openharmony/security_deviceauth
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_deviceauth synced 2024-11-26 22:20:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://gitee.com/openharmony/security_deviceauth

Browse Source 
Signed-off-by: fuzikun <fuzikun@huawei.com>
This commit is contained in:
fuzikun 2021-09-01 19:19:01 +08:00
commit 9e78a96153
3 changed files with 0 additions and 791 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

392
frameworks/deviceauth_lite/source/huks_adapter/hks_client.h
View File

@ -1,392 +0,0 @@
/*
* Copyright (c) 2020 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HKS_CLIENT_H
#define HKS_CLIENT_H
#include "hks_types.h"
#ifdef __cplusplus
extern "C" {
#endif
/*
* hks_get_sdk_version
* get sdk version
* return value: none
*/
HKS_DLL_API_PUBLIC void hks_get_sdk_version(struct hks_blob *sdk_version);
/*
* hks init
* load file hks_keystore to buffer
* parameter: none
* return value: none
*/
HKS_DLL_API_PUBLIC int32_t hks_init(void);
/*
* destroy
* parameter: none
* return value: none
*/
HKS_DLL_API_PUBLIC void hks_destroy(void);
/*
* refresh key info and root key info
* Reproduce the hks_keystore file header and clear the old key
* Reproduce root key info
* parameter: none
* return value: none
*/
HKS_DLL_API_PUBLIC int32_t hks_refresh_key_info(void);
/*
* generate key
* Only ED25519 algorithm key pair generation is supported
* The number of local storage keys (including
* generated ED25519 public-private key pairs
* imported ED25519 public keys) is limited to 16
* key_alias: key alias, constraint condition:
* key_alias->size must be less than or equal to 64
* key_param: The parameter of the key which need to generate
* constraint condition:
* key_param cannot be NULL
* key_param->key_type must be HKS_KEY_TYPE_EDDSA_KEYPAIR_ED25519
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_generate_key(const struct hks_blob *key_alias,
const struct hks_key_param *key_param);
/*
* generate asymmetric key
* Only X25519 algorithm key pair generation is supported
* key_param: The parameter of the key which need to generate
* constraint condition:
* key_param.key_type must be
* HKS_KEY_TYPE_ECC_KEYPAIR_CURVE25519
* key_param.usage must be
* HKS_ALG_ECDH(HKS_ALG_SELECT_RAW)
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_generate_asymmetric_key(
const struct hks_key_param *key_param, struct hks_blob *pri_key,
struct hks_blob *pub_key);
/*
* import public key
* Only ED25519 public key import is supported
* The number of local storage keys (including
* generated ED25519 public-private key pairs
* imported ED25519 public keys) is limited to no more than 16
* key_param: The parameter of the key which need to generate
* constraint condition:
* key_param.key_type must be
* HKS_KEY_TYPE_EDDSA_PUBLIC_KEY_ED25519
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_import_public_key(
const struct hks_blob *key_alias,
const struct hks_key_param *key_param, const struct hks_blob *key);
/*
* export public key
* Only ED25519 public key export is supported
* key_alias: constraint condition: key_alias->size <= 64
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_export_public_key(
const struct hks_blob *key_alias, struct hks_blob *key);
/*
* delete public key
* Only ED25519 public key delete is supported
* key_alias: constraint condition: key_alias->size <= 64
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_delete_key(const struct hks_blob *key_alias);
/*
* get key param
* key_alias: constraint condition: key_alias->size <= 64
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_get_key_param(const struct hks_blob *key_alias,
struct hks_key_param *key_param);
/*
* is key exist
* key_alias: constraint condition: key_alias->size <= 64
* return: 0 - exist; other - Non-existent
*/
HKS_DLL_API_PUBLIC int32_t hks_is_key_exist(const struct hks_blob *key_alias);
/*
* generate random
* random: random->size must be specified by the caller
* constraint condition: random->size <= 1024
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_generate_random(struct hks_blob *random);
/*
* sign
* Only ED25519 local storage private key signature is supported
* key_alias: constraint condition: key_alias->size <= 64
* key_param: constraint condition:
* key_param.key_type must be
* HKS_KEY_TYPE_EDDSA_KEYPAIR_ED25519
* signature: constraint condition:
* signature->size must be greater than or equal to 64
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_asymmetric_sign(
const struct hks_blob *key_alias,
const struct hks_key_param *key_param, const struct hks_blob *hash,
struct hks_blob *signature);
/*
* verify
* Only ED25519 public key verify is supported
* key: key alias or the key value itself,
* differentiate by key.type:
* if it is the key alias, key.type must be HKS_BLOB_TYPE_ALIAS
* it is the key value itself, key.type must be HKS_BLOB_TYPE_KEY
* signature: constraint condition:
* signature->size must be greater than or equal to 64
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_asymmetric_verify(const struct hks_blob *key,
const struct hks_key_param *key_param, const struct hks_blob *hash,
const struct hks_blob *signature);
/*
* encrypt
* only support AES-128-GCM encrypt
* key: used to ecrypt plain_text
* key_param: constraint condition:
* key_param.key_type is HKS_KEY_TYPE_AES;
* key_param.key_len is 128 or 192 or 256;
* key_param.key_usage is HKS_KEY_USAGE_ENCRYPT;
* key_param.key_mode is HKS_ALG_GCM;
* key_param.key_pad is HKS_PADDING_NONE;
* crypt_param:
* crypt_param.nonce.size suggest to be 16
* crypt_param.aad.size suggest to be 16
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_aead_encrypt(const struct hks_blob *key,
const struct hks_key_param *key_param,
const struct hks_crypt_param *crypt_param,
const struct hks_blob *plain_text,
struct hks_blob *cipher_text_with_tag);
/*
* decrypt
* only support AES-128-GCM decrypt
* key: used to decrypt cipher_text_with_tag
* key_param: constraint condition:
* key_param.key_type is HKS_KEY_TYPE_AES;
* key_param.key_len is 128 or 192 or 256;
* key_param.key_usage is HKS_KEY_USAGE_DECRYPT;
* key_param.key_mode is HKS_ALG_GCM;
* key_param.key_pad is HKS_PADDING_NONE;
* crypt_param:
* crypt_param.nonce.size suggest to be 16
* crypt_param.aad.size suggest to be 16
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_aead_decrypt(const struct hks_blob *key,
const struct hks_key_param *key_param,
const struct hks_crypt_param *crypt_param,
struct hks_blob *plain_text,
const struct hks_blob *cipher_text_with_tag);
/*
* key agreement
* private_key_param: constraint condition:
* private_key_param.key_type is HKS_KEY_TYPE_ECC_KEYPAIR_CURVE25519
* private_key_param.key_usage is HKS_KEY_USAGE_DERIVE
* private_key_param.key_mode is the same as agreement_alg
* private_key: constraint condition:
* private_key.size must be 32
* peer_public_key: constraint condition:
* peer_public_key.size must be 32
* agreement_alg: constraint condition:
* agreement_alg must be
* HKS_ALG_ECDH(HKS_ALG_SELECT_RAW)
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_key_agreement(struct hks_blob *agreed_key,
const struct hks_key_param *private_key_param,
const uint32_t agreement_alg, const struct hks_blob *private_key,
const struct hks_blob *peer_public_key);
/*
* key derivation
* derived_key and data cannot be null, and size >= 16
* key_param: constraint condition:
* key_param.key_type is HKS_KEY_TYPE_DERIVE
* key_param.key_usage is HKS_KEY_USAGE_DERIVE
* key_param.key_mode is HKS_ALG_HKDF(HKS_ALG_HASH_SHA_256) or
* HKS_ALG_HKDF(HKS_ALG_HASH_SHA_512)
* key_param.key_len is 128 or 256
* salt: constraint condition:
* salt.size must be greater than or equal to 16
* label: constraint condition:
* lable.size must be greater than or equal to 16
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_key_derivation(struct hks_blob *derived_key,
const struct hks_key_param *key_param, const struct hks_blob *kdf_key,
const struct hks_blob *salt, const struct hks_blob *label);
/*
* hks_hmac
* key: data cannot be null,and size > 0
* src_data: data cannot be null,and size > 0
* alg: hks_alg_hmac(HKS_ALG_HASH_SHA_256) or
* hks_alg_hmac(HKS_ALG_HASH_SHA_512)
* output: output and output->data cannot be null
* constraint condition:
* when alg is hks_alg_hmac(HKS_ALG_HASH_SHA_256), output->size must be
* greater than or equal to 32
* when alg is hks_alg_hmac(HKS_ALG_HASH_SHA_512), output->size must be
* greater than or equal to 64
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_hmac(const struct hks_blob *key,
const uint32_t alg, const struct hks_blob *src_data,
struct hks_blob *output);
/*
* hks_hash
* alg: Hash algorithm, Only spuuort SHA256/SHA512
* src_data: data cannot be null, and size > 0
* hash: hash and hash->data cannot be null
* constraint condition:
* when alg is HKS_ALG_HASH_SHA_256, hash->size must be
* greater than or equal to 32
* when alg is HKS_ALG_HASH_SHA_512, hash->size must be
* greater than or equal to 64
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_hash(const uint32_t alg,
const struct hks_blob *src_data, struct hks_blob *hash);
/*
* hks_bn_exp_mod
* x: output, x and x->data cannot be null, x->size >= n.size
* a, e, n: input, data cannot be null, size > 0
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_bn_exp_mod(struct hks_blob *x,
const struct hks_blob *a, const struct hks_blob *e,
const struct hks_blob *n);
/*
* register log Interface
* log: designated by the caller, invoked by hks
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_register_log_interface(
const struct hks_log_f_group *log);
/*
* get public key alias list Interface
* key_alias_list: struct hks_blob array, alloc and free memory by the caller
* list_count: public key alias number, alloc and free memory by the caller
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_get_pub_key_alias_list(
struct hks_blob *key_alias_list, uint32_t *list_count);
#if defined (_SUPPORT_HKS_TEE_)
/*
* cipher text unwrap Interface
* key_alias: input key alias
* target_alias: encrypt key alias
* key_param: dencrypted export algorithm parameters
* data: ciphertext data
* unwrap_result: export result
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_unwrap(const struct hks_blob *key_alias,
const struct hks_blob *target_alias,
const struct hks_key_param *key_param,
const struct hks_blob *data,
struct hks_blob *unwrap_result);
/*
* cipher text wrap Interface
* key_alias: input key alias
* target_alias: encrypt key alias
* key_param: encrypted export algorithm parameters
* data: business data
* wrap_result: export ciphertext data
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_wrap(const struct hks_blob *key_alias,
const struct hks_blob *target_alias,
const struct hks_key_param *key_param,
const struct hks_blob *data,
struct hks_blob *wrap_result);
/*
* key attestation Interface
* key_alias: input key alias
* key_param: input key parameters
* att_spec: sttestation param data
* cert_chain: output certificate chain data
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_key_attestation(
const struct hks_blob *key_alias, const struct hks_key_param *key_param,
const struct hks_attestation_spec *att_spec,
struct hks_cert_chain *cert_chain);
/*
* cipher text wrap Interface
* key_alias: input key alias
* key_param: input key parameters
* cert_chain: output certificate chain data
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_get_cert_chain(const struct hks_blob *key_alias,
const struct hks_key_param *key_param,
struct hks_cert_chain *cert_chain);
/*
* generate asymmetric key
* Only X25519 algorithm key pair generation is supported
* key_param: The parameter of the key which need to generate
* constraint condition:
* key_param.key_type must be
* HKS_KEY_TYPE_ECC_KEYPAIR_CURVE25519
* key_param.usage must be
* HKS_ALG_ECDH(HKS_ALG_SELECT_RAW)
* return 0 OK, other error
*/
HKS_DLL_API_PUBLIC int32_t hks_generate_symmetric_key(
const struct hks_blob *key_alias, const struct hks_key_param *key_param,
const struct hks_derive_param *derive_param);
#endif
#ifdef __cplusplus
}
#endif
#endif /* HKS_CLIENT_H */

89
frameworks/deviceauth_lite/source/huks_adapter/hks_file_api.h
View File

@ -1,89 +0,0 @@
/*
* Copyright (c) 2020 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _HKS_FILE_API_H
#define _HKS_FILE_API_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
struct hks_file_callbacks {
/*
* Read data from file or flash
*
* filename: The path name of the file
* offset: param reserved for future use
* buf: The buffer used to store the content readed from the file
* len: The size count in buffer trying to read from the file
* return < 0 read error, return > 0 real read length,
* return == 0 secret key information does not exist in storage media
*/
int32_t (*read)(const char *file_name, uint32_t offset,
uint8_t *buf, uint32_t len);
/*
* Write data into file or flash
*
* filename: The path name of the file
* offset: param reserved for future use
* buf: The content which you want write into the file
* len: The size of the content
* return == 0 write ok, return < 0 other error
*/
int32_t (*write)(const char *file_name, uint32_t offset,
const uint8_t *buf, uint32_t len);
/*
* Get file size
*
* filename: The path name of the file
* return < 0 error, >= 0 The size of the file
* flash can return a fixed value of 4096
*/
int32_t (*file_size)(const char *file_name);
};
/*
* Register file operation callbacks
*
* callbacks: The callback functions for file operation
* return 0 ok, other error
*/
#ifndef HKS_API_PUBLIC
#if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__)
#ifdef HKS_DLL_EXPORT
__declspec(dllexport) int32_t hks_register_file_callbacks(
struct hks_file_callbacks *callbacks);
#else
__declspec(dllimport) int32_t hks_register_file_callbacks(
struct hks_file_callbacks *callbacks);
#endif
#else
__attribute__ ((visibility("default"))) int32_t hks_register_file_callbacks(
struct hks_file_callbacks *callbacks);
#endif
#else
__attribute__ ((visibility("default"))) int32_t hks_register_file_callbacks(
struct hks_file_callbacks *callbacks);
#endif
#ifdef __cplusplus
}
#endif
#endif /* _HKS_FILE_API_H */

310
frameworks/deviceauth_lite/source/huks_adapter/hks_types.h
View File

@ -1,310 +0,0 @@
/*
* Copyright (c) 2020 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HKS_TYPES_H
#define HKS_TYPES_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HKS_API_PUBLIC
#if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__)
#ifdef HKS_DLL_EXPORT
#define HKS_DLL_API_PUBLIC __declspec(dllexport)
#else
#define HKS_DLL_API_PUBLIC __declspec(dllimport)
#endif
#else
#define HKS_DLL_API_PUBLIC __attribute__ ((visibility("default")))
#endif
#else
#define HKS_DLL_API_PUBLIC __attribute__ ((visibility("default")))
#endif
#define HKS_BOOL_FALSE 0
#define HKS_BOOL_TRUE 1
#define HKS_ALIAS_MAX_SIZE 64
#define HKS_SALT_MAX_SIZE 16
#define HKS_NONCE_MIN_SIZE 7
#define HKS_KEY_BYTES_CURVE25519 32
#define HKS_RANDOM_MAX_LEN 1024
#define HKS_MAX_KEY_LEN_128 128
#define HKS_MAX_KEY_LEN_192 192
#define HKS_MAX_KEY_LEN_256 256
#define HKS_KEY_DERIVE_LEN 32
#define HKS_BINARY_OF_DEC 10
#define HKS_BINARY_OF_HEX 16
#define HKS_HASH256_MIN_OUT_SIZE 32
#define HKS_HASH512_MIN_OUT_SIZE 64
#define HKS_DERIVED_KEY_MIN_OUT_SIZE 16
#define HKS_BITS_PER_BYTES 8
#define HKS_SIGNATURE_MIN_SIZE 64
#define HKS_RSA2048_SIGNATURE_SIZE 256
#define HKS_PUBLIC_BYTES_ED25519 32
#define HKS_PRIVATE_BYTES_ED25519 64
#define HKS_KEY_PAIR_CIPHER_ED25519 80
#define HKS_HEADER_HASH_SIZE 64
#define HKS_AUTH_ID_MAX_SIZE 64
#define HKS_KEY_LEN_RSA_KEYPAIR 2048
#define HKS_CHALLENGE_MIN_LEN 16
#define HKS_CHALLENGE_MAX_LEN 128
/* AES encrypt tag max length */
#define HKS_ENCRYPT_MAX_TAG_SIZE ((uint8_t)32)
/* Data blob type and related macros */
#define HKS_BLOB_TYPE_RAW ((uint8_t)0x00)
#define HKS_BLOB_TYPE_ALIAS ((uint8_t)0x01)
#define HKS_BLOB_TYPE_KEY ((uint8_t)0x02)
#define HKS_BLOB_TYPE_ENCRYPTED_KEY ((uint8_t)0x03)
#define HKS_BLOB_TYPE_MESSAGE ((uint8_t)0x04)
#define HKS_BLOB_TYPE_HASH ((uint8_t)0x05)
#define HKS_BLOB_TYPE_MAC ((uint8_t)0x06)
#define HKS_BLOB_TYPE_LABEL ((uint8_t)0x07)
#define HKS_BLOB_TYPE_SIGNATURE ((uint8_t)0x08)
#define HKS_BLOB_TYPE_IV ((uint8_t)0x09)
#define HKS_BLOB_TYPE_AAD ((uint8_t)0x0a)
#define HKS_BLOB_TYPE_SALT ((uint8_t)0x0b)
#define HKS_BLOB_TYPE_PLAIN_TEXT ((uint8_t)0x0c)
#define HKS_BLOB_TYPE_CIPHER_TEXT ((uint8_t)0x0d)
#define HKS_BLOB_TYPE_AUTH_ID ((uint8_t)0x10)
#ifdef _SUPPORT_HKS_TEE_
/* extend for router */
#define HKS_BLOB_TYPE_WRAP_DEFAULT ((uint8_t)0xa0)
#define HKS_BLOB_TYPE_WRAP_ASSET_DATA ((uint8_t)0xa1)
#define HKS_BLOB_TYPE_WRAP_SYNC_KEY ((uint8_t)0xa2)
#define HKS_BLOB_TYPE_WRAP_SYNC_DATA ((uint8_t)0xa3)
#define HKS_BLOB_TYPE_WRAP_ECDH_ENC_DATA ((uint8_t)0xa4)
#define HKS_BLOB_TYPE_WRAP_PWD_ENC_DATA ((uint8_t)0xa5)
#endif
struct hks_blob {
uint8_t type;
uint8_t *data;
uint32_t size;
};
/* HKS_ECC_CURVE_CURVE25519 */
#define HKS_ECC_CURVE_CURVE25519 ((uint16_t)0x001d)
#define HKS_ECC_CURVE_ED25519 ((uint16_t)0x8001)
#define HKS_KEY_TYPE_RSA_PUBLIC_KEY ((uint32_t)0x60010000)
#define HKS_KEY_TYPE_RSA_KEYPAIR ((uint32_t)0x70010000)
#define HKS_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((uint32_t)0x60030000)
#define HKS_KEY_TYPE_ECC_KEYPAIR_BASE ((uint32_t)0x70030000)
#define HKS_KEY_TYPE_ECC_CURVE_MASK ((uint32_t)0x0000ffff)
#define HKS_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
(HKS_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
#define HKS_KEY_TYPE_ECC_KEYPAIR(curve) \
(HKS_KEY_TYPE_ECC_KEYPAIR_BASE | (curve))
#define HKS_KEY_TYPE_ECC_PUBLIC_KEY_CURVE25519 \
(HKS_KEY_TYPE_ECC_PUBLIC_KEY(HKS_ECC_CURVE_CURVE25519))
#define HKS_KEY_TYPE_ECC_KEYPAIR_CURVE25519 \
(HKS_KEY_TYPE_ECC_KEYPAIR(HKS_ECC_CURVE_CURVE25519))
#define HKS_KEY_TYPE_EDDSA_PUBLIC_KEY_BASE ((uint32_t)0xe0010000)
#define HKS_KEY_TYPE_EDDSA_KEYPAIR_BASE ((uint32_t)0xf0010000)
#define HKS_KEY_TYPE_EDDSA_PUBLIC_KEY(curve) \
(HKS_KEY_TYPE_EDDSA_PUBLIC_KEY_BASE | (curve))
#define HKS_KEY_TYPE_EDDSA_KEYPAIR(curve) \
(HKS_KEY_TYPE_EDDSA_KEYPAIR_BASE | (curve))
#define HKS_KEY_TYPE_EDDSA_PUBLIC_KEY_ED25519 \
(HKS_KEY_TYPE_EDDSA_PUBLIC_KEY(HKS_ECC_CURVE_CURVE25519))
#define HKS_KEY_TYPE_EDDSA_KEYPAIR_ED25519 \
(HKS_KEY_TYPE_EDDSA_KEYPAIR(HKS_ECC_CURVE_CURVE25519))
#define HKS_KEY_TYPE_AES ((uint32_t)0x40000001)
#define HKS_KEY_TYPE_HMAC ((uint32_t)0x51000000)
#define HKS_KEY_TYPE_DERIVE ((uint32_t)0x52000000)
/* key usage */
#define HKS_KEY_USAGE_EXPORT ((uint32_t)0x00000001)
#define HKS_KEY_USAGE_ENCRYPT ((uint32_t)0x00000100)
#define HKS_KEY_USAGE_DECRYPT ((uint32_t)0x00000200)
#define HKS_KEY_USAGE_SIGN ((uint32_t)0x00000400)
#define HKS_KEY_USAGE_VERIFY ((uint32_t)0x00000800)
#define HKS_KEY_USAGE_DERIVE ((uint32_t)0x00001000)
#ifdef _SUPPORT_HKS_TEE_
#define HKS_KEY_USAGE_WRAP ((uint32_t)0x00010000)
#define HKS_KEY_USAGE_UNWRAP ((uint32_t)0x00020000)
#endif
/* algorithm padding */
#define HKS_PADDING_NONE ((uint32_t)0x00000000)
#define HKS_PADDING_PKCS7 ((uint32_t)0x00000001)
#define HKS_PADDING_PSS ((uint32_t)0x00000002)
#define HKS_PADDING_OAEP ((uint32_t)0x00000003)
#define HKS_PADDING_PKCS1_5 ((uint32_t)0x00000004)
/* mode */
#define HKS_MODE_CBC ((uint32_t)0x04600101)
#define HKS_MODE_GCM ((uint32_t)0x06001002)
/* hash algorithms */
#define HKS_ALG_DIGEST_NONE ((uint32_t)0x00000000)
#define HKS_ALG_HASH_MASK ((uint32_t)0x000000ff)
#define HKS_ALG_HASH_SHA_1 ((uint32_t)0x01000005)
#define HKS_ALG_HASH_SHA_256 ((uint32_t)0x01000009)
#define HKS_ALG_HASH_SHA_384 ((uint32_t)0x0100000a)
#define HKS_ALG_HASH_SHA_512 ((uint32_t)0x0100000b)
/* mac algorithms */
#define HKS_ALG_HMAC_BASE ((uint32_t)0x02800000)
#define HKS_ALG_HMAC(hash_alg) \
(HKS_ALG_HMAC_BASE | ((hash_alg) & HKS_ALG_HASH_MASK))
/* AEAD algorithms */
#define HKS_ALG_CCM ((uint32_t)0x06001001)
#define HKS_ALG_GCM ((uint32_t)0x06001002)
/* HKDF algorithms */
#define HKS_ALG_HKDF_BASE ((uint32_t)0x30000100)
#define HKS_ALG_HKDF(hash_alg) \
(HKS_ALG_HKDF_BASE | ((hash_alg) & HKS_ALG_HASH_MASK))
/* Key agreement/derivation algorithm */
#define HKS_ALG_SELECT_RAW ((uint32_t)0x31000001)
#define HKS_ALG_ECDH_BASE ((uint32_t)0x22200000)
#define HKS_ALG_KEY_DERIVATION_MASK ((uint32_t)0x010fffff)
#define HKS_ALG_ECDH(kdf_alg) \
(HKS_ALG_ECDH_BASE | ((kdf_alg) & HKS_ALG_KEY_DERIVATION_MASK))
#ifdef _SUPPORT_HKS_TEE_
/* Key generation (derivation) type */
/* Random Generation */
#define HKS_KEY_GEN_TYPE_DEFAULT ((uint8_t)0x00)
/* Derivation Based on Designated Primary Key */
#define HKS_KEY_GEN_TYPE_DERIVE ((uint8_t)0x01)
/* Store in TEE or REE, only support TEE so far */
#define HKS_STORAGE_REE ((uint8_t)0x00)
#define HKS_STORAGE_TEE ((uint8_t)0x01)
struct hks_key_param_ext {
uint32_t key_role; /* key role */
struct hks_blob key_auth_id; /* auth id */
uint8_t storage_flag; /* Store in TEE or REE, default TEE */
/*
* Identify whether encrypted export is allowed,
* default 0 is not allowed, 1 is allowed
*/
uint8_t wrap_flag;
struct hks_blob data_creator;
struct hks_blob data_owner;
struct hks_blob ext_info;
};
struct hks_key_param {
uint32_t key_type; /* algorithm */
uint32_t key_len;
uint32_t key_usage; /* usage */
uint32_t key_pad; /* Fill mode */
uint32_t key_mode; /* Group mode */
uint16_t key_domain;
int32_t key_digest;
struct hks_key_param_ext key_param_ext;
};
struct hks_crypt_param {
struct hks_blob nonce; /* Nonce value or iv vector */
struct hks_blob aad;
struct hks_blob tag; /* tag param */
};
struct hks_cert_chain {
uint32_t count; /* cert number */
struct hks_blob *cert; /* cert array list */
};
struct hks_attestation_spec {
struct hks_blob challenge;
uint8_t temporary;
};
struct hks_derive_param {
uint8_t key_gen_type; /* key generate type */
struct hks_blob master_key; /* master key alias or master key value */
struct hks_blob derive_factor; /* derived factor */
};
#else
struct hks_key_param {
uint32_t key_type; /* algorithm */
uint32_t key_len;
uint32_t key_usage; /* usage */
uint32_t key_pad; /* Fill mode */
uint32_t key_mode; /* Group mode */
uint32_t key_role; /* role */
uint16_t key_domain;
struct hks_blob key_auth_id; /* auth id */
};
struct hks_crypt_param {
struct hks_blob nonce; /* Nonce value or iv vector */
struct hks_blob aad;
};
#endif
/*
* log interface
* tag - module name, default "HKS"
*/
typedef void(*hks_log_func)(const char *tag, const char *func_name,
const char *format, ...);
struct hks_log_f_group {
hks_log_func log_info;
hks_log_func log_warn;
hks_log_func log_error;
hks_log_func log_debug;
};
#ifdef __cplusplus
}
#endif
#endif /* HKS_TYPES_H */