From 4355512726550b9cd9adcc9282668ad4b465f5cd Mon Sep 17 00:00:00 2001 From: wanghaixiang Date: Tue, 27 Jul 2021 16:59:52 +0800 Subject: [PATCH] add temp stub func:generate_random Signed-off-by: wanghaixiang --- interfaces/innerkits/huks_lite/BUILD.gn | 1 + interfaces/innerkits/huks_lite/hks_api.h | 95 ++++ interfaces/innerkits/huks_lite/hks_param.h | 56 +++ .../innerkits/huks_lite/hks_tmp_client.c | 35 ++ interfaces/innerkits/huks_lite/hks_type.h | 470 ++++++++++++++++++ 5 files changed, 657 insertions(+) create mode 100644 interfaces/innerkits/huks_lite/hks_api.h create mode 100644 interfaces/innerkits/huks_lite/hks_param.h create mode 100755 interfaces/innerkits/huks_lite/hks_tmp_client.c create mode 100644 interfaces/innerkits/huks_lite/hks_type.h diff --git a/interfaces/innerkits/huks_lite/BUILD.gn b/interfaces/innerkits/huks_lite/BUILD.gn index 3b04d024..922d6cb5 100755 --- a/interfaces/innerkits/huks_lite/BUILD.gn +++ b/interfaces/innerkits/huks_lite/BUILD.gn @@ -161,6 +161,7 @@ if (ohos_kernel_type == "liteos_m") { sources = huks_sources sources += huks_storage_source sources += huks_access_sources + sources += [ "hks_tmp_client.c" ] if (huks_use_mbedtls == true) { sources += huks_mbedtls_engine_sources diff --git a/interfaces/innerkits/huks_lite/hks_api.h b/interfaces/innerkits/huks_lite/hks_api.h new file mode 100644 index 00000000..a9bf6f50 --- /dev/null +++ b/interfaces/innerkits/huks_lite/hks_api.h @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_API_H +#define HKS_API_H + +#include "hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +HKS_API_EXPORT int32_t HksGetSdkVersion(struct HksBlob *sdkVersion); + +HKS_API_EXPORT int32_t HksInitialize(void); + +HKS_API_EXPORT int32_t HksRefreshKeyInfo(void); + +HKS_API_EXPORT int32_t HksGenerateKey(const struct HksBlob *keyAlias, + const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut); + +HKS_API_EXPORT int32_t HksImportKey(const struct HksBlob *keyAlias, + const struct HksParamSet *paramSet, const struct HksBlob *key); + +HKS_API_EXPORT int32_t HksExportPublicKey(const struct HksBlob *keyAlias, + const struct HksParamSet *paramSet, struct HksBlob *key); + +HKS_API_EXPORT int32_t HksDeleteKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet); + +HKS_API_EXPORT int32_t HksGetKeyParamSet(const struct HksBlob *keyAlias, + const struct HksParamSet *paramSetIn, struct HksParamSet *paramSetOut); + +HKS_API_EXPORT int32_t HksKeyExist(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet); + +HKS_API_EXPORT int32_t HksGenerateRandom(const struct HksParamSet *paramSet, struct HksBlob *random); + +HKS_API_EXPORT int32_t HksSign(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, struct HksBlob *signature); + +HKS_API_EXPORT int32_t HksVerify(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, const struct HksBlob *signature); + +HKS_API_EXPORT int32_t HksEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *plainText, struct HksBlob *cipherText); + +HKS_API_EXPORT int32_t HksDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *cipherText, struct HksBlob *plainText); + +HKS_API_EXPORT int32_t HksAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey, + const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey); + +HKS_API_EXPORT int32_t HksDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey, + struct HksBlob *derivedKey); + +HKS_API_EXPORT int32_t HksMac(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, struct HksBlob *mac); + +HKS_API_EXPORT int32_t HksHash(const struct HksParamSet *paramSet, + const struct HksBlob *srcData, struct HksBlob *hash); + +HKS_API_EXPORT int32_t HksGetKeyInfoList(const struct HksParamSet *paramSet, + struct HksKeyInfo *keyInfoList, uint32_t *listCount); + +HKS_API_EXPORT int32_t HksAttestKey(const struct HksBlob *keyAlias, + const struct HksParamSet *paramSet, struct HksCertChain *certChain); + +HKS_API_EXPORT int32_t HksGetCertificateChain(const struct HksBlob *keyAlias, + const struct HksParamSet *paramSet, struct HksCertChain *certChain); + +HKS_API_EXPORT int32_t HksWrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias, + const struct HksParamSet *paramSet, struct HksBlob *wrappedData); + +HKS_API_EXPORT int32_t HksUnwrapKey(const struct HksBlob *keyAlias, const struct HksBlob *targetKeyAlias, + const struct HksBlob *wrappedData, const struct HksParamSet *paramSet); + +HKS_API_EXPORT int32_t HksBnExpMod(struct HksBlob *x, const struct HksBlob *a, + const struct HksBlob *e, const struct HksBlob *n); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_API_H */ diff --git a/interfaces/innerkits/huks_lite/hks_param.h b/interfaces/innerkits/huks_lite/hks_param.h new file mode 100644 index 00000000..5baaac7e --- /dev/null +++ b/interfaces/innerkits/huks_lite/hks_param.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_PARAM_H +#define HKS_PARAM_H + +#include "hks_type.h" + +#define HKS_PARAM_SET_MAX_SIZE (4 * 1024 * 1024) +#define HKS_DEFAULT_PARAM_SET_SIZE 512 +#define HKS_DEFAULT_PARAM_CNT ((uint32_t)(HKS_DEFAULT_PARAM_SET_SIZE / sizeof(struct HksParam))) +#define HKS_TAG_TYPE_MASK (0xF << 28) + +#ifdef __cplusplus +extern "C" { +#endif + +HKS_API_EXPORT int32_t HksInitParamSet(struct HksParamSet **paramSet); + +HKS_API_EXPORT int32_t HksAddParams(struct HksParamSet *paramSet, + const struct HksParam *params, uint32_t paramCnt); + +HKS_API_EXPORT int32_t HksBuildParamSet(struct HksParamSet **paramSet); + +HKS_API_EXPORT void HksFreeParamSet(struct HksParamSet **paramSet); + +HKS_API_EXPORT int32_t HksGetParamSet(const struct HksParamSet *fromParamSet, uint32_t fromParamSetSize, + struct HksParamSet **paramSet); + +HKS_API_EXPORT int32_t HksGetParam(const struct HksParamSet *paramSet, uint32_t tag, struct HksParam **param); + +HKS_API_EXPORT int32_t HksFreshParamSet(struct HksParamSet *paramSet, bool isCopy); + +int32_t HksCheckParamSetTag(const struct HksParamSet *paramSet); + +int32_t HksCheckParamSet(const struct HksParamSet *paramSet, uint32_t size); + +int32_t HksCheckParamMatch(const struct HksParam *baseParam, const struct HksParam *param); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_PARAM_H */ diff --git a/interfaces/innerkits/huks_lite/hks_tmp_client.c b/interfaces/innerkits/huks_lite/hks_tmp_client.c new file mode 100755 index 00000000..055fb420 --- /dev/null +++ b/interfaces/innerkits/huks_lite/hks_tmp_client.c @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "hks_api.h" + +struct hks_blob { + uint8_t type; + uint8_t *data; + uint32_t size; +}; + +HKS_API_EXPORT int32_t hks_generate_random(struct hks_blob *random) +{ + if ((random == NULL) || (random->data == NULL)) { + return HKS_ERROR_NULL_POINTER; + } + if ((random->size == 0) || (random->size > HKS_MAX_RANDOM_LEN)) { + return HKS_ERROR_INVALID_ARGUMENT; + } + + struct HksBlob temp = { random->size, random->data }; + return HksGenerateRandom(NULL, &temp); +} \ No newline at end of file diff --git a/interfaces/innerkits/huks_lite/hks_type.h b/interfaces/innerkits/huks_lite/hks_type.h new file mode 100644 index 00000000..dfb1d58a --- /dev/null +++ b/interfaces/innerkits/huks_lite/hks_type.h @@ -0,0 +1,470 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_TYPE_H +#define HKS_TYPE_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef HKS_API_PUBLIC + #if defined(WIN32) || defined(_WIN32) || defined(__CYGWIN__) || defined(__ICCARM__) /* __ICCARM__ for iar */ + #define HKS_API_EXPORT + #else + #define HKS_API_EXPORT __attribute__ ((visibility("default"))) + #endif +#else + #define HKS_API_EXPORT __attribute__ ((visibility("default"))) +#endif + +#define HKS_SDK_VERSION "2.0.0.4" + +/* + * Align to quadruple + * Ensure that it will not overflow after adding 3 before calling this function. + */ +#define ALIGN_SIZE(size) ((((uint32_t)(size) + 3) >> 2) << 2) +#define DEFAULT_ALIGN_MASK_SIZE 3 + +#define HKS_AE_TAG_LEN 16 +#define HKS_BITS_PER_BYTE 8 +#define MAX_KEY_SIZE 2048 +#define HKS_AE_TAG_LEN 16 +#define HKS_AE_NONCE_LEN 12 +#define HKS_MAX_KEY_ALIAS_LEN 64 +#define HKS_MAX_PROCESS_NAME_LEN 50 +#define HKS_MAX_RANDOM_LEN 1024 +#define HKS_KEY_BYTES(keySize) ((keySize) / HKS_BITS_PER_BYTE) +#define HKS_SIGNATURE_MIN_SIZE 64 +#define HKS_ARRAY_SIZE(arr) ((sizeof(arr)) / (sizeof((arr)[0]))) +#define MAX_OUT_BLOB_SIZE (5 * 1024 * 1024) + +enum HksKeyType { + HKS_KEY_TYPE_RSA_PUBLIC_KEY = 0x01001000, + HKS_KEY_TYPE_RSA_KEYPAIR = 0x01002000, + + HKS_KEY_TYPE_ECC_P256_PUBLIC_KEY = 0x02021000, + HKS_KEY_TYPE_ECC_P256_KEYPAIR = 0x02022000, + HKS_KEY_TYPE_ECC_P384_PUBLIC_KEY = 0x02031000, + HKS_KEY_TYPE_ECC_P384_KEYPAIR = 0x02032000, + HKS_KEY_TYPE_ECC_P521_PUBLIC_KEY = 0x02051000, + HKS_KEY_TYPE_ECC_P521_KEYPAIR = 0x02052000, + + HKS_KEY_TYPE_ED25519_PUBLIC_KEY = 0x02101000, + HKS_KEY_TYPE_ED25519_KEYPAIR = 0x02102000, + HKS_KEY_TYPE_X25519_PUBLIC_KEY = 0x02111000, + HKS_KEY_TYPE_X25519_KEYPAIR = 0x02112000, + + HKS_KEY_TYPE_AES = 0x03000000, + HKS_KEY_TYPE_CHACHA20 = 0x04010000, + HKS_KEY_TYPE_CHACHA20_POLY1305 = 0x04020000, + + HKS_KEY_TYPE_HMAC = 0x05000000, + HKS_KEY_TYPE_HKDF = 0x06000000, + HKS_KEY_TYPE_PBKDF2 = 0x07000000, +}; + +enum HksKeyPurpose { + HKS_KEY_PURPOSE_ENCRYPT = 1, /* Usable with RSA, EC and AES keys. */ + HKS_KEY_PURPOSE_DECRYPT = 2, /* Usable with RSA, EC and AES keys. */ + HKS_KEY_PURPOSE_SIGN = 4, /* Usable with RSA, EC keys. */ + HKS_KEY_PURPOSE_VERIFY = 8, /* Usable with RSA, EC keys. */ + HKS_KEY_PURPOSE_DERIVE = 16, /* Usable with EC keys. */ + HKS_KEY_PURPOSE_WRAP = 32, /* Usable with wrap key. */ + HKS_KEY_PURPOSE_UNWRAP = 64, /* Usable with unwrap key. */ + HKS_KEY_PURPOSE_MAC = 128, /* Usable with mac. */ +}; + +enum HksKeyDigest { + HKS_DIGEST_NONE = 0, + HKS_DIGEST_MD5 = 1, + HKS_DIGEST_SHA1 = 10, + HKS_DIGEST_SHA224 = 11, + HKS_DIGEST_SHA256 = 12, + HKS_DIGEST_SHA384 = 13, + HKS_DIGEST_SHA512 = 14, +}; + +enum HksKeyPadding { + HKS_PADDING_NONE = 0, + HKS_PADDING_OAEP = 1, + HKS_PADDING_PSS = 2, + HKS_PADDING_PKCS1_V1_5 = 3, + HKS_PADDING_PKCS5 = 4, + HKS_PADDING_PKCS7 = 5, +}; + +enum HksCipherMode { + HKS_MODE_ECB = 1, + HKS_MODE_CBC = 2, + HKS_MODE_CTR = 3, + HKS_MODE_OFB = 4, + HKS_MODE_CCM = 31, + HKS_MODE_GCM = 32, +}; + +enum HksKeySize { + HKS_RSA_KEY_SIZE_1024 = 1024, + HKS_RSA_KEY_SIZE_2048 = 2048, + HKS_RSA_KEY_SIZE_3072 = 3072, + HKS_RSA_KEY_SIZE_4096 = 4096, + + HKS_ECC_KEY_SIZE_256 = 256, + HKS_ECC_KEY_SIZE_384 = 384, + HKS_ECC_KEY_SIZE_521 = 521, + + HKS_AES_KEY_SIZE_128 = 128, + HKS_AES_KEY_SIZE_192 = 192, + HKS_AES_KEY_SIZE_256 = 256, + HKS_AES_KEY_SIZE_512 = 512, + + HKS_CURVE25519_KEY_SIZE_256 = 256, +}; + +enum HksKeyAlg { + HKS_ALG_RSA = 1, + HKS_ALG_ECC = 2, + + HKS_ALG_AES = 20, + HKS_ALG_HMAC = 50, + HKS_ALG_HKDF = 51, + HKS_ALG_PBKDF2 = 52, + + HKS_ALG_ECDH = 100, + HKS_ALG_X25519 = 101, + HKS_ALG_ED25519 = 102, +}; + +enum HksKeyGenerateType { + HKS_KEY_GENERATE_TYPE_DEFAULT = 0, + HKS_KEY_GENERATE_TYPE_DERIVE = 1, + HKS_KEY_GENERATE_TYPE_AGREE = 2, +}; + +enum HksKeyFlag { + HKS_KEY_FLAG_IMPORT_KEY = 1, + HKS_KEY_FLAG_GENERATE_KEY = 2, +}; + +enum HksKeyStorageType { + HKS_STORAGE_TEMP = 0, + HKS_STORAGE_PERSISTENT = 1, +}; + +enum HksErrorCode { + HKS_SUCCESS = 0, + HKS_FAILURE = -1, + HKS_ERROR_BAD_STATE = -2, + HKS_ERROR_INVALID_ARGUMENT = -3, + HKS_ERROR_NOT_SUPPORTED = -4, + HKS_ERROR_NO_PERMISSION = -5, + HKS_ERROR_INSUFFICIENT_DATA = -6, + HKS_ERROR_BUFFER_TOO_SMALL = -7, + HKS_ERROR_INSUFFICIENT_MEMORY = -8, + HKS_ERROR_COMMUNICATION_FAILURE = -9, + HKS_ERROR_STORAGE_FAILURE = -10, + HKS_ERROR_HARDWARE_FAILURE = -11, + HKS_ERROR_ALREADY_EXISTS = -12, + HKS_ERROR_NOT_EXIST = -13, + HKS_ERROR_NULL_POINTER = -14, + HKS_ERROR_FILE_SIZE_FAIL = -15, + HKS_ERROR_READ_FILE_FAIL = -16, + HKS_ERROR_INVALID_PUBLIC_KEY = -17, + HKS_ERROR_INVALID_PRIVATE_KEY = -18, + HKS_ERROR_INVALID_KEY_INFO = -19, + HKS_ERROR_HASH_NOT_EQUAL = -20, + HKS_ERROR_MALLOC_FAIL = -21, + HKS_ERROR_WRITE_FILE_FAIL = -22, + HKS_ERROR_REMOVE_FILE_FAIL = -23, + HKS_ERROR_OPEN_FILE_FAIL = -24, + HKS_ERROR_CLOSE_FILE_FAIL = -25, + HKS_ERROR_MAKE_DIR_FAIL = -26, + HKS_ERROR_INVALID_KEY_FILE = -27, + HKS_ERROR_IPC_MSG_FAIL = -28, + HKS_ERROR_REQUEST_OVERFLOWS = -29, + HKS_ERROR_PARAM_NOT_EXIST = -30, + HKS_ERROR_CRYPTO_ENGINE_ERROR = -31, + HKS_ERROR_COMMUNICATION_TIMEOUT = -32, + HKS_ERROR_IPC_INIT_FAIL = -33, + HKS_ERROR_IPC_DLOPEN_FAIL = -34, + HKS_ERROR_EFUSE_READ_FAIL = -35, + HKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST = -36, + HKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL = -37, + + HKS_ERROR_CHECK_GET_ALG_FAIL = -100, + HKS_ERROR_CHECK_GET_KEY_SIZE_FAIL = -101, + HKS_ERROR_CHECK_GET_PADDING_FAIL = -102, + HKS_ERROR_CHECK_GET_PURPOSE_FAIL = -103, + HKS_ERROR_CHECK_GET_DIGEST_FAIL = -104, + HKS_ERROR_CHECK_GET_MODE_FAIL = -105, + HKS_ERROR_CHECK_GET_NONCE_FAIL = -106, + HKS_ERROR_CHECK_GET_AAD_FAIL = -107, + HKS_ERROR_CHECK_GET_IV_FAIL = -108, + HKS_ERROR_CHECK_GET_AE_TAG_FAIL = -109, + HKS_ERROR_CHECK_GET_SALT_FAIL = -110, + HKS_ERROR_CHECK_GET_ITERATION_FAIL = -111, + HKS_ERROR_INVALID_ALGORITHM = -112, + HKS_ERROR_INVALID_KEY_SIZE = -113, + HKS_ERROR_INVALID_PADDING = -114, + HKS_ERROR_INVALID_PURPOSE = -115, + HKS_ERROR_INVALID_MODE = -116, + HKS_ERROR_INVALID_DIGEST = -117, + HKS_ERROR_INVALID_SIGNATURE_SIZE = -118, + HKS_ERROR_INVALID_IV = -119, + HKS_ERROR_INVALID_AAD = -120, + HKS_ERROR_INVALID_NONCE = -121, + HKS_ERROR_INVALID_AE_TAG = -122, + HKS_ERROR_INVALID_SALT = -123, + HKS_ERROR_INVALID_ITERATION = -124, + HKS_ERROR_INVALID_OPERATION = -125, + + HKS_ERROR_INTERNAL_ERROR = -999, + HKS_ERROR_UNKNOWN_ERROR = -1000, +}; + +enum HksTagType { + HKS_TAG_TYPE_INVALID = 0 << 28, + HKS_TAG_TYPE_INT = 1 << 28, + HKS_TAG_TYPE_UINT = 2 << 28, + HKS_TAG_TYPE_ULONG = 3 << 28, + HKS_TAG_TYPE_BOOL = 4 << 28, + HKS_TAG_TYPE_BYTES = 5 << 28, +}; + +enum HksSendType { + HKS_SEND_TYPE_ASYNC = 0, + HKS_SEND_TYPE_SYNC, +}; + +enum HksTag { + /* Invalid TAG */ + HKS_TAG_INVALID = HKS_TAG_TYPE_INVALID | 0, + + /* Base algrithom TAG: 1 - 200 */ + HKS_TAG_ALGORITHM = HKS_TAG_TYPE_UINT | 1, + HKS_TAG_PURPOSE = HKS_TAG_TYPE_UINT | 2, + HKS_TAG_KEY_SIZE = HKS_TAG_TYPE_UINT | 3, + HKS_TAG_DIGEST = HKS_TAG_TYPE_UINT | 4, + HKS_TAG_PADDING = HKS_TAG_TYPE_UINT | 5, + HKS_TAG_BLOCK_MODE = HKS_TAG_TYPE_UINT | 6, + HKS_TAG_KEY_TYPE = HKS_TAG_TYPE_UINT | 7, + HKS_TAG_ASSOCIATED_DATA = HKS_TAG_TYPE_BYTES | 8, + HKS_TAG_NONCE = HKS_TAG_TYPE_BYTES | 9, + HKS_TAG_IV = HKS_TAG_TYPE_BYTES | 10, + + /* Key derivation TAG */ + HKS_TAG_INFO = HKS_TAG_TYPE_BYTES | 11, + HKS_TAG_SALT = HKS_TAG_TYPE_BYTES | 12, + HKS_TAG_PWD = HKS_TAG_TYPE_BYTES | 13, + HKS_TAG_ITERATION = HKS_TAG_TYPE_UINT | 14, + + HKS_TAG_KEY_GENERATE_TYPE = HKS_TAG_TYPE_UINT | 15, /* choose from enum HksKeyGenerateType */ + HKS_TAG_DERIVE_MAIN_KEY = HKS_TAG_TYPE_BYTES | 16, + HKS_TAG_DERIVE_FACTOR = HKS_TAG_TYPE_BYTES | 17, + HKS_TAG_DERIVE_ALG = HKS_TAG_TYPE_UINT | 18, + HKS_TAG_AGREE_ALG = HKS_TAG_TYPE_UINT | 19, + HKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS = HKS_TAG_TYPE_BOOL | 20, + HKS_TAG_AGREE_PRIVATE_KEY_ALIAS = HKS_TAG_TYPE_BYTES | 21, + HKS_TAG_AGREE_PUBLIC_KEY = HKS_TAG_TYPE_BYTES | 22, + + /* + * Key authentication related TAG: 201 - 300 + * + * Start of validity + */ + HKS_TAG_ACTIVE_DATETIME = HKS_TAG_TYPE_ULONG | 201, + + /* Date when new "messages" should not be created. */ + HKS_TAG_ORIGINATION_EXPIRE_DATETIME = HKS_TAG_TYPE_ULONG | 202, + + /* Date when existing "messages" should not be used. */ + HKS_TAG_USAGE_EXPIRE_DATETIME = HKS_TAG_TYPE_ULONG | 203, + + /* Key creation time */ + HKS_TAG_CREATION_DATETIME = HKS_TAG_TYPE_ULONG | 204, + + /* Other authentication related TAG: 301 - 500 */ + HKS_TAG_ALL_USERS = HKS_TAG_TYPE_BOOL | 301, + HKS_TAG_USER_ID = HKS_TAG_TYPE_UINT | 302, + HKS_TAG_NO_AUTH_REQUIRED = HKS_TAG_TYPE_BOOL | 303, + HKS_TAG_USER_AUTH_TYPE = HKS_TAG_TYPE_UINT | 304, + HKS_TAG_AUTH_TIMEOUT = HKS_TAG_TYPE_UINT | 305, + HKS_TAG_AUTH_TOKEN = HKS_TAG_TYPE_BYTES | 306, + + /* Attestation related TAG: 501 - 600 */ + HKS_TAG_ATTESTATION_CHALLENGE = HKS_TAG_TYPE_BYTES | 501, + HKS_TAG_ATTESTATION_APPLICATION_ID = HKS_TAG_TYPE_BYTES | 502, + HKS_TAG_ATTESTATION_ID_BRAND = HKS_TAG_TYPE_BYTES | 503, + HKS_TAG_ATTESTATION_ID_DEVICE = HKS_TAG_TYPE_BYTES | 504, + HKS_TAG_ATTESTATION_ID_PRODUCT = HKS_TAG_TYPE_BYTES | 505, + HKS_TAG_ATTESTATION_ID_SERIAL = HKS_TAG_TYPE_BYTES | 506, + HKS_TAG_ATTESTATION_ID_IMEI = HKS_TAG_TYPE_BYTES | 507, + HKS_TAG_ATTESTATION_ID_MEID = HKS_TAG_TYPE_BYTES | 508, + HKS_TAG_ATTESTATION_ID_MANUFACTURER = HKS_TAG_TYPE_BYTES | 509, + HKS_TAG_ATTESTATION_ID_MODEL = HKS_TAG_TYPE_BYTES | 510, + HKS_TAG_ATTESTATION_ID_ALIAS = HKS_TAG_TYPE_BYTES | 511, + + /* + * Other reserved TAG: 601 - 1000 + * + * Extention TAG: 1001 - 9999 + */ + HKS_TAG_IS_KEY_ALIAS = HKS_TAG_TYPE_BOOL | 1001, + HKS_TAG_KEY_STORAGE_FLAG = HKS_TAG_TYPE_UINT | 1002, /* choose from enum HksKeyStorageType */ + HKS_TAG_IS_ALLOWED_WRAP = HKS_TAG_TYPE_BOOL | 1003, + HKS_TAG_KEY_WRAP_TYPE = HKS_TAG_TYPE_UINT | 1004, + HKS_TAG_KEY_AUTH_ID = HKS_TAG_TYPE_BYTES | 1005, + HKS_TAG_KEY_ROLE = HKS_TAG_TYPE_UINT | 1006, + HKS_TAG_KEY_FLAG = HKS_TAG_TYPE_UINT | 1007, /* choose from enum HksKeyFlag */ + HKS_TAG_IS_ASYNCHRONIZED = HKS_TAG_TYPE_UINT | 1008, + HKS_TAG_SECURE_KEY_ALIAS = HKS_TAG_TYPE_BOOL | 1009, + HKS_TAG_SECURE_KEY_UUID = HKS_TAG_TYPE_BYTES | 1010, + HKS_TAG_KEY_DOMAIN = HKS_TAG_TYPE_UINT | 1011, + + /* Inner-use TAG: 10001 - 10999 */ + HKS_TAG_PROCESS_NAME = HKS_TAG_TYPE_BYTES | 10001, + HKS_TAG_PACKAGE_NAME = HKS_TAG_TYPE_BYTES | 10002, + HKS_TAG_ACCESS_TIME = HKS_TAG_TYPE_UINT | 10003, + HKS_TAG_USES_TIME = HKS_TAG_TYPE_UINT | 10004, + HKS_TAG_CRYPTO_CTX = HKS_TAG_TYPE_ULONG | 10005, + HKS_TAG_KEY = HKS_TAG_TYPE_BYTES | 10006, + HKS_TAG_KEY_VERSION = HKS_TAG_TYPE_UINT | 10007, + HKS_TAG_PAYLOAD_LEN = HKS_TAG_TYPE_UINT | 10008, + HKS_TAG_AE_TAG = HKS_TAG_TYPE_BYTES | 10009, + HKS_TAG_IS_KEY_HANDLE = HKS_TAG_TYPE_ULONG | 10010, + + /* Os version related TAG */ + HKS_TAG_OS_VERSION = HKS_TAG_TYPE_UINT | 10101, + HKS_TAG_OS_PATCHLEVEL = HKS_TAG_TYPE_UINT | 10102, + + /* + * Reversed TAGs for SOTER: 11000 - 12000 + * + * Other TAGs: 20001 - N + * TAGs used for paramSetOut + */ + HKS_TAG_SYMMETRIC_KEY_DATA = HKS_TAG_TYPE_BYTES | 20001, + HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA = HKS_TAG_TYPE_BYTES | 20002, + HKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA = HKS_TAG_TYPE_BYTES | 20003, +}; + +struct HksBlob { + uint32_t size; + uint8_t *data; +}; + +struct HksParam { + uint32_t tag; + union { + bool boolParam; + int32_t int32Param; + uint32_t uint32Param; + uint64_t uint64Param; + struct HksBlob blob; + }; +}; + +struct HksParamSet { + uint32_t paramSetSize; + uint32_t paramsCnt; + struct HksParam params[]; +}; + +struct HksCertChain { + struct HksBlob *certs; + uint32_t certsCount; +}; + +struct HksKeyInfo { + struct HksBlob alias; + struct HksParamSet *paramSet; +}; + +struct HksPubKeyInfo { + enum HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t nOrXSize; + uint32_t eOrYSize; + uint32_t placeHolder; +}; + +#define HKS_DERIVE_DEFAULT_SALT_LEN 16 +#define HKS_HMAC_DIGEST_SHA512_LEN 64 +#define HKS_DEFAULT_RANDOM_LEN 16 +#define HKS_MAX_KEY_AUTH_ID_LEN 64 +#define HKS_KEY_MATERIAL_NUM 3 +#define HKS_MAX_KEY_LEN (HKS_KEY_BYTES(HKS_RSA_KEY_SIZE_4096) * HKS_KEY_MATERIAL_NUM) +#define HKS_MAX_KEY_MATERIAL_LEN (sizeof(struct HksPubKeyInfo) + HKS_MAX_KEY_LEN + HKS_AE_TAG_LEN) + +struct HksStoreHeaderInfo { + uint16_t version; + uint16_t keyCount; + uint32_t totalLen; /* key buffer total len */ + uint32_t sealingAlg; + uint8_t salt[HKS_DERIVE_DEFAULT_SALT_LEN]; + uint8_t hmac[HKS_HMAC_DIGEST_SHA512_LEN]; +}; + +struct HksStoreKeyInfo { + uint16_t keyInfoLen; /* current keyinfo len */ + uint16_t keySize; /* keySize of key from crypto hal after encrypted */ + uint8_t random[HKS_DEFAULT_RANDOM_LEN]; + uint8_t flag; /* import or generate key */ + uint8_t keyAlg; + uint8_t keyMode; + uint8_t digest; + uint8_t padding; + uint8_t rsv; + uint16_t keyLen; /* keyLen from paramset, e.g. aes-256 */ + uint32_t purpose; + uint32_t role; + uint16_t domain; + uint8_t aliasSize; + uint8_t authIdSize; +}; + +struct Hks25519KeyPair { + uint32_t publicBufferSize; + uint32_t privateBufferSize; +}; + +static inline bool IsAdditionOverflow(uint32_t a, uint32_t b) +{ + return (UINT32_MAX - a) < b; +} + +static inline bool IsInvalidLength(uint32_t length) +{ + return (length == 0) || (length > MAX_OUT_BLOB_SIZE); +} + +static inline int32_t CheckBlob(const struct HksBlob *blob) +{ + if ((blob == NULL) || (blob->data == NULL) || (blob->size == 0)) { + return HKS_ERROR_INVALID_ARGUMENT; + } + return HKS_SUCCESS; +} + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_TYPE_H */