1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define HUKS_DISABLE_LOG_AT_FILE_TO_REDUCE_ROM_SIZE
16
17 #ifndef _CUT_AUTHENTICATE_
18
19 #include "hks_keynode.h"
20
21 #include <stdatomic.h>
22 #include <stddef.h>
23
24 #include "hks_crypto_hal.h"
25 #include "hks_keyblob.h"
26 #include "hks_log.h"
27 #include "hks_mem.h"
28 #include "hks_param.h"
29 #include "hks_template.h"
30 #include "securec.h"
31 #include "hks_util.h"
32 #include "hks_type_inner.h"
33
34 #define S_TO_MS 1000
35 #define MAX_RETRY_CHECK_UNIQUE_HANDLE_TIME 10
36 #define INVALID_TOKEN_ID 0U
37 #define MAX_KEY_NODES_COUNT 96
38
39 #ifdef HKS_SUPPORT_ACCESS_TOKEN
40 #define MAX_KEY_NODES_EACH_TOKEN_ID 32
41 #else
42 #define MAX_KEY_NODES_EACH_TOKEN_ID MAX_KEY_NODES_COUNT
43 #endif
44
45 static struct DoubleList g_keyNodeList = { &g_keyNodeList, &g_keyNodeList };
46 static volatile atomic_uint g_keyNodeCount = 0;
47 static HksMutex *g_huksMutex = NULL; /* global mutex using in keynode */
48
HksGetHuksMutex(void)49 HksMutex *HksGetHuksMutex(void)
50 {
51 if (g_huksMutex == NULL) {
52 HKS_LOG_E("Hks mutex init failed, reinit!");
53 g_huksMutex = HksMutexCreate();
54 HKS_IF_NULL_LOGE_RETURN(g_huksMutex, NULL, "Hks mutex reinit failed!")
55 }
56
57 return g_huksMutex;
58 }
59
HksInitHuksMutex(void)60 int32_t HksInitHuksMutex(void)
61 {
62 if (g_huksMutex == NULL) {
63 g_huksMutex = HksMutexCreate();
64 if (g_huksMutex == NULL) {
65 HKS_LOG_E("create huks mutex failed!");
66 return HKS_ERROR_NULL_POINTER;
67 }
68 }
69 return HKS_SUCCESS;
70 }
71
HksDestroyHuksMutex(void)72 void HksDestroyHuksMutex(void)
73 {
74 if (g_huksMutex != NULL) {
75 HksMutexClose(g_huksMutex);
76 g_huksMutex = NULL;
77 }
78 }
79
FreeKeyBlobParamSet(struct HksParamSet ** paramSet)80 static void FreeKeyBlobParamSet(struct HksParamSet **paramSet)
81 {
82 if ((paramSet == NULL) || (*paramSet == NULL)) {
83 HKS_LOG_E("invalid keyblob paramset");
84 return;
85 }
86 struct HksParam *keyParam = NULL;
87 int32_t ret = HksGetParam(*paramSet, HKS_TAG_KEY, &keyParam);
88 if (ret != HKS_SUCCESS) {
89 HKS_LOG_E("get key param failed!");
90 HksFreeParamSet(paramSet);
91 return;
92 }
93 (void)memset_s(keyParam->blob.data, keyParam->blob.size, 0, keyParam->blob.size);
94 HksFreeParamSet(paramSet);
95 }
96
SetAesCcmModeTag(struct HksParamSet * paramSet,const uint32_t alg,const uint32_t pur,bool * tag)97 static int32_t SetAesCcmModeTag(struct HksParamSet *paramSet, const uint32_t alg, const uint32_t pur, bool *tag)
98 {
99 if (alg != HKS_ALG_AES) {
100 *tag = false;
101 return HKS_SUCCESS;
102 }
103
104 if (pur != HKS_KEY_PURPOSE_ENCRYPT && pur != HKS_KEY_PURPOSE_DECRYPT) {
105 *tag = false;
106 return HKS_SUCCESS;
107 }
108
109 struct HksParam *modParam = NULL;
110 int32_t ret = HksGetParam(paramSet, HKS_TAG_BLOCK_MODE, &modParam);
111 if (ret != HKS_SUCCESS) {
112 HKS_LOG_E("aes get block mode tag fail");
113 return HKS_ERROR_UNKNOWN_ERROR;
114 }
115
116 *tag = (modParam->uint32Param == HKS_MODE_CCM);
117 return HKS_SUCCESS;
118 }
119
FreeCachedData(void ** ctx)120 static void FreeCachedData(void **ctx)
121 {
122 struct HksBlob *cachedData = (struct HksBlob *)*ctx;
123 if (cachedData == NULL) {
124 return;
125 }
126 if (cachedData->data != NULL) {
127 (void)memset_s(cachedData->data, cachedData->size, 0, cachedData->size);
128 HKS_FREE(cachedData->data);
129 }
130 HKS_FREE(*ctx);
131 }
132
KeyNodeFreeCtx(uint32_t purpose,uint32_t alg,bool hasCalcHash,void ** ctx)133 static void KeyNodeFreeCtx(uint32_t purpose, uint32_t alg, bool hasCalcHash, void **ctx)
134 {
135 switch (purpose) {
136 case HKS_KEY_PURPOSE_AGREE:
137 case HKS_KEY_PURPOSE_DERIVE:
138 FreeCachedData(ctx);
139 break;
140 case HKS_KEY_PURPOSE_SIGN:
141 case HKS_KEY_PURPOSE_VERIFY:
142 if (hasCalcHash) {
143 HksCryptoHalHashFreeCtx(ctx);
144 } else {
145 FreeCachedData(ctx);
146 }
147 break;
148 case HKS_KEY_PURPOSE_ENCRYPT:
149 case HKS_KEY_PURPOSE_DECRYPT:
150 if (alg != HKS_ALG_RSA) {
151 HksCryptoHalEncryptFreeCtx(ctx, alg);
152 } else {
153 FreeCachedData(ctx);
154 }
155 break;
156 case HKS_KEY_PURPOSE_MAC:
157 HksCryptoHalHmacFreeCtx(ctx);
158 break;
159 default:
160 return;
161 }
162 }
163
FreeRuntimeParamSet(struct HksParamSet ** paramSet)164 static void FreeRuntimeParamSet(struct HksParamSet **paramSet)
165 {
166 if ((paramSet == NULL) || (*paramSet == NULL)) {
167 HKS_LOG_E("invalid keyblob paramset");
168 return;
169 }
170
171 struct HksParam *ctxParam = NULL;
172 int32_t ret = HksGetParam(*paramSet, HKS_TAG_CRYPTO_CTX, &ctxParam);
173 if (ret != HKS_SUCCESS) {
174 HksFreeParamSet(paramSet);
175 HKS_LOG_E("get ctx from keyNode failed!");
176 return;
177 }
178
179 if (ctxParam->uint64Param != 0) {
180 void *ctx = (void *)(uintptr_t)ctxParam->uint64Param;
181 struct HksParam *param1 = NULL;
182 struct HksParam *param2 = NULL;
183 if (HksGetParam(*paramSet, HKS_TAG_PURPOSE, ¶m1) != HKS_SUCCESS ||
184 HksGetParam(*paramSet, HKS_TAG_ALGORITHM, ¶m2) != HKS_SUCCESS) {
185 HksFreeParamSet(paramSet);
186 return;
187 }
188 struct HksParam *param3 = NULL;
189 ret = HksGetParam(*paramSet, HKS_TAG_DIGEST, ¶m3);
190 if (ret == HKS_ERROR_INVALID_ARGUMENT) {
191 HksFreeParamSet(paramSet);
192 return;
193 }
194 bool hasCalcHash = true;
195 /* If the algorithm is ed25519, the plaintext is directly cached, and if the digest is HKS_DIGEST_NONE, the
196 hash value has been passed in by the user. So the hash value does not need to be free.
197 */
198 if (ret == HKS_SUCCESS) {
199 hasCalcHash = param3->uint32Param != HKS_DIGEST_NONE;
200 }
201 hasCalcHash &= (param2->uint32Param != HKS_ALG_ED25519);
202
203 bool isAesCcm = false;
204 ret = SetAesCcmModeTag(*paramSet, param2->uint32Param, param1->uint32Param, &isAesCcm);
205 if (ret != HKS_SUCCESS) {
206 HksFreeParamSet(paramSet);
207 return;
208 }
209
210 if (isAesCcm) {
211 HKS_LOG_D("FreeRuntimeParamSet fee ccm cache data!");
212 FreeCachedData(&ctx);
213 } else {
214 KeyNodeFreeCtx(param1->uint32Param, param2->uint32Param, hasCalcHash, &ctx);
215 }
216
217 ctxParam->uint64Param = 0; /* clear ctx to NULL */
218 }
219 HksFreeParamSet(paramSet);
220 }
221
DeleteKeyNodeFree(struct HuksKeyNode * keyNode)222 static void DeleteKeyNodeFree(struct HuksKeyNode *keyNode)
223 {
224 RemoveDoubleListNode(&keyNode->listHead);
225 FreeKeyBlobParamSet(&keyNode->keyBlobParamSet);
226 FreeRuntimeParamSet(&keyNode->runtimeParamSet);
227 FreeRuntimeParamSet(&keyNode->authRuntimeParamSet);
228 HKS_FREE(keyNode);
229 atomic_fetch_sub(&g_keyNodeCount, 1);
230 HKS_LOG_I("delete keynode count:%" LOG_PUBLIC "u", atomic_load(&g_keyNodeCount));
231 }
232
BuildRuntimeParamSet(const struct HksParamSet * inParamSet,struct HksParamSet ** outParamSet)233 static int32_t BuildRuntimeParamSet(const struct HksParamSet *inParamSet, struct HksParamSet **outParamSet)
234 {
235 struct HksParamSet *paramSet = NULL;
236 int32_t ret = HksInitParamSet(¶mSet);
237 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "init keyNode param set fail")
238
239 struct HksParam params[] = {
240 {
241 .tag = HKS_TAG_CRYPTO_CTX,
242 .uint64Param = 0
243 },
244 };
245
246 if (inParamSet != NULL) {
247 ret = HksCheckIsTagAlreadyExist(params, HKS_ARRAY_SIZE(params), inParamSet);
248 if (ret != HKS_SUCCESS) {
249 HksFreeParamSet(¶mSet);
250 HKS_LOG_E("check params fail");
251 return ret;
252 }
253
254 ret = HksAddParams(paramSet, inParamSet->params, inParamSet->paramsCnt);
255 if (ret != HKS_SUCCESS) {
256 HksFreeParamSet(¶mSet);
257 HKS_LOG_E("add in params fail");
258 return ret;
259 }
260 }
261
262 ret = HksAddParams(paramSet, params, sizeof(params) / sizeof(params[0]));
263 if (ret != HKS_SUCCESS) {
264 HksFreeParamSet(¶mSet);
265 HKS_LOG_E("add runtime params fail");
266 return ret;
267 }
268
269 ret = HksBuildParamSet(¶mSet);
270 if (ret != HKS_SUCCESS) {
271 HksFreeParamSet(¶mSet);
272 HKS_LOG_E("build paramSet fail");
273 return ret;
274 }
275
276 *outParamSet = paramSet;
277 return HKS_SUCCESS;
278 }
279
HksCheckUniqueHandle(uint64_t handle)280 static int32_t HksCheckUniqueHandle(uint64_t handle)
281 {
282 HksMutexLock(HksGetHuksMutex());
283 struct HuksKeyNode *keyNode = NULL;
284 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
285 if ((keyNode != NULL) && (keyNode->handle == handle)) {
286 HKS_LOG_E("The handle already exists!");
287 HksMutexUnlock(HksGetHuksMutex());
288 return HKS_FAILURE;
289 }
290 }
291 HksMutexUnlock(HksGetHuksMutex());
292 return HKS_SUCCESS;
293 }
294
GenerateKeyNodeHandle(uint64_t * handle)295 static int32_t GenerateKeyNodeHandle(uint64_t *handle)
296 {
297 uint32_t handleData = 0;
298 struct HksBlob opHandle = {
299 .size = sizeof(uint32_t),
300 .data = (uint8_t *)&handleData
301 };
302
303 int32_t ret = HKS_FAILURE;
304 for (uint32_t i = 0; i < MAX_RETRY_CHECK_UNIQUE_HANDLE_TIME; i++) {
305 ret = HksCryptoHalFillRandom(&opHandle);
306 if (ret != HKS_SUCCESS) {
307 HKS_LOG_E("fill keyNode handle failed");
308 return ret;
309 }
310 ret = HksCheckUniqueHandle(handleData);
311 if (ret == HKS_SUCCESS) {
312 *handle = handleData; /* Temporarily only use 32 bit handle */
313 return ret;
314 }
315 }
316 return ret;
317 }
318
DeleteFirstTimeOutBatchKeyNode(void)319 static void DeleteFirstTimeOutBatchKeyNode(void)
320 {
321 if (atomic_load(&g_keyNodeCount) < MAX_KEY_NODES_COUNT) {
322 return;
323 }
324 struct HuksKeyNode *keyNode = NULL;
325 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
326 if (keyNode == NULL || !keyNode->isBatchOperation) {
327 continue;
328 }
329 uint64_t curTime = 0;
330 int32_t ret = HksElapsedRealTime(&curTime);
331 if (ret != HKS_SUCCESS) {
332 HKS_LOG_E("DeleteFirstTimeOutBatchKeyNode HksElapsedRealTime failed %" LOG_PUBLIC "d", ret);
333 continue;
334 }
335 if (keyNode->batchOperationTimestamp >= curTime) {
336 continue;
337 }
338 HKS_LOG_E("Batch operation timeout, delete keyNode!");
339 DeleteKeyNodeFree(keyNode); // IAR iccarm can not compile `return DeleteKeyNodeFree(keyNode)`
340 return; // IAR iccarm will report `a void function may not return a value`
341 }
342 }
343
GetTokenIdFromParamSet(const struct HksParamSet * p)344 static uint32_t GetTokenIdFromParamSet(const struct HksParamSet *p)
345 {
346 struct HksParam *accessTokenId = NULL;
347 int32_t ret = HksGetParam(p, HKS_TAG_ACCESS_TOKEN_ID, &accessTokenId);
348 if (ret != HKS_SUCCESS) {
349 HKS_LOG_W("find token id failed");
350 return INVALID_TOKEN_ID;
351 }
352 return accessTokenId->uint32Param;
353 }
354
DeleteFirstKeyNodeForTokenId(uint32_t tokenId)355 static bool DeleteFirstKeyNodeForTokenId(uint32_t tokenId)
356 {
357 struct HuksKeyNode *keyNode = NULL;
358 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
359 if (keyNode == NULL) {
360 continue;
361 }
362 if (GetTokenIdFromParamSet(keyNode->runtimeParamSet) != tokenId) {
363 continue;
364 }
365 HKS_LOG_E("DeleteFirstKeyNodeForTokenId delete old not using key node!");
366 DeleteKeyNodeFree(keyNode);
367 return true;
368 }
369 return false;
370 }
371
DeleteKeyNodeForTokenIdIfExceedLimit(uint32_t tokenId)372 static int32_t DeleteKeyNodeForTokenIdIfExceedLimit(uint32_t tokenId)
373 {
374 if (atomic_load(&g_keyNodeCount) < MAX_KEY_NODES_EACH_TOKEN_ID) {
375 return HKS_SUCCESS;
376 }
377 uint32_t ownedNodeCount = 0;
378 struct HuksKeyNode *keyNode = NULL;
379 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
380 if (keyNode != NULL && GetTokenIdFromParamSet(keyNode->runtimeParamSet) == tokenId) {
381 ++ownedNodeCount;
382 }
383 }
384 if (ownedNodeCount >= MAX_KEY_NODES_EACH_TOKEN_ID) {
385 HKS_LOG_E_IMPORTANT("current token id %" LOG_PUBLIC "u have owned too"
386 "many %" LOG_PUBLIC "u nodes", tokenId, ownedNodeCount);
387 if (DeleteFirstKeyNodeForTokenId(tokenId)) {
388 return HKS_SUCCESS;
389 }
390 return HKS_ERROR_SESSION_REACHED_LIMIT;
391 }
392 return HKS_SUCCESS;
393 }
394
DeleteFirstKeyNode(void)395 static bool DeleteFirstKeyNode(void)
396 {
397 struct HuksKeyNode *keyNode = NULL;
398 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
399 HKS_LOG_E("DeleteFirstKeyNode delete old not using key node!");
400 DeleteKeyNodeFree(keyNode);
401 return true;
402 }
403 return false;
404 }
405
AddKeyNode(struct HuksKeyNode * keyNode,uint32_t tokenId)406 static int32_t AddKeyNode(struct HuksKeyNode *keyNode, uint32_t tokenId)
407 {
408 int32_t ret = HKS_SUCCESS;
409 HksMutexLock(HksGetHuksMutex());
410 do {
411 DeleteFirstTimeOutBatchKeyNode();
412
413 ret = DeleteKeyNodeForTokenIdIfExceedLimit(tokenId);
414 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "CheckKeyNodeEachTokenId fail %" LOG_PUBLIC "d", ret)
415
416 if (atomic_load(&g_keyNodeCount) >= MAX_KEY_NODES_COUNT) {
417 HKS_LOG_E("maximum number of keyNode reached");
418 if (!DeleteFirstKeyNode()) {
419 HKS_LOG_E("DeleteFirstKeyNode fail!");
420 ret = HKS_ERROR_SESSION_REACHED_LIMIT;
421 break;
422 }
423 }
424
425 AddNodeAtDoubleListTail(&g_keyNodeList, &keyNode->listHead);
426 atomic_fetch_add(&g_keyNodeCount, 1);
427 HKS_LOG_I("add keynode count:%" LOG_PUBLIC "u", atomic_load(&g_keyNodeCount));
428 } while (0);
429
430 HksMutexUnlock(HksGetHuksMutex());
431 return ret;
432 }
433
434
435 //create batch update keynode
HksCreateBatchKeyNode(const struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet)436 struct HuksKeyNode *HksCreateBatchKeyNode(const struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet)
437 {
438 struct HuksKeyNode *updateKeyNode = (struct HuksKeyNode *)HksMalloc(sizeof(struct HuksKeyNode));
439 HKS_IF_NULL_LOGE_RETURN(updateKeyNode, NULL, "malloc hks keyNode failed")
440
441 int32_t ret;
442 struct HksParamSet *runtimeParamSet = NULL;
443
444 ret = BuildRuntimeParamSet(paramSet, &runtimeParamSet);
445 if (ret != HKS_SUCCESS) {
446 HKS_FREE(updateKeyNode);
447 HKS_LOG_E("get runtime paramSet failed");
448 return NULL;
449 }
450
451 updateKeyNode->keyBlobParamSet = keyNode->keyBlobParamSet;
452 updateKeyNode->runtimeParamSet = runtimeParamSet;
453 updateKeyNode->authRuntimeParamSet = keyNode->authRuntimeParamSet;
454 return updateKeyNode;
455 }
456
457 #ifdef _STORAGE_LITE_
HksCreateKeyNode(const struct HksBlob * key,const struct HksParamSet * paramSet)458 struct HuksKeyNode *HksCreateKeyNode(const struct HksBlob *key, const struct HksParamSet *paramSet)
459 {
460 struct HuksKeyNode *keyNode = (struct HuksKeyNode *)HksMalloc(sizeof(struct HuksKeyNode));
461 HKS_IF_NULL_LOGE_RETURN(keyNode, NULL, "malloc hks keyNode failed")
462
463 int32_t ret = GenerateKeyNodeHandle(&keyNode->handle);
464 if (ret != HKS_SUCCESS) {
465 HKS_FREE(keyNode);
466 HKS_LOG_E("get keynode handle failed");
467 return NULL;
468 }
469
470 struct HksParamSet *runtimeParamSet = NULL;
471 ret = BuildRuntimeParamSet(paramSet, &runtimeParamSet);
472 if (ret != HKS_SUCCESS) {
473 HKS_FREE(keyNode);
474 HKS_LOG_E("get runtime paramSet failed");
475 return NULL;
476 }
477
478 struct HksBlob rawKey = { 0, NULL };
479 ret = HksGetRawKeyMaterial(key, &rawKey);
480 if (ret != HKS_SUCCESS) {
481 HKS_LOG_E("get raw key material failed, ret = %" LOG_PUBLIC "d", ret);
482 HksFreeParamSet(&runtimeParamSet);
483 HKS_FREE(keyNode);
484 return NULL;
485 }
486
487 struct HksParamSet *keyBlobParamSet = NULL;
488 ret = HksTranslateKeyInfoBlobToParamSet(&rawKey, key, &keyBlobParamSet);
489 (void)memset_s(rawKey.data, rawKey.size, 0, rawKey.size);
490 HKS_FREE_BLOB(rawKey);
491 if (ret != HKS_SUCCESS) {
492 HKS_LOG_E("translate key info to paramset failed, ret = %" LOG_PUBLIC "d", ret);
493 HksFreeParamSet(&runtimeParamSet);
494 HKS_FREE(keyNode);
495 return NULL;
496 }
497
498 ret = AddKeyNode(keyNode, GetTokenIdFromParamSet(runtimeParamSet));
499 if (ret != HKS_SUCCESS) {
500 HKS_LOG_E("add keyNode failed");
501 HksFreeParamSet(&runtimeParamSet);
502 HKS_FREE(keyNode);
503 return NULL;
504 }
505
506 keyNode->keyBlobParamSet = keyBlobParamSet;
507 keyNode->runtimeParamSet = runtimeParamSet;
508 return keyNode;
509 }
510 #else // _STORAGE_LITE_
FreeParamsForBuildKeyNode(struct HksBlob * aad,struct HksParamSet ** runtimeParamSet,struct HksParamSet ** keyblobParamSet,struct HuksKeyNode * keyNode)511 static void FreeParamsForBuildKeyNode(struct HksBlob *aad, struct HksParamSet **runtimeParamSet,
512 struct HksParamSet **keyblobParamSet, struct HuksKeyNode *keyNode)
513 {
514 if (aad != NULL && aad->data != NULL) {
515 HKS_FREE_BLOB(*aad);
516 }
517
518 if (runtimeParamSet != NULL && *runtimeParamSet != NULL) {
519 HksFreeParamSet(runtimeParamSet);
520 }
521
522 if (keyblobParamSet != NULL && *keyblobParamSet != NULL) {
523 FreeKeyBlobParamSet(keyblobParamSet);
524 }
525
526 if (keyNode != NULL) {
527 HKS_FREE(keyNode);
528 }
529 }
530
HksCreateKeyNode(const struct HksBlob * key,const struct HksParamSet * paramSet)531 struct HuksKeyNode *HksCreateKeyNode(const struct HksBlob *key, const struct HksParamSet *paramSet)
532 {
533 struct HuksKeyNode *keyNode = (struct HuksKeyNode *)HksMalloc(sizeof(struct HuksKeyNode));
534 HKS_IF_NULL_LOGE_RETURN(keyNode, NULL, "malloc hks keyNode failed")
535
536 int32_t ret;
537 struct HksBlob aad = { 0, NULL };
538 struct HksParamSet *runtimeParamSet = NULL;
539 struct HksParamSet *keyBlobParamSet = NULL;
540 do {
541 ret = GenerateKeyNodeHandle(&keyNode->handle);
542 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get keynode handle failed")
543
544 ret = BuildRuntimeParamSet(paramSet, &runtimeParamSet);
545 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get runtime paramSet failed")
546
547 ret = HksGetAadAndParamSet(key, &aad, &keyBlobParamSet);
548 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get aad and paramSet failed")
549
550 ret = HksDecryptKeyBlob(&aad, keyBlobParamSet);
551 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "decrypt keyBlob failed")
552
553 ret = AddKeyNode(keyNode, GetTokenIdFromParamSet(runtimeParamSet));
554 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "add keyNode failed")
555 } while (0);
556
557 if (ret != HKS_SUCCESS) {
558 FreeParamsForBuildKeyNode(&aad, &runtimeParamSet, &keyBlobParamSet, keyNode);
559 return NULL;
560 }
561
562 keyNode->keyBlobParamSet = keyBlobParamSet;
563 keyNode->runtimeParamSet = runtimeParamSet;
564 keyNode->authRuntimeParamSet = NULL;
565
566 HKS_FREE_BLOB(aad);
567 return keyNode;
568 }
569 #endif // _STORAGE_LITE_
570
HksQueryKeyNode(uint64_t handle)571 struct HuksKeyNode *HksQueryKeyNode(uint64_t handle)
572 {
573 struct HuksKeyNode *keyNode = NULL;
574 HksMutexLock(HksGetHuksMutex());
575 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
576 if (keyNode != NULL && keyNode->handle == handle) {
577 HksMutexUnlock(HksGetHuksMutex());
578 return keyNode;
579 }
580 }
581 HksMutexUnlock(HksGetHuksMutex());
582 return NULL;
583 }
584
HksDeleteKeyNode(uint64_t handle)585 void HksDeleteKeyNode(uint64_t handle)
586 {
587 struct HuksKeyNode *keyNode = NULL;
588 HksMutexLock(HksGetHuksMutex());
589 HKS_DLIST_ITER(keyNode, &g_keyNodeList) {
590 if (keyNode != NULL && keyNode->handle == handle) {
591 DeleteKeyNodeFree(keyNode);
592 HksMutexUnlock(HksGetHuksMutex());
593 return;
594 }
595 }
596 HksMutexUnlock(HksGetHuksMutex());
597 }
598
599 // free batch update keynode
HksFreeUpdateKeyNode(struct HuksKeyNode * keyNode)600 void HksFreeUpdateKeyNode(struct HuksKeyNode *keyNode)
601 {
602 if (keyNode == NULL) {
603 return;
604 }
605 FreeRuntimeParamSet(&keyNode->runtimeParamSet);
606 HKS_FREE(keyNode);
607 }
608 #endif /* _CUT_AUTHENTICATE_ */