1 /*
2 * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_ipc_service.h"
17 #include "hks_type.h"
18
19 #include <dlfcn.h>
20 #include <securec.h>
21 #include <stdbool.h>
22 #include <stdint.h>
23 #include <sys/time.h>
24 #include <sys/types.h>
25 #include <unistd.h>
26
27 #ifdef HKS_CONFIG_FILE
28 #include HKS_CONFIG_FILE
29 #else
30 #include "hks_config.h"
31 #endif
32
33 #include "hks_base_check.h" // for HksAttestIsAnonymous
34 #include "hks_client_check.h"
35 #include "hks_client_service_dcm.h"
36 #include "hks_client_service.h"
37 #include "hks_client_service_common.h"
38 #include "hks_cmd_id.h"
39 #include "hks_log.h"
40 #include "hks_mem.h"
41 #include "hks_permission_check.h"
42 #include "hks_plugin_adapter.h"
43 #include "hks_response.h"
44 #include "hks_service_ipc_serialization.h"
45 #include "hks_template.h"
46
47 #define MAX_KEY_SIZE 2048
48
49 #ifdef HKS_SUPPORT_ACCESS_TOKEN
50 static enum HksTag g_idList[] = {
51 HKS_TAG_ATTESTATION_ID_BRAND,
52 HKS_TAG_ATTESTATION_ID_DEVICE,
53 HKS_TAG_ATTESTATION_ID_PRODUCT,
54 HKS_TAG_ATTESTATION_ID_SERIAL,
55 HKS_TAG_ATTESTATION_ID_IMEI,
56 HKS_TAG_ATTESTATION_ID_MEID,
57 HKS_TAG_ATTESTATION_ID_MANUFACTURER,
58 HKS_TAG_ATTESTATION_ID_MODEL,
59 HKS_TAG_ATTESTATION_ID_SOCID,
60 HKS_TAG_ATTESTATION_ID_UDID,
61 };
62 #endif
63
HksIpcServiceGenerateKey(const struct HksBlob * srcData,const uint8_t * context)64 void HksIpcServiceGenerateKey(const struct HksBlob *srcData, const uint8_t *context)
65 {
66 struct HksBlob keyAlias = { 0, NULL };
67 struct HksParamSet *inParamSet = NULL;
68 struct HksBlob keyOut = { 0, NULL };
69 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
70 int32_t ret;
71 bool isNoneResponse = false;
72
73 do {
74 ret = HksGenerateKeyUnpack(srcData, &keyAlias, &inParamSet, &keyOut);
75 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGenerateKeyUnpack Ipc fail")
76
77 if (keyOut.data == NULL) {
78 isNoneResponse = true;
79 keyOut.data = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
80 if (keyOut.data == NULL) {
81 HKS_LOG_E("malloc fail.");
82 ret = HKS_ERROR_MALLOC_FAIL;
83 break;
84 }
85 keyOut.size = MAX_KEY_SIZE;
86 }
87
88 ret = HksGetProcessInfoForIPC(context, &processInfo);
89 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
90
91 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
92 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
93
94 struct HksParam *accessTypeParam = NULL;
95 ret = HksGetParam(inParamSet, HKS_TAG_KEY_AUTH_ACCESS_TYPE, &accessTypeParam);
96 if (ret == HKS_SUCCESS && accessTypeParam != NULL &&
97 accessTypeParam->uint32Param == HKS_AUTH_ACCESS_ALWAYS_VALID) {
98 int32_t activeFrontUserId;
99 ret = HksGetFrontUserId(&activeFrontUserId);
100 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetFrontUserId fail! ret=%" LOG_PUBLIC "d", ret);
101 struct HksParamSet *newParamSet = NULL;
102 ret = BuildFrontUserIdParamSet(inParamSet, &newParamSet, activeFrontUserId);
103 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "BuildFrontUserIdParamSet fail! ret=%" LOG_PUBLIC "d", ret);
104 ret = HksServiceGenerateKey(&processInfo, &keyAlias, newParamSet, &keyOut);
105 HksFreeParamSet(&newParamSet);
106 } else {
107 ret = HksServiceGenerateKey(&processInfo, &keyAlias, inParamSet, &keyOut);
108 }
109 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceGenerateKey fail, ret = %" LOG_PUBLIC "d", ret)
110 } while (0);
111
112 HksSendResponse(context, ret, isNoneResponse ? NULL : &keyOut);
113
114 HKS_FREE_BLOB(keyOut);
115 HKS_FREE_BLOB(processInfo.processName);
116 HKS_FREE_BLOB(processInfo.userId);
117 }
118
HksIpcServiceImportKey(const struct HksBlob * srcData,const uint8_t * context)119 void HksIpcServiceImportKey(const struct HksBlob *srcData, const uint8_t *context)
120 {
121 struct HksBlob keyAlias = { 0, NULL };
122 struct HksParamSet *paramSet = NULL;
123 struct HksBlob key = { 0, NULL };
124 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
125 int32_t ret;
126
127 do {
128 ret = HksImportKeyUnpack(srcData, &keyAlias, ¶mSet, &key);
129 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksImportKeyUnpack Ipc fail")
130
131 ret = HksGetProcessInfoForIPC(context, &processInfo);
132 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
133
134 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
135 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
136
137 ret = HksServiceImportKey(&processInfo, &keyAlias, paramSet, &key);
138 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceImportKey fail, ret = %" LOG_PUBLIC "d", ret)
139 } while (0);
140
141 HksSendResponse(context, ret, NULL);
142
143 HKS_FREE_BLOB(processInfo.processName);
144 HKS_FREE_BLOB(processInfo.userId);
145 }
146
HksIpcServiceImportWrappedKey(const struct HksBlob * srcData,const uint8_t * context)147 void HksIpcServiceImportWrappedKey(const struct HksBlob *srcData, const uint8_t *context)
148 {
149 struct HksBlob keyAlias = { 0, NULL };
150 struct HksBlob wrappingKeyAlias = { 0, NULL };
151 struct HksParamSet *paramSet = NULL;
152 struct HksBlob wrappedKeyData = { 0, NULL };
153 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
154 int32_t ret;
155
156 do {
157 ret = HksImportWrappedKeyUnpack(srcData, &keyAlias, &wrappingKeyAlias, ¶mSet, &wrappedKeyData);
158 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "unpack data for Ipc fail")
159
160 ret = HksGetProcessInfoForIPC(context, &processInfo);
161 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get process info fail, ret = %" LOG_PUBLIC "d", ret)
162
163 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
164 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
165
166 ret = HksServiceImportWrappedKey(&processInfo, &keyAlias, &wrappingKeyAlias, paramSet, &wrappedKeyData);
167 HKS_IF_NOT_SUCC_LOGE(ret, "do import wrapped key fail, ret = %" LOG_PUBLIC "d", ret)
168 } while (0);
169
170 HksSendResponse(context, ret, NULL);
171
172 HKS_FREE_BLOB(processInfo.processName);
173 HKS_FREE_BLOB(processInfo.userId);
174 }
175
HksIpcServiceExportPublicKey(const struct HksBlob * srcData,const uint8_t * context)176 void HksIpcServiceExportPublicKey(const struct HksBlob *srcData, const uint8_t *context)
177 {
178 struct HksBlob keyAlias = { 0, NULL };
179 struct HksParamSet *paramSet = NULL;
180 struct HksBlob key = { 0, NULL };
181 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
182 int32_t ret;
183
184 do {
185 ret = HksExportPublicKeyUnpack(srcData, &keyAlias, ¶mSet, &key);
186 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksExportKeyUnpack Ipc fail")
187
188 ret = HksGetProcessInfoForIPC(context, &processInfo);
189 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
190
191 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
192 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
193
194 ret = HksServiceExportPublicKey(&processInfo, &keyAlias, paramSet, &key);
195 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceExportPublicKey fail, ret = %" LOG_PUBLIC "d", ret)
196 } while (0);
197
198 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &key : NULL);
199
200 HKS_FREE_BLOB(key);
201 HKS_FREE_BLOB(processInfo.processName);
202 HKS_FREE_BLOB(processInfo.userId);
203 }
204
HksIpcServiceDeleteKey(const struct HksBlob * srcData,const uint8_t * context)205 void HksIpcServiceDeleteKey(const struct HksBlob *srcData, const uint8_t *context)
206 {
207 struct HksBlob keyAlias = { 0, NULL };
208 struct HksParamSet *paramSet = NULL;
209 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
210 int32_t ret;
211 do {
212 ret = HksDeleteKeyUnpack(srcData, &keyAlias, ¶mSet);
213 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeleteKeyUnpack Ipc fail")
214
215 ret = HksGetProcessInfoForIPC(context, &processInfo);
216 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
217
218 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
219 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
220
221 ret = HksServiceDeleteKey(&processInfo, &keyAlias, paramSet);
222 HKS_IF_NOT_SUCC_LOGE(ret, "HksIpcServiceDeleteKey fail, ret = %" LOG_PUBLIC "d", ret)
223 } while (0);
224
225 HksSendResponse(context, ret, NULL);
226
227 HKS_FREE_BLOB(processInfo.processName);
228 HKS_FREE_BLOB(processInfo.userId);
229 }
230
HksIpcServiceGetKeyParamSet(const struct HksBlob * srcData,const uint8_t * context)231 void HksIpcServiceGetKeyParamSet(const struct HksBlob *srcData, const uint8_t *context)
232 {
233 struct HksBlob keyAlias = { 0, NULL };
234 struct HksBlob paramSet = { 0, NULL };
235 struct HksParamSet *paramSetIn = NULL;
236 struct HksParamSet *paramSetOut = NULL;
237 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
238 int32_t ret;
239
240 do {
241 ret = HksGetKeyParamSetUnpack(srcData, &keyAlias, ¶mSetIn, ¶mSetOut);
242 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGenerateKeyUnpack Ipc fail, ret = %" LOG_PUBLIC "d", ret)
243
244 ret = HksGetProcessInfoForIPC(context, &processInfo);
245 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
246
247 ret = HksCheckAcrossAccountsPermission(paramSetIn, processInfo.userIdInt);
248 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
249
250 ret = HksServiceGetKeyParamSet(&processInfo, &keyAlias, paramSetIn, paramSetOut);
251 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGetKeyParamSet fail, ret = %" LOG_PUBLIC "d", ret)
252
253 paramSet.size = paramSetOut->paramSetSize;
254 paramSet.data = (uint8_t *)paramSetOut;
255 } while (0);
256
257 HksSendResponse(context, ret, ret == HKS_SUCCESS ? ¶mSet : NULL);
258
259 HKS_FREE(paramSetOut);
260 HKS_FREE_BLOB(processInfo.processName);
261 HKS_FREE_BLOB(processInfo.userId);
262 }
263
HksIpcServiceKeyExist(const struct HksBlob * srcData,const uint8_t * context)264 void HksIpcServiceKeyExist(const struct HksBlob *srcData, const uint8_t *context)
265 {
266 struct HksBlob keyAlias = { 0, NULL };
267 struct HksParamSet *paramSet = NULL;
268 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
269 int32_t ret;
270
271 do {
272 ret = HksKeyExistUnpack(srcData, &keyAlias, ¶mSet);
273 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeleteKeyUnpack Ipc fail")
274
275 ret = HksGetProcessInfoForIPC(context, &processInfo);
276 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
277
278 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
279 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
280
281 ret = HksServiceKeyExist(&processInfo, &keyAlias, paramSet);
282 HKS_IF_TRUE_LOGI_BREAK(ret == HKS_ERROR_NOT_EXIST, "key is not exist");
283 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceKeyExist fail, ret = %" LOG_PUBLIC "d", ret)
284 } while (0);
285
286 HksSendResponse(context, ret, NULL);
287
288 HKS_FREE_BLOB(processInfo.processName);
289 HKS_FREE_BLOB(processInfo.userId);
290 }
291
HksIpcServiceGenerateRandom(const struct HksBlob * srcData,const uint8_t * context)292 void HksIpcServiceGenerateRandom(const struct HksBlob *srcData, const uint8_t *context)
293 {
294 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL } };
295 struct HksBlob random = { 0, NULL };
296 int32_t ret = HKS_ERROR_INVALID_ARGUMENT;
297
298 do {
299 HKS_IF_TRUE_LOGE_BREAK(srcData == NULL || srcData->data == NULL || srcData->size < sizeof(uint32_t),
300 "invalid srcData")
301
302 random.size = *((uint32_t *)(srcData->data));
303 HKS_IF_TRUE_LOGE_BREAK(IsInvalidLength(random.size), "invalid size %" LOG_PUBLIC "u", random.size)
304
305 random.data = (uint8_t *)HksMalloc(random.size);
306 if (random.data == NULL) {
307 ret = HKS_ERROR_MALLOC_FAIL;
308 break;
309 }
310
311 ret = HksGetProcessInfoForIPC(context, &processInfo);
312 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
313
314 ret = HksServiceGenerateRandom(&processInfo, &random);
315 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGenerateRandom fail, ret = %" LOG_PUBLIC "d", ret)
316 } while (0);
317
318 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &random : NULL);
319
320 HKS_FREE_BLOB(random);
321 HKS_FREE_BLOB(processInfo.processName);
322 HKS_FREE_BLOB(processInfo.userId);
323 }
324
HksIpcServiceSign(const struct HksBlob * srcData,const uint8_t * context)325 void HksIpcServiceSign(const struct HksBlob *srcData, const uint8_t *context)
326 {
327 struct HksBlob keyAlias = { 0, NULL };
328 struct HksParamSet *inParamSet = NULL;
329 struct HksBlob unsignedData = { 0, NULL };
330 struct HksBlob signature = { 0, NULL };
331 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
332 int32_t ret;
333
334 do {
335 ret = HksSignUnpack(srcData, &keyAlias, &inParamSet, &unsignedData, &signature);
336 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksSignUnpack Ipc fail")
337
338 ret = HksGetProcessInfoForIPC(context, &processInfo);
339 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
340
341 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
342 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
343
344 ret = HksServiceSign(&processInfo, &keyAlias, inParamSet, &unsignedData, &signature);
345 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceSign fail, ret = %" LOG_PUBLIC "d", ret)
346 } while (0);
347
348 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &signature : NULL);
349
350 HKS_FREE_BLOB(signature);
351 HKS_FREE_BLOB(processInfo.processName);
352 HKS_FREE_BLOB(processInfo.userId);
353 }
354
HksIpcServiceVerify(const struct HksBlob * srcData,const uint8_t * context)355 void HksIpcServiceVerify(const struct HksBlob *srcData, const uint8_t *context)
356 {
357 struct HksBlob keyAlias = { 0, NULL };
358 struct HksParamSet *inParamSet = NULL;
359 struct HksBlob unsignedData = { 0, NULL };
360 struct HksBlob signature = { 0, NULL };
361 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
362 int32_t ret;
363
364 do {
365 ret = HksVerifyUnpack(srcData, &keyAlias, &inParamSet, &unsignedData, &signature);
366 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksVerifyUnpack Ipc fail")
367
368 ret = HksGetProcessInfoForIPC(context, &processInfo);
369 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
370
371 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
372 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
373
374 ret = HksServiceVerify(&processInfo, &keyAlias, inParamSet, &unsignedData, &signature);
375 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceVerify fail ret = %" LOG_PUBLIC "d", ret)
376 } while (0);
377
378 HksSendResponse(context, ret, NULL);
379
380 HKS_FREE_BLOB(processInfo.processName);
381 HKS_FREE_BLOB(processInfo.userId);
382 }
383
HksIpcServiceEncrypt(const struct HksBlob * srcData,const uint8_t * context)384 void HksIpcServiceEncrypt(const struct HksBlob *srcData, const uint8_t *context)
385 {
386 struct HksBlob keyAlias = { 0, NULL };
387 struct HksParamSet *inParamSet = NULL;
388 struct HksBlob plainText = { 0, NULL };
389 struct HksBlob cipherText = { 0, NULL };
390 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
391 int32_t ret;
392
393 do {
394 ret = HksEncryptDecryptUnpack(srcData, &keyAlias, &inParamSet, &plainText, &cipherText);
395 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksEncryptDecryptUnpack Ipc fail")
396
397 ret = HksGetProcessInfoForIPC(context, &processInfo);
398 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
399
400 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
401 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
402
403 ret = HksServiceEncrypt(&processInfo, &keyAlias, inParamSet, &plainText, &cipherText);
404 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceEncrypt fail, ret = %" LOG_PUBLIC "d", ret)
405 } while (0);
406
407 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &cipherText : NULL);
408
409 HKS_FREE_BLOB(cipherText);
410 HKS_FREE_BLOB(processInfo.processName);
411 HKS_FREE_BLOB(processInfo.userId);
412 }
413
HksIpcServiceDecrypt(const struct HksBlob * srcData,const uint8_t * context)414 void HksIpcServiceDecrypt(const struct HksBlob *srcData, const uint8_t *context)
415 {
416 struct HksBlob keyAlias = { 0, NULL };
417 struct HksParamSet *inParamSet = NULL;
418 struct HksBlob plainText = { 0, NULL };
419 struct HksBlob cipherText = { 0, NULL };
420 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
421 int32_t ret;
422
423 do {
424 ret = HksEncryptDecryptUnpack(srcData, &keyAlias, &inParamSet, &cipherText, &plainText);
425 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksEncryptDecryptUnpack Ipc fail")
426
427 ret = HksGetProcessInfoForIPC(context, &processInfo);
428 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
429
430 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
431 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
432
433 ret = HksServiceDecrypt(&processInfo, &keyAlias, inParamSet, &cipherText, &plainText);
434 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceDecrypt fail, ret = %" LOG_PUBLIC "d", ret)
435 } while (0);
436
437 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &plainText : NULL);
438
439 HKS_FREE_BLOB(plainText);
440 HKS_FREE_BLOB(processInfo.processName);
441 HKS_FREE_BLOB(processInfo.userId);
442 }
443
HksIpcServiceAgreeKey(const struct HksBlob * srcData,const uint8_t * context)444 void HksIpcServiceAgreeKey(const struct HksBlob *srcData, const uint8_t *context)
445 {
446 struct HksBlob privateKey = { 0, NULL };
447 struct HksBlob peerPublicKey = { 0, NULL };
448 struct HksBlob agreedKey = { 0, NULL };
449 struct HksParamSet *inParamSet = NULL;
450 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
451 int32_t ret;
452
453 do {
454 ret = HksAgreeKeyUnpack(srcData, &inParamSet, &privateKey, &peerPublicKey, &agreedKey);
455 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksAgreeKeyUnpack Ipc fail")
456
457 ret = HksGetProcessInfoForIPC(context, &processInfo);
458 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
459
460 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
461 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
462
463 ret = HksServiceAgreeKey(&processInfo, inParamSet, &privateKey, &peerPublicKey, &agreedKey);
464 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAgreeKey fail, ret = %" LOG_PUBLIC "d", ret)
465 } while (0);
466
467 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &agreedKey : NULL);
468
469 HKS_FREE_BLOB(agreedKey);
470 HKS_FREE_BLOB(processInfo.processName);
471 HKS_FREE_BLOB(processInfo.userId);
472 }
473
HksIpcServiceDeriveKey(const struct HksBlob * srcData,const uint8_t * context)474 void HksIpcServiceDeriveKey(const struct HksBlob *srcData, const uint8_t *context)
475 {
476 struct HksBlob masterKey = { 0, NULL };
477 struct HksBlob derivedKey = { 0, NULL };
478 struct HksParamSet *inParamSet = NULL;
479 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
480 int32_t ret;
481
482 do {
483 ret = HksDeriveKeyUnpack(srcData, &inParamSet, &masterKey, &derivedKey);
484 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeriveKeyUnpack Ipc fail")
485
486 ret = HksGetProcessInfoForIPC(context, &processInfo);
487 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
488
489 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
490 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
491
492 ret = HksServiceDeriveKey(&processInfo, inParamSet, &masterKey, &derivedKey);
493 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceDeriveKey fail, ret = %" LOG_PUBLIC "d", ret)
494 } while (0);
495
496 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &derivedKey : NULL);
497
498 HKS_FREE_BLOB(derivedKey);
499 HKS_FREE_BLOB(processInfo.processName);
500 HKS_FREE_BLOB(processInfo.userId);
501 }
502
HksIpcServiceMac(const struct HksBlob * srcData,const uint8_t * context)503 void HksIpcServiceMac(const struct HksBlob *srcData, const uint8_t *context)
504 {
505 struct HksBlob key = { 0, NULL };
506 struct HksParamSet *inParamSet = NULL;
507 struct HksBlob inputData = { 0, NULL };
508 struct HksBlob mac = { 0, NULL };
509 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
510 int32_t ret;
511
512 do {
513 ret = HksHmacUnpack(srcData, &key, &inParamSet, &inputData, &mac);
514 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksHmacUnpack Ipc fail")
515
516 ret = HksGetProcessInfoForIPC(context, &processInfo);
517 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
518
519 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
520 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
521
522 ret = HksServiceMac(&processInfo, &key, inParamSet, &inputData, &mac);
523 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceMac fail, ret = %" LOG_PUBLIC "d", ret)
524 } while (0);
525
526 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &mac : NULL);
527
528 HKS_FREE_BLOB(mac);
529 HKS_FREE_BLOB(processInfo.processName);
530 HKS_FREE_BLOB(processInfo.userId);
531 }
532
FreeKeyInfo(uint32_t listCount,struct HksKeyInfo ** keyInfoList)533 static void FreeKeyInfo(uint32_t listCount, struct HksKeyInfo **keyInfoList)
534 {
535 if ((keyInfoList == NULL) || (*keyInfoList == NULL)) {
536 return;
537 }
538
539 for (uint32_t i = 0; i < listCount; ++i) {
540 if ((*keyInfoList)[i].alias.data != NULL) {
541 HKS_FREE_BLOB((*keyInfoList)[i].alias);
542 }
543 if ((*keyInfoList)[i].paramSet != NULL) {
544 HKS_FREE((*keyInfoList)[i].paramSet);
545 (*keyInfoList)[i].paramSet = NULL;
546 }
547 }
548
549 HKS_FREE(*keyInfoList);
550 }
551
HksIpcServiceGetKeyInfoList(const struct HksBlob * srcData,const uint8_t * context)552 void HksIpcServiceGetKeyInfoList(const struct HksBlob *srcData, const uint8_t *context)
553 {
554 uint32_t inputCount = 0;
555 struct HksParamSet *paramSet = NULL;
556 struct HksKeyInfo *keyInfoList = NULL;
557 struct HksBlob keyInfoListBlob = { 0, NULL };
558 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
559 int32_t ret;
560
561 do {
562 ret = HksGetKeyInfoListUnpack(srcData, ¶mSet, &inputCount, &keyInfoList);
563 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetKeyInfoListUnpack Ipc fail")
564
565 ret = HksGetProcessInfoForIPC(context, &processInfo);
566 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
567
568 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
569 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
570
571 uint32_t listCount = inputCount;
572 ret = HksServiceGetKeyInfoList(&processInfo, paramSet, keyInfoList, &listCount);
573 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGetKeyInfoList fail, ret = %" LOG_PUBLIC "d", ret)
574
575 keyInfoListBlob.size = sizeof(listCount);
576 for (uint32_t i = 0; i < listCount; ++i) {
577 keyInfoListBlob.size += sizeof(keyInfoList[i].alias.size) + ALIGN_SIZE(keyInfoList[i].alias.size) +
578 ALIGN_SIZE(keyInfoList[i].paramSet->paramSetSize);
579 }
580
581 keyInfoListBlob.data = (uint8_t *)HksMalloc(keyInfoListBlob.size);
582 if (keyInfoListBlob.data == NULL) {
583 ret = HKS_ERROR_MALLOC_FAIL;
584 break;
585 }
586
587 ret = HksGetKeyInfoListPackFromService(&keyInfoListBlob, listCount, keyInfoList);
588 HKS_IF_NOT_SUCC_BREAK(ret)
589 } while (0);
590
591 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &keyInfoListBlob : NULL);
592
593 FreeKeyInfo(inputCount, &keyInfoList);
594 HKS_FREE_BLOB(keyInfoListBlob);
595 HKS_FREE_BLOB(processInfo.processName);
596 HKS_FREE_BLOB(processInfo.userId);
597 }
598
HksAttestAccessControl(struct HksParamSet * paramSet)599 int32_t HksAttestAccessControl(struct HksParamSet *paramSet)
600 {
601 #ifdef HKS_SUPPORT_ACCESS_TOKEN
602 // check permisson for attest ids
603 for (uint32_t i = 0; i < sizeof(g_idList) / sizeof(g_idList[0]); i++) {
604 for (uint32_t j = 0; j < paramSet->paramsCnt; j++) {
605 HKS_IF_TRUE_RETURN(paramSet->params[j].tag == g_idList[i],
606 SensitivePermissionCheck("ohos.permission.ACCESS_IDS"))
607 }
608 }
609 // HKS_ATTESTATION_MODE_ANONYMOUS no need check permission
610 HKS_IF_TRUE_RETURN(HksAttestIsAnonymous(paramSet), HKS_SUCCESS)
611
612 return SensitivePermissionCheck("ohos.permission.ATTEST_KEY");
613 #endif
614 (void)paramSet;
615 return HKS_SUCCESS;
616 }
617
HksIpcServiceAttestKey(const struct HksBlob * srcData,const uint8_t * context,const uint8_t * remoteObject)618 void HksIpcServiceAttestKey(const struct HksBlob *srcData, const uint8_t *context, const uint8_t *remoteObject)
619 {
620 struct HksBlob keyAlias = { 0, NULL };
621 struct HksParamSet *inParamSet = NULL;
622 struct HksBlob certChainBlob = { 0, NULL };
623 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
624 int32_t ret;
625
626 do {
627 ret = HksCertificateChainUnpack(srcData, &keyAlias, &inParamSet, &certChainBlob);
628 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCertificateChainUnpack Ipc fail")
629
630 ret = HksGetProcessInfoForIPC(context, &processInfo);
631 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
632
633 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
634 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
635
636 ret = HksAttestAccessControl(inParamSet);
637 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksAttestAccessControl fail, ret = %" LOG_PUBLIC "d", ret)
638
639 ret = HksServiceAttestKey(&processInfo, &keyAlias, inParamSet, &certChainBlob, remoteObject);
640 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAttestKey fail, ret = %" LOG_PUBLIC "d", ret)
641
642 // certChainBlob.size would be 0 if attestation mode is anonymous
643 HKS_LOG_I("got certChainBlob size %" LOG_PUBLIC "u", certChainBlob.size);
644 } while (0);
645
646 HksSendResponse(context, ret, ret == HKS_SUCCESS ? &certChainBlob : NULL);
647
648 HKS_FREE_BLOB(processInfo.processName);
649 HKS_FREE_BLOB(processInfo.userId);
650 HKS_FREE_BLOB(certChainBlob);
651 }
652
IpcServiceInit(const struct HksProcessInfo * processInfo,const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * outData)653 static int32_t IpcServiceInit(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
654 const struct HksParamSet *paramSet, struct HksBlob *outData)
655 {
656 uint8_t handleData[HANDLE_SIZE] = {0};
657 uint8_t tokenData[TOKEN_SIZE] = {0};
658 struct HksBlob handle = { sizeof(handleData), handleData };
659 struct HksBlob token = { sizeof(tokenData), tokenData };
660
661 int32_t ret = HksServiceInit(processInfo, keyAlias, paramSet, &handle, &token);
662 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "service init failed, ret = %" LOG_PUBLIC "d", ret)
663
664 HKS_IF_TRUE_LOGE_RETURN(handle.size != HANDLE_SIZE || token.size > TOKEN_SIZE, HKS_ERROR_BAD_STATE,
665 "invalid handle size[%" LOG_PUBLIC "u], or token size[%" LOG_PUBLIC "u]", handle.size, token.size)
666
667 HKS_IF_TRUE_LOGE_RETURN(outData->size < handle.size + token.size, HKS_ERROR_BUFFER_TOO_SMALL,
668 "ipc out size[%" LOG_PUBLIC "u] too small", outData->size)
669
670 HKS_IF_NOT_EOK_LOGE_RETURN(memcpy_s(outData->data, outData->size, handle.data, handle.size),
671 HKS_ERROR_INSUFFICIENT_MEMORY, "copy outData data failed!")
672
673 if (token.size != 0 &&
674 memcpy_s(outData->data + handle.size, outData->size - handle.size, token.data, token.size) != EOK) {
675 HKS_LOG_E("copy token failed");
676 return HKS_ERROR_INSUFFICIENT_MEMORY;
677 }
678 outData->size = handle.size + token.size;
679
680 return HKS_SUCCESS;
681 }
682
HksIpcServiceInit(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)683 void HksIpcServiceInit(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
684 {
685 int32_t ret;
686 struct HksParamSet *inParamSet = NULL;
687 struct HksParamSet *paramSet = NULL;
688 struct HksBlob keyAlias = { 0, NULL };
689 struct HksBlob paramsBlob = { 0, NULL };
690 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
691
692 do {
693 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
694 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
695
696 struct HksParamOut params[] = {
697 {
698 .tag = HKS_TAG_PARAM0_BUFFER,
699 .blob = &keyAlias
700 }, {
701 .tag = HKS_TAG_PARAM1_BUFFER,
702 .blob = ¶msBlob
703 },
704 };
705
706 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
707 HKS_IF_NOT_SUCC_BREAK(ret)
708
709 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
710 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
711
712 ret = HksGetProcessInfoForIPC(context, &processInfo);
713 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
714
715 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
716 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
717
718 ret = IpcServiceInit(&processInfo, &keyAlias, inParamSet, outData);
719 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "ipc service init fail, ret = %" LOG_PUBLIC "d", ret)
720 } while (0);
721
722 HksSendResponse(context, ret, ret == HKS_SUCCESS ? outData : NULL);
723
724 HksFreeParamSet(¶mSet);
725 HksFreeParamSet(&inParamSet);
726 HKS_FREE_BLOB(processInfo.processName);
727 HKS_FREE_BLOB(processInfo.userId);
728 }
729
HksIpcServiceUpdOrFin(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context,bool isUpdate)730 void HksIpcServiceUpdOrFin(const struct HksBlob *paramSetBlob, struct HksBlob *outData,
731 const uint8_t *context, bool isUpdate)
732 {
733 int32_t ret;
734 struct HksParamSet *inParamSet = NULL;
735 struct HksParamSet *paramSet = NULL;
736 struct HksBlob paramsBlob = { 0, NULL };
737 struct HksBlob inData = { 0, NULL };
738 struct HksBlob handle = { 0, NULL };
739 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
740
741 do {
742 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
743 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
744
745 struct HksParamOut params[] = {
746 {
747 .tag = HKS_TAG_PARAM0_BUFFER,
748 .blob = ¶msBlob
749 }, {
750 .tag = HKS_TAG_PARAM1_BUFFER,
751 .blob = &handle
752 }, {
753 .tag = HKS_TAG_PARAM2_BUFFER,
754 .blob = &inData
755 },
756 };
757
758 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
759 HKS_IF_NOT_SUCC_BREAK(ret)
760
761 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
762 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
763
764 ret = HksGetProcessInfoForIPC(context, &processInfo);
765 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
766
767 ret = isUpdate ? HksServiceUpdate(&handle, &processInfo, inParamSet, &inData, outData) :
768 HksServiceFinish(&handle, &processInfo, inParamSet, &inData, outData);
769 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "%" LOG_PUBLIC "s fail, ret = %" LOG_PUBLIC "d",
770 isUpdate ? "HksServiceUpdate" : "HksServiceFinish", ret)
771 } while (0);
772
773 HksSendResponse(context, ret, (ret == HKS_SUCCESS && outData->size > 0) ? outData : NULL);
774
775 HksFreeParamSet(¶mSet);
776 HksFreeParamSet(&inParamSet);
777 HKS_FREE_BLOB(processInfo.processName);
778 HKS_FREE_BLOB(processInfo.userId);
779 }
780
HksIpcServiceUpdate(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)781 void HksIpcServiceUpdate(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
782 {
783 HksIpcServiceUpdOrFin(paramSetBlob, outData, context, true);
784 }
785
HksIpcServiceFinish(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)786 void HksIpcServiceFinish(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
787 {
788 HksIpcServiceUpdOrFin(paramSetBlob, outData, context, false);
789 }
790
HksIpcServiceAbort(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)791 void HksIpcServiceAbort(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
792 {
793 (void)outData;
794 int32_t ret;
795 struct HksParamSet *inParamSet = NULL;
796 struct HksParamSet *paramSet = NULL;
797 struct HksBlob handle = { 0, NULL };
798 struct HksBlob paramsBlob = { 0, NULL };
799 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
800
801 do {
802 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
803 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
804
805 struct HksParamOut params[] = {
806 {
807 .tag = HKS_TAG_PARAM0_BUFFER,
808 .blob = ¶msBlob
809 }, {
810 .tag = HKS_TAG_PARAM1_BUFFER,
811 .blob = &handle
812 },
813 };
814 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
815 HKS_IF_NOT_SUCC_BREAK(ret)
816
817 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
818 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
819
820 ret = HksGetProcessInfoForIPC(context, &processInfo);
821 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
822
823 ret = HksServiceAbort(&handle, &processInfo, inParamSet);
824 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAbort fail, ret = %" LOG_PUBLIC "d", ret)
825 } while (0);
826
827 HksSendResponse(context, ret, NULL);
828 HksFreeParamSet(¶mSet);
829 HksFreeParamSet(&inParamSet);
830 HKS_FREE_BLOB(processInfo.processName);
831 HKS_FREE_BLOB(processInfo.userId);
832 }
833
HksIpcErrorResponse(const uint8_t * context)834 void HksIpcErrorResponse(const uint8_t *context)
835 {
836 HksSendResponse(context, HKS_ERROR_IPC_MSG_FAIL, NULL);
837 }
838
HksIpcServiceListAliases(const struct HksBlob * srcData,const uint8_t * context)839 void HksIpcServiceListAliases(const struct HksBlob *srcData, const uint8_t *context)
840 {
841 struct HksParamSet *paramSet = NULL;
842 struct HksKeyAliasSet *keyAliasSet = NULL;
843 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
844 struct HksBlob outBlob = { 0, NULL };
845 int32_t ret;
846
847 do {
848 ret = HksListAliasesUnpack(srcData, ¶mSet);
849 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksListAliasesUnpack fail")
850
851 ret = HksGetProcessInfoForIPC(context, &processInfo);
852 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
853
854 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
855 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
856
857 ret = HksServiceListAliases(&processInfo, paramSet, &keyAliasSet);
858 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceListAliases fail, ret = %" LOG_PUBLIC "d", ret)
859
860 ret = HksListAliasesPackFromService(keyAliasSet, &outBlob);
861 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksListAliasesPackFromService fail, ret = %" LOG_PUBLIC "d", ret)
862 } while (0);
863
864 // query success and key size is not 0
865 HksSendResponse(context, ret, ret == HKS_SUCCESS && outBlob.size != 0 ? &outBlob : NULL);
866
867 HksFreeKeyAliasSet(keyAliasSet);
868 HKS_FREE_BLOB(processInfo.processName);
869 HKS_FREE_BLOB(processInfo.userId);
870 HKS_FREE_BLOB(outBlob);
871 }
872
HksIpcServiceRenameKeyAlias(const struct HksBlob * srcData,const uint8_t * context)873 void HksIpcServiceRenameKeyAlias(const struct HksBlob *srcData, const uint8_t *context)
874 {
875 int32_t ret;
876 struct HksBlob oldKeyAlias = { 0, NULL };
877 struct HksBlob newKeyAlias = { 0, NULL };
878 struct HksParamSet *paramSet = NULL;
879 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
880 do {
881 ret = HksRenameKeyAliasUnpack(srcData, &oldKeyAlias, &newKeyAlias, ¶mSet);
882 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksRenameKeyAliasUnpack Ipc fail")
883
884 ret = HksGetProcessInfoForIPC(context, &processInfo);
885 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
886
887 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
888 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
889
890 ret = HksServiceRenameKeyAlias(&processInfo, &oldKeyAlias, paramSet, &newKeyAlias);
891 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceRenameKeyAliasy fail, ret = %" LOG_PUBLIC "d", ret)
892 } while (0);
893
894 HksSendResponse(context, ret, NULL);
895
896 HKS_FREE_BLOB(processInfo.processName);
897 HKS_FREE_BLOB(processInfo.userId);
898 }
899
HksIpcChangeStorageLevel(const struct HksBlob * srcData,const uint8_t * context)900 void HksIpcChangeStorageLevel(const struct HksBlob *srcData, const uint8_t *context)
901 {
902 struct HksBlob keyAlias = { 0, NULL };
903 struct HksParamSet *srcParamSet = NULL;
904 struct HksParamSet *destParamSet = NULL;
905 struct HksProcessInfo processInfo = HKS_PROCESS_INFO_INIT_VALUE;
906 int32_t ret;
907
908 do {
909 ret = HksChangeStorageLevelUnpack(srcData, &keyAlias, &srcParamSet, &destParamSet);
910 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksChangeStorageLevelUnpack Ipc fail")
911
912 ret = HksGetProcessInfoForIPC(context, &processInfo);
913 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
914
915 ret = HksCheckAcrossAccountsPermission(srcParamSet, processInfo.userIdInt);
916 HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
917 "srcParamSet HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
918
919 ret = HksCheckAcrossAccountsPermission(destParamSet, processInfo.userIdInt);
920 HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
921 "destParamSet HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
922
923 ret = HksServiceChangeStorageLevel(&processInfo, &keyAlias, srcParamSet, destParamSet);
924 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceChangeStorageLevel fail, ret = %" LOG_PUBLIC "d", ret)
925 } while (0);
926
927 HksSendResponse(context, ret, NULL);
928
929 HKS_FREE_BLOB(processInfo.processName);
930 HKS_FREE_BLOB(processInfo.userId);
931 }
932
HksIpcWrapKey(const struct HksBlob * srcData,const uint8_t * context)933 void HksIpcWrapKey(const struct HksBlob *srcData, const uint8_t *context)
934 {
935 int32_t ret = HksPluginWrapKey(srcData, context);
936 HKS_IF_NOT_SUCC_LOGE_RETURN_VOID(ret, "wrap key not support")
937 (void)HksServiceWrapKey(srcData, context);
938 }
939
HksIpcUnwrapKey(const struct HksBlob * srcData,const uint8_t * context)940 void HksIpcUnwrapKey(const struct HksBlob *srcData, const uint8_t *context)
941 {
942 int32_t ret = HksPluginWrapKey(srcData, context);
943 HKS_IF_NOT_SUCC_LOGE_RETURN_VOID(ret, "unwrap key not support")
944 (void)HksServiceUnwrapKey(srcData, context);
945 }
946