From ba309e73785d995aa1f458570de9ddabbb1139e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Wed, 28 May 2025 00:20:53 +0800 Subject: [PATCH] =?UTF-8?q?=E8=93=9D=E9=BB=84=E5=B7=AE=E5=BC=82=E6=B6=88?= =?UTF-8?q?=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/attest/dm_auth_attest_common.h | 1 + .../include/attest/dm_auth_generate_attest.h | 2 +- .../src/attest/dm_auth_attest_common.cpp | 25 ++++++++++++++++++- .../src/attest/dm_auth_generate_attest.cpp | 7 +++++- .../src/attest/dm_auth_validate_attest.cpp | 9 ++++++- 5 files changed, 40 insertions(+), 4 deletions(-) diff --git a/services/implementation/include/attest/dm_auth_attest_common.h b/services/implementation/include/attest/dm_auth_attest_common.h index 2e42f5a89..49a635ada 100644 --- a/services/implementation/include/attest/dm_auth_attest_common.h +++ b/services/implementation/include/attest/dm_auth_attest_common.h @@ -52,6 +52,7 @@ public: std::string SerializeDmCertChain(const DmCertChain *chain); bool DeserializeDmCertChain(const std::string &data, DmCertChain *outChain); + void FreeCertChain(DmCertChain *chain); }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/include/attest/dm_auth_generate_attest.h b/services/implementation/include/attest/dm_auth_generate_attest.h index 204a577e4..b78ce8bd8 100644 --- a/services/implementation/include/attest/dm_auth_generate_attest.h +++ b/services/implementation/include/attest/dm_auth_generate_attest.h @@ -1,4 +1,4 @@ -/* +/* * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/services/implementation/src/attest/dm_auth_attest_common.cpp b/services/implementation/src/attest/dm_auth_attest_common.cpp index 92acee7de..3dc79bf54 100644 --- a/services/implementation/src/attest/dm_auth_attest_common.cpp +++ b/services/implementation/src/attest/dm_auth_attest_common.cpp @@ -107,11 +107,17 @@ bool AuthAttestCommon::DeserializeDmCertChain(const std::string &data, DmCertCha const uint32_t certCount = jsonObject[TAG_CERT_COUNT].Get(); JsonObject jsonArrayObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY); jsonArrayObj.Parse(jsonObject[TAG_CERT].Dump()); - DmBlob *certs = new DmBlob[certCount]{0}; + DmBlob *certs = new DmBlob[certCount]; if (certs == nullptr) { LOGE("Memory allocation failed for certs array"); return false; } + if (memset_s(certs, sizeof(DmBlob) * certCount, 0, sizeof(DmBlob) * certCount) != DM_OK) { + LOGE("memset_s failed."); + delete[] certs; + certs = nullptr; + return false; + } bool success = true; uint32_t processedIndex = 0; for (const auto &item : jsonArrayObj.Items()) { @@ -138,5 +144,22 @@ bool AuthAttestCommon::DeserializeDmCertChain(const std::string &data, DmCertCha outChain->certCount = certCount; return true; } + +void AuthAttestCommon::FreeCertChain(DmCertChain *chain) +{ + if (chain == nullptr) { + LOGI("chain is nullptr!"); + return; + } + for (uint32_t i = 0; i < chain->certCount; ++i) { + delete[] chain->cert[i].data; + chain->cert[i].data = nullptr; + chain->cert[i].size = 0; + } + delete[] chain->cert; + chain->cert = nullptr; + chain->certCount = 0; + delete chain; +} } // namespace DistributedHardware } // namespace OHOS \ No newline at end of file diff --git a/services/implementation/src/attest/dm_auth_generate_attest.cpp b/services/implementation/src/attest/dm_auth_generate_attest.cpp index 914c4876e..96842a5b2 100644 --- a/services/implementation/src/attest/dm_auth_generate_attest.cpp +++ b/services/implementation/src/attest/dm_auth_generate_attest.cpp @@ -49,6 +49,7 @@ int32_t AuthGenerateAttest::GenerateCertificate(DmCertChain &dmCertChain) return ret; } FreeCertChain(dcmCertChain); + LOGI("Success."); return DM_OK; } @@ -114,7 +115,7 @@ int32_t ValidateInput(const DcmCertChain &dcmCertChain) int32_t CopyCertificates(const DcmCertChain &dcmCertChain, DmBlob *newCertArray, uint32_t &allocatedCerts) { - if (newCertArray == nullptr || newCertArray->length != dcmCertChain.certCount) { + if (newCertArray == nullptr) { LOGE("newCertArray is invalid param."); return ERR_DM_INPUT_PARA_INVALID; } @@ -169,6 +170,10 @@ int32_t AuthGenerateAttest::ConvertDcmCertChainToDmCertChain(const DcmCertChain } dmCertChain.cert = newCertArray; dmCertChain.certCount = dcmCertChain.certCount; + for (uint32_t i = 0; i < dcmCertChain.certCount; ++i) { + delete[] newCertArray[i].data; + } + delete[] newCertArray; return DM_OK; } } // namespace DistributedHardware diff --git a/services/implementation/src/attest/dm_auth_validate_attest.cpp b/services/implementation/src/attest/dm_auth_validate_attest.cpp index a6ff7051d..fdf810b44 100644 --- a/services/implementation/src/attest/dm_auth_validate_attest.cpp +++ b/services/implementation/src/attest/dm_auth_validate_attest.cpp @@ -21,7 +21,8 @@ namespace OHOS { namespace DistributedHardware { -int32_t ProcessValidationResult(const char *deviceIdHash, char *udidStr, uint64_t randNum, const HksParamSet *outputParam) +int32_t ProcessValidationResult(const char *deviceIdHash, char *udidStr, + uint64_t randNum, const HksParamSet *outputParam) { if (deviceIdHash == nullptr || udidStr == nullptr || outputParam == nullptr) { LOGE("input param is nullptr."); @@ -29,6 +30,10 @@ int32_t ProcessValidationResult(const char *deviceIdHash, char *udidStr, uint64_ } uint32_t cnt = 0; HksBlob *blob = &outputParam->params[cnt].blob; + if (blob == nullptr) { + LOGE("outputParam blob is nullptr"); + return ERR_DM_GET_PARAM_FAILED; + } if (memcpy_s(&randNum, sizeof(uint64_t), blob->data, blob->size) != EOK) { LOGE("memcpy randNum failed"); return ERR_DM_GET_PARAM_FAILED; @@ -39,6 +44,8 @@ int32_t ProcessValidationResult(const char *deviceIdHash, char *udidStr, uint64_ return ERR_DM_GET_PARAM_FAILED; } std::string certDeviceIdHash = Crypto::GetUdidHash(std::string(udidStr)); + LOGI("accesser udidHash=%{public}s, certudidHash=%{public}s", + GetAnonyString(std::string(deviceIdHash)).c_str(), GetAnonyString(certDeviceIdHash).c_str()); if (strcmp(deviceIdHash, certDeviceIdHash.c_str()) != 0) { LOGE("verifyCertificate fail"); return ERR_DM_DESERIAL_CERT_FAILED; -- Gitee