_UINT | 31) \
567 /* Key authentication related TAG: 201 - 300 */\
568 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ACTIVE_DATETIME, HKS_TAG_TYPE_ULONG | 201) \
569 /* Date when new "messages" should not be created. */\
570 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ORIGINATION_EXPIRE_DATETIME, HKS_TAG_TYPE_ULONG | 202) \
571 /* Date when existing "messages" should not be used. */\
572 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USAGE_EXPIRE_DATETIME, HKS_TAG_TYPE_ULONG | 203) \
573 /* Key creation time */\
574 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CREATION_DATETIME, HKS_TAG_TYPE_ULONG | 204) \
575 /* Other authentication related TAG: 301 - 500 */\
576 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ALL_USERS, HKS_TAG_TYPE_BOOL | 301) \
577 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_ID, HKS_TAG_TYPE_UINT | 302) \
578 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_NO_AUTH_REQUIRED, HKS_TAG_TYPE_BOOL | 303) \
579 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_AUTH_TYPE, HKS_TAG_TYPE_UINT | 304) \
580 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AUTH_TIMEOUT, HKS_TAG_TYPE_UINT | 305) \
581 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AUTH_TOKEN, HKS_TAG_TYPE_BYTES | 306) \
582 /* Key secure access control and user auth TAG */\
583 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_AUTH_ACCESS_TYPE, HKS_TAG_TYPE_UINT | 307) \
584 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_SECURE_SIGN_TYPE, HKS_TAG_TYPE_UINT | 308) \
585 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CHALLENGE_TYPE, HKS_TAG_TYPE_UINT | 309) \
586 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CHALLENGE_POS, HKS_TAG_TYPE_UINT | 310) \
587 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_AUTH_PURPOSE, HKS_TAG_TYPE_UINT | 311) \
588 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_FRONT_USER_ID, HKS_TAG_TYPE_INT | 312) \
589 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_BATCH_PURPOSE, HKS_TAG_TYPE_UINT | 313) \
590 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_BATCH_OPERATION, HKS_TAG_TYPE_BOOL | 314) \
591 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_BATCH_OPERATION_TIMEOUT, HKS_TAG_TYPE_UINT | 315) \
592 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AUTH_STORAGE_LEVEL, HKS_TAG_TYPE_UINT | 316) \
593 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SPECIFIC_USER_ID, HKS_TAG_TYPE_INT | 317) \
594 /* Attestation related TAG: 501 - 600 */\
595 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_CHALLENGE, HKS_TAG_TYPE_BYTES | 501) \
596 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_APPLICATION_ID, HKS_TAG_TYPE_BYTES | 502) \
597 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_BRAND, HKS_TAG_TYPE_BYTES | 503) \
598 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_DEVICE, HKS_TAG_TYPE_BYTES | 504) \
599 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_PRODUCT, HKS_TAG_TYPE_BYTES | 505) \
600 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_SERIAL, HKS_TAG_TYPE_BYTES | 506) \
601 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_IMEI, HKS_TAG_TYPE_BYTES | 507) \
602 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_MEID, HKS_TAG_TYPE_BYTES | 508) \
603 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_MANUFACTURER, HKS_TAG_TYPE_BYTES | 509) \
604 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_MODEL, HKS_TAG_TYPE_BYTES | 510) \
605 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_ALIAS, HKS_TAG_TYPE_BYTES | 511) \
606 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_SOCID, HKS_TAG_TYPE_BYTES | 512) \
607 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_UDID, HKS_TAG_TYPE_BYTES | 513) \
608 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, HKS_TAG_TYPE_BYTES | 514) \
609 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_VERSION_INFO, HKS_TAG_TYPE_BYTES | 515) \
610 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_BASE64, HKS_TAG_TYPE_BOOL | 516) \
611 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_MODE, HKS_TAG_TYPE_UINT | 517) \
612 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_APPLICATION_ID_TYPE, HKS_TAG_TYPE_UINT | 518) \
613 /* Extention TAG: 1001 - 9999 */\
614 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_KEY_ALIAS, HKS_TAG_TYPE_BOOL | 1001) \
615 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_STORAGE_FLAG, HKS_TAG_TYPE_UINT | 1002) /* choose from enum HksKeyStorageType */\
616 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_ALLOWED_WRAP, HKS_TAG_TYPE_BOOL | 1003) \
617 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_WRAP_TYPE, HKS_TAG_TYPE_UINT | 1004) \
618 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_AUTH_ID, HKS_TAG_TYPE_BYTES | 1005) \
619 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_ROLE, HKS_TAG_TYPE_UINT | 1006) \
620 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_FLAG, HKS_TAG_TYPE_UINT | 1007) /* choose from enum HksKeyFlag */\
621 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_ASYNCHRONIZED, HKS_TAG_TYPE_UINT | 1008) \
622 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SECURE_KEY_ALIAS, HKS_TAG_TYPE_BOOL | 1009) \
623 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SECURE_KEY_UUID, HKS_TAG_TYPE_BYTES | 1010) \
624 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_DOMAIN, HKS_TAG_TYPE_UINT | 1011) \
625 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_DEVICE_PASSWORD_SET, HKS_TAG_TYPE_BOOL | 1012) \
626 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_EXT_INFO, HKS_TAG_TYPE_BYTES | 1013) \
627 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DATA_WRAP_TYPE, HKS_TAG_TYPE_UINT | 1014) \
628 /* Inner-use TAG: 10001 - 10999 */\
629 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PACKAGE_NAME, HKS_TAG_TYPE_BYTES | 10002) \
630 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ACCESS_TIME, HKS_TAG_TYPE_UINT | 10003) \
631 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USES_TIME, HKS_TAG_TYPE_UINT | 10004) \
632 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CRYPTO_CTX, HKS_TAG_TYPE_ULONG | 10005) \
633 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PAYLOAD_LEN, HKS_TAG_TYPE_UINT | 10008) \
634 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AE_TAG, HKS_TAG_TYPE_BYTES | 10009) \
635 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_KEY_HANDLE, HKS_TAG_TYPE_ULONG | 10010) \
636 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_INIT_CHALLENGE, HKS_TAG_TYPE_BYTES | 10011) \
637 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_USER_AUTH_ACCESS, HKS_TAG_TYPE_BOOL | 10012) \
638 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_AUTH_CHALLENGE, HKS_TAG_TYPE_BYTES | 10013) \
639 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_AUTH_ENROLL_ID_INFO, HKS_TAG_TYPE_BYTES | 10014) \
640 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_AUTH_SECURE_UID, HKS_TAG_TYPE_BYTES | 10015) \
641 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_AUTH_RESULT, HKS_TAG_TYPE_INT | 10016) \
642 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IF_NEED_APPEND_AUTH_INFO, HKS_TAG_TYPE_BOOL | 10017) \
643 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_VERIFIED_AUTH_TOKEN, HKS_TAG_TYPE_BYTES | 10018) \
644 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_APPEND_UPDATE_DATA, HKS_TAG_TYPE_BOOL | 10019) \
645 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_ACCESS_TIME, HKS_TAG_TYPE_ULONG | 10020) \
646 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_OWNER_ID, HKS_TAG_TYPE_BYTES | 10021) \
647 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_OWNER_TYPE, HKS_TAG_TYPE_UINT | 10022) \
648 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ACCOUNT_ID, HKS_TAG_TYPE_BYTES | 10023) \
649 /* TAGs used for paramSetOut */\
650 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SYMMETRIC_KEY_DATA, HKS_TAG_TYPE_BYTES | 20001) \
651 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA, HKS_TAG_TYPE_BYTES | 20002) \
652 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA, HKS_TAG_TYPE_BYTES | 20003) \
653
654 #define HKS_ASSIGN_PARAM_FILE_ENUM \
655 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PROCESS_NAME, HKS_TAG_TYPE_BYTES | 10001) \
656 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY, HKS_TAG_TYPE_BYTES | 10006) \
657 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_VERSION, HKS_TAG_TYPE_UINT | 10007) \
658 /* Os version related TAG */\
659 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_OS_VERSION, HKS_TAG_TYPE_UINT | 10101) \
660 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_OS_PATCHLEVEL, HKS_TAG_TYPE_UINT | 10102) \
661
662 /**
663 * @brief hks Tag
664 */
665 enum HksTag {
666 /**
667 * HUKS tags for alg enum
668 */
669 HKS_ASSIGN_PARAM_ALG_ENUM
670
671 /**
672 * HUKS tags for key file enum
673 */
674 HKS_ASSIGN_PARAM_FILE_ENUM
675 };
676
677 /**
678 * @brief hks blob
679 */
680 struct HksBlob {
681 uint32_t size;
682 uint8_t *data;
683 };
684
685 /**
686 * @brief hks param
687 */
688 struct HksParam {
689 uint32_t tag;
690 union {
691 bool boolParam;
692 int32_t int32Param;
693 uint32_t uint32Param;
694 uint64_t uint64Param;
695 struct HksBlob blob;
696 };
697 };
698
699 /**
700 * @brief hks param set
701 */
702 struct HksParamSet {
703 uint32_t paramSetSize;
704 uint32_t paramsCnt;
705 struct HksParam params[];
706 };
707
708 /**
709 * @brief hks certificate chain
710 */
711 struct HksCertChain {
712 struct HksBlob *certs;
713 uint32_t certsCount;
714 };
715
716 /**
717 * @brief hks key info
718 */
719 struct HksKeyInfo {
720 struct HksBlob alias;
721 struct HksParamSet *paramSet;
722 };
723
724 /**
725 * @brief hks public key info
726 */
727 struct HksPubKeyInfo {
728 enum HksKeyAlg keyAlg;
729 uint32_t keySize;
730 uint32_t nOrXSize;
731 uint32_t eOrYSize;
732 uint32_t placeHolder;
733 };
734
735 /**
736 * @brief hks rsa key material
737 */
738 struct HksKeyMaterialRsa {
739 enum HksKeyAlg keyAlg;
740 uint32_t keySize;
741 uint32_t nSize;
742 uint32_t eSize;
743 uint32_t dSize;
744 };
745
746 /**
747 * @brief hks ecc key material
748 */
749 struct HksKeyMaterialEcc {
750 enum HksKeyAlg keyAlg;
751 uint32_t keySize;
752 uint32_t xSize;
753 uint32_t ySize;
754 uint32_t zSize;
755 };
756
757 /**
758 * @brief hks dsa key material
759 */
760 struct HksKeyMaterialDsa {
761 enum HksKeyAlg keyAlg;
762 uint32_t keySize;
763 uint32_t xSize;
764 uint32_t ySize;
765 uint32_t pSize;
766 uint32_t qSize;
767 uint32_t gSize;
768 };
769
770 /**
771 * @brief hks dh key material
772 */
773 struct HksKeyMaterialDh {
774 enum HksKeyAlg keyAlg;
775 uint32_t keySize;
776 uint32_t pubKeySize;
777 uint32_t priKeySize;
778 uint32_t reserved;
779 };
780
781 /**
782 * @brief hks 25519 key material
783 */
784 struct HksKeyMaterial25519 {
785 enum HksKeyAlg keyAlg;
786 uint32_t keySize;
787 uint32_t pubKeySize;
788 uint32_t priKeySize;
789 uint32_t reserved;
790 };
791
792 /**
793 * @brief hks user auth token plaintext data
794 * @see `TokenDataPlain` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
795 */
796 typedef struct HksPlaintextData {
797 uint8_t challenge[TOKEN_SIZE];
798 uint64_t time;
799 uint32_t authTrustLevel;
800 uint32_t authType;
801 uint32_t authMode;
802 uint32_t securityLevel;
803 /**
804 * @see `enum TokenType` in `drivers/peripheral/user_auth/hdi_service/common/inc/defines.h`
805 */
806 uint32_t tokenType;
807 } __attribute__((__packed__)) HksPlaintextData;
808
809 /**
810 * @brief hks user auth token ciphertext data
811 * @see `TokenDataToEncrypt` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
812 */
813 typedef struct HksCiphertextData {
814 int32_t userId;
815 uint64_t secureUid;
816 uint64_t enrolledId;
817 uint64_t credentialId;
818 uint8_t collectorUdid[UDID_LEN];
819 uint8_t verifierUdid[UDID_LEN];
820 } __attribute__((__packed__)) HksCiphertextData;
821
822 /**
823 * @brief hks user auth token
824 * @see `UserAuthTokenHal` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
825 */
826 typedef struct __attribute__((__packed__)) HksUserAuthToken {
827 uint32_t version;
828 HksPlaintextData plaintextData;
829 HksCiphertextData ciphertextData;
830 uint8_t tag[HKS_AE_TAG_LEN];
831 uint8_t iv[HKS_AE_NONCE_LEN];
832 uint8_t sign[SHA256_SIGN_LEN];
833 } __attribute__((__packed__)) HksUserAuthToken;
834
835 /**
836 * @brief hks user auth token key
837 */
838 struct HksAuthTokenKey {
839 uint8_t macKey[HKS_KEY_BLOB_AT_KEY_BYTES];
840 uint8_t cipherKey[HKS_KEY_BLOB_AT_KEY_BYTES];
841 };
842
843 /**
844 * @brief hks secure sign auth info
845 */
846 typedef struct __attribute__((__packed__)) HksSecureSignAuthInfo {
847 uint32_t userAuthType;
848 uint64_t authenticatorId;
849 uint64_t credentialId;
850 } __attribute__((__packed__)) HksSecureSignAuthInfo;
851
852 enum HksUserIamType {
853 HKS_AUTH_TYPE = 0,
854 };
855
856 struct EnrolledInfoWrap {
857 enum HksUserAuthType authType;
858 uint64_t enrolledId;
859 };
860
861 struct SecInfoWrap {
862 uint64_t secureUid;
863 uint32_t enrolledInfoLen;
864 struct EnrolledInfoWrap *enrolledInfo;
865 };
866
867 /**
868 * @brief hks alias set
869 */
870 struct HksKeyAliasSet {
871 uint32_t aliasesCnt;
872 struct HksBlob *aliases;
873 };
874
875
876 #define HKS_DERIVE_DEFAULT_SALT_LEN 16
877 #define HKS_HMAC_DIGEST_SHA512_LEN 64
878 #define HKS_DEFAULT_RANDOM_LEN 16
879 #define HKS_MAX_KEY_AUTH_ID_LEN 64
880 #define HKS_KEY_MATERIAL_NUM 3
881 #define HKS_MAX_KEY_LEN (HKS_KEY_BYTES(HKS_RSA_KEY_SIZE_4096) * HKS_KEY_MATERIAL_NUM)
882 #define HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct HksPubKeyInfo) + HKS_MAX_KEY_LEN + HKS_AE_TAG_LEN)
883
884 /**
885 * @brief hks store header info
886 */
887 struct HksStoreHeaderInfo {
888 uint16_t version;
889 uint16_t keyCount;
890 uint32_t totalLen; /* key buffer total len */
891 uint32_t sealingAlg;
892 uint8_t salt[HKS_DERIVE_DEFAULT_SALT_LEN];
893 uint8_t hmac[HKS_HMAC_DIGEST_SHA512_LEN];
894 };
895
896 /**
897 * @brief hks store key info
898 */
899 struct HksStoreKeyInfo {
900 uint16_t keyInfoLen; /* current keyinfo len */
901 uint16_t keySize; /* keySize of key from crypto hal after encrypted */
902 uint8_t random[HKS_DEFAULT_RANDOM_LEN];
903 uint8_t flag; /* import or generate key */
904 uint8_t keyAlg;
905 uint8_t keyMode;
906 uint8_t digest;
907 uint8_t padding;
908 uint8_t rsv;
909 uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */
910 uint32_t purpose;
911 uint32_t role;
912 uint16_t domain;
913 uint8_t aliasSize;
914 uint8_t authIdSize;
915 };
916
917 /**
918 * @brief hks 25519 key pair
919 */
920 struct Hks25519KeyPair {
921 uint32_t publicBufferSize;
922 uint32_t privateBufferSize;
923 };
924
IsAdditionOverflow(uint32_t a,uint32_t b)925 static inline bool IsAdditionOverflow(uint32_t a, uint32_t b)
926 {
927 return (UINT32_MAX - a) < b;
928 }
929
IsInvalidLength(uint32_t length)930 static inline bool IsInvalidLength(uint32_t length)
931 {
932 return (length == 0) || (length > MAX_OUT_BLOB_SIZE);
933 }
934
CheckBlob(const struct HksBlob * blob)935 static inline int32_t CheckBlob(const struct HksBlob *blob)
936 {
937 if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) {
938 return HKS_ERROR_INVALID_ARGUMENT;
939 }
940 return HKS_SUCCESS;
941 }
942
943 /**
944 * @brief hks chipset platform decrypt scene
945 */
946 enum HksChipsetPlatformDecryptScene {
947 HKS_CHIPSET_PLATFORM_DECRYPT_SCENE_TA_TO_TA = 1,
948 };
949
950 /**
951 * @brief hks auth storage level
952 */
953 enum HksAuthStorageLevel {
954 HKS_AUTH_STORAGE_LEVEL_DE = 0,
955 HKS_AUTH_STORAGE_LEVEL_CE = 1,
956 HKS_AUTH_STORAGE_LEVEL_ECE = 2,
957 };
958
959 #ifdef __cplusplus
960 }
961 #endif
962
963 #endif /* HKS_TYPE_H */
964