1 /*
2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hks_ipc_service.h"
17 #include "hks_type.h"
18
19 #include <dlfcn.h>
20 #include <stdbool.h>
21 #include <stdint.h>
22 #include <sys/time.h>
23 #include <sys/types.h>
24 #include <unistd.h>
25
26 #ifdef HKS_CONFIG_FILE
27 #include HKS_CONFIG_FILE
28 #else
29 #include "hks_config.h"
30 #endif
31
32 #include "hks_base_check.h" // for HksAttestIsAnonymous
33 #include "hks_client_check.h"
34 #include "hks_client_service_dcm.h"
35 #include "hks_client_service.h"
36 #include "hks_cmd_id.h"
37 #include "hks_log.h"
38 #include "hks_mem.h"
39 #include "hks_permission_check.h"
40 #include "hks_response.h"
41 #include "hks_service_ipc_serialization.h"
42 #include "hks_template.h"
43
44 #define MAX_KEY_SIZE 2048
45
46 #ifdef HKS_SUPPORT_ACCESS_TOKEN
47 static enum HksTag g_idList[] = {
48 HKS_TAG_ATTESTATION_ID_BRAND,
49 HKS_TAG_ATTESTATION_ID_DEVICE,
50 HKS_TAG_ATTESTATION_ID_PRODUCT,
51 HKS_TAG_ATTESTATION_ID_SERIAL,
52 HKS_TAG_ATTESTATION_ID_IMEI,
53 HKS_TAG_ATTESTATION_ID_MEID,
54 HKS_TAG_ATTESTATION_ID_MANUFACTURER,
55 HKS_TAG_ATTESTATION_ID_MODEL,
56 HKS_TAG_ATTESTATION_ID_SOCID,
57 HKS_TAG_ATTESTATION_ID_UDID,
58 };
59 #endif
60
HksIpcServiceGenerateKey(const struct HksBlob * srcData,const uint8_t * context)61 void HksIpcServiceGenerateKey(const struct HksBlob *srcData, const uint8_t *context)
62 {
63 struct HksBlob keyAlias = { 0, NULL };
64 struct HksParamSet *inParamSet = NULL;
65 struct HksBlob keyOut = { 0, NULL };
66 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
67 int32_t ret;
68 bool isNoneResponse = false;
69
70 do {
71 ret = HksGenerateKeyUnpack(srcData, &keyAlias, &inParamSet, &keyOut);
72 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGenerateKeyUnpack Ipc fail")
73
74 if (keyOut.data == NULL) {
75 isNoneResponse = true;
76 keyOut.data = (uint8_t *)HksMalloc(MAX_KEY_SIZE);
77 if (keyOut.data == NULL) {
78 HKS_LOG_E("malloc fail.");
79 ret = HKS_ERROR_MALLOC_FAIL;
80 break;
81 }
82 keyOut.size = MAX_KEY_SIZE;
83 }
84
85 ret = HksGetProcessInfoForIPC(context, &processInfo);
86 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
87
88 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
89 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
90
91 struct HksParam *accessTypeParam = NULL;
92 ret = HksGetParam(inParamSet, HKS_TAG_KEY_AUTH_ACCESS_TYPE, &accessTypeParam);
93 if (ret == HKS_SUCCESS && accessTypeParam != NULL &&
94 accessTypeParam->uint32Param == HKS_AUTH_ACCESS_ALWAYS_VALID) {
95 int32_t activeFrontUserId;
96 ret = HksGetFrontUserId(&activeFrontUserId);
97 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetFrontUserId fail! ret=%" LOG_PUBLIC "d", ret);
98 struct HksParamSet *newParamSet = NULL;
99 ret = BuildFrontUserIdParamSet(inParamSet, &newParamSet, activeFrontUserId);
100 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "BuildFrontUserIdParamSet fail! ret=%" LOG_PUBLIC "d", ret);
101 ret = HksServiceGenerateKey(&processInfo, &keyAlias, newParamSet, &keyOut);
102 HksFreeParamSet(&newParamSet);
103 } else {
104 ret = HksServiceGenerateKey(&processInfo, &keyAlias, inParamSet, &keyOut);
105 }
106 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceGenerateKey fail, ret = %" LOG_PUBLIC "d", ret)
107 } while (0);
108
109 if (isNoneResponse) {
110 HksSendResponse(context, ret, NULL);
111 } else {
112 HksSendResponse(context, ret, &keyOut);
113 }
114
115 HKS_FREE_BLOB(keyOut);
116 HKS_FREE_BLOB(processInfo.processName);
117 HKS_FREE_BLOB(processInfo.userId);
118 }
119
HksIpcServiceImportKey(const struct HksBlob * srcData,const uint8_t * context)120 void HksIpcServiceImportKey(const struct HksBlob *srcData, const uint8_t *context)
121 {
122 struct HksBlob keyAlias = { 0, NULL };
123 struct HksParamSet *paramSet = NULL;
124 struct HksBlob key = { 0, NULL };
125 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
126 int32_t ret;
127
128 do {
129 ret = HksImportKeyUnpack(srcData, &keyAlias, ¶mSet, &key);
130 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksImportKeyUnpack Ipc fail")
131
132 ret = HksGetProcessInfoForIPC(context, &processInfo);
133 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
134
135 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
136 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
137
138 ret = HksServiceImportKey(&processInfo, &keyAlias, paramSet, &key);
139 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceImportKey fail, ret = %" LOG_PUBLIC "d", ret)
140 } while (0);
141
142 HksSendResponse(context, ret, NULL);
143
144 HKS_FREE_BLOB(processInfo.processName);
145 HKS_FREE_BLOB(processInfo.userId);
146 }
147
HksIpcServiceImportWrappedKey(const struct HksBlob * srcData,const uint8_t * context)148 void HksIpcServiceImportWrappedKey(const struct HksBlob *srcData, const uint8_t *context)
149 {
150 struct HksBlob keyAlias = { 0, NULL };
151 struct HksBlob wrappingKeyAlias = { 0, NULL };
152 struct HksParamSet *paramSet = NULL;
153 struct HksBlob wrappedKeyData = { 0, NULL };
154 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
155 int32_t ret;
156
157 do {
158 ret = HksImportWrappedKeyUnpack(srcData, &keyAlias, &wrappingKeyAlias, ¶mSet, &wrappedKeyData);
159 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "unpack data for Ipc fail")
160
161 ret = HksGetProcessInfoForIPC(context, &processInfo);
162 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get process info fail, ret = %" LOG_PUBLIC "d", ret)
163
164 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
165 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
166
167 ret = HksServiceImportWrappedKey(&processInfo, &keyAlias, &wrappingKeyAlias, paramSet, &wrappedKeyData);
168 HKS_IF_NOT_SUCC_LOGE(ret, "do import wrapped key fail, ret = %" LOG_PUBLIC "d", ret)
169 } while (0);
170
171 HksSendResponse(context, ret, NULL);
172
173 HKS_FREE_BLOB(processInfo.processName);
174 HKS_FREE_BLOB(processInfo.userId);
175 }
176
HksIpcServiceExportPublicKey(const struct HksBlob * srcData,const uint8_t * context)177 void HksIpcServiceExportPublicKey(const struct HksBlob *srcData, const uint8_t *context)
178 {
179 struct HksBlob keyAlias = { 0, NULL };
180 struct HksParamSet *paramSet = NULL;
181 struct HksBlob key = { 0, NULL };
182 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
183 int32_t ret;
184
185 do {
186 ret = HksExportPublicKeyUnpack(srcData, &keyAlias, ¶mSet, &key);
187 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksExportKeyUnpack Ipc fail")
188
189 ret = HksGetProcessInfoForIPC(context, &processInfo);
190 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
191
192 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
193 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
194
195 ret = HksServiceExportPublicKey(&processInfo, &keyAlias, paramSet, &key);
196 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceExportPublicKey fail, ret = %" LOG_PUBLIC "d", ret)
197
198 HksSendResponse(context, ret, &key);
199 } while (0);
200
201 if (ret != HKS_SUCCESS) {
202 HksSendResponse(context, ret, NULL);
203 }
204
205 HKS_FREE_BLOB(key);
206 HKS_FREE_BLOB(processInfo.processName);
207 HKS_FREE_BLOB(processInfo.userId);
208 }
209
HksIpcServiceDeleteKey(const struct HksBlob * srcData,const uint8_t * context)210 void HksIpcServiceDeleteKey(const struct HksBlob *srcData, const uint8_t *context)
211 {
212 struct HksBlob keyAlias = { 0, NULL };
213 struct HksParamSet *paramSet = NULL;
214 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
215 int32_t ret;
216 do {
217 ret = HksDeleteKeyUnpack(srcData, &keyAlias, ¶mSet);
218 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeleteKeyUnpack Ipc fail")
219
220 ret = HksGetProcessInfoForIPC(context, &processInfo);
221 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
222
223 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
224 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
225
226 ret = HksServiceDeleteKey(&processInfo, &keyAlias, paramSet);
227 HKS_IF_NOT_SUCC_LOGE(ret, "HksIpcServiceDeleteKey fail")
228 } while (0);
229
230 HksSendResponse(context, ret, NULL);
231
232 HKS_FREE_BLOB(processInfo.processName);
233 HKS_FREE_BLOB(processInfo.userId);
234 }
235
HksIpcServiceGetKeyParamSet(const struct HksBlob * srcData,const uint8_t * context)236 void HksIpcServiceGetKeyParamSet(const struct HksBlob *srcData, const uint8_t *context)
237 {
238 struct HksBlob keyAlias = { 0, NULL };
239 struct HksParamSet *paramSetIn = NULL;
240 struct HksParamSet *paramSetOut = NULL;
241 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
242 int32_t ret;
243
244 do {
245 ret = HksGetKeyParamSetUnpack(srcData, &keyAlias, ¶mSetIn, ¶mSetOut);
246 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGenerateKeyUnpack Ipc fail, ret = %" LOG_PUBLIC "d", ret)
247
248 ret = HksGetProcessInfoForIPC(context, &processInfo);
249 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
250
251 ret = HksCheckAcrossAccountsPermission(paramSetIn, processInfo.userIdInt);
252 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
253
254 ret = HksServiceGetKeyParamSet(&processInfo, &keyAlias, paramSetIn, paramSetOut);
255 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGetKeyParamSet fail, ret = %" LOG_PUBLIC "d", ret)
256
257 struct HksBlob paramSet = { paramSetOut->paramSetSize, (uint8_t *)paramSetOut };
258 HksSendResponse(context, ret, ¶mSet);
259 } while (0);
260
261 if (ret != HKS_SUCCESS) {
262 HksSendResponse(context, ret, NULL);
263 }
264
265 HKS_FREE(paramSetOut);
266 HKS_FREE_BLOB(processInfo.processName);
267 HKS_FREE_BLOB(processInfo.userId);
268 }
269
HksIpcServiceKeyExist(const struct HksBlob * srcData,const uint8_t * context)270 void HksIpcServiceKeyExist(const struct HksBlob *srcData, const uint8_t *context)
271 {
272 struct HksBlob keyAlias = { 0, NULL };
273 struct HksParamSet *paramSet = NULL;
274 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
275 int32_t ret;
276
277 do {
278 ret = HksKeyExistUnpack(srcData, &keyAlias, ¶mSet);
279 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeleteKeyUnpack Ipc fail")
280
281 ret = HksGetProcessInfoForIPC(context, &processInfo);
282 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
283
284 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
285 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
286
287 ret = HksServiceKeyExist(&processInfo, &keyAlias, paramSet);
288 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceKeyExist fail, ret = %" LOG_PUBLIC "d", ret)
289 } while (0);
290
291 HksSendResponse(context, ret, NULL);
292
293 HKS_FREE_BLOB(processInfo.processName);
294 HKS_FREE_BLOB(processInfo.userId);
295 }
296
HksIpcServiceGenerateRandom(const struct HksBlob * srcData,const uint8_t * context)297 void HksIpcServiceGenerateRandom(const struct HksBlob *srcData, const uint8_t *context)
298 {
299 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL } };
300 struct HksBlob random = { 0, NULL };
301 int32_t ret;
302
303 do {
304 if ((srcData == NULL) || (srcData->data == NULL) || (srcData->size < sizeof(uint32_t))) {
305 HKS_LOG_E("invalid srcData");
306 ret = HKS_ERROR_INVALID_ARGUMENT;
307 break;
308 }
309
310 random.size = *((uint32_t *)(srcData->data));
311 if (IsInvalidLength(random.size)) {
312 HKS_LOG_E("invalid size %" LOG_PUBLIC "u", random.size);
313 ret = HKS_ERROR_INVALID_ARGUMENT;
314 break;
315 }
316
317 random.data = (uint8_t *)HksMalloc(random.size);
318 if (random.data == NULL) {
319 ret = HKS_ERROR_MALLOC_FAIL;
320 break;
321 }
322
323 ret = HksGetProcessInfoForIPC(context, &processInfo);
324 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
325
326 ret = HksServiceGenerateRandom(&processInfo, &random);
327 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGenerateRandom fail, ret = %" LOG_PUBLIC "d", ret)
328
329 HksSendResponse(context, ret, &random);
330 } while (0);
331
332 if (ret != HKS_SUCCESS) {
333 HksSendResponse(context, ret, NULL);
334 }
335
336 HKS_FREE_BLOB(random);
337 HKS_FREE_BLOB(processInfo.processName);
338 HKS_FREE_BLOB(processInfo.userId);
339 }
340
HksIpcServiceSign(const struct HksBlob * srcData,const uint8_t * context)341 void HksIpcServiceSign(const struct HksBlob *srcData, const uint8_t *context)
342 {
343 struct HksBlob keyAlias = { 0, NULL };
344 struct HksParamSet *inParamSet = NULL;
345 struct HksBlob unsignedData = { 0, NULL };
346 struct HksBlob signature = { 0, NULL };
347 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
348 int32_t ret;
349
350 do {
351 ret = HksSignUnpack(srcData, &keyAlias, &inParamSet, &unsignedData, &signature);
352 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksSignUnpack Ipc fail")
353
354 ret = HksGetProcessInfoForIPC(context, &processInfo);
355 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
356
357 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
358 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
359
360 ret = HksServiceSign(&processInfo, &keyAlias, inParamSet, &unsignedData, &signature);
361 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceSign fail")
362
363 HksSendResponse(context, ret, &signature);
364 } while (0);
365
366 if (ret != HKS_SUCCESS) {
367 HksSendResponse(context, ret, NULL);
368 }
369
370 HKS_FREE_BLOB(signature);
371 HKS_FREE_BLOB(processInfo.processName);
372 HKS_FREE_BLOB(processInfo.userId);
373 }
374
HksIpcServiceVerify(const struct HksBlob * srcData,const uint8_t * context)375 void HksIpcServiceVerify(const struct HksBlob *srcData, const uint8_t *context)
376 {
377 struct HksBlob keyAlias = { 0, NULL };
378 struct HksParamSet *inParamSet = NULL;
379 struct HksBlob unsignedData = { 0, NULL };
380 struct HksBlob signature = { 0, NULL };
381 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
382 int32_t ret;
383
384 do {
385 ret = HksVerifyUnpack(srcData, &keyAlias, &inParamSet, &unsignedData, &signature);
386 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksVerifyUnpack Ipc fail")
387
388 ret = HksGetProcessInfoForIPC(context, &processInfo);
389 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
390
391 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
392 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
393
394 ret = HksServiceVerify(&processInfo, &keyAlias, inParamSet, &unsignedData, &signature);
395 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceVerify fail")
396 } while (0);
397
398 HksSendResponse(context, ret, NULL);
399
400 HKS_FREE_BLOB(processInfo.processName);
401 HKS_FREE_BLOB(processInfo.userId);
402 }
403
HksIpcServiceEncrypt(const struct HksBlob * srcData,const uint8_t * context)404 void HksIpcServiceEncrypt(const struct HksBlob *srcData, const uint8_t *context)
405 {
406 struct HksBlob keyAlias = { 0, NULL };
407 struct HksParamSet *inParamSet = NULL;
408 struct HksBlob plainText = { 0, NULL };
409 struct HksBlob cipherText = { 0, NULL };
410 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
411 int32_t ret;
412
413 do {
414 ret = HksEncryptDecryptUnpack(srcData, &keyAlias, &inParamSet, &plainText, &cipherText);
415 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksEncryptDecryptUnpack Ipc fail")
416
417 ret = HksGetProcessInfoForIPC(context, &processInfo);
418 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
419
420 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
421 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
422
423 ret = HksServiceEncrypt(&processInfo, &keyAlias, inParamSet, &plainText, &cipherText);
424 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceEncrypt fail")
425
426 HksSendResponse(context, ret, &cipherText);
427 } while (0);
428
429 if (ret != HKS_SUCCESS) {
430 HksSendResponse(context, ret, NULL);
431 }
432
433 HKS_FREE_BLOB(cipherText);
434 HKS_FREE_BLOB(processInfo.processName);
435 HKS_FREE_BLOB(processInfo.userId);
436 }
437
HksIpcServiceDecrypt(const struct HksBlob * srcData,const uint8_t * context)438 void HksIpcServiceDecrypt(const struct HksBlob *srcData, const uint8_t *context)
439 {
440 struct HksBlob keyAlias = { 0, NULL };
441 struct HksParamSet *inParamSet = NULL;
442 struct HksBlob plainText = { 0, NULL };
443 struct HksBlob cipherText = { 0, NULL };
444 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
445 int32_t ret;
446
447 do {
448 ret = HksEncryptDecryptUnpack(srcData, &keyAlias, &inParamSet, &cipherText, &plainText);
449 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksEncryptDecryptUnpack Ipc fail")
450
451 ret = HksGetProcessInfoForIPC(context, &processInfo);
452 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
453
454 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
455 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
456
457 ret = HksServiceDecrypt(&processInfo, &keyAlias, inParamSet, &cipherText, &plainText);
458 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceDecrypt fail")
459
460 HksSendResponse(context, ret, &plainText);
461 } while (0);
462
463 if (ret != HKS_SUCCESS) {
464 HksSendResponse(context, ret, NULL);
465 }
466
467 HKS_FREE_BLOB(plainText);
468 HKS_FREE_BLOB(processInfo.processName);
469 HKS_FREE_BLOB(processInfo.userId);
470 }
471
HksIpcServiceAgreeKey(const struct HksBlob * srcData,const uint8_t * context)472 void HksIpcServiceAgreeKey(const struct HksBlob *srcData, const uint8_t *context)
473 {
474 struct HksBlob privateKey = { 0, NULL };
475 struct HksBlob peerPublicKey = { 0, NULL };
476 struct HksBlob agreedKey = { 0, NULL };
477 struct HksParamSet *inParamSet = NULL;
478 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
479 int32_t ret;
480
481 do {
482 ret = HksAgreeKeyUnpack(srcData, &inParamSet, &privateKey, &peerPublicKey, &agreedKey);
483 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksAgreeKeyUnpack Ipc fail")
484
485 ret = HksGetProcessInfoForIPC(context, &processInfo);
486 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
487
488 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
489 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
490
491 ret = HksServiceAgreeKey(&processInfo, inParamSet, &privateKey, &peerPublicKey, &agreedKey);
492 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAgreeKey fail, ret = %" LOG_PUBLIC "d", ret)
493
494 HksSendResponse(context, ret, &agreedKey);
495 } while (0);
496
497 if (ret != HKS_SUCCESS) {
498 HksSendResponse(context, ret, NULL);
499 }
500
501 HKS_FREE_BLOB(agreedKey);
502 HKS_FREE_BLOB(processInfo.processName);
503 HKS_FREE_BLOB(processInfo.userId);
504 }
505
HksIpcServiceDeriveKey(const struct HksBlob * srcData,const uint8_t * context)506 void HksIpcServiceDeriveKey(const struct HksBlob *srcData, const uint8_t *context)
507 {
508 struct HksBlob masterKey = { 0, NULL };
509 struct HksBlob derivedKey = { 0, NULL };
510 struct HksParamSet *inParamSet = NULL;
511 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
512 int32_t ret;
513
514 do {
515 ret = HksDeriveKeyUnpack(srcData, &inParamSet, &masterKey, &derivedKey);
516 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksDeriveKeyUnpack Ipc fail")
517
518 ret = HksGetProcessInfoForIPC(context, &processInfo);
519 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
520
521 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
522 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
523
524 ret = HksServiceDeriveKey(&processInfo, inParamSet, &masterKey, &derivedKey);
525 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceDeriveKey fail, ret = %" LOG_PUBLIC "d", ret)
526
527 HksSendResponse(context, ret, &derivedKey);
528 } while (0);
529
530 if (ret != HKS_SUCCESS) {
531 HksSendResponse(context, ret, NULL);
532 }
533
534 HKS_FREE_BLOB(derivedKey);
535 HKS_FREE_BLOB(processInfo.processName);
536 HKS_FREE_BLOB(processInfo.userId);
537 }
538
HksIpcServiceMac(const struct HksBlob * srcData,const uint8_t * context)539 void HksIpcServiceMac(const struct HksBlob *srcData, const uint8_t *context)
540 {
541 struct HksBlob key = { 0, NULL };
542 struct HksParamSet *inParamSet = NULL;
543 struct HksBlob inputData = { 0, NULL };
544 struct HksBlob mac = { 0, NULL };
545 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
546 int32_t ret;
547
548 do {
549 ret = HksHmacUnpack(srcData, &key, &inParamSet, &inputData, &mac);
550 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksHmacUnpack Ipc fail")
551
552 ret = HksGetProcessInfoForIPC(context, &processInfo);
553 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
554
555 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
556 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
557
558 ret = HksServiceMac(&processInfo, &key, inParamSet, &inputData, &mac);
559 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceMac fail, ret = %" LOG_PUBLIC "d", ret)
560
561 HksSendResponse(context, ret, &mac);
562 } while (0);
563
564 if (ret != HKS_SUCCESS) {
565 HksSendResponse(context, ret, NULL);
566 }
567
568 HKS_FREE_BLOB(mac);
569 HKS_FREE_BLOB(processInfo.processName);
570 HKS_FREE_BLOB(processInfo.userId);
571 }
572
FreeKeyInfo(uint32_t listCount,struct HksKeyInfo ** keyInfoList)573 static void FreeKeyInfo(uint32_t listCount, struct HksKeyInfo **keyInfoList)
574 {
575 if ((keyInfoList == NULL) || (*keyInfoList == NULL)) {
576 return;
577 }
578
579 for (uint32_t i = 0; i < listCount; ++i) {
580 if ((*keyInfoList)[i].alias.data != NULL) {
581 HKS_FREE_BLOB((*keyInfoList)[i].alias);
582 }
583 if ((*keyInfoList)[i].paramSet != NULL) {
584 HKS_FREE((*keyInfoList)[i].paramSet);
585 (*keyInfoList)[i].paramSet = NULL;
586 }
587 }
588
589 HKS_FREE(*keyInfoList);
590 }
591
HksIpcServiceGetKeyInfoList(const struct HksBlob * srcData,const uint8_t * context)592 void HksIpcServiceGetKeyInfoList(const struct HksBlob *srcData, const uint8_t *context)
593 {
594 uint32_t inputCount = 0;
595 struct HksParamSet *paramSet = NULL;
596 struct HksKeyInfo *keyInfoList = NULL;
597 struct HksBlob keyInfoListBlob = { 0, NULL };
598 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
599 int32_t ret;
600
601 do {
602 ret = HksGetKeyInfoListUnpack(srcData, ¶mSet, &inputCount, &keyInfoList);
603 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetKeyInfoListUnpack Ipc fail")
604
605 ret = HksGetProcessInfoForIPC(context, &processInfo);
606 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
607
608 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
609 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
610
611 uint32_t listCount = inputCount;
612 ret = HksServiceGetKeyInfoList(&processInfo, paramSet, keyInfoList, &listCount);
613 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceGetKeyInfoList fail, ret = %" LOG_PUBLIC "d", ret)
614
615 keyInfoListBlob.size = sizeof(listCount);
616 for (uint32_t i = 0; i < listCount; ++i) {
617 keyInfoListBlob.size += sizeof(keyInfoList[i].alias.size) + ALIGN_SIZE(keyInfoList[i].alias.size) +
618 ALIGN_SIZE(keyInfoList[i].paramSet->paramSetSize);
619 }
620
621 keyInfoListBlob.data = (uint8_t *)HksMalloc(keyInfoListBlob.size);
622 if (keyInfoListBlob.data == NULL) {
623 ret = HKS_ERROR_MALLOC_FAIL;
624 break;
625 }
626
627 ret = HksGetKeyInfoListPackFromService(&keyInfoListBlob, listCount, keyInfoList);
628 HKS_IF_NOT_SUCC_BREAK(ret)
629
630 HksSendResponse(context, ret, &keyInfoListBlob);
631 } while (0);
632
633 if (ret != HKS_SUCCESS) {
634 HksSendResponse(context, ret, NULL);
635 }
636
637 FreeKeyInfo(inputCount, &keyInfoList);
638 HKS_FREE_BLOB(keyInfoListBlob);
639 HKS_FREE_BLOB(processInfo.processName);
640 HKS_FREE_BLOB(processInfo.userId);
641 }
642
HksAttestAccessControl(struct HksParamSet * paramSet)643 int32_t HksAttestAccessControl(struct HksParamSet *paramSet)
644 {
645 #ifdef HKS_SUPPORT_ACCESS_TOKEN
646 // check permisson for attest ids
647 for (uint32_t i = 0; i < sizeof(g_idList) / sizeof(g_idList[0]); i++) {
648 for (uint32_t j = 0; j < paramSet->paramsCnt; j++) {
649 if (paramSet->params[j].tag == g_idList[i]) {
650 return SensitivePermissionCheck("ohos.permission.ACCESS_IDS");
651 }
652 }
653 }
654 // HKS_ATTESTATION_MODE_ANONYMOUS no need check permission
655 if (HksAttestIsAnonymous(paramSet)) {
656 return HKS_SUCCESS;
657 }
658
659 return SensitivePermissionCheck("ohos.permission.ATTEST_KEY");
660 #endif
661 (void)paramSet;
662 return HKS_SUCCESS;
663 }
664
HksIpcServiceAttestKey(const struct HksBlob * srcData,const uint8_t * context,const uint8_t * remoteObject)665 void HksIpcServiceAttestKey(const struct HksBlob *srcData, const uint8_t *context, const uint8_t *remoteObject)
666 {
667 struct HksBlob keyAlias = { 0, NULL };
668 struct HksParamSet *inParamSet = NULL;
669 struct HksBlob certChainBlob = { 0, NULL };
670 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
671 int32_t ret;
672
673 do {
674 ret = HksCertificateChainUnpack(srcData, &keyAlias, &inParamSet, &certChainBlob);
675 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCertificateChainUnpack Ipc fail")
676
677 ret = HksGetProcessInfoForIPC(context, &processInfo);
678 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
679
680 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
681 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
682
683 ret = HksAttestAccessControl(inParamSet);
684 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksAttestAccessControl fail, ret = %" LOG_PUBLIC "d", ret)
685
686 ret = HksServiceAttestKey(&processInfo, &keyAlias, inParamSet, &certChainBlob, remoteObject);
687 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAttestKey fail, ret = %" LOG_PUBLIC "d", ret)
688
689 // certChainBlob.size would be 0 if attestation mode is anonymous
690 HKS_LOG_I("got certChainBlob size %" LOG_PUBLIC "u", certChainBlob.size);
691 HksSendResponse(context, ret, &certChainBlob);
692 } while (0);
693
694 if (ret != HKS_SUCCESS) {
695 HksSendResponse(context, ret, NULL);
696 }
697
698 HKS_FREE_BLOB(processInfo.processName);
699 HKS_FREE_BLOB(processInfo.userId);
700 HKS_FREE_BLOB(certChainBlob);
701 }
702
IpcServiceInit(const struct HksProcessInfo * processInfo,const struct HksBlob * keyAlias,const struct HksParamSet * paramSet,struct HksBlob * outData)703 static int32_t IpcServiceInit(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
704 const struct HksParamSet *paramSet, struct HksBlob *outData)
705 {
706 uint8_t handleData[HANDLE_SIZE] = {0};
707 uint8_t tokenData[TOKEN_SIZE] = {0};
708 struct HksBlob handle = { sizeof(handleData), handleData };
709 struct HksBlob token = { sizeof(tokenData), tokenData };
710
711 int32_t ret = HksServiceInit(processInfo, keyAlias, paramSet, &handle, &token);
712 HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "service init failed, ret = %" LOG_PUBLIC "d", ret)
713
714 if ((handle.size != HANDLE_SIZE) || (token.size > TOKEN_SIZE)) {
715 HKS_LOG_E("invalid handle size[%" LOG_PUBLIC "u], or token size[%" LOG_PUBLIC "u]", handle.size, token.size);
716 return HKS_ERROR_BAD_STATE;
717 }
718
719 if (outData->size < (handle.size + token.size)) {
720 HKS_LOG_E("ipc out size[%" LOG_PUBLIC "u] too small", outData->size);
721 return HKS_ERROR_BUFFER_TOO_SMALL;
722 }
723
724 (void)memcpy_s(outData->data, outData->size, handle.data, handle.size);
725
726 if (token.size != 0 &&
727 memcpy_s(outData->data + handle.size, outData->size - handle.size, token.data, token.size) != EOK) {
728 HKS_LOG_E("copy token failed");
729 return HKS_ERROR_INSUFFICIENT_MEMORY;
730 }
731 outData->size = handle.size + token.size;
732
733 return HKS_SUCCESS;
734 }
735
HksIpcServiceInit(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)736 void HksIpcServiceInit(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
737 {
738 int32_t ret;
739 struct HksParamSet *inParamSet = NULL;
740 struct HksParamSet *paramSet = NULL;
741 struct HksBlob keyAlias = { 0, NULL };
742 struct HksBlob paramsBlob = { 0, NULL };
743 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
744
745 do {
746 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
747 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
748
749 struct HksParamOut params[] = {
750 {
751 .tag = HKS_TAG_PARAM0_BUFFER,
752 .blob = &keyAlias
753 }, {
754 .tag = HKS_TAG_PARAM1_BUFFER,
755 .blob = ¶msBlob
756 },
757 };
758
759 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
760 HKS_IF_NOT_SUCC_BREAK(ret)
761
762 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
763 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
764
765 ret = HksGetProcessInfoForIPC(context, &processInfo);
766 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
767
768 ret = HksCheckAcrossAccountsPermission(inParamSet, processInfo.userIdInt);
769 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
770
771 ret = IpcServiceInit(&processInfo, &keyAlias, inParamSet, outData);
772 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "ipc service init fail, ret = %" LOG_PUBLIC "d", ret)
773
774 HksSendResponse(context, ret, outData);
775 } while (0);
776
777 if (ret != HKS_SUCCESS) {
778 HksSendResponse(context, ret, NULL);
779 }
780
781 HksFreeParamSet(¶mSet);
782 HksFreeParamSet(&inParamSet);
783 HKS_FREE_BLOB(processInfo.processName);
784 HKS_FREE_BLOB(processInfo.userId);
785 }
786
HksIpcServiceUpdOrFin(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context,bool isUpdate)787 void HksIpcServiceUpdOrFin(const struct HksBlob *paramSetBlob, struct HksBlob *outData,
788 const uint8_t *context, bool isUpdate)
789 {
790 int32_t ret;
791 struct HksParamSet *inParamSet = NULL;
792 struct HksParamSet *paramSet = NULL;
793 struct HksBlob paramsBlob = { 0, NULL };
794 struct HksBlob inData = { 0, NULL };
795 struct HksBlob handle = { 0, NULL };
796 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
797
798 do {
799 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
800 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
801
802 struct HksParamOut params[] = {
803 {
804 .tag = HKS_TAG_PARAM0_BUFFER,
805 .blob = ¶msBlob
806 }, {
807 .tag = HKS_TAG_PARAM1_BUFFER,
808 .blob = &handle
809 }, {
810 .tag = HKS_TAG_PARAM2_BUFFER,
811 .blob = &inData
812 },
813 };
814
815 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
816 HKS_IF_NOT_SUCC_BREAK(ret)
817
818 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
819 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
820
821 ret = HksGetProcessInfoForIPC(context, &processInfo);
822 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
823
824 if (isUpdate) {
825 ret = HksServiceUpdate(&handle, &processInfo, inParamSet, &inData, outData);
826 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceUpdate fail, ret = %" LOG_PUBLIC "d", ret)
827 } else {
828 ret = HksServiceFinish(&handle, &processInfo, inParamSet, &inData, outData);
829 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceFinish fail, ret = %" LOG_PUBLIC "d", ret)
830 }
831 if (outData->size == 0) {
832 HksSendResponse(context, ret, NULL);
833 } else {
834 HksSendResponse(context, ret, outData);
835 }
836 } while (0);
837
838 if (ret != HKS_SUCCESS) {
839 HksSendResponse(context, ret, NULL);
840 }
841
842 HksFreeParamSet(¶mSet);
843 HksFreeParamSet(&inParamSet);
844 HKS_FREE_BLOB(processInfo.processName);
845 HKS_FREE_BLOB(processInfo.userId);
846 }
847
HksIpcServiceUpdate(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)848 void HksIpcServiceUpdate(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
849 {
850 HksIpcServiceUpdOrFin(paramSetBlob, outData, context, true);
851 }
852
HksIpcServiceFinish(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)853 void HksIpcServiceFinish(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
854 {
855 HksIpcServiceUpdOrFin(paramSetBlob, outData, context, false);
856 }
857
HksIpcServiceAbort(const struct HksBlob * paramSetBlob,struct HksBlob * outData,const uint8_t * context)858 void HksIpcServiceAbort(const struct HksBlob *paramSetBlob, struct HksBlob *outData, const uint8_t *context)
859 {
860 (void)outData;
861 int32_t ret;
862 struct HksParamSet *inParamSet = NULL;
863 struct HksParamSet *paramSet = NULL;
864 struct HksBlob handle = { 0, NULL };
865 struct HksBlob paramsBlob = { 0, NULL };
866 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
867
868 do {
869 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
870 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
871
872 struct HksParamOut params[] = {
873 {
874 .tag = HKS_TAG_PARAM0_BUFFER,
875 .blob = ¶msBlob
876 }, {
877 .tag = HKS_TAG_PARAM1_BUFFER,
878 .blob = &handle
879 },
880 };
881 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
882 HKS_IF_NOT_SUCC_BREAK(ret)
883
884 ret = HksGetParamSet((struct HksParamSet *)paramsBlob.data, paramsBlob.size, &inParamSet);
885 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
886
887 ret = HksGetProcessInfoForIPC(context, &processInfo);
888 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
889
890 ret = HksServiceAbort(&handle, &processInfo, inParamSet);
891 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceAbort fail, ret = %" LOG_PUBLIC "d", ret)
892 } while (0);
893
894 HksSendResponse(context, ret, NULL);
895 HksFreeParamSet(¶mSet);
896 HksFreeParamSet(&inParamSet);
897 HKS_FREE_BLOB(processInfo.processName);
898 HKS_FREE_BLOB(processInfo.userId);
899 }
900
HksIpcErrorResponse(const uint8_t * context)901 void HksIpcErrorResponse(const uint8_t *context)
902 {
903 HksSendResponse(context, HKS_ERROR_IPC_MSG_FAIL, NULL);
904 }
905
906 #ifdef HKS_SUPPORT_CHIPSET_PLATFORM_DECRYPT
HksIpcServiceExportChipsetPlatformPublicKey(const struct HksBlob * paramSetBlob,struct HksBlob * publicKey,const uint8_t * context)907 void HksIpcServiceExportChipsetPlatformPublicKey(
908 const struct HksBlob *paramSetBlob, struct HksBlob *publicKey, const uint8_t *context)
909 {
910 int32_t ret;
911 struct HksParamSet *paramSet = NULL;
912 struct HksBlob salt = { 0, NULL };
913 enum HksChipsetPlatformDecryptScene scene = 0;
914
915 do {
916 ret = HksGetParamSet((struct HksParamSet *)paramSetBlob->data, paramSetBlob->size, ¶mSet);
917 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetParamSet fail, ret = %" LOG_PUBLIC "d", ret)
918
919 struct HksParamOut params[] = {
920 { .tag = HKS_TAG_PARAM0_BUFFER, .blob = &salt },
921 { .tag = HKS_TAG_PARAM1_UINT32, .uint32Param = &scene },
922 };
923
924 ret = HksParamSetToParams(paramSet, params, HKS_ARRAY_SIZE(params));
925 HKS_IF_NOT_SUCC_BREAK(ret)
926
927 HKS_LOG_I("scene = %" LOG_PUBLIC "d", scene);
928 ret = HksServiceExportChipsetPlatformPublicKey(&salt, scene, publicKey);
929 HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
930 "HksServiceExportChipsetPlatformPublicKey fail, ret = %" LOG_PUBLIC "d", ret)
931 HksSendResponse(context, ret, publicKey);
932 } while (0);
933
934 if (ret != HKS_SUCCESS) {
935 HksSendResponse(context, ret, NULL);
936 }
937
938 HksFreeParamSet(¶mSet);
939 }
940 #endif
941
HksIpcServiceListAliases(const struct HksBlob * srcData,const uint8_t * context)942 void HksIpcServiceListAliases(const struct HksBlob *srcData, const uint8_t *context)
943 {
944 struct HksParamSet *paramSet = NULL;
945 struct HksKeyAliasSet *keyAliasSet = NULL;
946 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
947 struct HksBlob outBlob = { 0, NULL };
948 int32_t ret;
949
950 do {
951 ret = HksListAliasesUnpack(srcData, ¶mSet);
952 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksListAliasesUnpack fail")
953
954 ret = HksGetProcessInfoForIPC(context, &processInfo);
955 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
956
957 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
958 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
959
960 ret = HksServiceListAliases(&processInfo, paramSet, &keyAliasSet);
961 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksServiceListAliases fail, ret = %" LOG_PUBLIC "d", ret)
962
963 ret = HksListAliasesPackFromService(keyAliasSet, &outBlob);
964 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksListAliasesPackFromService fail")
965 } while (0);
966
967 // query success and key size is not 0
968 if (ret == HKS_SUCCESS && outBlob.size != 0) {
969 HksSendResponse(context, ret, &outBlob);
970 } else {
971 HksSendResponse(context, ret, NULL);
972 }
973
974 HksFreeKeyAliasSet(keyAliasSet);
975 HKS_FREE_BLOB(processInfo.processName);
976 HKS_FREE_BLOB(processInfo.userId);
977 HKS_FREE_BLOB(outBlob);
978 }
979
HksIpcServiceRenameKeyAlias(const struct HksBlob * srcData,const uint8_t * context)980 void HksIpcServiceRenameKeyAlias(const struct HksBlob *srcData, const uint8_t *context)
981 {
982 int32_t ret;
983 struct HksBlob oldKeyAlias = { 0, NULL };
984 struct HksBlob newKeyAlias = { 0, NULL };
985 struct HksParamSet *paramSet = NULL;
986 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
987 do {
988 ret = HksRenameKeyAliasUnpack(srcData, &oldKeyAlias, &newKeyAlias, ¶mSet);
989 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksRenameKeyAliasUnpack Ipc fail")
990
991 ret = HksGetProcessInfoForIPC(context, &processInfo);
992 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
993
994 ret = HksCheckAcrossAccountsPermission(paramSet, processInfo.userIdInt);
995 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
996
997 ret = HksServiceRenameKeyAlias(&processInfo, &oldKeyAlias, paramSet, &newKeyAlias);
998 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceRenameKeyAliasy fail")
999 } while (0);
1000
1001 HksSendResponse(context, ret, NULL);
1002
1003 HKS_FREE_BLOB(processInfo.processName);
1004 HKS_FREE_BLOB(processInfo.userId);
1005 }
1006
HksIpcChangeStorageLevel(const struct HksBlob * srcData,const uint8_t * context)1007 void HksIpcChangeStorageLevel(const struct HksBlob *srcData, const uint8_t *context)
1008 {
1009 struct HksBlob keyAlias = { 0, NULL };
1010 struct HksParamSet *srcParamSet = NULL;
1011 struct HksParamSet *destParamSet = NULL;
1012 struct HksProcessInfo processInfo = { { 0, NULL }, { 0, NULL }, 0, 0 };
1013 int32_t ret;
1014
1015 do {
1016 ret = HksChangeStorageLevelUnpack(srcData, &keyAlias, &srcParamSet, &destParamSet);
1017 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksChangeStorageLevelUnpack Ipc fail")
1018
1019 ret = HksGetProcessInfoForIPC(context, &processInfo);
1020 HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HksGetProcessInfoForIPC fail, ret = %" LOG_PUBLIC "d", ret)
1021
1022 ret = HksCheckAcrossAccountsPermission(srcParamSet, processInfo.userIdInt);
1023 HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
1024 "srcParamSet HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
1025
1026 ret = HksCheckAcrossAccountsPermission(destParamSet, processInfo.userIdInt);
1027 HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
1028 "destParamSet HksCheckAcrossAccountsPermission fail, ret = %" LOG_PUBLIC "d", ret)
1029
1030 ret = HksServiceChangeStorageLevel(&processInfo, &keyAlias, srcParamSet, destParamSet);
1031 HKS_IF_NOT_SUCC_LOGE(ret, "HksServiceChangeStorageLevel fail, ret = %" LOG_PUBLIC "d", ret)
1032 } while (0);
1033
1034 HksSendResponse(context, ret, NULL);
1035
1036 HKS_FREE_BLOB(processInfo.processName);
1037 HKS_FREE_BLOB(processInfo.userId);
1038 }