diff --git a/oem_property/ohos/BUILD.gn b/oem_property/ohos/BUILD.gn index b9eb9621b55b943baaa8b9a7f4f1edc919848c30..256ade8e69c884dcb02bd315d4905817a1799478 100644 --- a/oem_property/ohos/BUILD.gn +++ b/oem_property/ohos/BUILD.gn @@ -63,6 +63,7 @@ ohos_shared_library("dslm_service") { ohos_source_set("dslm_ohos_cred_obj") { sources = [ + "impl/dslm_ohos_init.c", "impl/dslm_ohos_request.c", "impl/dslm_ohos_verify.c", "impl/external_interface_adapter.c", diff --git a/oem_property/ohos/dslm_ohos_credential.c b/oem_property/ohos/dslm_ohos_credential.c index 25e4d52fc1dde1846c1ff5592dafee89825534cf..f077087946046441b3d698e7a3ad7ebac5b2a420 100644 --- a/oem_property/ohos/dslm_ohos_credential.c +++ b/oem_property/ohos/dslm_ohos_credential.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ __attribute__((constructor)) static void Constructor(void) { const ProcessDslmCredFunctions func = { - .initFunc = NULL, + .initFunc = InitOhosDslmCred, .requestFunc = RequestOhosDslmCred, .verifyFunc = VerifyOhosDslmCred, .credTypeCnt = 2, diff --git a/oem_property/ohos/dslm_ohos_credential.h b/oem_property/ohos/dslm_ohos_credential.h index 78444971bb5b84ddc3b9bbc522d7a4e598437072..7f622c998063b5dc1879443b42a01449705c37b4 100644 --- a/oem_property/ohos/dslm_ohos_credential.h +++ b/oem_property/ohos/dslm_ohos_credential.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,6 +16,7 @@ #ifndef DSLM_OHOS_CREDENTIAL_H #define DSLM_OHOS_CREDENTIAL_H +#include "impl/dslm_ohos_init.h" #include "impl/dslm_ohos_request.h" #include "impl/dslm_ohos_verify.h" diff --git a/oem_property/ohos/impl/dslm_ohos_init.c b/oem_property/ohos/impl/dslm_ohos_init.c new file mode 100644 index 0000000000000000000000000000000000000000..027e221417eac00992846351649a35a974a04b27 --- /dev/null +++ b/oem_property/ohos/impl/dslm_ohos_init.c @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dslm_ohos_init.h" +#include "dslm_ohos_request.h" +#include "dslm_ohos_verify.h" + +#include + +#include "utils_log.h" + +#define DSLM_CRED_STR_LEN_MAX 4096 + +int32_t InitOhosDslmCred(DslmCredInfo *credInfo) +{ + SECURITY_LOG_INFO("Invoke InitOhosDslmCred"); + char credStr[DSLM_CRED_STR_LEN_MAX] = {0}; + int32_t ret = GetCredFromCurrentDevice(credStr, DSLM_CRED_STR_LEN_MAX); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("InitOhosDslmCred, Read cred data from file failed!"); + return ret; + } + + ret = VerifyCredData(credStr, credInfo); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("InitOhosDslmCred, VerifyCredData failed!"); + return ret; + } + SECURITY_LOG_INFO("InitOhosDslmCred success!"); + return SUCCESS; +} \ No newline at end of file diff --git a/oem_property/ohos/impl/dslm_ohos_init.h b/oem_property/ohos/impl/dslm_ohos_init.h new file mode 100644 index 0000000000000000000000000000000000000000..854b3d93145ad92f2adf8c681e6c45c941231128 --- /dev/null +++ b/oem_property/ohos/impl/dslm_ohos_init.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DSLM_OHOS_INIT_H +#define DSLM_OHOS_INIT_H + +#include + +#include "device_security_defines.h" +#include "dslm_cred.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t InitOhosDslmCred(DslmCredInfo *credInfo); + +#ifdef __cplusplus +} +#endif + +#endif // DSLM_OHOS_INIT_H diff --git a/oem_property/ohos/impl/dslm_ohos_request.c b/oem_property/ohos/impl/dslm_ohos_request.c index a3326a8467558ef99c7cf90f1f04de53712805bf..5667b667a3571baf0bdc0c59a613765a76db9903 100644 --- a/oem_property/ohos/impl/dslm_ohos_request.c +++ b/oem_property/ohos/impl/dslm_ohos_request.c @@ -33,28 +33,6 @@ #define DEVAUTH_JSON_KEY_CHALLENGE "challenge" #define DEVAUTH_JSON_KEY_PKINFO_LIST "pkInfoList" -static int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen) -{ - FILE *fp = NULL; - fp = fopen(DSLM_CRED_CFG_FILE_POSITION, "r"); - if (fp == NULL) { - SECURITY_LOG_ERROR("fopen cred file failed!"); - return ERR_INVALID_PARA; - } - int32_t ret = fscanf_s(fp, "%s", credStr, maxLen); - if (ret == -1) { - SECURITY_LOG_ERROR("fscanf_s cred file failed!"); - ret = ERR_INVALID_PARA; - } else { - ret = SUCCESS; - } - if (fclose(fp) != 0) { - SECURITY_LOG_ERROR("fclose cred file failed!"); - ret = ERR_INVALID_PARA; - } - return ret; -} - static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListStr, char **nounceStr) { JsonHandle json = CreateJson(NULL); @@ -122,17 +100,10 @@ static int32_t GenerateDslmCertChain(const DeviceIdentify *device, const Request static int32_t SelectDslmCredType(const DeviceIdentify *device, const RequestObject *obj, uint32_t *type) { - uint32_t devType = 0; - const DeviceIdentify *deviceSelf = GetSelfDevice(&devType); - if (deviceSelf->length == 0) { - SECURITY_LOG_ERROR("SelectDslmCredType, GetSelfDevice failed"); - return ERR_INVALID_PARA; - } - - // is self - if (memcmp(device->identity, deviceSelf->identity, deviceSelf->length) == 0) { + (void)device; + (void)obj; + if (HksAttestIsReadyAdapter() != SUCCESS) { *type = CRED_TYPE_SMALL; - return SUCCESS; } *type = CRED_TYPE_STANDARD; return SUCCESS; @@ -170,6 +141,31 @@ static int32_t RequestStandardDslmCred(const DeviceIdentify *device, const Reque return SUCCESS; } +int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen) +{ + if (credStr == NULL || maxLen == 0) { + return ERR_INVALID_PARA; + } + FILE *fp = NULL; + fp = fopen(DSLM_CRED_CFG_FILE_POSITION, "r"); + if (fp == NULL) { + SECURITY_LOG_ERROR("fopen cred file failed!"); + return ERR_INVALID_PARA; + } + int32_t ret = fscanf_s(fp, "%s", credStr, maxLen); + if (ret == -1) { + SECURITY_LOG_ERROR("fscanf_s cred file failed!"); + ret = ERR_INVALID_PARA; + } else { + ret = SUCCESS; + } + if (fclose(fp) != 0) { + SECURITY_LOG_ERROR("fclose cred file failed!"); + ret = ERR_INVALID_PARA; + } + return ret; +} + int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff) { SECURITY_LOG_INFO("Invoke RequestOhosDslmCred"); diff --git a/oem_property/ohos/impl/dslm_ohos_request.h b/oem_property/ohos/impl/dslm_ohos_request.h index a3511fa0d656f16ed8a08417d1af4bcbd563f6bd..567888760e9bf0ae752a70d30a73bd8f85d1c9eb 100644 --- a/oem_property/ohos/impl/dslm_ohos_request.h +++ b/oem_property/ohos/impl/dslm_ohos_request.h @@ -25,6 +25,7 @@ extern "C" { #endif +int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen); int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff); #ifdef __cplusplus diff --git a/oem_property/ohos/impl/dslm_ohos_verify.c b/oem_property/ohos/impl/dslm_ohos_verify.c index ceea3f2b8c675ff33f9bfc76cfe0f4b82029f381..6435e10dfe7b6f0d9e8254c8dc2f40190458668d 100644 --- a/oem_property/ohos/impl/dslm_ohos_verify.c +++ b/oem_property/ohos/impl/dslm_ohos_verify.c @@ -203,34 +203,6 @@ static int32_t GetCredPayloadInfo(const char *credPayload, DslmCredInfo *credInf return ERR_GET_CLOUD_CRED_INFO; } -static int32_t GenerateDeviceUdid(const char *manufacture, const char *productModel, const char *serialNum, - char *udidStr, uint32_t MaxLen) -{ - uint32_t manufactureLen = strlen(manufacture); - uint32_t productModelLen = strlen(productModel); - uint32_t serialNumLen = strlen(serialNum); - - uint32_t dataLen = manufactureLen + productModelLen + serialNumLen; - char *data = (char *)MALLOC(dataLen + 1); - - if (strcat_s(data, dataLen + 1, manufacture) != EOK) { - return ERR_INVALID_PARA; - } - if (strcat_s(data, dataLen + 1, productModel) != EOK) { - return ERR_INVALID_PARA; - } - if (strcat_s(data, dataLen + 1, serialNum) != EOK) { - return ERR_INVALID_PARA; - } - - uint8_t hashResult[SHA_256_HASH_RESULT_LEN] = {0}; - CallHashSha256((uint8_t *)data, dataLen, hashResult); - - ByteToHexString(hashResult, SHA_256_HASH_RESULT_LEN, (uint8_t *)udidStr, UDID_STRING_LENGTH); - - return 0; -} - static int32_t CheckCredInfo(const struct DeviceIdentify *device, const DslmCredInfo *info) { SECURITY_LOG_DEBUG("CheckCredInfo start!"); @@ -242,17 +214,6 @@ static int32_t CheckCredInfo(const struct DeviceIdentify *device, const DslmCred if (memcmp((char *)device->identity, info->udid, strlen(info->udid)) == 0) { return SUCCESS; } - - char udidStr[UDID_STRING_LENGTH] = {0}; - const char *serialStr = GetSerial(); - if (serialStr == NULL) { - return ERR_INVALID_PARA; - } - - GenerateDeviceUdid(info->manufacture, info->model, serialStr, udidStr, UDID_STRING_LENGTH); - if (strcasecmp(udidStr, info->udid) == 0) { - return SUCCESS; - } return ERR_CHECK_CRED_INFO; } SECURITY_LOG_DEBUG("CheckCredInfo SUCCESS!"); @@ -575,49 +536,6 @@ static void FreeCredData(struct CredData *credData) (void)memset_s(credData, sizeof(struct CredData), 0, sizeof(struct CredData)); } -static int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo) -{ - struct CredData credData; - (void)memset_s(&credData, sizeof(struct CredData), 0, sizeof(struct CredData)); - - int32_t ret = ERR_DEFAULT; - do { - // 1. Parse Cred. - ret = ParseCredData(credStr, &credData); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("ParseCredData failed!"); - break; - } - - // 2. Verify public key chain, get root public key. - ret = VerifyCredPubKeyChain(&credData.pbkChain[0]); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("verifyCredPubKeyChain failed!"); - break; - } - - // 3. Verify source data by root public key. - ret = VerifyCredPayload(credStr, &credData); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("verifyCredPayload failed!"); - break; - } - - // 4. Parse cred payload. - ret = GetCredPayloadInfo(credData.payload, credInfo); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("VerifyCredData success!"); - break; - } - } while (0); - - FreeCredData(&credData); - if (ret == SUCCESS) { - SECURITY_LOG_INFO("VerifyCredData SUCCESS!"); - } - return ret; -} - static int32_t verifySmallDslmCred(const DeviceIdentify *device, const DslmCredBuff *credBuff, DslmCredInfo *credInfo) { char credStr[DSLM_CRED_STR_LEN_MAX] = {0}; @@ -687,6 +605,52 @@ static int32_t verifyStandardDslmCred(const DeviceIdentify *device, uint64_t cha return ret; } +int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo) +{ + if (credStr == NULL || credInfo == NULL) { + return ERR_INVALID_PARA; + } + struct CredData credData; + (void)memset_s(&credData, sizeof(struct CredData), 0, sizeof(struct CredData)); + + int32_t ret = ERR_DEFAULT; + do { + // 1. Parse Cred. + ret = ParseCredData(credStr, &credData); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("ParseCredData failed!"); + break; + } + + // 2. Verify public key chain, get root public key. + ret = VerifyCredPubKeyChain(&credData.pbkChain[0]); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("verifyCredPubKeyChain failed!"); + break; + } + + // 3. Verify source data by root public key. + ret = VerifyCredPayload(credStr, &credData); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("verifyCredPayload failed!"); + break; + } + + // 4. Parse cred payload. + ret = GetCredPayloadInfo(credData.payload, credInfo); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("VerifyCredData success!"); + break; + } + } while (0); + + FreeCredData(&credData); + if (ret == SUCCESS) { + SECURITY_LOG_INFO("VerifyCredData SUCCESS!"); + } + return ret; +} + int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo) { diff --git a/oem_property/ohos/impl/dslm_ohos_verify.h b/oem_property/ohos/impl/dslm_ohos_verify.h index bc5d54e67c3793cdb84d8fb81c172e17bd03d46c..acb09717b3496eb232af0bc44f144a6828429408 100644 --- a/oem_property/ohos/impl/dslm_ohos_verify.h +++ b/oem_property/ohos/impl/dslm_ohos_verify.h @@ -25,6 +25,8 @@ extern "C" { #endif +int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo); + int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo); diff --git a/services/common/dslm_crypto.c b/services/common/dslm_crypto.c index 4b8889e9e70a8b443166f44b78c208e0210e10ac..d1c5c71e0c48de3ba6268356a0afabefe6b49bcb 100644 --- a/services/common/dslm_crypto.c +++ b/services/common/dslm_crypto.c @@ -80,12 +80,4 @@ int32_t EcdsaVerify(const struct DataBuffer *srcData, const struct DataBuffer *s EVP_PKEY_free(pkey); EVP_MD_CTX_free(ctx); return ret; -} - -void CallHashSha256(const uint8_t *data, uint32_t dataLen, uint8_t *out) -{ - SHA256_CTX sctx; - SHA256_Init(&sctx); - SHA256_Update(&sctx, data, dataLen); - SHA256_Final(out, &sctx); } \ No newline at end of file diff --git a/services/dslm/dslm_core_process.c b/services/dslm/dslm_core_process.c index 5dcb87f06a14c354b43d5b4d12e55cadd80ed328..4e7f1291b39e3dd02516ef2208373bdeffea0d49 100644 --- a/services/dslm/dslm_core_process.c +++ b/services/dslm/dslm_core_process.c @@ -203,9 +203,12 @@ bool InitSelfDeviceSecureLevel(void) return true; } - DefaultInitDslmCred(&info->credInfo); + int32_t ret = DefaultInitDslmCred(&info->credInfo); + if (ret == SUCCESS && info->credInfo.credLevel > 0) { + return true; + } - int ret = OnPeerStatusReceiver(device, ONLINE_STATUS_ONLINE, devType); + ret = OnPeerStatusReceiver(device, ONLINE_STATUS_ONLINE, devType); if (ret != SUCCESS) { SECURITY_LOG_ERROR("InitDeviceSecLevel, make self online failed"); } diff --git a/services/include/dslm_crypto.h b/services/include/dslm_crypto.h index 32ea666b5d4d6053ab57ac9071fff5259c4776f9..ed14f63bbeb8757c547575e822a32ce02db0aebe 100644 --- a/services/include/dslm_crypto.h +++ b/services/include/dslm_crypto.h @@ -41,7 +41,6 @@ struct DataBuffer { void GenerateRandom(RandomValue *rand, uint32_t length); int32_t EcdsaVerify(const struct DataBuffer *srcData, const struct DataBuffer *sigData, const struct DataBuffer *pbkData, uint32_t algorithm); -void CallHashSha256(const uint8_t *data, uint32_t dataLen, uint8_t *out); #ifdef __cplusplus } diff --git a/test/dslm_test.cpp b/test/dslm_test.cpp index bef1840f6c443c9c7f822776aca2afe5dc0d99cd..768bcec4c8dc457760677d16ddff3fe0ec41d17b 100644 --- a/test/dslm_test.cpp +++ b/test/dslm_test.cpp @@ -86,8 +86,7 @@ HWTEST_F(DslmTest, BuildDeviceSecInfoRequest_case1, TestSize.Level1) MessageBuff *msg = nullptr; // 0d196608 = 0x030000 const char *except = - "{\"message\":1,\"payload\":{\"version\":196608,\"challenge\":\"0102030405060708\",\"support\":[300]}}"; - + "{\"message\":1,\"payload\":{\"version\":196608,\"challenge\":\"0102030405060708\",\"support\":[2000,3000]}}"; int32_t ret = BuildDeviceSecInfoRequest(random, &msg); ASSERT_EQ(0, ret); EXPECT_STREQ(except, (const char *)msg->buff); @@ -531,7 +530,6 @@ HWTEST_F(DslmTest, InitSelfDeviceSecureLevel_case1, TestSize.Level1) mockMsg.MakeSelfDeviceId(&device); mockMsg.MakeMsgLoopback(); EXPECT_CALL(mockMsg, GetSelfDeviceIdentify(_, _, _)).Times(AtLeast(1)); - EXPECT_CALL(mockMsg, SendMsgTo(_, _, _, _, _)).Times(AtLeast(1)); InitSelfDeviceSecureLevel(); info = GetDslmDeviceInfo(&device);