From 9a6bac08ef537d7c07a09ed083b92677e37af193 Mon Sep 17 00:00:00 2001 From: wang--ge Date: Tue, 18 Jul 2023 17:19:47 +0800 Subject: [PATCH] add huks component --- huks/BUILD.gn | 0 huks/bundle.json | 77 ++++++ .../huks_standard/main/common/BUILD.gn | 13 + .../main/common/include/hks_ability.h | 123 +++++++++ .../main/common/include/hks_base_check.h | 118 ++++++++ .../main/common/include/hks_cfi.h | 30 +++ .../main/common/include/hks_check_paramset.h | 62 +++++ .../main/common/include/hks_cmd_id.h | 78 ++++++ .../main/common/include/hks_common_check.h | 69 +++++ .../main/common/include/hks_config.h | 228 ++++++++++++++++ .../main/common/include/hks_config_base.h | 177 ++++++++++++ .../main/common/include/hks_config_lite.h | 111 ++++++++ .../main/common/include/hks_config_small.h | 136 ++++++++++ .../main/common/include/hks_crypto_adapter.h | 58 ++++ .../main/common/include/hks_crypto_hal.h | 255 ++++++++++++++++++ .../main/common/include/hks_errcode_adapter.h | 51 ++++ .../main/common/include/hks_log.h | 64 +++++ .../main/common/include/hks_mem.h | 62 +++++ .../main/common/include/hks_template.h | 75 ++++++ .../main/common/include/hks_type_inner.h | 94 +++++++ .../huks_standard/main/os_dependency/BUILD.gn | 10 + .../ipc/include/hks_client_ipc.h | 90 +++++++ .../os_dependency/ipc/include/hks_ipc_check.h | 55 ++++ .../ipc/include/hks_ipc_serialization.h | 76 ++++++ .../os_dependency/ipc/include/hks_ipc_slice.h | 34 +++ .../os_dependency/ipc/include/hks_request.h | 69 +++++ .../ipc/include/hks_samgr_client.h | 32 +++ .../innerkits/huks_standard/main/BUILD.gn | 23 ++ .../innerkits/huks_standard/main/include | 1 + 29 files changed, 2271 insertions(+) create mode 100644 huks/BUILD.gn create mode 100644 huks/bundle.json create mode 100644 huks/frameworks/huks_standard/main/common/BUILD.gn create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_ability.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_base_check.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_cfi.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_check_paramset.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_cmd_id.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_common_check.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_config.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_config_base.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_config_lite.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_config_small.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_crypto_adapter.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_crypto_hal.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_errcode_adapter.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_log.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_mem.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_template.h create mode 100644 huks/frameworks/huks_standard/main/common/include/hks_type_inner.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/BUILD.gn create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_client_ipc.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_check.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_serialization.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_slice.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_request.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_samgr_client.h create mode 100644 huks/interfaces/innerkits/huks_standard/main/BUILD.gn create mode 120000 huks/interfaces/innerkits/huks_standard/main/include diff --git a/huks/BUILD.gn b/huks/BUILD.gn new file mode 100644 index 0000000..e69de29 diff --git a/huks/bundle.json b/huks/bundle.json new file mode 100644 index 0000000..be04db1 --- /dev/null +++ b/huks/bundle.json @@ -0,0 +1,77 @@ +{ + "name": "@ohos/huks", + "description": "The provider of key and certificate manangement capbility, which belongs to security subsystem", + "version": "3.1", + "license": "Apache License 2.0", + "publishAs": "code-segment", + "segment": { + "destPath": "base/security/huks" + }, + "dirs":{}, + "scripts": { + "install": "DEST_PATH=${DEP_BUNDLE_BASE}/base/security/huks && mkdir -p $DEST_PATH && cp -r ./* $DEST_PATH" + }, + "author": {}, + "repository": "", + "component": { + "name": "huks", + "subsystem": "security", + "syscap": [ + "SystemCapability.Security.Huks", + "SystemCapability.Security.Cipher" + ], + "features": [], + "adapted_system_type": [ + "standard", + "small", + "mini" + ], + "rom": "5000KB", + "ram": "500kB", + "deps": { + "components": [ + "ability_base", + "access_token", + "bundle_framework", + "common", + "common_event_service", + "hisysevent_native", + "hitrace_native", + "hiviewdfx_hilog_native", + "ipc", + "napi", + "os_account", + "safwk", + "samgr", + "thirdparty_bounds_checking_function", + "c_utils" + ], + "third_party": [ + "openssl", + "bounds_checking_function" + ] + }, + "build": { + "group_type": { + "base_group": [], + "fwk_group": [ + + ], + "service_group": [ + + ] + }, + "inner_kits": [ + { + "name": "//base/security/huks/interfaces/innerkits/huks_standard/main:libhukssdk", + "header": { + "header_files": [ + "hks_api.h" + ], + "header_base": "//base/security/huks/interfaces/innerkits/huks_standard/main/include" + } + } + ] + } + } + } diff --git a/huks/frameworks/huks_standard/main/common/BUILD.gn b/huks/frameworks/huks_standard/main/common/BUILD.gn new file mode 100644 index 0000000..4927ee3 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/BUILD.gn @@ -0,0 +1,13 @@ +import("//build/ohos.gni") + +config("huks_config") { + include_dirs = [ + "include", + "//base/security/huks/interfaces/innerkits/huks_standard/main/include", + ] + libs = ("huks_common_standard_static") +} + +group("libhuks_common_standard_static") { + public_configs = [ ":huks_config" ] +} diff --git a/huks/frameworks/huks_standard/main/common/include/hks_ability.h b/huks/frameworks/huks_standard/main/common/include/hks_ability.h new file mode 100644 index 0000000..56525e9 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_ability.h @@ -0,0 +1,123 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_ABILITY_H +#define HKS_ABILITY_H + +#include + +enum HksAbilityType { + HKS_ABILITY_CRYPTO = 1, + HKS_ABILITY_AUTH, +}; + +enum HksOperationType { + HKS_OPERATION_GENERATE_KEY = 0x1, /* generate key */ + HKS_OPERATION_GET_PUBLIC_KEY = 0x2, /* get public key */ + HKS_OPERATION_DERIVE_KEY = 0x3, /* derive key */ + HKS_OPERATION_AGREE_KEY = 0x4, /* agree key */ + HKS_OPERATION_SIGN = 0x5, /* sign */ + HKS_OPERATION_VERIFY = 0x6, /* verify */ + HKS_OPERATION_HMAC_INIT = 0x7, /* hmac init */ + HKS_OPERATION_HMAC_UPDATE = 0x8, /* hmac update */ + HKS_OPERATION_HMAC_FINAL = 0x9, /* hmac final */ + HKS_OPERATION_HASH_INIT = 0xa, /* hash init */ + HKS_OPERATION_HASH_UPDATE = 0xb, /* hash update */ + HKS_OPERATION_HASH_FINAL = 0xc, /* hash final */ + HKS_OPERATION_ENCRYPT_INIT = 0xd, /* encrypt init */ + HKS_OPERATION_ENCRYPT_UPDATE = 0xe, /* encrypt update */ + HKS_OPERATION_ENCRYPT_FINAL = 0xf, /* encrypt final */ + HKS_OPERATION_DECRYPT_INIT = 0x10, /* decrypt init */ + HKS_OPERATION_DECRYPT_UPDATE = 0x11, /* decrypt update */ + HKS_OPERATION_DECRYPT_FINAL = 0x12, /* decrypt final */ + HKS_OPERATION_GET_MAIN_KEY = 0x13, /* get root main key */ + HKS_OPERATION_FILL_RANDOM = 0x14, /* fill random */ + HKS_OPERATION_HMAC = 0x15, + HKS_OPERATION_HASH = 0x16, + HKS_OPERATION_ENCRYPT = 0x17, + HKS_OPERATION_DECRYPT = 0x18, + HKS_OPERATION_BN_EXP_MOD = 0x19, + HKS_OPERATION_HASH_FREE_CTX = 0x1a, /* hash free ctx */ + HKS_OPERATION_HMAC_FREE_CTX = 0x1b, /* hmac free ctx */ + HKS_OPERATION_ENCRYPT_FREE_CTX = 0x1c, /* encrypt free ctx */ + HKS_OPERATION_DECRYPT_FREE_CTX = 0x1d, /* decrypt free ctx */ + HKS_OPERATION_FILL_PRI_RANDOM = 0x1e, /* fill private random */ +}; + +struct HksAbility { + uint32_t id; + void *func; +}; + +#define HKS_ABILITY_MAX_SIZE 128 + +#define HKS_ABILITY_SHIFT 24 +#define HKS_CRYPTO_OPERATION_SHIFT 16 + +#define HKS_CRYPTO_ABILITY(type, alg) \ + ((HKS_ABILITY_CRYPTO << HKS_ABILITY_SHIFT) | ((type) << HKS_CRYPTO_OPERATION_SHIFT) | (alg)) + +#define HKS_CRYPTO_ABILITY_GENERATE_KEY(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_GENERATE_KEY, alg) +#define HKS_CRYPTO_ABILITY_GET_PUBLIC_KEY(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_GET_PUBLIC_KEY, alg) +#define HKS_CRYPTO_ABILITY_DERIVE_KEY(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_DERIVE_KEY, alg) +#define HKS_CRYPTO_ABILITY_AGREE_KEY(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_AGREE_KEY, alg) +#define HKS_CRYPTO_ABILITY_SIGN(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_SIGN, alg) +#define HKS_CRYPTO_ABILITY_VERIFY(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_VERIFY, alg) + +#define HKS_CRYPTO_ABILITY_HMAC HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC, 0) +#define HKS_CRYPTO_ABILITY_HMAC_INIT HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC_INIT, 0) +#define HKS_CRYPTO_ABILITY_HMAC_UPDATE HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC_UPDATE, 0) +#define HKS_CRYPTO_ABILITY_HMAC_FINAL HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC_FINAL, 0) +#define HKS_CRYPTO_ABILITY_HMAC_FREE_CTX HKS_CRYPTO_ABILITY(HKS_OPERATION_HMAC_FREE_CTX, 0) + +#define HKS_CRYPTO_ABILITY_HASH HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH, 0) +#define HKS_CRYPTO_ABILITY_HASH_INIT HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH_INIT, 0) +#define HKS_CRYPTO_ABILITY_HASH_UPDATE HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH_UPDATE, 0) +#define HKS_CRYPTO_ABILITY_HASH_FINAL HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH_FINAL, 0) +#define HKS_CRYPTO_ABILITY_HASH_FREE_CTX HKS_CRYPTO_ABILITY(HKS_OPERATION_HASH_FREE_CTX, 0) + +#define HKS_CRYPTO_ABILITY_ENCRYPT(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_ENCRYPT, alg) +#define HKS_CRYPTO_ABILITY_ENCRYPT_INIT(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_ENCRYPT_INIT, alg) +#define HKS_CRYPTO_ABILITY_ENCRYPT_UPDATE(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_ENCRYPT_UPDATE, alg) +#define HKS_CRYPTO_ABILITY_ENCRYPT_FINAL(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_ENCRYPT_FINAL, alg) +#define HKS_CRYPTO_ABILITY_ENCRYPT_FREE_CTX(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_ENCRYPT_FREE_CTX, alg) + +#define HKS_CRYPTO_ABILITY_DECRYPT(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_DECRYPT, alg) +#define HKS_CRYPTO_ABILITY_DECRYPT_INIT(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_DECRYPT_INIT, alg) +#define HKS_CRYPTO_ABILITY_DECRYPT_UPDATE(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_DECRYPT_UPDATE, alg) +#define HKS_CRYPTO_ABILITY_DECRYPT_FINAL(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_DECRYPT_FINAL, alg) +#define HKS_CRYPTO_ABILITY_DECRYPT_FREE_CTX(alg) HKS_CRYPTO_ABILITY(HKS_OPERATION_DECRYPT_FREE_CTX, alg) + +#define HKS_CRYPTO_ABILITY_GET_MAIN_KEY HKS_CRYPTO_ABILITY(HKS_OPERATION_GET_MAIN_KEY, 0) + +#define HKS_CRYPTO_ABILITY_FILL_RANDOM HKS_CRYPTO_ABILITY(HKS_OPERATION_FILL_RANDOM, 0) +#define HKS_CRYPTO_ABILITY_BN_EXP_MOD HKS_CRYPTO_ABILITY(HKS_OPERATION_BN_EXP_MOD, 0) +#define HKS_CRYPTO_ABILITY_FILL_PRI_RANDOM HKS_CRYPTO_ABILITY(HKS_OPERATION_FILL_PRI_RANDOM, 0) + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t RegisterAbility(uint32_t id, void *func); + +void *GetAbility(uint32_t id); + +int32_t HksCryptoAbilityInit(void); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_ABILITY_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_base_check.h b/huks/frameworks/huks_standard/main/common/include/hks_base_check.h new file mode 100644 index 0000000..3640dcb --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_base_check.h @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_BASE_CHECK_H +#define HKS_BASE_CHECK_H + +#include "hks_param.h" +#include "hks_type_inner.h" + +enum CheckKeyType { + HKS_CHECK_TYPE_GEN_KEY, + HKS_CHECK_TYPE_USE_KEY, + HKS_CHECK_TYPE_GEN_MAC_KEY, + HKS_CHECK_TYPE_GEN_DERIVE_KEY, +}; + +struct Params { + bool needCheck; + uint32_t value; + bool isAbsent; +}; + +struct ParamsValues { + struct Params keyLen; + struct Params padding; + struct Params purpose; + struct Params digest; + struct Params mode; +}; + +struct ParamsValuesChecker { + enum CheckKeyType checkType; + struct ParamsValues paramValues; +}; + +struct ExpectParams { + bool needCheck; + const uint32_t *values; + uint32_t valueCnt; +}; + +struct ExpectParamsValues { + const struct ExpectParams keyLen; + const struct ExpectParams padding; + const struct ExpectParams purpose; + const struct ExpectParams digest; + const struct ExpectParams mode; +}; +#define EXPECT_PARAMS_VALUES_INIT {{0}, {0}, {0}, {0}, {0}} + +struct ExpectParamsValuesChecker { + enum CheckKeyType checkType; + const struct ExpectParamsValues paramValues; +}; + +struct AuthAccessTypeChecker { + enum HksUserAuthType userAuthType; + const struct ExpectParams allowAuthAccessTypes; +}; + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksCheckValue(uint32_t inputValue, const uint32_t *expectValues, uint32_t valuesCount); + +int32_t HksGetKeySize(uint32_t alg, const struct HksBlob *key, uint32_t *keySize); + +int32_t HksCheckGenKeyPurpose(uint32_t alg, uint32_t inputPurpose); + +int32_t HksGetInputParmasByAlg(uint32_t alg, enum CheckKeyType checkType, const struct HksParamSet *paramSet, + struct ParamsValues *inputParams); + +int32_t HksCheckFixedParams(uint32_t alg, enum CheckKeyType checkType, const struct ParamsValues *inputParams); + +int32_t HksCheckGenKeyMutableParams(uint32_t alg, const struct ParamsValues *inputParams); + +int32_t CheckImportMutableParams(uint32_t alg, const struct ParamsValues *params); + +int32_t HksCheckSignature(uint32_t cmdId, uint32_t alg, uint32_t keySize, const struct HksBlob *signature); + +int32_t HksCheckSignVerifyMutableParams(uint32_t cmdId, uint32_t alg, const struct ParamsValues *inputParams); + +int32_t HksCheckCipherMutableParams(uint32_t cmdId, uint32_t alg, const struct ParamsValues *inputParams); + +int32_t HksCheckCihperData(uint32_t cmdId, uint32_t alg, const struct ParamsValues *inputParams, + const struct HksBlob *inData, const struct HksBlob *outData); + +int32_t HksCheckCipherMaterialParams(uint32_t alg, const struct ParamsValues *inputParams, + const struct HksParamSet *paramSet); + +int32_t HksCheckUserAuthParams(uint32_t userAuthType, uint32_t authAccessType, uint32_t challengeType); + +int32_t HksCheckSecureSignParams(uint32_t secureSignType); + +int32_t GetInputParams(const struct HksParamSet *paramSet, struct ParamsValues *inputParams); + +int32_t HksCheckOptionalParam(uint32_t tag, uint32_t alg, uint32_t purpose, bool isAbsent, struct HksParam *param); + +int32_t HksCheckNeedCache(uint32_t alg, uint32_t digest); +#ifdef __cplusplus +} +#endif + +#endif /* HKS_BASE_CHECK_H */ + diff --git a/huks/frameworks/huks_standard/main/common/include/hks_cfi.h b/huks/frameworks/huks_standard/main/common/include/hks_cfi.h new file mode 100644 index 0000000..855b66f --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_cfi.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CFI_H +#define HKS_CFI_H + +#ifdef HKS_CONFIG_FILE +#include HKS_CONFIG_FILE +#else +#include "hks_config.h" +#endif + +#ifdef HKS_SUPPORT_CFI +#define ENABLE_CFI(function) __attribute__((no_sanitize("cfi"))) function +#else +#define ENABLE_CFI(function) function +#endif +#endif // HKS_CFI_H diff --git a/huks/frameworks/huks_standard/main/common/include/hks_check_paramset.h b/huks/frameworks/huks_standard/main/common/include/hks_check_paramset.h new file mode 100644 index 0000000..4aa31e5 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_check_paramset.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CHECK_PARAMSET_H +#define HKS_CHECK_PARAMSET_H + +#include +#include + +#include "hks_type_inner.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksCoreCheckGenKeyParams(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksBlob *keyIn, const struct HksBlob *keyOut); + +int32_t HksCoreCheckImportKeyParams(const struct HksBlob *keyAlias, const struct HksBlob *key, + const struct HksParamSet *paramSet, const struct HksBlob *keyOut); + +int32_t HksCoreCheckImportWrappedKeyParams(const struct HksBlob *key, const struct HksBlob *wrappedKeyData, + const struct HksParamSet *paramSet, struct HksBlob *keyOut, uint32_t *outUnwrapSuite); + +int32_t HksCoreCheckSignVerifyParams(uint32_t cmdId, const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, const struct HksBlob *signature); + +int32_t HksCoreCheckCipherParams(uint32_t cmdId, const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *inData, const struct HksBlob *outData); + +int32_t HksCoreCheckAgreeKeyParams(const struct HksParamSet *paramSet, const struct HksBlob *privateKey, + const struct HksBlob *peerPublicKey, const struct HksBlob *agreedKey, bool isLocalCheck); + +int32_t HksLocalCheckSignVerifyParams(uint32_t cmdId, uint32_t keySize, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, const struct HksBlob *signature); + +int32_t HksLocalCheckCipherParams(uint32_t cmdId, uint32_t keySize, const struct HksParamSet *paramSet, + const struct HksBlob *inData, const struct HksBlob *outData); + +int32_t HksCoreCheckDeriveKeyParams(const struct HksParamSet *paramSet, const struct HksBlob *mainKey, + const struct HksBlob *derivedKey, bool isLocalCheck); + +int32_t HksCoreCheckMacParams(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, const struct HksBlob *mac, bool isLocalCheck); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_CHECK_PARAMSET_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_cmd_id.h b/huks/frameworks/huks_standard/main/common/include/hks_cmd_id.h new file mode 100644 index 0000000..89606c1 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_cmd_id.h @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CMD_ID_H +#define HKS_CMD_ID_H + +#include "hks_type_inner.h" + +enum HksCmdId { + HKS_CMD_ID_INVALID = 0x0, + HKS_CMD_ID_GENERATE_KEY, + HKS_CMD_ID_GET_KEY_CHARACTER, + HKS_CMD_ID_BEGIN, + HKS_CMD_ID_UPDATE, + HKS_CMD_ID_FINISH, + HKS_CMD_ID_ABORT, + HKS_CMD_ID_SET, + HKS_CMD_ID_GET, + HKS_CMD_ID_ATTEST_KEY, + HKS_CMD_ID_EXPORT_KEY, + HKS_CMD_ID_DELETE, + HKS_CMD_ID_EXPORT_TRUST_CERT, + HKS_CMD_ID_ECDH, + HKS_CMD_ID_ATTEST_TA_KEY, + HKS_CMD_ID_SET_KEY_PROTECTION, + HKS_CMD_ID_CONFIGURE, + + HKS_CMD_ID_IMPORT_KEY = 0x100, + HKS_CMD_ID_GET_CERTCHAIN = 0x101, + HKS_CMD_ID_SIGN = 0x102, + HKS_CMD_ID_SIGN_INIT = 0x103, + HKS_CMD_ID_SIGN_UPDATE = 0x104, + HKS_CMD_ID_SIGN_FINAL = 0x105, + HKS_CMD_ID_VERIFY = 0x106, + HKS_CMD_ID_VERIFY_INIT = 0x107, + HKS_CMD_ID_VERIFY_UPDATE = 0x108, + HKS_CMD_ID_VERIFY_FINAL = 0x109, + HKS_CMD_ID_MAC = 0x10A, + HKS_CMD_ID_MAC_INIT = 0x10B, + HKS_CMD_ID_MAC_UPDATE = 0x10C, + HKS_CMD_ID_MAC_FINAL = 0x10D, + HKS_CMD_ID_ENCRYPT = 0x10E, + HKS_CMD_ID_ENCRYPT_INIT = 0x10F, + HKS_CMD_ID_ENCRYPT_UPDATE = 0x110, + HKS_CMD_ID_ENCRYPT_FINAL = 0x111, + HKS_CMD_ID_DECRYPT = 0x112, + HKS_CMD_ID_DECRYPT_INIT = 0x113, + HKS_CMD_ID_DECRYPT_UPDATE = 0x114, + HKS_CMD_ID_DECRYPT_FINAL = 0x115, + HKS_CMD_ID_CHECK_KEY_LEGALITY = 0x116, + HKS_CMD_ID_GENERATE_RANDOM = 0x117, + HKS_CMD_ID_AGREE_KEY = 0x118, + HKS_CMD_ID_DERIVE_KEY = 0x119, + + HKS_CMD_ID_WRAP = 0x1000, + HKS_CMD_ID_UNWRAP = 0x1001, + + HKS_CMD_ID_SIGN_WITH_DEV_KEY = 0x00010103, + + HKS_CMD_ID_GET_FP_AUTH_RESULT_QCOM = 0x00020500, + + HKS_CMD_ID_INJECT_KEY = 0x00010015, + HKS_CMD_ID_INJECT_KEY_VERIFY = 0x00010016, +}; + +#endif diff --git a/huks/frameworks/huks_standard/main/common/include/hks_common_check.h b/huks/frameworks/huks_standard/main/common/include/hks_common_check.h new file mode 100644 index 0000000..db6a986 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_common_check.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_COMMON_CHECK_H +#define HKS_COMMON_CHECK_H + +#include +#include + +#include "hks_type.h" + +#define HKS_DIGEST_MD5_LEN 16 +#define HKS_DIGEST_SHA1_LEN 20 +#define HKS_DIGEST_SHA224_LEN 28 +#define HKS_DIGEST_SHA256_LEN 32 +#define HKS_DIGEST_SHA384_LEN 48 +#define HKS_DIGEST_SHA512_LEN 64 +#define HKS_DIGEST_SM3_LEN 32 + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksCheckBlob4(const struct HksBlob *data1, const struct HksBlob *data2, + const struct HksBlob *data3, const struct HksBlob *data4); + +int32_t HksCheckBlob3(const struct HksBlob *data1, const struct HksBlob *data2, const struct HksBlob *data3); + +int32_t HksCheckBlob2(const struct HksBlob *data1, const struct HksBlob *data2); + +int32_t HksCheckParamSetValidity(const struct HksParamSet *paramSet); + +int32_t HksCheckBlob4AndParamSet(const struct HksBlob *data1, const struct HksBlob *data2, + const struct HksBlob *data3, const struct HksBlob *data4, const struct HksParamSet *paramSet); + +int32_t HksCheckBlob3AndParamSet(const struct HksBlob *data1, const struct HksBlob *data2, + const struct HksBlob *data3, const struct HksParamSet *paramSet); + +int32_t HksCheckBlob2AndParamSet(const struct HksBlob *data1, const struct HksBlob *data2, + const struct HksParamSet *paramSet); + +int32_t HksCheckBlobAndParamSet(const struct HksBlob *data, const struct HksParamSet *paramSet); + +int32_t HksGetDigestLen(uint32_t digest, uint32_t *digestLen); + +int32_t HksCheckAesAeMode(const struct HksParamSet *paramSet, bool *isAes, bool *isAeMode); + +int32_t HksCheckWrappedDataFormatValidity(const struct HksBlob *wrappedData, uint32_t validTotalBlobs, + const uint32_t *validBlobLengths); + +int32_t HksGetBlobFromWrappedData(const struct HksBlob *wrappedData, uint32_t blobIndex, uint32_t totalBlobs, + struct HksBlob *blob); +#ifdef __cplusplus +} +#endif + +#endif /* HKS_COMMON_CHECK_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_config.h b/huks/frameworks/huks_standard/main/common/include/hks_config.h new file mode 100644 index 0000000..188b48f --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_config.h @@ -0,0 +1,228 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CONFIG_H +#define HKS_CONFIG_H + +#define HKS_SUPPORT_POSIX + +#define HKS_SUPPORT_THREAD + +#define HKS_LOG_ENGINE_LOG_CORE +#define HKS_ENABLE_LOG_PUBLIC + +#define HKS_SUPPORT_API_ATTEST_KEY + +// #define HKS_SUPPORT_ACCESS_TOKEN + +/* AES */ +#define HKS_SUPPORT_AES_C +#define HKS_SUPPORT_AES_GENERATE_KEY +#define HKS_SUPPORT_AES_CBC_NOPADDING +#define HKS_SUPPORT_AES_CBC_PKCS7 +#define HKS_SUPPORT_AES_GCM +#define HKS_SUPPORT_AES_CTR_NOPADDING +#define HKS_SUPPORT_AES_ECB_NOPADDING +#define HKS_SUPPORT_AES_ECB_PKCS7PADDING + +/* BN */ +#define HKS_SUPPORT_BN_C + +/* ECC */ +#define HKS_SUPPORT_ECC_C +#define HKS_SUPPORT_ECC_GENERATE_KEY +#define HKS_SUPPORT_ECC_GET_PUBLIC_KEY + +#define HKS_SUPPORT_ECDH_C +#define HKS_SUPPORT_ECDH_AGREE_KEY + +#define HKS_SUPPORT_ECDSA_C +#define HKS_SUPPORT_ECDSA_SIGN_VERIFY + +/* ED25519 */ +#define HKS_SUPPORT_ED25519_C +#define HKS_SUPPORT_ED25519_GENERATE_KEY +#define HKS_SUPPORT_ED25519_SIGN_VERIFY +#define HKS_SUPPORT_ED2519_GET_PUBLIC_KEY + +/* HASH */ +#define HKS_SUPPORT_HASH_C +#define HKS_SUPPORT_HASH_SHA1 +#define HKS_SUPPORT_HASH_SHA224 +#define HKS_SUPPORT_HASH_SHA256 +#define HKS_SUPPORT_HASH_SHA384 +#define HKS_SUPPORT_HASH_SHA512 +#define HKS_SUPPORT_HASH_MD5 + +/* HMAC */ +#define HKS_SUPPORT_HMAC_C +#define HKS_SUPPORT_HMAC_GENERATE_KEY +#define HKS_SUPPORT_HMAC_SHA1 +#define HKS_SUPPORT_HMAC_SHA224 +#define HKS_SUPPORT_HMAC_SHA256 +#define HKS_SUPPORT_HMAC_SHA384 +#define HKS_SUPPORT_HMAC_SHA512 + +/* KDF */ +#define HKS_SUPPORT_KDF_C +#define HKS_SUPPORT_KDF_PBKDF2 +#define HKS_SUPPORT_KDF_HKDF + +/* RSA */ +#define HKS_SUPPORT_RSA_C +#define HKS_SUPPORT_RSA_GENERATE_KEY +#define HKS_SUPPORT_RSA_CRYPT +#define HKS_SUPPORT_RSA_SIGN_VERIFY +#define HKS_SUPPORT_RSA_GET_PUBLIC_KEY +#define HKS_SUPPORT_RSA_ECB_NOPADDING +#define HKS_SUPPORT_RSA_ECB_PKCS1PADDING +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA1MGF1 +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA224MGF1 +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA256MGF1 +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA384MGF1 +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA512MGF1 +#define HKS_SUPPORT_RSA_ECB_OEAPPADDING +#define HKS_SUPPORT_RSA_PSS + +/* DH */ +#define HKS_SUPPORT_DH_C +#define HKS_SUPPORT_DH_GENERATE_KEY +#define HKS_SUPPORT_DH_AGREE_KEY +#define HKS_SUPPORT_DH_GET_PUBLIC_KEY + +/* DSA */ +#define HKS_SUPPORT_DSA_C +#define HKS_SUPPORT_DSA_GENERATE_KEY +#define HKS_SUPPORT_DSA_SIGN_VERIFY +#define HKS_SUPPORT_DSA_GET_PUBLIC_KEY + +/* X25519 */ +#define HKS_SUPPORT_X25519_C +#define HKS_SUPPORT_X25519_GENERATE_KEY +#define HKS_SUPPORT_X25519_AGREE_KEY +#define HKS_SUPPORT_X25519_GET_PUBLIC_KEY + +#define HKS_SUPPORT_ED25519_TO_X25519 + +/* SM2 */ +#ifdef HKS_SUPPORT_ECC_C +#define HKS_SUPPORT_SM2_C +#define HKS_SUPPORT_SM2_SIGN_VERIFY +#ifdef HKS_SUPPORT_ECC_GENERATE_KEY +#define HKS_SUPPORT_SM2_GENERATE_KEY +#endif +#ifdef HKS_SUPPORT_ECC_GET_PUBLIC_KEY +#define HKS_SUPPORT_SM2_GET_PUBLIC_KEY +#endif +#endif + +/* SM3 */ +#define HKS_SUPPORT_SM3_C +#define HKS_SUPPORT_SM3_GENERATE_KEY +#if defined(HKS_SUPPORT_SM3_C) && defined(HKS_SUPPORT_HMAC_C) +#define HKS_SUPPORT_HMAC_SM3 +#endif +#if defined(HKS_SUPPORT_SM3_C) && defined(HKS_SUPPORT_HASH_C) +#define HKS_SUPPORT_HASH_SM3 +#endif + +/* SM4 */ +#define HKS_SUPPORT_SM4_C +#define HKS_SUPPORT_SM4_GENERATE_KEY +#define HKS_SUPPORT_SM4_CBC_NOPADDING +#define HKS_SUPPORT_SM4_CBC_PKCS7 +#define HKS_SUPPORT_SM4_CTR_NOPADDING +#define HKS_SUPPORT_SM4_ECB_NOPADDING +#define HKS_SUPPORT_SM4_ECB_PKCS7 + +/* enable cfi */ +#define HKS_SUPPORT_CFI + +#if defined(_SUPPORT_HKS_TEE_) && defined(HKS_SUPPORT_HMAC_GENERATE_KEY) +#define HKS_SUPPORT_GET_AT_KEY +#endif + +#if defined(HKS_SUPPORT_AES_GENERATE_KEY) || defined(HKS_SUPPORT_DH_GENERATE_KEY) || \ + defined(HKS_SUPPORT_DSA_GENERATE_KEY) || defined(HKS_SUPPORT_ECC_GENERATE_KEY) || \ + defined(HKS_SUPPORT_ED25519_GENERATE_KEY) || defined(HKS_SUPPORT_HMAC_GENERATE_KEY) || \ + defined(HKS_SUPPORT_RSA_GENERATE_KEY) || defined(HKS_SUPPORT_X25519_GENERATE_KEY) || \ + defined(HKS_SUPPORT_SM2_GENERATE_KEY) || defined(HKS_SUPPORT_SM3_GENERATE_KEY) || \ + defined(HKS_SUPPORT_SM4_GENERATE_KEY) +#define HKS_SUPPORT_API_GENERATE_KEY +#define HKS_SUPPORT_API_DELETE_KEY +#define HKS_SUPPORT_API_GET_KEY_PARAM_SET +#define HKS_SUPPORT_API_KEY_EXIST +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || defined(HKS_SUPPORT_ED25519_C) || \ + defined(HKS_SUPPORT_X25519_C) || defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DSA_C) || \ + defined(HKS_SUPPORT_DH_C) || defined(HKS_SUPPORT_SM2_C) +#define HKS_SUPPORT_API_IMPORT +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || defined(HKS_SUPPORT_ED25519_C) || \ + defined(HKS_SUPPORT_X25519_C) || defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DSA_C) || \ + defined(HKS_SUPPORT_DH_C) || defined(HKS_SUPPORT_SM2_C) +#define HKS_SUPPORT_API_EXPORT +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || defined(HKS_SUPPORT_ED25519_C) || \ + defined(HKS_SUPPORT_X25519_C) || defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DSA_C) || \ + defined(HKS_SUPPORT_DH_C) || defined(HKS_SUPPORT_SM2_C) +#define HKS_SUPPORT_API_IMPORT_WRAPPED_KEY +#endif + +#define HKS_SUPPORT_API_GENERATE_RANDOM + +#if defined(HKS_SUPPORT_ECDSA_SIGN_VERIFY) || defined(HKS_SUPPORT_ED25519_SIGN_VERIFY) || \ + defined(HKS_SUPPORT_RSA_SIGN_VERIFY) || defined(HKS_SUPPORT_DSA_SIGN_VERIFY) +#define HKS_SUPPORT_API_SIGN_VERIFY +#endif + +#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_RSA_CRYPT) +#define HKS_SUPPORT_API_CIPHER +#endif + +#if defined(HKS_SUPPORT_X25519_AGREE_KEY) || defined(HKS_SUPPORT_ECDH_AGREE_KEY) || defined(HKS_SUPPORT_DH_AGREE_KEY) +#define HKS_SUPPORT_API_AGREE_KEY +#endif + +#ifdef HKS_SUPPORT_KDF_C +#define HKS_SUPPORT_API_DERIVE_KEY +#endif + +#ifdef HKS_SUPPORT_HMAC_C +#define HKS_SUPPORT_API_MAC +#endif + +#ifdef HKS_SUPPORT_HASH_C +#define HKS_SUPPORT_API_HASH +#endif + +#ifdef HKS_SUPPORT_BN_C +#define HKS_SUPPORT_API_BN_EXP_MOD +#endif + +#ifndef HKS_SUPPORT_LITE_HEAP +#define HKS_SUPPORT_API_GET_KEY_INFO_LIST +#endif + +/* Key user auth access control */ +// #if defined(HKS_SUPPORT_HMAC_C) && defined(HKS_SUPPORT_API_GENERATE_KEY) && (defined(HKS_SUPPORT_API_IMPORT) || \ +// defined(HKS_SUPPORT_API_GENERATE_KEY) || defined(HKS_SUPPORT_API_IMPORT_WRAPPED_KEY)) +// #define HKS_SUPPORT_USER_AUTH_ACCESS_CONTROL +// #endif + +#endif /* HKS_CONFIG_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_config_base.h b/huks/frameworks/huks_standard/main/common/include/hks_config_base.h new file mode 100644 index 0000000..f1c9fb1 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_config_base.h @@ -0,0 +1,177 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CONFIG_H +#define HKS_CONFIG_H + +#define HKS_SUPPORT_LITE_HEAP +#define HKS_SUPPORT_UPGRADE_STORAGE_DATA +#define HKS_SUPPORT_POSIX + +#define HKS_SUPPORT_SEC_LEVEL + +/* AES */ +#define HKS_SUPPORT_AES_C +#define HKS_SUPPORT_AES_GENERATE_KEY +#define HKS_SUPPORT_AES_CBC_NOPADDING +#define HKS_SUPPORT_AES_CBC_PKCS7 +#define HKS_SUPPORT_AES_GCM +#define HKS_SUPPORT_AES_CCM +#define HKS_SUPPORT_AES_CTR_NOPADDING +#define HKS_SUPPORT_AES_ECB_NOPADDING +#define HKS_SUPPORT_AES_ECB_PKCS7PADDING + +/* BN */ +#define HKS_SUPPORT_BN_C + +/* ECC */ +#define HKS_SUPPORT_ECC_C +#define HKS_SUPPORT_ECC_GENERATE_KEY +#define HKS_SUPPORT_ECC_GET_PUBLIC_KEY + +#define HKS_SUPPORT_ECDH_C +#define HKS_SUPPORT_ECDH_AGREE_KEY + +#define HKS_SUPPORT_ECDSA_C +#define HKS_SUPPORT_ECDSA_SIGN_VERIFY + +/* ED25519 */ +#define HKS_SUPPORT_ED25519_C +#define HKS_SUPPORT_ED25519_GENERATE_KEY +#define HKS_SUPPORT_ED25519_SIGN_VERIFY +#define HKS_SUPPORT_ED2519_GET_PUBLIC_KEY + +/* HASH */ +#define HKS_SUPPORT_HASH_C +#define HKS_SUPPORT_HASH_SHA1 +#define HKS_SUPPORT_HASH_SHA224 +#define HKS_SUPPORT_HASH_SHA256 +#define HKS_SUPPORT_HASH_SHA384 +#define HKS_SUPPORT_HASH_SHA512 +#define HKS_SUPPORT_HASH_MD5 + +/* HMAC */ +#define HKS_SUPPORT_HMAC_C +#define HKS_SUPPORT_HMAC_GENERATE_KEY +#define HKS_SUPPORT_HMAC_SHA1 +#define HKS_SUPPORT_HMAC_SHA224 +#define HKS_SUPPORT_HMAC_SHA256 +#define HKS_SUPPORT_HMAC_SHA384 +#define HKS_SUPPORT_HMAC_SHA512 + +/* KDF */ +#define HKS_SUPPORT_KDF_C +#define HKS_SUPPORT_KDF_PBKDF2 +#define HKS_SUPPORT_KDF_HKDF + +/* RSA */ +#define HKS_SUPPORT_RSA_C +#define HKS_SUPPORT_RSA_GENERATE_KEY +#define HKS_SUPPORT_RSA_CRYPT +#define HKS_SUPPORT_RSA_SIGN_VERIFY +#define HKS_SUPPORT_RSA_GET_PUBLIC_KEY +#define HKS_SUPPORT_RSA_ECB_NOPADDING +#define HKS_SUPPORT_RSA_ECB_PKCS1PADDING +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA1MGF1 +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA224MGF1 +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA256MGF1 +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA384MGF1 +#define HKS_SUPPORT_RSA_ECB_OAEPPADDING_SHA512MGF1 +#define HKS_SUPPORT_RSA_ECB_OEAPPADDING +#define HKS_SUPPORT_RSA_PSS + +/* DH */ +#define HKS_SUPPORT_DH_C +#define HKS_SUPPORT_DH_GENERATE_KEY +#define HKS_SUPPORT_DH_AGREE_KEY +#define HKS_SUPPORT_DH_GET_PUBLIC_KEY + +/* DSA */ +#define HKS_SUPPORT_DSA_C +#define HKS_SUPPORT_DSA_GENERATE_KEY +#define HKS_SUPPORT_DSA_SIGN_VERIFY +#define HKS_SUPPORT_DSA_GET_PUBLIC_KEY + +/* X25519 */ +#define HKS_SUPPORT_X25519_C +#define HKS_SUPPORT_X25519_GENERATE_KEY +#define HKS_SUPPORT_X25519_AGREE_KEY +#define HKS_SUPPORT_X25519_GET_PUBLIC_KEY + +#define HKS_SUPPORT_ED25519_TO_X25519 + +#if defined(HKS_SUPPORT_AES_GENERATE_KEY) || defined(HKS_SUPPORT_DH_GENERATE_KEY) || \ + defined(HKS_SUPPORT_DSA_GENERATE_KEY) || defined(HKS_SUPPORT_ECC_GENERATE_KEY) || \ + defined(HKS_SUPPORT_ED25519_GENERATE_KEY) || defined(HKS_SUPPORT_HMAC_GENERATE_KEY) || \ + defined(HKS_SUPPORT_RSA_GENERATE_KEY) || defined(HKS_SUPPORT_X25519_GENERATE_KEY) +#define HKS_SUPPORT_API_GENERATE_KEY +#define HKS_SUPPORT_API_DELETE_KEY +#define HKS_SUPPORT_API_GET_KEY_PARAM_SET +#define HKS_SUPPORT_API_KEY_EXIST +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || defined(HKS_SUPPORT_ED25519_C) || \ + defined(HKS_SUPPORT_X25519_C) || defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DSA_C) || \ + defined(HKS_SUPPORT_DH_C) +#define HKS_SUPPORT_API_IMPORT +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || defined(HKS_SUPPORT_ED25519_C) || \ + defined(HKS_SUPPORT_X25519_C) || defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_DSA_C) || \ + defined(HKS_SUPPORT_DH_C) +#define HKS_SUPPORT_API_EXPORT +#endif + +#define HKS_SUPPORT_API_GENERATE_RANDOM + +#if defined(HKS_SUPPORT_ECDSA_SIGN_VERIFY) || defined(HKS_SUPPORT_ED25519_SIGN_VERIFY) || \ + defined(HKS_SUPPORT_RSA_SIGN_VERIFY) || defined(HKS_SUPPORT_DSA_SIGN_VERIFY) +#define HKS_SUPPORT_API_SIGN_VERIFY +#endif + +#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_RSA_CRYPT) +#define HKS_SUPPORT_API_CIPHER +#endif + +#if defined(HKS_SUPPORT_X25519_AGREE_KEY) || defined(HKS_SUPPORT_ECDH_AGREE_KEY) || defined(HKS_SUPPORT_DH_AGREE_KEY) +#define HKS_SUPPORT_API_AGREE_KEY +#endif + +#ifdef HKS_SUPPORT_KDF_C +#define HKS_SUPPORT_API_DERIVE_KEY +#endif + +#ifdef HKS_SUPPORT_HMAC_C +#define HKS_SUPPORT_API_MAC +#endif + +#ifdef HKS_SUPPORT_HASH_C +#define HKS_SUPPORT_API_HASH +#endif + +#ifdef HKS_SUPPORT_BN_C +#define HKS_SUPPORT_API_BN_EXP_MOD +#endif + +#ifndef HKS_SUPPORT_LITE_HEAP +#define HKS_SUPPORT_API_GET_KEY_INFO_LIST +#endif + +#define HKS_SUPPORT_API_ATTEST_KEY +#define HKS_SUPPORT_API_GET_CERTIFICATE_CHAIN +#define HKS_SUPPORT_API_WRAP_KEY +#define HKS_SUPPORT_API_UNWRAP_KEY + +#endif /* HKS_CONFIG_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_config_lite.h b/huks/frameworks/huks_standard/main/common/include/hks_config_lite.h new file mode 100644 index 0000000..61ff132 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_config_lite.h @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2021-2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CONFIG_H +#define HKS_CONFIG_H + +#define HKS_SUPPORT_POSIX + +#define HKS_LOG_ENGINE_HILOG_MODULE_SCY + +/* AES */ +#define HKS_SUPPORT_AES_C +#define HKS_SUPPORT_AES_GENERATE_KEY +#define HKS_SUPPORT_AES_CBC_NOPADDING +#define HKS_SUPPORT_AES_CBC_PKCS7 +#define HKS_SUPPORT_AES_GCM + +/* BN */ +#define HKS_SUPPORT_BN_C + +/* HASH */ +#define HKS_SUPPORT_HASH_C +#define HKS_SUPPORT_HASH_SHA256 +#define HKS_SUPPORT_HASH_SHA384 +#define HKS_SUPPORT_HASH_SHA512 + +/* HMAC */ +#define HKS_SUPPORT_HMAC_C +#define HKS_SUPPORT_HMAC_SHA256 +#define HKS_SUPPORT_HMAC_SHA384 +#define HKS_SUPPORT_HMAC_SHA512 + +/* KDF */ +#define HKS_SUPPORT_KDF_C +#define HKS_SUPPORT_KDF_PBKDF2 +#define HKS_SUPPORT_KDF_HKDF + +/* X25519 */ +#define HKS_SUPPORT_X25519_C +#define HKS_SUPPORT_X25519_GENERATE_KEY +#define HKS_SUPPORT_X25519_AGREE_KEY +#define HKS_SUPPORT_X25519_GET_PUBLIC_KEY + +#if defined(HKS_SUPPORT_AES_GENERATE_KEY) || defined(HKS_SUPPORT_ECC_GENERATE_KEY) || \ + defined(HKS_SUPPORT_ED25519_GENERATE_KEY) || defined(HKS_SUPPORT_RSA_GENERATE_KEY) || \ + defined(HKS_SUPPORT_X25519_GENERATE_KEY) +#define HKS_SUPPORT_API_GENERATE_KEY +#define HKS_SUPPORT_API_DELETE_KEY +#define HKS_SUPPORT_API_GET_KEY_PARAM_SET +#define HKS_SUPPORT_API_KEY_EXIST +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || \ + defined(HKS_SUPPORT_ED25519_C) || defined(HKS_SUPPORT_X25519_C) || \ + defined(HKS_SUPPORT_AES_C) +#define HKS_SUPPORT_API_IMPORT +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || \ + defined(HKS_SUPPORT_ED25519_C) || defined(HKS_SUPPORT_X25519_C) +#define HKS_SUPPORT_API_EXPORT +#endif + +#define HKS_SUPPORT_API_GENERATE_RANDOM + +#if defined(HKS_SUPPORT_ECDSA_C) || defined(HKS_SUPPORT_ED25519_SIGN_VERIFY) || \ + defined(HKS_SUPPORT_RSA_SIGN_VERIFY) +#define HKS_SUPPORT_API_SIGN_VERIFY +#endif + +#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_RSA_CRYPT) +#define HKS_SUPPORT_API_CIPHER +#endif + +#if defined(HKS_SUPPORT_X25519_AGREE_KEY) || defined(HKS_SUPPORT_ECDH_C) +#define HKS_SUPPORT_API_AGREE_KEY +#endif + +#ifdef HKS_SUPPORT_KDF_C +#define HKS_SUPPORT_API_DERIVE_KEY +#endif + +#ifdef HKS_SUPPORT_HMAC_C +#define HKS_SUPPORT_API_MAC +#endif + +#ifdef HKS_SUPPORT_HASH_C +#define HKS_SUPPORT_API_HASH +#endif + +#ifdef HKS_SUPPORT_BN_C +#define HKS_SUPPORT_API_BN_EXP_MOD +#endif + +#ifndef HKS_SUPPORT_LITE_HEAP +#define HKS_SUPPORT_API_GET_KEY_INFO_LIST +#endif + +#endif /* HKS_CONFIG_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_config_small.h b/huks/frameworks/huks_standard/main/common/include/hks_config_small.h new file mode 100644 index 0000000..d8692e7 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_config_small.h @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CONFIG_H +#define HKS_CONFIG_H + +#define HKS_SUPPORT_POSIX + +#ifndef __LINUX__ +#define HKS_ENABLE_LOG_PUBLIC +#endif +#define HKS_LOG_ENGINE_HILOG_MODULE_SCY + +/* AES */ +#define HKS_SUPPORT_AES_C +#define HKS_SUPPORT_AES_GENERATE_KEY +#define HKS_SUPPORT_AES_CBC_NOPADDING +#define HKS_SUPPORT_AES_CBC_PKCS7 +#define HKS_SUPPORT_AES_GCM + +/* BN */ +#define HKS_SUPPORT_BN_C + +/* ECC */ +#define HKS_SUPPORT_ECC_C +#define HKS_SUPPORT_ECC_GENERATE_KEY +#define HKS_SUPPORT_ECC_GET_PUBLIC_KEY +#define HKS_SUPPORT_ECDH_C +#define HKS_SUPPORT_ECDSA_C + +/* ED25519 */ +#define HKS_SUPPORT_ED25519_C +#define HKS_SUPPORT_ED25519_GENERATE_KEY +#define HKS_SUPPORT_ED25519_SIGN_VERIFY +#define HKS_SUPPORT_ED2519_GET_PUBLIC_KEY + +/* HASH */ +#define HKS_SUPPORT_HASH_C +#define HKS_SUPPORT_HASH_SHA256 +#define HKS_SUPPORT_HASH_SHA384 +#define HKS_SUPPORT_HASH_SHA512 + +/* HMAC */ +#define HKS_SUPPORT_HMAC_C +#define HKS_SUPPORT_HMAC_SHA256 +#define HKS_SUPPORT_HMAC_SHA384 +#define HKS_SUPPORT_HMAC_SHA512 + +/* KDF */ +#define HKS_SUPPORT_KDF_C +#define HKS_SUPPORT_KDF_PBKDF2 +#define HKS_SUPPORT_KDF_HKDF + +/* RSA */ +#define HKS_SUPPORT_RSA_C +#define HKS_SUPPORT_RSA_GENERATE_KEY +#define HKS_SUPPORT_RSA_CRYPT +#define HKS_SUPPORT_RSA_SIGN_VERIFY +#define HKS_SUPPORT_RSA_GET_PUBLIC_KEY + +/* X25519 */ +#define HKS_SUPPORT_X25519_C +#define HKS_SUPPORT_X25519_GENERATE_KEY +#define HKS_SUPPORT_X25519_AGREE_KEY +#define HKS_SUPPORT_X25519_GET_PUBLIC_KEY + +#define HKS_SUPPORT_ED25519_TO_X25519 + +#if defined(HKS_SUPPORT_AES_GENERATE_KEY) || defined(HKS_SUPPORT_ECC_GENERATE_KEY) || \ + defined(HKS_SUPPORT_ED25519_GENERATE_KEY) || defined(HKS_SUPPORT_RSA_GENERATE_KEY) || \ + defined(HKS_SUPPORT_X25519_GENERATE_KEY) +#define HKS_SUPPORT_API_GENERATE_KEY +#define HKS_SUPPORT_API_DELETE_KEY +#define HKS_SUPPORT_API_GET_KEY_PARAM_SET +#define HKS_SUPPORT_API_KEY_EXIST +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || \ + defined(HKS_SUPPORT_ED25519_C) || defined(HKS_SUPPORT_X25519_C) || \ + defined(HKS_SUPPORT_AES_C) +#define HKS_SUPPORT_API_IMPORT +#endif + +#if defined(HKS_SUPPORT_ECC_C) || defined(HKS_SUPPORT_RSA_C) || \ + defined(HKS_SUPPORT_ED25519_C) || defined(HKS_SUPPORT_X25519_C) +#define HKS_SUPPORT_API_EXPORT +#endif + +#define HKS_SUPPORT_API_GENERATE_RANDOM + +#if defined(HKS_SUPPORT_ECDSA_C) || defined(HKS_SUPPORT_ED25519_SIGN_VERIFY) || \ + defined(HKS_SUPPORT_RSA_SIGN_VERIFY) +#define HKS_SUPPORT_API_SIGN_VERIFY +#endif + +#if defined(HKS_SUPPORT_AES_C) || defined(HKS_SUPPORT_RSA_CRYPT) +#define HKS_SUPPORT_API_CIPHER +#endif + +#if defined(HKS_SUPPORT_X25519_AGREE_KEY) || defined(HKS_SUPPORT_ECDH_C) +#define HKS_SUPPORT_API_AGREE_KEY +#endif + +#ifdef HKS_SUPPORT_KDF_C +#define HKS_SUPPORT_API_DERIVE_KEY +#endif + +#ifdef HKS_SUPPORT_HMAC_C +#define HKS_SUPPORT_API_MAC +#endif + +#ifdef HKS_SUPPORT_HASH_C +#define HKS_SUPPORT_API_HASH +#endif + +#ifdef HKS_SUPPORT_BN_C +#define HKS_SUPPORT_API_BN_EXP_MOD +#endif + +#ifndef HKS_SUPPORT_LITE_HEAP +#define HKS_SUPPORT_API_GET_KEY_INFO_LIST +#endif + +#endif /* HKS_CONFIG_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_crypto_adapter.h b/huks/frameworks/huks_standard/main/common/include/hks_crypto_adapter.h new file mode 100644 index 0000000..a4d6a9c --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_crypto_adapter.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CRYPTO_ADAPTER_H +#define HKS_CRYPTO_ADAPTER_H + +#include +#include + +#include "hks_crypto_hal.h" +#include "hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +void HksFillKeySpec(const struct HksParamSet *paramSet, struct HksKeySpec *spec); + +void HksFillUsageSpec(const struct HksParamSet *paramSet, struct HksUsageSpec *usageSpec); + +void HksFreeUsageSpec(struct HksUsageSpec **usageSpec); + +void HksFillKeyDerivationParam(const struct HksParamSet *paramSet, struct HksKeyDerivationParam *param); + +int32_t HksFillAeadParam(const struct HksParamSet *paramSet, struct HksBlob *inputText, struct HksUsageSpec *usageSpec, + bool isEncrypt); + +int32_t HksFillIvParam(const struct HksParamSet *paramSet, struct HksUsageSpec *usageSpec); + +int32_t HksBuildCipherUsageSpec(const struct HksParamSet *paramSet, bool isEncrypt, struct HksBlob *inputText, + struct HksUsageSpec **outUsageSpec); + +int32_t HksGetEncryptAeTag(const struct HksParamSet *paramSet, const struct HksBlob *inData, struct HksBlob *outData, + struct HksBlob *tagAead); + +int32_t HksSetKeyToMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *key, struct HksBlob *keyMaterial); + +int32_t HksGetKeyFromMaterial(uint32_t alg, bool isPubKey, const struct HksBlob *keyMaterial, struct HksBlob *key); + +int32_t HksFormatKeyFromMaterial(uint32_t alg, const struct HksBlob *keyMaterial, struct HksParamSet *paramSetOut); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/huks/frameworks/huks_standard/main/common/include/hks_crypto_hal.h b/huks/frameworks/huks_standard/main/common/include/hks_crypto_hal.h new file mode 100644 index 0000000..1543691 --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_crypto_hal.h @@ -0,0 +1,255 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CRYPTO_HAL_H +#define HKS_CRYPTO_HAL_H + +#include "hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +enum HksKeyAlgMode { + HKS_ALGORITHM_RSA_MODE_CRT = 1, + HKS_ALGORITHM_RSA_MODE_NO_CRT = 2, + HKS_ALGORITHM_EC_MODE_ECDH = 3, + HKS_ALGORITHM_ED_MODE_SIG_VERIFY = 4, + HKS_ALGORITHM_ED_MODE_VERIFY = 5, + HKS_ALGORITHM_X25519_MODE = 6, +}; + +struct HksKeySpec { + uint32_t algType; + uint32_t keyLen; + void *algParam; /* for example : struct HksKeyDerivationParam */ +}; + +struct HksKeyDerivationParam { + struct HksBlob salt; + struct HksBlob info; + uint32_t iterations; + uint32_t digestAlg; +}; + +struct HksAeadParam { + struct HksBlob nonce; + struct HksBlob aad; + union { + struct HksBlob tagDec; + uint32_t tagLenEnc; + }; + uint32_t payloadLen; +}; + +struct HksCipherParam { + struct HksBlob iv; +}; + +struct HksUsageSpec { + uint32_t algType; + uint32_t mode; + uint32_t padding; + uint32_t digest; + uint32_t purpose; + /* + * Different algorithms correspond to different structures,for example: + * struct HksAeadParam for aead; + * struct HksCipherParam for cipher; + */ + void *algParam; +}; + +struct KeyMaterialRsa { + enum HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t nSize; + uint32_t eSize; + uint32_t dSize; +}; + +struct KeyMaterialEcc { + enum HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t xSize; + uint32_t ySize; + uint32_t zSize; +}; + +struct KeyMaterialDsa { + enum HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t xSize; + uint32_t ySize; + uint32_t pSize; + uint32_t qSize; + uint32_t gSize; +}; + +struct KeyMaterialDh { + enum HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t pubKeySize; + uint32_t priKeySize; + uint32_t reserved; +}; + +struct KeyMaterial25519 { + enum HksKeyAlg keyAlg; + uint32_t keySize; + uint32_t pubKeySize; + uint32_t priKeySize; + uint32_t reserved; +}; + +typedef int32_t (*GetMainKey)(const struct HksBlob *, struct HksBlob *); + +typedef int32_t (*GenerateKey)(const struct HksKeySpec *, struct HksBlob *); + +typedef int32_t (*PubKey)(const struct HksBlob *, struct HksBlob *); + +typedef int32_t (*DeriveKey)(const struct HksBlob *, const struct HksKeySpec *, struct HksBlob *); + +typedef int32_t (*FillRandom)(struct HksBlob *); + +typedef int32_t (*AgreeKey)(const struct HksBlob *, const struct HksBlob *, const struct HksKeySpec *, + struct HksBlob *); + +typedef int32_t (*Sign)(const struct HksBlob *, const struct HksUsageSpec *, const struct HksBlob *, + struct HksBlob *); + +typedef int32_t (*Verify)(const struct HksBlob *, const struct HksUsageSpec *, const struct HksBlob *, + const struct HksBlob *); + +typedef int32_t (*Hmac)(const struct HksBlob *, uint32_t, const struct HksBlob *, struct HksBlob *); + +typedef int32_t (*HmacInit)(void **, const struct HksBlob *, uint32_t); + +typedef int32_t (*HmacUpdate)(void *, const struct HksBlob *); + +typedef int32_t (*HmacFinal)(void **, const struct HksBlob *, struct HksBlob *); + +typedef int32_t (*Hash)(uint32_t, const struct HksBlob *, struct HksBlob *); + +typedef int32_t (*HashInit)(void **, uint32_t); + +typedef int32_t (*HashUpdate)(void *, const struct HksBlob *); + +typedef int32_t (*HashFinal)(void **, const struct HksBlob *, struct HksBlob *); + +typedef int32_t (*Encrypt)(const struct HksBlob *, const struct HksUsageSpec *, + const struct HksBlob *, struct HksBlob *, struct HksBlob *); + +typedef int32_t (*EncryptInit)(void **, const struct HksBlob *, const struct HksUsageSpec *, const bool); + +typedef int32_t (*EncryptUpdate)(void *, const struct HksBlob *, struct HksBlob *, const bool); + +typedef int32_t (*EncryptFinal)(void **, const struct HksBlob *, struct HksBlob *, struct HksBlob *, const bool); + +typedef int32_t (*Decrypt)(const struct HksBlob *, const struct HksUsageSpec *, + const struct HksBlob *, struct HksBlob *); + +typedef int32_t (*DecryptInit)(void **, const struct HksBlob *, const struct HksUsageSpec *, const bool); + +typedef int32_t (*DecryptUpdate)(void *, const struct HksBlob *, struct HksBlob *, const bool); + +typedef int32_t (*DecryptFinal)(void **, const struct HksBlob *, struct HksBlob *, struct HksBlob *, const bool); + +typedef int32_t (*BnExpMod)(struct HksBlob *, const struct HksBlob *, + const struct HksBlob *, const struct HksBlob *); + +typedef void (*FreeCtx)(void **); + +int32_t HksCryptoHalGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey); + +int32_t HksCryptoHalGenerateKey(const struct HksKeySpec *spec, struct HksBlob *key); + +int32_t HksCryptoHalGetPubKey(const struct HksBlob *keyIn, struct HksBlob *keyOut); + +int32_t HksCryptoHalDeriveKey(const struct HksBlob *mainKey, const struct HksKeySpec *derivationSpec, + struct HksBlob *derivedKey); + +int32_t HksCryptoHalFillRandom(struct HksBlob *randomData); + +int32_t HksCryptoHalFillPrivRandom(struct HksBlob *randomData); + +int32_t HksCryptoHalAddEntropy(const struct HksBlob *entropy); + +int32_t HksCryptoHalAgreeKey(const struct HksBlob *nativeKey, const struct HksBlob *pubKey, + const struct HksKeySpec *spec, struct HksBlob *sharedKey); + +int32_t HksCryptoHalSign(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, + const struct HksBlob *message, struct HksBlob *signature); + +int32_t HksCryptoHalVerify(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, + const struct HksBlob *message, const struct HksBlob *signature); + +int32_t HksCryptoHalHmacInit(const struct HksBlob *key, uint32_t digestAlg, void **ctx); + +int32_t HksCryptoHalHmacUpdate(const struct HksBlob *chunk, void *ctx); + +int32_t HksCryptoHalHmacFinal(const struct HksBlob *msg, void **ctx, struct HksBlob *mac); + +void HksCryptoHalHmacFreeCtx(void **ctx); + +int32_t HksCryptoHalHmac(const struct HksBlob *key, uint32_t digestAlg, const struct HksBlob *msg, + struct HksBlob *mac); + +int32_t HksCryptoHalHashInit(uint32_t alg, void **ctx); + +int32_t HksCryptoHalHashUpdate(const struct HksBlob *msg, void *ctx); + +int32_t HksCryptoHalHashFinal(const struct HksBlob *msg, void **ctx, struct HksBlob *hash); + +void HksCryptoHalHashFreeCtx(void **ctx); + +int32_t HksCryptoHalHash(uint32_t alg, const struct HksBlob *msg, struct HksBlob *hash); + +int32_t HksCryptoHalEncryptInit(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, void **ctx); + +int32_t HksCryptoHalEncryptUpdate(const struct HksBlob *message, void *ctx, struct HksBlob *out, + const uint32_t algtype); + +int32_t HksCryptoHalEncryptFinal(const struct HksBlob *message, void **ctx, struct HksBlob *cipherText, + struct HksBlob *tagAead, const uint32_t algtype); + +void HksCryptoHalEncryptFreeCtx(void **ctx, const uint32_t algtype); + +int32_t HksCryptoHalEncrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, + const struct HksBlob *message, struct HksBlob *cipherText, struct HksBlob *tagAead); + +int32_t HksCryptoHalDecryptInit(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, void **ctx); + +int32_t HksCryptoHalDecryptUpdate(const struct HksBlob *message, void *ctx, struct HksBlob *out, + const uint32_t algtype); + +int32_t HksCryptoHalDecryptFinal(const struct HksBlob *message, void **ctx, struct HksBlob *cipherText, + struct HksBlob *tagAead, const uint32_t algtype); + +void HksCryptoHalDecryptFreeCtx(void **ctx, const uint32_t algtype); + +int32_t HksCryptoHalDecrypt(const struct HksBlob *key, const struct HksUsageSpec *usageSpec, + const struct HksBlob *message, struct HksBlob *cipherText); + +int32_t HksCryptoHalBnExpMod(struct HksBlob *x, const struct HksBlob *a, + const struct HksBlob *e, const struct HksBlob *n); + +int32_t HksCryptoHalInit(void); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_CRYPTO_HAL_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_errcode_adapter.h b/huks/frameworks/huks_standard/main/common/include/hks_errcode_adapter.h new file mode 100644 index 0000000..c3f025f --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_errcode_adapter.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef HKS_ERRCODE_ADAPTER_H +#define HKS_ERRCODE_ADAPTER_H + +#ifdef __cplusplus +#include +#include +#include +#else +#include +#include +#include +#endif + +#include "hks_type.h" + +struct HksResult { + int32_t errorCode; + const char *errorMsg; + uint8_t *data; +}; + +struct HksError { + int32_t innerErrCode; + struct HksResult hksResult; +}; + +#ifdef __cplusplus +extern "C" { +#endif + +struct HksResult HksConvertErrCode(int32_t result); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_ERRCODE_ADAPTER_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_log.h b/huks/frameworks/huks_standard/main/common/include/hks_log.h new file mode 100644 index 0000000..5815e0c --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_log.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_LOG_H +#define HKS_LOG_H + +#include "hks_type.h" + +#ifdef HKS_CONFIG_FILE +#include HKS_CONFIG_FILE +#else +#include "hks_config.h" +#endif + +#ifdef _HUKS_LOG_ENABLE_ +#ifdef HKS_ENABLE_LOG_PUBLIC +#define LOG_PUBLIC "{public}" +#else +#define LOG_PUBLIC +#endif + +#undef LOG_TAG +#define LOG_TAG "HUKS" +#undef LOG_DOMAIN +#define LOG_DOMAIN 0xD002F00 /* Security subsystem's domain id */ + +#ifdef HKS_LOG_ENGINE_LOG_CORE +#include "hilog/log.h" +#define LOG_ENGINE LOG_CORE +#else +#ifdef HKS_LOG_ENGINE_HILOG_MODULE_SCY +#include "log.h" +#define LOG_ENGINE HILOG_MODULE_SCY +#endif +#endif + +#define HKS_LOG_I(fmt, arg...) HILOG_INFO(LOG_ENGINE, "%" LOG_PUBLIC "s[%" LOG_PUBLIC "u]: " fmt "\n", \ + __func__, __LINE__, ##arg) +#define HKS_LOG_W(fmt, arg...) HILOG_WARN(LOG_ENGINE, "%" LOG_PUBLIC "s[%" LOG_PUBLIC "u]: " fmt "\n", \ + __func__, __LINE__, ##arg) +#define HKS_LOG_E(fmt, arg...) HILOG_ERROR(LOG_ENGINE, "%" LOG_PUBLIC "s[%" LOG_PUBLIC "u]: " fmt "\n", \ + __func__, __LINE__, ##arg) +#define HKS_LOG_D(fmt, arg...) HILOG_DEBUG(LOG_ENGINE, "%" LOG_PUBLIC "s[%" LOG_PUBLIC "u]: " fmt "\n", \ + __func__, __LINE__, ##arg) +#else +#define HKS_LOG_I(...) +#define HKS_LOG_W(...) +#define HKS_LOG_E(...) +#define HKS_LOG_D(...) +#endif + +#endif /* HKS_LOG_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_mem.h b/huks/frameworks/huks_standard/main/common/include/hks_mem.h new file mode 100644 index 0000000..af6a0ef --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_mem.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2021-2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_MEM_H +#define HKS_MEM_H + +#ifdef __cplusplus +#include +#include + +#define HKS_NULL_POINTER nullptr +#else +#include +#include + +#define HKS_NULL_POINTER NULL +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +void *HksMalloc(size_t size); +int32_t HksMemCmp(const void *ptr1, const void *ptr2, uint32_t size); + +#define SELF_FREE_PTR(PTR, FREE_FUNC) \ +{ \ + if ((PTR) != HKS_NULL_POINTER) { \ + FREE_FUNC(PTR); \ + (PTR) = HKS_NULL_POINTER; \ + } \ +} + +#define HKS_FREE_PTR(p) SELF_FREE_PTR(p, free) + +#define HksFree(p) SELF_FREE_PTR(p, free) + +#define HKS_FREE_BLOB(blob) do { \ + if ((blob).data != HKS_NULL_POINTER) { \ + free((blob).data); \ + (blob).data = HKS_NULL_POINTER; \ + } \ + (blob).size = 0; \ +} while (0) + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_MEM_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_template.h b/huks/frameworks/huks_standard/main/common/include/hks_template.h new file mode 100644 index 0000000..f9c9dcb --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_template.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_TEMPLATE_H +#define HKS_TEMPLATE_H + +#undef HKS_NULL_POINTER + +#ifdef __cplusplus +#define HKS_NULL_POINTER nullptr +#else +#define HKS_NULL_POINTER NULL +#endif + +#define HKS_IF_NOT_SUCC_LOGE_RETURN(RESULT, ERROR_CODE, LOG_MESSAGE, ...) \ +if ((RESULT) != HKS_SUCCESS) { \ + HKS_LOG_E(LOG_MESSAGE, ##__VA_ARGS__); \ + return (ERROR_CODE); \ +} + +#define HKS_IF_NOT_SUCC_LOGE_BREAK(RESULT, LOG_MESSAGE, ...) \ +if ((RESULT) != HKS_SUCCESS) { \ + HKS_LOG_E(LOG_MESSAGE, ##__VA_ARGS__); \ + break; \ +} + +#define HKS_IF_NOT_SUCC_BREAK(RESULT, ...) \ +if ((RESULT) != HKS_SUCCESS) { \ + break; \ +} + +#define HKS_IF_NOT_SUCC_LOGE(RESULT, LOG_MESSAGE, ...) \ +if ((RESULT) != HKS_SUCCESS) { \ + HKS_LOG_E(LOG_MESSAGE, ##__VA_ARGS__); \ +} + +#define HKS_IF_NOT_SUCC_RETURN(RESULT, ERROR_CODE) \ +if ((RESULT) != HKS_SUCCESS) { \ + return (ERROR_CODE); \ +} + +#define HKS_IF_NULL_LOGE_RETURN(OBJECT, ERROR_CODE, LOG_MESSAGE, ...) \ +if ((OBJECT) == HKS_NULL_POINTER) { \ + HKS_LOG_E(LOG_MESSAGE, ##__VA_ARGS__); \ + return (ERROR_CODE); \ +} + +#define HKS_IF_NULL_LOGE_BREAK(OBJECT, LOG_MESSAGE, ...) \ +if ((OBJECT) == HKS_NULL_POINTER) { \ + HKS_LOG_E(LOG_MESSAGE, ##__VA_ARGS__); \ + break; \ +} + +#define HKS_IF_NULL_RETURN(OBJECT, ERROR_CODE) \ +if ((OBJECT) == HKS_NULL_POINTER) { \ + return (ERROR_CODE); \ +} + +#define HKS_IF_NULL_BREAK(OBJECT) \ +if ((OBJECT) == HKS_NULL_POINTER) { \ + break; \ +} +#endif /* HKS_TEMPLATE_H */ diff --git a/huks/frameworks/huks_standard/main/common/include/hks_type_inner.h b/huks/frameworks/huks_standard/main/common/include/hks_type_inner.h new file mode 100644 index 0000000..d32663d --- /dev/null +++ b/huks/frameworks/huks_standard/main/common/include/hks_type_inner.h @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_TYPE_INNER_H +#define HKS_TYPE_INNER_H + +#include "hks_type.h" +#include "securec.h" + +#define HANDLE_SIZE 8 +#define DEFAULT_AUTH_TIMEOUT 5 + +/* EnrolledIdInfo stored format: |-enrolledId len-|-enrolledId1 type-|-enrolledId1 value-|...| */ +#define ENROLLED_ID_INFO_MIN_LEN (sizeof(uint32_t) + (sizeof(uint32_t) + sizeof(uint64_t))) + +enum HksUserAuthResult { + HKS_AUTH_RESULT_NONE = -2, // not support user auth + HKS_AUTH_RESULT_INIT = -1, + HKS_AUTH_RESULT_SUCCESS = 0, + HKS_AUTH_RESULT_FAILED = 1, +}; + +enum HksStageType { + HKS_STAGE_THREE = 0, + HKS_STAGE_ONE = 1, +}; + +enum HksInnerTag { + HKS_TAG_APPENDED_DATA_PREFIX = HKS_TAG_TYPE_BYTES | 10020, + HKS_TAG_APPENDED_DATA_SUFFIX = HKS_TAG_TYPE_BYTES | 10021, + + /* Inner-use TAGS used for ipc serialization */ + HKS_TAG_PARAM0_BUFFER = HKS_TAG_TYPE_BYTES | 30001, + HKS_TAG_PARAM1_BUFFER = HKS_TAG_TYPE_BYTES | 30002, + HKS_TAG_PARAM2_BUFFER = HKS_TAG_TYPE_BYTES | 30003, + HKS_TAG_PARAM3_BUFFER = HKS_TAG_TYPE_BYTES | 30004, + HKS_TAG_PARAM4_BUFFER = HKS_TAG_TYPE_BYTES | 30005, + HKS_TAG_PARAM0_UINT32 = HKS_TAG_TYPE_UINT | 30006, + HKS_TAG_PARAM1_UINT32 = HKS_TAG_TYPE_UINT | 30007, + HKS_TAG_PARAM2_UINT32 = HKS_TAG_TYPE_UINT | 30008, + HKS_TAG_PARAM3_UINT32 = HKS_TAG_TYPE_UINT | 30009, + HKS_TAG_PARAM4_UINT32 = HKS_TAG_TYPE_UINT | 30010, + HKS_TAG_PARAM0_BOOL = HKS_TAG_TYPE_BOOL | 30011, + HKS_TAG_PARAM1_BOOL = HKS_TAG_TYPE_BOOL | 30012, + HKS_TAG_PARAM2_BOOL = HKS_TAG_TYPE_BOOL | 30013, + HKS_TAG_PARAM3_BOOL = HKS_TAG_TYPE_BOOL | 30014, + HKS_TAG_PARAM4_BOOL = HKS_TAG_TYPE_BOOL | 30015, + HKS_TAG_PARAM0_NULL = HKS_TAG_TYPE_BYTES | 30016, + HKS_TAG_PARAM1_NULL = HKS_TAG_TYPE_BYTES | 30017, + HKS_TAG_PARAM2_NULL = HKS_TAG_TYPE_BYTES | 30018, + HKS_TAG_PARAM3_NULL = HKS_TAG_TYPE_BYTES | 30019, + HKS_TAG_PARAM4_NULL = HKS_TAG_TYPE_BYTES | 30020, + + HKS_TAG_ACCESS_TOKEN_ID = HKS_TAG_TYPE_UINT | 30021, +}; + +#define HKS_PARAM_BUFFER_NULL_INTERVAL ((HKS_TAG_PARAM0_NULL) - (HKS_TAG_PARAM0_BUFFER)) + +struct HksProcessInfo { + struct HksBlob userId; + struct HksBlob processName; + int32_t userIdInt; + uint64_t accessTokenId; +}; + +struct HksParamOut { + uint32_t tag; + union { + bool *boolParam; + int32_t *int32Param; + uint32_t *uint32Param; + uint64_t *uint64Param; + struct HksBlob *blob; + }; +}; + +struct HksKeyMaterialHeader { + enum HksKeyAlg keyAlg; + uint32_t keySize; +}; + +#endif /* HKS_TYPE_INNER_H */ diff --git a/huks/frameworks/huks_standard/main/os_dependency/BUILD.gn b/huks/frameworks/huks_standard/main/os_dependency/BUILD.gn new file mode 100644 index 0000000..3cc5c64 --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/BUILD.gn @@ -0,0 +1,10 @@ +import("//build/ohos.gni") + +config("huks_config") { + include_dirs = ["//base/security/huks/frameworks/huks_standard/main/os_dependency/ipc/include"] + libs = ["huks_os_dependency_standard_static"] +} + +group("libhuks_os_dependency_standard_static") { + public_configs = [":huks_config"] +} diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_client_ipc.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_client_ipc.h new file mode 100644 index 0000000..206dfd4 --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_client_ipc.h @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CLIENT_IPC_H +#define HKS_CLIENT_IPC_H + +#include "hks_type_inner.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksClientInitialize(void); + +int32_t HksClientRefreshKeyInfo(void); + +int32_t HksClientGenerateKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSetIn, + struct HksParamSet *paramSetOut); + +int32_t HksClientImportKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksBlob *key); + +int32_t HksClientExportPublicKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + struct HksBlob *key); + +int32_t HksClientImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias, + const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData); + +int32_t HksClientDeleteKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet); + +int32_t HksClientGetKeyParamSet(const struct HksBlob *keyAlias, struct HksParamSet *paramSet); + +int32_t HksClientKeyExist(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet); + +int32_t HksClientGenerateRandom(struct HksBlob *random, const struct HksParamSet *paramSet); + +int32_t HksClientSign(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, struct HksBlob *signature); + +int32_t HksClientVerify(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, const struct HksBlob *signature); + +int32_t HksClientEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *plainText, struct HksBlob *cipherText); + +int32_t HksClientDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *cipherText, struct HksBlob *plainText); + +int32_t HksClientAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey, + const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey); + +int32_t HksClientDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey, + struct HksBlob *derivedKey); + +int32_t HksClientMac(const struct HksBlob *key, const struct HksParamSet *paramSet, const struct HksBlob *srcData, + struct HksBlob *mac); + +int32_t HksClientGetKeyInfoList(struct HksKeyInfo *keyInfoList, uint32_t *listCount); + +int32_t HksClientAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + struct HksCertChain *certChain); + +int32_t HksClientInit(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, struct HksBlob *handle, + struct HksBlob *token); + +int32_t HksClientUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet, const struct HksBlob *inData, + struct HksBlob *outData); + +int32_t HksClientFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet, const struct HksBlob *inData, + struct HksBlob *outData); + +int32_t HksClientAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_CLIENT_IPC_H */ diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_check.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_check.h new file mode 100644 index 0000000..761247c --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_check.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CRYPTO_CHECK_H +#define HKS_CRYPTO_CHECK_H + +#include +#include + +#include "hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksCheckIpcGenerateKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSetIn); + +int32_t HksCheckIpcImportKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksBlob *key); + +int32_t HksCheckIpcImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias, + const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData); + +int32_t HksCheckIpcExportPublicKey(const struct HksBlob *keyAlias, const struct HksBlob *key); + +int32_t HksCheckIpcGetKeyParamSet(const struct HksBlob *keyAlias, struct HksParamSet *paramSet); + +int32_t HksCheckIpcAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey, + const struct HksBlob *peerPublicKey, const struct HksBlob *agreedKey); + +int32_t HksCheckIpcDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey, + const struct HksBlob *derivedKey); + +int32_t HksCheckIpcGetKeyInfoList(const struct HksKeyInfo *keyInfoList, uint32_t listCount); + +int32_t HksCheckIpcCertificateChain(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksCertChain *certChain); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_serialization.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_serialization.h new file mode 100644 index 0000000..59cf16e --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_serialization.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_IPC_SERIALIZATION_H +#define HKS_IPC_SERIALIZATION_H + +#include +#include + +#include "hks_type_inner.h" + +#define MAX_IPC_BUF_SIZE 0x10000 /* Maximun IPC message buffer size. */ +#define MAX_IPC_RSV_SIZE 0x400 /* Reserve IPC message buffer size */ +#define MAX_PROCESS_SIZE (MAX_IPC_BUF_SIZE - MAX_IPC_RSV_SIZE) + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t CopyUint32ToBuffer(uint32_t value, const struct HksBlob *destBlob, uint32_t *destOffset); + +int32_t HksGenerateKeyPack(struct HksBlob *destData, const struct HksBlob *keyAlias, + const struct HksParamSet *paramSetIn, const struct HksBlob *keyOut); + +int32_t HksImportKeyPack(struct HksBlob *destData, const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksBlob *key); + +int32_t HksImportWrappedKeyPack(struct HksBlob *destData, const struct HksBlob *keyAlias, + const struct HksBlob *wrappingKeyAlias, const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData); + +int32_t HksExportPublicKeyPack(struct HksBlob *destData, const struct HksBlob *keyAlias, const struct HksBlob *key); + +int32_t HksGetKeyParamSetPack(struct HksBlob *destData, const struct HksBlob *keyAlias, const struct HksBlob *keyOut); + +int32_t HksOnceParamPack(struct HksBlob *destData, const struct HksBlob *key, const struct HksParamSet *paramSet, + uint32_t *offset); + +int32_t HksOnceDataPack(struct HksBlob *destData, const struct HksBlob *inputData, const struct HksBlob *rsvData, + const struct HksBlob *outputData, uint32_t *offset); + +int32_t HksAgreeKeyPack(struct HksBlob *destData, const struct HksParamSet *paramSet, const struct HksBlob *privateKey, + const struct HksBlob *peerPublicKey, const struct HksBlob *agreedKey); + +int32_t HksDeriveKeyPack(struct HksBlob *destData, const struct HksParamSet *paramSet, const struct HksBlob *kdfKey, + const struct HksBlob *derivedKey); + +int32_t HksGetKeyInfoListPack(struct HksBlob *destData, uint32_t listCount, const struct HksKeyInfo *keyInfoList); + +int32_t HksGetKeyInfoListUnpackFromService(const struct HksBlob *srcData, uint32_t *listCount, + struct HksKeyInfo *keyInfoList); + +int32_t HksCertificateChainPack(struct HksBlob *destData, const struct HksBlob *keyAlias, + const struct HksParamSet *paramSet, const struct HksBlob *certChainBlob); + +int32_t HksCertificateChainUnpackFromService(const struct HksBlob *srcData, bool needEncode, + struct HksCertChain *certChain); + +int32_t HksParamsToParamSet(struct HksParam *params, uint32_t cnt, struct HksParamSet **outParamSet); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_IPC_SERIALIZATION_H */ \ No newline at end of file diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_slice.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_slice.h new file mode 100644 index 0000000..a712cc1 --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_slice.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_IPC_SLICE_H +#define HKS_IPC_SLICE_H + +#include + +#include "hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksSliceDataEntry(uint32_t cmdId, const struct HksBlob *key, const struct HksParamSet *paramSet, + struct HksBlob *inData, struct HksBlob *outData); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_SLICE_H */ \ No newline at end of file diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_request.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_request.h new file mode 100644 index 0000000..332fb99 --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_request.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_REQUEST_H +#define HKS_REQUEST_H + +#include "hks_type_inner.h" + +enum HksMessage { +#ifndef _HKS_L1_TEE_ + HKS_MSG_BASE = 0x3a400, /* range of message value defined by router. globally unique */ +#else + HKS_MSG_BASE = 1000, /* range of message value defined by SmartLock. Max 65535 */ +#endif + HKS_MSG_GEN_KEY = HKS_MSG_BASE, + HKS_MSG_IMPORT_KEY, + HKS_MSG_EXPORT_PUBLIC_KEY, + HKS_MSG_IMPORT_WRAPPED_KEY, + HKS_MSG_DELETE_KEY, + HKS_MSG_GET_KEY_PARAMSET, + HKS_MSG_KEY_EXIST, + HKS_MSG_GENERATE_RANDOM, + HKS_MSG_SIGN, + HKS_MSG_VERIFY, + HKS_MSG_ENCRYPT, + HKS_MSG_DECRYPT, + HKS_MSG_AGREE_KEY, + HKS_MSG_DERIVE_KEY, + HKS_MSG_MAC, + HKS_MSG_GET_KEY_INFO_LIST, + HKS_MSG_ATTEST_KEY, + HKS_MSG_GET_CERTIFICATE_CHAIN, + HKS_MSG_INIT, + HKS_MSG_UPDATE, + HKS_MSG_FINISH, + HKS_MSG_ABORT, + HKS_MSG_MAX, /* new cmd type must be added before HKS_MSG_MAX */ +}; + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * SendRequest - Send the request message to target module by function call or ipc or other ways. + * @type: the request message type. + * @inBlob: the input serialized data blob. + * @outBlob: the output serialized data blob, can be null. + */ +int32_t HksSendRequest(enum HksMessage type, const struct HksBlob *inBlob, struct HksBlob *outBlob, + const struct HksParamSet *paramSet); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_REQUEST_H */ diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_samgr_client.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_samgr_client.h new file mode 100644 index 0000000..b20f73b --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_samgr_client.h @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_SAMGR_CLIENT_H +#define HKS_SAMGR_CLIENT_H + +#include "hks_samgr_server.h" +#include "iproxy_client.h" + +typedef struct { + INHERIT_CLIENT_IPROXY; + int32_t (*IpcAsyncCallBack)(IUnknown *iUnknown, enum HksMessageType type, const struct HksBlob *inBlob, + struct HksBlob *outBlob); +} HksMgrClientApi; + +typedef struct { + INHERIT_IUNKNOWNENTRY(HksMgrClientApi); +} HksMgrClientEntry; + +#endif \ No newline at end of file diff --git a/huks/interfaces/innerkits/huks_standard/main/BUILD.gn b/huks/interfaces/innerkits/huks_standard/main/BUILD.gn new file mode 100644 index 0000000..a539688 --- /dev/null +++ b/huks/interfaces/innerkits/huks_standard/main/BUILD.gn @@ -0,0 +1,23 @@ +# Copyright (C) 2021-2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +config("huks_config") { + include_dirs = [ "//base/security/huks/interfaces/innerkits/huks_standard/main/include" ] + libs = [ "hukssdk.z" ] +} + +group("libhukssdk") { + public_configs = [ ":huks_config" ] +} diff --git a/huks/interfaces/innerkits/huks_standard/main/include b/huks/interfaces/innerkits/huks_standard/main/include new file mode 120000 index 0000000..98a2378 --- /dev/null +++ b/huks/interfaces/innerkits/huks_standard/main/include @@ -0,0 +1 @@ +/usr/include/huks \ No newline at end of file -- 2.27.0