diff --git a/huks/BUILD.gn b/huks/BUILD.gn new file mode 100755 index 0000000000000000000000000000000000000000..cdb5fb027dcc6ee6b9ee8ccbcdfa567a22f9b563 --- /dev/null +++ b/huks/BUILD.gn @@ -0,0 +1,22 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if (defined(ohos_lite)) { + group("huks_entry") { + deps = [] + } +} else { + group("huks_entry") { + deps = [ "./hdi_service:huks_hdi_service" ] + } +} diff --git a/huks/bundle.json b/huks/bundle.json new file mode 100755 index 0000000000000000000000000000000000000000..7f30d415fb205ff13f2f7f2cf50674b2fa42e238 --- /dev/null +++ b/huks/bundle.json @@ -0,0 +1,38 @@ +{ + "name": "@ohos/drivers_peripheral_huks", + "description": "huks device driver", + "version": "4.0", + "license": "Apache License 2.0", + "publishAs": "code-segment", + "segment": { + "destPath": "drivers/peripheral/huks" + }, + "dirs": {}, + "scripts": {}, + "component": { + "name": "drivers_peripheral_huks", + "subsystem": "hdf", + "syscap": [""], + "adapter_system_type": ["standard"], + "rom": "675KB", + "ram": "7400KB", + "deps": { + "components": [ + "hdf_core", + "hiviewdfx_hilog_native", + "c_utils" + ], + "third_party": [ + ] + }, + "build": { + "sub_component": [ + "//drivers/peripheral/huks:huks_entry" + ], + "test": [ + ], + "inner_kits": [ + ] + } + } +} diff --git a/huks/formatGn.sh b/huks/formatGn.sh new file mode 100755 index 0000000000000000000000000000000000000000..34414d9aac3132f600cf0c4da15469c17fdc2324 --- /dev/null +++ b/huks/formatGn.sh @@ -0,0 +1 @@ +find -name "*.gn" -or -name "*.gni" | xargs ../../../prebuilts/build-tools/linux-x86/bin/gn format diff --git a/huks/hdi_service/BUILD.gn b/huks/hdi_service/BUILD.gn new file mode 100755 index 0000000000000000000000000000000000000000..a657ea7f2d8fd44581ba906b477380ef2589b3aa --- /dev/null +++ b/huks/hdi_service/BUILD.gn @@ -0,0 +1,96 @@ +# Copyright (C) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("//drivers/hdf_core/adapter/uhdf2/uhdf.gni") + +config("huks_config") { + include_dirs = [ "//base/security/huks/services/huks_standard/huks_engine/main/core/include" ] +} + + +ohos_shared_library("libhuks_hdi_service") { + subsystem_name = "security" + part_name = "huks" + public_configs = [ ":huks_config" ] + defines = [] + include_dirs = [ + "//base/security/huks/utils/crypto_adapter", + "//base/security/huks/utils/list", + "//base/security/huks/utils/mutex", + ] + sources = [ + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_asn1.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_auth.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_chipset_platform_decrypt.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_core_interfaces.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_core_service.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_core_service_three_stage.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_keyblob.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_keynode.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_sm_import_wrap_key.c", + ] + + deps = [ + "//base/security/huks/frameworks/huks_standard/main:huks_standard_frameworks", + "//base/security/huks/services/huks_standard/huks_engine/main/core_dependency:libhuks_core_hal_api_static", + "//base/security/huks/utils/crypto_adapter:libhuks_utils_client_service_adapter_static", + "//base/security/huks/utils/file_operator:libhuks_utils_file_operator_static", + "//base/security/huks/utils/list:libhuks_utils_list_static", + "//base/security/huks/utils/mutex:libhuks_utils_mutex_static", + ] + + sanitize = { + integer_overflow = true + cfi = true + debug = false + } + sources += [ + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_attest.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_attest_utils.c", + "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_secure_access.c", + ] + + sources += [ "//base/security/huks/services/huks_standard/huks_engine/main/core/src/hks_upgrade_key.c" ] + + deps += [ "//base/security/huks/services/huks_standard/huks_service/main/systemapi_wrap/useridm:libhuks_service_systemapi_wrap_static" ] + + + configs = [ + "//base/security/huks/frameworks/config/build:l2_standard_common_config", + ] + + + sources += [ + "huks_proxy.c", + "huks_service.c", + ] + if (is_standard_system) { + external_deps = [ + "c_utils:utils", + "hiviewdfx_hilog_native:libhilog", + "hdf_core:libhdf_utils", + "hdf_core:libhdi", + ] + } else { + external_deps = [ "hilog:libhilog" ] + } + + install_images = [ chipset_base_dir ] + subsystem_name = "hdf" + part_name = "drivers_peripheral_huks" +} + +group("huks_hdi_service") { + deps = [ ":libhuks_hdi_service" ] +} diff --git a/huks/hdi_service/huks_proxy.c b/huks/hdi_service/huks_proxy.c new file mode 100755 index 0000000000000000000000000000000000000000..2f945bbd5061a062ba49089a9a033e928274f4d7 --- /dev/null +++ b/huks/hdi_service/huks_proxy.c @@ -0,0 +1,42 @@ +#include +#include "v1_0/ihuks.h" + +#define HDF_LOG_TAG huks_proxy + +struct IHuks *IHuksGet(bool isStub) +{ + return IHuksGetInstance("huks_service", isStub); +} + +struct IHuks *IHuksGetInstance(const char *serviceName, bool isStub) +{ + if (isStub) { + const char *instName = serviceName; + if (strcmp(instName, "huks_service") == 0) { + instName = "service"; + } + return LoadHdiImpl(IHUKS_INTERFACE_DESC, instName); + } + return NULL; +} + +void IHuksRelease(struct IHuks *instance, bool isStub) +{ + IHuksReleaseInstance("huks_service", instance, isStub); +} + +void IHuksReleaseInstance(const char *serviceName, struct IHuks *instance, bool isStub) +{ + if (instance == NULL) { + return; + } + + if (isStub) { + const char *instName = serviceName; + if (strcmp(instName, "huks_service") == 0) { + instName = "service"; + } + UnloadHdiImpl(IHUKS_INTERFACE_DESC, instName, instance); + return; + } +} diff --git a/huks/hdi_service/huks_service.c b/huks/hdi_service/huks_service.c new file mode 100755 index 0000000000000000000000000000000000000000..3dce89b0e2f09db045d92dc242b513d33da7d069 --- /dev/null +++ b/huks/hdi_service/huks_service.c @@ -0,0 +1,174 @@ +#include +#include +#include +#include +#include "ihuks.h" + +#define HDF_LOG_TAG huks_service + +struct HuksService { + struct IHuks interface; +}; + +static int32_t HuksModuleInit(struct IHuks *self) +{ + return HDF_SUCCESS; +} + +static int32_t HuksGenerateKey(struct IHuks *self, const struct HksBlob* keyAlias, const struct HksParamSet* paramSet, + const struct HksBlob* keyIn, struct HksBlob* keyOut) +{ + return HDF_SUCCESS; +} + +static int32_t HuksImportKey(struct IHuks *self, const struct HksBlob* keyAlias, const struct HksBlob* key, + const struct HksParamSet* paramSet, struct HksBlob* keyOut) +{ + return HDF_SUCCESS; +} + +static int32_t HuksImportWrappedKey(struct IHuks *self, const struct HksBlob* wrappingKeyAlias, + const struct HksBlob* key, const struct HksBlob* wrappedKeyData, const struct HksParamSet* paramSet, struct HksBlob* keyOut) +{ + return HDF_SUCCESS; +} + +static int32_t HuksExportPublicKey(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + struct HksBlob* keyOut) +{ + return HDF_SUCCESS; +} + +static int32_t HuksInit(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + struct HksBlob* handle, struct HksBlob* token) +{ + return HDF_SUCCESS; +} + +static int32_t HuksUpdate(struct IHuks *self, const struct HksBlob* handle, const struct HksParamSet* paramSet, + const struct HksBlob* inData, struct HksBlob* outData) +{ + return HDF_SUCCESS; +} + +static int32_t HuksFinish(struct IHuks *self, const struct HksBlob* handle, const struct HksParamSet* paramSet, + const struct HksBlob* inData, struct HksBlob* outData) +{ + return HDF_SUCCESS; +} + +static int32_t HuksAbort(struct IHuks *self, const struct HksBlob* handle, const struct HksParamSet* paramSet) +{ + return HDF_SUCCESS; +} + +static int32_t HuksGetKeyProperties(struct IHuks *self, const struct HksParamSet* paramSet, const struct HksBlob* key) +{ + return HDF_SUCCESS; +} + +static int32_t HuksAttestKey(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + struct HksBlob* certChain) +{ + return HDF_SUCCESS; +} + +static int32_t HuksGenerateRandom(struct IHuks *self, const struct HksParamSet* paramSet, struct HksBlob* random) +{ + return HDF_SUCCESS; +} + +static int32_t HuksSign(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* srcData, struct HksBlob* signature) +{ + return HDF_SUCCESS; +} + +static int32_t HuksVerify(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* srcData, const struct HksBlob* signature) +{ + return HDF_SUCCESS; +} + +static int32_t HuksEncrypt(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* plainText, struct HksBlob* cipherText) +{ + return HDF_SUCCESS; +} + +static int32_t HuksDecrypt(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* cipherText, struct HksBlob* plainText) +{ + return HDF_SUCCESS; +} + +static int32_t HuksAgreeKey(struct IHuks *self, const struct HksParamSet* paramSet, const struct HksBlob* privateKey, + const struct HksBlob* peerPublicKey, struct HksBlob* agreedKey) +{ + return HDF_SUCCESS; +} + +static int32_t HuksDeriveKey(struct IHuks *self, const struct HksParamSet* paramSet, const struct HksBlob* kdfKey, + struct HksBlob* derivedKey) +{ + return HDF_SUCCESS; +} + +static int32_t HuksMac(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* srcData, struct HksBlob* mac) +{ + return HDF_SUCCESS; +} + +static int32_t HuksExportChipsetPlatformPublicKey(struct IHuks *self, const struct HksBlob* salt, + enum HksChipsetPlatformDecryptScene scene, struct HksBlob* publicKey) +{ + return HDF_SUCCESS; +} + +static int32_t HuksGetVersion(struct IHuks *self, uint32_t* majorVer, uint32_t* minorVer) +{ + *majorVer = IHUKS_MAJOR_VERSION; + *minorVer = IHUKS_MINOR_VERSION; + return HDF_SUCCESS; +} + +struct IHuks *HuksImplGetInstance(void) +{ + struct HuksService *service = (struct HuksService *)OsalMemCalloc(sizeof(struct HuksService)); + if (service == NULL) { + HDF_LOGE("%{public}s: malloc HuksService obj failed!", __func__); + return NULL; + } + + service->interface.ModuleInit = HuksModuleInit; + service->interface.GenerateKey = HuksGenerateKey; + service->interface.ImportKey = HuksImportKey; + service->interface.ImportWrappedKey = HuksImportWrappedKey; + service->interface.ExportPublicKey = HuksExportPublicKey; + service->interface.Init = HuksInit; + service->interface.Update = HuksUpdate; + service->interface.Finish = HuksFinish; + service->interface.Abort = HuksAbort; + service->interface.GetKeyProperties = HuksGetKeyProperties; + service->interface.AttestKey = HuksAttestKey; + service->interface.GenerateRandom = HuksGenerateRandom; + service->interface.Sign = HuksSign; + service->interface.Verify = HuksVerify; + service->interface.Encrypt = HuksEncrypt; + service->interface.Decrypt = HuksDecrypt; + service->interface.AgreeKey = HuksAgreeKey; + service->interface.DeriveKey = HuksDeriveKey; + service->interface.Mac = HuksMac; + service->interface.ExportChipsetPlatformPublicKey = HuksExportChipsetPlatformPublicKey; + service->interface.GetVersion = HuksGetVersion; + return &service->interface; +} + +void HuksImplRelease(struct IHuks *instance) +{ + if (instance == NULL) { + return; + } + OsalMemFree(instance); +} diff --git a/huks/hdi_service/ihuks_hdi.h b/huks/hdi_service/ihuks_hdi.h new file mode 100755 index 0000000000000000000000000000000000000000..09a2c421c04101220cce8a80c3772ecfc668ea58 --- /dev/null +++ b/huks/hdi_service/ihuks_hdi.h @@ -0,0 +1,92 @@ +#ifndef OHOS_HDI_HUKS_V1_0_IHUKS_H +#define OHOS_HDI_HUKS_V1_0_IHUKS_H + +#include +#include +#include +#include "ihuks_types.h" + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#define IHUKS_INTERFACE_DESC "ohos.hdi.huks.v1_0.IHuks" + +#define IHUKS_MAJOR_VERSION 1 +#define IHUKS_MINOR_VERSION 0 + +struct IHuks { + int32_t (*ModuleInit)(struct IHuks *self); + + int32_t (*GenerateKey)(struct IHuks *self, const struct HksBlob* keyAlias, const struct HksParamSet* paramSet, + const struct HksBlob* keyIn, struct HksBlob* keyOut); + + int32_t (*ImportKey)(struct IHuks *self, const struct HksBlob* keyAlias, const struct HksBlob* key, + const struct HksParamSet* paramSet, struct HksBlob* keyOut); + + int32_t (*ImportWrappedKey)(struct IHuks *self, const struct HksBlob* wrappingKeyAlias, const struct HksBlob* key, + const struct HksBlob* wrappedKeyData, const struct HksParamSet* paramSet, struct HksBlob* keyOut); + + int32_t (*ExportPublicKey)(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + struct HksBlob* keyOut); + + int32_t (*Init)(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + struct HksBlob* handle, struct HksBlob* token); + + int32_t (*Update)(struct IHuks *self, const struct HksBlob* handle, const struct HksParamSet* paramSet, + const struct HksBlob* inData, struct HksBlob* outData); + + int32_t (*Finish)(struct IHuks *self, const struct HksBlob* handle, const struct HksParamSet* paramSet, + const struct HksBlob* inData, struct HksBlob* outData); + + int32_t (*Abort)(struct IHuks *self, const struct HksBlob* handle, const struct HksParamSet* paramSet); + + int32_t (*GetKeyProperties)(struct IHuks *self, const struct HksParamSet* paramSet, const struct HksBlob* key); + + int32_t (*AttestKey)(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + struct HksBlob* certChain); + + int32_t (*GenerateRandom)(struct IHuks *self, const struct HksParamSet* paramSet, struct HksBlob* random); + + int32_t (*Sign)(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* srcData, struct HksBlob* signature); + + int32_t (*Verify)(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* srcData, const struct HksBlob* signature); + + int32_t (*Encrypt)(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* plainText, struct HksBlob* cipherText); + + int32_t (*Decrypt)(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* cipherText, struct HksBlob* plainText); + + int32_t (*AgreeKey)(struct IHuks *self, const struct HksParamSet* paramSet, const struct HksBlob* privateKey, + const struct HksBlob* peerPublicKey, struct HksBlob* agreedKey); + + int32_t (*DeriveKey)(struct IHuks *self, const struct HksParamSet* paramSet, const struct HksBlob* kdfKey, + struct HksBlob* derivedKey); + + int32_t (*Mac)(struct IHuks *self, const struct HksBlob* key, const struct HksParamSet* paramSet, + const struct HksBlob* srcData, struct HksBlob* mac); + + int32_t (*ExportChipsetPlatformPublicKey)(struct IHuks *self, const struct HksBlob* salt, + enum HksChipsetPlatformDecryptScene scene, struct HksBlob* publicKey); + + int32_t (*GetVersion)(struct IHuks *self, uint32_t* majorVer, uint32_t* minorVer); + + int32_t (*UpgradeKey)(const struct HksBlob *oldKey, const struct HksParamSet *paramSet, + struct HksBlob *newKey); +}; + +// external method used to create client object, it support ipc and passthrought mode +struct IHuks *IHuksGet(bool isStub); +struct IHuks *IHuksGetInstance(const char *serviceName, bool isStub); + +// external method used to create release object, it support ipc and passthrought mode +void IHuksRelease(struct IHuks *instance, bool isStub); +void IHuksReleaseInstance(const char *serviceName, struct IHuks *instance, bool isStub); +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif // OHOS_HDI_HUKS_V1_0_IHUKS_H \ No newline at end of file diff --git a/huks/hdi_service/ihuks_types.h b/huks/hdi_service/ihuks_types.h new file mode 100755 index 0000000000000000000000000000000000000000..1d5f392b48f22c212b0157c036bb14308e7a01be --- /dev/null +++ b/huks/hdi_service/ihuks_types.h @@ -0,0 +1,39 @@ +#ifndef IHUKSTYPES_H +#define IHUKSTYPES_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +struct HksBlob { + uint8_t* data; + uint32_t dataLen; +}; + +struct HksParam { + uint32_t tag; + bool boolParam; + int32_t int32Param; + uint32_t uint32Param; + uint64_t uint64Param; + struct HksBlob blob; +}; + +struct HksParamSet { + uint32_t paramSetSize; + uint32_t paramsCnt; + struct HksParam* params; + uint32_t paramsLen; +}; + +enum HksChipsetPlatformDecryptScene { + HKS_CHIPSET_PLATFORM_DECRYPT_SCENCE_TA_TO_TA = 1, +}; +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif // IHUKSTYPES_H \ No newline at end of file