1 /* 2 * Copyright (C) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef HUKS_ADAPTER_TEST_H 17 #define HUKS_ADAPTER_TEST_H 18 19 #include "base.h" 20 #include "hichain.h" 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 #define safe_free(T) \ 27 do { \ 28 if ((T) != NULL) { \ 29 FREE(T); \ 30 } \ 31 } while (0) 32 33 #define array_size(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) 34 35 enum huks_adapter_error_code { 36 ERROR_CODE_NO_PEER_PUBLIC_KEY = -10, 37 ERROR_CODE_FAILED = -1, 38 ERROR_CODE_INIT_PARAM_SET = -2, 39 ERROR_CODE_ADD_PARAM = -3, 40 ERROR_CODE_BUILD_PARAM_SET = -4, 41 ERROR_CODE_GENERATE_KEY = -5, 42 ERROR_CODE_FRESH_PARAM_SET = -6, 43 ERROR_CODE_GET_PUB_KEY_FROM_PARAM_SET = -7, 44 ERROR_CODE_GET_PRIV_KEY_FROM_PARAM_SET = -8, 45 ERROR_CODE_NO_SPACE = -9, 46 ERROR_CODE_SUCCESS = 0 47 }; 48 49 enum huks_key_alias_type { 50 KEY_ALIAS_ACCESSOR_PK = HC_USER_TYPE_ACCESSORY, 51 KEY_ALIAS_CONTROLLER_PK = HC_USER_TYPE_CONTROLLER, 52 KEY_ALIAS_LT_KEY_PAIR, 53 KEY_ALIAS_KEK, 54 KEY_ALIAS_DEK, 55 KEY_ALIAS_TMP, 56 }; 57 58 enum hc_pair_type { 59 HC_PAIR_TYPE_BIND, 60 HC_PAIR_TYPE_AUTH, 61 }; 62 63 struct huks_key_type { 64 uint8_t user_type; 65 uint8_t pair_type; 66 uint8_t reserved1; 67 uint8_t reserved2; 68 }; 69 70 enum huks_derived_type { 71 HUKS_DERIVED_TYPE_KEK = KEY_ALIAS_KEK, 72 HUKS_DERIVED_TYPE_DEK = KEY_ALIAS_DEK, 73 }; 74 75 struct service_id generate_service_id(const struct session_identity *identity); 76 77 /* 78 * generate key alias by service id and auth id 79 * 80 * @param service_id: service id 81 * @param hc_auth_id: auth id 82 * @param key_type: ACCESSOR_PK:0 CONTROLLER_PK:1 LT_KEY_PAIR:2 KEK:3 DEK:4 83 * @return key alias 84 */ 85 struct hc_key_alias generate_key_alias(const struct service_id *service_id, 86 const struct hc_auth_id *auth_id, enum huks_key_alias_type key_type); 87 88 /* 89 * Generate temporary key pair X25519 90 * 91 * @param keyPair: the public&private key struct 92 * @param keyPairType: the key pair type, support X25519 and ED25519 93 * @return 0 -- success, others -- failed 94 */ 95 int32_t generate_st_key_pair(struct st_key_pair *out_key_pair); 96 97 /* 98 * Generate a long-lived key pair ED25519. 99 * 100 * @param key_alias: key alias 101 * @return 0 -- success, others -- failed 102 */ 103 int32_t generate_lt_key_pair(struct hc_key_alias *key_alias, const struct hc_auth_id *auth_id); 104 105 /* 106 * Export long-acting public key 107 * 108 * @param key_alias: the public key alias 109 * @return 0 -- success, others -- failed 110 */ 111 int32_t export_lt_public_key(struct hc_key_alias *key_alias, struct ltpk *out_public_key); 112 113 /* 114 * Delete stored public key 115 * 116 * @param key_alias: the public key alias 117 * @return 0 -- success, others -- failed 118 */ 119 int32_t delete_lt_public_key(struct hc_key_alias *key_alias); 120 121 /* 122 * Import public key 123 * 124 * @param key_alias: the public key alias 125 * @param peer_public_key: the peer public key to be store 126 * @return 0 -- success, others -- failed 127 */ 128 int32_t import_lt_public_key(struct hc_key_alias *key_alias, struct ltpk *peer_public_key, 129 const int32_t user_type, const int32_t pair_type, struct hc_auth_id *auth_id); 130 131 /* 132 * Check if the public key exists according to alias 133 * 134 * @param key_alias: the public key alias 135 * @return 0 -- exist, others -- not exist 136 */ 137 int32_t check_lt_public_key_exist(struct hc_key_alias *key_alias); 138 139 /* 140 * Check if the public key exists according to alias 141 * 142 * @param key_alias: the public key alias 143 * @return 0 -- is owner, others -- not 144 */ 145 int32_t check_key_alias_is_owner(struct hc_key_alias *key_alias); 146 147 /* 148 * Check if the public key exists according to alias 149 * 150 * @param key_alias: key alias 151 * @param out_key_type: output param, with key type info 152 * @param out_auth_id: output param, with auth id 153 * @return 0 -- work, others -- failed 154 */ 155 int32_t get_lt_key_info(struct hc_key_alias *alias, struct huks_key_type *out_key_type, struct hc_auth_id *out_auth_id); 156 157 /* 158 * Query the list of imported and stored ed25519 public keys 159 * 160 * @param owner_auth_id: input null, output binding list;input owner, output auth list;other ,output null 161 * @param trust_user_type: the public key alias 162 * @return 0 -- exist, others -- not exist 163 */ 164 int32_t get_lt_public_key_list(const struct hc_auth_id *owner_auth_id, int32_t trust_user_type, 165 struct hc_auth_id *out_auth_list, uint32_t *out_count); 166 167 /* 168 * compute shared secret by X25519. 169 * 170 * @param self_private_key: the private key 171 * @param peer_public_key: the peer public key 172 * @param out_shared_key: out shared key 173 * @return 0 -- success, others -- failed 174 */ 175 int32_t compute_sts_shared_secret(struct stsk *self_private_key, 176 struct stpk *peer_public_key, struct sts_shared_secret *out_shared_key); 177 178 /* 179 * sign by ED25519. 180 * 181 * @param key_alias: the key alias 182 * @param message: the message to sign 183 * @param out_sig: sign result 184 * @return 0 -- success, others -- failed 185 */ 186 int32_t sign(struct hc_key_alias *key_alias, const struct uint8_buff *message, struct signature *out_signature); 187 188 /* 189 * verify by ED25519. 190 * 191 * @param service_id: the service ID 192 * @param hc_auth_id: the auth ID 193 * @param user_type: accessor:0 controller:1 194 * @param message: the message to verify 195 * @param signature: signature to compare 196 * @return 0 -- success, others -- failed 197 */ 198 int32_t verify(struct hc_key_alias *key_alias, const int32_t user_type, const struct uint8_buff *message, 199 struct signature *signature); 200 201 /* 202 * verify by ED25519, pass public_key. 203 * 204 * @param service_id: the service ID 205 * @param hc_auth_id: the auth ID 206 * @param user_type: accessor:0 controller:1 207 * @param message: the message to verify 208 * @param public_key: the public key 209 * @param signature: signature to compare 210 * @return 0 -- success, others -- failed 211 */ 212 int32_t verify_with_public_key(const int32_t user_type, const struct uint8_buff *message, 213 struct var_buffer *public_key, struct signature *signature); 214 215 /* 216 * Check public key's legality 217 * @param key: public key 218 * @param bigNumLen: big num len 384 or 256 219 * @return true -- legal, false -- illegal 220 */ 221 int32_t CheckDlSpekePublicKey(const struct var_buffer *key, uint32_t bigNumLen); 222 223 /* 224 * Calculate BigNum Exponent 225 * @param base 32 byte 226 * @param exp 32 byte 227 * @param big_num_len: big num len 384 or 256 228 * @param out_result 229 * @return others -- failed, 0 -- success 230 */ 231 int32_t cal_bignum_exp(struct var_buffer *base, struct var_buffer *exp, 232 const uint32_t big_num_len, struct big_num *out_result); 233 234 /* 235 * generate random string 236 * 237 * @param length : length of required random byte array 238 * @return generated random uint8_t array 239 */ 240 struct random_value generate_random(uint32_t length); 241 242 /* 243 * HMAC method 244 * 245 * @param key HMAC key 246 * @param message message to be digested 247 * @return others -- failed, 0 -- success 248 */ 249 int32_t compute_hmac(struct var_buffer *key, const struct uint8_buff *message, struct hmac *out_hmac); 250 251 /* 252 * key derivation of HKDF, salt and info are offered 253 * 254 * @param sharedSecret the seed of the key derivation 255 * @param salt salt used in HKDF 256 * @param [out] out_hkadf,the derived key, out_hkadf.length must be specified 257 * @return 0 = success, -1 = failed 258 */ 259 int32_t compute_hkdf(struct var_buffer *shared_secret, struct hc_salt *salt, char *key_info, 260 uint32_t hkdf_len, struct var_buffer *out_hkdf); 261 262 /* 263 * aes gcm encrypt. 264 * 265 * @param key: encrypt key 266 * @param plain: data to be encrypted 267 * @param aad: aad for encrypt 268 * @param out_cipher: encrypted data 269 * @return 0 -- success, others -- failed 270 */ 271 int32_t aes_gcm_encrypt(struct var_buffer *key, const struct uint8_buff *plain, 272 struct aes_aad *aad, struct uint8_buff *out_cipher); 273 274 /* 275 * aes gcm decrypt. 276 * 277 * @param key: encrypt key 278 * @param cipher: data to be decrypted 279 * @param aad: aad for encrypt 280 * @param out_plain: edecrypted data 281 * @return 0 -- success, others -- failed 282 */ 283 int32_t aes_gcm_decrypt(struct var_buffer *key, const struct uint8_buff *cipher, 284 struct aes_aad *aad, struct uint8_buff *out_plain); 285 286 #if (defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_)) 287 int32_t generate_lt_X25519_key_pair(struct hc_key_alias *key_alias, const struct hc_auth_id *auth_id); 288 289 int32_t aes_ccm_decrypt(struct var_buffer *key, const struct uint8_buff *cipher, 290 struct aes_aad *aad, struct uint8_buff *out_plain); 291 292 int32_t get_cert_chain(const struct uint8_buff *challenge, struct hc_key_alias *sk_alias, 293 struct uint8_buff *out_cert_chain); 294 295 int32_t asset_unwrap(struct uint8_buff *sec_data, struct hc_key_alias *dec_alias, 296 struct hc_key_alias *target_alias); 297 298 int32_t get_key_attestation(const struct uint8_buff *challenge, struct hc_key_alias *sk_alias, 299 struct uint8_buff *out_cert_chain); 300 301 #endif 302 303 /* 304 * load file hks keystore to buffer 305 * 306 * @return 0 -- success, others -- failed 307 */ 308 int32_t key_info_init(void); 309 310 #ifdef __cplusplus 311 } 312 #endif 313 314 #endif