From beadad60d8d5080929969abd1071d3d98b05d005 Mon Sep 17 00:00:00 2001
From: yang1946 <yuzhaoyang1@huawei.com>
Date: Thu, 18 Apr 2024 19:30:42 +0800
Subject: [PATCH] =?UTF-8?q?HUKS=E9=BB=98=E8=AE=A4=E5=AE=89=E5=85=A8?=
 =?UTF-8?q?=E6=8F=90=E5=8D=87=E4=B8=9A=E5=8A=A1=E6=8E=A5=E5=85=A5DE?=
 =?UTF-8?q?=E6=95=B4=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: yang1946 <yuzhaoyang1@huawei.com>
---
 .../local_code_sign/src/local_sign_key.cpp     | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/services/local_code_sign/src/local_sign_key.cpp b/services/local_code_sign/src/local_sign_key.cpp
index 6c9ebdb..7a05531 100644
--- a/services/local_code_sign/src/local_sign_key.cpp
+++ b/services/local_code_sign/src/local_sign_key.cpp
@@ -41,14 +41,20 @@ static const struct HksParam ECC_KEY_PRARAM[] = {
     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ECC },
     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_ECC_KEY_SIZE_256 },
     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN | HKS_KEY_PURPOSE_VERIFY },
-    { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 }
+    { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
+    { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE }
 };
 
 static const struct HksParam ECC_SIGN_PRARAM[] = {
     { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_ECC },
     { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_ECC_KEY_SIZE_256 },
     { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_SIGN },
-    { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 }
+    { .tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256 },
+    { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE }
+};
+
+static const struct HksParam ECC_EXIST_PRARAM[] = {
+    { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE }
 };
 
 LocalSignKey &LocalSignKey::GetInstance()
@@ -91,7 +97,12 @@ void LocalSignKey::SetChallenge(const ByteBuffer &challenge)
 
 bool LocalSignKey::InitKey()
 {
-    int32_t ret = HksKeyExist(&LOCAL_SIGN_KEY_ALIAS, nullptr);
+    HUKSParamSet paramSet;
+    bool bRet = paramSet.Init(ECC_EXIST_PRARAM, sizeof(ECC_EXIST_PRARAM) / sizeof(HksParam));
+    if (!bRet) {
+        return false;
+    }
+    int32_t ret = HksKeyExist(&LOCAL_SIGN_KEY_ALIAS, paramSet.GetParamSet());
     if (ret == HKS_ERROR_NOT_EXIST) {
         if (!GenerateKey()) {
             return false;
@@ -203,6 +214,7 @@ bool LocalSignKey::GetAttestParamSet(HUKSParamSet &paramSet)
     struct HksParam attestationParams[] = {
         { .tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = challengeBlob },
         { .tag = HKS_TAG_ATTESTATION_ID_ALIAS, .blob = LOCAL_SIGN_KEY_ALIAS },
+        { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE }
     };
     return paramSet.Init(attestationParams, sizeof(attestationParams) / sizeof(HksParam));
 }
-- 
Gitee