• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifdef HKS_CONFIG_FILE
17 #include HKS_CONFIG_FILE
18 #else
19 #include "hks_config.h"
20 #endif
21 
22 #include "hks_core_service_key_other.h"
23 
24 #include <stdbool.h>
25 #include <stddef.h>
26 
27 #include "hks_ability.h"
28 #include "dcm_attest.h"
29 #include "hks_auth.h"
30 #include "hks_base_check.h"
31 #include "hks_check_paramset.h"
32 #include "hks_client_service_adapter_common.h"
33 #include "hks_cmd_id.h"
34 #include "hks_common_check.h"
35 #include "hks_core_service_three_stage.h"
36 #include "hks_crypto_adapter.h"
37 #include "hks_crypto_hal.h"
38 #include "hks_log.h"
39 #include "hks_mem.h"
40 #include "hks_param.h"
41 #include "hks_secure_access.h"
42 #include "hks_sm_import_wrap_key.h"
43 #include "hks_template.h"
44 #include "hks_type_inner.h"
45 #include "hks_util.h"
46 #include "hks_keynode.h"
47 
48 #include "securec.h"
49 
50 #ifndef _HARDWARE_ROOT_KEY_
51 #include "hks_rkc.h"
52 #endif
53 
54 #ifndef _CUT_AUTHENTICATE_
55 
HksCoreModuleInit(void)56 int32_t HksCoreModuleInit(void)
57 {
58     int32_t ret = HksInitHuksMutex();
59     HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Hks mutex init failed, ret = %" LOG_PUBLIC "d", ret)
60 
61     ret = HksCryptoAbilityInit();
62     HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Hks init crypto ability failed, ret = %" LOG_PUBLIC "d", ret)
63 
64     ret = HksCoreInitAuthTokenKey();
65     HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "Hks init auth token key failed, ret = %" LOG_PUBLIC "d", ret)
66 #ifndef _HARDWARE_ROOT_KEY_
67     ret = HksRkcInit();
68     HKS_IF_NOT_SUCC_LOGE(ret, "Hks rkc init failed! ret = 0x%" LOG_PUBLIC "X", ret)
69 #endif
70 
71     return ret;
72 }
73 
HksCoreModuleDestroy(void)74 int32_t HksCoreModuleDestroy(void)
75 {
76     HksDestroyHuksMutex();
77     HksCoreDestroyAuthTokenKey();
78 #ifndef _HARDWARE_ROOT_KEY_
79     HksCfgDestroy();
80     HksMkDestroy();
81 #endif
82     return HKS_SUCCESS;
83 }
84 
HksCoreRefreshKeyInfo(void)85 int32_t HksCoreRefreshKeyInfo(void)
86 {
87 #ifndef _HARDWARE_ROOT_KEY_
88     HksCfgDestroy();
89     HksMkDestroy();
90     int32_t ret = HksRkcInit();
91     HKS_IF_NOT_SUCC_LOGE(ret, "Hks rkc refresh info failed! ret = 0x%" LOG_PUBLIC "X", ret)
92 
93     return ret;
94 #else
95     return HKS_SUCCESS;
96 #endif
97 }
98 
99 #ifdef _STORAGE_LITE_
GetMacKey(const struct HksBlob * salt,struct HksBlob * macKey)100 static int32_t GetMacKey(const struct HksBlob *salt, struct HksBlob *macKey)
101 {
102     uint8_t keyBuf[HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256)] = {0};
103     struct HksBlob mk = { HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256), keyBuf };
104 
105     int32_t ret = HksCryptoHalGetMainKey(NULL, &mk);
106     HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get kek failed, ret = %" LOG_PUBLIC "d", ret)
107 
108     struct HksKeyDerivationParam derParam = {
109         .salt = *salt,
110         .iterations = HKS_KEY_BLOB_DERIVE_CNT,
111         .digestAlg = HKS_DIGEST_SHA256,
112     };
113     struct HksKeySpec derivationSpec = { HKS_ALG_PBKDF2, HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256), &derParam };
114     ret = HksCryptoHalDeriveKey(&mk, &derivationSpec, macKey);
115     HKS_IF_NOT_SUCC_LOGE(ret, "get keyblob derive key failed!")
116 
117     (void)memset_s(mk.data, mk.size, 0, mk.size);
118     return ret;
119 }
120 
HksCoreCalcMacHeader(const struct HksParamSet * paramSet,const struct HksBlob * salt,const struct HksBlob * srcData,struct HksBlob * mac)121 int32_t HksCoreCalcMacHeader(const struct HksParamSet *paramSet, const struct HksBlob *salt,
122     const struct HksBlob *srcData, struct HksBlob *mac)
123 {
124     /* 1. get mac key by derive from salt */
125     uint8_t keyBuf[HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256)] = {0};
126     struct HksBlob macKey = { HKS_KEY_BYTES(HKS_AES_KEY_SIZE_256), keyBuf };
127     int32_t ret = GetMacKey(salt, &macKey);
128     HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get mac key failed, ret = %" LOG_PUBLIC "d", ret)
129 
130     struct HksParam *digestParam = NULL;
131     ret = HksGetParam(paramSet, HKS_TAG_DIGEST, &digestParam);
132     if (ret != HKS_SUCCESS) {
133         HKS_LOG_E("calc mac header get HKS_TAG_DIGEST param failed, ret = %" LOG_PUBLIC "d", ret);
134         (void)memset_s(macKey.data, macKey.size, 0, macKey.size);
135         return ret;
136     }
137 
138     /* 2. do mac */
139     ret = HksCryptoHalHmac(&macKey, digestParam->uint32Param, srcData, mac);
140     (void)memset_s(macKey.data, macKey.size, 0, macKey.size);
141     return ret;
142 }
143 #endif
144 
HksCoreRefresh(void)145 int32_t HksCoreRefresh(void)
146 {
147     return HksCoreRefreshKeyInfo();
148 }
149 
HksCoreGetAbility(int32_t funcType)150 int32_t HksCoreGetAbility(int32_t funcType)
151 {
152     (void)(funcType);
153     return 0;
154 }
155 
HksCoreGetHardwareInfo(void)156 int32_t HksCoreGetHardwareInfo(void)
157 {
158     return 0;
159 }
160 
161 #endif /* _CUT_AUTHENTICATE_ */