1 /*
2 * Copyright (C) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "huks_adapter_utils.h"
16
17 #include "hc_log.h"
18 #include "mbedtls_ec_adapter.h"
19 #include "string_util.h"
20
21 #define BASE_IMPORT_PARAMS_LEN 7
22 #define EXT_IMPORT_PARAMS_LEN 2
23 #define BASE_HMAC_PARAMS_LEN 3
24 #define BASE_HMAC_DERIVE_PARAMS_LEN 5
25 #define BASE_HMAC_FINISH_PARAMS_LEN 3
26 #define BASE_AGREE_WITH_STORAGE_PARAMS_LEN 9
27 #define BASE_HKDF_PARAMS_LEN 6
28 #define BASE_COMPUTE_PSEUDONYM_PSK_PARAMS_LEN 11
29 #define BASE_SIGN_PARAMS_LEN 3
30 #define BASE_ENCRYPT_PARAMS_LEN 7
31 #define BASE_DECRYPT_PARAMS_LEN 7
32 #define BASE_AGREE_INIT_PARAMS_LEN 3
33 #define BASE_AGREE_FINISH_PARAMS_LEN 7
34 #define BASE_AGREE_PARAMS_LEN 3
35 #define BASE_GENERATE_KEY_PAIR_PARAMS_LEN 6
36 #define BASE_VERIFY_PARAMS_LEN 4
37 #define BASE_IMPORT_PUB_KEY_PARAMS_LEN 8
38 #define EXT_DE_PARAMS_LEN 1
39 #define EXT_CE_PARAMS_LEN 2
40 #define PSEUDONYM_KEY_FACTOR "hichain_pseudonym_psk_key"
41 #define PSEUDONYM_KEY_LEBEL "hichain_pseudonym_psk_label"
42
43 static uint32_t g_purposeToHksKeyPurpose[] = {
44 HKS_KEY_PURPOSE_MAC,
45 HKS_KEY_PURPOSE_DERIVE,
46 HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY,
47 HKS_KEY_PURPOSE_AGREE
48 };
49
50 static enum HksKeyAlg g_algToHksAlgorithm[] = {
51 HKS_ALG_ED25519,
52 HKS_ALG_X25519,
53 HKS_ALG_ECC,
54 HKS_ALG_AES,
55 };
56
CheckKeyParams(const KeyParams * keyParams)57 int32_t CheckKeyParams(const KeyParams *keyParams)
58 {
59 CHECK_PTR_RETURN_HAL_ERROR_CODE(keyParams, "keyParams");
60 CHECK_PTR_RETURN_HAL_ERROR_CODE(keyParams->keyBuff.key, "keyParams->keyBuff.key");
61 CHECK_LEN_ZERO_RETURN_ERROR_CODE(keyParams->keyBuff.keyLen, "keyParams->keyBuff.keyLen");
62 return HAL_SUCCESS;
63 }
64
BaseCheckParams(const Uint8Buff ** inParams,const char ** paramTags,uint32_t len)65 static int32_t BaseCheckParams(const Uint8Buff **inParams, const char **paramTags, uint32_t len)
66 {
67 for (uint32_t i = 0; i < len; i++) {
68 CHECK_PTR_RETURN_HAL_ERROR_CODE(inParams[i], paramTags[i]);
69 CHECK_PTR_RETURN_HAL_ERROR_CODE(inParams[i]->val, paramTags[i]);
70 CHECK_LEN_ZERO_RETURN_ERROR_CODE(inParams[i]->length, paramTags[i]);
71 }
72 return HAL_SUCCESS;
73 }
74
BigNumExpMod(const Uint8Buff * base,const Uint8Buff * exp,const char * bigNumHex,Uint8Buff * outNum)75 int32_t BigNumExpMod(const Uint8Buff *base, const Uint8Buff *exp, const char *bigNumHex, Uint8Buff *outNum)
76 {
77 const Uint8Buff *inParams[] = { base, exp, outNum };
78 const char *paramTags[] = { "base", "exp", "outNum" };
79 int32_t res = BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
80 if (res != HAL_SUCCESS) {
81 return res;
82 }
83
84 CHECK_PTR_RETURN_HAL_ERROR_CODE(bigNumHex, "bigNumHex");
85 uint32_t primeLen = HcStrlen(bigNumHex) / BYTE_TO_HEX_OPER_LENGTH;
86 if ((primeLen != BIG_PRIME_LEN_384) && (primeLen != BIG_PRIME_LEN_256)) {
87 LOGE("Not support big number len %" LOG_PUB "d", outNum->length);
88 return HAL_FAILED;
89 }
90 CHECK_LEN_EQUAL_RETURN(outNum->length, primeLen, "outNum->length");
91
92 struct HksBlob baseBlob = { base->length, base->val };
93 struct HksBlob expBlob = { exp->length, exp->val };
94 struct HksBlob outNumBlob = { outNum->length, outNum->val };
95 struct HksBlob bigNumBlob = { 0, NULL };
96 bigNumBlob.size = outNum->length;
97 bigNumBlob.data = (uint8_t *)HcMalloc(bigNumBlob.size, 0);
98 if (bigNumBlob.data == NULL) {
99 LOGE("malloc bigNumBlob.data failed.");
100 return HAL_ERR_BAD_ALLOC;
101 }
102 res = HexStringToByte(bigNumHex, bigNumBlob.data, bigNumBlob.size);
103 if (res != HAL_SUCCESS) {
104 LOGE("HexStringToByte for bigNumHex failed.");
105 HcFree(bigNumBlob.data);
106 return res;
107 }
108
109 res = HksBnExpMod(&outNumBlob, &baseBlob, &expBlob, &bigNumBlob);
110 if (res != HKS_SUCCESS) {
111 LOGE("Huks calculate big number exp mod failed, res = %" LOG_PUB "d", res);
112 HcFree(bigNumBlob.data);
113 return HAL_FAILED;
114 }
115 outNum->length = outNumBlob.size;
116 HcFree(bigNumBlob.data);
117 return HAL_SUCCESS;
118 }
119
FreeParamSet(struct HksParamSet * paramSet)120 void FreeParamSet(struct HksParamSet *paramSet)
121 {
122 if (paramSet == NULL) {
123 return;
124 }
125 HksFreeParamSet(¶mSet);
126 }
127
ConstructParamSet(struct HksParamSet ** out,const struct HksParam * inParam,const uint32_t inParamNum)128 int32_t ConstructParamSet(struct HksParamSet **out, const struct HksParam *inParam,
129 const uint32_t inParamNum)
130 {
131 struct HksParamSet *paramSet = NULL;
132 int32_t res = HksInitParamSet(¶mSet);
133 if (res != HKS_SUCCESS) {
134 LOGE("init param set failed, res = %" LOG_PUB "d", res);
135 return HAL_ERR_INIT_PARAM_SET_FAILED;
136 }
137
138 res = HksAddParams(paramSet, inParam, inParamNum);
139 if (res != HKS_SUCCESS) {
140 LOGE("add param failed, res = %" LOG_PUB "d", res);
141 FreeParamSet(paramSet);
142 return HAL_ERR_ADD_PARAM_FAILED;
143 }
144
145 res = HksBuildParamSet(¶mSet);
146 if (res != HKS_SUCCESS) {
147 LOGE("build param set failed, res = %" LOG_PUB "d", res);
148 FreeParamSet(paramSet);
149 return HAL_ERR_BUILD_PARAM_SET_FAILED;
150 }
151
152 *out = paramSet;
153 return HAL_SUCCESS;
154 }
155
GetParamLen(bool isDeStorage,uint32_t baseLen)156 static uint32_t GetParamLen(bool isDeStorage, uint32_t baseLen)
157 {
158 #ifdef DEV_AUTH_ENABLE_CE
159 if (isDeStorage) {
160 return baseLen + EXT_DE_PARAMS_LEN;
161 } else {
162 return baseLen + EXT_CE_PARAMS_LEN;
163 }
164 #else
165 (void)isDeStorage;
166 return baseLen;
167 #endif
168 }
169
AddStorageExtParams(struct HksParam * params,bool isDeStorage,uint32_t * idx,int32_t osAccountId)170 static void AddStorageExtParams(struct HksParam *params, bool isDeStorage, uint32_t *idx, int32_t osAccountId)
171 {
172 #ifdef DEV_AUTH_ENABLE_CE
173 if (isDeStorage) {
174 params[*idx].tag = HKS_TAG_AUTH_STORAGE_LEVEL;
175 params[(*idx)++].uint32Param = HKS_AUTH_STORAGE_LEVEL_DE;
176 } else {
177 params[*idx].tag = HKS_TAG_AUTH_STORAGE_LEVEL;
178 params[(*idx)++].uint32Param = HKS_AUTH_STORAGE_LEVEL_CE;
179 params[*idx].tag = HKS_TAG_SPECIFIC_USER_ID;
180 params[(*idx)++].uint32Param = osAccountId;
181 }
182 #else
183 (void)params;
184 (void)isDeStorage;
185 (void)idx;
186 (void)osAccountId;
187 #endif
188 }
189
ConstructDeParamSet(struct HksParamSet ** paramSet)190 static int32_t ConstructDeParamSet(struct HksParamSet **paramSet)
191 {
192 struct HksParam keyParam[] = {
193 {
194 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
195 .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE
196 }
197 };
198
199 int32_t res = ConstructParamSet(paramSet, keyParam, CAL_ARRAY_SIZE(keyParam));
200 if (res != HAL_SUCCESS) {
201 LOGE("Construct de param set failed, res = %" LOG_PUB "d", res);
202 }
203 return res;
204 }
205
ConstructCeParamSet(int32_t osAccountId,struct HksParamSet ** paramSet)206 static int32_t ConstructCeParamSet(int32_t osAccountId, struct HksParamSet **paramSet)
207 {
208 struct HksParam keyParam[] = {
209 {
210 .tag = HKS_TAG_AUTH_STORAGE_LEVEL,
211 .uint32Param = HKS_AUTH_STORAGE_LEVEL_CE
212 }, {
213 .tag = HKS_TAG_SPECIFIC_USER_ID,
214 .uint32Param = osAccountId
215 }
216 };
217
218 int32_t res = ConstructParamSet(paramSet, keyParam, CAL_ARRAY_SIZE(keyParam));
219 if (res != HAL_SUCCESS) {
220 LOGE("Construct ce param set failed, res = %" LOG_PUB "d", res);
221 }
222 return res;
223 }
224
ChangeStorageLevel(const struct HksBlob * keyAliasBlob,const struct HksParamSet * deParamSet,const struct HksParamSet * ceParamSet)225 static int32_t ChangeStorageLevel(const struct HksBlob *keyAliasBlob, const struct HksParamSet *deParamSet,
226 const struct HksParamSet *ceParamSet)
227 {
228 #ifdef DEV_AUTH_ENABLE_CE
229 return HksChangeStorageLevel(keyAliasBlob, deParamSet, ceParamSet);
230 #else
231 (void)keyAliasBlob;
232 (void)deParamSet;
233 (void)ceParamSet;
234 return HKS_SUCCESS;
235 #endif
236 }
237
MoveDeKeyToCe(bool isKeyAlias,int32_t osAccountId,const struct HksBlob * keyAliasBlob)238 void MoveDeKeyToCe(bool isKeyAlias, int32_t osAccountId, const struct HksBlob *keyAliasBlob)
239 {
240 if (!isKeyAlias) {
241 return;
242 }
243 struct HksParamSet *deParamSet = NULL;
244 if (ConstructDeParamSet(&deParamSet) != HAL_SUCCESS) {
245 return;
246 }
247 struct HksParamSet *ceParamSet = NULL;
248 if (ConstructCeParamSet(osAccountId, &ceParamSet) != HAL_SUCCESS) {
249 return;
250 }
251 int32_t res = ChangeStorageLevel(keyAliasBlob, deParamSet, ceParamSet);
252 if (res != HKS_SUCCESS) {
253 LOGE("Failed to move de key to ce!");
254 }
255 }
256
ConstructCheckParamSet(bool isDeStorage,int32_t osAccountId,struct HksParamSet ** paramSet)257 int32_t ConstructCheckParamSet(bool isDeStorage, int32_t osAccountId, struct HksParamSet **paramSet)
258 {
259 uint32_t len = GetParamLen(isDeStorage, 0);
260 if (len == 0) {
261 return HAL_SUCCESS;
262 }
263 struct HksParam *checkParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
264 if (checkParams == NULL) {
265 LOGE("Malloc for checkParams failed.");
266 return HAL_ERR_BAD_ALLOC;
267 }
268 uint32_t idx = 0;
269 AddStorageExtParams(checkParams, isDeStorage, &idx, osAccountId);
270 int32_t res = ConstructParamSet(paramSet, checkParams, idx);
271 HcFree(checkParams);
272 if (res != HAL_SUCCESS) {
273 LOGE("Failed to construct check param set, res: %" LOG_PUB "d", res);
274 }
275 return res;
276 }
277
ConstructDeleteParamSet(bool isDeStorage,int32_t osAccountId,struct HksParamSet ** paramSet)278 int32_t ConstructDeleteParamSet(bool isDeStorage, int32_t osAccountId, struct HksParamSet **paramSet)
279 {
280 uint32_t len = GetParamLen(isDeStorage, 0);
281 if (len == 0) {
282 return HAL_SUCCESS;
283 }
284 struct HksParam *deleteParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
285 if (deleteParams == NULL) {
286 LOGE("Malloc for deleteParams failed.");
287 return HAL_ERR_BAD_ALLOC;
288 }
289 uint32_t idx = 0;
290 AddStorageExtParams(deleteParams, isDeStorage, &idx, osAccountId);
291 int32_t res = ConstructParamSet(paramSet, deleteParams, idx);
292 HcFree(deleteParams);
293 if (res != HAL_SUCCESS) {
294 LOGE("Failed to construct delete param set, res: %" LOG_PUB "d", res);
295 }
296 return res;
297 }
298
ConstructHmacParamSet(bool isDeStorage,int32_t osAccountId,bool isAlias,struct HksParamSet ** hmacParamSet)299 int32_t ConstructHmacParamSet(bool isDeStorage, int32_t osAccountId, bool isAlias,
300 struct HksParamSet **hmacParamSet)
301 {
302 uint32_t len = GetParamLen(isDeStorage, BASE_HMAC_PARAMS_LEN);
303 struct HksParam *hmacParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
304 if (hmacParams == NULL) {
305 LOGE("Malloc for hmacParams failed.");
306 return HAL_ERR_BAD_ALLOC;
307 }
308 uint32_t idx = 0;
309 hmacParams[idx].tag = HKS_TAG_PURPOSE;
310 hmacParams[idx++].uint32Param = HKS_KEY_PURPOSE_MAC;
311 hmacParams[idx].tag = HKS_TAG_DIGEST;
312 hmacParams[idx++].uint32Param = HKS_DIGEST_SHA256;
313 hmacParams[idx].tag = HKS_TAG_IS_KEY_ALIAS;
314 hmacParams[idx++].boolParam = isAlias;
315 AddStorageExtParams(hmacParams, isDeStorage, &idx, osAccountId);
316 int32_t res = ConstructParamSet(hmacParamSet, hmacParams, idx);
317 HcFree(hmacParams);
318 if (res != HAL_SUCCESS) {
319 LOGE("Construct hmac param set failed, res = %" LOG_PUB "d", res);
320 }
321 return res;
322 }
323
CheckHmacParams(const KeyParams * keyParams,const Uint8Buff * message,const Uint8Buff * outHmac)324 int32_t CheckHmacParams(const KeyParams *keyParams, const Uint8Buff *message, const Uint8Buff *outHmac)
325 {
326 int32_t res = CheckKeyParams(keyParams);
327 if (res != HAL_SUCCESS) {
328 return res;
329 }
330 const Uint8Buff *inParams[] = { message, outHmac };
331 const char *paramTags[] = { "message", "outHmac" };
332 res = BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
333 if (res != HAL_SUCCESS) {
334 return res;
335 }
336 CHECK_LEN_EQUAL_RETURN(outHmac->length, HMAC_LEN, "outHmac->length");
337 return HAL_SUCCESS;
338 }
339
ConstructDeriveParamSet(const KeyParams * keyParams,const Uint8Buff * message,struct HksParamSet ** deriveParamSet)340 int32_t ConstructDeriveParamSet(const KeyParams *keyParams, const Uint8Buff *message,
341 struct HksParamSet **deriveParamSet)
342 {
343 struct HksBlob srcBlob = { message->length, message->val };
344 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_HMAC_DERIVE_PARAMS_LEN);
345 struct HksParam *hmacDeriveParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
346 if (hmacDeriveParams == NULL) {
347 LOGE("Malloc for hmacDeriveParams failed.");
348 return HAL_ERR_BAD_ALLOC;
349 }
350 uint32_t idx = 0;
351 hmacDeriveParams[idx].tag = HKS_TAG_ALGORITHM;
352 hmacDeriveParams[idx++].uint32Param = HKS_ALG_HMAC;
353 hmacDeriveParams[idx].tag = HKS_TAG_PURPOSE;
354 hmacDeriveParams[idx++].uint32Param = HKS_KEY_PURPOSE_DERIVE;
355 hmacDeriveParams[idx].tag = HKS_TAG_DIGEST;
356 hmacDeriveParams[idx++].uint32Param = HKS_DIGEST_SHA256;
357 hmacDeriveParams[idx].tag = HKS_TAG_DERIVE_KEY_SIZE;
358 hmacDeriveParams[idx++].uint32Param = HMAC_LEN;
359 hmacDeriveParams[idx].tag = HKS_TAG_INFO;
360 hmacDeriveParams[idx++].blob = srcBlob;
361 AddStorageExtParams(hmacDeriveParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
362 int32_t res = ConstructParamSet(deriveParamSet, hmacDeriveParams, idx);
363 HcFree(hmacDeriveParams);
364 if (res != HAL_SUCCESS) {
365 LOGE("Construct derive param set failed, res = %" LOG_PUB "d", res);
366 }
367 return res;
368 }
369
ConstructFinishParamSet(const KeyParams * keyParams,struct HksParamSet ** finishParamSet)370 int32_t ConstructFinishParamSet(const KeyParams *keyParams, struct HksParamSet **finishParamSet)
371 {
372 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_HMAC_FINISH_PARAMS_LEN);
373 struct HksParam *hmacFinishParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
374 if (hmacFinishParams == NULL) {
375 LOGE("Malloc for hmacFinishParams failed.");
376 return HAL_ERR_BAD_ALLOC;
377 }
378 uint32_t idx = 0;
379 hmacFinishParams[idx].tag = HKS_TAG_ALGORITHM;
380 hmacFinishParams[idx++].uint32Param = HKS_ALG_AES;
381 hmacFinishParams[idx].tag = HKS_TAG_KEY_SIZE;
382 hmacFinishParams[idx++].uint32Param = HKS_AES_KEY_SIZE_256;
383 hmacFinishParams[idx].tag = HKS_TAG_PURPOSE;
384 hmacFinishParams[idx++].uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT;
385 AddStorageExtParams(hmacFinishParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
386 int32_t res = ConstructParamSet(finishParamSet, hmacFinishParams, idx);
387 HcFree(hmacFinishParams);
388 if (res != HAL_SUCCESS) {
389 LOGE("Construct finish param set failed, res = %" LOG_PUB "d", res);
390 }
391 return res;
392 }
393
CheckHmacWithThreeStageParams(const KeyParams * keyParams,const Uint8Buff * message,const Uint8Buff * outHmac)394 int32_t CheckHmacWithThreeStageParams(const KeyParams *keyParams, const Uint8Buff *message,
395 const Uint8Buff *outHmac)
396 {
397 int32_t res = CheckKeyParams(keyParams);
398 if (res != HAL_SUCCESS) {
399 return res;
400 }
401 const Uint8Buff *inParams[] = { message, outHmac };
402 const char *paramTags[] = { "message", "outHmac" };
403 res = BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
404 if (res != HAL_SUCCESS) {
405 return res;
406 }
407 CHECK_LEN_EQUAL_RETURN(outHmac->length, HMAC_LEN, "outHmac->length");
408 return HAL_SUCCESS;
409 }
410
ConstructHkdfParamSet(bool isDeStorage,const KeyParams * keyParams,const Uint8Buff * salt,const Uint8Buff * keyInfo,struct HksParamSet ** paramSet)411 int32_t ConstructHkdfParamSet(bool isDeStorage, const KeyParams *keyParams, const Uint8Buff *salt,
412 const Uint8Buff *keyInfo, struct HksParamSet **paramSet)
413 {
414 struct HksBlob saltBlob = { salt->length, salt->val };
415 struct HksBlob keyInfoBlob = { 0, NULL };
416 if (keyInfo != NULL) {
417 keyInfoBlob.size = keyInfo->length;
418 keyInfoBlob.data = keyInfo->val;
419 }
420 uint32_t len = GetParamLen(isDeStorage, BASE_HKDF_PARAMS_LEN);
421 struct HksParam *hkdfParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
422 if (hkdfParams == NULL) {
423 LOGE("Malloc for hkdfParams failed.");
424 return HAL_ERR_BAD_ALLOC;
425 }
426 uint32_t idx = 0;
427 hkdfParams[idx].tag = HKS_TAG_PURPOSE;
428 hkdfParams[idx++].uint32Param = HKS_KEY_PURPOSE_DERIVE;
429 hkdfParams[idx].tag = HKS_TAG_ALGORITHM;
430 hkdfParams[idx++].uint32Param = HKS_ALG_HKDF;
431 hkdfParams[idx].tag = HKS_TAG_DIGEST;
432 hkdfParams[idx++].uint32Param = HKS_DIGEST_SHA256;
433 hkdfParams[idx].tag = HKS_TAG_SALT;
434 hkdfParams[idx++].blob = saltBlob;
435 hkdfParams[idx].tag = HKS_TAG_INFO;
436 hkdfParams[idx++].blob = keyInfoBlob;
437 hkdfParams[idx].tag = HKS_TAG_IS_KEY_ALIAS;
438 hkdfParams[idx++].boolParam = keyParams->keyBuff.isAlias;
439 AddStorageExtParams(hkdfParams, isDeStorage, &idx, keyParams->osAccountId);
440 int32_t res = ConstructParamSet(paramSet, hkdfParams, idx);
441 HcFree(hkdfParams);
442 if (res != HAL_SUCCESS) {
443 LOGE("Failed to construct hkdf param set, res: %" LOG_PUB "d", res);
444 }
445 return res;
446 }
447
CheckHkdfParams(const KeyParams * keyParams,const Uint8Buff * salt,const Uint8Buff * outHkdf)448 int32_t CheckHkdfParams(const KeyParams *keyParams, const Uint8Buff *salt, const Uint8Buff *outHkdf)
449 {
450 int32_t res = CheckKeyParams(keyParams);
451 if (res != HAL_SUCCESS) {
452 return res;
453 }
454 const Uint8Buff *inParams[] = { salt, outHkdf };
455 const char *paramTags[] = { "salt", "outHkdf" };
456 return BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
457 }
458
ConstructPseudonymParamSet(const KeyParams * keyParams,const Uint8Buff * pskKeyAlias,const struct HksBlob * extInfoBlob,uint32_t outLen,struct HksParamSet ** paramSet)459 int32_t ConstructPseudonymParamSet(const KeyParams *keyParams, const Uint8Buff *pskKeyAlias,
460 const struct HksBlob *extInfoBlob, uint32_t outLen, struct HksParamSet **paramSet)
461 {
462 struct HksBlob saltBlob = { HcStrlen(PSEUDONYM_KEY_FACTOR), (uint8_t *)PSEUDONYM_KEY_FACTOR };
463 struct HksBlob keyInfoBlob = { HcStrlen(PSEUDONYM_KEY_LEBEL), (uint8_t *)PSEUDONYM_KEY_LEBEL };
464 struct HksBlob pskAliasBlob = { pskKeyAlias->length, pskKeyAlias->val };
465 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_COMPUTE_PSEUDONYM_PSK_PARAMS_LEN);
466 struct HksParam *hkdfParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
467 if (hkdfParams == NULL) {
468 LOGE("Malloc for hkdfParams failed.");
469 return HAL_ERR_BAD_ALLOC;
470 }
471 uint32_t idx = 0;
472 hkdfParams[idx].tag = HKS_TAG_PURPOSE;
473 hkdfParams[idx++].uint32Param = HKS_KEY_PURPOSE_DERIVE;
474 hkdfParams[idx].tag = HKS_TAG_ALGORITHM;
475 hkdfParams[idx++].uint32Param = HKS_ALG_HKDF;
476 hkdfParams[idx].tag = HKS_TAG_DIGEST;
477 hkdfParams[idx++].uint32Param = HKS_DIGEST_SHA256;
478 hkdfParams[idx].tag = HKS_TAG_SALT;
479 hkdfParams[idx++].blob = saltBlob;
480 hkdfParams[idx].tag = HKS_TAG_INFO;
481 hkdfParams[idx++].blob = keyInfoBlob;
482 hkdfParams[idx].tag = HKS_TAG_IS_KEY_ALIAS;
483 hkdfParams[idx++].boolParam = true;
484 hkdfParams[idx].tag = HKS_TAG_KEY_STORAGE_FLAG;
485 hkdfParams[idx++].uint32Param = HKS_STORAGE_ONLY_USED_IN_HUKS;
486 hkdfParams[idx].tag = HKS_TAG_DERIVE_AGREE_KEY_STORAGE_FLAG;
487 hkdfParams[idx++].uint32Param = HKS_STORAGE_ONLY_USED_IN_HUKS;
488 hkdfParams[idx].tag = HKS_TAG_KEY_SIZE;
489 hkdfParams[idx++].uint32Param = outLen * BITS_PER_BYTE;
490 hkdfParams[idx].tag = HKS_TAG_KEY_ALIAS;
491 hkdfParams[idx++].blob = pskAliasBlob;
492 hkdfParams[idx].tag = HKS_TAG_EXT_INFO;
493 hkdfParams[idx++].blob = *extInfoBlob;
494 AddStorageExtParams(hkdfParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
495 int32_t res = ConstructParamSet(paramSet, hkdfParams, idx);
496 HcFree(hkdfParams);
497 return res;
498 }
499
CheckPskParams(const KeyParams * keyParams,const Uint8Buff * pskKeyAlias,const Uint8Buff * outPsk)500 int32_t CheckPskParams(const KeyParams *keyParams, const Uint8Buff *pskKeyAlias, const Uint8Buff *outPsk)
501 {
502 int32_t res = CheckKeyParams(keyParams);
503 if (res != HAL_SUCCESS) {
504 return res;
505 }
506 const Uint8Buff *inParams[] = { pskKeyAlias, outPsk };
507 const char *paramTags[] = { "pskKeyAlias", "outPsk" };
508 return BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
509 }
510
GetExtInfoByParamSet(const struct HksParamSet * outParamSet,Uint8Buff * outExtInfo)511 int32_t GetExtInfoByParamSet(const struct HksParamSet *outParamSet, Uint8Buff *outExtInfo)
512 {
513 struct HksParam *extInfoParam = NULL;
514 int32_t res = HksGetParam(outParamSet, HKS_TAG_EXT_INFO, &extInfoParam);
515 if (res != HKS_SUCCESS) {
516 LOGE("Failed to get extInfoParam!");
517 return HAL_FAILED;
518 }
519 if (extInfoParam->blob.data == NULL || extInfoParam->blob.size == 0) {
520 LOGE("Extra info blob is null!");
521 return HAL_FAILED;
522 }
523 uint8_t *tmpExtInfoVal = (uint8_t *)HcMalloc(extInfoParam->blob.size, 0);
524 if (tmpExtInfoVal == NULL) {
525 LOGE("Failed to alloc memory for extInfo value!");
526 return HAL_ERR_BAD_ALLOC;
527 }
528 if (memcpy_s(tmpExtInfoVal, extInfoParam->blob.size, extInfoParam->blob.data, extInfoParam->blob.size) != EOK) {
529 LOGE("Failed to copy extInfo!");
530 HcFree(tmpExtInfoVal);
531 return HAL_ERR_MEMORY_COPY;
532 }
533 outExtInfo->val = tmpExtInfoVal;
534 outExtInfo->length = extInfoParam->blob.size;
535 return HAL_SUCCESS;
536 }
537
ConstructGetKeyExtInfoParamSet(const KeyParams * keyParams,struct HksParamSet ** paramSet)538 int32_t ConstructGetKeyExtInfoParamSet(const KeyParams *keyParams, struct HksParamSet **paramSet)
539 {
540 uint32_t len = GetParamLen(keyParams->isDeStorage, 0);
541 if (len == 0) {
542 return HAL_SUCCESS;
543 }
544 struct HksParam *getParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
545 if (getParams == NULL) {
546 LOGE("Malloc for getParams failed.");
547 return HAL_ERR_BAD_ALLOC;
548 }
549 uint32_t idx = 0;
550 AddStorageExtParams(getParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
551 int32_t res = ConstructParamSet(paramSet, getParams, idx);
552 HcFree(getParams);
553 if (res != HAL_SUCCESS) {
554 LOGE("Failed to construct get param set, res: %" LOG_PUB "d", res);
555 }
556 return res;
557 }
558
CheckAesGcmEncryptParam(const KeyParams * keyParams,const Uint8Buff * plain,const GcmParam * encryptInfo,Uint8Buff * outCipher)559 int32_t CheckAesGcmEncryptParam(const KeyParams *keyParams, const Uint8Buff *plain,
560 const GcmParam *encryptInfo, Uint8Buff *outCipher)
561 {
562 int32_t res = CheckKeyParams(keyParams);
563 if (res != HAL_SUCCESS) {
564 return res;
565 }
566 const Uint8Buff *inParams[] = { plain, outCipher };
567 const char* paramTags[] = { "plain", "outCipher" };
568 res = BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
569 if (res != HAL_SUCCESS) {
570 return res;
571 }
572
573 CHECK_PTR_RETURN_HAL_ERROR_CODE(encryptInfo, "encryptInfo");
574 CHECK_PTR_RETURN_HAL_ERROR_CODE(encryptInfo->aad, "aad");
575 CHECK_LEN_ZERO_RETURN_ERROR_CODE(encryptInfo->aadLen, "aadLen");
576 CHECK_PTR_RETURN_HAL_ERROR_CODE(encryptInfo->nonce, "nonce");
577 CHECK_LEN_LOWER_RETURN(encryptInfo->nonceLen, HKS_AE_NONCE_LEN, "nonceLen");
578 CHECK_LEN_LOWER_RETURN(outCipher->length, plain->length + HKS_AE_TAG_LEN, "outCipher");
579
580 return HAL_SUCCESS;
581 }
582
ConstructAesGcmEncryptParamSet(const GcmParam * encryptInfo,const KeyParams * keyParams,struct HksParamSet ** paramSet)583 int32_t ConstructAesGcmEncryptParamSet(const GcmParam *encryptInfo, const KeyParams *keyParams,
584 struct HksParamSet **paramSet)
585 {
586 struct HksBlob nonceBlob = { encryptInfo->nonceLen, encryptInfo->nonce };
587 struct HksBlob aadBlob = { encryptInfo->aadLen, encryptInfo->aad };
588 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_ENCRYPT_PARAMS_LEN);
589 struct HksParam *encryptParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
590 if (encryptParams == NULL) {
591 LOGE("Malloc for encryptParams failed.");
592 return HAL_ERR_BAD_ALLOC;
593 }
594 uint32_t idx = 0;
595 encryptParams[idx].tag = HKS_TAG_PURPOSE;
596 encryptParams[idx++].uint32Param = HKS_KEY_PURPOSE_ENCRYPT;
597 encryptParams[idx].tag = HKS_TAG_ALGORITHM;
598 encryptParams[idx++].uint32Param = HKS_ALG_AES;
599 encryptParams[idx].tag = HKS_TAG_BLOCK_MODE;
600 encryptParams[idx++].uint32Param = HKS_MODE_GCM;
601 encryptParams[idx].tag = HKS_TAG_PADDING;
602 encryptParams[idx++].uint32Param = HKS_PADDING_NONE;
603 encryptParams[idx].tag = HKS_TAG_NONCE;
604 encryptParams[idx++].blob = nonceBlob;
605 encryptParams[idx].tag = HKS_TAG_ASSOCIATED_DATA;
606 encryptParams[idx++].blob = aadBlob;
607 encryptParams[idx].tag = HKS_TAG_IS_KEY_ALIAS;
608 encryptParams[idx++].boolParam = keyParams->keyBuff.isAlias;
609 AddStorageExtParams(encryptParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
610 int32_t res = ConstructParamSet(paramSet, encryptParams, idx);
611 HcFree(encryptParams);
612 if (res != HAL_SUCCESS) {
613 LOGE("Failed to construct encrypt param set, res: %" LOG_PUB "d", res);
614 }
615 return res;
616 }
617
CheckAesGcmDecryptParam(const KeyParams * keyParams,const Uint8Buff * cipher,const GcmParam * decryptInfo,Uint8Buff * outPlain)618 int32_t CheckAesGcmDecryptParam(const KeyParams *keyParams, const Uint8Buff *cipher,
619 const GcmParam *decryptInfo, Uint8Buff *outPlain)
620 {
621 int32_t res = CheckKeyParams(keyParams);
622 if (res != HAL_SUCCESS) {
623 return res;
624 }
625 const Uint8Buff *inParams[] = { cipher, outPlain };
626 const char *paramTags[] = { "cipher", "outPlain" };
627 res = BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
628 if (res != HAL_SUCCESS) {
629 return res;
630 }
631
632 CHECK_PTR_RETURN_HAL_ERROR_CODE(decryptInfo, "decryptInfo");
633 CHECK_PTR_RETURN_HAL_ERROR_CODE(decryptInfo->aad, "aad");
634 CHECK_LEN_ZERO_RETURN_ERROR_CODE(decryptInfo->aadLen, "aadLen");
635 CHECK_PTR_RETURN_HAL_ERROR_CODE(decryptInfo->nonce, "nonce");
636 CHECK_LEN_LOWER_RETURN(decryptInfo->nonceLen, HKS_AE_NONCE_LEN, "nonceLen");
637 CHECK_LEN_LOWER_RETURN(outPlain->length, cipher->length - HKS_AE_TAG_LEN, "outPlain");
638
639 return HAL_SUCCESS;
640 }
641
ConstructAesGcmDecryptParamSet(const GcmParam * decryptInfo,const KeyParams * keyParams,struct HksParamSet ** paramSet)642 int32_t ConstructAesGcmDecryptParamSet(const GcmParam *decryptInfo, const KeyParams *keyParams,
643 struct HksParamSet **paramSet)
644 {
645 struct HksBlob nonceBlob = { decryptInfo->nonceLen, decryptInfo->nonce };
646 struct HksBlob aadBlob = { decryptInfo->aadLen, decryptInfo->aad };
647 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_DECRYPT_PARAMS_LEN);
648 struct HksParam *decryptParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
649 if (decryptParams == NULL) {
650 LOGE("Malloc for decryptParams failed.");
651 return HAL_ERR_BAD_ALLOC;
652 }
653 uint32_t idx = 0;
654 decryptParams[idx].tag = HKS_TAG_PURPOSE;
655 decryptParams[idx++].uint32Param = HKS_KEY_PURPOSE_DECRYPT;
656 decryptParams[idx].tag = HKS_TAG_ALGORITHM;
657 decryptParams[idx++].uint32Param = HKS_ALG_AES;
658 decryptParams[idx].tag = HKS_TAG_BLOCK_MODE;
659 decryptParams[idx++].uint32Param = HKS_MODE_GCM;
660 decryptParams[idx].tag = HKS_TAG_PADDING;
661 decryptParams[idx++].uint32Param = HKS_PADDING_NONE;
662 decryptParams[idx].tag = HKS_TAG_NONCE;
663 decryptParams[idx++].blob = nonceBlob;
664 decryptParams[idx].tag = HKS_TAG_ASSOCIATED_DATA;
665 decryptParams[idx++].blob = aadBlob;
666 decryptParams[idx].tag = HKS_TAG_IS_KEY_ALIAS;
667 decryptParams[idx++].boolParam = keyParams->keyBuff.isAlias;
668 AddStorageExtParams(decryptParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
669 int32_t res = ConstructParamSet(paramSet, decryptParams, idx);
670 HcFree(decryptParams);
671 if (res != HAL_SUCCESS) {
672 LOGE("Failed to construct decrypt param set, res: %" LOG_PUB "d", res);
673 }
674 return res;
675 }
676
ConstructInitParamsP256(struct HksParamSet ** initParamSet,const KeyParams * keyParams)677 int32_t ConstructInitParamsP256(struct HksParamSet **initParamSet, const KeyParams *keyParams)
678 {
679 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_AGREE_INIT_PARAMS_LEN);
680 struct HksParam *initParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
681 if (initParams == NULL) {
682 LOGE("Malloc for initParams failed.");
683 return HAL_ERR_BAD_ALLOC;
684 }
685 uint32_t idx = 0;
686 initParams[idx].tag = HKS_TAG_ALGORITHM;
687 initParams[idx++].uint32Param = HKS_ALG_ECDH;
688 initParams[idx].tag = HKS_TAG_PURPOSE;
689 initParams[idx++].uint32Param = HKS_KEY_PURPOSE_AGREE;
690 initParams[idx].tag = HKS_TAG_KEY_SIZE;
691 initParams[idx++].uint32Param = HKS_ECC_KEY_SIZE_256;
692 AddStorageExtParams(initParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
693 int32_t res = ConstructParamSet(initParamSet, initParams, idx);
694 HcFree(initParams);
695 if (res != HAL_SUCCESS) {
696 LOGE("Construct init param set failed, res = %" LOG_PUB "d", res);
697 }
698 return res;
699 }
700
ConstructFinishParamsP256(struct HksParamSet ** finishParamSet,const KeyParams * keyParams,const struct HksBlob * sharedKeyAliasBlob)701 int32_t ConstructFinishParamsP256(struct HksParamSet **finishParamSet, const KeyParams *keyParams,
702 const struct HksBlob *sharedKeyAliasBlob)
703 {
704 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_AGREE_FINISH_PARAMS_LEN);
705 struct HksParam *finishParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
706 if (finishParams == NULL) {
707 LOGE("Malloc for finishParams failed.");
708 return HAL_ERR_BAD_ALLOC;
709 }
710 uint32_t idx = 0;
711 finishParams[idx].tag = HKS_TAG_KEY_STORAGE_FLAG;
712 finishParams[idx++].uint32Param = HKS_STORAGE_PERSISTENT;
713 finishParams[idx].tag = HKS_TAG_IS_KEY_ALIAS;
714 finishParams[idx++].boolParam = true;
715 finishParams[idx].tag = HKS_TAG_ALGORITHM;
716 finishParams[idx++].uint32Param = HKS_ALG_AES;
717 finishParams[idx].tag = HKS_TAG_KEY_SIZE;
718 finishParams[idx++].uint32Param = HKS_AES_KEY_SIZE_256;
719 finishParams[idx].tag = HKS_TAG_PURPOSE;
720 finishParams[idx++].uint32Param = HKS_KEY_PURPOSE_DERIVE;
721 finishParams[idx].tag = HKS_TAG_DIGEST;
722 finishParams[idx++].uint32Param = HKS_DIGEST_SHA256;
723 finishParams[idx].tag = HKS_TAG_KEY_ALIAS;
724 finishParams[idx++].blob = *sharedKeyAliasBlob;
725 AddStorageExtParams(finishParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
726 int32_t res = ConstructParamSet(finishParamSet, finishParams, idx);
727 HcFree(finishParams);
728 if (res != HAL_SUCCESS) {
729 LOGE("Construct finish param set failed, res = %" LOG_PUB "d", res);
730 }
731 return res;
732 }
733
ConstructAgreeWithStorageParams(struct HksParamSet ** paramSet,uint32_t keyLen,Algorithm algo,const KeyParams * priKeyParams,const KeyBuff * pubKeyBuff)734 int32_t ConstructAgreeWithStorageParams(struct HksParamSet **paramSet, uint32_t keyLen, Algorithm algo,
735 const KeyParams *priKeyParams, const KeyBuff *pubKeyBuff)
736 {
737 struct HksBlob priKeyBlob = { priKeyParams->keyBuff.keyLen, priKeyParams->keyBuff.key };
738 struct HksBlob pubKeyBlob = { pubKeyBuff->keyLen, pubKeyBuff->key };
739 uint32_t len = GetParamLen(priKeyParams->isDeStorage, BASE_AGREE_WITH_STORAGE_PARAMS_LEN);
740 struct HksParam *agreeParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
741 if (agreeParams == NULL) {
742 LOGE("Malloc for agreeParams failed.");
743 return HAL_ERR_BAD_ALLOC;
744 }
745 uint32_t idx = 0;
746 agreeParams[idx].tag = HKS_TAG_ALGORITHM;
747 agreeParams[idx++].uint32Param = HKS_ALG_AES;
748 agreeParams[idx].tag = HKS_TAG_KEY_SIZE;
749 agreeParams[idx++].uint32Param = keyLen * BITS_PER_BYTE;
750 agreeParams[idx].tag = HKS_TAG_PURPOSE;
751 agreeParams[idx++].uint32Param = HKS_KEY_PURPOSE_DERIVE;
752 agreeParams[idx].tag = HKS_TAG_DIGEST;
753 agreeParams[idx++].uint32Param = HKS_DIGEST_SHA256;
754 agreeParams[idx].tag = HKS_TAG_KEY_GENERATE_TYPE;
755 agreeParams[idx++].uint32Param = HKS_KEY_GENERATE_TYPE_AGREE;
756 agreeParams[idx].tag = HKS_TAG_AGREE_ALG;
757 agreeParams[idx++].uint32Param = g_algToHksAlgorithm[algo]; // only support HKS_ALG_ED25519 and HKS_ALG_X25519
758 agreeParams[idx].tag = HKS_TAG_AGREE_PRIVATE_KEY_ALIAS;
759 agreeParams[idx++].blob = priKeyBlob;
760 agreeParams[idx].tag = HKS_TAG_AGREE_PUBLIC_KEY;
761 agreeParams[idx++].blob = pubKeyBlob;
762 agreeParams[idx].tag = HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS;
763 agreeParams[idx++].boolParam = pubKeyBuff->isAlias;
764 AddStorageExtParams(agreeParams, priKeyParams->isDeStorage, &idx, priKeyParams->osAccountId);
765 int32_t res = ConstructParamSet(paramSet, agreeParams, idx);
766 HcFree(agreeParams);
767 if (res != HAL_SUCCESS) {
768 LOGE("Construct agree param set failed, res = %" LOG_PUB "d", res);
769 }
770 return res;
771 }
772
CheckAgreeWithStorageParams(const KeyParams * priKeyParams,const KeyBuff * pubKeyBuff,uint32_t sharedKeyLen,const Uint8Buff * sharedKeyAlias)773 int32_t CheckAgreeWithStorageParams(const KeyParams *priKeyParams, const KeyBuff *pubKeyBuff,
774 uint32_t sharedKeyLen, const Uint8Buff *sharedKeyAlias)
775 {
776 int32_t res = CheckKeyParams(priKeyParams);
777 if (res != HAL_SUCCESS) {
778 return res;
779 }
780 CHECK_PTR_RETURN_HAL_ERROR_CODE(pubKeyBuff, "pubKeyBuff");
781 CHECK_PTR_RETURN_HAL_ERROR_CODE(pubKeyBuff->key, "pubKeyBuff->key");
782 CHECK_LEN_ZERO_RETURN_ERROR_CODE(pubKeyBuff->keyLen, "pubKeyBuff->keyLen");
783 CHECK_PTR_RETURN_HAL_ERROR_CODE(sharedKeyAlias, "sharedKeyAlias");
784 CHECK_PTR_RETURN_HAL_ERROR_CODE(sharedKeyAlias->val, "sharedKeyAlias->val");
785 CHECK_LEN_ZERO_RETURN_ERROR_CODE(sharedKeyAlias->length, "sharedKeyAlias->length");
786 CHECK_LEN_ZERO_RETURN_ERROR_CODE(sharedKeyLen, "sharedKeyLen");
787 return HAL_SUCCESS;
788 }
789
MoveSharedKeyToCe(const KeyParams * priKeyParams,const struct HksBlob * sharedKeyAlias)790 void MoveSharedKeyToCe(const KeyParams *priKeyParams, const struct HksBlob *sharedKeyAlias)
791 {
792 struct HksBlob priKeyBlob = { priKeyParams->keyBuff.keyLen, priKeyParams->keyBuff.key };
793 MoveDeKeyToCe(priKeyParams->keyBuff.isAlias, priKeyParams->osAccountId, &priKeyBlob);
794 MoveDeKeyToCe(true, priKeyParams->osAccountId, sharedKeyAlias);
795 }
796
797
CheckAgreeParams(const KeyParams * priKeyParams,const KeyBuff * pubKey,const Uint8Buff * sharedKey)798 int32_t CheckAgreeParams(const KeyParams *priKeyParams, const KeyBuff *pubKey, const Uint8Buff *sharedKey)
799 {
800 int32_t res = CheckKeyParams(priKeyParams);
801 if (res != HAL_SUCCESS) {
802 return res;
803 }
804 CHECK_PTR_RETURN_HAL_ERROR_CODE(pubKey, "pubKey");
805 CHECK_PTR_RETURN_HAL_ERROR_CODE(pubKey->key, "pubKey->key");
806 CHECK_LEN_ZERO_RETURN_ERROR_CODE(pubKey->keyLen, "pubKey->keyLen");
807 CHECK_PTR_RETURN_HAL_ERROR_CODE(sharedKey, "sharedKey");
808 CHECK_PTR_RETURN_HAL_ERROR_CODE(sharedKey->val, "sharedKey->val");
809 CHECK_LEN_ZERO_RETURN_ERROR_CODE(sharedKey->length, "sharedKey->length");
810 return HAL_SUCCESS;
811 }
812
813
ConstructAgreeParamSet(const KeyParams * keyParams,Algorithm algo,const Uint8Buff * sharedKey,struct HksParamSet ** paramSet)814 int32_t ConstructAgreeParamSet(const KeyParams *keyParams, Algorithm algo, const Uint8Buff *sharedKey,
815 struct HksParamSet **paramSet)
816 {
817 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_AGREE_PARAMS_LEN);
818 struct HksParam *agreeParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
819 if (agreeParams == NULL) {
820 LOGE("Malloc for agreeParams failed.");
821 return HAL_ERR_BAD_ALLOC;
822 }
823 uint32_t idx = 0;
824 agreeParams[idx].tag = HKS_TAG_ALGORITHM;
825 agreeParams[idx++].uint32Param = g_algToHksAlgorithm[algo]; // only support HKS_ALG_X25519 now
826 agreeParams[idx].tag = HKS_TAG_KEY_SIZE;
827 agreeParams[idx++].uint32Param = sharedKey->length * BITS_PER_BYTE;
828 agreeParams[idx].tag = HKS_TAG_IS_KEY_ALIAS;
829 agreeParams[idx++].boolParam = keyParams->keyBuff.isAlias;
830 AddStorageExtParams(agreeParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
831 int32_t res = ConstructParamSet(paramSet, agreeParams, idx);
832 HcFree(agreeParams);
833 if (res != HAL_SUCCESS) {
834 LOGE("Construct agree param set failed, res = %" LOG_PUB "d", res);
835 }
836 return res;
837 }
838
ConstructGenerateKeyPairWithStorageParams(struct HksParamSet ** paramSet,Algorithm algo,uint32_t keyLen,KeyPurpose purpose,const KeyParams * authIdParams)839 int32_t ConstructGenerateKeyPairWithStorageParams(struct HksParamSet **paramSet, Algorithm algo,
840 uint32_t keyLen, KeyPurpose purpose, const KeyParams *authIdParams)
841 {
842 struct HksBlob authIdBlob = { authIdParams->keyBuff.keyLen, authIdParams->keyBuff.key };
843 uint32_t len = GetParamLen(authIdParams->isDeStorage, BASE_GENERATE_KEY_PAIR_PARAMS_LEN);
844 struct HksParam *generateParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
845 if (generateParams == NULL) {
846 LOGE("Malloc for generateParams failed.");
847 return HAL_ERR_BAD_ALLOC;
848 }
849 uint32_t idx = 0;
850 generateParams[idx].tag = HKS_TAG_ALGORITHM;
851 generateParams[idx++].uint32Param = g_algToHksAlgorithm[algo];
852 generateParams[idx].tag = HKS_TAG_KEY_STORAGE_FLAG;
853 generateParams[idx++].uint32Param = HKS_STORAGE_PERSISTENT;
854 generateParams[idx].tag = HKS_TAG_PURPOSE;
855 generateParams[idx++].uint32Param = g_purposeToHksKeyPurpose[purpose];
856 generateParams[idx].tag = HKS_TAG_KEY_SIZE;
857 generateParams[idx++].uint32Param = keyLen * BITS_PER_BYTE;
858 generateParams[idx].tag = HKS_TAG_KEY_AUTH_ID;
859 generateParams[idx++].blob = authIdBlob;
860 generateParams[idx].tag = HKS_TAG_DIGEST;
861 generateParams[idx++].uint32Param = HKS_DIGEST_SHA256;
862 AddStorageExtParams(generateParams, authIdParams->isDeStorage, &idx, authIdParams->osAccountId);
863 int32_t res = ConstructParamSet(paramSet, generateParams, idx);
864 HcFree(generateParams);
865 if (res != HAL_SUCCESS) {
866 LOGE("Construct generate key pair param set failed, res = %" LOG_PUB "d", res);
867 }
868 return res;
869 }
870
CheckGenerateKeyPairParams(const KeyParams * keyParams,const ExtraInfo * exInfo,uint32_t keyLen)871 int32_t CheckGenerateKeyPairParams(const KeyParams *keyParams, const ExtraInfo *exInfo, uint32_t keyLen)
872 {
873 int32_t res = CheckKeyParams(keyParams);
874 if (res != HAL_SUCCESS) {
875 return res;
876 }
877 CHECK_PTR_RETURN_HAL_ERROR_CODE(exInfo, "exInfo");
878 CHECK_PTR_RETURN_HAL_ERROR_CODE(exInfo->authId.val, "authId->val");
879 CHECK_LEN_ZERO_RETURN_ERROR_CODE(exInfo->authId.length, "authId->length");
880 CHECK_LEN_ZERO_RETURN_ERROR_CODE(keyLen, "keyLen");
881 return HAL_SUCCESS;
882 }
883
ConstructGenerateKeyPairParams(struct HksParamSet ** paramSet,Algorithm algo,uint32_t keyLen)884 int32_t ConstructGenerateKeyPairParams(struct HksParamSet **paramSet, Algorithm algo, uint32_t keyLen)
885 {
886 struct HksParam keyParam[] = {
887 {
888 .tag = HKS_TAG_KEY_STORAGE_FLAG,
889 .uint32Param = HKS_STORAGE_TEMP
890 }, {
891 .tag = HKS_TAG_ALGORITHM,
892 .uint32Param = g_algToHksAlgorithm[algo]
893 }, {
894 .tag = HKS_TAG_KEY_SIZE,
895 .uint32Param = keyLen * BITS_PER_BYTE
896 }, {
897 .tag = HKS_TAG_IS_KEY_ALIAS,
898 .uint32Param = false
899 }
900 };
901
902 int32_t res = ConstructParamSet(paramSet, keyParam, CAL_ARRAY_SIZE(keyParam));
903 if (res != HAL_SUCCESS) {
904 LOGE("Construct param set failed, res = %" LOG_PUB "d", res);
905 return res;
906 }
907 return res;
908 }
909
ConstructExportParams(bool isDeStorage,int32_t osAccountId,struct HksParamSet ** paramSet)910 int32_t ConstructExportParams(bool isDeStorage, int32_t osAccountId, struct HksParamSet **paramSet)
911 {
912 uint32_t len = GetParamLen(isDeStorage, 0);
913 if (len == 0) {
914 return HAL_SUCCESS;
915 }
916 struct HksParam *exportParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
917 if (exportParams == NULL) {
918 LOGE("Malloc for exportParams failed.");
919 return HAL_ERR_BAD_ALLOC;
920 }
921 uint32_t idx = 0;
922 AddStorageExtParams(exportParams, isDeStorage, &idx, osAccountId);
923 int32_t res = ConstructParamSet(paramSet, exportParams, idx);
924 HcFree(exportParams);
925 if (res != HAL_SUCCESS) {
926 LOGE("Failed to construct export param set, res: %" LOG_PUB "d", res);
927 }
928 return res;
929 }
930
CheckExportParams(const KeyParams * keyParams,const Uint8Buff * outPubKey)931 int32_t CheckExportParams(const KeyParams *keyParams, const Uint8Buff *outPubKey)
932 {
933 int32_t res = CheckKeyParams(keyParams);
934 if (res != HAL_SUCCESS) {
935 return res;
936 }
937 CHECK_PTR_RETURN_HAL_ERROR_CODE(outPubKey, "outPubKey");
938 CHECK_PTR_RETURN_HAL_ERROR_CODE(outPubKey->val, "outPubKey->val");
939 CHECK_LEN_ZERO_RETURN_ERROR_CODE(outPubKey->length, "outPubKey->length");
940 return HAL_SUCCESS;
941 }
942
ConstructSignParams(bool isDeStorage,int32_t osAccountId,struct HksParamSet ** paramSet,Algorithm algo)943 int32_t ConstructSignParams(bool isDeStorage, int32_t osAccountId, struct HksParamSet **paramSet,
944 Algorithm algo)
945 {
946 uint32_t len = GetParamLen(isDeStorage, BASE_SIGN_PARAMS_LEN);
947 struct HksParam *signParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
948 if (signParams == NULL) {
949 LOGE("Malloc for signParams failed.");
950 return HAL_ERR_BAD_ALLOC;
951 }
952 uint32_t idx = 0;
953 signParams[idx].tag = HKS_TAG_PURPOSE;
954 signParams[idx++].uint32Param = HKS_KEY_PURPOSE_SIGN;
955 signParams[idx].tag = HKS_TAG_ALGORITHM;
956 signParams[idx++].uint32Param = g_algToHksAlgorithm[algo]; // only support HKS_ALG_ED25519 and HKS_ALG_ECC.
957 signParams[idx].tag = HKS_TAG_DIGEST;
958 signParams[idx++].uint32Param = HKS_DIGEST_SHA256;
959 AddStorageExtParams(signParams, isDeStorage, &idx, osAccountId);
960 int32_t res = ConstructParamSet(paramSet, signParams, idx);
961 HcFree(signParams);
962 if (res != HAL_SUCCESS) {
963 LOGE("Construct sign param set failed, res = %" LOG_PUB "d", res);
964 }
965 return res;
966 }
967
CheckSignParams(const KeyParams * keyParams,const Uint8Buff * message,const Uint8Buff * outSignature)968 int32_t CheckSignParams(const KeyParams *keyParams, const Uint8Buff *message,
969 const Uint8Buff *outSignature)
970 {
971 int32_t res = CheckKeyParams(keyParams);
972 if (res != HAL_SUCCESS) {
973 return res;
974 }
975 const Uint8Buff *inParams[] = { message, outSignature };
976 const char *paramTags[] = { "message", "outSignature" };
977 return BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
978 }
979
ConstructVerifyParams(struct HksParamSet ** paramSet,const KeyParams * keyParams,Algorithm algo)980 int32_t ConstructVerifyParams(struct HksParamSet **paramSet, const KeyParams *keyParams, Algorithm algo)
981 {
982 uint32_t len = GetParamLen(keyParams->isDeStorage, BASE_VERIFY_PARAMS_LEN);
983 struct HksParam *verifyParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
984 if (verifyParams == NULL) {
985 LOGE("Malloc for verifyParams failed.");
986 return HAL_ERR_BAD_ALLOC;
987 }
988 uint32_t idx = 0;
989 verifyParams[idx].tag = HKS_TAG_PURPOSE;
990 verifyParams[idx++].uint32Param = HKS_KEY_PURPOSE_VERIFY;
991 verifyParams[idx].tag = HKS_TAG_ALGORITHM;
992 verifyParams[idx++].uint32Param = g_algToHksAlgorithm[algo]; // only support HKS_ALG_ED25519 and HKS_ALG_ECC.
993 verifyParams[idx].tag = HKS_TAG_IS_KEY_ALIAS;
994 verifyParams[idx++].boolParam = keyParams->keyBuff.isAlias;
995 verifyParams[idx].tag = HKS_TAG_DIGEST;
996 verifyParams[idx++].uint32Param = HKS_DIGEST_SHA256;
997 AddStorageExtParams(verifyParams, keyParams->isDeStorage, &idx, keyParams->osAccountId);
998 int32_t res = ConstructParamSet(paramSet, verifyParams, idx);
999 HcFree(verifyParams);
1000 if (res != HAL_SUCCESS) {
1001 LOGE("Construct verify param set failed, res = %" LOG_PUB "d", res);
1002 }
1003 return res;
1004 }
1005
CheckVerifyParams(const KeyParams * keyParams,const Uint8Buff * message,const Uint8Buff * signature)1006 int32_t CheckVerifyParams(const KeyParams *keyParams, const Uint8Buff *message,
1007 const Uint8Buff *signature)
1008 {
1009 int32_t res = CheckKeyParams(keyParams);
1010 if (res != HAL_SUCCESS) {
1011 return res;
1012 }
1013 const Uint8Buff *inParams[] = { message, signature };
1014 const char *paramTags[] = { "message", "signature" };
1015 return BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
1016 }
1017
ConstructImportPublicKeyParams(struct HksParamSet ** paramSet,Algorithm algo,uint32_t keyLen,const KeyParams * authIdParams,const union KeyRoleInfoUnion * roleInfoUnion)1018 int32_t ConstructImportPublicKeyParams(struct HksParamSet **paramSet, Algorithm algo, uint32_t keyLen,
1019 const KeyParams *authIdParams, const union KeyRoleInfoUnion *roleInfoUnion)
1020 {
1021 if (g_algToHksAlgorithm[algo] == HKS_ALG_ECC) {
1022 keyLen = ECC_PK_LEN;
1023 }
1024 struct HksBlob authIdBlob = { authIdParams->keyBuff.keyLen, authIdParams->keyBuff.key };
1025 uint32_t len = GetParamLen(authIdParams->isDeStorage, BASE_IMPORT_PUB_KEY_PARAMS_LEN);
1026 struct HksParam *importParams = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
1027 if (importParams == NULL) {
1028 LOGE("Malloc for importParams failed.");
1029 return HAL_ERR_BAD_ALLOC;
1030 }
1031 uint32_t idx = 0;
1032 importParams[idx].tag = HKS_TAG_ALGORITHM;
1033 importParams[idx++].uint32Param = g_algToHksAlgorithm[algo];
1034 importParams[idx].tag = HKS_TAG_KEY_SIZE;
1035 importParams[idx++].uint32Param = keyLen * BITS_PER_BYTE;
1036 importParams[idx].tag = HKS_TAG_PADDING;
1037 importParams[idx++].uint32Param = HKS_PADDING_NONE;
1038 importParams[idx].tag = HKS_TAG_KEY_AUTH_ID;
1039 importParams[idx++].blob = authIdBlob;
1040 importParams[idx].tag = HKS_TAG_IS_ALLOWED_WRAP;
1041 importParams[idx++].boolParam = true;
1042 importParams[idx].tag = HKS_TAG_PURPOSE;
1043 importParams[idx++].uint32Param = HKS_KEY_PURPOSE_VERIFY;
1044 importParams[idx].tag = HKS_TAG_KEY_ROLE;
1045 importParams[idx++].uint32Param = roleInfoUnion->roleInfo;
1046 importParams[idx].tag = HKS_TAG_DIGEST;
1047 importParams[idx++].uint32Param = HKS_DIGEST_SHA256;
1048 AddStorageExtParams(importParams, authIdParams->isDeStorage, &idx, authIdParams->osAccountId);
1049 int32_t res = ConstructParamSet(paramSet, importParams, idx);
1050 HcFree(importParams);
1051 if (res != HAL_SUCCESS) {
1052 LOGE("Construct import param set failed, res = %" LOG_PUB "d", res);
1053 }
1054 return res;
1055 }
1056
CheckImportPubKeyParams(const KeyParams * keyParams,const Uint8Buff * pubKey,const ExtraInfo * exInfo)1057 int32_t CheckImportPubKeyParams(const KeyParams *keyParams, const Uint8Buff *pubKey,
1058 const ExtraInfo *exInfo)
1059 {
1060 int32_t res = CheckKeyParams(keyParams);
1061 if (res != HAL_SUCCESS) {
1062 return res;
1063 }
1064 CHECK_PTR_RETURN_HAL_ERROR_CODE(pubKey, "pubKey");
1065 CHECK_PTR_RETURN_HAL_ERROR_CODE(pubKey->val, "pubKey->val");
1066 CHECK_LEN_ZERO_RETURN_ERROR_CODE(pubKey->length, "pubKey->length");
1067 CHECK_PTR_RETURN_HAL_ERROR_CODE(exInfo, "exInfo");
1068 CHECK_PTR_RETURN_HAL_ERROR_CODE(exInfo->authId.val, "authId->val");
1069 CHECK_LEN_ZERO_RETURN_ERROR_CODE(exInfo->authId.length, "authId->length");
1070 CHECK_LEN_HIGHER_RETURN(exInfo->pairType, PAIR_TYPE_END - 1, "pairType");
1071 return HAL_SUCCESS;
1072 }
1073
CheckBigNumCompareParams(const Uint8Buff * a,const Uint8Buff * b,int * res)1074 bool CheckBigNumCompareParams(const Uint8Buff *a, const Uint8Buff *b, int *res)
1075 {
1076 if ((a == NULL || a->val == NULL) && (b == NULL || b->val == NULL)) {
1077 *res = 0; // a = b
1078 return false;
1079 }
1080 if ((a == NULL || a->val == NULL) && (b != NULL && b->val != NULL)) {
1081 *res = 1; // a < b
1082 return false;
1083 }
1084 if ((a != NULL && a->val != NULL) && (b == NULL || b->val == NULL)) {
1085 *res = -1; // a > b
1086 return false;
1087 }
1088 return true;
1089 }
1090
InitImportParam(const KeyParams * keyParams,const ExtraInfo * exInfo,struct HksParam ** importParam)1091 static int32_t InitImportParam(const KeyParams *keyParams, const ExtraInfo *exInfo, struct HksParam **importParam)
1092 {
1093 if (exInfo != NULL) {
1094 CHECK_PTR_RETURN_HAL_ERROR_CODE(exInfo->authId.val, "authId");
1095 CHECK_LEN_ZERO_RETURN_ERROR_CODE(exInfo->authId.length, "authId");
1096 CHECK_LEN_HIGHER_RETURN(exInfo->pairType, PAIR_TYPE_END - 1, "pairType");
1097 }
1098 uint32_t baseLen = ((exInfo == NULL) ? BASE_IMPORT_PARAMS_LEN : (BASE_IMPORT_PARAMS_LEN + EXT_IMPORT_PARAMS_LEN));
1099 uint32_t len = GetParamLen(keyParams->isDeStorage, baseLen);
1100 *importParam = (struct HksParam *)HcMalloc(sizeof(struct HksParam) * len, 0);
1101 if (*importParam == NULL) {
1102 LOGE("Malloc for importParam failed.");
1103 return HAL_ERR_BAD_ALLOC;
1104 }
1105 return HAL_SUCCESS;
1106 }
1107
ConstructImportSymmetricKeyParam(struct HksParamSet ** paramSet,const KeyParams * keyParams,uint32_t keyLen,KeyPurpose purpose,const ExtraInfo * exInfo)1108 int32_t ConstructImportSymmetricKeyParam(struct HksParamSet **paramSet, const KeyParams *keyParams,
1109 uint32_t keyLen, KeyPurpose purpose, const ExtraInfo *exInfo)
1110 {
1111 struct HksParam *importParam = NULL;
1112 int32_t res = InitImportParam(keyParams, exInfo, &importParam);
1113 if (res != HAL_SUCCESS) {
1114 return res;
1115 }
1116 uint32_t idx = 0;
1117 if (exInfo != NULL) {
1118 struct HksBlob authIdBlob = { 0, NULL };
1119 union KeyRoleInfoUnion roleInfoUnion;
1120 (void)memset_s(&roleInfoUnion, sizeof(roleInfoUnion), 0, sizeof(roleInfoUnion));
1121 authIdBlob.size = exInfo->authId.length;
1122 authIdBlob.data = exInfo->authId.val;
1123 roleInfoUnion.roleInfoStruct.userType = (uint8_t)exInfo->userType;
1124 roleInfoUnion.roleInfoStruct.pairType = (uint8_t)exInfo->pairType;
1125 importParam[idx].tag = HKS_TAG_KEY_AUTH_ID;
1126 importParam[idx++].blob = authIdBlob;
1127 importParam[idx].tag = HKS_TAG_KEY_ROLE;
1128 importParam[idx++].uint32Param = roleInfoUnion.roleInfo;
1129 }
1130
1131 importParam[idx].tag = HKS_TAG_ALGORITHM;
1132 importParam[idx++].uint32Param = HKS_ALG_AES;
1133 importParam[idx].tag = HKS_TAG_KEY_SIZE;
1134 importParam[idx++].uint32Param = keyLen * BITS_PER_BYTE;
1135 importParam[idx].tag = HKS_TAG_PADDING;
1136 importParam[idx++].uint32Param = HKS_PADDING_NONE;
1137 importParam[idx].tag = HKS_TAG_IS_ALLOWED_WRAP;
1138 importParam[idx++].boolParam = false;
1139 importParam[idx].tag = HKS_TAG_PURPOSE;
1140 importParam[idx++].uint32Param = g_purposeToHksKeyPurpose[purpose];
1141 importParam[idx].tag = HKS_TAG_BLOCK_MODE;
1142 importParam[idx++].uint32Param = HKS_MODE_GCM;
1143 importParam[idx].tag = HKS_TAG_DIGEST;
1144 importParam[idx++].uint32Param = HKS_DIGEST_SHA256;
1145 AddStorageExtParams(importParam, keyParams->isDeStorage, &idx, keyParams->osAccountId);
1146 res = ConstructParamSet(paramSet, importParam, idx);
1147 HcFree(importParam);
1148 return res;
1149 }
1150
CheckImportSymmetricKeyParams(const KeyParams * keyParams,const Uint8Buff * authToken)1151 int32_t CheckImportSymmetricKeyParams(const KeyParams *keyParams, const Uint8Buff *authToken)
1152 {
1153 int32_t res = CheckKeyParams(keyParams);
1154 if (res != HAL_SUCCESS) {
1155 return res;
1156 }
1157 const Uint8Buff *inParams[] = { authToken };
1158 const char *paramTags[] = { "authToken" };
1159 return BaseCheckParams(inParams, paramTags, CAL_ARRAY_SIZE(inParams));
1160 }
1161