1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_type_enum.h"
17 #ifdef HKS_CONFIG_FILE
18 #include HKS_CONFIG_FILE
19 #else
20 #include "hks_config.h"
21 #endif
22
23 #include "hks_api.h"
24
25 #include <inttypes.h>
26 #include <stddef.h>
27 #include <string.h>
28
29 #include "hks_api_adapter.h"
30
31 #include "hks_client_ipc.h"
32 #include "hks_local_engine.h"
33 #include "hks_ability.h"
34 #include "hks_log.h"
35 #include "hks_mem.h"
36 #include "hks_param.h"
37 #include "hks_template.h"
38 #include "hks_type.h"
39 #include "hks_util.h"
40
41 #include "securec.h"
42
43 #ifdef HKS_SUPPORT_API_ATTEST_KEY
44 #include "hks_verifier.h"
45 #endif
46
47 #ifdef _CUT_AUTHENTICATE_
48 #undef HKS_SUPPORT_API_GENERATE_KEY
49 #undef HKS_SUPPORT_API_IMPORT
50 #undef HKS_SUPPORT_API_EXPORT
51 #undef HKS_SUPPORT_API_DELETE_KEY
52 #undef HKS_SUPPORT_API_GET_KEY_PARAM_SET
53 #undef HKS_SUPPORT_API_KEY_EXIST
54 #undef HKS_SUPPORT_API_SIGN_VERIFY
55 #undef HKS_SUPPORT_API_SIGN_VERIFY
56 #undef HKS_SUPPORT_API_AGREE_KEY
57 #undef HKS_SUPPORT_API_HASH
58 #undef HKS_SUPPORT_API_GET_KEY_INFO_LIST
59 #undef HKS_SUPPORT_API_ATTEST_KEY
60 #undef HKS_SUPPORT_API_GET_CERTIFICATE_CHAIN
61 #endif
62
HksGetSdkVersion(struct HksBlob * sdkVersion)63 HKS_API_EXPORT int32_t HksGetSdkVersion(struct HksBlob *sdkVersion)
64 {
65 if ((sdkVersion == NULL) || (sdkVersion->data == NULL)) {
66 return HKS_ERROR_NULL_POINTER;
67 }
68
69 uint32_t versionLen = strlen(HKS_SDK_VERSION);
70 if (sdkVersion->size < (versionLen + 1)) {
71 return HKS_ERROR_INVALID_ARGUMENT;
72 }
73
74 HKS_IF_NOT_EOK_LOGE_RETURN(memcpy_s(sdkVersion->data, sdkVersion->size, HKS_SDK_VERSION, versionLen),
75 HKS_ERROR_INSUFFICIENT_MEMORY, "copy sdkVersion data failed!")
76
77 sdkVersion->data[versionLen] = '\0';
78 sdkVersion->size = versionLen;
79 return HKS_SUCCESS;
80 }
81
HksInitialize(void)82 HKS_API_EXPORT int32_t HksInitialize(void)
83 {
84 #ifndef _CUT_AUTHENTICATE_
85 HKS_LOG_D("enter initialize");
86 int32_t ret = HksClientInitialize();
87 HKS_LOG_D("leave initialize, result = %" LOG_PUBLIC "d", ret);
88 return ret;
89 #else
90 (void)HksCryptoAbilityInit();
91 return HKS_SUCCESS;
92 #endif
93 }
94
HksRefreshKeyInfo(void)95 HKS_API_EXPORT int32_t HksRefreshKeyInfo(void)
96 {
97 #ifndef _CUT_AUTHENTICATE_
98 HKS_LOG_D("enter refresh key info");
99 int32_t ret = HksClientRefreshKeyInfo();
100 HKS_LOG_I("leave refresh key info, result = %" LOG_PUBLIC "d", ret);
101 return ret;
102 #else
103 return HKS_ERROR_API_NOT_SUPPORTED;
104 #endif
105 }
106
HksGenerateKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)107 HKS_API_EXPORT int32_t HksGenerateKey(const struct HksBlob *keyAlias,
108 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut)
109 {
110 #ifdef HKS_SUPPORT_API_GENERATE_KEY
111 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
112 struct HksParam *storageFlag = NULL;
113 int32_t ret = HksGetParam(paramSetIn, HKS_TAG_KEY_STORAGE_FLAG, &storageFlag);
114 if ((ret == HKS_SUCCESS) && (storageFlag->uint32Param == HKS_STORAGE_TEMP)) {
115 if ((paramSetIn == NULL) || (paramSetOut == NULL)) {
116 return HKS_ERROR_NULL_POINTER;
117 }
118 ret = HksLocalGenerateKey(paramSetIn, paramSetOut);
119 HKS_LOG_I("leave generate temp key, result = %" LOG_PUBLIC "d", ret);
120 return ret;
121 }
122
123 /* generate persistent keys */
124 if ((paramSetIn == NULL) || (keyAlias == NULL)) {
125 return HKS_ERROR_NULL_POINTER;
126 }
127 ret = HksClientGenerateKey(keyAlias, paramSetIn, paramSetOut);
128 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
129 return ret;
130 #else
131 (void)keyAlias;
132 (void)paramSetIn;
133 (void)paramSetOut;
134 return HKS_ERROR_API_NOT_SUPPORTED;
135 #endif
136 }
137
HksImportKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,const struct HksBlob * key)138 HKS_API_EXPORT int32_t HksImportKey(const struct HksBlob *keyAlias,
139 const struct HksParamSet *paramSet, const struct HksBlob *key)
140 {
141 #ifdef HKS_SUPPORT_API_IMPORT
142 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
143 if ((keyAlias == NULL) || (paramSet == NULL) || (key == NULL)) {
144 return HKS_ERROR_NULL_POINTER;
145 }
146 int32_t ret = HksImportKeyAdapter(keyAlias, paramSet, key);
147 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
148 return ret;
149 #else
150 (void)keyAlias;
151 (void)paramSet;
152 (void)key;
153 return HKS_ERROR_API_NOT_SUPPORTED;
154 #endif
155 }
156
HksImportWrappedKey(const struct HksBlob * keyAlias,const struct HksBlob * wrappingKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * wrappedKeyData)157 HKS_API_EXPORT int32_t HksImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias,
158 const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData)
159 {
160 #ifdef HKS_SUPPORT_API_IMPORT_WRAPPED_KEY
161 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
162 if ((keyAlias == NULL) || (wrappingKeyAlias == NULL)|| (paramSet == NULL) || (wrappedKeyData == NULL)) {
163 return HKS_ERROR_NULL_POINTER;
164 }
165 int32_t ret = HksClientImportWrappedKey(keyAlias, wrappingKeyAlias, paramSet, wrappedKeyData);
166 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
167 return ret;
168 #else
169 (void)keyAlias;
170 (void)wrappingKeyAlias;
171 (void)paramSet;
172 (void)wrappedKeyData;
173 return HKS_ERROR_API_NOT_SUPPORTED;
174 #endif
175 }
176
HksExportPublicKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * key)177 HKS_API_EXPORT int32_t HksExportPublicKey(const struct HksBlob *keyAlias,
178 const struct HksParamSet *paramSet, struct HksBlob *key)
179 {
180 #ifdef HKS_SUPPORT_API_EXPORT
181 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
182 if ((keyAlias == NULL) || (key == NULL)) {
183 return HKS_ERROR_NULL_POINTER;
184 }
185 int32_t ret = HksExportPublicKeyAdapter(keyAlias, paramSet, key);
186 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
187 return ret;
188 #else
189 (void)keyAlias;
190 (void)paramSet;
191 (void)key;
192 return HKS_ERROR_API_NOT_SUPPORTED;
193 #endif
194 }
195
HksDeleteKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)196 HKS_API_EXPORT int32_t HksDeleteKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet)
197 {
198 #ifdef HKS_SUPPORT_API_DELETE_KEY
199 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
200 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER)
201 int32_t ret = HksClientDeleteKey(keyAlias, paramSet);
202 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
203 return ret;
204 #else
205 (void)keyAlias;
206 (void)paramSet;
207 return HKS_ERROR_API_NOT_SUPPORTED;
208 #endif
209 }
210
HksGetKeyParamSet(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)211 HKS_API_EXPORT int32_t HksGetKeyParamSet(const struct HksBlob *keyAlias,
212 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut)
213 {
214 #ifdef HKS_SUPPORT_API_GET_KEY_PARAM_SET
215 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
216 if ((keyAlias == NULL) || (paramSetOut == NULL)) {
217 return HKS_ERROR_NULL_POINTER;
218 }
219 int32_t ret = HksClientGetKeyParamSet(keyAlias, paramSetIn, paramSetOut);
220 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
221 return ret;
222 #else
223 (void)keyAlias;
224 (void)paramSetIn;
225 (void)paramSetOut;
226 return HKS_ERROR_API_NOT_SUPPORTED;
227 #endif
228 }
229
HksKeyExist(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)230 HKS_API_EXPORT int32_t HksKeyExist(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet)
231 {
232 #ifdef HKS_SUPPORT_API_KEY_EXIST
233 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
234 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER)
235 int32_t ret = HksClientKeyExist(keyAlias, paramSet);
236 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
237 return ret;
238 #else
239 (void)keyAlias;
240 (void)paramSet;
241 return HKS_ERROR_API_NOT_SUPPORTED;
242 #endif
243 }
244
HksGenerateRandom(const struct HksParamSet * paramSet,struct HksBlob * random)245 HKS_API_EXPORT int32_t HksGenerateRandom(const struct HksParamSet *paramSet, struct HksBlob *random)
246 {
247 #ifdef HKS_SUPPORT_API_GENERATE_RANDOM
248 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
249 HKS_IF_NULL_RETURN(random, HKS_ERROR_NULL_POINTER)
250 int32_t ret = HksClientGenerateRandom(random, paramSet);
251 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
252 return ret;
253 #else
254 (void)paramSet;
255 (void)random;
256 return HKS_ERROR_API_NOT_SUPPORTED;
257 #endif
258 }
259
HksSign(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * signature)260 HKS_API_EXPORT int32_t HksSign(const struct HksBlob *key, const struct HksParamSet *paramSet,
261 const struct HksBlob *srcData, struct HksBlob *signature)
262 {
263 #ifdef HKS_SUPPORT_API_SIGN_VERIFY
264 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
265 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) {
266 return HKS_ERROR_NULL_POINTER;
267 }
268
269 struct HksParam *isKeyAlias = NULL;
270 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
271 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
272 return HksLocalSign(key, paramSet, srcData, signature);
273 }
274
275 ret = HksClientSign(key, paramSet, srcData, signature);
276 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
277 return ret;
278 #else
279 (void)key;
280 (void)paramSet;
281 (void)srcData;
282 (void)signature;
283 return HKS_ERROR_API_NOT_SUPPORTED;
284 #endif
285 }
286
HksVerify(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,const struct HksBlob * signature)287 HKS_API_EXPORT int32_t HksVerify(const struct HksBlob *key, const struct HksParamSet *paramSet,
288 const struct HksBlob *srcData, const struct HksBlob *signature)
289 {
290 #ifdef HKS_SUPPORT_API_SIGN_VERIFY
291 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
292 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) {
293 return HKS_ERROR_NULL_POINTER;
294 }
295
296 struct HksParam *isKeyAlias = NULL;
297 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
298 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
299 ret = HksLocalVerify(key, paramSet, srcData, signature);
300 HKS_LOG_I("leave verify with plain key, result = %" LOG_PUBLIC "d", ret);
301 return ret;
302 }
303 ret = HksClientVerify(key, paramSet, srcData, signature);
304 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
305 return ret;
306 #else
307 (void)key;
308 (void)paramSet;
309 (void)srcData;
310 (void)signature;
311 return HKS_ERROR_API_NOT_SUPPORTED;
312 #endif
313 }
314
HksEncrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * plainText,struct HksBlob * cipherText)315 HKS_API_EXPORT int32_t HksEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
316 const struct HksBlob *plainText, struct HksBlob *cipherText)
317 {
318 #ifdef HKS_SUPPORT_API_CIPHER
319 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
320 if ((key == NULL) || (paramSet == NULL) || (plainText == NULL) || (cipherText == NULL)) {
321 return HKS_ERROR_NULL_POINTER;
322 }
323
324 struct HksParam *isKeyAlias = NULL;
325 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
326 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
327 ret = HksLocalEncrypt(key, paramSet, plainText, cipherText);
328 HKS_LOG_I("leave encrypt with plain key, result = %" LOG_PUBLIC "d", ret);
329 return ret;
330 }
331 #ifndef _CUT_AUTHENTICATE_
332 ret = HksClientEncrypt(key, paramSet, plainText, cipherText);
333 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
334 return ret;
335 #else
336 return HKS_ERROR_NOT_SUPPORTED;
337 #endif
338 #else
339 (void)key;
340 (void)paramSet;
341 (void)plainText;
342 (void)cipherText;
343 return HKS_ERROR_API_NOT_SUPPORTED;
344 #endif
345 }
346
HksDecrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * cipherText,struct HksBlob * plainText)347 HKS_API_EXPORT int32_t HksDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
348 const struct HksBlob *cipherText, struct HksBlob *plainText)
349 {
350 #ifdef HKS_SUPPORT_API_CIPHER
351 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
352 if ((key == NULL) || (paramSet == NULL) || (cipherText == NULL) || (plainText == NULL)) {
353 return HKS_ERROR_NULL_POINTER;
354 }
355
356 struct HksParam *isKeyAlias = NULL;
357 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
358 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
359 ret = HksLocalDecrypt(key, paramSet, cipherText, plainText);
360 HKS_LOG_I("leave decrypt with plain key, result = %" LOG_PUBLIC "d", ret);
361 return ret;
362 }
363 #ifndef _CUT_AUTHENTICATE_
364 ret = HksClientDecrypt(key, paramSet, cipherText, plainText);
365 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
366 return ret;
367 #else
368 return HKS_ERROR_NOT_SUPPORTED;
369 #endif
370 #else
371 (void)key;
372 (void)paramSet;
373 (void)plainText;
374 (void)cipherText;
375 return HKS_ERROR_API_NOT_SUPPORTED;
376 #endif
377 }
378
HksAgreeKey(const struct HksParamSet * paramSet,const struct HksBlob * privateKey,const struct HksBlob * peerPublicKey,struct HksBlob * agreedKey)379 HKS_API_EXPORT int32_t HksAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey,
380 const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey)
381 {
382 #ifdef HKS_SUPPORT_API_AGREE_KEY
383 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
384 if ((paramSet == NULL) || (privateKey == NULL) || (peerPublicKey == NULL) || (agreedKey == NULL)) {
385 return HKS_ERROR_NULL_POINTER;
386 }
387
388 struct HksParam *isKeyAlias = NULL;
389 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
390 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
391 ret = HksLocalAgreeKey(paramSet, privateKey, peerPublicKey, agreedKey);
392 HKS_LOG_I("leave agree key with plain key, result = %" LOG_PUBLIC "d", ret);
393 return ret;
394 }
395
396 ret = HksAgreeKeyAdapter(paramSet, privateKey, peerPublicKey, agreedKey);
397 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
398 return ret;
399 #else
400 (void)paramSet;
401 (void)privateKey;
402 (void)peerPublicKey;
403 (void)agreedKey;
404 return HKS_ERROR_API_NOT_SUPPORTED;
405 #endif
406 }
407
HksDeriveKey(const struct HksParamSet * paramSet,const struct HksBlob * mainKey,struct HksBlob * derivedKey)408 HKS_API_EXPORT int32_t HksDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey,
409 struct HksBlob *derivedKey)
410 {
411 #ifdef HKS_SUPPORT_API_DERIVE_KEY
412 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
413 if ((paramSet == NULL) || (mainKey == NULL) || (derivedKey == NULL)) {
414 return HKS_ERROR_NULL_POINTER;
415 }
416
417 struct HksParam *isKeyAlias = NULL;
418 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
419 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
420 ret = HksLocalDeriveKey(paramSet, mainKey, derivedKey);
421 HKS_LOG_I("leave derive key with plain key, result = %" LOG_PUBLIC "d", ret);
422 return ret;
423 }
424 #ifndef _CUT_AUTHENTICATE_
425 ret = HksClientDeriveKey(paramSet, mainKey, derivedKey);
426 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
427 return ret;
428 #else
429 return HKS_ERROR_NOT_SUPPORTED;
430 #endif
431 #else
432 (void)paramSet;
433 (void)mainKey;
434 (void)derivedKey;
435 return HKS_ERROR_API_NOT_SUPPORTED;
436 #endif
437 }
438
HksMac(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * mac)439 HKS_API_EXPORT int32_t HksMac(const struct HksBlob *key, const struct HksParamSet *paramSet,
440 const struct HksBlob *srcData, struct HksBlob *mac)
441 {
442 #ifdef HKS_SUPPORT_API_MAC
443 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
444 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (mac == NULL)) {
445 return HKS_ERROR_NULL_POINTER;
446 }
447
448 struct HksParam *isKeyAlias = NULL;
449 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
450 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
451 ret = HksLocalMac(key, paramSet, srcData, mac);
452 HKS_LOG_I("leave mac with plain key, result = %" LOG_PUBLIC "d", ret);
453 return ret;
454 }
455 #ifndef _CUT_AUTHENTICATE_
456 ret = HksClientMac(key, paramSet, srcData, mac);
457 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
458 return ret;
459 #else
460 return HKS_ERROR_NOT_SUPPORTED;
461 #endif
462 #else
463 (void)key;
464 (void)paramSet;
465 (void)srcData;
466 (void)mac;
467 return HKS_ERROR_API_NOT_SUPPORTED;
468 #endif
469 }
470
HksHash(const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * hash)471 HKS_API_EXPORT int32_t HksHash(const struct HksParamSet *paramSet,
472 const struct HksBlob *srcData, struct HksBlob *hash)
473 {
474 #ifdef HKS_SUPPORT_API_HASH
475 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
476 if ((paramSet == NULL) || (srcData == NULL) || (hash == NULL)) {
477 return HKS_ERROR_NULL_POINTER;
478 }
479 int32_t ret = HksLocalHash(paramSet, srcData, hash);
480 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
481 return ret;
482 #else
483 (void)paramSet;
484 (void)srcData;
485 (void)hash;
486 return HKS_ERROR_API_NOT_SUPPORTED;
487 #endif
488 }
489
HksGetKeyInfoList(const struct HksParamSet * paramSet,struct HksKeyInfo * keyInfoList,uint32_t * listCount)490 HKS_API_EXPORT int32_t HksGetKeyInfoList(const struct HksParamSet *paramSet,
491 struct HksKeyInfo *keyInfoList, uint32_t *listCount)
492 {
493 #ifdef HKS_SUPPORT_API_GET_KEY_INFO_LIST
494 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
495 if ((keyInfoList == NULL) || (listCount == NULL)) {
496 return HKS_ERROR_NULL_POINTER;
497 }
498 int32_t ret = HksClientGetKeyInfoList(paramSet, keyInfoList, listCount);
499 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
500 return ret;
501 #else
502 (void)paramSet;
503 (void)keyInfoList;
504 (void)listCount;
505 return HKS_ERROR_API_NOT_SUPPORTED;
506 #endif
507 }
508
509 #ifdef HKS_SUPPORT_API_ATTEST_KEY
ConstructNewAttestParamSet(const struct HksParamSet * paramSet,enum HksAttestationMode mode,struct HksParamSet ** newParamSet)510 static int32_t ConstructNewAttestParamSet(const struct HksParamSet *paramSet, enum HksAttestationMode mode,
511 struct HksParamSet **newParamSet)
512 {
513 int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize);
514 if (ret != HKS_SUCCESS) {
515 HKS_LOG_E("check paramSet fail");
516 return ret;
517 }
518 ret = HksInitParamSet(newParamSet);
519 if (ret != HKS_SUCCESS) {
520 HKS_LOG_E("init paramSet fail");
521 return ret;
522 }
523 do {
524 ret = HksAddParams(*newParamSet, paramSet->params, paramSet->paramsCnt);
525 if (ret != HKS_SUCCESS) {
526 HKS_LOG_E("copy params fail");
527 break;
528 }
529 struct HksParam attestMode = {
530 .tag = HKS_TAG_ATTESTATION_MODE,
531 .uint32Param = mode,
532 };
533 ret = HksAddParams(*newParamSet, &attestMode, 1);
534 if (ret != HKS_SUCCESS) {
535 HKS_LOG_E("add param attestMode fail");
536 break;
537 }
538 ret = HksBuildParamSet(newParamSet);
539 if (ret != HKS_SUCCESS) {
540 HKS_LOG_E("build paramSet fail");
541 break;
542 }
543 return HKS_SUCCESS;
544 } while (false);
545 HksFreeParamSet(newParamSet);
546 return ret;
547 }
548 #endif
549
HksAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)550 HKS_API_EXPORT int32_t HksAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
551 struct HksCertChain *certChain)
552 {
553 #ifdef HKS_SUPPORT_API_ATTEST_KEY
554 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
555 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) {
556 return HKS_ERROR_NULL_POINTER;
557 }
558 struct HksParamSet *newParamSet = NULL;
559 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_DEFAULT, &newParamSet);
560 if (ret != HKS_SUCCESS) {
561 HKS_LOG_E("construct new paramSet for attest key fail");
562 return ret;
563 }
564
565 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, false);
566 HksFreeParamSet(&newParamSet);
567 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
568 return ret;
569 #else
570 (void)keyAlias;
571 (void)paramSet;
572 (void)certChain;
573 return HKS_ERROR_API_NOT_SUPPORTED;
574 #endif
575 }
576
HksAnonAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)577 HKS_API_EXPORT int32_t HksAnonAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
578 struct HksCertChain *certChain)
579 {
580 #ifdef HKS_SUPPORT_API_ATTEST_KEY
581 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
582 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) {
583 return HKS_ERROR_NULL_POINTER;
584 }
585 struct HksParamSet *newParamSet = NULL;
586 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_ANONYMOUS, &newParamSet);
587 if (ret != HKS_SUCCESS) {
588 HKS_LOG_E("construct new paramSet for anonn attest key fail");
589 return ret;
590 }
591
592 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, true);
593 HksFreeParamSet(&newParamSet);
594 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
595 return ret;
596 #else
597 (void)keyAlias;
598 (void)paramSet;
599 (void)certChain;
600 return HKS_ERROR_API_NOT_SUPPORTED;
601 #endif
602 }
603
HksGetCertificateChain(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)604 HKS_API_EXPORT int32_t HksGetCertificateChain(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
605 struct HksCertChain *certChain)
606 {
607 (void)keyAlias;
608 (void)paramSet;
609 (void)certChain;
610 return HKS_ERROR_API_NOT_SUPPORTED;
611 }
612
HksWrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksParamSet * paramSet,struct HksBlob * wrappedData)613 HKS_API_EXPORT int32_t HksWrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias,
614 const struct HksParamSet *paramSet, struct HksBlob *wrappedData)
615 {
616 (void)keyAlias;
617 (void)targetKeyAlias;
618 (void)paramSet;
619 (void)wrappedData;
620 return HKS_ERROR_API_NOT_SUPPORTED;
621 }
622
HksUnwrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksBlob * wrappedData,const struct HksParamSet * paramSet)623 HKS_API_EXPORT int32_t HksUnwrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias,
624 const struct HksBlob *wrappedData, const struct HksParamSet *paramSet)
625 {
626 (void)keyAlias;
627 (void)targetKeyAlias;
628 (void)paramSet;
629 (void)wrappedData;
630 return HKS_ERROR_API_NOT_SUPPORTED;
631 }
632
HksBnExpMod(struct HksBlob * x,const struct HksBlob * a,const struct HksBlob * e,const struct HksBlob * n)633 HKS_API_EXPORT int32_t HksBnExpMod(struct HksBlob *x, const struct HksBlob *a,
634 const struct HksBlob *e, const struct HksBlob *n)
635 {
636 #ifdef HKS_SUPPORT_API_BN_EXP_MOD
637 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
638 if ((x == NULL) || (a == NULL) || (e == NULL) || (n == NULL)) {
639 return HKS_ERROR_NULL_POINTER;
640 }
641
642 int32_t ret = HksLocalBnExpMod(x, a, e, n);
643 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
644 return ret;
645 #else
646 (void)x;
647 (void)a;
648 (void)e;
649 (void)n;
650 return HKS_ERROR_API_NOT_SUPPORTED;
651 #endif
652 }
653
654 /*
655 * Currently, the device certificate and device key are implemented using stubs.
656 * By default, the device key exists.
657 */
HcmIsDeviceKeyExist(const struct HksParamSet * paramSet)658 HKS_API_EXPORT int32_t HcmIsDeviceKeyExist(const struct HksParamSet *paramSet)
659 {
660 (void)paramSet;
661 return HKS_SUCCESS;
662 }
663
HksValidateCertChain(const struct HksCertChain * certChain,struct HksParamSet * paramSetOut)664 HKS_API_EXPORT int32_t HksValidateCertChain(const struct HksCertChain *certChain, struct HksParamSet *paramSetOut)
665 {
666 #ifdef HKS_SUPPORT_API_ATTEST_KEY
667 HKS_LOG_D("enter validate cert chain");
668 if ((paramSetOut == NULL) || (certChain == NULL)) {
669 return HKS_ERROR_NULL_POINTER;
670 }
671 int32_t ret = HksClientValidateCertChain(certChain, paramSetOut);
672 HKS_LOG_I("leave validate cert chain, result = %" LOG_PUBLIC "d", ret);
673 return ret;
674 #else
675 (void)certChain;
676 (void)paramSetOut;
677 return HKS_ERROR_API_NOT_SUPPORTED;
678 #endif
679 }
680
HksInit(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * handle,struct HksBlob * token)681 HKS_API_EXPORT int32_t HksInit(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
682 struct HksBlob *handle, struct HksBlob *token)
683 {
684 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
685 if ((keyAlias == NULL) || (paramSet == NULL) || (handle == NULL)) { /* token can be null */
686 HKS_LOG_E("the pointer param entered is invalid");
687 return HKS_ERROR_NULL_POINTER;
688 }
689
690 int32_t ret = HksClientInit(keyAlias, paramSet, handle, token);
691 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
692 return ret;
693 }
694
HksUpdate(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)695 HKS_API_EXPORT int32_t HksUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet,
696 const struct HksBlob *inData, struct HksBlob *outData)
697 {
698 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
699 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) {
700 HKS_LOG_E("the pointer param entered is invalid");
701 return HKS_ERROR_NULL_POINTER;
702 }
703
704 int32_t ret = HksClientUpdate(handle, paramSet, inData, outData);
705 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
706 return ret;
707 }
708
HksFinish(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)709 HKS_API_EXPORT int32_t HksFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet,
710 const struct HksBlob *inData, struct HksBlob *outData)
711 {
712 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
713 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) {
714 HKS_LOG_E("the pointer param entered is invalid");
715 return HKS_ERROR_NULL_POINTER;
716 }
717
718 int32_t ret = HksClientFinish(handle, paramSet, inData, outData);
719 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
720 return ret;
721 }
722
HksAbort(const struct HksBlob * handle,const struct HksParamSet * paramSet)723 HKS_API_EXPORT int32_t HksAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet)
724 {
725 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
726 if ((handle == NULL) || (paramSet == NULL)) {
727 HKS_LOG_E("the pointer param entered is invalid");
728 return HKS_ERROR_NULL_POINTER;
729 }
730
731 int32_t ret = HksClientAbort(handle, paramSet);
732 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
733 return ret;
734 }
735
HksListAliases(const struct HksParamSet * paramSet,struct HksKeyAliasSet ** outData)736 HKS_API_EXPORT int32_t HksListAliases(const struct HksParamSet *paramSet, struct HksKeyAliasSet **outData)
737 {
738 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
739 if (paramSet == NULL || outData == NULL) {
740 return HKS_ERROR_NULL_POINTER;
741 }
742 int32_t ret = HksClientListAliases(paramSet, outData);
743 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
744 return ret;
745 }
746
HksRenameKeyAlias(const struct HksBlob * oldKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * newKeyAlias)747 HKS_API_EXPORT int32_t HksRenameKeyAlias(const struct HksBlob *oldKeyAlias, const struct HksParamSet *paramSet,
748 const struct HksBlob *newKeyAlias)
749 {
750 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
751 if (oldKeyAlias == NULL || paramSet == NULL || newKeyAlias == NULL) {
752 return HKS_ERROR_NULL_POINTER;
753 }
754 int32_t ret = HksClientRenameKeyAlias(oldKeyAlias, paramSet, newKeyAlias);
755 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
756 return ret;
757 }
758
HksChangeStorageLevel(const struct HksBlob * keyAlias,const struct HksParamSet * srcParamSet,const struct HksParamSet * destParamSet)759 HKS_API_EXPORT int32_t HksChangeStorageLevel(const struct HksBlob *keyAlias, const struct HksParamSet *srcParamSet,
760 const struct HksParamSet *destParamSet)
761 {
762 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
763 if (keyAlias == NULL || srcParamSet == NULL || destParamSet == NULL) {
764 HKS_LOG_E("the pointer param entered is invalid");
765 return HKS_ERROR_NULL_POINTER;
766 }
767 int32_t ret = HksClientChangeStorageLevel(keyAlias, srcParamSet, destParamSet);
768 HKS_LOG_I("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
769 return ret;
770 }
771
HksGetErrorMsg(void)772 HKS_API_EXPORT const char *HksGetErrorMsg(void)
773 {
774 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
775
776 #ifdef L2_STANDARD
777 return HksGetThreadErrorMsg();
778 #endif
779 return NULL;
780 }