diff --git a/build.sh b/build.sh index bae3476693f49705fb3cbf58f9f2318a4540a104..5097daadd85c5f23a00011b0dffaddc017cc262f 100644 --- a/build.sh +++ b/build.sh @@ -3,7 +3,25 @@ set -x ROOT_DIR=$(cd $(dirname $0);pwd) -echo "build attestation sdk" -cd ${ROOT_DIR}/attestation/sdk -cmake -S . -B build -cmake --build build +function attestation() { + echo "build attestation sdk" + cd ${ROOT_DIR}/attestation/sdk + cmake -S . -B build + cmake --build build +} + +function sealing_key() { + echo "build sealing key sdk" + cd ${ROOT_DIR}/sealing_key/sdk + cmake -S . -B build + cmake --build build +} + +case $1 in + attest) attestation;; + sealing) sealing_key;; + *) + attestation + sealing_key + ;; +esac \ No newline at end of file diff --git a/sealing_key/sdk/CMakeLists.txt b/sealing_key/sdk/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..82ea9a089e7ef6c1fb273e9ecea8813c4e8351b5 --- /dev/null +++ b/sealing_key/sdk/CMakeLists.txt @@ -0,0 +1,20 @@ +cmake_minimum_required(VERSION 3.16) +project(virtcca-sdk + LANGUAGES C) + +set(CMAKE_INSTALL_PREFIX /usr/local) +set(targetname sealingkey) + +add_library(${targetname} SHARED) + +target_sources(${targetname} PRIVATE src/sealing_key.c) + +target_include_directories(${targetname} PUBLIC inc) + +set_target_properties(${targetname} PROPERTIES PUBLIC_HEADER inc/sealing_key.h) + +install(TARGETS ${targetname} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + PUBLIC_HEADER ${CMAKE_INSTALL_INCLUDEDIR} +) \ No newline at end of file diff --git a/sealing_key/sdk/inc/sealing_key.h b/sealing_key/sdk/inc/sealing_key.h new file mode 100644 index 0000000000000000000000000000000000000000..560175d4d26453cda8e5724a596f331df04dafdf --- /dev/null +++ b/sealing_key/sdk/inc/sealing_key.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. + * virtCCA_sdk is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#ifndef VIRTCCA_SEALING_KEY_H +#define VIRTCCA_SEALING_KEY_H + +#include + +#define SEALING_KEY_LEN 32 +#define SEALING_SALT_LEN 64 + +typedef enum { + SEALING_HMAC_SHA256 +} SEALING_KEY_ALG; + +/** + * @brief Get a sealing key from TMM with specified derivation parameters by PBKDF2 HUK derived + * + * @param alg [IN] The HMAC algorithm used in derive sealing key + * @param salt [IN] A user param used in huk derivation, length should be 64 byte. + * This param is optional, set it to NULL to derived without user param. + * @param salt_len [IN] Length of the user param in byte, should be 64. or set to 0 when not specifying user param. + * @param sealing_key [OUT] Addr of the output derived key, make sure that enough memory(>=32) had been allocated to the address. + * + * @return 0: successfully get the derived key + * -1: failed +*/ +int get_sealing_key(SEALING_KEY_ALG alg, uint8_t* salt, uint32_t salt_len, uint8_t* sealing_key); + +#endif \ No newline at end of file diff --git a/sealing_key/sdk/src/sealing_key.c b/sealing_key/sdk/src/sealing_key.c new file mode 100644 index 0000000000000000000000000000000000000000..c01b7c06fae7b14967cca9b50e88bedd13698198 --- /dev/null +++ b/sealing_key/sdk/src/sealing_key.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. + * virtCCA_sdk is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include +#include +#include "sealing_key.h" + +#define SEALING_KEY_DEV_NAME "/dev/sealingkey" + +struct sealing_key_params { + uint32_t alg; + uint8_t salt[SEALING_SALT_LEN]; + uint32_t salt_len; + uint8_t sealing_key[SEALING_KEY_LEN]; +}; + +#define SEAL_KEY_IOC_MAGIC 'd' +#define IOCTL_SEALING_KEY _IOWR(SEAL_KEY_IOC_MAGIC, 0, struct sealing_key_params) + +int get_sealing_key(SEALING_KEY_ALG alg, uint8_t* salt, uint32_t salt_len, uint8_t* sealing_key) +{ + int rc = 0; + int fd = -1; + struct sealing_key_params args = { 0 }; + + if (salt && salt_len != SEALING_SALT_LEN) { + printf("ERROR: invalid salt len: %d! len should be within 64\n", salt_len); + return -1; + } + + switch (alg) { + case SEALING_HMAC_SHA256: + break; + default: + printf("ERROR: current version not support this mode, alg: %d\n", alg); + return -1; + } + + args.alg = alg; + if (salt) { + (void)memcpy(args.salt, salt, salt_len); + args.salt_len = salt_len; + } + + fd = open(SEALING_KEY_DEV_NAME, O_RDWR); + if (fd < 0) { + printf("open dev %s failed, err: %s\n", SEALING_KEY_DEV_NAME, strerror(errno)); + return -1; + } + + rc = ioctl(fd, IOCTL_SEALING_KEY, &args); + if (rc < 0) { + printf("ioctl failed, err: %s,\n", strerror(errno)); + (void)close(fd); + return -1; + } + + (void)memcpy(sealing_key, args.sealing_key, SEALING_KEY_LEN); + (void)close(fd); + return 0; +} \ No newline at end of file