1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_ipc_service.h"
17 #include "hks_type.h"
18
19 #include <dlfcn.h>
20 #include <securec.h>
21 #include <stdbool.h>
22 #include <stdint.h>
23 #include <sys/time.h>
24 #include <sys/types.h>
25 #include <unistd.h>
26
27 #ifdef HKS_CONFIG_FILE
28 #include HKS_CONFIG_FILE
29 #else
30 #include "hks_config.h"
31 #endif
32
33 #include "hks_base_check.h" // for HksAttestIsAnonymous
34 #include "hks_client_check.h"
35 #include "hks_client_service_dcm.h"
36 #include "hks_client_service.h"
37 #include "hks_client_service_common.h"
38 #include "hks_cmd_id.h"
39 #include "hks_log.h"
40 #include "hks_mem.h"
41 #include "hks_permission_check.h"
42 #include "hks_response.h"
43 #include "hks_service_ipc_serialization.h"
44 #include "hks_template.h"
45
46 #define MAX_KEY_SIZE 2048
47
48 #ifdef HKS_SUPPORT_ACCESS_TOKEN
49 static enum HksTag g_idList[] = {
50 HKS_TAG_ATTESTATION_ID_BRAND,
51 HKS_TAG_ATTESTATION_ID_DEVICE,
52 HKS_TAG_ATTESTATION_ID_PRODUCT,
53 HKS_TAG_ATTESTATION_ID_SERIAL,
54 HKS_TAG_ATTESTATION_ID_IMEI,
55 HKS_TAG_ATTESTATION_ID_MEID,
56 HKS_TAG_ATTESTATION_ID_MANUFACTURER,
57 HKS_TAG_ATTESTATION_ID_MODEL,
58 HKS_TAG_ATTESTATION_ID_SOCID,
59 HKS_TAG_ATTESTATION_ID_UDID,
60 };
61 #endif
62
HksIpcServiceGenerateKey(const struct HksBlob * srcData,const uint8_t * context)63 void HksIpcServiceGenerateKey(const struct HksBlob *srcData, const uint8_t *context)
64 {
65 struct HksBlob keyAlias = { 0, NULL };
66 struct HksParamSet *inParamSet = NULL;
67 struct HksBlob keyOut = { 0, NULL };
68 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
69 int32_t ret;
70 bool isNoneResponse = false;
71
72 do {
73 ret = HksGenerateKeyUnpack(srcData, &keyAlias, &inParamSet, &keyOut);
74 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGenerateKeyUnpack Ipc fail")
75
76 if (keyOut.data == NULL) {
77 isNoneResponse = true;
78 keyOut.data = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
79 if (keyOut.data == NULL) {
80 HKS_LOG_E("malloc fail.");
81 ret = HKS_ERROR_MALLOC_FAIL;
82 break;
83 }
84 keyOut.size = MAX_KEY_SIZE;
85 }
86
87 ret = HksGetProcessInfoForIPC(context, &processInfo);
88 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
89
90 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
91 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
92
93 struct HksParam *accessTypeParam = NULL;
94 ret = HksGetParam(inParamSet, HKS_TAG_KEY_AUTH_ACCESS_TYPE, &accessTypeParam);
95 if (ret == HKS_SUCCESS && accessTypeParam != NULL &&
96 accessTypeParam->uint32Param == HKS_AUTH_ACCESS_ALWAYS_VALID) {
97 int32_t activeFrontUserId;
98 ret = HksGetFrontUserId(&activeFrontUserId);
99 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetFrontUserId fail! ret=%" LOG_PUBLIC "d", ret);
100 struct HksParamSet *newParamSet = NULL;
101 ret = BuildFrontUserIdParamSet(inParamSet, &newParamSet, activeFrontUserId);
102 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "BuildFrontUserIdParamSet fail! ret=%" LOG_PUBLIC "d", ret);
103 ret = HksServiceGenerateKey(&processInfo, &keyAlias, newParamSet, &keyOut);
104 HksFreeParamSet(&newParamSet);
105 } else {
106 ret = HksServiceGenerateKey(&processInfo, &keyAlias, inParamSet, &keyOut);
107 }
108 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceGenerateKey fail, ret = %" LOG_PUBLIC "d", ret)
109 } while (0);
110
111 if (isNoneResponse) {
112 HksSendResponse(context, ret, NULL);
113 } else {
114 HksSendResponse(context, ret, &keyOut);
115 }
116
117 HKS_FREE_BLOB(keyOut);
118 HKS_FREE_BLOB(processInfo.processName);
119 HKS_FREE_BLOB(processInfo.userId);
120 }
121
HksIpcServiceImportKey(const struct HksBlob * srcData,const uint8_t * context)122 void HksIpcServiceImportKey(const struct HksBlob *srcData, const uint8_t *context)
123 {
124 struct HksBlob keyAlias = { 0, NULL };
125 struct HksParamSet *paramSet = NULL;
126 struct HksBlob key = { 0, NULL };
127 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
128 int32_t ret;
129
130 do {
131 ret = HksImportKeyUnpack(srcData, &keyAlias, ¶mSet, &key);
132 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksImportKeyUnpack Ipc fail")
133
134 ret = HksGetProcessInfoForIPC(context, &processInfo);
135 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
136
137 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
138 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
139
140 ret = HksServiceImportKey(&processInfo, &keyAlias, paramSet, &key);
141 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceImportKey fail, ret = %" LOG_PUBLIC "d", ret)
142 } while (0);
143
144 HksSendResponse(context, ret, NULL);
145
146 HKS_FREE_BLOB(processInfo.processName);
147 HKS_FREE_BLOB(processInfo.userId);
148 }
149
HksIpcServiceImportWrappedKey(const struct HksBlob * srcData,const uint8_t * context)150 void HksIpcServiceImportWrappedKey(const struct HksBlob *srcData, const uint8_t *context)
151 {
152 struct HksBlob keyAlias = { 0, NULL };
153 struct HksBlob wrappingKeyAlias = { 0, NULL };
154 struct HksParamSet *paramSet = NULL;
155 struct HksBlob wrappedKeyData = { 0, NULL };
156 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
157 int32_t ret;
158
159 do {
160 ret = HksImportWrappedKeyUnpack(srcData, &keyAlias, &wrappingKeyAlias, ¶mSet, &wrappedKeyData);
161 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "unpack data for Ipc fail")
162
163 ret = HksGetProcessInfoForIPC(context, &processInfo);
164 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get process info fail, ret = %" LOG_PUBLIC "d", ret)
165
166 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
167 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
168
169 ret = HksServiceImportWrappedKey(&processInfo, &keyAlias, &wrappingKeyAlias, paramSet, &wrappedKeyData);
170 HKS_IF_NOT_SUCC_LOGE(ret, "do import wrapped key fail, ret = %" LOG_PUBLIC "d", ret)
171 } while (0);
172
173 HksSendResponse(context, ret, NULL);
174
175 HKS_FREE_BLOB(processInfo.processName);
176 HKS_FREE_BLOB(processInfo.userId);
177 }
178
HksIpcServiceExportPublicKey(const struct HksBlob * srcData,const uint8_t * context)179 void HksIpcServiceExportPublicKey(const struct HksBlob *srcData, const uint8_t *context)
180 {
181 struct HksBlob keyAlias = { 0, NULL };
182 struct HksParamSet *paramSet = NULL;
183 struct HksBlob key = { 0, NULL };
184 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
185 int32_t ret;
186
187 do {
188 ret = HksExportPublicKeyUnpack(srcData, &keyAlias, ¶mSet, &key);
189 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksExportKeyUnpack Ipc fail")
190
191 ret = HksGetProcessInfoForIPC(context, &processInfo);
192 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
193
194 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
195 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
196
197 ret = HksServiceExportPublicKey(&processInfo, &keyAlias, paramSet, &key);
198 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceExportPublicKey fail, ret = %" LOG_PUBLIC "d", ret)
199
200 HksSendResponse(context, ret, &key);
201 } while (0);
202
203 if (ret != HKS_SUCCESS) {
204 HksSendResponse(context, ret, NULL);
205 }
206
207 HKS_FREE_BLOB(key);
208 HKS_FREE_BLOB(processInfo.processName);
209 HKS_FREE_BLOB(processInfo.userId);
210 }
211
HksIpcServiceDeleteKey(const struct HksBlob * srcData,const uint8_t * context)212 void HksIpcServiceDeleteKey(const struct HksBlob *srcData, const uint8_t *context)
213 {
214 struct HksBlob keyAlias = { 0, NULL };
215 struct HksParamSet *paramSet = NULL;
216 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
217 int32_t ret;
218 do {
219 ret = HksDeleteKeyUnpack(srcData, &keyAlias, ¶mSet);
220 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeleteKeyUnpack Ipc fail")
221
222 ret = HksGetProcessInfoForIPC(context, &processInfo);
223 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
224
225 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
226 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
227
228 ret = HksServiceDeleteKey(&processInfo, &keyAlias, paramSet);
229 HKS_IF_NOT_SUCC_LOGE(ret, "HksIpcServiceDeleteKey fail, ret = %" LOG_PUBLIC "d", ret)
230 } while (0);
231
232 HksSendResponse(context, ret, NULL);
233
234 HKS_FREE_BLOB(processInfo.processName);
235 HKS_FREE_BLOB(processInfo.userId);
236 }
237
HksIpcServiceGetKeyParamSet(const struct HksBlob * srcData,const uint8_t * context)238 void HksIpcServiceGetKeyParamSet(const struct HksBlob *srcData, const uint8_t *context)
239 {
240 struct HksBlob keyAlias = { 0, NULL };
241 struct HksParamSet *paramSetIn = NULL;
242 struct HksParamSet *paramSetOut = NULL;
243 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
244 int32_t ret;
245
246 do {
247 ret = HksGetKeyParamSetUnpack(srcData, &keyAlias, ¶mSetIn, ¶mSetOut);
248 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGenerateKeyUnpack Ipc fail, ret = %" LOG_PUBLIC "d", ret)
249
250 ret = HksGetProcessInfoForIPC(context, &processInfo);
251 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
252
253 ret = HksCheckAcrossAccountsPermission(paramSetIn, processInfo.userIdInt);
254 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
255
256 ret = HksServiceGetKeyParamSet(&processInfo, &keyAlias, paramSetIn, paramSetOut);
257 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGetKeyParamSet fail, ret = %" LOG_PUBLIC "d", ret)
258
259 struct HksBlob paramSet = { paramSetOut->paramSetSize, (uint8_t *)paramSetOut };
260 HksSendResponse(context, ret, ¶mSet);
261 } while (0);
262
263 if (ret != HKS_SUCCESS) {
264 HksSendResponse(context, ret, NULL);
265 }
266
267 HKS_FREE(paramSetOut);
268 HKS_FREE_BLOB(processInfo.processName);
269 HKS_FREE_BLOB(processInfo.userId);
270 }
271
HksIpcServiceKeyExist(const struct HksBlob * srcData,const uint8_t * context)272 void HksIpcServiceKeyExist(const struct HksBlob *srcData, const uint8_t *context)
273 {
274 struct HksBlob keyAlias = { 0, NULL };
275 struct HksParamSet *paramSet = NULL;
276 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
277 int32_t ret;
278
279 do {
280 ret = HksKeyExistUnpack(srcData, &keyAlias, ¶mSet);
281 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeleteKeyUnpack Ipc fail")
282
283 ret = HksGetProcessInfoForIPC(context, &processInfo);
284 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
285
286 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
287 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
288
289 ret = HksServiceKeyExist(&processInfo, &keyAlias, paramSet);
290 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceKeyExist fail, ret = %" LOG_PUBLIC "d", ret)
291 } while (0);
292
293 HksSendResponse(context, ret, NULL);
294
295 HKS_FREE_BLOB(processInfo.processName);
296 HKS_FREE_BLOB(processInfo.userId);
297 }
298
HksIpcServiceGenerateRandom(const struct HksBlob * srcData,const uint8_t * context)299 void HksIpcServiceGenerateRandom(const struct HksBlob *srcData, const uint8_t *context)
300 {
301 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL } };
302 struct HksBlob random = { 0, NULL };
303 int32_t ret;
304
305 do {
306 if ((srcData == NULL) || (srcData->data == NULL) || (srcData->size < sizeof(uint32_t))) {
307 HKS_LOG_E("invalid srcData");
308 ret = HKS_ERROR_INVALID_ARGUMENT;
309 break;
310 }
311
312 random.size = *((uint32_t *)(srcData->data));
313 if (IsInvalidLength(random.size)) {
314 HKS_LOG_E("invalid size %" LOG_PUBLIC "u", random.size);
315 ret = HKS_ERROR_INVALID_ARGUMENT;
316 break;
317 }
318
319 random.data = (uint8_t *)HksMalloc(random.size);
320 if (random.data == NULL) {
321 ret = HKS_ERROR_MALLOC_FAIL;
322 break;
323 }
324
325 ret = HksGetProcessInfoForIPC(context, &processInfo);
326 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
327
328 ret = HksServiceGenerateRandom(&processInfo, &random);
329 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGenerateRandom fail, ret = %" LOG_PUBLIC "d", ret)
330
331 HksSendResponse(context, ret, &random);
332 } while (0);
333
334 if (ret != HKS_SUCCESS) {
335 HksSendResponse(context, ret, NULL);
336 }
337
338 HKS_FREE_BLOB(random);
339 HKS_FREE_BLOB(processInfo.processName);
340 HKS_FREE_BLOB(processInfo.userId);
341 }
342
HksIpcServiceSign(const struct HksBlob * srcData,const uint8_t * context)343 void HksIpcServiceSign(const struct HksBlob *srcData, const uint8_t *context)
344 {
345 struct HksBlob keyAlias = { 0, NULL };
346 struct HksParamSet *inParamSet = NULL;
347 struct HksBlob unsignedData = { 0, NULL };
348 struct HksBlob signature = { 0, NULL };
349 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
350 int32_t ret;
351
352 do {
353 ret = HksSignUnpack(srcData, &keyAlias, &inParamSet, &unsignedData, &signature);
354 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksSignUnpack Ipc fail")
355
356 ret = HksGetProcessInfoForIPC(context, &processInfo);
357 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
358
359 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
360 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
361
362 ret = HksServiceSign(&processInfo, &keyAlias, inParamSet, &unsignedData, &signature);
363 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceSign fail, ret = %" LOG_PUBLIC "d", ret)
364
365 HksSendResponse(context, ret, &signature);
366 } while (0);
367
368 if (ret != HKS_SUCCESS) {
369 HksSendResponse(context, ret, NULL);
370 }
371
372 HKS_FREE_BLOB(signature);
373 HKS_FREE_BLOB(processInfo.processName);
374 HKS_FREE_BLOB(processInfo.userId);
375 }
376
HksIpcServiceVerify(const struct HksBlob * srcData,const uint8_t * context)377 void HksIpcServiceVerify(const struct HksBlob *srcData, const uint8_t *context)
378 {
379 struct HksBlob keyAlias = { 0, NULL };
380 struct HksParamSet *inParamSet = NULL;
381 struct HksBlob unsignedData = { 0, NULL };
382 struct HksBlob signature = { 0, NULL };
383 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
384 int32_t ret;
385
386 do {
387 ret = HksVerifyUnpack(srcData, &keyAlias, &inParamSet, &unsignedData, &signature);
388 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksVerifyUnpack Ipc fail")
389
390 ret = HksGetProcessInfoForIPC(context, &processInfo);
391 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
392
393 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
394 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
395
396 ret = HksServiceVerify(&processInfo, &keyAlias, inParamSet, &unsignedData, &signature);
397 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceVerify fail ret = %" LOG_PUBLIC "d", ret)
398 } while (0);
399
400 HksSendResponse(context, ret, NULL);
401
402 HKS_FREE_BLOB(processInfo.processName);
403 HKS_FREE_BLOB(processInfo.userId);
404 }
405
HksIpcServiceEncrypt(const struct HksBlob * srcData,const uint8_t * context)406 void HksIpcServiceEncrypt(const struct HksBlob *srcData, const uint8_t *context)
407 {
408 struct HksBlob keyAlias = { 0, NULL };
409 struct HksParamSet *inParamSet = NULL;
410 struct HksBlob plainText = { 0, NULL };
411 struct HksBlob cipherText = { 0, NULL };
412 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
413 int32_t ret;
414
415 do {
416 ret = HksEncryptDecryptUnpack(srcData, &keyAlias, &inParamSet, &plainText, &cipherText);
417 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksEncryptDecryptUnpack Ipc fail")
418
419 ret = HksGetProcessInfoForIPC(context, &processInfo);
420 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
421
422 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
423 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
424
425 ret = HksServiceEncrypt(&processInfo, &keyAlias, inParamSet, &plainText, &cipherText);
426 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceEncrypt fail, ret = %" LOG_PUBLIC "d", ret)
427
428 HksSendResponse(context, ret, &cipherText);
429 } while (0);
430
431 if (ret != HKS_SUCCESS) {
432 HksSendResponse(context, ret, NULL);
433 }
434
435 HKS_FREE_BLOB(cipherText);
436 HKS_FREE_BLOB(processInfo.processName);
437 HKS_FREE_BLOB(processInfo.userId);
438 }
439
HksIpcServiceDecrypt(const struct HksBlob * srcData,const uint8_t * context)440 void HksIpcServiceDecrypt(const struct HksBlob *srcData, const uint8_t *context)
441 {
442 struct HksBlob keyAlias = { 0, NULL };
443 struct HksParamSet *inParamSet = NULL;
444 struct HksBlob plainText = { 0, NULL };
445 struct HksBlob cipherText = { 0, NULL };
446 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
447 int32_t ret;
448
449 do {
450 ret = HksEncryptDecryptUnpack(srcData, &keyAlias, &inParamSet, &cipherText, &plainText);
451 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksEncryptDecryptUnpack Ipc fail")
452
453 ret = HksGetProcessInfoForIPC(context, &processInfo);
454 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
455
456 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
457 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
458
459 ret = HksServiceDecrypt(&processInfo, &keyAlias, inParamSet, &cipherText, &plainText);
460 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceDecrypt fail, ret = %" LOG_PUBLIC "d", ret)
461
462 HksSendResponse(context, ret, &plainText);
463 } while (0);
464
465 if (ret != HKS_SUCCESS) {
466 HksSendResponse(context, ret, NULL);
467 }
468
469 HKS_FREE_BLOB(plainText);
470 HKS_FREE_BLOB(processInfo.processName);
471 HKS_FREE_BLOB(processInfo.userId);
472 }
473
HksIpcServiceAgreeKey(const struct HksBlob * srcData,const uint8_t * context)474 void HksIpcServiceAgreeKey(const struct HksBlob *srcData, const uint8_t *context)
475 {
476 struct HksBlob privateKey = { 0, NULL };
477 struct HksBlob peerPublicKey = { 0, NULL };
478 struct HksBlob agreedKey = { 0, NULL };
479 struct HksParamSet *inParamSet = NULL;
480 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
481 int32_t ret;
482
483 do {
484 ret = HksAgreeKeyUnpack(srcData, &inParamSet, &privateKey, &peerPublicKey, &agreedKey);
485 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksAgreeKeyUnpack Ipc fail")
486
487 ret = HksGetProcessInfoForIPC(context, &processInfo);
488 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
489
490 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
491 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
492
493 ret = HksServiceAgreeKey(&processInfo, inParamSet, &privateKey, &peerPublicKey, &agreedKey);
494 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAgreeKey fail, ret = %" LOG_PUBLIC "d", ret)
495
496 HksSendResponse(context, ret, &agreedKey);
497 } while (0);
498
499 if (ret != HKS_SUCCESS) {
500 HksSendResponse(context, ret, NULL);
501 }
502
503 HKS_FREE_BLOB(agreedKey);
504 HKS_FREE_BLOB(processInfo.processName);
505 HKS_FREE_BLOB(processInfo.userId);
506 }
507
HksIpcServiceDeriveKey(const struct HksBlob * srcData,const uint8_t * context)508 void HksIpcServiceDeriveKey(const struct HksBlob *srcData, const uint8_t *context)
509 {
510 struct HksBlob masterKey = { 0, NULL };
511 struct HksBlob derivedKey = { 0, NULL };
512 struct HksParamSet *inParamSet = NULL;
513 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
514 int32_t ret;
515
516 do {
517 ret = HksDeriveKeyUnpack(srcData, &inParamSet, &masterKey, &derivedKey);
518 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeriveKeyUnpack Ipc fail")
519
520 ret = HksGetProcessInfoForIPC(context, &processInfo);
521 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
522
523 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
524 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
525
526 ret = HksServiceDeriveKey(&processInfo, inParamSet, &masterKey, &derivedKey);
527 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceDeriveKey fail, ret = %" LOG_PUBLIC "d", ret)
528
529 HksSendResponse(context, ret, &derivedKey);
530 } while (0);
531
532 if (ret != HKS_SUCCESS) {
533 HksSendResponse(context, ret, NULL);
534 }
535
536 HKS_FREE_BLOB(derivedKey);
537 HKS_FREE_BLOB(processInfo.processName);
538 HKS_FREE_BLOB(processInfo.userId);
539 }
540
HksIpcServiceMac(const struct HksBlob * srcData,const uint8_t * context)541 void HksIpcServiceMac(const struct HksBlob *srcData, const uint8_t *context)
542 {
543 struct HksBlob key = { 0, NULL };
544 struct HksParamSet *inParamSet = NULL;
545 struct HksBlob inputData = { 0, NULL };
546 struct HksBlob mac = { 0, NULL };
547 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
548 int32_t ret;
549
550 do {
551 ret = HksHmacUnpack(srcData, &key, &inParamSet, &inputData, &mac);
552 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksHmacUnpack Ipc fail")
553
554 ret = HksGetProcessInfoForIPC(context, &processInfo);
555 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
556
557 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
558 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
559
560 ret = HksServiceMac(&processInfo, &key, inParamSet, &inputData, &mac);
561 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceMac fail, ret = %" LOG_PUBLIC "d", ret)
562
563 HksSendResponse(context, ret, &mac);
564 } while (0);
565
566 if (ret != HKS_SUCCESS) {
567 HksSendResponse(context, ret, NULL);
568 }
569
570 HKS_FREE_BLOB(mac);
571 HKS_FREE_BLOB(processInfo.processName);
572 HKS_FREE_BLOB(processInfo.userId);
573 }
574
FreeKeyInfo(uint32_t listCount,struct HksKeyInfo ** keyInfoList)575 static void FreeKeyInfo(uint32_t listCount, struct HksKeyInfo **keyInfoList)
576 {
577 if ((keyInfoList == NULL) || (*keyInfoList == NULL)) {
578 return;
579 }
580
581 for (uint32_t i = 0; i < listCount; ++i) {
582 if ((*keyInfoList)[i].alias.data != NULL) {
583 HKS_FREE_BLOB((*keyInfoList)[i].alias);
584 }
585 if ((*keyInfoList)[i].paramSet != NULL) {
586 HKS_FREE((*keyInfoList)[i].paramSet);
587 (*keyInfoList)[i].paramSet = NULL;
588 }
589 }
590
591 HKS_FREE(*keyInfoList);
592 }
593
HksIpcServiceGetKeyInfoList(const struct HksBlob * srcData,const uint8_t * context)594 void HksIpcServiceGetKeyInfoList(const struct HksBlob *srcData, const uint8_t *context)
595 {
596 uint32_t inputCount = 0;
597 struct HksParamSet *paramSet = NULL;
598 struct HksKeyInfo *keyInfoList = NULL;
599 struct HksBlob keyInfoListBlob = { 0, NULL };
600 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
601 int32_t ret;
602
603 do {
604 ret = HksGetKeyInfoListUnpack(srcData, ¶mSet, &inputCount, &keyInfoList);
605 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetKeyInfoListUnpack Ipc fail")
606
607 ret = HksGetProcessInfoForIPC(context, &processInfo);
608 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
609
610 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
611 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
612
613 uint32_t listCount = inputCount;
614 ret = HksServiceGetKeyInfoList(&processInfo, paramSet, keyInfoList, &listCount);
615 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGetKeyInfoList fail, ret = %" LOG_PUBLIC "d", ret)
616
617 keyInfoListBlob.size = sizeof(listCount);
618 for (uint32_t i = 0; i < listCount; ++i) {
619 keyInfoListBlob.size += sizeof(keyInfoList[i].alias.size) + ALIGN_SIZE(keyInfoList[i].alias.size) +
620 ALIGN_SIZE(keyInfoList[i].paramSet->paramSetSize);
621 }
622
623 keyInfoListBlob.data = (uint8_t *)HksMalloc(keyInfoListBlob.size);
624 if (keyInfoListBlob.data == NULL) {
625 ret = HKS_ERROR_MALLOC_FAIL;
626 break;
627 }
628
629 ret = HksGetKeyInfoListPackFromService(&keyInfoListBlob, listCount, keyInfoList);
630 HKS_IF_NOT_SUCC_BREAK(ret)
631
632 HksSendResponse(context, ret, &keyInfoListBlob);
633 } while (0);
634
635 if (ret != HKS_SUCCESS) {
636 HksSendResponse(context, ret, NULL);
637 }
638
639 FreeKeyInfo(inputCount, &keyInfoList);
640 HKS_FREE_BLOB(keyInfoListBlob);
641 HKS_FREE_BLOB(processInfo.processName);
642 HKS_FREE_BLOB(processInfo.userId);
643 }
644
HksAttestAccessControl(struct HksParamSet * paramSet)645 int32_t HksAttestAccessControl(struct HksParamSet *paramSet)
646 {
647 #ifdef HKS_SUPPORT_ACCESS_TOKEN
648 // check permisson for attest ids
649 for (uint32_t i = 0; i < sizeof(g_idList) / sizeof(g_idList[0]); i++) {
650 for (uint32_t j = 0; j < paramSet->paramsCnt; j++) {
651 if (paramSet->params[j].tag == g_idList[i]) {
652 return SensitivePermissionCheck("ohos.permission.ACCESS_IDS");
653 }
654 }
655 }
656 // HKS_ATTESTATION_MODE_ANONYMOUS no need check permission
657 if (HksAttestIsAnonymous(paramSet)) {
658 return HKS_SUCCESS;
659 }
660
661 return SensitivePermissionCheck("ohos.permission.ATTEST_KEY");
662 #endif
663 (void)paramSet;
664 return HKS_SUCCESS;
665 }
666
HksIpcServiceAttestKey(const struct HksBlob * srcData,const uint8_t * context,const uint8_t * remoteObject)667 void HksIpcServiceAttestKey(const struct HksBlob *srcData, const uint8_t *context, const uint8_t *remoteObject)
668 {
669 struct HksBlob keyAlias = { 0, NULL };
670 struct HksParamSet *inParamSet = NULL;
671 struct HksBlob certChainBlob = { 0, NULL };
672 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
673 int32_t ret;
674
675 do {
676 ret = HksCertificateChainUnpack(srcData, &keyAlias, &inParamSet, &certChainBlob);
677 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCertificateChainUnpack Ipc fail")
678
679 ret = HksGetProcessInfoForIPC(context, &processInfo);
680 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
681
682 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
683 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
684
685 ret = HksAttestAccessControl(inParamSet);
686 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksAttestAccessControl fail, ret = %" LOG_PUBLIC "d", ret)
687
688 ret = HksServiceAttestKey(&processInfo, &keyAlias, inParamSet, &certChainBlob, remoteObject);
689 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAttestKey fail, ret = %" LOG_PUBLIC "d", ret)
690
691 // certChainBlob.size would be 0 if attestation mode is anonymous
692 HKS_LOG_I("got certChainBlob size %" LOG_PUBLIC "u", certChainBlob.size);
693 HksSendResponse(context, ret, &certChainBlob);
694 } while (0);
695
696 if (ret != HKS_SUCCESS) {
697 HksSendResponse(context, ret, NULL);
698 }
699
700 HKS_FREE_BLOB(processInfo.processName);
701 HKS_FREE_BLOB(processInfo.userId);
702 HKS_FREE_BLOB(certChainBlob);
703 }
704
IpcServiceInit(const struct HksProcessInfo * processInfo,const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * outData)705 static int32_t IpcServiceInit(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
706 const struct HksParamSet *paramSet, struct HksBlob *outData)
707 {
708 uint8_t handleData[HANDLE_SIZE] = {0};
709 uint8_t tokenData[TOKEN_SIZE] = {0};
710 struct HksBlob handle = { sizeof(handleData), handleData };
711 struct HksBlob token = { sizeof(tokenData), tokenData };
712
713 int32_t ret = HksServiceInit(processInfo, keyAlias, paramSet, &handle, &token);
714 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "service init failed, ret = %" LOG_PUBLIC "d", ret)
715
716 if ((handle.size != HANDLE_SIZE) || (token.size > TOKEN_SIZE)) {
717 HKS_LOG_E("invalid handle size[%" LOG_PUBLIC "u], or token size[%" LOG_PUBLIC "u]", handle.size, token.size);
718 return HKS_ERROR_BAD_STATE;
719 }
720
721 if (outData->size < (handle.size + token.size)) {
722 HKS_LOG_E("ipc out size[%" LOG_PUBLIC "u] too small", outData->size);
723 return HKS_ERROR_BUFFER_TOO_SMALL;
724 }
725
726 if (memcpy_s(outData->data, outData->size, handle.data, handle.size) != EOK) {
727 HKS_LOG_E("copy outData data failed!");
728 return HKS_ERROR_INSUFFICIENT_MEMORY;
729 }
730
731 if (token.size != 0 &&
732 memcpy_s(outData->data + handle.size, outData->size - handle.size, token.data, token.size) != EOK) {
733 HKS_LOG_E("copy token failed");
734 return HKS_ERROR_INSUFFICIENT_MEMORY;
735 }
736 outData->size = handle.size + token.size;
737
738 return HKS_SUCCESS;
739 }
740
HksIpcServiceInit(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)741 void HksIpcServiceInit(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
742 {
743 int32_t ret;
744 struct HksParamSet *inParamSet = NULL;
745 struct HksParamSet *paramSet = NULL;
746 struct HksBlob keyAlias = { 0, NULL };
747 struct HksBlob paramsBlob = { 0, NULL };
748 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
749
750 do {
751 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
752 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
753
754 struct HksParamOut params[] = {
755 {
756 .tag = HKS_TAG_PARAM0_BUFFER,
757 .blob = &keyAlias
758 }, {
759 .tag = HKS_TAG_PARAM1_BUFFER,
760 .blob = ¶msBlob
761 },
762 };
763
764 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
765 HKS_IF_NOT_SUCC_BREAK(ret)
766
767 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
768 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
769
770 ret = HksGetProcessInfoForIPC(context, &processInfo);
771 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
772
773 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
774 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
775
776 ret = IpcServiceInit(&processInfo, &keyAlias, inParamSet, outData);
777 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "ipc service init fail, ret = %" LOG_PUBLIC "d", ret)
778
779 HksSendResponse(context, ret, outData);
780 } while (0);
781
782 if (ret != HKS_SUCCESS) {
783 HksSendResponse(context, ret, NULL);
784 }
785
786 HksFreeParamSet(¶mSet);
787 HksFreeParamSet(&inParamSet);
788 HKS_FREE_BLOB(processInfo.processName);
789 HKS_FREE_BLOB(processInfo.userId);
790 }
791
HksIpcServiceUpdOrFin(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context,bool isUpdate)792 void HksIpcServiceUpdOrFin(const struct HksBlob *paramSetBlob, struct HksBlob *outData,
793 const uint8_t *context, bool isUpdate)
794 {
795 int32_t ret;
796 struct HksParamSet *inParamSet = NULL;
797 struct HksParamSet *paramSet = NULL;
798 struct HksBlob paramsBlob = { 0, NULL };
799 struct HksBlob inData = { 0, NULL };
800 struct HksBlob handle = { 0, NULL };
801 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
802
803 do {
804 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
805 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
806
807 struct HksParamOut params[] = {
808 {
809 .tag = HKS_TAG_PARAM0_BUFFER,
810 .blob = ¶msBlob
811 }, {
812 .tag = HKS_TAG_PARAM1_BUFFER,
813 .blob = &handle
814 }, {
815 .tag = HKS_TAG_PARAM2_BUFFER,
816 .blob = &inData
817 },
818 };
819
820 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
821 HKS_IF_NOT_SUCC_BREAK(ret)
822
823 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
824 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
825
826 ret = HksGetProcessInfoForIPC(context, &processInfo);
827 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
828
829 if (isUpdate) {
830 ret = HksServiceUpdate(&handle, &processInfo, inParamSet, &inData, outData);
831 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceUpdate fail, ret = %" LOG_PUBLIC "d", ret)
832 } else {
833 ret = HksServiceFinish(&handle, &processInfo, inParamSet, &inData, outData);
834 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceFinish fail, ret = %" LOG_PUBLIC "d", ret)
835 }
836 if (outData->size == 0) {
837 HksSendResponse(context, ret, NULL);
838 } else {
839 HksSendResponse(context, ret, outData);
840 }
841 } while (0);
842
843 if (ret != HKS_SUCCESS) {
844 HksSendResponse(context, ret, NULL);
845 }
846
847 HksFreeParamSet(¶mSet);
848 HksFreeParamSet(&inParamSet);
849 HKS_FREE_BLOB(processInfo.processName);
850 HKS_FREE_BLOB(processInfo.userId);
851 }
852
HksIpcServiceUpdate(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)853 void HksIpcServiceUpdate(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
854 {
855 HksIpcServiceUpdOrFin(paramSetBlob, outData, context, true);
856 }
857
HksIpcServiceFinish(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)858 void HksIpcServiceFinish(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
859 {
860 HksIpcServiceUpdOrFin(paramSetBlob, outData, context, false);
861 }
862
HksIpcServiceAbort(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)863 void HksIpcServiceAbort(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
864 {
865 (void)outData;
866 int32_t ret;
867 struct HksParamSet *inParamSet = NULL;
868 struct HksParamSet *paramSet = NULL;
869 struct HksBlob handle = { 0, NULL };
870 struct HksBlob paramsBlob = { 0, NULL };
871 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
872
873 do {
874 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
875 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
876
877 struct HksParamOut params[] = {
878 {
879 .tag = HKS_TAG_PARAM0_BUFFER,
880 .blob = ¶msBlob
881 }, {
882 .tag = HKS_TAG_PARAM1_BUFFER,
883 .blob = &handle
884 },
885 };
886 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
887 HKS_IF_NOT_SUCC_BREAK(ret)
888
889 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
890 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
891
892 ret = HksGetProcessInfoForIPC(context, &processInfo);
893 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
894
895 ret = HksServiceAbort(&handle, &processInfo, inParamSet);
896 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAbort fail, ret = %" LOG_PUBLIC "d", ret)
897 } while (0);
898
899 HksSendResponse(context, ret, NULL);
900 HksFreeParamSet(¶mSet);
901 HksFreeParamSet(&inParamSet);
902 HKS_FREE_BLOB(processInfo.processName);
903 HKS_FREE_BLOB(processInfo.userId);
904 }
905
HksIpcErrorResponse(const uint8_t * context)906 void HksIpcErrorResponse(const uint8_t *context)
907 {
908 HksSendResponse(context, HKS_ERROR_IPC_MSG_FAIL, NULL);
909 }
910
HksIpcServiceListAliases(const struct HksBlob * srcData,const uint8_t * context)911 void HksIpcServiceListAliases(const struct HksBlob *srcData, const uint8_t *context)
912 {
913 struct HksParamSet *paramSet = NULL;
914 struct HksKeyAliasSet *keyAliasSet = NULL;
915 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
916 struct HksBlob outBlob = { 0, NULL };
917 int32_t ret;
918
919 do {
920 ret = HksListAliasesUnpack(srcData, ¶mSet);
921 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksListAliasesUnpack fail")
922
923 ret = HksGetProcessInfoForIPC(context, &processInfo);
924 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
925
926 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
927 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
928
929 ret = HksServiceListAliases(&processInfo, paramSet, &keyAliasSet);
930 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceListAliases fail, ret = %" LOG_PUBLIC "d", ret)
931
932 ret = HksListAliasesPackFromService(keyAliasSet, &outBlob);
933 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksListAliasesPackFromService fail, ret = %" LOG_PUBLIC "d", ret)
934 } while (0);
935
936 // query success and key size is not 0
937 if (ret == HKS_SUCCESS && outBlob.size != 0) {
938 HksSendResponse(context, ret, &outBlob);
939 } else {
940 HksSendResponse(context, ret, NULL);
941 }
942
943 HksFreeKeyAliasSet(keyAliasSet);
944 HKS_FREE_BLOB(processInfo.processName);
945 HKS_FREE_BLOB(processInfo.userId);
946 HKS_FREE_BLOB(outBlob);
947 }
948
HksIpcServiceRenameKeyAlias(const struct HksBlob * srcData,const uint8_t * context)949 void HksIpcServiceRenameKeyAlias(const struct HksBlob *srcData, const uint8_t *context)
950 {
951 int32_t ret;
952 struct HksBlob oldKeyAlias = { 0, NULL };
953 struct HksBlob newKeyAlias = { 0, NULL };
954 struct HksParamSet *paramSet = NULL;
955 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
956 do {
957 ret = HksRenameKeyAliasUnpack(srcData, &oldKeyAlias, &newKeyAlias, ¶mSet);
958 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksRenameKeyAliasUnpack Ipc fail")
959
960 ret = HksGetProcessInfoForIPC(context, &processInfo);
961 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
962
963 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
964 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
965
966 ret = HksServiceRenameKeyAlias(&processInfo, &oldKeyAlias, paramSet, &newKeyAlias);
967 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceRenameKeyAliasy fail, ret = %" LOG_PUBLIC "d", ret)
968 } while (0);
969
970 HksSendResponse(context, ret, NULL);
971
972 HKS_FREE_BLOB(processInfo.processName);
973 HKS_FREE_BLOB(processInfo.userId);
974 }
975
HksIpcChangeStorageLevel(const struct HksBlob * srcData,const uint8_t * context)976 void HksIpcChangeStorageLevel(const struct HksBlob *srcData, const uint8_t *context)
977 {
978 struct HksBlob keyAlias = { 0, NULL };
979 struct HksParamSet *srcParamSet = NULL;
980 struct HksParamSet *destParamSet = NULL;
981 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
982 int32_t ret;
983
984 do {
985 ret = HksChangeStorageLevelUnpack(srcData, &keyAlias, &srcParamSet, &destParamSet);
986 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksChangeStorageLevelUnpack Ipc fail")
987
988 ret = HksGetProcessInfoForIPC(context, &processInfo);
989 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
990
991 ret = HksCheckAcrossAccountsPermission(srcParamSet, processInfo.userIdInt);
992 HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
993 "srcParamSet HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
994
995 ret = HksCheckAcrossAccountsPermission(destParamSet, processInfo.userIdInt);
996 HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
997 "destParamSet HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
998
999 ret = HksServiceChangeStorageLevel(&processInfo, &keyAlias, srcParamSet, destParamSet);
1000 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceChangeStorageLevel fail, ret = %" LOG_PUBLIC "d", ret)
1001 } while (0);
1002
1003 HksSendResponse(context, ret, NULL);
1004
1005 HKS_FREE_BLOB(processInfo.processName);
1006 HKS_FREE_BLOB(processInfo.userId);
1007 }