1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define HUKS_DISABLE_LOG_AT_FILE_TO_REDUCE_ROM_SIZE
16
17 #ifdef HKS_CONFIG_FILE
18 #include HKS_CONFIG_FILE
19 #else
20 #include "hks_config.h"
21 #endif
22
23 #include "hks_core_service_key_operate_three_stage.h"
24
25 #include <stdbool.h>
26 #include <stddef.h>
27
28 #include "hks_ability.h"
29 #include "dcm_attest.h"
30 #include "hks_auth.h"
31 #include "hks_base_check.h"
32 #include "hks_check_paramset.h"
33 #include "hks_client_service_adapter_common.h"
34 #include "hks_cmd_id.h"
35 #include "hks_common_check.h"
36 #include "hks_core_service_three_stage.h"
37 #include "hks_crypto_adapter.h"
38 #include "hks_crypto_hal.h"
39 #include "hks_log.h"
40 #include "hks_mem.h"
41 #include "hks_param.h"
42 #include "hks_secure_access.h"
43 #include "hks_sm_import_wrap_key.h"
44 #include "hks_template.h"
45 #include "hks_type_inner.h"
46 #include "hks_util.h"
47
48 #include "securec.h"
49
50 #ifndef _HARDWARE_ROOT_KEY_
51 #include "hks_rkc.h"
52 #endif
53
54 #ifndef _CUT_AUTHENTICATE_
55
56 #define S_TO_MS 1000
57
58 static struct HksCoreInitHandler g_hksCoreInitHandler[] = {
59 { HKS_KEY_PURPOSE_SIGN, HksCoreSignVerifyThreeStageInit },
60 { HKS_KEY_PURPOSE_VERIFY, HksCoreSignVerifyThreeStageInit },
61 { HKS_KEY_PURPOSE_ENCRYPT, HksCoreCryptoThreeStageInit },
62 { HKS_KEY_PURPOSE_DECRYPT, HksCoreCryptoThreeStageInit },
63 { HKS_KEY_PURPOSE_DERIVE, HksCoreDeriveThreeStageInit },
64 { HKS_KEY_PURPOSE_AGREE, HksCoreAgreeThreeStageInit },
65 { HKS_KEY_PURPOSE_MAC, HksCoreMacThreeStageInit }
66 };
67
68 static struct HksCoreUpdateHandler g_hksCoreUpdateHandler[] = {
69 { HKS_KEY_PURPOSE_SIGN, HksCoreSignVerifyThreeStageUpdate },
70 { HKS_KEY_PURPOSE_VERIFY, HksCoreSignVerifyThreeStageUpdate },
71 { HKS_KEY_PURPOSE_ENCRYPT, HksCoreCryptoThreeStageUpdate },
72 { HKS_KEY_PURPOSE_DECRYPT, HksCoreCryptoThreeStageUpdate },
73 { HKS_KEY_PURPOSE_DERIVE, HksCoreDeriveThreeStageUpdate },
74 { HKS_KEY_PURPOSE_AGREE, HksCoreAgreeThreeStageUpdate },
75 { HKS_KEY_PURPOSE_MAC, HksCoreMacThreeStageUpdate }
76 };
77
78 static struct HksCoreFinishHandler g_hksCoreFinishHandler[] = {
79 { HKS_KEY_PURPOSE_SIGN, HksCoreSignVerifyThreeStageFinish },
80 { HKS_KEY_PURPOSE_VERIFY, HksCoreSignVerifyThreeStageFinish },
81 { HKS_KEY_PURPOSE_ENCRYPT, HksCoreEncryptThreeStageFinish },
82 { HKS_KEY_PURPOSE_DECRYPT, HksCoreDecryptThreeStageFinish },
83 { HKS_KEY_PURPOSE_DERIVE, HksCoreDeriveThreeStageFinish },
84 { HKS_KEY_PURPOSE_AGREE, HksCoreAgreeThreeStageFinish },
85 { HKS_KEY_PURPOSE_MAC, HksCoreMacThreeStageFinish }
86 };
87
88 static struct HksCoreAbortHandler g_hksCoreAbortHandler[] = {
89 { HKS_KEY_PURPOSE_SIGN, HksCoreSignVerifyThreeStageAbort },
90 { HKS_KEY_PURPOSE_VERIFY, HksCoreSignVerifyThreeStageAbort },
91 { HKS_KEY_PURPOSE_ENCRYPT, HksCoreCryptoThreeStageAbort },
92 { HKS_KEY_PURPOSE_DECRYPT, HksCoreCryptoThreeStageAbort },
93 { HKS_KEY_PURPOSE_DERIVE, HksCoreDeriveThreeStageAbort },
94 { HKS_KEY_PURPOSE_AGREE, HksCoreAgreeThreeStageAbort },
95 { HKS_KEY_PURPOSE_MAC, HksCoreMacThreeStageAbort }
96 };
97
GetPurposeAndAlgorithm(const struct HksParamSet * paramSet,uint32_t * pur,uint32_t * alg)98 static int32_t GetPurposeAndAlgorithm(const struct HksParamSet *paramSet, uint32_t *pur, uint32_t *alg)
99 {
100 HKS_IF_NULL_LOGE_RETURN(paramSet, HKS_ERROR_NULL_POINTER, "paramSet == NULL")
101 HKS_LOG_D("Get paramSet->paramsCnt %" LOG_PUBLIC "u", paramSet->paramsCnt);
102
103 uint32_t i;
104
105 for (i = 0; i < paramSet->paramsCnt; i++) {
106 if (paramSet->params[i].tag == HKS_TAG_PURPOSE) {
107 *pur = paramSet->params[i].uint32Param;
108 }
109
110 if (paramSet->params[i].tag == HKS_TAG_ALGORITHM) {
111 *alg = paramSet->params[i].uint32Param;
112 }
113
114 if (*pur != 0 && *alg != 0) {
115 HKS_LOG_E("found purpose : %" LOG_PUBLIC "u, algorithm : %" LOG_PUBLIC "u", *pur, *alg);
116 break;
117 }
118 }
119
120 if (i == paramSet->paramsCnt) {
121 HKS_LOG_E("don't found purpose or algrithm");
122 return HKS_ERROR_INVALID_ARGUMENT;
123 }
124
125 if (*alg == HKS_ALG_HMAC || *alg == HKS_ALG_SM3 || *pur == HKS_KEY_PURPOSE_SIGN || *pur == HKS_KEY_PURPOSE_VERIFY) {
126 if (*alg == HKS_ALG_ED25519) {
127 HKS_LOG_I("Algorithm is ed25519, not need to check digest");
128 return HKS_SUCCESS;
129 }
130 for (i = 0; i < paramSet->paramsCnt; i++) {
131 if (paramSet->params[i].tag == HKS_TAG_DIGEST) {
132 *alg = paramSet->params[i].uint32Param;
133 break;
134 }
135 }
136
137 if (i == paramSet->paramsCnt) {
138 HKS_LOG_E("don't found digest");
139 return HKS_ERROR_INVALID_ARGUMENT;
140 }
141 }
142
143 return HKS_SUCCESS;
144 }
145
CoreInitPreCheck(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * handle,const struct HksBlob * token)146 static int32_t CoreInitPreCheck(const struct HksBlob *key, const struct HksParamSet *paramSet,
147 const struct HksBlob *handle, const struct HksBlob *token)
148 {
149 if (key == NULL || paramSet == NULL || handle == NULL || token == NULL) {
150 HKS_LOG_E("the pointer param entered is invalid");
151 return HKS_ERROR_NULL_POINTER;
152 }
153
154 if (handle->size < sizeof(uint64_t)) {
155 HKS_LOG_E("handle size is too small, size : %" LOG_PUBLIC "u", handle->size);
156 return HKS_ERROR_INSUFFICIENT_MEMORY;
157 }
158
159 if (HksCheckParamSet(paramSet, paramSet->paramSetSize) != HKS_SUCCESS ||
160 HksCheckParamSetTag(paramSet) != HKS_SUCCESS) {
161 HKS_LOG_E("paramSet is invalid");
162 return HKS_ERROR_INVALID_ARGUMENT;
163 }
164
165 return HKS_SUCCESS;
166 }
167
HksBatchCheck(struct HuksKeyNode * keyNode)168 static int32_t HksBatchCheck(struct HuksKeyNode *keyNode)
169 {
170 if (keyNode == NULL) {
171 return HKS_ERROR_NULL_POINTER;
172 }
173 int32_t ret = HKS_ERROR_PARAM_NOT_EXIST;
174 if (keyNode->isBatchOperation) {
175 struct HksParam *purposeParam = NULL;
176 struct HksParam *batchPurposeParam = NULL;
177 ret = HksGetParam(keyNode->runtimeParamSet, HKS_TAG_PURPOSE, &purposeParam);
178 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "get purpose param failed!")
179 ret = HksGetParam(keyNode->keyBlobParamSet, HKS_TAG_BATCH_PURPOSE, &batchPurposeParam);
180 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "get batch purpose param failed!")
181 if ((purposeParam->uint32Param | batchPurposeParam->uint32Param) != batchPurposeParam->uint32Param) {
182 HKS_LOG_E("purposeParam should falll within the scope of batchPurposeParam");
183 return HKS_ERROR_INVALID_PURPOSE;
184 }
185 }
186 return ret;
187 }
188
HksCoreInitProcess(const struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet,uint32_t pur,uint32_t alg)189 static int32_t HksCoreInitProcess(const struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet,
190 uint32_t pur, uint32_t alg)
191 {
192 if (keyNode == NULL || paramSet == NULL) {
193 return HKS_ERROR_NULL_POINTER;
194 }
195 uint32_t i;
196 uint32_t size = HKS_ARRAY_SIZE(g_hksCoreInitHandler);
197 int32_t ret = HKS_ERROR_BAD_STATE;
198 for (i = 0; i < size; i++) {
199 if (g_hksCoreInitHandler[i].pur == pur) {
200 HKS_LOG_E("Core HksCoreInit pur = %" LOG_PUBLIC "d", pur);
201 ret = g_hksCoreInitHandler[i].handler(keyNode, paramSet, alg);
202 break;
203 }
204 }
205
206 if (ret != HKS_SUCCESS || i == size) {
207 HKS_LOG_E("CoreInit failed, pur : %" LOG_PUBLIC "u, ret : %" LOG_PUBLIC "d", pur, ret);
208 ret = ((i == size) ? HKS_ERROR_INVALID_ARGUMENT : ret);
209 }
210 return ret;
211 }
212
HksCoreUpdateProcess(struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)213 static int32_t HksCoreUpdateProcess(struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet,
214 const struct HksBlob *inData, struct HksBlob *outData)
215 {
216 if (keyNode == NULL || paramSet == NULL) {
217 return HKS_ERROR_NULL_POINTER;
218 }
219 uint32_t i;
220 uint32_t pur = 0;
221 uint32_t alg = 0;
222 int32_t ret = GetPurposeAndAlgorithm(keyNode->runtimeParamSet, &pur, &alg);
223 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "GetPurposeAndAlgorithm failed")
224 uint32_t size = HKS_ARRAY_SIZE(g_hksCoreUpdateHandler);
225 for (i = 0; i < size; i++) {
226 if (g_hksCoreUpdateHandler[i].pur == pur) {
227 struct HksBlob appendInData = { 0, NULL };
228 ret = HksCoreAppendAuthInfoBeforeUpdate(keyNode, pur, paramSet, inData, &appendInData);
229 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "before update: append auth info failed")
230
231 ret = g_hksCoreUpdateHandler[i].handler(keyNode, paramSet,
232 appendInData.data == NULL ? inData : &appendInData, outData, alg);
233 if (appendInData.data != NULL) {
234 HKS_FREE_BLOB(appendInData);
235 }
236 break;
237 }
238 }
239
240 if (ret != HKS_SUCCESS || i == size) {
241 HKS_LOG_E("CoreUpdate failed, pur : %" LOG_PUBLIC "u, ret : %" LOG_PUBLIC "d", pur, ret);
242 ret = ((i == size) ? HKS_ERROR_INVALID_ARGUMENT : ret);
243 }
244 return ret;
245 }
246
HksCoreFinishProcess(struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)247 static int32_t HksCoreFinishProcess(struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet,
248 const struct HksBlob *inData, struct HksBlob *outData)
249 {
250 if (keyNode == NULL || paramSet == NULL) {
251 return HKS_ERROR_NULL_POINTER;
252 }
253 uint32_t i;
254 uint32_t size = HKS_ARRAY_SIZE(g_hksCoreFinishHandler);
255 uint32_t pur = 0;
256 uint32_t alg = 0;
257 int32_t ret = GetPurposeAndAlgorithm(keyNode->runtimeParamSet, &pur, &alg);
258 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "GetPurposeAndAlgorithm failed")
259 for (i = 0; i < size; i++) {
260 if (g_hksCoreFinishHandler[i].pur == pur) {
261 uint32_t outDataBufferSize = (outData == NULL) ? 0 : outData->size;
262 struct HksBlob appendInData = { 0, NULL };
263 ret = HksCoreAppendAuthInfoBeforeFinish(keyNode, pur, paramSet, inData, &appendInData);
264 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "before finish: append auth info failed")
265
266 ret = g_hksCoreFinishHandler[i].handler(keyNode, paramSet,
267 appendInData.data == NULL ? inData : &appendInData, outData, alg);
268 if (appendInData.data != NULL) {
269 HKS_FREE_BLOB(appendInData);
270 }
271 HKS_IF_NOT_SUCC_BREAK(ret)
272
273 ret = HksCoreAppendAuthInfoAfterFinish(keyNode, pur, paramSet, outDataBufferSize, outData);
274 break;
275 }
276 }
277
278 if (i == size) {
279 HKS_LOG_E("don't found purpose, pur : %" LOG_PUBLIC "d", pur);
280 ret = HKS_ERROR_INVALID_ARGUMENT;
281 }
282 return ret;
283 }
284
HksAddBatchTimeToKeyNode(const struct HksParamSet * paramSet,struct HuksKeyNode * keyNode)285 static int32_t HksAddBatchTimeToKeyNode(const struct HksParamSet *paramSet, struct HuksKeyNode *keyNode)
286 {
287 if (keyNode == NULL || paramSet == NULL) {
288 return HKS_ERROR_NULL_POINTER;
289 }
290 uint64_t curTime = 0;
291 int32_t ret = HksElapsedRealTime(&curTime);
292 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksElapsedRealTime failed")
293 keyNode->isBatchOperation = false;
294 keyNode->batchOperationTimestamp = curTime + DEFAULT_BATCH_TIME_OUT * S_TO_MS;
295 bool findOperation = false;
296 bool findTimeout = false;
297 for (uint32_t i = 0; i < paramSet->paramsCnt; i++) {
298 if (paramSet->params[i].tag == HKS_TAG_IS_BATCH_OPERATION) {
299 keyNode->isBatchOperation = paramSet->params[i].boolParam;
300 findOperation = true;
301 continue;
302 }
303 if (paramSet->params[i].tag == HKS_TAG_BATCH_OPERATION_TIMEOUT) {
304 if ((uint64_t)paramSet->params[i].uint32Param > MAX_BATCH_TIME_OUT) {
305 HKS_LOG_E("Batch time is too big.");
306 return HKS_ERROR_NOT_SUPPORTED;
307 }
308 keyNode->batchOperationTimestamp = curTime + (uint64_t)paramSet->params[i].uint32Param * S_TO_MS;
309 findTimeout = true;
310 continue;
311 }
312 if (findOperation && findTimeout) {
313 break;
314 }
315 }
316 // HKS_TAG_IS_BATCH_OPERATION must be passed
317 if (!findOperation && findTimeout) {
318 keyNode->batchOperationTimestamp = 0;
319 HKS_LOG_E("can not find HKS_TAG_IS_BATCH_OPERATION.");
320 return HKS_ERROR_NOT_SUPPORTED;
321 }
322 if (!findOperation) {
323 keyNode->batchOperationTimestamp = 0;
324 }
325 return ret;
326 }
327
HksCoreInit(const struct HksBlob * key,const struct HksParamSet * paramSet,struct HksBlob * handle,struct HksBlob * token)328 int32_t HksCoreInit(const struct HksBlob *key, const struct HksParamSet *paramSet, struct HksBlob *handle,
329 struct HksBlob *token)
330 {
331 HKS_LOG_D("HksCoreInit in Core start");
332 uint32_t pur = 0;
333 uint32_t alg = 0;
334
335 int32_t ret = CoreInitPreCheck(key, paramSet, handle, token);
336 HKS_IF_NOT_SUCC_RETURN(ret, ret)
337
338 struct HuksKeyNode *keyNode = HksCreateKeyNode(key, paramSet);
339 if (keyNode == NULL || handle == NULL) {
340 HKS_LOG_E("the pointer param entered is invalid");
341 return HKS_ERROR_BAD_STATE;
342 }
343 do {
344 ret = HksAddBatchTimeToKeyNode(paramSet, keyNode);
345 HKS_IF_NOT_SUCC_BREAK(ret)
346
347 ret = HksProcessIdentityVerify(keyNode->keyBlobParamSet, paramSet);
348 HKS_IF_NOT_SUCC_BREAK(ret)
349
350 handle->size = sizeof(uint64_t);
351 if (memcpy_s(handle->data, handle->size, &(keyNode->handle), handle->size) != EOK) {
352 HKS_LOG_E("memcpy handle data failed!");
353 ret = HKS_ERROR_INSUFFICIENT_MEMORY;
354 break;
355 }
356
357 ret = GetPurposeAndAlgorithm(paramSet, &pur, &alg);
358 HKS_IF_NOT_SUCC_BREAK(ret)
359
360 ret = HksCoreSecureAccessInitParams(keyNode, paramSet, token);
361 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "init secure access params failed")
362
363 ret = HksBatchCheck(keyNode);
364 if (ret == HKS_SUCCESS) {
365 HKS_LOG_I("HksBatchCheck success");
366 return HKS_SUCCESS;
367 }
368 if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
369 ret = HksCoreInitProcess(keyNode, paramSet, pur, alg);
370 }
371 } while (0);
372 if (ret != HKS_SUCCESS) {
373 HksDeleteKeyNode(keyNode->handle);
374 }
375 HKS_LOG_D("HksCoreInit in Core end");
376 return ret;
377 }
378
GetParamsForUpdateAndFinish(const struct HksBlob * handle,uint64_t * sessionId,struct HuksKeyNode ** keyNode)379 static int32_t GetParamsForUpdateAndFinish(const struct HksBlob *handle, uint64_t *sessionId,
380 struct HuksKeyNode **keyNode)
381 {
382 if (handle == NULL || sessionId == NULL || keyNode == NULL) {
383 HKS_LOG_E("invalid input for GetSessionAndKeyNode");
384 return HKS_ERROR_NULL_POINTER;
385 }
386 if (memcpy_s(sessionId, sizeof(*sessionId), handle->data, handle->size) != EOK) {
387 HKS_LOG_E("memcpy handle value fail");
388 return HKS_ERROR_INSUFFICIENT_MEMORY;
389 }
390 *keyNode = HksQueryKeyNode(*sessionId);
391 HKS_IF_NULL_LOGE_RETURN(*keyNode, HKS_ERROR_BAD_STATE, "HksCoreUpdate query keynode failed")
392
393 return HKS_SUCCESS;
394 }
395
HksCheckBatchUpdateTime(struct HuksKeyNode * keyNode)396 static int32_t HksCheckBatchUpdateTime(struct HuksKeyNode *keyNode)
397 {
398 if (keyNode == NULL) {
399 return HKS_ERROR_NULL_POINTER;
400 }
401 uint64_t curTime = 0;
402 int32_t ret = HksElapsedRealTime(&curTime);
403 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksElapsedRealTime failed");
404 if (keyNode->batchOperationTimestamp < curTime) {
405 HKS_LOG_E("Batch operation timeout");
406 return HKS_ERROR_INVALID_TIME_OUT;
407 }
408 return ret;
409 }
410
HksBatchUpdate(struct HuksKeyNode * keyNode,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)411 static int32_t HksBatchUpdate(struct HuksKeyNode *keyNode, const struct HksParamSet *paramSet,
412 const struct HksBlob *inData, struct HksBlob *outData)
413 {
414 if (keyNode == NULL || paramSet == NULL) {
415 return HKS_ERROR_NULL_POINTER;
416 }
417
418 // enable verify authtoken when is multi batch operation
419 struct HksParam *authResult = NULL;
420 int32_t ret = HksGetParam(keyNode->authRuntimeParamSet, HKS_TAG_KEY_AUTH_RESULT, &authResult);
421 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_BAD_STATE, "get authResult failed!")
422 authResult->uint32Param = HKS_AUTH_RESULT_INIT;
423 struct HksParam *isNeedSecureSignInfo = NULL;
424 ret = HksGetParam(keyNode->authRuntimeParamSet, HKS_TAG_IF_NEED_APPEND_AUTH_INFO, &isNeedSecureSignInfo);
425 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_BAD_STATE, "get is secure sign failed!")
426 isNeedSecureSignInfo->boolParam = false;
427 ret = HksCheckBatchUpdateTime(keyNode);
428 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksCheckBatchUpdateTime failed!")
429 struct HuksKeyNode *batchKeyNode = HksCreateBatchKeyNode(keyNode, paramSet);
430 HKS_IF_NULL_LOGE_RETURN(batchKeyNode, HKS_ERROR_BAD_STATE, "the batchKeyNode is null")
431 do {
432 uint32_t pur = 0;
433 uint32_t alg = 0;
434 ret = GetPurposeAndAlgorithm(paramSet, &pur, &alg);
435 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetPurposeAndAlgorithm failed")
436 ret = HksCoreInitProcess(batchKeyNode, paramSet, pur, alg);
437 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCoreInitProcess failed")
438 ret = HksCoreFinishProcess(batchKeyNode, paramSet, inData, outData);
439 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCoreFinishProcess failed")
440 } while (0);
441
442 HksFreeUpdateKeyNode(batchKeyNode);
443 return ret;
444 }
445
HksCoreUpdate(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)446 int32_t HksCoreUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet,
447 const struct HksBlob *inData, struct HksBlob *outData)
448 {
449 HKS_LOG_D("HksCoreUpdate in Core start");
450
451 if (handle == NULL || paramSet == NULL || inData == NULL) {
452 HKS_LOG_E("the pointer param entered is invalid");
453 return HKS_ERROR_NULL_POINTER;
454 }
455
456 int32_t ret = HksCheckParamSetTag(paramSet);
457 HKS_IF_NOT_SUCC_RETURN(ret, ret)
458
459 uint64_t sessionId;
460 struct HuksKeyNode *keyNode = NULL;
461
462 ret = GetParamsForUpdateAndFinish(handle, &sessionId, &keyNode);
463 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "GetParamsForCoreUpdate failed")
464
465 ret = CheckIfNeedIsDevicePasswordSet(keyNode->keyBlobParamSet);
466 if (ret != HKS_SUCCESS) {
467 HksDeleteKeyNode(sessionId);
468 HKS_LOG_E("check device password status failed");
469 return ret;
470 }
471
472 ret = HksCoreSecureAccessVerifyParams(keyNode, paramSet);
473 if (ret != HKS_SUCCESS) {
474 HksDeleteKeyNode(sessionId);
475 HKS_LOG_E("HksCoreUpdate secure access verify failed");
476 return ret;
477 }
478
479 ret = HksBatchCheck(keyNode);
480 if (ret == HKS_SUCCESS) {
481 HKS_LOG_I("HksBatchCheck success");
482 ret = HksBatchUpdate(keyNode, paramSet, inData, outData);
483 if (ret != HKS_SUCCESS) {
484 HksDeleteKeyNode(sessionId);
485 }
486 return ret;
487 }
488
489 if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
490 ret = HksCoreUpdateProcess(keyNode, paramSet, inData, outData);
491 }
492
493 if (ret != HKS_SUCCESS) {
494 HksDeleteKeyNode(keyNode->handle);
495 }
496 return ret;
497 }
498
HksCoreFinish(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)499 int32_t HksCoreFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet, const struct HksBlob *inData,
500 struct HksBlob *outData)
501 {
502 HKS_LOG_D("HksCoreFinish in Core start");
503
504 if (handle == NULL || inData == NULL || paramSet == NULL || HksCheckParamSetTag(paramSet) != HKS_SUCCESS) {
505 HKS_LOG_E("the pointer param entered is invalid");
506 return HKS_ERROR_NULL_POINTER;
507 }
508
509 uint64_t sessionId;
510 struct HuksKeyNode *keyNode = NULL;
511
512 int32_t ret = GetParamsForUpdateAndFinish(handle, &sessionId, &keyNode);
513 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "GetParamsForCoreUpdate failed")
514
515 ret = CheckIfNeedIsDevicePasswordSet(keyNode->keyBlobParamSet);
516 if (ret != HKS_SUCCESS) {
517 HksDeleteKeyNode(sessionId);
518 HKS_LOG_E("check device password status failed");
519 return ret;
520 }
521
522 ret = HksBatchCheck(keyNode);
523 if (ret != HKS_ERROR_PARAM_NOT_EXIST) {
524 HksDeleteKeyNode(sessionId);
525 return ret;
526 }
527
528 ret = HksCoreSecureAccessVerifyParams(keyNode, paramSet);
529 if (ret != HKS_SUCCESS) {
530 HksDeleteKeyNode(sessionId);
531 HKS_LOG_E("HksCoreFinish secure access verify failed");
532 return ret;
533 }
534
535 ret = HksCoreFinishProcess(keyNode, paramSet, inData, outData);
536 HksDeleteKeyNode(sessionId);
537 HKS_LOG_D("HksCoreFinish in Core end");
538 return ret;
539 }
540
HksCoreAbort(const struct HksBlob * handle,const struct HksParamSet * paramSet)541 int32_t HksCoreAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet)
542 {
543 HKS_LOG_D("HksCoreAbort in Core start");
544 uint32_t pur = 0;
545 uint32_t alg = 0;
546
547 if (handle == NULL || paramSet == NULL) {
548 HKS_LOG_E("the pointer param entered is invalid");
549 return HKS_ERROR_NULL_POINTER;
550 }
551
552 int32_t ret = HksCheckParamSetTag(paramSet);
553 HKS_IF_NOT_SUCC_RETURN(ret, ret)
554
555 uint64_t sessionId;
556 if (memcpy_s(&sessionId, sizeof(sessionId), handle->data, handle->size) != EOK) {
557 HKS_LOG_E("memcpy handle fail");
558 return HKS_ERROR_INSUFFICIENT_MEMORY;
559 }
560
561 struct HuksKeyNode *keyNode = HksQueryKeyNode(sessionId);
562 HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_SUCCESS, "abort get key node failed")
563
564 ret = GetPurposeAndAlgorithm(keyNode->runtimeParamSet, &pur, &alg);
565 if (ret != HKS_SUCCESS) {
566 HksDeleteKeyNode(sessionId);
567 return ret;
568 }
569
570 uint32_t i;
571 uint32_t size = HKS_ARRAY_SIZE(g_hksCoreAbortHandler);
572 for (i = 0; i < size; i++) {
573 if (g_hksCoreAbortHandler[i].pur == pur) {
574 ret = g_hksCoreAbortHandler[i].handler(keyNode, paramSet, alg);
575 break;
576 }
577 }
578
579 if (i == size) {
580 HksDeleteKeyNode(sessionId);
581 HKS_LOG_E("don't found purpose, pur : %" LOG_PUBLIC "d", pur);
582 return HKS_ERROR_INVALID_ARGUMENT;
583 }
584
585 HksDeleteKeyNode(sessionId);
586 HKS_LOG_D("HksCoreAbort in Core end");
587
588 return ret;
589 }
590
591 #endif /* _CUT_AUTHENTICATE_ */