diff --git a/common/include/dslm_cred.h b/common/include/dslm_cred.h index 8b6493fa824323c9a26bd064095ef1972a62cb3f..e33c36f1172946068c857569c23f51b85002743b 100644 --- a/common/include/dslm_cred.h +++ b/common/include/dslm_cred.h @@ -32,10 +32,10 @@ #define CRED_INFO_SOFTVERSION_LEN 64 typedef enum { - CRED_TYPE_MINI = 100, - CRED_TYPE_SMALL = 200, - CRED_TYPE_STANDARD = 300, - CRED_TYPE_LARGE = 400, + CRED_TYPE_MINI = 1000, + CRED_TYPE_SMALL = 2000, + CRED_TYPE_STANDARD = 3000, + CRED_TYPE_LARGE = 4000, } CredType; typedef struct DslmCredInfo { diff --git a/oem_property/ohos/BUILD.gn b/oem_property/ohos/BUILD.gn index 3d13e90819771d3a20edec126c1c797e09274649..b9eb9621b55b943baaa8b9a7f4f1edc919848c30 100644 --- a/oem_property/ohos/BUILD.gn +++ b/oem_property/ohos/BUILD.gn @@ -65,7 +65,7 @@ ohos_source_set("dslm_ohos_cred_obj") { sources = [ "impl/dslm_ohos_request.c", "impl/dslm_ohos_verify.c", - "impl/external_interface.c", + "impl/external_interface_adapter.c", ] include_dirs = [ @@ -84,6 +84,7 @@ ohos_source_set("dslm_ohos_cred_obj") { "deviceauth_standard:deviceauth_sdk", "hilog_native:libhilog", "huks:libhukssdk", + "startup_l2:syspara", "utils_base:utils", ] diff --git a/oem_property/ohos/dslm_ohos_credential.c b/oem_property/ohos/dslm_ohos_credential.c index 09ebfdb6c64c23929f9b6d4278494c707b4905e2..25e4d52fc1dde1846c1ff5592dafee89825534cf 100644 --- a/oem_property/ohos/dslm_ohos_credential.c +++ b/oem_property/ohos/dslm_ohos_credential.c @@ -25,8 +25,8 @@ __attribute__((constructor)) static void Constructor(void) .initFunc = NULL, .requestFunc = RequestOhosDslmCred, .verifyFunc = VerifyOhosDslmCred, - .credTypeCnt = 1, - .credTypeArray = {CRED_TYPE_STANDARD}, + .credTypeCnt = 2, + .credTypeArray = {CRED_TYPE_SMALL, CRED_TYPE_STANDARD}, }; InitDslmCredentialFunctions(&func); } \ No newline at end of file diff --git a/oem_property/ohos/impl/dslm_ohos_request.c b/oem_property/ohos/impl/dslm_ohos_request.c index 155c5dfc6e5afd4a23deb15ebba28c4901f9c35a..a3326a8467558ef99c7cf90f1f04de53712805bf 100644 --- a/oem_property/ohos/impl/dslm_ohos_request.c +++ b/oem_property/ohos/impl/dslm_ohos_request.c @@ -14,7 +14,8 @@ */ #include "dslm_ohos_request.h" -#include "external_interface.h" +#include "dslm_messenger_wrapper.h" +#include "external_interface_adapter.h" #include #include @@ -24,31 +25,37 @@ #include "utils_log.h" #include "utils_mem.h" -#define CRED_CFG_FILE_POSITION "/system/etc/dslm_finger.cfg" -#define CRED_STR_LEN_MAX 4096 +#define DSLM_CRED_CFG_FILE_POSITION "/system/etc/dslm_finger.cfg" +#define DSLM_CRED_STR_LEN_MAX 4096 #define CHALLENGE_STRING_LENGTH 32 +#define UDID_STRING_LENGTH 65 + +#define DEVAUTH_JSON_KEY_CHALLENGE "challenge" +#define DEVAUTH_JSON_KEY_PKINFO_LIST "pkInfoList" static int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen) { FILE *fp = NULL; - fp = fopen(CRED_CFG_FILE_POSITION, "r"); + fp = fopen(DSLM_CRED_CFG_FILE_POSITION, "r"); if (fp == NULL) { - SECURITY_LOG_INFO("fopen cred file failed!"); + SECURITY_LOG_ERROR("fopen cred file failed!"); return ERR_INVALID_PARA; } int32_t ret = fscanf_s(fp, "%s", credStr, maxLen); if (ret == -1) { + SECURITY_LOG_ERROR("fscanf_s cred file failed!"); ret = ERR_INVALID_PARA; } else { ret = SUCCESS; } if (fclose(fp) != 0) { + SECURITY_LOG_ERROR("fclose cred file failed!"); ret = ERR_INVALID_PARA; } return ret; } -static int32_t TransToJsonStr(uint64_t challenge, const char *pkInfoListStr, char **nounceStr) +static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListStr, char **nounceStr) { JsonHandle json = CreateJson(NULL); if (json == NULL) { @@ -56,13 +63,10 @@ static int32_t TransToJsonStr(uint64_t challenge, const char *pkInfoListStr, cha } // add challenge - char challengeStr[CHALLENGE_STRING_LENGTH] = {0}; - char *saveData = &challengeStr[0]; - ByteToHexString((uint8_t *)&challenge, sizeof(challenge), (uint8_t *)saveData, CHALLENGE_STRING_LENGTH); - AddFieldStringToJson(json, "challenge", saveData); + AddFieldStringToJson(json, DEVAUTH_JSON_KEY_CHALLENGE, challengeStr); // add pkInfoList - AddFieldStringToJson(json, "pkInfoList", pkInfoListStr); + AddFieldStringToJson(json, DEVAUTH_JSON_KEY_PKINFO_LIST, pkInfoListStr); // tran to json *nounceStr = (char *)ConvertJsonToString(json); @@ -74,49 +78,37 @@ static int32_t TransToJsonStr(uint64_t challenge, const char *pkInfoListStr, cha return SUCCESS; } -int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff) +static int32_t GenerateDslmCertChain(const DeviceIdentify *device, const RequestObject *obj, char *credStr, + uint8_t **certChain, uint32_t *certChainLen) { - SECURITY_LOG_INFO("Invoke RequestOhosDslmCred"); - char *pkInfoListStr = NULL; char *nounceStr = NULL; - uint8_t *certChain = NULL; - uint32_t certChainLen = 0; - - char credStr[CRED_STR_LEN_MAX] = {0}; - int32_t ret = GetCredFromCurrentDevice(credStr, CRED_STR_LEN_MAX); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("read data frome CFG failed!"); - return ret; + char challengeStr[CHALLENGE_STRING_LENGTH] = {0}; + ByteToHexString((uint8_t *)&(obj->challenge), sizeof(obj->challenge), (uint8_t *)challengeStr, + CHALLENGE_STRING_LENGTH); + char udidStr[UDID_STRING_LENGTH] = {0}; + if (memcpy_s(udidStr, UDID_STRING_LENGTH, device->identity, device->length) != EOK) { + return ERR_MEMORY_ERR; } - + int32_t ret = ERR_DEFAULT; do { - ret = GetPkInfoListStr(true, device->identity, device->length, &pkInfoListStr); + ret = GetPkInfoListStr(true, udidStr, &pkInfoListStr); if (ret != SUCCESS) { - SECURITY_LOG_INFO("GetPkInfoListStr failed"); + SECURITY_LOG_ERROR("GetPkInfoListStr failed"); break; } - ret = TransToJsonStr(obj->challenge, pkInfoListStr, &nounceStr); + ret = TransToJsonStr(challengeStr, pkInfoListStr, &nounceStr); if (ret != SUCCESS) { - SECURITY_LOG_INFO("TransToJsonStr failed"); + SECURITY_LOG_ERROR("TransToJsonStr failed"); break; } - - ret = DslmCredAttestAdapter(nounceStr, credStr, &certChain, &certChainLen); + struct DslmInfoInCertChain saveInfo = {.credStr = credStr, .nounceStr = nounceStr, .udidStr = udidStr}; + ret = DslmCredAttestAdapter(&saveInfo, certChain, certChainLen); if (ret != SUCCESS) { - SECURITY_LOG_INFO("DslmCredAttestAdapter failed"); - break; - } - - DslmCredBuff *out = CreateDslmCred(CRED_TYPE_STANDARD, certChainLen, certChain); - if (out == NULL) { - ret = ERR_MEMORY_ERR; - SECURITY_LOG_INFO("CreateDslmCred failed"); + SECURITY_LOG_ERROR("DslmCredAttestAdapter failed"); break; } - *credBuff = out; - ret = SUCCESS; } while (0); if (pkInfoListStr != NULL) { @@ -125,8 +117,84 @@ int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *o if (nounceStr != NULL) { FREE(nounceStr); } - if (certChain != NULL) { - FREE(certChain); - } return ret; } + +static int32_t SelectDslmCredType(const DeviceIdentify *device, const RequestObject *obj, uint32_t *type) +{ + uint32_t devType = 0; + const DeviceIdentify *deviceSelf = GetSelfDevice(&devType); + if (deviceSelf->length == 0) { + SECURITY_LOG_ERROR("SelectDslmCredType, GetSelfDevice failed"); + return ERR_INVALID_PARA; + } + + // is self + if (memcmp(device->identity, deviceSelf->identity, deviceSelf->length) == 0) { + *type = CRED_TYPE_SMALL; + return SUCCESS; + } + *type = CRED_TYPE_STANDARD; + return SUCCESS; +} + +static int32_t RequestSmallDslmCred(uint8_t *data, uint32_t dataLen, DslmCredBuff **credBuff) +{ + DslmCredBuff *out = CreateDslmCred(CRED_TYPE_SMALL, dataLen, data); + if (out == NULL) { + SECURITY_LOG_ERROR("RequestSmallDslmCred, CreateDslmCred failed"); + return ERR_MEMORY_ERR; + } + *credBuff = out; + SECURITY_LOG_INFO("RequestSmallDslmCred success!"); + return SUCCESS; +} + +static int32_t RequestStandardDslmCred(const DeviceIdentify *device, const RequestObject *obj, char *credStr, + DslmCredBuff **credBuff) +{ + uint8_t *certChain = NULL; // malloc, need free + uint32_t certChainLen = 0; + int32_t ret = GenerateDslmCertChain(device, obj, credStr, &certChain, &certChainLen); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("RequestStandardDslmCred, GenerateDslmCertChain failed"); + return ret; + } + DslmCredBuff *out = CreateDslmCred(CRED_TYPE_STANDARD, certChainLen, certChain); + if (out == NULL) { + SECURITY_LOG_ERROR("RequestSmallDslmCred, CreateDslmCred failed"); + return ERR_MEMORY_ERR; + } + *credBuff = out; + SECURITY_LOG_INFO("RequestSmallDslmCred success!"); + return SUCCESS; +} + +int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff) +{ + SECURITY_LOG_INFO("Invoke RequestOhosDslmCred"); + uint32_t credType = 0; + char credStr[DSLM_CRED_STR_LEN_MAX] = {0}; + int32_t ret = GetCredFromCurrentDevice(credStr, DSLM_CRED_STR_LEN_MAX); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("Read cred data from file failed!"); + return ret; + } + + ret = SelectDslmCredType(device, obj, &credType); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("SelectDslmCredType failed!"); + return ret; + } + switch (credType) { + case CRED_TYPE_SMALL: + return RequestSmallDslmCred((uint8_t *)credStr, strlen(credStr), credBuff); + case CRED_TYPE_STANDARD: + return RequestStandardDslmCred(device, obj, credStr, credBuff); + default: + SECURITY_LOG_ERROR("Invalid cred type!"); + break; + } + + return SUCCESS; +} diff --git a/oem_property/ohos/impl/dslm_ohos_verify.c b/oem_property/ohos/impl/dslm_ohos_verify.c index 50326adb10e032aeb8ff706217d62fd7c65a02a3..ceea3f2b8c675ff33f9bfc76cfe0f4b82029f381 100644 --- a/oem_property/ohos/impl/dslm_ohos_verify.c +++ b/oem_property/ohos/impl/dslm_ohos_verify.c @@ -19,7 +19,8 @@ #include #include "dslm_crypto.h" -#include "external_interface.h" +#include "external_interface_adapter.h" +#include "parameter.h" #include "utils_base64.h" #include "utils_hexstring.h" #include "utils_json.h" @@ -58,6 +59,8 @@ #define CRED_VALUE_TYPE_DEBUG "debug" #define CRED_VALUE_TYPE_RELEASE "release" +#define DSLM_CRED_STR_LEN_MAX 4096 + struct NounceOfCertChain { uint64_t challenge; uint8_t *pbkInfoList; @@ -228,20 +231,31 @@ static int32_t GenerateDeviceUdid(const char *manufacture, const char *productMo return 0; } -static int32_t CheckCredInfo(const struct DeviceIdentify *device, const char *serialNum, const DslmCredInfo *info) +static int32_t CheckCredInfo(const struct DeviceIdentify *device, const DslmCredInfo *info) { + SECURITY_LOG_DEBUG("CheckCredInfo start!"); + if (strlen(info->udid) == 0) { + SECURITY_LOG_DEBUG("Current cred has no udid, skip CheckCredInfo."); + return SUCCESS; + } if (strncmp(info->type, CRED_VALUE_TYPE_DEBUG, strlen(CRED_VALUE_TYPE_DEBUG)) == 0) { - if (strncmp((char *)device->identity, info->udid, strlen(info->udid)) == 0) { + if (memcmp((char *)device->identity, info->udid, strlen(info->udid)) == 0) { return SUCCESS; } char udidStr[UDID_STRING_LENGTH] = {0}; - GenerateDeviceUdid(info->manufacture, info->model, serialNum, udidStr, UDID_STRING_LENGTH); + const char *serialStr = GetSerial(); + if (serialStr == NULL) { + return ERR_INVALID_PARA; + } + + GenerateDeviceUdid(info->manufacture, info->model, serialStr, udidStr, UDID_STRING_LENGTH); if (strcasecmp(udidStr, info->udid) == 0) { return SUCCESS; } return ERR_CHECK_CRED_INFO; } + SECURITY_LOG_DEBUG("CheckCredInfo SUCCESS!"); return SUCCESS; } @@ -290,7 +304,10 @@ static int32_t ParseNounceOfCertChain(const char *jsonBuffer, struct NounceOfCer static void FreeNounceOfCertChain(struct NounceOfCertChain *nounce) { - if (nounce != NULL && nounce->pbkInfoList != NULL) { + if (nounce == NULL) { + return; + } + if (nounce->pbkInfoList != NULL) { FREE(nounce->pbkInfoList); nounce->pbkInfoList = NULL; } @@ -350,6 +367,11 @@ static int32_t VerifyNounceOfCertChain(const char *jsonStr, const struct DeviceI struct NounceOfCertChain nounce; (void)memset_s(&nounce, sizeof(struct NounceOfCertChain), 0, sizeof(struct NounceOfCertChain)); + char udidStr[UDID_STRING_LENGTH] = {0}; + if (memcpy_s(udidStr, UDID_STRING_LENGTH, device->identity, device->length) != EOK) { + return ERR_MEMORY_ERR; + } + int32_t ret = ERR_DEFAULT; do { ret = ParseNounceOfCertChain(jsonStr, &nounce); @@ -358,7 +380,7 @@ static int32_t VerifyNounceOfCertChain(const char *jsonStr, const struct DeviceI break; } - ret = GetPkInfoListStr(false, (uint8_t *)device->identity, device->length, &pkInfoListStr); + ret = GetPkInfoListStr(false, udidStr, &pkInfoListStr); if (ret != SUCCESS) { SECURITY_LOG_ERROR("GetPkInfoListStr failed!"); break; @@ -506,12 +528,9 @@ static int32_t VerifyCredPayload(const char *cred, const struct CredData *credDa struct DataBuffer srcData, sigData, pbkData; srcData.data = (uint8_t *)srcMsg; srcData.length = strlen(srcMsg); - SECURITY_LOG_ERROR("src msg = %{public}s", srcMsg); - SECURITY_LOG_ERROR("src msgLen = %{public}d", srcData.length); pbkData.data = credData->pbkChain[PBK_CHAIN_THIRD_KEY_INDEX].src.data; pbkData.length = credData->pbkChain[PBK_CHAIN_THIRD_KEY_INDEX].src.length; sigData.length = Base64UrlDecodeApp((uint8_t *)credData->signature, &(sigData.data)); - SECURITY_LOG_ERROR("sig msgLen = %{public}d", sigData.length); if (sigData.data == NULL) { FREE(srcMsg); return ERR_MEMORY_ERR; @@ -522,7 +541,7 @@ static int32_t VerifyCredPayload(const char *cred, const struct CredData *credDa SECURITY_LOG_ERROR("EcdsaVerify failed!"); ret = ERR_ECC_VERIFY_ERR; } else { - SECURITY_LOG_ERROR("EcdsaVerify success!"); + SECURITY_LOG_ERROR("VerifyCredPayload success!"); ret = SUCCESS; } FREE(srcMsg); @@ -587,23 +606,51 @@ static int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo) // 4. Parse cred payload. ret = GetCredPayloadInfo(credData.payload, credInfo); if (ret != SUCCESS) { - SECURITY_LOG_ERROR("verifyCredPayload failed!"); + SECURITY_LOG_ERROR("VerifyCredData success!"); break; } } while (0); FreeCredData(&credData); + if (ret == SUCCESS) { + SECURITY_LOG_INFO("VerifyCredData SUCCESS!"); + } + return ret; +} + +static int32_t verifySmallDslmCred(const DeviceIdentify *device, const DslmCredBuff *credBuff, DslmCredInfo *credInfo) +{ + char credStr[DSLM_CRED_STR_LEN_MAX] = {0}; + (void)memset_s(credStr, credBuff->credLen + 1, 0, credBuff->credLen + 1); + if (memcpy_s(credStr, credBuff->credLen + 1, credBuff->credVal, credBuff->credLen + 1) != EOK) { + return ERR_MEMORY_ERR; + } + + int32_t ret = VerifyCredData(credStr, credInfo); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("VerifyCredData failed!"); + return ret; + } + + ret = CheckCredInfo(device, credInfo); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("CheckCredInfo failed!"); + return ret; + } + return SUCCESS; } -int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, +static int32_t verifyStandardDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo) { - SECURITY_LOG_INFO("Invoke VerifyOhosDslmCred"); - struct CertChainValidateResult resultInfo; - InitCertChainValidateResult(&resultInfo, credBuff->credLen); + struct DslmInfoInCertChain resultInfo; + int32_t ret = InitDslmInfoInCertChain(&resultInfo); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("InitDslmInfoInCertChain failed!"); + return ret; + } - int32_t ret = ERR_DEFAULT; do { // 1. Verify the certificate chain, get data in the certificate chain(nounce + UDID + cred). ret = ValidateCertChainAdapter(credBuff->credVal, credBuff->credLen, &resultInfo); @@ -613,28 +660,46 @@ int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, con } // 2. Parses the NOUNCE into CHALLENGE and PK_INFO_LIST, verifies them separtely. - ret = VerifyNounceOfCertChain((char *)resultInfo.nounce, device, challenge); + ret = VerifyNounceOfCertChain(resultInfo.nounceStr, device, challenge); if (ret != SUCCESS) { SECURITY_LOG_ERROR("verifyNounceOfCertChain failed!"); break; } // 3. The cred content is "
...", parse and vefity it. - ret = VerifyCredData((char *)resultInfo.cred, credInfo); + ret = VerifyCredData(resultInfo.credStr, credInfo); if (ret != SUCCESS) { SECURITY_LOG_ERROR("VerifyCredData failed!"); break; } - - ret = CheckCredInfo(device, (char *)resultInfo.serialNum, credInfo); + ret = CheckCredInfo(device, credInfo); if (ret != SUCCESS) { SECURITY_LOG_ERROR("CheckCredInfo failed!"); break; } } while (0); - DestroyCertChainValidateResult(&resultInfo); - SECURITY_LOG_INFO("cred level = %{public}d", credInfo->credLevel); - SECURITY_LOG_INFO("VerifyOhosDslmCred SUCCESS!"); + DestroyDslmInfoInCertChain(&resultInfo); + if (ret == SUCCESS) { + SECURITY_LOG_INFO("cred level = %{public}d", credInfo->credLevel); + SECURITY_LOG_INFO("VerifyOhosDslmCred SUCCESS!"); + } return ret; +} + +int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, + DslmCredInfo *credInfo) +{ + SECURITY_LOG_INFO("Invoke VerifyOhosDslmCred"); + + switch (credBuff->type) { + case CRED_TYPE_SMALL: + return verifySmallDslmCred(device, credBuff, credInfo); + case CRED_TYPE_STANDARD: + return verifyStandardDslmCred(device, challenge, credBuff, credInfo); + default: + SECURITY_LOG_ERROR("Invalid cred type!"); + break; + } + return ERR_INVALID_PARA; } \ No newline at end of file diff --git a/oem_property/ohos/impl/external_interface.c b/oem_property/ohos/impl/external_interface.c deleted file mode 100644 index bb3c374fb2acbc388a220b2f0a0e83c65b1ac789..0000000000000000000000000000000000000000 --- a/oem_property/ohos/impl/external_interface.c +++ /dev/null @@ -1,295 +0,0 @@ -#/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "external_interface.h" -#include "device_security_defines.h" - -#include - -#include "device_auth.h" -#include "hks_api.h" -#include "hks_param.h" -#include "utils_json.h" -#include "utils_log.h" -#include "utils_mem.h" - -char g_keyData[] = "hi_key_data"; - -#define DSLM_HKS_TAG_ATTESTATION_CHALLENGE (HKS_TAG_TYPE_BYTES | 511) -#define DSLM_HKS_TAG_ATTESTATION_ID_SERIAL (HKS_TAG_TYPE_BYTES | 512) -#define DSLM_HKS_TAG_ATTESTATION_ID_UDID (HKS_TAG_TYPE_BYTES | 513) -#define DSLM_HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO (HKS_TAG_TYPE_BYTES | 514) -#define DSLM_HKS_TAG_ATTESTATION_ID_VERSION_INFO (HKS_TAG_TYPE_BYTES | 515) -#define DSLM_HKS_INTERFACE_TRANS_PARAM_NUM 2 - -#define UDID_STRING_LENGTH 65 -#define HICHIAN_INPUT_PARAM_STRING_LENGTH 512 -#define DSLM_CERT_CHAIN_BASE_LENGTH 4096 - -static int32_t HksAttestKey2(const struct HksBlob *keyAlias, const struct HksParamSet *paramSet, - struct HksCertChain *certChain) -{ - if ((keyAlias == NULL) || (paramSet == NULL) || (certChain == NULL)) { - return HKS_ERROR_NOT_SUPPORTED; - } - if (certChain->certs == NULL || certChain->certs->data == NULL || - HksCheckParamSet(paramSet, paramSet->paramSetSize) != HKS_SUCCESS) { - return HKS_ERROR_NOT_SUPPORTED; - } - - uint8_t *tmp = certChain->certs->data; - uint32_t offSet = 0; - uint32_t dataLen; - uint32_t totalSize = 0; - for (uint32_t i = 0; i < paramSet->paramsCnt; i++) { - switch (paramSet->params[i].tag) { - case DSLM_HKS_TAG_ATTESTATION_CHALLENGE: - case DSLM_HKS_TAG_ATTESTATION_ID_SERIAL: - case DSLM_HKS_TAG_ATTESTATION_ID_UDID: - case DSLM_HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO: - case DSLM_HKS_TAG_ATTESTATION_ID_VERSION_INFO: - (void)memcpy_s(tmp + offSet, sizeof(uint32_t), &(paramSet->params[i].tag), sizeof(uint32_t)); - offSet += sizeof(uint32_t); - dataLen = paramSet->params[i].blob.size; - (void)memcpy_s(tmp + offSet, sizeof(uint32_t), &dataLen, sizeof(uint32_t)); - offSet += sizeof(uint32_t); - (void)memcpy_s(tmp + offSet, dataLen, paramSet->params[i].blob.data, dataLen); - offSet += dataLen; - totalSize += (sizeof(uint32_t) * paramSet->paramsCnt + dataLen); - break; - default: - break; - } - } - - certChain->certs->size = totalSize; - certChain->certsCount = DSLM_HKS_INTERFACE_TRANS_PARAM_NUM; - return HKS_SUCCESS; -} - -static int32_t HksValidateCertChain2(const struct HksCertChain *certChain, struct HksParamSet *paramSetOut) -{ - if (certChain->certsCount != DSLM_HKS_INTERFACE_TRANS_PARAM_NUM) { - return HKS_ERROR_INVALID_ARGUMENT; - } - - uint8_t *tmp = certChain->certs->data; - uint32_t offSet = 0; - uint32_t dataLen; - struct HksParam tmpParams[5] = {0}; - for (uint32_t i = 0; i < DSLM_HKS_INTERFACE_TRANS_PARAM_NUM; i++) { - tmpParams[i].tag = *((uint32_t *)(&tmp[offSet])); - offSet += sizeof(uint32_t); - dataLen = *((uint32_t *)(&tmp[offSet])); - tmpParams[i].blob.size = dataLen; - offSet += sizeof(uint32_t); - tmpParams[i].blob.data = (uint8_t *)MALLOC(dataLen); - if (tmpParams[i].blob.data == NULL) { - SECURITY_LOG_INFO("error"); - return HKS_ERROR_MALLOC_FAIL; - } - (void)memcpy_s(tmpParams[i].blob.data, dataLen, tmp + offSet, dataLen); - offSet += dataLen; - } - - uint32_t tmpTag; - for (uint32_t i = 0; i < paramSetOut->paramsCnt; i++) { - tmpTag = paramSetOut->params[i].tag; - switch (tmpTag) { - case DSLM_HKS_TAG_ATTESTATION_CHALLENGE: - case DSLM_HKS_TAG_ATTESTATION_ID_SERIAL: - case DSLM_HKS_TAG_ATTESTATION_ID_UDID: - case DSLM_HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO: - case DSLM_HKS_TAG_ATTESTATION_ID_VERSION_INFO: - for (uint32_t i = 0; i < DSLM_HKS_INTERFACE_TRANS_PARAM_NUM; i++) { - if (tmpTag == tmpParams[i].tag) { - paramSetOut->params[i].blob.size = tmpParams[i].blob.size; - (void)memcpy_s(paramSetOut->params[i].blob.data, tmpParams[i].blob.size, tmpParams[i].blob.data, - tmpParams[i].blob.size); - } else { - continue; - } - } - break; - default: - break; - } - } - return HKS_SUCCESS; -} - -static int32_t GenerateFuncParamJson(bool isSelfPk, const char *udidStr, char *dest, uint32_t destMax) -{ - JsonHandle json = CreateJson(NULL); - if (json == NULL) { - return ERR_INVALID_PARA; - } - - AddFieldBoolToJson(json, "isSelfPk", isSelfPk); - AddFieldStringToJson(json, "udid", udidStr); - - char *paramsJsonBuffer = ConvertJsonToString(json); - if (paramsJsonBuffer == NULL) { - DestroyJson(json); - return ERR_MEMORY_ERR; - } - DestroyJson(json); - if (strcpy_s(dest, destMax, paramsJsonBuffer) != EOK) { - FREE(paramsJsonBuffer); - paramsJsonBuffer = NULL; - return ERR_MEMORY_ERR; - } - FREE(paramsJsonBuffer); - paramsJsonBuffer = NULL; - return SUCCESS; -} - -int32_t GetPkInfoListStr(bool isSelf, const uint8_t *udid, uint32_t udidLen, char **pkInfoList) -{ - SECURITY_LOG_INFO("GetPkInfoListStr start"); - - char udidStr[UDID_STRING_LENGTH] = {0}; - char paramJson[HICHIAN_INPUT_PARAM_STRING_LENGTH] = {0}; - char resultBuffer[] = "[{\"groupId\" : \"0\",\"publicKey\" : \"0\"}]"; - - if (memcpy_s(udidStr, UDID_STRING_LENGTH, udid, udidLen) != EOK) { - return ERR_MEMORY_ERR; - } - int32_t ret = GenerateFuncParamJson(isSelf, udidStr, ¶mJson[0], HICHIAN_INPUT_PARAM_STRING_LENGTH); - if (ret != SUCCESS) { - SECURITY_LOG_INFO("GenerateFuncParamJson failed"); - return ret; - } - - *pkInfoList = (char *)MALLOC(strlen(resultBuffer) + 1); - if (strcpy_s(*pkInfoList, strlen(resultBuffer) + 1, resultBuffer) != EOK) { - return ERR_MEMORY_ERR; - } - SECURITY_LOG_INFO("pkinfo = %{public}s", *pkInfoList); - return SUCCESS; -} - -int DslmCredAttestAdapter(char *nounceStr, char *credStr, uint8_t **certChain, uint32_t *certChainLen) -{ - SECURITY_LOG_INFO("DslmCredAttestAdapter start"); - - struct HksParam inputData[] = { - {.tag = DSLM_HKS_TAG_ATTESTATION_CHALLENGE, .blob = {strlen(nounceStr) + 1, (uint8_t *)nounceStr}}, - {.tag = DSLM_HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = {strlen(credStr) + 1, (uint8_t *)credStr}}, - }; - struct HksParamSet *inputParam = NULL; - if (HksInitParamSet(&inputParam) != HKS_SUCCESS) { - SECURITY_LOG_INFO("DslmCredAttestAdapter error 1"); - return -1; - } - if (HksAddParams(inputParam, inputData, sizeof(inputData) / sizeof(inputData[0])) != HKS_SUCCESS) { - SECURITY_LOG_INFO("DslmCredAttestAdapter error 2"); - return -1; - } - if (HksBuildParamSet(&inputParam) != HKS_SUCCESS) { - SECURITY_LOG_INFO("DslmCredAttestAdapter error 3"); - return -1; - } - - uint32_t certChainMaxLen = strlen(nounceStr) + strlen(credStr) + DSLM_CERT_CHAIN_BASE_LENGTH; - *certChain = (uint8_t *)malloc(certChainMaxLen); - struct HksBlob certChainBlob = {certChainMaxLen, *certChain}; - struct HksCertChain hksCertChain = {&certChainBlob, DSLM_HKS_INTERFACE_TRANS_PARAM_NUM}; - - const struct HksBlob keyAlias = {sizeof(g_keyData), (uint8_t *)g_keyData}; - - int32_t ret = HksAttestKey2(&keyAlias, inputParam, &hksCertChain); - if (ret != HKS_SUCCESS) { - SECURITY_LOG_INFO("HksAttestKey ret = %{public}d ", ret); - return ret; - } - *certChainLen = certChainBlob.size; - SECURITY_LOG_INFO("DslmCredAttestAdapter success, certChainLen = %{public}d ", *certChainLen); - return SUCCESS; -} - -int ValidateCertChainAdapter(uint8_t *data, uint32_t dataLen, struct CertChainValidateResult *resultInfo) -{ - SECURITY_LOG_INFO("ValidateCertChainAdapter start"); - struct HksParam outputData[] = { - {.tag = DSLM_HKS_TAG_ATTESTATION_CHALLENGE, .blob = {resultInfo->nounceLen, resultInfo->nounce}}, - {.tag = DSLM_HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = {resultInfo->credLen, resultInfo->cred}}, - }; - struct HksParamSet *outputParam = NULL; - if (HksInitParamSet(&outputParam) != HKS_SUCCESS) { - return -1; - } - if (HksAddParams(outputParam, outputData, sizeof(outputData) / sizeof(outputData[0])) != HKS_SUCCESS) { - return -1; - } - if (HksBuildParamSet(&outputParam) != HKS_SUCCESS) { - return -1; - } - - struct HksBlob certChainBlob = {dataLen, data}; - struct HksCertChain hksCertChain = {&certChainBlob, DSLM_HKS_INTERFACE_TRANS_PARAM_NUM}; - int32_t ret = HksValidateCertChain2(&hksCertChain, outputParam); - if (ret != HKS_SUCCESS) { - SECURITY_LOG_INFO("HksValidateCertChain error, ret = %{public}d", ret); - return ERR_CALL_EXTERNAL_FUNC; - } - // fix - resultInfo->nounceLen = strlen((char *)outputParam->params[0].blob.data); - memcpy_s(resultInfo->nounce, resultInfo->nounceLen + 1, outputParam->params[0].blob.data, - resultInfo->nounceLen + 1); - resultInfo->credLen = strlen((char *)outputParam->params[1].blob.data); - memcpy_s(resultInfo->cred, resultInfo->credLen + 1, outputParam->params[1].blob.data, resultInfo->credLen + 1); - - SECURITY_LOG_INFO("resultInfo nounce len = %{public}d", resultInfo->nounceLen); - SECURITY_LOG_INFO("resultInfo cred len = %{public}d", resultInfo->credLen); - - SECURITY_LOG_INFO("resultInfo nounce = %{public}s", (char *)resultInfo->nounce); - SECURITY_LOG_INFO("resultInfo cred = %{public}s", (char *)resultInfo->cred); - - return SUCCESS; -} - -void InitCertChainValidateResult(struct CertChainValidateResult *resultInfo, uint32_t maxLen) -{ - (void)memset_s(resultInfo, sizeof(struct CertChainValidateResult), 0, sizeof(struct CertChainValidateResult)); - resultInfo->nounce = (uint8_t *)MALLOC(maxLen); - resultInfo->nounceLen = maxLen; - resultInfo->cred = (uint8_t *)MALLOC(maxLen); - resultInfo->credLen = maxLen; -} - -void DestroyCertChainValidateResult(struct CertChainValidateResult *resultInfo) -{ - if (resultInfo == NULL) { - return; - } - if (resultInfo->udid != NULL) { - FREE(resultInfo->udid); - resultInfo->udid = NULL; - } - if (resultInfo->nounce != NULL) { - FREE(resultInfo->nounce); - resultInfo->nounce = NULL; - } - if (resultInfo->cred != NULL) { - FREE(resultInfo->cred); - resultInfo->cred = NULL; - } - if (resultInfo->serialNum != NULL) { - FREE(resultInfo->serialNum); - resultInfo->serialNum = NULL; - } - (void)memset_s(resultInfo, sizeof(struct CertChainValidateResult), 0, sizeof(struct CertChainValidateResult)); -} diff --git a/oem_property/ohos/impl/external_interface_adapter.c b/oem_property/ohos/impl/external_interface_adapter.c new file mode 100644 index 0000000000000000000000000000000000000000..760cf0dd0c683f71d456ddaae9c61d703bccde13 --- /dev/null +++ b/oem_property/ohos/impl/external_interface_adapter.c @@ -0,0 +1,415 @@ +#/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "external_interface_adapter.h" +#include "device_security_defines.h" + +#include + +#include "device_auth.h" +#include "hks_api.h" +#include "hks_param.h" +#include "utils_json.h" +#include "utils_log.h" +#include "utils_mem.h" +#include "utils_tlv.h" + +const char g_dslmKey[] = "dslm_key"; + +#define DSLM_INFO_MAX_LEN_UDID 68 +#define DSLM_INFO_MAX_LEN_SERIAL 68 +#define DSLM_INFO_MAX_LEN_VERSION 128 +#define DSLM_INFO_MAX_LEN_CRED 2048 +#define DSLM_INFO_MAX_LEN_NOUNCE 2048 + +#define HICHIAN_INPUT_PARAM_STRING_LENGTH 512 +#define DSLM_CERT_CHAIN_BASE_LENGTH 4096 + +#define CERT_CHAIN_CERT_NUM 4 +#define MAX_ENTRY 8 +#define TYPE_NOUNCE 0x200 +#define TYPE_CERT_BASE 0x100 +#define TYPE_CERT_END (TYPE_CERT_BASE + MAX_ENTRY) +#define LIST_MAX_SIZE 8192 + +struct HksTestCertChain { + bool certChainExist; + bool certCountValid; + bool certDataExist; + uint32_t certDataSize; +}; + +static int32_t HksGenerateKeyAdapter(const struct HksBlob *keyAlias); +static int32_t ConstructDataToCertChain(struct HksCertChain **certChain, const struct HksTestCertChain *certChainParam); +static int32_t HksCertChainToBuffer(struct HksCertChain *hksCertChain, uint8_t **data, uint32_t *dataLen); +static int32_t BufferToHksCertChain(uint8_t *data, uint32_t dataLen, struct HksCertChain *hksCertChain); +static int32_t GenerateFuncParamJson(bool isSelfPk, const char *udidStr, char *dest, uint32_t destMax); + +const char *pkInfoEmpty = "[]"; +const char *pkInfoBase = "[{\"groupId\" : \"0\",\"publicKey\" : \"0\"}]"; + +int32_t GetPkInfoListStr(bool isSelf, const char *udidStr, char **pkInfoList) +{ + SECURITY_LOG_INFO("GetPkInfoListStr start"); + + char paramJson[HICHIAN_INPUT_PARAM_STRING_LENGTH] = {0}; + char *resultBuffer = NULL; + uint32_t resultNum = 0; + + int32_t ret = GenerateFuncParamJson(isSelf, udidStr, ¶mJson[0], HICHIAN_INPUT_PARAM_STRING_LENGTH); + if (ret != SUCCESS) { + SECURITY_LOG_INFO("GenerateFuncParamJson failed"); + return ret; + } + + const DeviceGroupManager *interface = GetGmInstance(); + ret = interface->getPkInfoList(ANY_OS_ACCOUNT, "dslm_service", paramJson, &resultBuffer, &resultNum); + if (ret != SUCCESS) { + SECURITY_LOG_INFO("getPkInfoList failed! ret = %{public}d", ret); + return ERR_CALL_EXTERNAL_FUNC; + } + + if (memcmp(resultBuffer, pkInfoEmpty, strlen(pkInfoEmpty)) == 0) { + SECURITY_LOG_INFO("Current pkInfoList is NULL."); + *pkInfoList = (char *)MALLOC(strlen(pkInfoBase) + 1); + if (strcpy_s(*pkInfoList, strlen(pkInfoBase) + 1, pkInfoBase) != EOK) { + ret = ERR_MEMORY_ERR; + } + } else { + *pkInfoList = (char *)MALLOC(strlen(resultBuffer) + 1); + if (strcpy_s(*pkInfoList, strlen(resultBuffer) + 1, resultBuffer) != EOK) { + ret = ERR_MEMORY_ERR; + } + } + if (ret == SUCCESS) { + SECURITY_LOG_INFO("pkinfo = %{public}s", *pkInfoList); + } + interface->destroyInfo(&resultBuffer); + return SUCCESS; +} + +int32_t DslmCredAttestAdapter(struct DslmInfoInCertChain *info, uint8_t **certChain, uint32_t *certChainLen) +{ + SECURITY_LOG_INFO("DslmCredAttestAdapter start"); + + struct HksBlob keyAlias = {sizeof(g_dslmKey), (uint8_t *)g_dslmKey}; + if (HksGenerateKeyAdapter(&keyAlias) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksGenerateKeyAdapter failed!"); + } + struct HksParam inputData[] = { + {.tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = {strlen(info->nounceStr) + 1, (uint8_t *)info->nounceStr}}, + {.tag = HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = {strlen(info->credStr) + 1, (uint8_t *)info->credStr}}, + {.tag = HKS_TAG_ATTESTATION_ID_UDID, .blob = {strlen(info->udidStr) + 1, (uint8_t *)info->udidStr}}, + {.tag = HKS_TAG_ATTESTATION_ID_ALIAS, .blob = keyAlias}, + + }; + struct HksParamSet *inputParam = NULL; + if (HksInitParamSet(&inputParam) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksInitParamSet failed!"); + return ERR_CALL_EXTERNAL_FUNC; + } + if (HksAddParams(inputParam, inputData, sizeof(inputData) / sizeof(inputData[0])) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksAddParams failed!"); + return ERR_CALL_EXTERNAL_FUNC; + } + if (HksBuildParamSet(&inputParam) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksBuildParamSet failed!"); + return ERR_CALL_EXTERNAL_FUNC; + } + + uint32_t certChainMaxLen = strlen(info->credStr) + strlen(info->nounceStr) + DSLM_CERT_CHAIN_BASE_LENGTH; + struct HksCertChain *hksCertChain = NULL; + const struct HksTestCertChain certParam = {true, true, true, certChainMaxLen}; + int32_t ret = ConstructDataToCertChain(&hksCertChain, &certParam); + if (ret != HKS_SUCCESS) { + SECURITY_LOG_INFO("ConstructDataToCertChain ret = %{public}d ", ret); + return ret; + } + + ret = HksAttestKey(&keyAlias, inputParam, hksCertChain); + if (ret != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksAttestKey failed, ret = %{public}d ", ret); + return ret; + } + + ret = HksCertChainToBuffer(hksCertChain, certChain, certChainLen); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("HksCertChainToHksBlob failed!"); + return ret; + } + SECURITY_LOG_INFO("DslmCredAttestAdapter success, certChainLen = %{public}d ", *certChainLen); + return SUCCESS; +} + +int32_t ValidateCertChainAdapter(uint8_t *data, uint32_t dataLen, struct DslmInfoInCertChain *resultInfo) +{ + SECURITY_LOG_INFO("ValidateCertChainAdapter start"); + + char nounceStr[DSLM_INFO_MAX_LEN_NOUNCE] = {0}; + char credStr[DSLM_INFO_MAX_LEN_CRED] = {0}; + char udidStr[DSLM_INFO_MAX_LEN_UDID] = {0}; + struct HksParam outputData[] = { + {.tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = {DSLM_INFO_MAX_LEN_NOUNCE, (uint8_t *)nounceStr}}, + {.tag = HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = {DSLM_INFO_MAX_LEN_CRED, (uint8_t *)credStr}}, + {.tag = HKS_TAG_ATTESTATION_ID_UDID, .blob = {DSLM_INFO_MAX_LEN_UDID, (uint8_t *)udidStr}}, + }; + + struct HksParamSet *outputParam = NULL; + if (HksInitParamSet(&outputParam) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksInitParamSet failed!"); + return ERR_CALL_EXTERNAL_FUNC; + } + if (HksAddParams(outputParam, outputData, sizeof(outputData) / sizeof(outputData[0])) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksAddParams failed!"); + return ERR_CALL_EXTERNAL_FUNC; + } + if (HksBuildParamSet(&outputParam) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksBuildParamSet failed!"); + return ERR_CALL_EXTERNAL_FUNC; + } + + struct HksBlob certBlob[CERT_CHAIN_CERT_NUM] = {0}; + struct HksCertChain hksCertChain = {&certBlob[0], CERT_CHAIN_CERT_NUM}; + + if (BufferToHksCertChain(data, dataLen, &hksCertChain) != SUCCESS) { + SECURITY_LOG_ERROR("HksBlobToHksCertChain failed!"); + return ERR_CALL_EXTERNAL_FUNC; + } + + if (HksValidateCertChain(&hksCertChain, outputParam) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksValidateCertChain failed!"); + return ERR_CALL_EXTERNAL_FUNC; + } + uint32_t cnt = 0; + if (memcpy_s(resultInfo->nounceStr, DSLM_INFO_MAX_LEN_NOUNCE, outputParam->params[cnt].blob.data, + outputParam->params[cnt].blob.size) != EOK) { + return ERR_MEMORY_ERR; + } + cnt++; + if (memcpy_s(resultInfo->credStr, DSLM_INFO_MAX_LEN_CRED, outputParam->params[cnt].blob.data, + outputParam->params[cnt].blob.size) != EOK) { + return ERR_MEMORY_ERR; + } + cnt++; + if (memcpy_s(resultInfo->udidStr, DSLM_INFO_MAX_LEN_UDID, outputParam->params[cnt].blob.data, + outputParam->params[cnt].blob.size) != EOK) { + return ERR_MEMORY_ERR; + } + + SECURITY_LOG_INFO("ValidateCertChainAdapter success!"); + return SUCCESS; +} + +int32_t HksAttestIsReadyAdapter(void) +{ + if (HcmIsDeviceKeyExist(NULL) != HKS_SUCCESS) { + SECURITY_LOG_ERROR("Hks attest not ready!"); + return ERR_CALL_EXTERNAL_FUNC; + } + return SUCCESS; +} + +static int32_t HksGenerateKeyAdapter(const struct HksBlob *keyAlias) +{ + struct HksParam tmpParams[] = { + {.tag = HKS_TAG_KEY_STORAGE_FLAG, .uint32Param = HKS_STORAGE_PERSISTENT}, + {.tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_RSA}, + {.tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_RSA_KEY_SIZE_2048}, + {.tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_VERIFY}, + {.tag = HKS_TAG_DIGEST, .uint32Param = HKS_DIGEST_SHA256}, + {.tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_PSS}, + {.tag = HKS_TAG_KEY_GENERATE_TYPE, .uint32Param = HKS_KEY_GENERATE_TYPE_DEFAULT}, + {.tag = HKS_TAG_BLOCK_MODE, .uint32Param = HKS_MODE_ECB}, + }; + struct HksParamSet *paramSet = NULL; + int32_t ret = HksInitParamSet(¶mSet); + if (ret != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksInitParamSet failed!"); + return ret; + } + + ret = HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0])); + if (ret != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksAddParams failed!"); + HksFreeParamSet(¶mSet); + return ret; + } + + ret = HksBuildParamSet(¶mSet); + if (ret != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksBuildParamSet failed!"); + HksFreeParamSet(¶mSet); + return ret; + } + + ret = HksGenerateKey(keyAlias, paramSet, NULL); + if (ret != HKS_SUCCESS) { + SECURITY_LOG_ERROR("HksGenerateKey failed!"); + } + HksFreeParamSet(¶mSet); + return ret; +} + +static int32_t ConstructDataToCertChain(struct HksCertChain **certChain, const struct HksTestCertChain *certChainParam) +{ + if (!certChainParam->certChainExist) { + return 0; + } + *certChain = (struct HksCertChain *)MALLOC(sizeof(struct HksCertChain)); + if (*certChain == NULL) { + SECURITY_LOG_ERROR("malloc fail"); + return HKS_ERROR_MALLOC_FAIL; + } + if (!certChainParam->certCountValid) { + (*certChain)->certsCount = 0; + return 0; + } + (*certChain)->certsCount = CERT_CHAIN_CERT_NUM; + if (!certChainParam->certDataExist) { + (*certChain)->certs = NULL; + return 0; + } + (*certChain)->certs = (struct HksBlob *)MALLOC(sizeof(struct HksBlob) * ((*certChain)->certsCount)); + for (uint32_t i = 0; i < (*certChain)->certsCount; i++) { + (*certChain)->certs[i].size = certChainParam->certDataSize; + (*certChain)->certs[i].data = (uint8_t *)MALLOC((*certChain)->certs[i].size); + if ((*certChain)->certs[i].data == NULL) { + SECURITY_LOG_ERROR("malloc fail"); + return HKS_ERROR_MALLOC_FAIL; + } + memset_s((*certChain)->certs[i].data, certChainParam->certDataSize, 0, certChainParam->certDataSize); + } + return 0; +} + +// certChain转blob,需要malloc +static int32_t HksCertChainToBuffer(struct HksCertChain *hksCertChain, uint8_t **data, uint32_t *dataLen) +{ + TlvCommon tlvs[MAX_ENTRY]; + memset_s(&tlvs[0], sizeof(tlvs), 0, sizeof(tlvs)); + uint32_t tlvCnt = 0; + + for (uint32_t i = 0; i < hksCertChain->certsCount; i++) { + tlvs[tlvCnt].tag = TYPE_CERT_BASE + 1; + tlvs[tlvCnt].len = hksCertChain->certs[i].size; + tlvs[tlvCnt].value = hksCertChain->certs[i].data; + tlvCnt++; + } + + uint8_t *out = MALLOC(LIST_MAX_SIZE); + if (out == NULL) { + return ERR_NO_MEMORY; + } + memset_s(out, LIST_MAX_SIZE, 0, LIST_MAX_SIZE); + if (Serialize(tlvs, tlvCnt, out, LIST_MAX_SIZE, dataLen) != TLV_OK) { + FREE(out); + return ERR_NO_MEMORY; + } + + *data = out; + return SUCCESS; +} + +// blob转为certChain,构造结构体,使其指针对应到blob中对应段。不需要malloc,hksBlob在外面使用完直接释放。 +static int32_t BufferToHksCertChain(uint8_t *data, uint32_t dataLen, struct HksCertChain *hksCertChain) +{ + TlvCommon tlvs[MAX_ENTRY]; + memset_s(&tlvs[0], sizeof(tlvs), 0, sizeof(tlvs)); + + uint32_t cnt = 0; + uint32_t ret = Deserialize(data, dataLen, &tlvs[0], MAX_ENTRY, &cnt); + if (ret != TLV_OK || cnt == 0) { + return ERR_INVALID_PARA; + } + uint32_t certCnt = 0; + for (uint32_t i = 0; i < cnt; i++) { + if ((tlvs[i].tag >= TYPE_CERT_BASE) && (tlvs[i].tag <= TYPE_CERT_END)) { + if (certCnt >= MAX_ENTRY) { + return ERR_HUKS_ERR; + } + hksCertChain->certs[certCnt].data = tlvs[i].value; + hksCertChain->certs[certCnt].size = tlvs[i].len; + certCnt++; + } + } + hksCertChain->certsCount = certCnt; + return SUCCESS; +} + +static int32_t GenerateFuncParamJson(bool isSelfPk, const char *udidStr, char *dest, uint32_t destMax) +{ + JsonHandle json = CreateJson(NULL); + if (json == NULL) { + return ERR_INVALID_PARA; + } + + AddFieldBoolToJson(json, "isSelfPk", isSelfPk); + AddFieldStringToJson(json, "udid", udidStr); + + char *paramsJsonBuffer = ConvertJsonToString(json); + if (paramsJsonBuffer == NULL) { + DestroyJson(json); + return ERR_MEMORY_ERR; + } + DestroyJson(json); + if (strcpy_s(dest, destMax, paramsJsonBuffer) != EOK) { + FREE(paramsJsonBuffer); + paramsJsonBuffer = NULL; + return ERR_MEMORY_ERR; + } + FREE(paramsJsonBuffer); + paramsJsonBuffer = NULL; + return SUCCESS; +} + +int32_t InitDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo) +{ + if (saveInfo == NULL) { + return ERR_INVALID_PARA; + } + saveInfo->nounceStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_NOUNCE); + if (saveInfo->nounceStr == NULL) { + return ERR_NO_MEMORY; + } + saveInfo->credStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_CRED); + if (saveInfo->credStr == NULL) { + return ERR_NO_MEMORY; + } + saveInfo->udidStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_UDID); + if (saveInfo->udidStr == NULL) { + return ERR_NO_MEMORY; + } + return SUCCESS; +} + +void DestroyDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo) +{ + if (saveInfo == NULL) { + return; + } + if (saveInfo->nounceStr != NULL) { + FREE(saveInfo->nounceStr); + saveInfo->nounceStr = NULL; + } + if (saveInfo->credStr != NULL) { + FREE(saveInfo->credStr); + saveInfo->credStr = NULL; + } + if (saveInfo->udidStr != NULL) { + FREE(saveInfo->udidStr); + saveInfo->udidStr = NULL; + } + (void)memset_s(saveInfo, sizeof(struct DslmInfoInCertChain), 0, sizeof(struct DslmInfoInCertChain)); +} diff --git a/oem_property/ohos/impl/external_interface.h b/oem_property/ohos/impl/external_interface_adapter.h similarity index 44% rename from oem_property/ohos/impl/external_interface.h rename to oem_property/ohos/impl/external_interface_adapter.h index 1e1c504f23afd48ca97033f91d57bb46a56637cc..b0cd31aa40b9d683ecef92c8b200020b0ac3b57a 100644 --- a/oem_property/ohos/impl/external_interface.h +++ b/oem_property/ohos/impl/external_interface_adapter.h @@ -13,28 +13,24 @@ * limitations under the License. */ -#ifndef EXTERNAL_INTERFACE_H -#define EXTERNAL_INTERFACE_H +#ifndef EXTERNAL_INTERFACE_ADAPTER_H +#define EXTERNAL_INTERFACE_ADAPTER_H #include #include -struct CertChainValidateResult { - uint8_t *udid; - uint32_t udidLen; - uint8_t *nounce; - uint32_t nounceLen; - uint8_t *cred; - uint32_t credLen; - uint8_t *serialNum; - uint32_t serialNumLen; +struct DslmInfoInCertChain { + char *udidStr; + char *credStr; + char *nounceStr; // challenge + pkinfoList }; -int GetPkInfoListStr(bool isSelf, const uint8_t *udid, uint32_t udidLen, char **pkInfoList); -int DslmCredAttestAdapter(char *nounceStr, char *credStr, uint8_t **certChain, uint32_t *certChainLen); -int ValidateCertChainAdapter(uint8_t *data, uint32_t dataLen, struct CertChainValidateResult *resultInfo); +int32_t GetPkInfoListStr(bool isSelf, const char *udidStr, char **pkInfoList); +int32_t DslmCredAttestAdapter(struct DslmInfoInCertChain *info, uint8_t **certChain, uint32_t *certChainLen); +int32_t ValidateCertChainAdapter(uint8_t *data, uint32_t dataLen, struct DslmInfoInCertChain *resultInfo); +int32_t HksAttestIsReadyAdapter(void); -void InitCertChainValidateResult(struct CertChainValidateResult *resultInfo, uint32_t maxLen); -void DestroyCertChainValidateResult(struct CertChainValidateResult *resultInfo); +int32_t InitDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo); +void DestroyDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo); -#endif // EXTERNAL_INTERFACE_H \ No newline at end of file +#endif // EXTERNAL_INTERFACE_ADAPTER_H \ No newline at end of file diff --git a/profile/dslm_service.xml b/profile/dslm_service.xml index a4967966defe2fb50ee4efe6de7c88d14e6a9863..f2e321cd41b13cd6c54b00ffb60a95c9c588e9a8 100644 --- a/profile/dslm_service.xml +++ b/profile/dslm_service.xml @@ -18,7 +18,7 @@ 3511 libdslm_service.z.so - 4700 + 4700;3510 true false