1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 /**
17 * @file hks_type.h
18 *
19 * @brief Declares huks struct and enum.
20 *
21 * @since 8
22 */
23
24 #ifndef HKS_TYPE_H
25 #define HKS_TYPE_H
26
27 #include <stdbool.h>
28 #include <stdint.h>
29 #include <stdlib.h>
30
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #ifndef HKS_API_PUBLIC
36 #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */
37 #define HKS_API_EXPORT
38 #else
39 #define HKS_API_EXPORT __attribute__ ((visibility("default")))
40 #endif
41 #else
42 #define HKS_API_EXPORT __attribute__ ((visibility("default")))
43 #endif
44
45 #define HKS_SDK_VERSION "2.0.0.4"
46
47 /*
48 * Align to 4-tuple
49 * Before calling this function, ensure that the size does not overflow after 3 is added.
50 */
51 #define ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2)
52 #define DEFAULT_ALIGN_MASK_SIZE 3
53
54 #define HKS_AE_TAG_LEN 16
55 #define HKS_BITS_PER_BYTE 8
56 #define MAX_KEY_SIZE 2048
57 #define HKS_AE_TAG_LEN 16
58 #define HKS_AE_NONCE_LEN 12
59 #define HKS_MAX_KEY_ALIAS_LEN 64
60 #define HKS_MAX_PROCESS_NAME_LEN 50
61 #define HKS_MAX_RANDOM_LEN 1024
62 #define HKS_KEY_BYTES(keySize) (((keySize) + HKS_BITS_PER_BYTE - 1) / HKS_BITS_PER_BYTE)
63 #define HKS_SIGNATURE_MIN_SIZE 64
64 #define HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0])))
65 #define MAX_OUT_BLOB_SIZE (5 * 1024 * 1024)
66 #define HKS_WRAPPED_FORMAT_MAX_SIZE (1024 * 1024)
67 #define HKS_IMPORT_WRAPPED_KEY_TOTAL_BLOBS 10
68
69 #define TOKEN_CHALLENGE_LEN 32
70 #define SHA256_SIGN_LEN 32
71 #define TOKEN_SIZE 32
72 #define MAX_AUTH_TIMEOUT_SECOND 60
73 #define SECURE_SIGN_VERSION 0x01000001
74
75 #define HKS_CERT_COUNT 4
76 #define HKS_CERT_ROOT_SIZE 2048
77 #define HKS_CERT_CA_SIZE 2048
78 #define HKS_CERT_DEVICE_SIZE 2048
79 #define HKS_CERT_APP_SIZE 4096
80
81 #define HKS_MAX_FILE_SIZE 10240
82
83 #define HKS_KEY_BLOB_AT_KEY_SIZE 256
84 #define HKS_KEY_BLOB_AT_KEY_BYTES 32
85
86 /**
87 * @brief hks key type
88 */
89 enum HksKeyType {
90 HKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000,
91 HKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000,
92
93 HKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000,
94 HKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000,
95 HKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000,
96 HKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000,
97 HKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000,
98 HKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000,
99
100 HKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000,
101 HKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000,
102 HKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000,
103 HKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000,
104
105 HKS_KEY_TYPE_AES = 0x03000000,
106 HKS_KEY_TYPE_CHACHA20 = 0x04010000,
107 HKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000,
108
109 HKS_KEY_TYPE_HMAC = 0x05000000,
110 HKS_KEY_TYPE_HKDF = 0x06000000,
111 HKS_KEY_TYPE_PBKDF2 = 0x07000000,
112 };
113
114 /**
115 * @brief hks key purpose
116 */
117 enum HksKeyPurpose {
118 HKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC, AES, SM2, and SM4 keys. */
119 HKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC, AES, SM2, and SM4 keys. */
120 HKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */
121 HKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */
122 HKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */
123 HKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */
124 HKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */
125 HKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */
126 HKS_KEY_PURPOSE_AGREE = 256, /* Usable with agree. */
127 };
128
129 /**
130 * @brief hks key digest
131 */
132 enum HksKeyDigest {
133 HKS_DIGEST_NONE = 0,
134 HKS_DIGEST_MD5 = 1,
135 HKS_DIGEST_SM3 = 2,
136 HKS_DIGEST_SHA1 = 10,
137 HKS_DIGEST_SHA224 = 11,
138 HKS_DIGEST_SHA256 = 12,
139 HKS_DIGEST_SHA384 = 13,
140 HKS_DIGEST_SHA512 = 14,
141 };
142
143 /**
144 * @brief hks key padding
145 */
146 enum HksKeyPadding {
147 HKS_PADDING_NONE = 0,
148 HKS_PADDING_OAEP = 1,
149 HKS_PADDING_PSS = 2,
150 HKS_PADDING_PKCS1_V1_5 = 3,
151 HKS_PADDING_PKCS5 = 4,
152 HKS_PADDING_PKCS7 = 5,
153 };
154
155 /**
156 * @brief hks cipher mode
157 */
158 enum HksCipherMode {
159 HKS_MODE_ECB = 1,
160 HKS_MODE_CBC = 2,
161 HKS_MODE_CTR = 3,
162 HKS_MODE_OFB = 4,
163 HKS_MODE_CCM = 31,
164 HKS_MODE_GCM = 32,
165 };
166
167 /**
168 * @brief hks key size
169 */
170 enum HksKeySize {
171 HKS_RSA_KEY_SIZE_512 = 512,
172 HKS_RSA_KEY_SIZE_768 = 768,
173 HKS_RSA_KEY_SIZE_1024 = 1024,
174 HKS_RSA_KEY_SIZE_2048 = 2048,
175 HKS_RSA_KEY_SIZE_3072 = 3072,
176 HKS_RSA_KEY_SIZE_4096 = 4096,
177
178 HKS_ECC_KEY_SIZE_224 = 224,
179 HKS_ECC_KEY_SIZE_256 = 256,
180 HKS_ECC_KEY_SIZE_384 = 384,
181 HKS_ECC_KEY_SIZE_521 = 521,
182
183 HKS_AES_KEY_SIZE_128 = 128,
184 HKS_AES_KEY_SIZE_192 = 192,
185 HKS_AES_KEY_SIZE_256 = 256,
186 HKS_AES_KEY_SIZE_512 = 512,
187
188 HKS_CURVE25519_KEY_SIZE_256 = 256,
189
190 HKS_DH_KEY_SIZE_2048 = 2048,
191 HKS_DH_KEY_SIZE_3072 = 3072,
192 HKS_DH_KEY_SIZE_4096 = 4096,
193
194 HKS_SM2_KEY_SIZE_256 = 256,
195 HKS_SM4_KEY_SIZE_128 = 128,
196 };
197
198 /**
199 * @brief hks key algorithm
200 */
201 enum HksKeyAlg {
202 HKS_ALG_RSA = 1,
203 HKS_ALG_ECC = 2,
204 HKS_ALG_DSA = 3,
205
206 HKS_ALG_AES = 20,
207 HKS_ALG_HMAC = 50,
208 HKS_ALG_HKDF = 51,
209 HKS_ALG_PBKDF2 = 52,
210 HKS_ALG_GMKDF = 53,
211
212 HKS_ALG_ECDH = 100,
213 HKS_ALG_X25519 = 101,
214 HKS_ALG_ED25519 = 102,
215 HKS_ALG_DH = 103,
216
217 HKS_ALG_SM2 = 150,
218 HKS_ALG_SM3 = 151,
219 HKS_ALG_SM4 = 152,
220 };
221
222 /**
223 * @brief hks algorithm suite
224 */
225 enum HuksAlgSuite {
226 /* Algorithm suites of unwrapping wrapped-key by huks */
227 /* Unwrap suite of key agreement type */
228 /* WrappedData format(Bytes Array):
229 * | x25519_plain_pubkey_length (4 Byte) | x25519_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad
230 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag
231 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad
232 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag
233 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data
234 */
235 HKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING = 1,
236
237 /* WrappedData format(Bytes Array):
238 * | ECC_plain_pubkey_length (4 Byte) | ECC_plain_pubkey | agreekey_aad_length (4 Byte) | agreekey_aad
239 * | agreekey_nonce_length (4 Byte) | agreekey_nonce | agreekey_aead_tag_len(4 Byte) | agreekey_aead_tag
240 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_aad_length (4 Byte) | kek_aad
241 * | kek_nonce_length (4 Byte) | kek_nonce | kek_aead_tag_len (4 Byte) | kek_aead_tag
242 * | key_material_size_len (4 Byte) | key_material_size | key_mat_enc_length (4 Byte) | key_mat_enc_data
243 */
244 HKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING = 2,
245
246 /* WrappedData format(Bytes Array):
247 * | SM2_plain_pubkey_length (4 Byte) | SM2_plain_pubkey | signData_size_length (4 Byte) | signData_size
248 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_material_size_len(4 Byte) | kek_material_size
249 * | factor1_data_len (4 Byte) | factor1_data | factor2_data_len (4 Byte) | factor2_data
250 * | mac_data_length (4 Byte) | mac_data | key_mat_enc_length (4 Byte) | key_mat_enc_data
251 * | iv_data_length (4 Byte) | iv_data |key_material_size_len (4 Byte) | key_material_size
252 */
253 HKS_UNWRAP_SUITE_SM2_SM4_128_CBC_PKCS7_WITH_VERIFY_DIG_SM3 = 3,
254
255 /* WrappedData format(Bytes Array):
256 * | kek_enc_data_length (4 Byte) | kek_enc_data | kek_material_size_len(4 Byte) | kek_material_size
257 * | factor1_data_len (4 Byte) | factor1_data | factor2_data_len (4 Byte) | factor2_data
258 * | mac_data_length (4 Byte) | mac_data | key_mat_enc_length (4 Byte) | key_mat_enc_data
259 * | iv_data_length (4 Byte) | iv_data |key_material_size_len (4 Byte) | key_material_size
260 */
261 HKS_UNWRAP_SUITE_SM2_SM4_128_CBC_PKCS7 = 4,
262 };
263
264 /**
265 * @brief hks key generate type
266 */
267 enum HksKeyGenerateType {
268 HKS_KEY_GENERATE_TYPE_DEFAULT = 0,
269 HKS_KEY_GENERATE_TYPE_DERIVE = 1,
270 HKS_KEY_GENERATE_TYPE_AGREE = 2,
271 };
272
273 /**
274 * @brief hks key flag
275 */
276 enum HksKeyFlag {
277 HKS_KEY_FLAG_IMPORT_KEY = 1,
278 HKS_KEY_FLAG_GENERATE_KEY = 2,
279 HKS_KEY_FLAG_AGREE_KEY = 3,
280 HKS_KEY_FLAG_DERIVE_KEY = 4,
281 };
282
283 /**
284 * @brief hks key storage type
285 */
286 enum HksKeyStorageType {
287 HKS_STORAGE_TEMP = 0,
288 HKS_STORAGE_PERSISTENT = 1,
289 HKS_STORAGE_ONLY_USED_IN_HUKS = 2,
290 HKS_STORAGE_ALLOW_KEY_EXPORTED = 3,
291 };
292
293 /**
294 * @brief hks import key type
295 */
296 enum HksImportKeyType {
297 HKS_KEY_TYPE_PUBLIC_KEY = 0,
298 HKS_KEY_TYPE_PRIVATE_KEY = 1,
299 HKS_KEY_TYPE_KEY_PAIR = 2,
300 };
301
302 /**
303 * @brief hks rsa pss salt len type
304 */
305 enum HksRsaPssSaltLenType {
306 HKS_RSA_PSS_SALTLEN_DIGEST = 0, /* Salt length matches digest */
307 HKS_RSA_PSS_SALTLEN_MAX = 1, /* Set salt length to maximum possible, default type */
308 };
309
310 /**
311 * @brief hks error code
312 */
313 enum HksErrorCode {
314 HKS_SUCCESS = 0,
315 HKS_FAILURE = -1,
316 HKS_ERROR_BAD_STATE = -2,
317 HKS_ERROR_INVALID_ARGUMENT = -3,
318 HKS_ERROR_NOT_SUPPORTED = -4,
319 HKS_ERROR_NO_PERMISSION = -5,
320 HKS_ERROR_INSUFFICIENT_DATA = -6,
321 HKS_ERROR_BUFFER_TOO_SMALL = -7,
322 HKS_ERROR_INSUFFICIENT_MEMORY = -8,
323 HKS_ERROR_COMMUNICATION_FAILURE = -9,
324 HKS_ERROR_STORAGE_FAILURE = -10,
325 HKS_ERROR_HARDWARE_FAILURE = -11,
326 HKS_ERROR_ALREADY_EXISTS = -12,
327 HKS_ERROR_NOT_EXIST = -13,
328 HKS_ERROR_NULL_POINTER = -14,
329 HKS_ERROR_FILE_SIZE_FAIL = -15,
330 HKS_ERROR_READ_FILE_FAIL = -16,
331 HKS_ERROR_INVALID_PUBLIC_KEY = -17,
332 HKS_ERROR_INVALID_PRIVATE_KEY = -18,
333 HKS_ERROR_INVALID_KEY_INFO = -19,
334 HKS_ERROR_HASH_NOT_EQUAL = -20,
335 HKS_ERROR_MALLOC_FAIL = -21,
336 HKS_ERROR_WRITE_FILE_FAIL = -22,
337 HKS_ERROR_REMOVE_FILE_FAIL = -23,
338 HKS_ERROR_OPEN_FILE_FAIL = -24,
339 HKS_ERROR_CLOSE_FILE_FAIL = -25,
340 HKS_ERROR_MAKE_DIR_FAIL = -26,
341 HKS_ERROR_INVALID_KEY_FILE = -27,
342 HKS_ERROR_IPC_MSG_FAIL = -28,
343 HKS_ERROR_REQUEST_OVERFLOWS = -29,
344 HKS_ERROR_PARAM_NOT_EXIST = -30,
345 HKS_ERROR_CRYPTO_ENGINE_ERROR = -31,
346 HKS_ERROR_COMMUNICATION_TIMEOUT = -32,
347 HKS_ERROR_IPC_INIT_FAIL = -33,
348 HKS_ERROR_IPC_DLOPEN_FAIL = -34,
349 HKS_ERROR_EFUSE_READ_FAIL = -35,
350 HKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36,
351 HKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37,
352 HKS_ERROR_VERIFICATION_FAILED = -38,
353 HKS_ERROR_SESSION_REACHED_LIMIT = -39,
354
355 HKS_ERROR_GET_USERIAM_SECINFO_FAILED = -40,
356 HKS_ERROR_GET_USERIAM_AUTHINFO_FAILED = -41,
357 HKS_ERROR_USER_AUTH_TYPE_NOT_SUPPORT = -42,
358 HKS_ERROR_KEY_AUTH_FAILED = -43,
359 HKS_ERROR_DEVICE_NO_CREDENTIAL = -44,
360 HKS_ERROR_API_NOT_SUPPORTED = -45,
361 HKS_ERROR_KEY_AUTH_PERMANENTLY_INVALIDATED = -46,
362 HKS_ERROR_KEY_AUTH_VERIFY_FAILED = -47,
363 HKS_ERROR_KEY_AUTH_TIME_OUT = -48,
364
365 HKS_ERROR_CREDENTIAL_NOT_EXIST = -49,
366
367 HKS_ERROR_CHECK_GET_ALG_FAIL = -100,
368 HKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101,
369 HKS_ERROR_CHECK_GET_PADDING_FAIL = -102,
370 HKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103,
371 HKS_ERROR_CHECK_GET_DIGEST_FAIL = -104,
372 HKS_ERROR_CHECK_GET_MODE_FAIL = -105,
373 HKS_ERROR_CHECK_GET_NONCE_FAIL = -106,
374 HKS_ERROR_CHECK_GET_AAD_FAIL = -107,
375 HKS_ERROR_CHECK_GET_IV_FAIL = -108,
376 HKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109,
377 HKS_ERROR_CHECK_GET_SALT_FAIL = -110,
378 HKS_ERROR_CHECK_GET_ITERATION_FAIL = -111,
379 HKS_ERROR_INVALID_ALGORITHM = -112,
380 HKS_ERROR_INVALID_KEY_SIZE = -113,
381 HKS_ERROR_INVALID_PADDING = -114,
382 HKS_ERROR_INVALID_PURPOSE = -115,
383 HKS_ERROR_INVALID_MODE = -116,
384 HKS_ERROR_INVALID_DIGEST = -117,
385 HKS_ERROR_INVALID_SIGNATURE_SIZE = -118,
386 HKS_ERROR_INVALID_IV = -119,
387 HKS_ERROR_INVALID_AAD = -120,
388 HKS_ERROR_INVALID_NONCE = -121,
389 HKS_ERROR_INVALID_AE_TAG = -122,
390 HKS_ERROR_INVALID_SALT = -123,
391 HKS_ERROR_INVALID_ITERATION = -124,
392 HKS_ERROR_INVALID_OPERATION = -125,
393 HKS_ERROR_INVALID_WRAPPED_FORMAT = -126,
394 HKS_ERROR_INVALID_USAGE_OF_KEY = -127,
395 HKS_ERROR_CHECK_GET_AUTH_TYP_FAILED = -128,
396 HKS_ERROR_CHECK_GET_CHALLENGE_TYPE_FAILED = -129,
397 HKS_ERROR_CHECK_GET_ACCESS_TYPE_FAILED = -130,
398 HKS_ERROR_CHECK_GET_AUTH_TOKEN_FAILED = -131,
399 HKS_ERROR_INVALID_TIME_OUT = -132,
400 HKS_ERROR_INVALID_AUTH_TYPE = -133,
401 HKS_ERROR_INVALID_CHALLENGE_TYPE = -134,
402 HKS_ERROR_INVALID_ACCESS_TYPE = -135,
403 HKS_ERROR_INVALID_AUTH_TOKEN = -136,
404 HKS_ERROR_INVALID_SECURE_SIGN_TYPE = -137,
405
406 HKS_ERROR_NEED_SKIP_ACCESS_CONTROL = -138,
407
408 HKS_ERROR_DEVICE_PASSWORD_UNSET = -139,
409
410 HKS_ERROR_INTERNAL_ERROR = -999,
411 HKS_ERROR_UNKNOWN_ERROR = -1000,
412 };
413
414 /**
415 * @brief hks err code
416 */
417 enum HksErrCode {
418 HUKS_ERR_CODE_PERMISSION_FAIL = 201,
419 HUKS_ERR_CODE_ILLEGAL_ARGUMENT = 401,
420 HUKS_ERR_CODE_NOT_SUPPORTED_API = 801,
421
422 HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED = 12000001,
423 HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT = 12000002,
424 HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT = 12000003,
425 HUKS_ERR_CODE_FILE_OPERATION_FAIL = 12000004,
426 HUKS_ERR_CODE_COMMUNICATION_FAIL = 12000005,
427 HUKS_ERR_CODE_CRYPTO_FAIL = 12000006,
428 HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED = 12000007,
429 HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED = 12000008,
430 HUKS_ERR_CODE_KEY_AUTH_TIME_OUT = 12000009,
431 HUKS_ERR_CODE_SESSION_LIMIT = 12000010,
432 HUKS_ERR_CODE_ITEM_NOT_EXIST = 12000011,
433 HUKS_ERR_CODE_EXTERNAL_ERROR = 12000012,
434 HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST = 12000013,
435 HUKS_ERR_CODE_INSUFFICIENT_MEMORY = 12000014,
436 HUKS_ERR_CODE_CALL_SERVICE_FAILED = 12000015,
437 HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET = 12000016,
438 };
439
440 /**
441 * @brief hks tag type
442 */
443 enum HksTagType {
444 HKS_TAG_TYPE_INVALID = 0 << 28,
445 HKS_TAG_TYPE_INT = 1 << 28,
446 HKS_TAG_TYPE_UINT = 2 << 28,
447 HKS_TAG_TYPE_ULONG = 3 << 28,
448 HKS_TAG_TYPE_BOOL = 4 << 28,
449 HKS_TAG_TYPE_BYTES = 5 << 28,
450 };
451
452 /**
453 * @brief hks send type
454 */
455 enum HksSendType {
456 HKS_SEND_TYPE_ASYNC = 0,
457 HKS_SEND_TYPE_SYNC,
458 };
459
460 /**
461 * @brief hks user auth type
462 */
463 enum HksUserAuthType {
464 HKS_USER_AUTH_TYPE_FINGERPRINT = 1 << 0,
465 HKS_USER_AUTH_TYPE_FACE = 1 << 1,
466 HKS_USER_AUTH_TYPE_PIN = 1 << 2,
467 };
468
469 /**
470 * @brief hks auth access type
471 */
472 enum HksAuthAccessType {
473 HKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD = 1 << 0,
474 HKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL = 1 << 1,
475 HKS_AUTH_ACCESS_ALWAYS_VALID = 1 << 2,
476 };
477
478 /**
479 * @brief hks challenge type
480 */
481 enum HksChallengeType {
482 HKS_CHALLENGE_TYPE_NORMAL = 0,
483 HKS_CHALLENGE_TYPE_CUSTOM = 1,
484 HKS_CHALLENGE_TYPE_NONE = 2,
485 };
486
487 /**
488 * @brief hks challenge position
489 */
490 enum HksChallengePosition {
491 HKS_CHALLENGE_POS_0 = 0,
492 HKS_CHALLENGE_POS_1,
493 HKS_CHALLENGE_POS_2,
494 HKS_CHALLENGE_POS_3,
495 };
496
497 /**
498 * @brief hks secure sign type
499 */
500 enum HksSecureSignType {
501 HKS_SECURE_SIGN_WITH_AUTHINFO = 1,
502 };
503
504 /**
505 * @brief hks attestation type
506 */
507 enum HksAttestationMode {
508 HKS_ATTESTATION_MODE_DEFAULT = 0,
509 HKS_ATTESTATION_MODE_ANONYMOUS
510 };
511
512 #define HKS_ASSIGN_ENUM_VALUE(x, y) x = y,
513
514 #define HKS_ASSIGN_PARAM_ALG_ENUM \
515 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_INVALID, HKS_TAG_TYPE_INVALID | 0) \
516 /* Base algrithom TAG: 1 - 200 */\
517 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ALGORITHM, HKS_TAG_TYPE_UINT | 1) \
518 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PURPOSE, HKS_TAG_TYPE_UINT | 2) \
519 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_SIZE, HKS_TAG_TYPE_UINT | 3) \
520 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DIGEST, HKS_TAG_TYPE_UINT | 4) \
521 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PADDING, HKS_TAG_TYPE_UINT | 5) \
522 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_BLOCK_MODE, HKS_TAG_TYPE_UINT | 6) \
523 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_TYPE, HKS_TAG_TYPE_UINT | 7) \
524 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ASSOCIATED_DATA, HKS_TAG_TYPE_BYTES | 8) \
525 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_NONCE, HKS_TAG_TYPE_BYTES | 9) \
526 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IV, HKS_TAG_TYPE_BYTES | 10) \
527 /* Key derivation TAG */\
528 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_INFO, HKS_TAG_TYPE_BYTES | 11) \
529 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SALT, HKS_TAG_TYPE_BYTES | 12) \
530 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PWD, HKS_TAG_TYPE_BYTES | 13) \
531 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ITERATION, HKS_TAG_TYPE_UINT | 14) \
532 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_GENERATE_TYPE, HKS_TAG_TYPE_UINT | 15) /* choose from enum HksKeyGenerateType */\
533 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_MAIN_KEY, HKS_TAG_TYPE_BYTES | 16) \
534 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_FACTOR, HKS_TAG_TYPE_BYTES | 17) \
535 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_ALG, HKS_TAG_TYPE_UINT | 18) \
536 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AGREE_ALG, HKS_TAG_TYPE_UINT | 19) \
537 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS, HKS_TAG_TYPE_BOOL | 20) \
538 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AGREE_PRIVATE_KEY_ALIAS, HKS_TAG_TYPE_BYTES | 21) \
539 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AGREE_PUBLIC_KEY, HKS_TAG_TYPE_BYTES | 22) \
540 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_ALIAS, HKS_TAG_TYPE_BYTES | 23) \
541 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_KEY_SIZE, HKS_TAG_TYPE_UINT | 24) \
542 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IMPORT_KEY_TYPE, HKS_TAG_TYPE_UINT | 25) /* choose from enum HksImportKeyType */\
543 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_UNWRAP_ALGORITHM_SUITE, HKS_TAG_TYPE_UINT | 26) \
544 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CIPHER_TEXT, HKS_TAG_TYPE_BYTES | 27) \
545 /* parameters required by HuksCoreChipsetPlatformDecrypt */\
546 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PEER_PUBLIC_KEY, HKS_TAG_TYPE_BYTES | 28) \
547 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_DERIVE_AGREE_KEY_STORAGE_FLAG, HKS_TAG_TYPE_UINT | 29) \
548 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_RSA_PSS_SALT_LEN_TYPE, HKS_TAG_TYPE_UINT | 30) /* only supported for PSS padding */\
549 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_MGF_DIGEST, HKS_TAG_TYPE_UINT | 31) \
550 /* Key authentication related TAG: 201 - 300 */\
551 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ACTIVE_DATETIME, HKS_TAG_TYPE_ULONG | 201) \
552 /* Date when new "messages" should not be created. */\
553 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ORIGINATION_EXPIRE_DATETIME, HKS_TAG_TYPE_ULONG | 202) \
554 /* Date when existing "messages" should not be used. */\
555 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USAGE_EXPIRE_DATETIME, HKS_TAG_TYPE_ULONG | 203) \
556 /* Key creation time */\
557 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CREATION_DATETIME, HKS_TAG_TYPE_ULONG | 204) \
558 /* Other authentication related TAG: 301 - 500 */\
559 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ALL_USERS, HKS_TAG_TYPE_BOOL | 301) \
560 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_ID, HKS_TAG_TYPE_UINT | 302) \
561 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_NO_AUTH_REQUIRED, HKS_TAG_TYPE_BOOL | 303) \
562 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_AUTH_TYPE, HKS_TAG_TYPE_UINT | 304) \
563 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AUTH_TIMEOUT, HKS_TAG_TYPE_UINT | 305) \
564 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AUTH_TOKEN, HKS_TAG_TYPE_BYTES | 306) \
565 /* Key secure access control and user auth TAG */\
566 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_AUTH_ACCESS_TYPE, HKS_TAG_TYPE_UINT | 307) \
567 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_SECURE_SIGN_TYPE, HKS_TAG_TYPE_UINT | 308) \
568 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CHALLENGE_TYPE, HKS_TAG_TYPE_UINT | 309) \
569 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CHALLENGE_POS, HKS_TAG_TYPE_UINT | 310) \
570 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_AUTH_PURPOSE, HKS_TAG_TYPE_UINT | 311) \
571 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_FRONT_USER_ID, HKS_TAG_TYPE_INT | 312) \
572 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_BATCH_PURPOSE, HKS_TAG_TYPE_UINT | 313) \
573 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_BATCH_OPERATION, HKS_TAG_TYPE_BOOL | 314) \
574 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_BATCH_OPERATION_TIMEOUT, HKS_TAG_TYPE_UINT | 315) \
575 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AUTH_STORAGE_LEVEL, HKS_TAG_TYPE_UINT | 316) \
576 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SPECIFIC_USER_ID, HKS_TAG_TYPE_INT | 317) \
577 /* Attestation related TAG: 501 - 600 */\
578 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_CHALLENGE, HKS_TAG_TYPE_BYTES | 501) \
579 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_APPLICATION_ID, HKS_TAG_TYPE_BYTES | 502) \
580 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_BRAND, HKS_TAG_TYPE_BYTES | 503) \
581 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_DEVICE, HKS_TAG_TYPE_BYTES | 504) \
582 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_PRODUCT, HKS_TAG_TYPE_BYTES | 505) \
583 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_SERIAL, HKS_TAG_TYPE_BYTES | 506) \
584 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_IMEI, HKS_TAG_TYPE_BYTES | 507) \
585 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_MEID, HKS_TAG_TYPE_BYTES | 508) \
586 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_MANUFACTURER, HKS_TAG_TYPE_BYTES | 509) \
587 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_MODEL, HKS_TAG_TYPE_BYTES | 510) \
588 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_ALIAS, HKS_TAG_TYPE_BYTES | 511) \
589 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_SOCID, HKS_TAG_TYPE_BYTES | 512) \
590 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_UDID, HKS_TAG_TYPE_BYTES | 513) \
591 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, HKS_TAG_TYPE_BYTES | 514) \
592 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_ID_VERSION_INFO, HKS_TAG_TYPE_BYTES | 515) \
593 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_BASE64, HKS_TAG_TYPE_BOOL | 516) \
594 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ATTESTATION_MODE, HKS_TAG_TYPE_UINT | 517) \
595 /* Extention TAG: 1001 - 9999 */\
596 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_KEY_ALIAS, HKS_TAG_TYPE_BOOL | 1001) \
597 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_STORAGE_FLAG, HKS_TAG_TYPE_UINT | 1002) /* choose from enum HksKeyStorageType */\
598 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_ALLOWED_WRAP, HKS_TAG_TYPE_BOOL | 1003) \
599 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_WRAP_TYPE, HKS_TAG_TYPE_UINT | 1004) \
600 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_AUTH_ID, HKS_TAG_TYPE_BYTES | 1005) \
601 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_ROLE, HKS_TAG_TYPE_UINT | 1006) \
602 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_FLAG, HKS_TAG_TYPE_UINT | 1007) /* choose from enum HksKeyFlag */\
603 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_ASYNCHRONIZED, HKS_TAG_TYPE_UINT | 1008) \
604 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SECURE_KEY_ALIAS, HKS_TAG_TYPE_BOOL | 1009) \
605 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SECURE_KEY_UUID, HKS_TAG_TYPE_BYTES | 1010) \
606 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_DOMAIN, HKS_TAG_TYPE_UINT | 1011) \
607 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_DEVICE_PASSWORD_SET, HKS_TAG_TYPE_BOOL | 1012) \
608 /* Inner-use TAG: 10001 - 10999 */\
609 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PACKAGE_NAME, HKS_TAG_TYPE_BYTES | 10002) \
610 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ACCESS_TIME, HKS_TAG_TYPE_UINT | 10003) \
611 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USES_TIME, HKS_TAG_TYPE_UINT | 10004) \
612 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_CRYPTO_CTX, HKS_TAG_TYPE_ULONG | 10005) \
613 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PAYLOAD_LEN, HKS_TAG_TYPE_UINT | 10008) \
614 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_AE_TAG, HKS_TAG_TYPE_BYTES | 10009) \
615 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_KEY_HANDLE, HKS_TAG_TYPE_ULONG | 10010) \
616 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_INIT_CHALLENGE, HKS_TAG_TYPE_BYTES | 10011) \
617 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_USER_AUTH_ACCESS, HKS_TAG_TYPE_BOOL | 10012) \
618 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_AUTH_CHALLENGE, HKS_TAG_TYPE_BYTES | 10013) \
619 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_AUTH_ENROLL_ID_INFO, HKS_TAG_TYPE_BYTES | 10014) \
620 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_USER_AUTH_SECURE_UID, HKS_TAG_TYPE_BYTES | 10015) \
621 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_AUTH_RESULT, HKS_TAG_TYPE_INT | 10016) \
622 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IF_NEED_APPEND_AUTH_INFO, HKS_TAG_TYPE_BOOL | 10017) \
623 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_VERIFIED_AUTH_TOKEN, HKS_TAG_TYPE_BYTES | 10018) \
624 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_APPEND_UPDATE_DATA, HKS_TAG_TYPE_BOOL | 10019) \
625 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_ACCESS_TIME, HKS_TAG_TYPE_ULONG | 10020) \
626 /* TAGs used for paramSetOut */\
627 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SYMMETRIC_KEY_DATA, HKS_TAG_TYPE_BYTES | 20001) \
628 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA, HKS_TAG_TYPE_BYTES | 20002) \
629 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA, HKS_TAG_TYPE_BYTES | 20003) \
630
631 #define HKS_ASSIGN_PARAM_FILE_ENUM \
632 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_PROCESS_NAME, HKS_TAG_TYPE_BYTES | 10001) \
633 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY, HKS_TAG_TYPE_BYTES | 10006) \
634 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_VERSION, HKS_TAG_TYPE_UINT | 10007) \
635 /* Os version related TAG */\
636 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_OS_VERSION, HKS_TAG_TYPE_UINT | 10101) \
637 HKS_ASSIGN_ENUM_VALUE(HKS_TAG_OS_PATCHLEVEL, HKS_TAG_TYPE_UINT | 10102) \
638
639 /**
640 * @brief hks Tag
641 */
642 enum HksTag {
643 /**
644 * HUKS tags for alg enum
645 */
646 HKS_ASSIGN_PARAM_ALG_ENUM
647
648 /**
649 * HUKS tags for key file enum
650 */
651 HKS_ASSIGN_PARAM_FILE_ENUM
652 };
653
654 /**
655 * @brief hks blob
656 */
657 struct HksBlob {
658 uint32_t size;
659 uint8_t *data;
660 };
661
662 /**
663 * @brief hks param
664 */
665 struct HksParam {
666 uint32_t tag;
667 union {
668 bool boolParam;
669 int32_t int32Param;
670 uint32_t uint32Param;
671 uint64_t uint64Param;
672 struct HksBlob blob;
673 };
674 };
675
676 /**
677 * @brief hks param set
678 */
679 struct HksParamSet {
680 uint32_t paramSetSize;
681 uint32_t paramsCnt;
682 struct HksParam params[];
683 };
684
685 /**
686 * @brief hks certificate chain
687 */
688 struct HksCertChain {
689 struct HksBlob *certs;
690 uint32_t certsCount;
691 };
692
693 /**
694 * @brief hks key info
695 */
696 struct HksKeyInfo {
697 struct HksBlob alias;
698 struct HksParamSet *paramSet;
699 };
700
701 /**
702 * @brief hks public key info
703 */
704 struct HksPubKeyInfo {
705 enum HksKeyAlg keyAlg;
706 uint32_t keySize;
707 uint32_t nOrXSize;
708 uint32_t eOrYSize;
709 uint32_t placeHolder;
710 };
711
712 /**
713 * @brief hks rsa key material
714 */
715 struct HksKeyMaterialRsa {
716 enum HksKeyAlg keyAlg;
717 uint32_t keySize;
718 uint32_t nSize;
719 uint32_t eSize;
720 uint32_t dSize;
721 };
722
723 /**
724 * @brief hks ecc key material
725 */
726 struct HksKeyMaterialEcc {
727 enum HksKeyAlg keyAlg;
728 uint32_t keySize;
729 uint32_t xSize;
730 uint32_t ySize;
731 uint32_t zSize;
732 };
733
734 /**
735 * @brief hks dsa key material
736 */
737 struct HksKeyMaterialDsa {
738 enum HksKeyAlg keyAlg;
739 uint32_t keySize;
740 uint32_t xSize;
741 uint32_t ySize;
742 uint32_t pSize;
743 uint32_t qSize;
744 uint32_t gSize;
745 };
746
747 /**
748 * @brief hks dh key material
749 */
750 struct HksKeyMaterialDh {
751 enum HksKeyAlg keyAlg;
752 uint32_t keySize;
753 uint32_t pubKeySize;
754 uint32_t priKeySize;
755 uint32_t reserved;
756 };
757
758 /**
759 * @brief hks 25519 key material
760 */
761 struct HksKeyMaterial25519 {
762 enum HksKeyAlg keyAlg;
763 uint32_t keySize;
764 uint32_t pubKeySize;
765 uint32_t priKeySize;
766 uint32_t reserved;
767 };
768
769 /**
770 * @brief hks user auth token plaintext data
771 */
772 typedef struct HksPlaintextData {
773 uint8_t challenge[TOKEN_SIZE];
774 uint64_t time;
775 uint32_t authTrustLevel;
776 uint32_t authType;
777 uint32_t authMode;
778 uint32_t securityLevel;
779 } __attribute__((__packed__)) HksPlaintextData;
780
781 /**
782 * @brief hks user auth token ciphertext data
783 */
784 typedef struct HksCiphertextData {
785 int32_t userId;
786 uint64_t secureUid;
787 uint64_t enrolledId;
788 uint64_t credentialId;
789 } __attribute__((__packed__)) HksCiphertextData;
790
791 /**
792 * @brief hks user auth token
793 */
794 typedef struct __attribute__((__packed__)) HksUserAuthToken {
795 uint32_t version;
796 HksPlaintextData plaintextData;
797 HksCiphertextData ciphertextData;
798 uint8_t tag[HKS_AE_TAG_LEN];
799 uint8_t iv[HKS_AE_NONCE_LEN];
800 uint8_t sign[SHA256_SIGN_LEN];
801 } __attribute__((__packed__)) HksUserAuthToken;
802
803 /**
804 * @brief hks user auth token key
805 */
806 struct HksAuthTokenKey {
807 uint8_t macKey[HKS_KEY_BLOB_AT_KEY_BYTES];
808 uint8_t cipherKey[HKS_KEY_BLOB_AT_KEY_BYTES];
809 };
810
811 /**
812 * @brief hks secure sign auth info
813 */
814 typedef struct __attribute__((__packed__)) HksSecureSignAuthInfo {
815 uint32_t userAuthType;
816 uint64_t authenticatorId;
817 uint64_t credentialId;
818 } __attribute__((__packed__)) HksSecureSignAuthInfo;
819
820 enum HksUserIamType {
821 HKS_AUTH_TYPE = 0,
822 };
823
824 struct EnrolledInfoWrap {
825 enum HksUserAuthType authType;
826 uint64_t enrolledId;
827 };
828
829 struct SecInfoWrap {
830 uint64_t secureUid;
831 uint32_t enrolledInfoLen;
832 struct EnrolledInfoWrap *enrolledInfo;
833 };
834
835 #define HKS_DERIVE_DEFAULT_SALT_LEN 16
836 #define HKS_HMAC_DIGEST_SHA512_LEN 64
837 #define HKS_DEFAULT_RANDOM_LEN 16
838 #define HKS_MAX_KEY_AUTH_ID_LEN 64
839 #define HKS_KEY_MATERIAL_NUM 3
840 #define HKS_MAX_KEY_LEN (HKS_KEY_BYTES(HKS_RSA_KEY_SIZE_4096) * HKS_KEY_MATERIAL_NUM)
841 #define HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct HksPubKeyInfo) + HKS_MAX_KEY_LEN + HKS_AE_TAG_LEN)
842
843 /**
844 * @brief hks store header info
845 */
846 struct HksStoreHeaderInfo {
847 uint16_t version;
848 uint16_t keyCount;
849 uint32_t totalLen; /* key buffer total len */
850 uint32_t sealingAlg;
851 uint8_t salt[HKS_DERIVE_DEFAULT_SALT_LEN];
852 uint8_t hmac[HKS_HMAC_DIGEST_SHA512_LEN];
853 };
854
855 /**
856 * @brief hks store key info
857 */
858 struct HksStoreKeyInfo {
859 uint16_t keyInfoLen; /* current keyinfo len */
860 uint16_t keySize; /* keySize of key from crypto hal after encrypted */
861 uint8_t random[HKS_DEFAULT_RANDOM_LEN];
862 uint8_t flag; /* import or generate key */
863 uint8_t keyAlg;
864 uint8_t keyMode;
865 uint8_t digest;
866 uint8_t padding;
867 uint8_t rsv;
868 uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */
869 uint32_t purpose;
870 uint32_t role;
871 uint16_t domain;
872 uint8_t aliasSize;
873 uint8_t authIdSize;
874 };
875
876 /**
877 * @brief hks 25519 key pair
878 */
879 struct Hks25519KeyPair {
880 uint32_t publicBufferSize;
881 uint32_t privateBufferSize;
882 };
883
IsAdditionOverflow(uint32_t a,uint32_t b)884 static inline bool IsAdditionOverflow(uint32_t a, uint32_t b)
885 {
886 return (UINT32_MAX - a) < b;
887 }
888
IsInvalidLength(uint32_t length)889 static inline bool IsInvalidLength(uint32_t length)
890 {
891 return (length == 0) || (length > MAX_OUT_BLOB_SIZE);
892 }
893
CheckBlob(const struct HksBlob * blob)894 static inline int32_t CheckBlob(const struct HksBlob *blob)
895 {
896 if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) {
897 return HKS_ERROR_INVALID_ARGUMENT;
898 }
899 return HKS_SUCCESS;
900 }
901
902 /**
903 * @brief hks chipset platform decrypt scene
904 */
905 enum HksChipsetPlatformDecryptScene {
906 HKS_CHIPSET_PLATFORM_DECRYPT_SCENE_TA_TO_TA = 1,
907 };
908
909 /**
910 * @brief hks auth storage level
911 */
912 enum HksAuthStorageLevel {
913 HKS_AUTH_STORAGE_LEVEL_DE = 0,
914 HKS_AUTH_STORAGE_LEVEL_CE = 1,
915 HKS_AUTH_STORAGE_LEVEL_ECE = 2,
916 };
917
918 #ifdef __cplusplus
919 }
920 #endif
921
922 #endif /* HKS_TYPE_H */
923