!1109 huks新增框架

Merge pull request !1109 from ailu/master

frameworks/huks_standard/main/common/include/hks_type_inner.h

@@ -24,6 +24,7 @@
 
 #include "hks_type.h"
 #include "securec.h"
+#include "hks_plugin_def.h"
 
 #define HANDLE_SIZE              8
 #define DEFAULT_AUTH_TIMEOUT     5
@@ -83,13 +84,6 @@ enum HksInnerTag {
 
 #define HKS_PARAM_BUFFER_NULL_INTERVAL ((HKS_TAG_PARAM0_NULL) - (HKS_TAG_PARAM0_BUFFER))
 
-struct HksProcessInfo {
-    struct HksBlob userId;
-    struct HksBlob processName;
-    int32_t userIdInt;
-    uint64_t accessTokenId;
-};
-
 struct HksParamOut {
     uint32_t tag;
     union {

frameworks/huks_standard/main/common/src/hks_param.c

@@ -138,6 +138,9 @@ static uint32_t g_validTags[] = {
     HKS_TAG_ACCESS_TOKEN_ID,
     HKS_TAG_BUNDLE_NAME,
     HKS_TAG_IS_DEVICE_PASSWORD_SET,
+    HKS_TAG_ACCOUNT_ID,
+    HKS_TAG_OWNER_ID,
+    HKS_TAG_OWNER_TYPE,
 };
 
 HKS_API_EXPORT enum HksTagType GetTagType(enum HksTag tag)

interfaces/inner_api/huks_lite/BUILD.gn

@@ -183,6 +183,7 @@ if (ohos_kernel_type == "liteos_m") {
       "../../../services/huks_standard/huks_service/main/core/src/hks_session_manager.c",
       "../../../services/huks_standard/huks_service/main/os_dependency/idl/passthrough/huks_access.c",
       "../../../services/huks_standard/huks_service/main/os_dependency/idl/passthrough/huks_core_static_hal.c",
+      "../../../services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter_mock.c",
       "../../../utils/crypto_adapter/hks_client_service_adapter_common.c",
       "../../../utils/crypto_adapter/hks_client_service_adapter_lite.c",
       "../../../utils/file_operator/hks_file_operator_lite.c",
@@ -215,6 +216,7 @@ if (ohos_kernel_type == "liteos_m") {
       "//base/security/huks/frameworks/huks_standard/main/common/include",
       "//base/security/huks/services/huks_standard/huks_engine/main/core/include",
       "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/ipc",
+      "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/include",
     ]
 
     defines = [

interfaces/inner_api/huks_standard/main/include/hks_plugin_def.h

@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file hks_plugin_def.h
+ *
+ * @brief Declares huks plugin struct and enum.
+ *
+ * @since 12
+ */
+
+#ifndef HKS_PLUGIN_DEF_H
+#define HKS_PLUGIN_DEF_H
+
+#include "hks_type.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief hks process info
+ */
+struct HksProcessInfo {
+    struct HksBlob userId;
+    struct HksBlob processName;
+    int32_t userIdInt;
+    uint64_t accessTokenId;
+};
+
+/**
+ * @brief hks base ability interface
+ */
+struct HksBasicInterface {
+    int32_t (*HksManageStoreKeyBlob)(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
+        const struct HksBlob *keyAlias, const struct HksBlob *keyBlob, uint32_t storageType);
+    int32_t (*HksManageStoreDeleteKeyBlob)(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
+        const struct HksBlob *keyAlias, uint32_t storageType);
+    int32_t (*HksManageStoreIsKeyBlobExist)(const struct HksProcessInfo *processInfo,
+        const struct HksParamSet *paramSet, const struct HksBlob *keyAlias, uint32_t storageType);
+    int32_t (*HksManageStoreGetKeyBlob)(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
+        const struct HksBlob *keyAlias, struct HksBlob *keyBlob, uint32_t storageType);
+    int32_t (*HksManageStoreGetKeyBlobSize)(const struct HksProcessInfo *processInfo,
+        const struct HksParamSet *paramSet, const struct HksBlob *keyAlias,
+        uint32_t *keyBlobSize, uint32_t storageType);
+    int32_t (*HksManageGetKeyCountByProcessName)(const struct HksProcessInfo *processInfo,
+        const struct HksParamSet *paramSet, uint32_t *fileCount);
+
+    int32_t (*HksGetProcessInfoForIPC)(const uint8_t *context, struct HksProcessInfo *processInfo);
+
+    int32_t (*AppendStorageParamsForGen)(const struct HksProcessInfo *processInfo,
+        const struct HksParamSet *paramSet, struct HksParamSet **outParamSet);
+    int32_t (*AppendStorageParamsForUse)(const struct HksParamSet *paramSet,
+        const struct HksProcessInfo *processInfo, struct HksParamSet **outParamSet);
+    int32_t (*AppendStorageParamsForQuery)(const struct HksParamSet *paramSet, struct HksParamSet **outParamSet);
+};
+
+/**
+ * @brief hks plugin proxy
+ */
+struct HksPluginProxy {
+    int32_t (*HksPluginInit)(struct HksBasicInterface *interfaceInst);
+    void (*HksPluginDestory)(void);
+    int32_t (*HksPluginOnRemoteRequest)(uint32_t code, void *data, void *reply, void *option);
+    void (*HksPluginOnReceiveEvent)(void *eventData);
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // HKS_PLUGIN_DEF_H

interfaces/inner_api/huks_standard/main/include/hks_type.h

@@ -637,6 +637,9 @@ enum HksCallerType {
     HKS_ASSIGN_ENUM_VALUE(HKS_TAG_VERIFIED_AUTH_TOKEN, HKS_TAG_TYPE_BYTES | 10018) \
     HKS_ASSIGN_ENUM_VALUE(HKS_TAG_IS_APPEND_UPDATE_DATA, HKS_TAG_TYPE_BOOL | 10019) \
     HKS_ASSIGN_ENUM_VALUE(HKS_TAG_KEY_ACCESS_TIME, HKS_TAG_TYPE_ULONG | 10020) \
+    HKS_ASSIGN_ENUM_VALUE(HKS_TAG_OWNER_ID, HKS_TAG_TYPE_BYTES | 10021) \
+    HKS_ASSIGN_ENUM_VALUE(HKS_TAG_OWNER_TYPE, HKS_TAG_TYPE_UINT | 10022) \
+    HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ACCOUNT_ID, HKS_TAG_TYPE_INT | 10023) \
     /* TAGs used for paramSetOut */\
     HKS_ASSIGN_ENUM_VALUE(HKS_TAG_SYMMETRIC_KEY_DATA, HKS_TAG_TYPE_BYTES | 20001) \
     HKS_ASSIGN_ENUM_VALUE(HKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA, HKS_TAG_TYPE_BYTES | 20002) \

interfaces/inner_api/huks_standard/main/include/huks_hdi.h

@@ -566,6 +566,28 @@ struct HuksHdi {
     int32_t (*HuksHdiUpgradeKey)(const struct HksBlob *oldKey, const struct HksParamSet *paramSet,
         struct HksBlob *newKey);
 
+    /**
+     * @brief Wrap key operation
+     * @param keyAlias key alias
+     * @param key key
+     * @param paramSet required parameter set
+     * @param wrappedKey wrapped key
+     * @return error code, see hks_type.h
+     */
+    int32_t (*HuksHdiWrapKey)(const struct HksBlob *keyAlias, const struct HksBlob *key,
+        const struct HksParamSet *paramSet, struct HksBlob *wrappedKey);
+
+    /**
+     * @brief Unwrap key operation
+     * @param keyAlias key alias
+     * @param paramSet required parameter set
+     * @param wrappedKey wrapped key
+     * @param keyOut unwrapped key
+     * @return error code, see hks_type.h
+     */
+    int32_t (*HuksHdiUnwrapKey)(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet,
+        const struct HksBlob *wrappedKey, struct HksBlob *keyOut);
+
     /**
      * @brief Export chipset platform publicKey
      * @param salt salt value

services/huks_standard/huks_service/main/core/BUILD.gn

@@ -16,7 +16,10 @@ import("//base/security/huks/huks.gni")
 import("//build/ohos.gni")
 
 config("huks_config") {
-  include_dirs = [ "include" ]
+  include_dirs = [
+    "include",
+    "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/include",
+  ]
 }
 
 if (os_level == "standard") {
@@ -51,6 +54,8 @@ if (os_level == "standard") {
       include_dirs += [ "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/sa" ]  # hks_dcm_callback_handler.h
     }
 
+    sources += [ "../plugin_proxy/src/hks_plugin_adapter.cpp" ]
+
     sources += [
       "src/hks_upgrade_helper.c",
       "src/hks_upgrade_key_accesser.c",
@@ -146,6 +151,8 @@ if (os_level == "standard") {
       "src/hks_upgrade_key_accesser.c",
     ]
 
+    sources += [ "../plugin_proxy/src/hks_plugin_adapter_mock.c" ]
+
     if (huks_use_lite_storage == true) {
       sources += [
         "src/hks_storage_adapter.c",

services/huks_standard/huks_service/main/core/include/hks_client_service.h

@@ -103,6 +103,14 @@ int32_t HksServiceExportChipsetPlatformPublicKey(const struct HksBlob *salt,
 int32_t BuildFrontUserIdParamSet(const struct HksParamSet *paramSet,
     struct HksParamSet **outParamSet, int frontUserId);
 
+int32_t AppendNewInfoForGenKeyInService(const struct HksProcessInfo *processInfo,
+    const struct HksParamSet *paramSet, struct HksParamSet **outParamSet);
+
+int32_t AppendNewInfoForUseKeyInService(const struct HksParamSet *paramSet,
+    const struct HksProcessInfo *processInfo, struct HksParamSet **outParamSet);
+
+int32_t AppendStorageLevelIfNotExist(const struct HksParamSet *paramSet, struct HksParamSet **outParamSet);
+
 #ifdef __cplusplus
 }
 #endif

services/huks_standard/huks_service/main/core/include/hks_storage.h

@@ -25,7 +25,7 @@ extern "C" {
 #ifndef _CUT_AUTHENTICATE_
 #ifdef _STORAGE_LITE_
 int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyAlias,
-    enum HksStorageType storageType, const struct HksBlob *keyBlob);
+    uint32_t storageType, const struct HksBlob *keyBlob);
 
 int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo,
     const struct HksBlob *keyAlias, uint32_t storageType);

services/huks_standard/huks_service/main/core/include/hks_storage_manager.h

@@ -23,19 +23,19 @@ extern "C" {
 #endif
 
 int32_t HksManageStoreKeyBlob(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, const struct HksBlob *keyBlob, enum HksStorageType storageType);
+    const struct HksBlob *keyAlias, const struct HksBlob *keyBlob, uint32_t storageType);
 
 int32_t HksManageStoreDeleteKeyBlob(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, enum HksStorageType storageType);
+    const struct HksBlob *keyAlias, uint32_t storageType);
 
 int32_t HksManageStoreIsKeyBlobExist(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, enum HksStorageType storageType);
+    const struct HksBlob *keyAlias, uint32_t storageType);
 
 int32_t HksManageStoreGetKeyBlob(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, struct HksBlob *keyBlob, enum HksStorageType storageType);
+    const struct HksBlob *keyAlias, struct HksBlob *keyBlob, uint32_t storageType);
 
 int32_t HksManageStoreGetKeyBlobSize(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, uint32_t *keyBlobSize, enum HksStorageType storageType);
+    const struct HksBlob *keyAlias, uint32_t *keyBlobSize, uint32_t storageType);
 
 int32_t HksManageGetKeyAliasByProcessName(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
     struct HksKeyInfo *keyInfoList, uint32_t *listCount);

services/huks_standard/huks_service/main/core/src/hks_client_service.c

@@ -35,6 +35,7 @@
 #include "hks_mem.h"
 #include "hks_param.h"
 #include "hks_permission_check.h"
+#include "hks_plugin_adapter.h"
 #include "hks_report.h"
 #include "hks_session_manager.h"
 #include "hks_storage.h"
@@ -144,7 +145,7 @@ static int32_t AppendStorageLevelAndSpecificUserIdToParamSet(const struct HksOpe
     return HKS_SUCCESS;
 }
 
-static int32_t AppendStorageLevelIfNotExist(const struct HksParamSet *paramSet, struct HksParamSet **outParamSet)
+int32_t AppendStorageLevelIfNotExist(const struct HksParamSet *paramSet, struct HksParamSet **outParamSet)
 {
     int32_t ret;
     struct HksParamSet *newParamSet = NULL;
@@ -229,6 +230,12 @@ static int32_t AppendProcessInfoAndDefaultStrategy(const struct HksParamSet *par
     return ret;
 }
 
+int32_t AppendNewInfoForUseKeyInService(const struct HksParamSet *paramSet,
+    const struct HksProcessInfo *processInfo, struct HksParamSet **outParamSet)
+{
+    return AppendProcessInfoAndDefaultStrategy(paramSet, processInfo, NULL, outParamSet);
+}
+
 #ifndef _CUT_AUTHENTICATE_
 #ifdef _STORAGE_LITE_
 static int32_t GetKeyData(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
@@ -585,7 +592,7 @@ static int32_t CheckIfUserIamSupportCurType(int32_t userId, uint32_t userAuthTyp
     return HKS_SUCCESS;
 }
 
-static int32_t AppendNewInfoForGenKeyInService(const struct HksProcessInfo *processInfo,
+int32_t AppendNewInfoForGenKeyInService(const struct HksProcessInfo *processInfo,
     const struct HksParamSet *paramSet, struct HksParamSet **outParamSet)
 {
     uint32_t userAuthType = 0;
@@ -635,10 +642,29 @@ static int32_t AppendNewInfoForGenKeyInService(const struct HksProcessInfo *proc
     return ret;
 }
 #else
-static int32_t AppendNewInfoForGenKeyInService(const struct HksProcessInfo *processInfo,
+int32_t AppendNewInfoForGenKeyInService(const struct HksProcessInfo *processInfo,
     const struct HksParamSet *paramSet, struct HksParamSet **outParamSet)
 {
-    return AppendProcessInfoAndDefaultStrategy(paramSet, processInfo, NULL, outParamSet);
+    const struct HksParamSet *inParamSet = paramSet;
+    struct HksParamSet *newParamSet = NULL;
+    int32_t ret;
+
+#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
+    ret = AddAppInfoToParamSet(processInfo, paramSet, &newParamSet, HKS_TAG_OWNER_ID, HKS_TAG_OWNER_TYPE);
+    if (ret != HKS_SUCCESS) {
+        HKS_LOG_E("AddAppInfoToParamSet failed, ret = %" LOG_PUBLIC "d.", ret);
+        HksFreeParamSet(&newParamSet);
+        return ret;
+    }
+    inParamSet = newParamSet;
+#endif
+
+    ret = AppendProcessInfoAndDefaultStrategy(inParamSet, processInfo, NULL, outParamSet);
+    if (ret != HKS_SUCCESS) {
+        HKS_LOG_E("AppendProcessInfoAndDefaultStrategy failed, ret = %" LOG_PUBLIC "d.", ret);
+    }
+    HksFreeParamSet(&newParamSet);
+    return ret;
 }
 #endif
 
@@ -1386,6 +1412,8 @@ int32_t HksServiceInitialize(void)
         ret = HuksAccessModuleInit();
         HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks core service initialize failed! ret = %" LOG_PUBLIC "d", ret)
 
+        HksInitPluginProxyMutex();
+
 #ifdef _STORAGE_LITE_
         ret = HksLoadFileToBuffer();
         HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "load file to buffer failed, ret = %" LOG_PUBLIC "d", ret)
@@ -1434,7 +1462,7 @@ int32_t HksServiceRefreshKeyInfo(const struct HksBlob *processName)
 
 #ifdef HKS_SUPPORT_GET_BUNDLE_INFO
 static int32_t AddAppInfoToParamSet(const struct HksProcessInfo *processInfo, struct HksParamSet *paramSet,
-    struct HksParamSet **outParamSet)
+    struct HksParamSet **outParamSet, uint32_t idTag, uint32_t typeTag)
 {
     int32_t ret;
     struct HksBlob appInfo = {0, NULL};
@@ -1458,8 +1486,8 @@ static int32_t AddAppInfoToParamSet(const struct HksProcessInfo *processInfo, st
         ret = CheckBlob(&appInfo);
         if (ret == HKS_SUCCESS) {
             struct HksParam params[] = {
-                {.tag = HKS_TAG_ATTESTATION_APPLICATION_ID, .blob = appInfo},
-                {.tag = HKS_TAG_ATTESTATION_APPLICATION_ID_TYPE, .uint32Param = appidType}
+                {.tag = idTag, .blob = appInfo},
+                {.tag = typeTag, .uint32Param = appidType}
             };
             ret = HksAddParams(newParamSet, params, sizeof(params) / sizeof(params[0]));
             HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "add appInfo failed")
@@ -1498,7 +1526,8 @@ int32_t HksServiceAttestKey(const struct HksProcessInfo *processInfo, const stru
         ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &processInfoParamSet);
         HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
 
-        ret = AddAppInfoToParamSet(processInfo, processInfoParamSet, &newParamSet);
+        ret = AddAppInfoToParamSet(processInfo, processInfoParamSet, &newParamSet,
+            HKS_TAG_ATTESTATION_APPLICATION_ID, HKS_TAG_ATTESTATION_APPLICATION_ID_TYPE);
         HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddAppInfoToParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
 #else
         ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
@@ -1695,7 +1724,7 @@ int32_t HksServiceFinish(const struct HksBlob *handle, const struct HksProcessIn
     bool isNeedStorage = false;
     uint32_t outSize = outData->size;
     int32_t ret = HksCheckKeyNeedStored(paramSet, &isNeedStorage);
-    if (ret == HKS_SUCCESS && isNeedStorage) {
+    if (ret == HKS_SUCCESS) {
         outSize = MAX_KEY_SIZE;
     }
     struct HksBlob output = { outSize, NULL };

services/huks_standard/huks_service/main/core/src/hks_storage_lite.c

@@ -594,7 +594,7 @@ static int32_t GetRootMaterial(const struct HksBlob *name, struct HksBlob *buffe
 }
 
 int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyAlias,
-    enum HksStorageType storageType, const struct HksBlob *keyBlob)
+    uint32_t storageType, const struct HksBlob *keyBlob)
 {
     (void)fileInfo;
     if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) {

services/huks_standard/huks_service/main/core/src/hks_storage_manager.c

@@ -48,7 +48,7 @@ static int32_t HksConstructStoreFileInfo(const struct HksProcessInfo *processInf
 }
 
 int32_t HksManageStoreKeyBlob(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, const struct HksBlob *keyBlob, enum HksStorageType storageType)
+    const struct HksBlob *keyAlias, const struct HksBlob *keyBlob, uint32_t storageType)
 {
     struct HksStoreFileInfo fileInfo = { 0 };
     struct HksStoreMaterial material = { .paramSet = paramSet, .keyAlias = keyAlias, .storageType = storageType };
@@ -71,7 +71,7 @@ int32_t HksManageStoreKeyBlob(const struct HksProcessInfo *processInfo, const st
 }
 
 int32_t HksManageStoreDeleteKeyBlob(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, enum HksStorageType storageType)
+    const struct HksBlob *keyAlias, uint32_t storageType)
 {
     struct HksStoreFileInfo fileInfo = { 0 };
     struct HksStoreMaterial material = { .paramSet = paramSet, .keyAlias = keyAlias, .storageType = storageType };
@@ -94,7 +94,7 @@ int32_t HksManageStoreDeleteKeyBlob(const struct HksProcessInfo *processInfo, co
 }
 
 int32_t HksManageStoreIsKeyBlobExist(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, enum HksStorageType storageType)
+    const struct HksBlob *keyAlias, uint32_t storageType)
 {
     struct HksStoreFileInfo fileInfo = { 0 };
     struct HksStoreMaterial material = { .paramSet = paramSet, .keyAlias = keyAlias, .storageType = storageType };
@@ -117,7 +117,7 @@ int32_t HksManageStoreIsKeyBlobExist(const struct HksProcessInfo *processInfo, c
 }
 
 int32_t HksManageStoreGetKeyBlob(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, struct HksBlob *keyBlob, enum HksStorageType storageType)
+    const struct HksBlob *keyAlias, struct HksBlob *keyBlob, uint32_t storageType)
 {
     struct HksStoreFileInfo fileInfo = { 0 };
     struct HksStoreMaterial material = { .paramSet = paramSet, .keyAlias = keyAlias, .storageType = storageType };
@@ -140,7 +140,7 @@ int32_t HksManageStoreGetKeyBlob(const struct HksProcessInfo *processInfo, const
 }
 
 int32_t HksManageStoreGetKeyBlobSize(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
-    const struct HksBlob *keyAlias, uint32_t *keyBlobSize, enum HksStorageType storageType)
+    const struct HksBlob *keyAlias, uint32_t *keyBlobSize, uint32_t storageType)
 {
     struct HksStoreFileInfo fileInfo = { 0 };
     struct HksStoreMaterial material = { .paramSet = paramSet, .keyAlias = keyAlias, .storageType = storageType };

services/huks_standard/huks_service/main/os_dependency/sa/hks_sa.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
+ * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -29,6 +29,7 @@
 #include "hks_mem.h"
 #include "hks_message_handler.h"
 #include "hks_param.h"
+#include "hks_plugin_adapter.h"
 #include "hks_report.h"
 #include "hks_response.h"
 #include "hks_template.h"
@@ -300,9 +301,15 @@ int HksService::OnRemoteRequest(uint32_t code, MessageParcel &data,
     g_sessionId++;
     HKS_LOG_I("OnRemoteRequest code:%" LOG_PUBLIC "d, sessionId = %" LOG_PUBLIC "u", code, g_sessionId);
 
-    // check that the code is valid
     if (code < HksIpcInterfaceCode::HKS_MSG_BASE || code >= HksIpcInterfaceCode::HKS_MSG_MAX) {
-        return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
+        int ret = HksCreatePluginProxy();
+        if (ret != HKS_SUCCESS) {
+            HKS_LOG_I("create plugin proxy failed, ret = %" LOG_PUBLIC "d", ret);
+        }
+        if (HksGetPluginProxy() == nullptr) {
+            return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
+        }
+        return HksGetPluginProxy()->HksPluginOnRemoteRequest(code, &data, &reply, &option);
     }
 
     uint32_t outSize = static_cast<uint32_t>(data.ReadUint32());

services/huks_standard/huks_service/main/plugin_proxy/include/hks_plugin_adapter.h

@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef HKS_PLUGIN_ADAPTER_H
+#define HKS_PLUGIN_ADAPTER_H
+
+#ifdef HKS_CONFIG_FILE
+#include HKS_CONFIG_FILE
+#else
+#include "hks_config.h"
+#endif
+
+#include "hks_plugin_def.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void HksInitPluginProxyMutex(void);
+int32_t HksCreatePluginProxy(void);
+void HksDestoryPluginProxy(void);
+struct HksPluginProxy *HksGetPluginProxy(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // HKS_PLUGIN_ADAPTER_H

services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter.cpp

@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hks_plugin_adapter.h"
+
+#include <dlfcn.h>
+
+#include "hks_cfi.h"
+#include "hks_client_service.h"
+#include "hks_log.h"
+#include "hks_mutex.h"
+#include "hks_response.h"
+#include "hks_storage_manager.h"
+#include "hks_template.h"
+#include "hks_type.h"
+
+typedef struct HksPluginProxy *(*HksGetPluginProxyFunc)();
+
+static void *g_pluginHandler = nullptr;
+static HksMutex *g_pluginMutex = NULL;
+static struct HksPluginProxy *g_pluginProxy = nullptr;
+
+static struct HksBasicInterface g_interfaceInst = {
+    .HksManageStoreKeyBlob = HksManageStoreKeyBlob,
+    .HksManageStoreDeleteKeyBlob = HksManageStoreDeleteKeyBlob,
+    .HksManageStoreIsKeyBlobExist = HksManageStoreIsKeyBlobExist,
+    .HksManageStoreGetKeyBlob = HksManageStoreGetKeyBlob,
+    .HksManageStoreGetKeyBlobSize = HksManageStoreGetKeyBlobSize,
+    .HksManageGetKeyCountByProcessName = HksManageGetKeyCountByProcessName,
+
+    .HksGetProcessInfoForIPC = HksGetProcessInfoForIPC,
+
+    .AppendStorageParamsForGen = AppendNewInfoForGenKeyInService,
+    .AppendStorageParamsForUse = AppendNewInfoForUseKeyInService,
+    .AppendStorageParamsForQuery = AppendStorageLevelIfNotExist,
+};
+
+void HksInitPluginProxyMutex(void)
+{
+    g_pluginMutex = HksMutexCreate();
+}
+
+/* It is invoked when service initialize */
+ENABLE_CFI(int32_t HksCreatePluginProxy(void))
+{
+    if (HksMutexLock(g_pluginMutex) != HKS_SUCCESS) {
+        HKS_LOG_E("lock mutex for plugin proxy failed");
+        return HKS_ERROR_BAD_STATE;
+    }
+    int32_t ret = HKS_ERROR_NULL_POINTER;
+    struct HksPluginProxy *pluginProxy = nullptr;
+    do {
+        if (g_pluginProxy != nullptr) {
+            ret = HKS_SUCCESS;
+            break;
+        }
+
+        g_pluginHandler = dlopen("libhuks_ext.z.so", RTLD_NOW);
+        HKS_IF_NULL_LOGE_BREAK(g_pluginHandler, "dlopen for plugin proxy failed")
+
+        HksGetPluginProxyFunc func = (HksGetPluginProxyFunc)dlsym(g_pluginHandler, "HksGetPluginProxy");
+        HKS_IF_NULL_LOGE_BREAK(func, "dlsym for plugin proxy failed")
+
+        pluginProxy = func();
+        HKS_IF_NULL_LOGE_BREAK(pluginProxy, "HksGetPluginProxy result is null")
+
+        ret = pluginProxy->HksPluginInit(&g_interfaceInst);
+        HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "init plugin failed, ret = %" LOG_PUBLIC "d", ret)
+
+        g_pluginProxy = pluginProxy;
+    } while (0);
+
+    (void)HksMutexUnlock(g_pluginMutex);
+    if (ret != HKS_SUCCESS) {
+        HksDestoryPluginProxy();
+    }
+    return ret;
+}
+
+void HksDestoryPluginProxy(void)
+{
+    if (g_pluginMutex == NULL || HksMutexLock(g_pluginMutex) != HKS_SUCCESS) {
+        HKS_LOG_E("lock mutex for plugin proxy failed");
+        return;
+    }
+
+    if (g_pluginProxy != nullptr) {
+        g_pluginProxy->HksPluginDestory();
+        g_pluginProxy = nullptr;
+    }
+
+    if (g_pluginHandler != nullptr) {
+        dlclose(g_pluginHandler);
+        g_pluginHandler = nullptr;
+    }
+
+    (void)HksMutexUnlock(g_pluginMutex);
+    HksMutexClose(g_pluginMutex);
+    g_pluginMutex = NULL;
+}
+
+struct HksPluginProxy *HksGetPluginProxy(void)
+{
+    if (g_pluginProxy == nullptr) {
+        HKS_LOG_I("g_pluginProxy is null");
+    }
+    return g_pluginProxy;
+}

services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter_mock.c

@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hks_plugin_adapter.h"
+#include "hks_log.h"
+#include "hks_type.h"
+
+void HksInitPluginProxyMutex(void)
+{
+    HKS_LOG_I("Unsupport extension plugin!");
+}
+
+int32_t HksCreatePluginProxy(void)
+{
+    HKS_LOG_I("Unsupport extension plugin!");
+    return HKS_SUCCESS;
+}
+
+void HksDestoryPluginProxy(void)
+{
+    HKS_LOG_I("Unsupport extension plugin!");
+}
+
+struct HksPluginProxy *HksGetPluginProxy(void)
+{
+    HKS_LOG_I("Unsupport extension plugin!");
+    return NULL;
+}

test/unittest/huks_lite_test/liteos_m_adapter/hks_modify_key_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2021-2022 Huawei Device Co., Ltd.
+ * Copyright (C) 2021-2024 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -123,9 +123,9 @@ enum HksStorageType {
 };
 
 extern int32_t HksStoreKeyBlob(const struct HksBlob *processName, const struct HksBlob *keyAlias,
-    enum HksStorageType storageType, const struct HksBlob *keyBlob);
+    uint32_t storageType, const struct HksBlob *keyBlob);
 int32_t __attribute__((weak)) HksStoreKeyBlob(const struct HksBlob *processName, const struct HksBlob *keyAlias,
-    enum HksStorageType storageType, const struct HksBlob *keyBlob)
+    uint32_t storageType, const struct HksBlob *keyBlob)
 {
     (void)processName;
     (void)keyAlias;

test/unittest/huks_standard_test/module_test/BUILD.gn

@@ -1,4 +1,4 @@
-# Copyright (C) 2022-2023 Huawei Device Co., Ltd.
+# Copyright (C) 2022-2024 Huawei Device Co., Ltd.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -44,6 +44,7 @@ ohos_unittest("huks_module_test") {
     "//base/security/huks/test/unittest/huks_standard_test/module_test/upgrade_key_test/include",
     "//base/security/huks/test/unittest/huks_common_test/include",
     "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/ipc",  # hks_response.h
+    "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/include",
   ]
 
   sources = []

test/unittest/huks_standard_test/module_test/inner_kits_passthrough/BUILD.gn

@@ -77,6 +77,7 @@ huks_sources = [
   "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_upgrade_key_accesser.c",
   "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/posix/hks_rwlock.c",
   "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/sa/hks_event_observer.cpp",
+  "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter_mock.c",
   "//base/security/huks/services/huks_standard/huks_service/main/systemapi_mock/src/hks_useridm_api_mock.cpp",
   "//base/security/huks/services/huks_standard/huks_service/main/systemapi_wrap/hitrace_meter_wrapper/src/hitrace_meter_wrapper.cpp",
   "//base/security/huks/test/unittest/huks_standard_test/module_test/mock/idl/src/huks_access_mock.c",
@@ -157,6 +158,7 @@ ohos_static_library("libhukssdk_static") {
     "//base/security/huks/services/huks_standard/huks_service/main/systemapi_wrap/bms/include",
     "//base/security/huks/services/huks_standard/huks_service/main/systemapi_wrap/hitrace_meter_wrapper/include",
     "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/ipc",  # hks_response.h
+    "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/include",
   ]
   deps = []
 

test/unittest/huks_standard_test/module_test/service_test/huks_service/core/src/hks_client_service_test.cpp

@@ -30,6 +30,7 @@
 
 #include "hks_test_modify_old_key.h"
 
+#include "base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter.cpp"
 #include "base/security/huks/services/huks_standard/huks_service/main/core/src/hks_client_service.c"
 
 using namespace testing::ext;