change purpose for P256 key agree

Signed-off-by: winnieHu <huyu35@huawei.com>
2024-11-23 04:40:12 +00:00 · 2022-06-06 17:03:32 +08:00 · 2022-06-06 17:03:32 +08:00 · 319d6278fb
commit 319d6278fb
parent dad0f743f0
7 changed files with 23 additions and 11 deletions
--- a/deps_adapter/key_management_adapter/impl/src/small/huks_adapter.c
+++ b/deps_adapter/key_management_adapter/impl/src/small/huks_adapter.c
@ -634,8 +634,9 @@ static int32_t ConstructGenerateKeyPairWithStorageParams(struct HksParamSet **pa
 }

 static int32_t GenerateKeyPairWithStorage(const Uint8Buff *keyAlias, uint32_t keyLen, Algorithm algo,
-    const ExtraInfo *exInfo)
+    KeyPurpose purpose, const ExtraInfo *exInfo)
 {
+    (void)purpose;
    CHECK_PTR_RETURN_HAL_ERROR_CODE(keyAlias, "keyAlias");
    CHECK_PTR_RETURN_HAL_ERROR_CODE(keyAlias->val, "keyAlias->val");
    CHECK_LEN_ZERO_RETURN_ERROR_CODE(keyAlias->length, "keyAlias->length");
--- a/deps_adapter/key_management_adapter/impl/src/standard/huks_adapter.c
+++ b/deps_adapter/key_management_adapter/impl/src/standard/huks_adapter.c
@ -28,7 +28,9 @@

 static enum HksKeyPurpose g_purposeToHksKeyPurpose[] = {
    HKS_KEY_PURPOSE_MAC,
-    HKS_KEY_PURPOSE_DERIVE
+    HKS_KEY_PURPOSE_DERIVE,
+    HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY,
+    HKS_KEY_PURPOSE_AGREE
 };

 static enum HksKeyAlg g_algToHksAlgorithm[] = {
@ -728,7 +730,7 @@ static int32_t BigNumExpMod(const Uint8Buff *base, const Uint8Buff *exp, const c
 }

 static int32_t ConstructGenerateKeyPairWithStorageParams(struct HksParamSet **paramSet, Algorithm algo,
-    uint32_t keyLen, const struct HksBlob *authIdBlob)
+    uint32_t keyLen, KeyPurpose purpose, const struct HksBlob *authIdBlob)
 {
    struct HksParam keyParam[] = {
        {
@ -739,7 +741,7 @@ static int32_t ConstructGenerateKeyPairWithStorageParams(struct HksParamSet **pa
            .uint32Param = HKS_STORAGE_PERSISTENT
        }, {
            .tag = HKS_TAG_PURPOSE,
-            .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY
+            .uint32Param = g_purposeToHksKeyPurpose[purpose]
        }, {
            .tag = HKS_TAG_KEY_SIZE,
            .uint32Param = keyLen * BITS_PER_BYTE
@ -761,7 +763,7 @@ static int32_t ConstructGenerateKeyPairWithStorageParams(struct HksParamSet **pa
 }

 static int32_t GenerateKeyPairWithStorage(const Uint8Buff *keyAlias, uint32_t keyLen, Algorithm algo,
-    const ExtraInfo *exInfo)
+    KeyPurpose purpose, const ExtraInfo *exInfo)
 {
    CHECK_PTR_RETURN_HAL_ERROR_CODE(keyAlias, "keyAlias");
    CHECK_PTR_RETURN_HAL_ERROR_CODE(keyAlias->val, "keyAlias->val");
@ -774,7 +776,7 @@ static int32_t GenerateKeyPairWithStorage(const Uint8Buff *keyAlias, uint32_t ke
    struct HksBlob keyAliasBlob = { keyAlias->length, keyAlias->val };
    struct HksBlob authIdBlob = { exInfo->authId.length, exInfo->authId.val };
    struct HksParamSet *paramSet = NULL;
-    int32_t ret = ConstructGenerateKeyPairWithStorageParams(&paramSet, algo, keyLen, &authIdBlob);
+    int32_t ret = ConstructGenerateKeyPairWithStorageParams(&paramSet, algo, keyLen, purpose, &authIdBlob);
    if (ret != HAL_SUCCESS) {
        return ret;
    }
@ -984,7 +986,7 @@ static int32_t Sign(const Uint8Buff *keyAlias, const Uint8Buff *message, Algorit

    ret = HksSign(&keyAliasBlob, paramSet, &messageBlob, &signatureBlob);
    if (ret != HKS_SUCCESS) {
-        LOGE("Hks sign failed.");
+        LOGE("Hks sign failed, ret:%d", ret);
        ret = HAL_FAILED;
        goto ERR;
    }
--- a/deps_adapter/key_management_adapter/interfaces/alg_defs.h
+++ b/deps_adapter/key_management_adapter/interfaces/alg_defs.h
@ -48,6 +48,8 @@ typedef enum {
 typedef enum {
    KEY_PURPOSE_MAC = 0,
    KEY_PURPOSE_DERIVE = 1,
+    KEY_PURPOSE_SIGN_VERIFY = 2,
+    KEY_PURPOSE_KEY_AGREE = 3
 } KeyPurpose;

 typedef enum {
@ -106,7 +108,7 @@ typedef int32_t (*BigNumExpModFunc)(const Uint8Buff *base, const Uint8Buff *exp,
    Uint8Buff *outNum);

 typedef int32_t (*GenerateKeyPairWithStorageFunc)(const Uint8Buff *keyAlias, uint32_t keyLen, Algorithm algo,
-    const ExtraInfo *exInfo);
+    KeyPurpose purpose, const ExtraInfo *exInfo);

 typedef int32_t (*GenerateKeyPairFunc)(Algorithm algo, Uint8Buff *outPriKey, Uint8Buff *outPubKey);

--- a/services/authenticators/src/account_related/creds_manager/asy_token_manager.c
+++ b/services/authenticators/src/account_related/creds_manager/asy_token_manager.c
@ -978,7 +978,8 @@ static int32_t DoGenerateAndExportPk(const char *userId, const char *deviceId,
        int32_t authId = 0;
        Uint8Buff authIdBuff = { (uint8_t *)&authId, sizeof(int32_t) };
        ExtraInfo extInfo = { authIdBuff, -1, -1 };
-        ret = g_algLoader->generateKeyPairWithStorage(keyAlias, SELF_ECC_KEY_LEN, P256, &extInfo);
+        ret = g_algLoader->generateKeyPairWithStorage(keyAlias, SELF_ECC_KEY_LEN, P256,
+            KEY_PURPOSE_KEY_AGREE, &extInfo);
    } else {
        LOGI("Key pair already exists");
    }
--- a/services/authenticators/src/account_unrelated/pake_task/standard_exchange_task/common_standard_bind_exchange.c
+++ b/services/authenticators/src/account_unrelated/pake_task/standard_exchange_task/common_standard_bind_exchange.c
@ -98,7 +98,7 @@ static int32_t PackageAuthInfo(const PakeParams *pakeParams, StandardBindExchang
        /* UserType and pairType are not required when generating key. */
        ExtraInfo exInfo = { pakeParams->baseParams.idSelf, -1, -1 };
        res = pakeParams->baseParams.loader->generateKeyPairWithStorage(keyAlias, PAKE_ED25519_KEY_PAIR_LEN, alg,
-            &exInfo);
+            KEY_PURPOSE_SIGN_VERIFY, &exInfo);
        if (res != HC_SUCCESS) {
            LOGE("generate self auth keyPair failed.");
            return res;
--- a/services/authenticators/src/account_unrelated/pake_task/standard_exchange_task/das_standard_token_manager.c
+++ b/services/authenticators/src/account_unrelated/pake_task/standard_exchange_task/das_standard_token_manager.c
@ -39,7 +39,8 @@ static int32_t RegisterLocalIdentity(const char *pkgName, const char *serviceTyp
    }

    ExtraInfo exInfo = { *authId, -1, -1 }; /* UserType and pairType are not required when generating key. */
-    res = loader->generateKeyPairWithStorage(&keyAliasBuff, PAKE_ED25519_KEY_PAIR_LEN, ED25519, &exInfo);
+    res = loader->generateKeyPairWithStorage(&keyAliasBuff, PAKE_ED25519_KEY_PAIR_LEN, ED25519,
+        KEY_PURPOSE_SIGN_VERIFY, &exInfo);
    if (res != HC_SUCCESS) {
        LOGE("Failed to generate key pair!");
        return res;
--- a/services/frameworks/src/module/dev_auth_module_manager.c
+++ b/services/frameworks/src/module/dev_auth_module_manager.c
@ -320,6 +320,11 @@ int32_t GetRegisterInfo(const char *reqJsonStr, char **returnRegisterInfo)
        LOGE("Failed to create request json!");
        return HC_ERR_JSON_CREATE;
    }
+    if (AddIntToJson(requestJson, FIELD_CREDENTIAL_TYPE, ASYMMETRIC_CRED) != HC_SUCCESS) {
+        LOGE("Failed to add credentialType to input json!");
+        FreeJson(requestJson);
+        return HC_ERR_JSON_GET;
+    }
    CJson *registerInfo = CreateJson();
    if (registerInfo == NULL) {
        LOGE("Failed to allocate registerInfo memory!");