From 1a119f78a70ff04a2fe4415986a02d9991894802 Mon Sep 17 00:00:00 2001 From: wang--ge Date: Sat, 15 Jul 2023 11:12:16 +0800 Subject: [PATCH] add huks component --- huks/BUILD.gn | 0 huks/bundle.json | 77 ++++++++++++++++ .../huks_standard/main/os_dependency/BUILD.gn | 10 +++ .../ipc/include/hks_client_ipc.h | 90 +++++++++++++++++++ .../os_dependency/ipc/include/hks_ipc_check.h | 55 ++++++++++++ .../ipc/include/hks_ipc_serialization.h | 76 ++++++++++++++++ .../os_dependency/ipc/include/hks_ipc_slice.h | 34 +++++++ .../os_dependency/ipc/include/hks_request.h | 69 ++++++++++++++ .../ipc/include/hks_samgr_client.h | 32 +++++++ .../innerkits/huks_standard/main/BUILD.gn | 23 +++++ .../innerkits/huks_standard/main/include | 1 + 12 files changed, 482 insertions(+) create mode 100755 huks/.gitattributes create mode 100644 huks/BUILD.gn create mode 100644 huks/bundle.json create mode 100644 huks/frameworks/huks_standard/main/os_dependency/BUILD.gn create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_client_ipc.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_check.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_serialization.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_slice.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_request.h create mode 100644 huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_samgr_client.h create mode 100644 huks/interfaces/innerkits/huks_standard/main/BUILD.gn create mode 120000 huks/interfaces/innerkits/huks_standard/main/include diff --git a/huks/BUILD.gn b/huks/BUILD.gn new file mode 100644 index 0000000..e69de29 diff --git a/huks/bundle.json b/huks/bundle.json new file mode 100644 index 0000000..635f7ed --- /dev/null +++ b/huks/bundle.json @@ -0,0 +1,77 @@ +{ + "name": "@ohos/huks", + "description": "The provider of key and certificate manangement capbility, which belongs to security subsystem", + "version": "3.1", + "license": "Apache License 2.0", + "publishAs": "code-segment", + "segment": { + "destPath": "base/security/huks" + }, + "dirs":{}, + "scripts": { + "install": "DEST_PATH=${DEP_BUNDLE_BASE}/base/security/huks && mkdir -p $DEST_PATH && cp -r ./* $DEST_PATH" + }, + "author": {}, + "repository": "", + "component": { + "name": "huks", + "subsystem": "security", + "syscap": [ + "SystemCapability.Security.Huks", + "SystemCapability.Security.Cipher" + ], + "features": [], + "adapted_system_type": [ + "standard", + "small", + "mini" + ], + "rom": "5000KB", + "ram": "500kB", + "deps": { + "components": [ + "ability_base", + "access_token", + "bundle_framework", + "common", + "common_event_service", + "hisysevent_native", + "hitrace_native", + "hiviewdfx_hilog_native", + "ipc", + "napi", + "os_account", + "safwk", + "samgr", + "thirdparty_bounds_checking_function", + "c_utils" + ], + "third_party": [ + "openssl", + "bounds_checking_function" + ] + }, + "build": { + "group_type": { + "base_group": [], + "fwk_group": [ + + ], + "service_group": [ + + ] + }, + "inner_kits": [ + { + "name": "//base/security/huks/interfaces/innerkits/huks_standard/main:libhukssdk", + "header": { + "header_files": [ + "hks_api.h" + ], + "header_base": "//base/security/huks/interfaces/innerkits/huks_standard/main/include" + } + } + ] + } + } + } diff --git a/huks/frameworks/huks_standard/main/os_dependency/BUILD.gn b/huks/frameworks/huks_standard/main/os_dependency/BUILD.gn new file mode 100644 index 0000000..3cc5c64 --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/BUILD.gn @@ -0,0 +1,10 @@ +import("//build/ohos.gni") + +config("huks_config") { + include_dirs = ["//base/security/huks/frameworks/huks_standard/main/os_dependency/ipc/include"] + libs = ["huks_os_dependency_standard_static"] +} + +group("libhuks_os_dependency_standard_static") { + public_configs = [":huks_config"] +} diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_client_ipc.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_client_ipc.h new file mode 100644 index 0000000..206dfd4 --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_client_ipc.h @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CLIENT_IPC_H +#define HKS_CLIENT_IPC_H + +#include "hks_type_inner.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksClientInitialize(void); + +int32_t HksClientRefreshKeyInfo(void); + +int32_t HksClientGenerateKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSetIn, + struct HksParamSet *paramSetOut); + +int32_t HksClientImportKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksBlob *key); + +int32_t HksClientExportPublicKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + struct HksBlob *key); + +int32_t HksClientImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias, + const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData); + +int32_t HksClientDeleteKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet); + +int32_t HksClientGetKeyParamSet(const struct HksBlob *keyAlias, struct HksParamSet *paramSet); + +int32_t HksClientKeyExist(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet); + +int32_t HksClientGenerateRandom(struct HksBlob *random, const struct HksParamSet *paramSet); + +int32_t HksClientSign(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, struct HksBlob *signature); + +int32_t HksClientVerify(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *srcData, const struct HksBlob *signature); + +int32_t HksClientEncrypt(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *plainText, struct HksBlob *cipherText); + +int32_t HksClientDecrypt(const struct HksBlob *key, const struct HksParamSet *paramSet, + const struct HksBlob *cipherText, struct HksBlob *plainText); + +int32_t HksClientAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey, + const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey); + +int32_t HksClientDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey, + struct HksBlob *derivedKey); + +int32_t HksClientMac(const struct HksBlob *key, const struct HksParamSet *paramSet, const struct HksBlob *srcData, + struct HksBlob *mac); + +int32_t HksClientGetKeyInfoList(struct HksKeyInfo *keyInfoList, uint32_t *listCount); + +int32_t HksClientAttestKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + struct HksCertChain *certChain); + +int32_t HksClientInit(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, struct HksBlob *handle, + struct HksBlob *token); + +int32_t HksClientUpdate(const struct HksBlob *handle, const struct HksParamSet *paramSet, const struct HksBlob *inData, + struct HksBlob *outData); + +int32_t HksClientFinish(const struct HksBlob *handle, const struct HksParamSet *paramSet, const struct HksBlob *inData, + struct HksBlob *outData); + +int32_t HksClientAbort(const struct HksBlob *handle, const struct HksParamSet *paramSet); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_CLIENT_IPC_H */ diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_check.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_check.h new file mode 100644 index 0000000..761247c --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_check.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CRYPTO_CHECK_H +#define HKS_CRYPTO_CHECK_H + +#include +#include + +#include "hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksCheckIpcGenerateKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSetIn); + +int32_t HksCheckIpcImportKey(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksBlob *key); + +int32_t HksCheckIpcImportWrappedKey(const struct HksBlob *keyAlias, const struct HksBlob *wrappingKeyAlias, + const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData); + +int32_t HksCheckIpcExportPublicKey(const struct HksBlob *keyAlias, const struct HksBlob *key); + +int32_t HksCheckIpcGetKeyParamSet(const struct HksBlob *keyAlias, struct HksParamSet *paramSet); + +int32_t HksCheckIpcAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob *privateKey, + const struct HksBlob *peerPublicKey, const struct HksBlob *agreedKey); + +int32_t HksCheckIpcDeriveKey(const struct HksParamSet *paramSet, const struct HksBlob *mainKey, + const struct HksBlob *derivedKey); + +int32_t HksCheckIpcGetKeyInfoList(const struct HksKeyInfo *keyInfoList, uint32_t listCount); + +int32_t HksCheckIpcCertificateChain(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksCertChain *certChain); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_serialization.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_serialization.h new file mode 100644 index 0000000..59cf16e --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_serialization.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_IPC_SERIALIZATION_H +#define HKS_IPC_SERIALIZATION_H + +#include +#include + +#include "hks_type_inner.h" + +#define MAX_IPC_BUF_SIZE 0x10000 /* Maximun IPC message buffer size. */ +#define MAX_IPC_RSV_SIZE 0x400 /* Reserve IPC message buffer size */ +#define MAX_PROCESS_SIZE (MAX_IPC_BUF_SIZE - MAX_IPC_RSV_SIZE) + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t CopyUint32ToBuffer(uint32_t value, const struct HksBlob *destBlob, uint32_t *destOffset); + +int32_t HksGenerateKeyPack(struct HksBlob *destData, const struct HksBlob *keyAlias, + const struct HksParamSet *paramSetIn, const struct HksBlob *keyOut); + +int32_t HksImportKeyPack(struct HksBlob *destData, const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, + const struct HksBlob *key); + +int32_t HksImportWrappedKeyPack(struct HksBlob *destData, const struct HksBlob *keyAlias, + const struct HksBlob *wrappingKeyAlias, const struct HksParamSet *paramSet, const struct HksBlob *wrappedKeyData); + +int32_t HksExportPublicKeyPack(struct HksBlob *destData, const struct HksBlob *keyAlias, const struct HksBlob *key); + +int32_t HksGetKeyParamSetPack(struct HksBlob *destData, const struct HksBlob *keyAlias, const struct HksBlob *keyOut); + +int32_t HksOnceParamPack(struct HksBlob *destData, const struct HksBlob *key, const struct HksParamSet *paramSet, + uint32_t *offset); + +int32_t HksOnceDataPack(struct HksBlob *destData, const struct HksBlob *inputData, const struct HksBlob *rsvData, + const struct HksBlob *outputData, uint32_t *offset); + +int32_t HksAgreeKeyPack(struct HksBlob *destData, const struct HksParamSet *paramSet, const struct HksBlob *privateKey, + const struct HksBlob *peerPublicKey, const struct HksBlob *agreedKey); + +int32_t HksDeriveKeyPack(struct HksBlob *destData, const struct HksParamSet *paramSet, const struct HksBlob *kdfKey, + const struct HksBlob *derivedKey); + +int32_t HksGetKeyInfoListPack(struct HksBlob *destData, uint32_t listCount, const struct HksKeyInfo *keyInfoList); + +int32_t HksGetKeyInfoListUnpackFromService(const struct HksBlob *srcData, uint32_t *listCount, + struct HksKeyInfo *keyInfoList); + +int32_t HksCertificateChainPack(struct HksBlob *destData, const struct HksBlob *keyAlias, + const struct HksParamSet *paramSet, const struct HksBlob *certChainBlob); + +int32_t HksCertificateChainUnpackFromService(const struct HksBlob *srcData, bool needEncode, + struct HksCertChain *certChain); + +int32_t HksParamsToParamSet(struct HksParam *params, uint32_t cnt, struct HksParamSet **outParamSet); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_IPC_SERIALIZATION_H */ \ No newline at end of file diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_slice.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_slice.h new file mode 100644 index 0000000..a712cc1 --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_ipc_slice.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_IPC_SLICE_H +#define HKS_IPC_SLICE_H + +#include + +#include "hks_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksSliceDataEntry(uint32_t cmdId, const struct HksBlob *key, const struct HksParamSet *paramSet, + struct HksBlob *inData, struct HksBlob *outData); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_SLICE_H */ \ No newline at end of file diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_request.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_request.h new file mode 100644 index 0000000..332fb99 --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_request.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_REQUEST_H +#define HKS_REQUEST_H + +#include "hks_type_inner.h" + +enum HksMessage { +#ifndef _HKS_L1_TEE_ + HKS_MSG_BASE = 0x3a400, /* range of message value defined by router. globally unique */ +#else + HKS_MSG_BASE = 1000, /* range of message value defined by SmartLock. Max 65535 */ +#endif + HKS_MSG_GEN_KEY = HKS_MSG_BASE, + HKS_MSG_IMPORT_KEY, + HKS_MSG_EXPORT_PUBLIC_KEY, + HKS_MSG_IMPORT_WRAPPED_KEY, + HKS_MSG_DELETE_KEY, + HKS_MSG_GET_KEY_PARAMSET, + HKS_MSG_KEY_EXIST, + HKS_MSG_GENERATE_RANDOM, + HKS_MSG_SIGN, + HKS_MSG_VERIFY, + HKS_MSG_ENCRYPT, + HKS_MSG_DECRYPT, + HKS_MSG_AGREE_KEY, + HKS_MSG_DERIVE_KEY, + HKS_MSG_MAC, + HKS_MSG_GET_KEY_INFO_LIST, + HKS_MSG_ATTEST_KEY, + HKS_MSG_GET_CERTIFICATE_CHAIN, + HKS_MSG_INIT, + HKS_MSG_UPDATE, + HKS_MSG_FINISH, + HKS_MSG_ABORT, + HKS_MSG_MAX, /* new cmd type must be added before HKS_MSG_MAX */ +}; + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * SendRequest - Send the request message to target module by function call or ipc or other ways. + * @type: the request message type. + * @inBlob: the input serialized data blob. + * @outBlob: the output serialized data blob, can be null. + */ +int32_t HksSendRequest(enum HksMessage type, const struct HksBlob *inBlob, struct HksBlob *outBlob, + const struct HksParamSet *paramSet); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_REQUEST_H */ diff --git a/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_samgr_client.h b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_samgr_client.h new file mode 100644 index 0000000..b20f73b --- /dev/null +++ b/huks/frameworks/huks_standard/main/os_dependency/ipc/include/hks_samgr_client.h @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_SAMGR_CLIENT_H +#define HKS_SAMGR_CLIENT_H + +#include "hks_samgr_server.h" +#include "iproxy_client.h" + +typedef struct { + INHERIT_CLIENT_IPROXY; + int32_t (*IpcAsyncCallBack)(IUnknown *iUnknown, enum HksMessageType type, const struct HksBlob *inBlob, + struct HksBlob *outBlob); +} HksMgrClientApi; + +typedef struct { + INHERIT_IUNKNOWNENTRY(HksMgrClientApi); +} HksMgrClientEntry; + +#endif \ No newline at end of file diff --git a/huks/interfaces/innerkits/huks_standard/main/BUILD.gn b/huks/interfaces/innerkits/huks_standard/main/BUILD.gn new file mode 100644 index 0000000..a539688 --- /dev/null +++ b/huks/interfaces/innerkits/huks_standard/main/BUILD.gn @@ -0,0 +1,23 @@ +# Copyright (C) 2021-2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +config("huks_config") { + include_dirs = [ "//base/security/huks/interfaces/innerkits/huks_standard/main/include" ] + libs = [ "hukssdk.z" ] +} + +group("libhukssdk") { + public_configs = [ ":huks_config" ] +} diff --git a/huks/interfaces/innerkits/huks_standard/main/include b/huks/interfaces/innerkits/huks_standard/main/include new file mode 120000 index 0000000..98a2378 --- /dev/null +++ b/huks/interfaces/innerkits/huks_standard/main/include @@ -0,0 +1 @@ +/usr/include/huks \ No newline at end of file -- 2.33.0