1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#ifndef HUKS_SA_HDI_H 17#define HUKS_SA_HDI_H 18 19#include "huks_sa_type.h" 20 21struct HuksHdi { 22 /** 23 * @brief HUKS initialize 24 * @return error code, see huks_sa_type.h 25 */ 26 int32_t (*HuksHdiModuleInit)(void); 27 28 /** 29 * @brief HUKS destroy 30 * @return error code, see huks_sa_type.h 31 */ 32 int32_t (*HuksHdiModuleDestroy)(void); 33 34 /** 35 * @brief HUKS fresh key info 36 * @return error code, see huks_sa_type.h 37 */ 38 int32_t (*HuksHdiRefresh)(void); 39 40 /** 41 * @brief Generate key 42 * @param keyAlias key alias 43 * @param paramSet required parameter set 44 * @param keyIn key to generate key 45 * @param keyOut output key 46 * @return error code, see huks_sa_type.h 47 */ 48 int32_t (*HuksHdiGenerateKey)(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, 49 const struct HksBlob *keyIn, struct HksBlob *keyOut); 50 51 /** 52 * @brief Import key 53 * @param keyAlias key alias 54 * @param key the key needs to be imported 55 * @param paramSet required parameter set 56 * @param keyOut output key 57 * @return error code, see huks_sa_type.h 58 */ 59 int32_t (*HuksHdiImportKey)(const struct HksBlob *keyAlias, const struct HksBlob *key, 60 const struct HksParamSet *paramSet, struct HksBlob *keyOut); 61 62 /** 63 * @brief Import wrapped key 64 * @param wrappingKeyAlias alias used to decrypt the key data after the wrap 65 * @param key the key to wrap key 66 * @param wrappedKeyData wrapped key data out 67 * @param paramSet required parameter set 68 * @param keyOut output key 69 * @return error code, see huks_sa_type.h 70 */ 71 int32_t (*HuksHdiImportWrappedKey)(const struct HksBlob *wrappingKeyAlias, const struct HksBlob *key, 72 const struct HksBlob *wrappedKeyData, const struct HksParamSet *paramSet, struct HksBlob *keyOut); 73 74 /** 75 * @brief Export public key 76 * @param key key need to export 77 * @param paramSet required parameter set 78 * @param keyOut exported key 79 * @return error code, see huks_sa_type.h 80 */ 81 int32_t (*HuksHdiExportPublicKey)(const struct HksBlob *key, const struct HksParamSet *paramSet, 82 struct HksBlob *keyOut); 83 84 /** 85 * @brief Init operation 86 * @param key the key 87 * @param paramSet required parameter set 88 * @param handle operation handle 89 * @param token token 90 * @return error code, see huks_sa_type.h 91 */ 92 int32_t (*HuksHdiInit)(const struct HksBlob *key, const struct HksParamSet *paramSet, struct HksBlob *handle, 93 struct HksBlob *token); 94 95 /** 96 * @brief Update operation 97 * @param handle operation handle 98 * @param paramSet required parameter set 99 * @param inData the data to update 100 * @param outData output data 101 * @return error code, see huks_sa_type.h 102 */ 103 int32_t (*HuksHdiUpdate)(const struct HksBlob *handle, const struct HksParamSet *paramSet, 104 const struct HksBlob *inData, struct HksBlob *outData); 105 106 /** 107 * @brief Finish operation 108 * @param handle operation handle 109 * @param paramSet required parameter set 110 * @param inData the data to update 111 * @param outData output data 112 * @return error code, see huks_sa_type.h 113 */ 114 int32_t (*HuksHdiFinish)(const struct HksBlob *handle, const struct HksParamSet *paramSet, 115 const struct HksBlob *inData, struct HksBlob *outData); 116 117 /** 118 * @brief Finish operation 119 * @param handle operation handle 120 * @param paramSet required parameter set 121 * @return error code, see huks_sa_type.h 122 */ 123 int32_t (*HuksHdiAbort)(const struct HksBlob *handle, const struct HksParamSet *paramSet); 124 125 /** 126 * @brief Get key properties 127 * @param paramSet required parameter set 128 * @param key the key 129 * @return error code, see huks_sa_type.h 130 */ 131 int32_t (*HuksHdiGetKeyProperties)(const struct HksParamSet *paramSet, const struct HksBlob *key); 132 133 /** 134 * @brief Attest key 135 * @param key the key 136 * @param paramSet required parameter set 137 * @param certChain cert chain 138 * @return error code, see huks_sa_type.h 139 */ 140 int32_t (*HuksHdiAttestKey)(const struct HksBlob *key, const struct HksParamSet *paramSet, 141 struct HksBlob *certChain); 142 143 /** 144 * @brief Get ability 145 * @param funcType the function type 146 * @return error code, see huks_sa_type.h 147 */ 148 int32_t (*HuksHdiGetAbility)(int32_t funcType); 149 150 /** 151 * @brief Get hardware info 152 * @return error code, see huks_sa_type.h 153 */ 154 int32_t (*HuksHdiGetHardwareInfo)(void); 155 156 /** 157 * @brief Calculate mac header 158 * @param paramSet required parameter set 159 * @param salt the salt value 160 * @param srcData the data to calculte 161 * @param mac output mac value 162 * @return error code, see huks_sa_type.h 163 */ 164 int32_t (*HuksHdiCalcMacHeader)(const struct HksParamSet *paramSet, const struct HksBlob *salt, 165 const struct HksBlob *srcData, struct HksBlob *mac); 166 167 /** 168 * @brief Upgrade key info 169 * @param keyAlias key alias 170 * @param keyInfo key info 171 * @param keyOut output key value 172 * @return error code, see huks_sa_type.h 173 */ 174 int32_t (*HuksHdiUpgradeKeyInfo)(const struct HksBlob *keyAlias, const struct HksBlob *keyInfo, 175 struct HksBlob *keyOut); 176 177 /** 178 * @brief Generate random 179 * @param paramSet required parameter set 180 * @param random output random 181 * @return error code, see huks_sa_type.h 182 */ 183 int32_t (*HuksHdiGenerateRandom)(const struct HksParamSet *paramSet, struct HksBlob *random); 184 185 /** 186 * @brief Sign operation 187 * @param key required key to sign data 188 * @param paramSet required parameter set 189 * @param srcData the data needs to sign 190 * @param signature signatured data 191 * @return error code, see huks_sa_type.h 192 */ 193 int32_t (*HuksHdiSign)(const struct HksBlob *key, const struct HksParamSet *paramSet, 194 const struct HksBlob *srcData, struct HksBlob *signature); 195 196 /** 197 * @brief Verify operation 198 * @param key required key to verify data 199 * @param paramSet required parameter set 200 * @param srcData the data needs to verify 201 * @param signature verified data 202 * @return error code, see huks_sa_type.h 203 */ 204 int32_t (*HuksHdiVerify)(const struct HksBlob *key, const struct HksParamSet *paramSet, 205 const struct HksBlob *srcData, const struct HksBlob *signature); 206 207 /** 208 * @brief Encrypt operation 209 * @param key required key to encrypt data 210 * @param paramSet required parameter set 211 * @param plainText the data needs to encrypt 212 * @param cipherText encrypted data 213 * @return error code, see huks_sa_type.h 214 */ 215 int32_t (*HuksHdiEncrypt)(const struct HksBlob *key, const struct HksParamSet *paramSet, 216 const struct HksBlob *plainText, struct HksBlob *cipherText); 217 218 /** 219 * @brief Decrypt operation 220 * @param key required key to decrypt data 221 * @param paramSet required parameter set 222 * @param cipherText the data needs to decrypt 223 * @param plainText decrypted data 224 * @return error code, see huks_sa_type.h 225 */ 226 int32_t (*HuksHdiDecrypt)(const struct HksBlob *key, const struct HksParamSet *paramSet, 227 const struct HksBlob *cipherText, struct HksBlob *plainText); 228 229 /** 230 * @brief Agree key 231 * @param paramSet required parameter set 232 * @param privateKey self private key 233 * @param peerPublicKey peer public key 234 * @param agreedKey agreed key 235 * @return error code, see huks_sa_type.h 236 */ 237 int32_t (*HuksHdiAgreeKey)(const struct HksParamSet *paramSet, const struct HksBlob *privateKey, 238 const struct HksBlob *peerPublicKey, struct HksBlob *agreedKey); 239 240 /** 241 * @brief Derive key 242 * @param paramSet required parameter set 243 * @param kdfKey main key to derive key 244 * @param derivedKey derived key 245 * @return error code, see huks_sa_type.h 246 */ 247 int32_t (*HuksHdiDeriveKey)(const struct HksParamSet *paramSet, const struct HksBlob *kdfKey, 248 struct HksBlob *derivedKey); 249 250 /** 251 * @brief Mac operation 252 * @param key main key to derive key 253 * @param paramSet required parameter set 254 * @param srcData data needs to mac 255 * @param mac mac value 256 * @return error code, see huks_sa_type.h 257 */ 258 int32_t (*HuksHdiMac)(const struct HksBlob *key, const struct HksParamSet *paramSet, 259 const struct HksBlob *srcData, struct HksBlob *mac); 260 261 /** 262 * @brief Upgrade key 263 * @param oldKey old key to be upgraded 264 * @param paramSet required parameter set 265 * @param newKey new key 266 * @return error code, see huks_sa_type.h 267 */ 268 int32_t (*HuksHdiUpgradeKey)(const struct HksBlob *oldKey, const struct HksParamSet *paramSet, 269 struct HksBlob *newKey); 270 271 /** 272 * @brief Export chipset platform publicKey 273 * @param salt salt value 274 * @param scene scene 275 * @param publicKey public key 276 * @return error code, see huks_sa_type.h 277 */ 278 int32_t (*HuksHdiExportChipsetPlatformPublicKey)(const struct HksBlob *salt, 279 enum HksChipsetPlatformDecryptScene scene, struct HksBlob *publicKey); 280}; 281 282#endif