1 /*
2 * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define HUKS_DISABLE_LOG_AT_FILE_TO_REDUCE_ROM_SIZE
16
17 #include "hks_type_enum.h"
18 #ifdef HKS_CONFIG_FILE
19 #include HKS_CONFIG_FILE
20 #else
21 #include "hks_config.h"
22 #endif
23
24 #include "hks_api.h"
25
26 #include <inttypes.h>
27 #include <stddef.h>
28 #include <string.h>
29
30 #include "hks_api_adapter.h"
31
32 #include "hks_client_ipc.h"
33 #include "hks_local_engine.h"
34 #include "hks_ability.h"
35 #include "hks_log.h"
36 #include "hks_mem.h"
37 #include "hks_param.h"
38 #include "hks_template.h"
39 #include "hks_type.h"
40 #include "hks_util.h"
41
42 #include "securec.h"
43
44 #ifdef HKS_SUPPORT_API_ATTEST_KEY
45 #include "hks_verifier.h"
46 #endif
47
48 #ifdef _CUT_AUTHENTICATE_
49 #undef HKS_SUPPORT_API_GENERATE_KEY
50 #undef HKS_SUPPORT_API_IMPORT
51 #undef HKS_SUPPORT_API_EXPORT
52 #undef HKS_SUPPORT_API_DELETE_KEY
53 #undef HKS_SUPPORT_API_GET_KEY_PARAM_SET
54 #undef HKS_SUPPORT_API_KEY_EXIST
55 #undef HKS_SUPPORT_API_SIGN_VERIFY
56 #undef HKS_SUPPORT_API_SIGN_VERIFY
57 #undef HKS_SUPPORT_API_AGREE_KEY
58 #undef HKS_SUPPORT_API_HASH
59 #undef HKS_SUPPORT_API_GET_KEY_INFO_LIST
60 #undef HKS_SUPPORT_API_ATTEST_KEY
61 #undef HKS_SUPPORT_API_GET_CERTIFICATE_CHAIN
62 #endif
63
HksGetSdkVersion(struct HksBlob * sdkVersion)64 HKS_API_EXPORT int32_t HksGetSdkVersion(struct HksBlob *sdkVersion)
65 {
66 if ((sdkVersion == NULL) || (sdkVersion->data == NULL)) {
67 return HKS_ERROR_NULL_POINTER;
68 }
69
70 uint32_t versionLen = strlen(HKS_SDK_VERSION);
71 if (sdkVersion->size < (versionLen + 1)) {
72 return HKS_ERROR_INVALID_ARGUMENT;
73 }
74
75 HKS_IF_NOT_EOK_LOGE_RETURN(memcpy_s(sdkVersion->data, sdkVersion->size, HKS_SDK_VERSION, versionLen),
76 HKS_ERROR_INSUFFICIENT_MEMORY, "copy sdkVersion data failed!")
77
78 sdkVersion->data[versionLen] = '\0';
79 sdkVersion->size = versionLen;
80 return HKS_SUCCESS;
81 }
82
HksInitialize(void)83 HKS_API_EXPORT int32_t HksInitialize(void)
84 {
85 #ifndef _CUT_AUTHENTICATE_
86 HKS_LOG_D("enter initialize");
87 int32_t ret = HksClientInitialize();
88 HKS_LOG_D("leave initialize, result = %" LOG_PUBLIC "d", ret);
89 return ret;
90 #else
91 (void)HksCryptoAbilityInit();
92 return HKS_SUCCESS;
93 #endif
94 }
95
HksRefreshKeyInfo(void)96 HKS_API_EXPORT int32_t HksRefreshKeyInfo(void)
97 {
98 #ifndef _CUT_AUTHENTICATE_
99 HKS_LOG_D("enter refresh key info");
100 int32_t ret = HksClientRefreshKeyInfo();
101 HKS_IF_NOT_SUCC_LOGE(ret, "leave refresh key info, result = %" LOG_PUBLIC "d", ret);
102 return ret;
103 #else
104 return HKS_ERROR_API_NOT_SUPPORTED;
105 #endif
106 }
107
CheckifNeedOverrideKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn)108 static int32_t CheckifNeedOverrideKey(const struct HksBlob *keyAlias,
109 const struct HksParamSet *paramSetIn)
110 {
111 struct HksParam *isKeyOverride = NULL;
112 int32_t ret = HksGetParam(paramSetIn, HKS_TAG_KEY_OVERRIDE, &isKeyOverride);
113 if (ret == HKS_SUCCESS && !isKeyOverride->boolParam) {
114 ret = HksClientKeyExist(keyAlias, paramSetIn);
115 if (ret == HKS_SUCCESS) {
116 return HKS_ERROR_CODE_KEY_ALREADY_EXIST;
117 } else if (ret != HKS_ERROR_NOT_EXIST) {
118 return ret;
119 }
120 }
121
122 return HKS_SUCCESS;
123 }
124
HksGenerateKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)125 HKS_API_EXPORT int32_t HksGenerateKey(const struct HksBlob *keyAlias,
126 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut)
127 {
128 #ifdef HKS_SUPPORT_API_GENERATE_KEY
129 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
130 struct HksParam *storageFlag = NULL;
131 int32_t ret = HksGetParam(paramSetIn, HKS_TAG_KEY_STORAGE_FLAG, &storageFlag);
132 if ((ret == HKS_SUCCESS) && (storageFlag->uint32Param == HKS_STORAGE_TEMP)) {
133 if ((paramSetIn == NULL) || (paramSetOut == NULL)) {
134 return HKS_ERROR_NULL_POINTER;
135 }
136 ret = HksLocalGenerateKey(paramSetIn, paramSetOut);
137 HKS_IF_NOT_SUCC_LOGE(ret, "leave generate temp key, result = %" LOG_PUBLIC "d", ret);
138 return ret;
139 }
140
141 /* generate persistent keys */
142 if ((paramSetIn == NULL) || (keyAlias == NULL)) {
143 return HKS_ERROR_NULL_POINTER;
144 }
145 ret = CheckifNeedOverrideKey(keyAlias, paramSetIn);
146 if (ret != HKS_SUCCESS) {
147 return ret;
148 }
149 ret = HksClientGenerateKey(keyAlias, paramSetIn, paramSetOut);
150 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
151 return ret;
152 #else
153 (void)keyAlias;
154 (void)paramSetIn;
155 (void)paramSetOut;
156 return HKS_ERROR_API_NOT_SUPPORTED;
157 #endif
158 }
159
HksImportKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,const struct HksBlob * key)160 HKS_API_EXPORT int32_t HksImportKey(const struct HksBlob *keyAlias,
161 const struct HksParamSet *paramSet, const struct HksBlob *key)
162 {
163 #ifdef HKS_SUPPORT_API_IMPORT
164 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
165 if ((keyAlias == NULL) || (paramSet == NULL) || (key == NULL)) {
166 return HKS_ERROR_NULL_POINTER;
167 }
168 int32_t ret = CheckifNeedOverrideKey(keyAlias, paramSet);
169 if (ret != HKS_SUCCESS) {
170 return ret;
171 }
172 ret = HksImportKeyAdapter(keyAlias, paramSet, key);
173 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
174 return ret;
175 #else
176 (void)keyAlias;
177 (void)paramSet;
178 (void)key;
179 return HKS_ERROR_API_NOT_SUPPORTED;
180 #endif
181 }
182
HksImportWrappedKey(const struct HksBlob * keyAlias,const struct HksBlob * wrappingKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * wrappedKeyData)183 HKS_API_EXPORT int32_t HksImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias,
184 const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData)
185 {
186 #ifdef HKS_SUPPORT_API_IMPORT_WRAPPED_KEY
187 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
188 if ((keyAlias == NULL) || (wrappingKeyAlias == NULL)|| (paramSet == NULL) || (wrappedKeyData == NULL)) {
189 return HKS_ERROR_NULL_POINTER;
190 }
191 int32_t ret = CheckifNeedOverrideKey(keyAlias, paramSet);
192 if (ret != HKS_SUCCESS) {
193 return ret;
194 }
195 ret = HksClientImportWrappedKey(keyAlias, wrappingKeyAlias, paramSet, wrappedKeyData);
196 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
197 return ret;
198 #else
199 (void)keyAlias;
200 (void)wrappingKeyAlias;
201 (void)paramSet;
202 (void)wrappedKeyData;
203 return HKS_ERROR_API_NOT_SUPPORTED;
204 #endif
205 }
206
HksExportPublicKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * key)207 HKS_API_EXPORT int32_t HksExportPublicKey(const struct HksBlob *keyAlias,
208 const struct HksParamSet *paramSet, struct HksBlob *key)
209 {
210 #ifdef HKS_SUPPORT_API_EXPORT
211 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
212 if ((keyAlias == NULL) || (key == NULL)) {
213 return HKS_ERROR_NULL_POINTER;
214 }
215 int32_t ret = HksExportPublicKeyAdapter(keyAlias, paramSet, key);
216 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
217 return ret;
218 #else
219 (void)keyAlias;
220 (void)paramSet;
221 (void)key;
222 return HKS_ERROR_API_NOT_SUPPORTED;
223 #endif
224 }
225
HksDeleteKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)226 HKS_API_EXPORT int32_t HksDeleteKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet)
227 {
228 #ifdef HKS_SUPPORT_API_DELETE_KEY
229 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
230 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER)
231 int32_t ret = HksClientDeleteKey(keyAlias, paramSet);
232 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
233 return ret;
234 #else
235 (void)keyAlias;
236 (void)paramSet;
237 return HKS_ERROR_API_NOT_SUPPORTED;
238 #endif
239 }
240
HksGetKeyParamSet(const struct HksBlob * keyAlias,const struct HksParamSet * paramSetIn,struct HksParamSet * paramSetOut)241 HKS_API_EXPORT int32_t HksGetKeyParamSet(const struct HksBlob *keyAlias,
242 const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut)
243 {
244 #ifdef HKS_SUPPORT_API_GET_KEY_PARAM_SET
245 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
246 if ((keyAlias == NULL) || (paramSetOut == NULL)) {
247 return HKS_ERROR_NULL_POINTER;
248 }
249 int32_t ret = HksClientGetKeyParamSet(keyAlias, paramSetIn, paramSetOut);
250 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
251 return ret;
252 #else
253 (void)keyAlias;
254 (void)paramSetIn;
255 (void)paramSetOut;
256 return HKS_ERROR_API_NOT_SUPPORTED;
257 #endif
258 }
259
HksKeyExist(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet)260 HKS_API_EXPORT int32_t HksKeyExist(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet)
261 {
262 #ifdef HKS_SUPPORT_API_KEY_EXIST
263 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
264 HKS_IF_NULL_RETURN(keyAlias, HKS_ERROR_NULL_POINTER)
265 int32_t ret = HksClientKeyExist(keyAlias, paramSet);
266 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
267 return ret;
268 #else
269 (void)keyAlias;
270 (void)paramSet;
271 return HKS_ERROR_API_NOT_SUPPORTED;
272 #endif
273 }
274
HksGenerateRandom(const struct HksParamSet * paramSet,struct HksBlob * random)275 HKS_API_EXPORT int32_t HksGenerateRandom(const struct HksParamSet *paramSet, struct HksBlob *random)
276 {
277 #ifdef HKS_SUPPORT_API_GENERATE_RANDOM
278 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
279 HKS_IF_NULL_RETURN(random, HKS_ERROR_NULL_POINTER)
280 int32_t ret = HksClientGenerateRandom(random, paramSet);
281 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
282 return ret;
283 #else
284 (void)paramSet;
285 (void)random;
286 return HKS_ERROR_API_NOT_SUPPORTED;
287 #endif
288 }
289
HksSign(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * signature)290 HKS_API_EXPORT int32_t HksSign(const struct HksBlob *key, const struct HksParamSet *paramSet,
291 const struct HksBlob *srcData, struct HksBlob *signature)
292 {
293 #ifdef HKS_SUPPORT_API_SIGN_VERIFY
294 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
295 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) {
296 return HKS_ERROR_NULL_POINTER;
297 }
298
299 struct HksParam *isKeyAlias = NULL;
300 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
301 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
302 return HksLocalSign(key, paramSet, srcData, signature);
303 }
304
305 ret = HksClientSign(key, paramSet, srcData, signature);
306 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
307 return ret;
308 #else
309 (void)key;
310 (void)paramSet;
311 (void)srcData;
312 (void)signature;
313 return HKS_ERROR_API_NOT_SUPPORTED;
314 #endif
315 }
316
HksVerify(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,const struct HksBlob * signature)317 HKS_API_EXPORT int32_t HksVerify(const struct HksBlob *key, const struct HksParamSet *paramSet,
318 const struct HksBlob *srcData, const struct HksBlob *signature)
319 {
320 #ifdef HKS_SUPPORT_API_SIGN_VERIFY
321 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
322 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (signature == NULL)) {
323 return HKS_ERROR_NULL_POINTER;
324 }
325
326 struct HksParam *isKeyAlias = NULL;
327 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
328 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
329 ret = HksLocalVerify(key, paramSet, srcData, signature);
330 HKS_IF_NOT_SUCC_LOGE(ret, "leave verify with plain key, result = %" LOG_PUBLIC "d", ret);
331 return ret;
332 }
333 ret = HksClientVerify(key, paramSet, srcData, signature);
334 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
335 return ret;
336 #else
337 (void)key;
338 (void)paramSet;
339 (void)srcData;
340 (void)signature;
341 return HKS_ERROR_API_NOT_SUPPORTED;
342 #endif
343 }
344
HksEncrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * plainText,struct HksBlob * cipherText)345 HKS_API_EXPORT int32_t HksEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
346 const struct HksBlob *plainText, struct HksBlob *cipherText)
347 {
348 #ifdef HKS_SUPPORT_API_CIPHER
349 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
350 if ((key == NULL) || (paramSet == NULL) || (plainText == NULL) || (cipherText == NULL)) {
351 return HKS_ERROR_NULL_POINTER;
352 }
353
354 struct HksParam *isKeyAlias = NULL;
355 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
356 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
357 ret = HksLocalEncrypt(key, paramSet, plainText, cipherText);
358 HKS_IF_NOT_SUCC_LOGE(ret, "leave encrypt with plain key, result = %" LOG_PUBLIC "d", ret);
359 return ret;
360 }
361 #ifndef _CUT_AUTHENTICATE_
362 ret = HksClientEncrypt(key, paramSet, plainText, cipherText);
363 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
364 return ret;
365 #else
366 return HKS_ERROR_NOT_SUPPORTED;
367 #endif
368 #else
369 (void)key;
370 (void)paramSet;
371 (void)plainText;
372 (void)cipherText;
373 return HKS_ERROR_API_NOT_SUPPORTED;
374 #endif
375 }
376
HksDecrypt(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * cipherText,struct HksBlob * plainText)377 HKS_API_EXPORT int32_t HksDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet,
378 const struct HksBlob *cipherText, struct HksBlob *plainText)
379 {
380 #ifdef HKS_SUPPORT_API_CIPHER
381 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
382 if ((key == NULL) || (paramSet == NULL) || (cipherText == NULL) || (plainText == NULL)) {
383 return HKS_ERROR_NULL_POINTER;
384 }
385
386 struct HksParam *isKeyAlias = NULL;
387 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
388 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
389 ret = HksLocalDecrypt(key, paramSet, cipherText, plainText);
390 HKS_IF_NOT_SUCC_LOGE(ret, "leave decrypt with plain key, result = %" LOG_PUBLIC "d", ret);
391 return ret;
392 }
393 #ifndef _CUT_AUTHENTICATE_
394 ret = HksClientDecrypt(key, paramSet, cipherText, plainText);
395 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
396 return ret;
397 #else
398 return HKS_ERROR_NOT_SUPPORTED;
399 #endif
400 #else
401 (void)key;
402 (void)paramSet;
403 (void)plainText;
404 (void)cipherText;
405 return HKS_ERROR_API_NOT_SUPPORTED;
406 #endif
407 }
408
HksAgreeKey(const struct HksParamSet * paramSet,const struct HksBlob * privateKey,const struct HksBlob * peerPublicKey,struct HksBlob * agreedKey)409 HKS_API_EXPORT int32_t HksAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey,
410 const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey)
411 {
412 #ifdef HKS_SUPPORT_API_AGREE_KEY
413 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
414 if ((paramSet == NULL) || (privateKey == NULL) || (peerPublicKey == NULL) || (agreedKey == NULL)) {
415 return HKS_ERROR_NULL_POINTER;
416 }
417
418 struct HksParam *isKeyAlias = NULL;
419 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
420 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
421 ret = HksLocalAgreeKey(paramSet, privateKey, peerPublicKey, agreedKey);
422 HKS_IF_NOT_SUCC_LOGE(ret, "leave agree key with plain key, result = %" LOG_PUBLIC "d", ret);
423 return ret;
424 }
425
426 ret = HksAgreeKeyAdapter(paramSet, privateKey, peerPublicKey, agreedKey);
427 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
428 return ret;
429 #else
430 (void)paramSet;
431 (void)privateKey;
432 (void)peerPublicKey;
433 (void)agreedKey;
434 return HKS_ERROR_API_NOT_SUPPORTED;
435 #endif
436 }
437
HksDeriveKey(const struct HksParamSet * paramSet,const struct HksBlob * mainKey,struct HksBlob * derivedKey)438 HKS_API_EXPORT int32_t HksDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey,
439 struct HksBlob *derivedKey)
440 {
441 #ifdef HKS_SUPPORT_API_DERIVE_KEY
442 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
443 if ((paramSet == NULL) || (mainKey == NULL) || (derivedKey == NULL)) {
444 return HKS_ERROR_NULL_POINTER;
445 }
446
447 struct HksParam *isKeyAlias = NULL;
448 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
449 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
450 ret = HksLocalDeriveKey(paramSet, mainKey, derivedKey);
451 HKS_IF_NOT_SUCC_LOGE(ret, "leave derive key with plain key, result = %" LOG_PUBLIC "d", ret);
452 return ret;
453 }
454 #ifndef _CUT_AUTHENTICATE_
455 ret = HksClientDeriveKey(paramSet, mainKey, derivedKey);
456 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
457 return ret;
458 #else
459 return HKS_ERROR_NOT_SUPPORTED;
460 #endif
461 #else
462 (void)paramSet;
463 (void)mainKey;
464 (void)derivedKey;
465 return HKS_ERROR_API_NOT_SUPPORTED;
466 #endif
467 }
468
HksMac(const struct HksBlob * key,const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * mac)469 HKS_API_EXPORT int32_t HksMac(const struct HksBlob *key, const struct HksParamSet *paramSet,
470 const struct HksBlob *srcData, struct HksBlob *mac)
471 {
472 #ifdef HKS_SUPPORT_API_MAC
473 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
474 if ((key == NULL) || (paramSet == NULL) || (srcData == NULL) || (mac == NULL)) {
475 return HKS_ERROR_NULL_POINTER;
476 }
477
478 struct HksParam *isKeyAlias = NULL;
479 int32_t ret = HksGetParam(paramSet, HKS_TAG_IS_KEY_ALIAS, &isKeyAlias);
480 if ((ret == HKS_SUCCESS) && (!isKeyAlias->boolParam)) {
481 ret = HksLocalMac(key, paramSet, srcData, mac);
482 HKS_IF_NOT_SUCC_LOGE(ret, "leave mac with plain key, result = %" LOG_PUBLIC "d", ret);
483 return ret;
484 }
485 #ifndef _CUT_AUTHENTICATE_
486 ret = HksClientMac(key, paramSet, srcData, mac);
487 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
488 return ret;
489 #else
490 return HKS_ERROR_NOT_SUPPORTED;
491 #endif
492 #else
493 (void)key;
494 (void)paramSet;
495 (void)srcData;
496 (void)mac;
497 return HKS_ERROR_API_NOT_SUPPORTED;
498 #endif
499 }
500
HksHash(const struct HksParamSet * paramSet,const struct HksBlob * srcData,struct HksBlob * hash)501 HKS_API_EXPORT int32_t HksHash(const struct HksParamSet *paramSet,
502 const struct HksBlob *srcData, struct HksBlob *hash)
503 {
504 #ifdef HKS_SUPPORT_API_HASH
505 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
506 if ((paramSet == NULL) || (srcData == NULL) || (hash == NULL)) {
507 return HKS_ERROR_NULL_POINTER;
508 }
509 int32_t ret = HksLocalHash(paramSet, srcData, hash);
510 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
511 return ret;
512 #else
513 (void)paramSet;
514 (void)srcData;
515 (void)hash;
516 return HKS_ERROR_API_NOT_SUPPORTED;
517 #endif
518 }
519
HksGetKeyInfoList(const struct HksParamSet * paramSet,struct HksKeyInfo * keyInfoList,uint32_t * listCount)520 HKS_API_EXPORT int32_t HksGetKeyInfoList(const struct HksParamSet *paramSet,
521 struct HksKeyInfo *keyInfoList, uint32_t *listCount)
522 {
523 #ifdef HKS_SUPPORT_API_GET_KEY_INFO_LIST
524 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
525 if ((keyInfoList == NULL) || (listCount == NULL)) {
526 return HKS_ERROR_NULL_POINTER;
527 }
528 int32_t ret = HksClientGetKeyInfoList(paramSet, keyInfoList, listCount);
529 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
530 return ret;
531 #else
532 (void)paramSet;
533 (void)keyInfoList;
534 (void)listCount;
535 return HKS_ERROR_API_NOT_SUPPORTED;
536 #endif
537 }
538
539 #ifdef HKS_SUPPORT_API_ATTEST_KEY
ConstructNewAttestParamSet(const struct HksParamSet * paramSet,enum HksAttestationMode mode,struct HksParamSet ** newParamSet)540 static int32_t ConstructNewAttestParamSet(const struct HksParamSet *paramSet, enum HksAttestationMode mode,
541 struct HksParamSet **newParamSet)
542 {
543 int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize);
544 if (ret != HKS_SUCCESS) {
545 HKS_LOG_E("check paramSet fail");
546 return ret;
547 }
548 ret = HksInitParamSet(newParamSet);
549 if (ret != HKS_SUCCESS) {
550 HKS_LOG_E("init paramSet fail");
551 return ret;
552 }
553 do {
554 ret = HksAddParams(*newParamSet, paramSet->params, paramSet->paramsCnt);
555 if (ret != HKS_SUCCESS) {
556 HKS_LOG_E("copy params fail");
557 break;
558 }
559 struct HksParam attestMode = {
560 .tag = HKS_TAG_ATTESTATION_MODE,
561 .uint32Param = mode,
562 };
563 ret = HksAddParams(*newParamSet, &attestMode, 1);
564 if (ret != HKS_SUCCESS) {
565 HKS_LOG_E("add param attestMode fail");
566 break;
567 }
568 ret = HksBuildParamSet(newParamSet);
569 if (ret != HKS_SUCCESS) {
570 HKS_LOG_E("build paramSet fail");
571 break;
572 }
573 return HKS_SUCCESS;
574 } while (false);
575 HksFreeParamSet(newParamSet);
576 return ret;
577 }
578 #endif
579
HksAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)580 HKS_API_EXPORT int32_t HksAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
581 struct HksCertChain *certChain)
582 {
583 #ifdef HKS_SUPPORT_API_ATTEST_KEY
584 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
585 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) {
586 return HKS_ERROR_NULL_POINTER;
587 }
588 struct HksParamSet *newParamSet = NULL;
589 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_DEFAULT, &newParamSet);
590 if (ret != HKS_SUCCESS) {
591 HKS_LOG_E("construct new paramSet for attest key fail");
592 return ret;
593 }
594
595 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, false);
596 HksFreeParamSet(&newParamSet);
597 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
598 return ret;
599 #else
600 (void)keyAlias;
601 (void)paramSet;
602 (void)certChain;
603 return HKS_ERROR_API_NOT_SUPPORTED;
604 #endif
605 }
606
HksAnonAttestKey(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)607 HKS_API_EXPORT int32_t HksAnonAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
608 struct HksCertChain *certChain)
609 {
610 #ifdef HKS_SUPPORT_API_ATTEST_KEY
611 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
612 if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) {
613 return HKS_ERROR_NULL_POINTER;
614 }
615 struct HksParamSet *newParamSet = NULL;
616 int32_t ret = ConstructNewAttestParamSet(paramSet, HKS_ATTESTATION_MODE_ANONYMOUS, &newParamSet);
617 if (ret != HKS_SUCCESS) {
618 HKS_LOG_E("construct new paramSet for anonn attest key fail");
619 return ret;
620 }
621
622 ret = HksClientAttestKey(keyAlias, newParamSet, certChain, true);
623 HksFreeParamSet(&newParamSet);
624 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
625 return ret;
626 #else
627 (void)keyAlias;
628 (void)paramSet;
629 (void)certChain;
630 return HKS_ERROR_API_NOT_SUPPORTED;
631 #endif
632 }
633
HksGetCertificateChain(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksCertChain * certChain)634 HKS_API_EXPORT int32_t HksGetCertificateChain(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
635 struct HksCertChain *certChain)
636 {
637 (void)keyAlias;
638 (void)paramSet;
639 (void)certChain;
640 return HKS_ERROR_API_NOT_SUPPORTED;
641 }
642
HksWrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksParamSet * paramSet,struct HksBlob * wrappedData)643 HKS_API_EXPORT int32_t HksWrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias,
644 const struct HksParamSet *paramSet, struct HksBlob *wrappedData)
645 {
646 (void)targetKeyAlias;
647 #ifdef L2_STANDARD
648 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
649 if (keyAlias == NULL || paramSet == NULL || wrappedData == NULL) {
650 return HKS_ERROR_NULL_POINTER;
651 }
652 int32_t ret = HksClientWrapKey(keyAlias, paramSet, wrappedData);
653 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
654 return ret;
655 #else
656 (void)keyAlias;
657 (void)paramSet;
658 (void)wrappedData;
659 return HKS_ERROR_API_NOT_SUPPORTED;
660 #endif
661 }
662
HksUnwrapKey(const struct HksBlob * keyAlias,const struct HksBlob * targetKeyAlias,const struct HksBlob * wrappedData,const struct HksParamSet * paramSet)663 HKS_API_EXPORT int32_t HksUnwrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias,
664 const struct HksBlob *wrappedData, const struct HksParamSet *paramSet)
665 {
666 (void)targetKeyAlias;
667 #ifdef L2_STANDARD
668 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
669 if (keyAlias == NULL || paramSet == NULL || wrappedData == NULL) {
670 return HKS_ERROR_NULL_POINTER;
671 }
672 int32_t ret = HksClientUnwrapKey(keyAlias, paramSet, wrappedData);
673 HKS_LOG_D("leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
674 return ret;
675 #else
676 (void)keyAlias;
677 (void)paramSet;
678 (void)wrappedData;
679 return HKS_ERROR_API_NOT_SUPPORTED;
680 #endif
681 }
682
HksBnExpMod(struct HksBlob * x,const struct HksBlob * a,const struct HksBlob * e,const struct HksBlob * n)683 HKS_API_EXPORT int32_t HksBnExpMod(struct HksBlob *x, const struct HksBlob *a,
684 const struct HksBlob *e, const struct HksBlob *n)
685 {
686 #ifdef HKS_SUPPORT_API_BN_EXP_MOD
687 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
688 if ((x == NULL) || (a == NULL) || (e == NULL) || (n == NULL)) {
689 return HKS_ERROR_NULL_POINTER;
690 }
691
692 int32_t ret = HksLocalBnExpMod(x, a, e, n);
693 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
694 return ret;
695 #else
696 (void)x;
697 (void)a;
698 (void)e;
699 (void)n;
700 return HKS_ERROR_API_NOT_SUPPORTED;
701 #endif
702 }
703
704 /*
705 * Currently, the device certificate and device key are implemented using stubs.
706 * By default, the device key exists.
707 */
HcmIsDeviceKeyExist(const struct HksParamSet * paramSet)708 HKS_API_EXPORT int32_t HcmIsDeviceKeyExist(const struct HksParamSet *paramSet)
709 {
710 (void)paramSet;
711 return HKS_SUCCESS;
712 }
713
HksValidateCertChain(const struct HksCertChain * certChain,struct HksParamSet * paramSetOut)714 HKS_API_EXPORT int32_t HksValidateCertChain(const struct HksCertChain *certChain, struct HksParamSet *paramSetOut)
715 {
716 #ifdef HKS_SUPPORT_API_ATTEST_KEY
717 HKS_LOG_D("enter validate cert chain");
718 if ((paramSetOut == NULL) || (certChain == NULL)) {
719 return HKS_ERROR_NULL_POINTER;
720 }
721 int32_t ret = HksClientValidateCertChain(certChain, paramSetOut);
722 HKS_IF_NOT_SUCC_LOGE(ret, "leave validate cert chain, result = %" LOG_PUBLIC "d", ret);
723 return ret;
724 #else
725 (void)certChain;
726 (void)paramSetOut;
727 return HKS_ERROR_API_NOT_SUPPORTED;
728 #endif
729 }
730
HksInit(const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * handle,struct HksBlob * token)731 HKS_API_EXPORT int32_t HksInit(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
732 struct HksBlob *handle, struct HksBlob *token)
733 {
734 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
735 if ((keyAlias == NULL) || (paramSet == NULL) || (handle == NULL)) { /* token can be null */
736 HKS_LOG_E("the pointer param entered is invalid");
737 return HKS_ERROR_NULL_POINTER;
738 }
739
740 int32_t ret = HksClientInit(keyAlias, paramSet, handle, token);
741 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
742 return ret;
743 }
744
HksUpdate(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)745 HKS_API_EXPORT int32_t HksUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet,
746 const struct HksBlob *inData, struct HksBlob *outData)
747 {
748 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
749 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) {
750 HKS_LOG_E("the pointer param entered is invalid");
751 return HKS_ERROR_NULL_POINTER;
752 }
753
754 int32_t ret = HksClientUpdate(handle, paramSet, inData, outData);
755 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
756 return ret;
757 }
758
HksFinish(const struct HksBlob * handle,const struct HksParamSet * paramSet,const struct HksBlob * inData,struct HksBlob * outData)759 HKS_API_EXPORT int32_t HksFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet,
760 const struct HksBlob *inData, struct HksBlob *outData)
761 {
762 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
763 if ((handle == NULL) || (paramSet == NULL) || (inData == NULL) || (outData == NULL)) {
764 HKS_LOG_E("the pointer param entered is invalid");
765 return HKS_ERROR_NULL_POINTER;
766 }
767
768 int32_t ret = HksClientFinish(handle, paramSet, inData, outData);
769 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
770 return ret;
771 }
772
HksAbort(const struct HksBlob * handle,const struct HksParamSet * paramSet)773 HKS_API_EXPORT int32_t HksAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet)
774 {
775 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
776 if ((handle == NULL) || (paramSet == NULL)) {
777 HKS_LOG_E("the pointer param entered is invalid");
778 return HKS_ERROR_NULL_POINTER;
779 }
780
781 int32_t ret = HksClientAbort(handle, paramSet);
782 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
783 return ret;
784 }
785
HksListAliases(const struct HksParamSet * paramSet,struct HksKeyAliasSet ** outData)786 HKS_API_EXPORT int32_t HksListAliases(const struct HksParamSet *paramSet, struct HksKeyAliasSet **outData)
787 {
788 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
789 if (paramSet == NULL || outData == NULL) {
790 return HKS_ERROR_NULL_POINTER;
791 }
792 int32_t ret = HksClientListAliases(paramSet, outData);
793 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
794 return ret;
795 }
796
HksRenameKeyAlias(const struct HksBlob * oldKeyAlias,const struct HksParamSet * paramSet,const struct HksBlob * newKeyAlias)797 HKS_API_EXPORT int32_t HksRenameKeyAlias(const struct HksBlob *oldKeyAlias, const struct HksParamSet *paramSet,
798 const struct HksBlob *newKeyAlias)
799 {
800 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
801 if (oldKeyAlias == NULL || paramSet == NULL || newKeyAlias == NULL) {
802 return HKS_ERROR_NULL_POINTER;
803 }
804 int32_t ret = HksClientRenameKeyAlias(oldKeyAlias, paramSet, newKeyAlias);
805 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
806 return ret;
807 }
808
HksChangeStorageLevel(const struct HksBlob * keyAlias,const struct HksParamSet * srcParamSet,const struct HksParamSet * destParamSet)809 HKS_API_EXPORT int32_t HksChangeStorageLevel(const struct HksBlob *keyAlias, const struct HksParamSet *srcParamSet,
810 const struct HksParamSet *destParamSet)
811 {
812 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
813 if (keyAlias == NULL || srcParamSet == NULL || destParamSet == NULL) {
814 HKS_LOG_E("the pointer param entered is invalid");
815 return HKS_ERROR_NULL_POINTER;
816 }
817 int32_t ret = HksClientChangeStorageLevel(keyAlias, srcParamSet, destParamSet);
818 HKS_IF_NOT_SUCC_LOGE(ret, "leave %" LOG_PUBLIC "s, result = %" LOG_PUBLIC "d", __func__, ret);
819 return ret;
820 }
821
HksGetErrorMsg(void)822 HKS_API_EXPORT const char *HksGetErrorMsg(void)
823 {
824 HKS_LOG_D("enter %" LOG_PUBLIC "s", __func__);
825
826 #ifdef L2_STANDARD
827 return HksGetThreadErrorMsg();
828 #endif
829 return NULL;
830 }