1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #ifndef CM_TYPE_H
17 #define CM_TYPE_H
18
19 #include <stdbool.h>
20 #include <stdint.h>
21 #include <stdlib.h>
22
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26 #ifndef CM_API_PUBLIC
27 #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */
28 #define CM_API_EXPORT
29 #else
30 #define CM_API_EXPORT __attribute__ ((visibility("default")))
31 #endif
32 #else
33 #define CM_API_EXPORT __attribute__ ((visibility("default")))
34 #endif
35
36 #define MAX_LEN_CERTIFICATE 8196
37
38 #define MAX_LEN_CERTIFICATE_CHAIN (3 * MAX_LEN_CERTIFICATE)
39
40 #define MAX_SUFFIX_LEN 16
41 #define MAX_COUNT_CERTIFICATE 256
42 #define MAX_COUNT_CERTIFICATE_ALL 512
43 #define MAX_LEN_URI 256
44 #define MAX_AUTH_LEN_URI 256
45 #define MAX_LEN_CERT_ALIAS 129 /* include 1 byte: the terminator('\0') */
46 #define MAX_LEN_SUBJECT_NAME 1025 /* include 1 byte: the terminator('\0') */
47 #define MAX_LEN_PACKGE_NAME 64
48 #define MAX_LEN_MAC_KEY 64
49 #define MAX_UINT32_LEN 16
50 #define MAX_LEN_CERT_TYPE 8
51 #define MAX_LEN_PRI_CRED_ALIAS 33 /* include 1 byte: the terminator('\0') */
52
53 #define MAX_LEN_ISSUER_NAME 256
54 #define MAX_LEN_SERIAL 64
55 #define MAX_LEN_NOT_BEFORE 32
56 #define MAX_LEN_NOT_AFTER 32
57 #define MAX_LEN_FINGER_PRINT_SHA256 128
58 #define MAX_LEN_APP_CERT 20480
59 #define MAX_LEN_APP_CERT_PASSWD 33 /* 32位密码 + 1位结束符 */
60
61 #define CERT_MAX_PATH_LEN 256
62 #define CM_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
63 #define INIT_INVALID_VALUE 0xFFFFFFFF
64
65 #define CERT_STATUS_ENABLED ((uint32_t) 0)
66 #define CERT_STATUS_DISABLED ((uint32_t) 1)
67
68 #define ERROR_LEVEL 0
69
70 /*
71 * Align to 4-tuple
72 * Before calling this function, ensure that the size does not overflow after 3 is added.
73 */
74 #define ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2)
75
76 #define CM_BITS_PER_BYTE 8
77 #define CM_KEY_BYTES(keySize) (((keySize) + CM_BITS_PER_BYTE - 1) / CM_BITS_PER_BYTE)
78 #define MAX_OUT_BLOB_SIZE (5 * 1024 * 1024)
79
80 #define CM_CREDENTIAL_STORE 0
81 #define CM_SYSTEM_TRUSTED_STORE 1
82 #define CM_USER_TRUSTED_STORE 2
83 #define CM_PRI_CREDENTIAL_STORE 3
84 #define CM_SYS_CREDENTIAL_STORE 4
85 #define CM_STORE_CHECK(a) \
86 (((a) != CM_CREDENTIAL_STORE) && ((a) != CM_PRI_CREDENTIAL_STORE) && ((a) != CM_SYS_CREDENTIAL_STORE))
87 #define CM_LEVEL_CHECK(a) \
88 (((a) != CM_AUTH_STORAGE_LEVEL_EL1) && ((a) != CM_AUTH_STORAGE_LEVEL_EL2) && ((a) != CM_AUTH_STORAGE_LEVEL_EL4))
89
90 #define CA_STORE_PATH_SYSTEM "/etc/security/certificates"
91 #define CA_STORE_PATH_USER_SANDBOX_BASE "/data/certificates/user_cacerts/"
92 #define CA_STORE_PATH_USER_SERVICE_BASE "/data/service/el1/public/cert_manager_service/certificates/user_open/"
93
94 enum CmKeyDigest {
95 CM_DIGEST_NONE = 0,
96 CM_DIGEST_MD5 = 1,
97 CM_DIGEST_SM3 = 2,
98 CM_DIGEST_SHA1 = 10,
99 CM_DIGEST_SHA224 = 11,
100 CM_DIGEST_SHA256 = 12,
101 CM_DIGEST_SHA384 = 13,
102 CM_DIGEST_SHA512 = 14,
103 };
104
105 enum CmKeyPurpose {
106 CM_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, and SM4 keys. */
107 CM_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, and SM4 keys. */
108 CM_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */
109 CM_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */
110 CM_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */
111 CM_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */
112 CM_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */
113 CM_KEY_PURPOSE_MAC = 128, /* Usable with mac. */
114 CM_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */
115 };
116
117 enum CmKeyPadding {
118 CM_PADDING_NONE = 0,
119 CM_PADDING_OAEP = 1,
120 CM_PADDING_PSS = 2,
121 CM_PADDING_PKCS1_V1_5 = 3,
122 CM_PADDING_PKCS5 = 4,
123 CM_PADDING_PKCS7 = 5,
124 };
125
126 enum CmErrorCode {
127 CM_SUCCESS = 0,
128 CM_FAILURE = -1,
129
130 CMR_ERROR_NOT_PERMITTED = -2,
131 CMR_ERROR_NOT_SUPPORTED = -3,
132 CMR_ERROR_STORAGE = -4,
133 CMR_ERROR_NOT_FOUND = -5,
134 CMR_ERROR_NULL_POINTER = -6,
135 CMR_ERROR_INVALID_ARGUMENT = -7,
136 CMR_ERROR_MAKE_DIR_FAIL = -8,
137 CMR_ERROR_INVALID_OPERATION = -9,
138 CMR_ERROR_OPEN_FILE_FAIL = -10,
139 CMR_ERROR_READ_FILE_ERROR = -11,
140 CMR_ERROR_WRITE_FILE_FAIL = -12,
141 CMR_ERROR_REMOVE_FILE_FAIL = -13,
142 CMR_ERROR_CLOSE_FILE_FAIL = -14,
143 CMR_ERROR_MALLOC_FAIL = -15,
144 CMR_ERROR_NOT_EXIST = -16,
145 CMR_ERROR_ALREADY_EXISTS = -17,
146 CMR_ERROR_INSUFFICIENT_DATA = -18,
147 CMR_ERROR_BUFFER_TOO_SMALL = -19,
148 CMR_ERROR_INVALID_CERT_FORMAT = -20,
149 CMR_ERROR_PARAM_NOT_EXIST = -21,
150 CMR_ERROR_SESSION_REACHED_LIMIT = -22,
151 CMR_ERROR_PERMISSION_DENIED = -23,
152 CMR_ERROR_AUTH_CHECK_FAILED = -24,
153 CMR_ERROR_KEY_OPERATION_FAILED = -25,
154 CMR_ERROR_NOT_SYSTEMP_APP = -26,
155 CMR_ERROR_MAX_CERT_COUNT_REACHED = -27,
156 CMR_ERROR_ALIAS_LENGTH_REACHED_LIMIT = -28,
157 CMR_ERROR_GET_ADVSECMODE_PARAM_FAIL = -29,
158 CMR_ERROR_DEVICE_ENTER_ADVSECMODE = -30,
159 CMR_ERROR_CREATE_RDB_TABLE_FAIL = -31,
160 CMR_ERROR_INSERT_RDB_DATA_FAIL = -32,
161 CMR_ERROR_UPDATE_RDB_DATA_FAIL = -33,
162 CMR_ERROR_DELETE_RDB_DATA_FAIL = -34,
163 CMR_ERROR_QUERY_RDB_DATA_FAIL = -35,
164 CMR_ERROR_PASSWORD_IS_ERR = -36,
165 };
166
167 enum CMDialogErrorCode {
168 CMR_DIALOG_ERROR_INSTALL_FAILED = -5,
169
170 CMR_DIALOG_ERROR_INTERNAL = -1000,
171 CMR_DIALOG_ERROR_OPERATION_CANCELS = -1001,
172 CMR_DIALOG_ERROR_PARSE_CERT_FAILED = -1002,
173 CMR_DIALOG_ERROR_NOT_ENTERPRISE_DEVICE = -1003,
174 CMR_DIALOG_ERROR_ADVANCED_SECURITY = -1004,
175 CMR_DIALOG_ERROR_INCORRECT_FORMAT = -1005,
176 CMR_DIALOG_ERROR_MAX_QUANTITY_REACHED = -1006,
177 CMR_DIALOG_ERROR_SA_INTERNAL_ERROR = -1007,
178 CMR_DIALOG_ERROR_NOT_EXIST = -1008,
179 CMR_DIALOG_ERROR_NOT_SUPPORTED = -1009,
180 CMR_DIALOG_ERROR_PARAM_INVALID = -1010,
181 CMR_DIALOG_ERROR_PERMISSION_DENIED = 1011, /* UIExtension will return 1011 if permission check failed */
182 };
183
184 enum CMErrorCode { /* temp use */
185 CMR_OK = 0,
186 CMR_ERROR = -1,
187 };
188
189 enum CmTagType {
190 CM_TAG_TYPE_INVALID = 0 << 28,
191 CM_TAG_TYPE_INT = 1 << 28,
192 CM_TAG_TYPE_UINT = 2 << 28,
193 CM_TAG_TYPE_ULONG = 3 << 28,
194 CM_TAG_TYPE_BOOL = 4 << 28,
195 CM_TAG_TYPE_BYTES = 5 << 28,
196 };
197
198 enum CmTag {
199 /* Inner-use TAGS used for ipc serialization */
200 CM_TAG_PARAM0_BUFFER = CM_TAG_TYPE_BYTES | 30001,
201 CM_TAG_PARAM1_BUFFER = CM_TAG_TYPE_BYTES | 30002,
202 CM_TAG_PARAM2_BUFFER = CM_TAG_TYPE_BYTES | 30003,
203 CM_TAG_PARAM3_BUFFER = CM_TAG_TYPE_BYTES | 30004,
204 CM_TAG_PARAM4_BUFFER = CM_TAG_TYPE_BYTES | 30005,
205 CM_TAG_PARAM0_UINT32 = CM_TAG_TYPE_UINT | 30006,
206 CM_TAG_PARAM1_UINT32 = CM_TAG_TYPE_UINT | 30007,
207 CM_TAG_PARAM2_UINT32 = CM_TAG_TYPE_UINT | 30008,
208 CM_TAG_PARAM3_UINT32 = CM_TAG_TYPE_UINT | 30009,
209 CM_TAG_PARAM4_UINT32 = CM_TAG_TYPE_UINT | 30010,
210 CM_TAG_PARAM0_BOOL = CM_TAG_TYPE_BOOL | 30011,
211 CM_TAG_PARAM1_BOOL = CM_TAG_TYPE_BOOL | 30012,
212 CM_TAG_PARAM2_BOOL = CM_TAG_TYPE_BOOL | 30013,
213 CM_TAG_PARAM3_BOOL = CM_TAG_TYPE_BOOL | 30014,
214 CM_TAG_PARAM4_BOOL = CM_TAG_TYPE_BOOL | 30015,
215 CM_TAG_PARAM0_NULL = CM_TAG_TYPE_BYTES | 30016,
216 CM_TAG_PARAM1_NULL = CM_TAG_TYPE_BYTES | 30017,
217 CM_TAG_PARAM2_NULL = CM_TAG_TYPE_BYTES | 30018,
218 CM_TAG_PARAM3_NULL = CM_TAG_TYPE_BYTES | 30019,
219 CM_TAG_PARAM4_NULL = CM_TAG_TYPE_BYTES | 30020,
220 };
221
222 #define CM_PARAM_BUFFER_NULL_INTERVAL ((CM_TAG_PARAM0_NULL) - (CM_TAG_PARAM0_BUFFER))
223
224 enum CmSendType {
225 CM_SEND_TYPE_ASYNC = 0,
226 CM_SEND_TYPE_SYNC,
227 };
228
229 struct CmMutableBlob {
230 uint32_t size;
231 uint8_t *data;
232 };
233
234 struct CmContext {
235 uint32_t userId;
236 uint32_t uid;
237 char packageName[MAX_LEN_PACKGE_NAME];
238 };
239
240 struct CmBlob {
241 uint32_t size;
242 uint8_t *data;
243 };
244
245 struct CertBlob {
246 struct CmBlob uri[MAX_COUNT_CERTIFICATE_ALL];
247 struct CmBlob certAlias[MAX_COUNT_CERTIFICATE_ALL];
248 struct CmBlob subjectName[MAX_COUNT_CERTIFICATE_ALL];
249 };
250
251 struct CmAppCertInfo {
252 struct CmBlob appCert;
253 struct CmBlob appCertPwd;
254 };
255
256 struct CertListAbtInfo {
257 uint32_t uriSize;
258 char uri[MAX_LEN_URI];
259 uint32_t aliasSize;
260 char certAlias[MAX_LEN_CERT_ALIAS];
261 uint32_t status;
262 uint32_t subjectNameSize;
263 char subjectName[MAX_LEN_SUBJECT_NAME];
264 };
265
266 struct CertAbstract {
267 char uri[MAX_LEN_URI];
268 char certAlias[MAX_LEN_CERT_ALIAS];
269 bool status;
270 char subjectName[MAX_LEN_SUBJECT_NAME];
271 };
272
273 struct CertList {
274 uint32_t certsCount;
275 struct CertAbstract *certAbstract;
276 };
277
278 struct CertAbtInfo {
279 uint32_t aliasSize;
280 char certAlias[MAX_LEN_CERT_ALIAS];
281 uint32_t status;
282 uint32_t certsize;
283 uint8_t certData[MAX_LEN_CERTIFICATE];
284 };
285
286 struct CertInfo {
287 char uri[MAX_LEN_URI];
288 char certAlias[MAX_LEN_CERT_ALIAS];
289 bool status;
290 char issuerName[MAX_LEN_ISSUER_NAME];
291 char subjectName[MAX_LEN_SUBJECT_NAME];
292 char serial[MAX_LEN_SERIAL];
293 char notBefore[MAX_LEN_NOT_BEFORE];
294 char notAfter[MAX_LEN_NOT_AFTER];
295 char fingerprintSha256[MAX_LEN_FINGER_PRINT_SHA256];
296 struct CmBlob certInfo;
297 };
298
299 struct CertFile {
300 const struct CmBlob *fileName;
301 const struct CmBlob *path;
302 };
303
304 struct CertFileInfo {
305 struct CmBlob fileName;
306 struct CmBlob path;
307 };
308
309 struct CMApp {
310 uint32_t userId;
311 uint32_t uid;
312 const char *packageName;
313 struct CmBlob *appId; // for attestation
314 };
315
316 struct Credential {
317 uint32_t isExist;
318 char type[MAX_LEN_SUBJECT_NAME];
319 char alias[MAX_LEN_CERT_ALIAS];
320 char keyUri[MAX_LEN_URI];
321 uint32_t certNum;
322 uint32_t keyNum;
323 struct CmBlob credData;
324 };
325
326 struct CredentialAbstract {
327 char type[MAX_LEN_SUBJECT_NAME];
328 char alias[MAX_LEN_CERT_ALIAS];
329 char keyUri[MAX_LEN_URI];
330 };
331
332 struct CredentialList {
333 uint32_t credentialCount;
334 struct CredentialAbstract *credentialAbstract;
335 };
336
337 struct AppCert {
338 uint32_t certCount;
339 uint32_t keyCount;
340 uint32_t certSize;
341 uint8_t appCertdata[MAX_LEN_CERTIFICATE_CHAIN];
342 };
343
344 struct CmParam {
345 uint32_t tag;
346 union {
347 bool boolParam;
348 int32_t int32Param;
349 uint32_t uint32Param;
350 uint64_t uint64Param;
351 struct CmBlob blob;
352 };
353 };
354
355 struct CmParamOut {
356 uint32_t tag;
357 union {
358 bool *boolParam;
359 int32_t *int32Param;
360 uint32_t *uint32Param;
361 uint64_t *uint64Param;
362 struct CmBlob *blob;
363 };
364 };
365
366 struct CmParamSet {
367 uint32_t paramSetSize;
368 uint32_t paramsCnt;
369 struct CmParam params[];
370 };
371
372 struct CmAppUidList {
373 uint32_t appUidCount;
374 uint32_t *appUid;
375 };
376
377 struct CmSignatureSpec {
378 uint32_t purpose;
379 uint32_t padding;
380 uint32_t digest;
381 };
382
383 enum CmAuthStorageLevel {
384 CM_AUTH_STORAGE_LEVEL_EL1 = 1,
385 CM_AUTH_STORAGE_LEVEL_EL2 = 2,
386 CM_AUTH_STORAGE_LEVEL_EL4 = 4,
387 };
388
389 struct CmAppCertParam {
390 struct CmBlob *appCert;
391 struct CmBlob *appCertPwd;
392 struct CmBlob *certAlias;
393 uint32_t store;
394 uint32_t userId;
395 enum CmAuthStorageLevel level;
396 };
397
398 struct CertName {
399 struct CmBlob *displayName;
400 struct CmBlob *objectName;
401 struct CmBlob *subjectName;
402 };
403
404 enum CmCertType {
405 CM_CA_CERT_SYSTEM = 0,
406 CM_CA_CERT_USER = 1,
407 };
408
409 enum CmCertScope {
410 CM_ALL_USER = 0,
411 CM_CURRENT_USER = 1,
412 CM_GLOBAL_USER = 2,
413 };
414
415 struct UserCAProperty {
416 uint32_t userId;
417 enum CmCertScope scope;
418 };
419
CmIsAdditionOverflow(uint32_t a,uint32_t b)420 static inline bool CmIsAdditionOverflow(uint32_t a, uint32_t b)
421 {
422 return (UINT32_MAX - a) < b;
423 }
424
CmCheckBlob(const struct CmBlob * blob)425 static inline int32_t CmCheckBlob(const struct CmBlob *blob)
426 {
427 if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) {
428 return CMR_ERROR_INVALID_ARGUMENT;
429 }
430 return CM_SUCCESS;
431 }
432
433 #ifdef __cplusplus
434 }
435 #endif
436
437 #endif /* CM_TYPE_H */
438