From 3022d6fb2d4a1a40c33d4928be8694e47043506a Mon Sep 17 00:00:00 2001
From: chenzheng <chenzheng55@huawei.com>
Date: Wed, 22 May 2024 15:56:55 +0000
Subject: [PATCH 1/2] add huk derive key sdk

---
 build.sh                        | 26 +++++++++++---
 huk_derive/sdk/CMakeLists.txt   | 20 +++++++++++
 huk_derive/sdk/inc/huk_derive.h | 34 ++++++++++++++++++
 huk_derive/sdk/src/huk_derive.c | 64 +++++++++++++++++++++++++++++++++
 4 files changed, 140 insertions(+), 4 deletions(-)
 create mode 100644 huk_derive/sdk/CMakeLists.txt
 create mode 100644 huk_derive/sdk/inc/huk_derive.h
 create mode 100644 huk_derive/sdk/src/huk_derive.c

diff --git a/build.sh b/build.sh
index bae3476..4614844 100644
--- a/build.sh
+++ b/build.sh
@@ -3,7 +3,25 @@ set -x
 
 ROOT_DIR=$(cd $(dirname $0);pwd)
 
-echo "build attestation sdk"
-cd ${ROOT_DIR}/attestation/sdk
-cmake -S . -B build
-cmake --build build
+function attestation() {
+    echo "build attestation sdk"
+    cd ${ROOT_DIR}/attestation/sdk
+    cmake -S . -B build
+    cmake --build build
+}
+
+function huk_derive() {
+    echo "build huk derive key sdk"
+    cd ${ROOT_DIR}/huk_derive/sdk
+    cmake -S . -B build
+    cmake --build build
+}
+
+case $1 in
+    attest) attestation;;
+    huk) huk_derive;;
+    *)
+        attestation
+        huk_derive
+        ;;
+esac
\ No newline at end of file
diff --git a/huk_derive/sdk/CMakeLists.txt b/huk_derive/sdk/CMakeLists.txt
new file mode 100644
index 0000000..93d0041
--- /dev/null
+++ b/huk_derive/sdk/CMakeLists.txt
@@ -0,0 +1,20 @@
+cmake_minimum_required(VERSION 3.20)
+project(virtcca-sdk
+    LANGUAGES C)
+
+set(CMAKE_INSTALL_PREFIX /usr/local)
+set(targetname hukderive)
+
+add_library(${targetname} SHARED)
+
+target_sources(${targetname} PRIVATE src/huk_derive.c)
+
+target_include_directories(${targetname} PUBLIC inc)
+
+set_target_properties(${targetname} PROPERTIES PUBLIC_HEADER inc/huk_derive.h)
+
+install(TARGETS ${targetname}
+        LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+        ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+        PUBLIC_HEADER ${CMAKE_INSTALL_INCLUDEDIR}
+)
\ No newline at end of file
diff --git a/huk_derive/sdk/inc/huk_derive.h b/huk_derive/sdk/inc/huk_derive.h
new file mode 100644
index 0000000..96b3d5e
--- /dev/null
+++ b/huk_derive/sdk/inc/huk_derive.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+ * virtCCA_sdk is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef VIRTCCA_HUK_DERIVE_KEY_H
+#define VIRTCCA_HUK_DERIVE_KEY_H
+
+#include <stdint.h>
+
+#define SEALING_KEY_LEN 32
+#define SEALING_SALT_LEN 64
+
+/**
+ * @brief   Get a sealing key from TMM with specified derivation parameters by PBKDF2 HUK derived
+ *
+ * @param   salt        [IN]  A user param used in huk derivation, length should be 64 byte.
+ *                            This param is optional, set it to NULL to derived without user param.
+ * @param   salt_len    [IN]  Length of the user param in byte, should be 64. or set to 0 when not specifying user param.
+ * @param   sealing_key [OUT] Addr of the output derived key, make sure that enough memory(>=32) had been allocated to the address.
+ *
+ * @return  0: successfully get the derived key
+ *          -1: failed
+*/
+int get_sealing_key(uint8_t* salt, uint32_t salt_len, uint8_t* sealing_key);
+
+#endif
\ No newline at end of file
diff --git a/huk_derive/sdk/src/huk_derive.c b/huk_derive/sdk/src/huk_derive.c
new file mode 100644
index 0000000..6cb387c
--- /dev/null
+++ b/huk_derive/sdk/src/huk_derive.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved.
+ * virtCCA_sdk is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/ioctl.h>
+#include "huk_derive.h"
+
+#define HUK_DERIVE_KEY_DEV_NAME "/dev/tsi_huk"
+
+struct huk_derive_params {
+    uint8_t salt[SEALING_SALT_LEN];
+    uint32_t salt_len;
+    uint8_t sealing_key[SEALING_KEY_LEN];
+};
+
+#define HUK_IOC_MAGIC 'd'
+#define HUK_IOCTL_DERIVE_KEY _IOWR(HUK_IOC_MAGIC, 0, struct huk_derive_params)
+
+int get_sealing_key(uint8_t* salt, uint32_t salt_len, uint8_t* sealing_key)
+{
+    int rc = 0;
+    int fd = -1;
+    struct huk_derive_params args = { 0 };
+
+    if (salt && salt_len != SEALING_SALT_LEN) {
+        printf("ERROR: invalid salt len: %d! len should be within 64\n", salt_len);
+        return -1;
+    }
+
+    if (salt) {
+        (void)memcpy(args.salt, salt, salt_len);
+        args.salt_len = salt_len;
+    }
+
+    fd = open(HUK_DERIVE_KEY_DEV_NAME, O_RDWR);
+    if (fd < 0) {
+        printf("open dev %s failed, err: %s\n", HUK_DERIVE_KEY_DEV_NAME, strerror(errno));
+        return -1;
+    }
+
+    rc = ioctl(fd, HUK_IOCTL_DERIVE_KEY, &args);
+    if (rc < 0) {
+        printf("ioctl failed, err: %s,\n", strerror(errno));
+        (void)close(fd);
+        return -1;
+    }
+
+    (void)memcpy(sealing_key, args.sealing_key, SEALING_KEY_LEN);
+    (void)close(fd);
+    return 0;
+}
\ No newline at end of file
-- 
Gitee


From e00fe589f04fafe02cc81ce4a176835f6c238893 Mon Sep 17 00:00:00 2001
From: chenzheng <chenzheng55@huawei.com>
Date: Tue, 28 May 2024 15:11:05 +0800
Subject: [PATCH 2/2] argument add alg for sm3 support in future

---
 build.sh                                      | 10 +++----
 .../sdk/CMakeLists.txt                        |  8 ++---
 .../sdk/inc/sealing_key.h                     | 11 +++++--
 .../sdk/src/sealing_key.c                     | 30 ++++++++++++-------
 4 files changed, 37 insertions(+), 22 deletions(-)
 rename {huk_derive => sealing_key}/sdk/CMakeLists.txt (75%)
 rename huk_derive/sdk/inc/huk_derive.h => sealing_key/sdk/inc/sealing_key.h (81%)
 rename huk_derive/sdk/src/huk_derive.c => sealing_key/sdk/src/sealing_key.c (63%)

diff --git a/build.sh b/build.sh
index 4614844..5097daa 100644
--- a/build.sh
+++ b/build.sh
@@ -10,18 +10,18 @@ function attestation() {
     cmake --build build
 }
 
-function huk_derive() {
-    echo "build huk derive key sdk"
-    cd ${ROOT_DIR}/huk_derive/sdk
+function sealing_key() {
+    echo "build sealing key sdk"
+    cd ${ROOT_DIR}/sealing_key/sdk
     cmake -S . -B build
     cmake --build build
 }
 
 case $1 in
     attest) attestation;;
-    huk) huk_derive;;
+    sealing) sealing_key;;
     *)
         attestation
-        huk_derive
+        sealing_key
         ;;
 esac
\ No newline at end of file
diff --git a/huk_derive/sdk/CMakeLists.txt b/sealing_key/sdk/CMakeLists.txt
similarity index 75%
rename from huk_derive/sdk/CMakeLists.txt
rename to sealing_key/sdk/CMakeLists.txt
index 93d0041..82ea9a0 100644
--- a/huk_derive/sdk/CMakeLists.txt
+++ b/sealing_key/sdk/CMakeLists.txt
@@ -1,17 +1,17 @@
-cmake_minimum_required(VERSION 3.20)
+cmake_minimum_required(VERSION 3.16)
 project(virtcca-sdk
     LANGUAGES C)
 
 set(CMAKE_INSTALL_PREFIX /usr/local)
-set(targetname hukderive)
+set(targetname sealingkey)
 
 add_library(${targetname} SHARED)
 
-target_sources(${targetname} PRIVATE src/huk_derive.c)
+target_sources(${targetname} PRIVATE src/sealing_key.c)
 
 target_include_directories(${targetname} PUBLIC inc)
 
-set_target_properties(${targetname} PROPERTIES PUBLIC_HEADER inc/huk_derive.h)
+set_target_properties(${targetname} PROPERTIES PUBLIC_HEADER inc/sealing_key.h)
 
 install(TARGETS ${targetname}
         LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
diff --git a/huk_derive/sdk/inc/huk_derive.h b/sealing_key/sdk/inc/sealing_key.h
similarity index 81%
rename from huk_derive/sdk/inc/huk_derive.h
rename to sealing_key/sdk/inc/sealing_key.h
index 96b3d5e..560175d 100644
--- a/huk_derive/sdk/inc/huk_derive.h
+++ b/sealing_key/sdk/inc/sealing_key.h
@@ -10,17 +10,22 @@
  * See the Mulan PSL v2 for more details.
  */
 
-#ifndef VIRTCCA_HUK_DERIVE_KEY_H
-#define VIRTCCA_HUK_DERIVE_KEY_H
+#ifndef VIRTCCA_SEALING_KEY_H
+#define VIRTCCA_SEALING_KEY_H
 
 #include <stdint.h>
 
 #define SEALING_KEY_LEN 32
 #define SEALING_SALT_LEN 64
 
+typedef enum {
+    SEALING_HMAC_SHA256
+} SEALING_KEY_ALG;
+
 /**
  * @brief   Get a sealing key from TMM with specified derivation parameters by PBKDF2 HUK derived
  *
+ * @param   alg         [IN]  The HMAC algorithm used in derive sealing key
  * @param   salt        [IN]  A user param used in huk derivation, length should be 64 byte.
  *                            This param is optional, set it to NULL to derived without user param.
  * @param   salt_len    [IN]  Length of the user param in byte, should be 64. or set to 0 when not specifying user param.
@@ -29,6 +34,6 @@
  * @return  0: successfully get the derived key
  *          -1: failed
 */
-int get_sealing_key(uint8_t* salt, uint32_t salt_len, uint8_t* sealing_key);
+int get_sealing_key(SEALING_KEY_ALG alg, uint8_t* salt, uint32_t salt_len, uint8_t* sealing_key);
 
 #endif
\ No newline at end of file
diff --git a/huk_derive/sdk/src/huk_derive.c b/sealing_key/sdk/src/sealing_key.c
similarity index 63%
rename from huk_derive/sdk/src/huk_derive.c
rename to sealing_key/sdk/src/sealing_key.c
index 6cb387c..c01b7c0 100644
--- a/huk_derive/sdk/src/huk_derive.c
+++ b/sealing_key/sdk/src/sealing_key.c
@@ -16,42 +16,52 @@
 #include <string.h>
 #include <unistd.h>
 #include <sys/ioctl.h>
-#include "huk_derive.h"
+#include "sealing_key.h"
 
-#define HUK_DERIVE_KEY_DEV_NAME "/dev/tsi_huk"
+#define SEALING_KEY_DEV_NAME "/dev/sealingkey"
 
-struct huk_derive_params {
+struct sealing_key_params {
+    uint32_t alg;
     uint8_t salt[SEALING_SALT_LEN];
     uint32_t salt_len;
     uint8_t sealing_key[SEALING_KEY_LEN];
 };
 
-#define HUK_IOC_MAGIC 'd'
-#define HUK_IOCTL_DERIVE_KEY _IOWR(HUK_IOC_MAGIC, 0, struct huk_derive_params)
+#define SEAL_KEY_IOC_MAGIC 'd'
+#define IOCTL_SEALING_KEY _IOWR(SEAL_KEY_IOC_MAGIC, 0, struct sealing_key_params)
 
-int get_sealing_key(uint8_t* salt, uint32_t salt_len, uint8_t* sealing_key)
+int get_sealing_key(SEALING_KEY_ALG alg, uint8_t* salt, uint32_t salt_len, uint8_t* sealing_key)
 {
     int rc = 0;
     int fd = -1;
-    struct huk_derive_params args = { 0 };
+    struct sealing_key_params args = { 0 };
 
     if (salt && salt_len != SEALING_SALT_LEN) {
         printf("ERROR: invalid salt len: %d! len should be within 64\n", salt_len);
         return -1;
     }
 
+    switch (alg) {
+        case SEALING_HMAC_SHA256:
+            break;
+        default:
+            printf("ERROR: current version not support this mode, alg: %d\n", alg);
+            return -1;
+    }
+
+    args.alg = alg;
     if (salt) {
         (void)memcpy(args.salt, salt, salt_len);
         args.salt_len = salt_len;
     }
 
-    fd = open(HUK_DERIVE_KEY_DEV_NAME, O_RDWR);
+    fd = open(SEALING_KEY_DEV_NAME, O_RDWR);
     if (fd < 0) {
-        printf("open dev %s failed, err: %s\n", HUK_DERIVE_KEY_DEV_NAME, strerror(errno));
+        printf("open dev %s failed, err: %s\n", SEALING_KEY_DEV_NAME, strerror(errno));
         return -1;
     }
 
-    rc = ioctl(fd, HUK_IOCTL_DERIVE_KEY, &args);
+    rc = ioctl(fd, IOCTL_SEALING_KEY, &args);
     if (rc < 0) {
         printf("ioctl failed, err: %s,\n", strerror(errno));
         (void)close(fd);
-- 
Gitee