• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @file hks_type.h
18  *
19  * @brief Declares huks type.
20  *
21  * @since 8
22  */
23 
24 #ifndef HKS_TYPE_H
25 #define HKS_TYPE_H
26 
27 #include "hks_type_enum.h"
28 
29 #include <stdbool.h>
30 #include <stdint.h>
31 #include <stdlib.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 #ifndef HKS_API_PUBLIC
38     #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */
39         #define HKS_API_EXPORT
40     #else
41         #define HKS_API_EXPORT __attribute__ ((visibility("default")))
42     #endif
43 #else
44     #define HKS_API_EXPORT __attribute__ ((visibility("default")))
45 #endif
46 
47 #define HKS_SDK_VERSION "2.0.0.4"
48 
49 /*
50  * Align to 4-tuple
51  * Before calling this function, ensure that the size does not overflow after 3 is added.
52  */
53 #define ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2)
54 #define DEFAULT_ALIGN_MASK_SIZE 3
55 
56 #define HKS_AE_TAG_LEN 16
57 #define HKS_BITS_PER_BYTE 8
58 #define MAX_KEY_SIZE 2048
59 #define HKS_AE_TAG_LEN 16
60 #define HKS_AE_NONCE_LEN 12
61 #define HKS_MAX_KEY_ALIAS_LEN 128
62 #define HKS_MAX_PROCESS_NAME_LEN 50
63 #define HKS_MAX_RANDOM_LEN 1024
64 #define HKS_KEY_BYTES(keySize) (((keySize) + HKS_BITS_PER_BYTE - 1) / HKS_BITS_PER_BYTE)
65 #define HKS_SIGNATURE_MIN_SIZE 64
66 #define HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
67 #define MAX_OUT_BLOB_SIZE (5 * 1024 * 1024)
68 #define HKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024)
69 #define HKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10
70 
71 #define TOKEN_CHALLENGE_LEN 32
72 #define UDID_LEN 64
73 #define SHA256_SIGN_LEN 32
74 #define TOKEN_SIZE 32
75 #define MAX_AUTH_TIMEOUT_SECOND 600
76 #define SECURE_SIGN_VERSION 0x01000001
77 
78 #define HKS_CERT_COUNT 4
79 #define HKS_CERT_ROOT_SIZE 2048
80 #define HKS_CERT_CA_SIZE 2048
81 #define HKS_CERT_DEVICE_SIZE 2048
82 #define HKS_CERT_APP_SIZE 4096
83 
84 #define HKS_MAX_FILE_SIZE 10240
85 
86 #define HKS_KEY_BLOB_AT_KEY_SIZE 256
87 #define HKS_KEY_BLOB_AT_KEY_BYTES 32
88 
89 #define HKS_MAX_KEY_ALIAS_COUNT 2048
90 #define MAX_ERROR_MESSAGE_LEN 512
91 
92 /**
93  * @brief hks blob
94  */
95 struct HksBlob {
96     uint32_t size;
97     uint8_t *data;
98 };
99 
100 /**
101  * @brief hks param
102  */
103 struct HksParam {
104     uint32_t tag;
105     union {
106         bool boolParam;
107         int32_t int32Param;
108         uint32_t uint32Param;
109         uint64_t uint64Param;
110         struct HksBlob blob;
111     };
112 };
113 
114 /**
115  * @brief hks param set
116  */
117 struct HksParamSet {
118     uint32_t paramSetSize;
119     uint32_t paramsCnt;
120     struct HksParam params[];
121 };
122 
123 /**
124  * @brief hks certificate chain
125  */
126 struct HksCertChain {
127     struct HksBlob *certs;
128     uint32_t certsCount;
129 };
130 
131 /**
132  * @brief hks key info
133  */
134 struct HksKeyInfo {
135     struct HksBlob alias;
136     struct HksParamSet *paramSet;
137 };
138 
139 /**
140  * @brief hks public key info
141  */
142 struct HksPubKeyInfo {
143     enum HksKeyAlg keyAlg;
144     uint32_t keySize;
145     uint32_t nOrXSize;
146     uint32_t eOrYSize;
147     uint32_t placeHolder;
148 };
149 
150 /**
151  * @brief hks rsa key material
152  */
153 struct HksKeyMaterialRsa {
154     enum HksKeyAlg keyAlg;
155     uint32_t keySize;
156     uint32_t nSize;
157     uint32_t eSize;
158     uint32_t dSize;
159 };
160 
161 /**
162  * @brief hks ecc key material
163  */
164 struct HksKeyMaterialEcc {
165     enum HksKeyAlg keyAlg;
166     uint32_t keySize;
167     uint32_t xSize;
168     uint32_t ySize;
169     uint32_t zSize;
170 };
171 
172 /**
173  * @brief hks dsa key material
174  */
175 struct HksKeyMaterialDsa {
176     enum HksKeyAlg keyAlg;
177     uint32_t keySize;
178     uint32_t xSize;
179     uint32_t ySize;
180     uint32_t pSize;
181     uint32_t qSize;
182     uint32_t gSize;
183 };
184 
185 /**
186  * @brief hks dh key material
187  */
188 struct HksKeyMaterialDh {
189     enum HksKeyAlg keyAlg;
190     uint32_t keySize;
191     uint32_t pubKeySize;
192     uint32_t priKeySize;
193     uint32_t reserved;
194 };
195 
196 /**
197  * @brief hks 25519 key material
198  */
199 struct HksKeyMaterial25519 {
200     enum HksKeyAlg keyAlg;
201     uint32_t keySize;
202     uint32_t pubKeySize;
203     uint32_t priKeySize;
204     uint32_t reserved;
205 };
206 
207 /**
208  * @brief hks user auth token plaintext data
209  * @see `TokenDataPlain` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
210  */
211 typedef struct HksPlaintextData {
212     uint8_t challenge[TOKEN_SIZE];
213     uint64_t time;
214     uint32_t authTrustLevel;
215     uint32_t authType;
216     uint32_t authMode;
217     uint32_t securityLevel;
218     /**
219      * @see `enum TokenType` in `drivers/peripheral/user_auth/hdi_service/common/inc/defines.h`
220      */
221     uint32_t tokenType;
222 } __attribute__((__packed__)) HksPlaintextData;
223 
224 /**
225  * @brief hks user auth token ciphertext data
226  * @see `TokenDataToEncrypt` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
227  */
228 typedef struct HksCiphertextData {
229     int32_t userId;
230     uint64_t secureUid;
231     uint64_t enrolledId;
232     uint64_t credentialId;
233     uint8_t collectorUdid[UDID_LEN];
234     uint8_t verifierUdid[UDID_LEN];
235 } __attribute__((__packed__)) HksCiphertextData;
236 
237 /**
238  * @brief hks user auth token
239  * @see `UserAuthTokenHal` in `drivers/peripheral/user_auth/hdi_service/user_auth/inc/user_sign_centre.h`
240  */
241 typedef struct __attribute__((__packed__)) HksUserAuthToken {
242     uint32_t version;
243     HksPlaintextData plaintextData;
244     HksCiphertextData ciphertextData;
245     uint8_t tag[HKS_AE_TAG_LEN];
246     uint8_t iv[HKS_AE_NONCE_LEN];
247     uint8_t sign[SHA256_SIGN_LEN];
248 } __attribute__((__packed__)) HksUserAuthToken;
249 
250 /**
251  * @brief hks user auth token key
252  */
253 struct HksAuthTokenKey {
254     uint8_t macKey[HKS_KEY_BLOB_AT_KEY_BYTES];
255     uint8_t cipherKey[HKS_KEY_BLOB_AT_KEY_BYTES];
256 };
257 
258 /**
259  * @brief hks secure sign auth info
260  */
261 typedef struct __attribute__((__packed__)) HksSecureSignAuthInfo {
262     uint32_t userAuthType;
263     uint64_t authenticatorId;
264     uint64_t credentialId;
265 } __attribute__((__packed__)) HksSecureSignAuthInfo;
266 
267 struct EnrolledInfoWrap {
268     enum HksUserAuthType authType;
269     uint64_t enrolledId;
270 };
271 
272 struct SecInfoWrap {
273     uint64_t secureUid;
274     uint32_t enrolledInfoLen;
275     struct EnrolledInfoWrap *enrolledInfo;
276 };
277 
278 /**
279  * @brief hks alias set
280  */
281 struct HksKeyAliasSet {
282     uint32_t aliasesCnt;
283     struct HksBlob *aliases;
284 };
285 
286 
287 #define HKS_DERIVE_DEFAULT_SALT_LEN 16
288 #define HKS_HMAC_DIGEST_SHA512_LEN 64
289 #define HKS_DEFAULT_RANDOM_LEN 16
290 #define HKS_MAX_KEY_AUTH_ID_LEN 64
291 #define HKS_KEY_MATERIAL_NUM 3
292 #define HKS_MAX_KEY_LEN (HKS_KEY_BYTES(HKS_RSA_KEY_SIZE_4096) * HKS_KEY_MATERIAL_NUM)
293 #define HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct HksPubKeyInfo) + HKS_MAX_KEY_LEN + HKS_AE_TAG_LEN)
294 
295 /**
296  * @brief hks store header info
297  */
298 struct HksStoreHeaderInfo {
299     uint16_t version;
300     uint16_t keyCount;
301     uint32_t totalLen; /* key buffer total len */
302     uint32_t sealingAlg;
303     uint8_t salt[HKS_DERIVE_DEFAULT_SALT_LEN];
304     uint8_t hmac[HKS_HMAC_DIGEST_SHA512_LEN];
305 };
306 
307 /**
308  * @brief hks store key info
309  */
310 struct HksStoreKeyInfo {
311     uint16_t keyInfoLen; /* current keyinfo len */
312     uint16_t keySize;    /* keySize of key from crypto hal after encrypted */
313     uint8_t random[HKS_DEFAULT_RANDOM_LEN];
314     uint8_t flag;        /* import or generate key */
315     uint8_t keyAlg;
316     uint8_t keyMode;
317     uint8_t digest;
318     uint8_t padding;
319     uint8_t rsv;
320     uint16_t keyLen;     /* keyLen from paramset, e.g. aes-256 */
321     uint32_t purpose;
322     uint32_t role;
323     uint16_t domain;
324     uint8_t aliasSize;
325     uint8_t authIdSize;
326 };
327 
328 struct ErrorInfoHead {
329     int32_t version;
330     int32_t errorType;
331     int32_t innerErrCode;
332     int32_t extErrCode;
333 };
334 
335 struct ErrorInfo {
336     struct ErrorInfoHead head;
337     char erMsg[MAX_ERROR_MESSAGE_LEN + 1];
338 };
339 
340 /**
341  * @brief hks 25519 key pair
342  */
343 struct Hks25519KeyPair {
344     uint32_t publicBufferSize;
345     uint32_t privateBufferSize;
346 };
347 
IsAdditionOverflow(uint32_t a,uint32_t b)348 static inline bool IsAdditionOverflow(uint32_t a, uint32_t b)
349 {
350     return (UINT32_MAX - a) < b;
351 }
352 
IsInvalidLength(uint32_t length)353 static inline bool IsInvalidLength(uint32_t length)
354 {
355     return (length == 0) || (length > MAX_OUT_BLOB_SIZE);
356 }
357 
CheckBlob(const struct HksBlob * blob)358 static inline int32_t CheckBlob(const struct HksBlob *blob)
359 {
360     if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) {
361         return HKS_ERROR_INVALID_ARGUMENT;
362     }
363     return HKS_SUCCESS;
364 }
365 
366 #ifdef __cplusplus
367 }
368 #endif
369 
370 #endif /* HKS_TYPE_H */
371