From f7555586495bb5f9824351b6051085a75b0b98d8 Mon Sep 17 00:00:00 2001 From: lwk <1076278852@qq.com> Date: Sat, 26 Feb 2022 18:39:02 +0800 Subject: [PATCH 1/5] fix: get self dsl liuwenkai@huawei.com Signed-off-by: lwk <1076278852@qq.com> --- common/include/dslm_cred.h | 2 +- oem_property/ohos/BUILD.gn | 1 + oem_property/ohos/dslm_ohos_credential.c | 4 +- oem_property/ohos/dslm_ohos_credential.h | 3 +- oem_property/ohos/impl/dslm_ohos_init.c | 52 ++++++++++++++++++++++ oem_property/ohos/impl/dslm_ohos_init.h | 34 ++++++++++++++ oem_property/ohos/impl/dslm_ohos_request.c | 7 ++- oem_property/ohos/impl/dslm_ohos_request.h | 1 + services/dslm/dslm_core_process.c | 7 ++- services/dslm/dslm_credential.c | 4 +- services/dslm/dslm_credential.h | 2 +- test/dslm_test.cpp | 3 +- 12 files changed, 108 insertions(+), 12 deletions(-) create mode 100644 oem_property/ohos/impl/dslm_ohos_init.c create mode 100644 oem_property/ohos/impl/dslm_ohos_init.h diff --git a/common/include/dslm_cred.h b/common/include/dslm_cred.h index e33c36f..bfef271 100644 --- a/common/include/dslm_cred.h +++ b/common/include/dslm_cred.h @@ -66,7 +66,7 @@ typedef struct DslmCredBuff { uint8_t *credVal; } DslmCredBuff; -typedef int32_t InitDslmCredFunc(DslmCredInfo *credInfo); +typedef int32_t InitDslmCredFunc(const DeviceIdentify *device, DslmCredInfo *credInfo); typedef int32_t RequestDslmCredFunc(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff); typedef int32_t VerifyDslmCredFunc(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, diff --git a/oem_property/ohos/BUILD.gn b/oem_property/ohos/BUILD.gn index b9eb962..256ade8 100644 --- a/oem_property/ohos/BUILD.gn +++ b/oem_property/ohos/BUILD.gn @@ -63,6 +63,7 @@ ohos_shared_library("dslm_service") { ohos_source_set("dslm_ohos_cred_obj") { sources = [ + "impl/dslm_ohos_init.c", "impl/dslm_ohos_request.c", "impl/dslm_ohos_verify.c", "impl/external_interface_adapter.c", diff --git a/oem_property/ohos/dslm_ohos_credential.c b/oem_property/ohos/dslm_ohos_credential.c index 25e4d52..f077087 100644 --- a/oem_property/ohos/dslm_ohos_credential.c +++ b/oem_property/ohos/dslm_ohos_credential.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,7 @@ __attribute__((constructor)) static void Constructor(void) { const ProcessDslmCredFunctions func = { - .initFunc = NULL, + .initFunc = InitOhosDslmCred, .requestFunc = RequestOhosDslmCred, .verifyFunc = VerifyOhosDslmCred, .credTypeCnt = 2, diff --git a/oem_property/ohos/dslm_ohos_credential.h b/oem_property/ohos/dslm_ohos_credential.h index 7844497..7f622c9 100644 --- a/oem_property/ohos/dslm_ohos_credential.h +++ b/oem_property/ohos/dslm_ohos_credential.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,6 +16,7 @@ #ifndef DSLM_OHOS_CREDENTIAL_H #define DSLM_OHOS_CREDENTIAL_H +#include "impl/dslm_ohos_init.h" #include "impl/dslm_ohos_request.h" #include "impl/dslm_ohos_verify.h" diff --git a/oem_property/ohos/impl/dslm_ohos_init.c b/oem_property/ohos/impl/dslm_ohos_init.c new file mode 100644 index 0000000..edf6a10 --- /dev/null +++ b/oem_property/ohos/impl/dslm_ohos_init.c @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dslm_ohos_init.h" +#include "dslm_ohos_request.h" +#include "dslm_ohos_verify.h" + +#include + +#include "utils_log.h" + +#define DSLM_CRED_STR_LEN_MAX 4096 + +int32_t InitOhosDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo) +{ + SECURITY_LOG_INFO("Invoke InitOhosDslmCred"); + char credStr[DSLM_CRED_STR_LEN_MAX] = {0}; + int32_t ret = GetCredFromCurrentDevice(credStr, DSLM_CRED_STR_LEN_MAX); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("InitOhosDslmCred, Read cred data from file failed!"); + return ret; + } + + // small type + DslmCredBuff *credBuff = CreateDslmCred(CRED_TYPE_SMALL, strlen(credStr), (uint8_t*)credStr); + if (credBuff == NULL) { + SECURITY_LOG_ERROR("InitOhosDslmCred, CreateDslmCred failed"); + return ERR_MEMORY_ERR; + } + + uint64_t tmpChallenge = 123456; + ret = VerifyOhosDslmCred(device, tmpChallenge, credBuff, credInfo); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("InitOhosDslmCred, VerifyOhosDslmCred failed!"); + return ret; + } + + SECURITY_LOG_INFO("InitOhosDslmCred success!"); + return SUCCESS; +} \ No newline at end of file diff --git a/oem_property/ohos/impl/dslm_ohos_init.h b/oem_property/ohos/impl/dslm_ohos_init.h new file mode 100644 index 0000000..63cad55 --- /dev/null +++ b/oem_property/ohos/impl/dslm_ohos_init.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DSLM_OHOS_INIT_H +#define DSLM_OHOS_INIT_H + +#include + +#include "device_security_defines.h" +#include "dslm_cred.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t InitOhosDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo); + +#ifdef __cplusplus +} +#endif + +#endif // DSLM_OHOS_INIT_H diff --git a/oem_property/ohos/impl/dslm_ohos_request.c b/oem_property/ohos/impl/dslm_ohos_request.c index a3326a8..beaec94 100644 --- a/oem_property/ohos/impl/dslm_ohos_request.c +++ b/oem_property/ohos/impl/dslm_ohos_request.c @@ -33,8 +33,11 @@ #define DEVAUTH_JSON_KEY_CHALLENGE "challenge" #define DEVAUTH_JSON_KEY_PKINFO_LIST "pkInfoList" -static int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen) +int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen) { + if (credStr == NULL || maxLen == 0) { + return ERR_INVALID_PARA; + } FILE *fp = NULL; fp = fopen(DSLM_CRED_CFG_FILE_POSITION, "r"); if (fp == NULL) { @@ -122,6 +125,7 @@ static int32_t GenerateDslmCertChain(const DeviceIdentify *device, const Request static int32_t SelectDslmCredType(const DeviceIdentify *device, const RequestObject *obj, uint32_t *type) { + /* uint32_t devType = 0; const DeviceIdentify *deviceSelf = GetSelfDevice(&devType); if (deviceSelf->length == 0) { @@ -134,6 +138,7 @@ static int32_t SelectDslmCredType(const DeviceIdentify *device, const RequestObj *type = CRED_TYPE_SMALL; return SUCCESS; } + */ *type = CRED_TYPE_STANDARD; return SUCCESS; } diff --git a/oem_property/ohos/impl/dslm_ohos_request.h b/oem_property/ohos/impl/dslm_ohos_request.h index a3511fa..5678887 100644 --- a/oem_property/ohos/impl/dslm_ohos_request.h +++ b/oem_property/ohos/impl/dslm_ohos_request.h @@ -25,6 +25,7 @@ extern "C" { #endif +int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen); int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff); #ifdef __cplusplus diff --git a/services/dslm/dslm_core_process.c b/services/dslm/dslm_core_process.c index 5dcb87f..9c4a6dc 100644 --- a/services/dslm/dslm_core_process.c +++ b/services/dslm/dslm_core_process.c @@ -203,9 +203,12 @@ bool InitSelfDeviceSecureLevel(void) return true; } - DefaultInitDslmCred(&info->credInfo); + int32_t ret = DefaultInitDslmCred(device, &info->credInfo); + if (ret == SUCCESS && info->credInfo.credLevel > 0) { + return true; + } - int ret = OnPeerStatusReceiver(device, ONLINE_STATUS_ONLINE, devType); + ret = OnPeerStatusReceiver(device, ONLINE_STATUS_ONLINE, devType); if (ret != SUCCESS) { SECURITY_LOG_ERROR("InitDeviceSecLevel, make self online failed"); } diff --git a/services/dslm/dslm_credential.c b/services/dslm/dslm_credential.c index e07ba49..6454b2b 100644 --- a/services/dslm/dslm_credential.c +++ b/services/dslm/dslm_credential.c @@ -64,12 +64,12 @@ int32_t DefaultVerifyDslmCred(const DeviceIdentify *device, uint64_t challenge, return -1; } -int32_t DefaultInitDslmCred(DslmCredInfo *credInfo) +int32_t DefaultInitDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo) { ProcessDslmCredFunctions *cb = GetFunctionCb(); InitDslmCredFunc *init = cb->initFunc; if (init != NULL) { - return init(credInfo); + return init(device, credInfo); } SECURITY_LOG_INFO("invoke DefaultInitDslmCred"); return -1; diff --git a/services/dslm/dslm_credential.h b/services/dslm/dslm_credential.h index cca9634..491ec5f 100644 --- a/services/dslm/dslm_credential.h +++ b/services/dslm/dslm_credential.h @@ -29,7 +29,7 @@ int32_t DefaultRequestDslmCred(const DeviceIdentify *device, const RequestObject int32_t DefaultVerifyDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo); -int32_t DefaultInitDslmCred(DslmCredInfo *credInfo); +int32_t DefaultInitDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo); int32_t GetSupportedCredTypes(CredType *list, uint32_t len); diff --git a/test/dslm_test.cpp b/test/dslm_test.cpp index bef1840..fb8a66a 100644 --- a/test/dslm_test.cpp +++ b/test/dslm_test.cpp @@ -86,8 +86,7 @@ HWTEST_F(DslmTest, BuildDeviceSecInfoRequest_case1, TestSize.Level1) MessageBuff *msg = nullptr; // 0d196608 = 0x030000 const char *except = - "{\"message\":1,\"payload\":{\"version\":196608,\"challenge\":\"0102030405060708\",\"support\":[300]}}"; - + "{\"message\":1,\"payload\":{\"version\":196608,\"challenge\":\"0102030405060708\",\"support\":[2000,3000]}}"; int32_t ret = BuildDeviceSecInfoRequest(random, &msg); ASSERT_EQ(0, ret); EXPECT_STREQ(except, (const char *)msg->buff); -- Gitee From ff063946bff85cf67375218468b7d1337519b823 Mon Sep 17 00:00:00 2001 From: lwk <1076278852@qq.com> Date: Mon, 28 Feb 2022 11:27:27 +0800 Subject: [PATCH 2/5] fix: test modify Signed-off-by: lwk <1076278852@qq.com> --- oem_property/ohos/impl/dslm_ohos_request.c | 15 +++------------ test/dslm_test.cpp | 1 - 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/oem_property/ohos/impl/dslm_ohos_request.c b/oem_property/ohos/impl/dslm_ohos_request.c index beaec94..88d9120 100644 --- a/oem_property/ohos/impl/dslm_ohos_request.c +++ b/oem_property/ohos/impl/dslm_ohos_request.c @@ -125,20 +125,11 @@ static int32_t GenerateDslmCertChain(const DeviceIdentify *device, const Request static int32_t SelectDslmCredType(const DeviceIdentify *device, const RequestObject *obj, uint32_t *type) { - /* - uint32_t devType = 0; - const DeviceIdentify *deviceSelf = GetSelfDevice(&devType); - if (deviceSelf->length == 0) { - SECURITY_LOG_ERROR("SelectDslmCredType, GetSelfDevice failed"); - return ERR_INVALID_PARA; - } - - // is self - if (memcmp(device->identity, deviceSelf->identity, deviceSelf->length) == 0) { + (void)device; + (void)obj; + if (HksAttestIsReadyAdapter() != SUCCESS) { *type = CRED_TYPE_SMALL; - return SUCCESS; } - */ *type = CRED_TYPE_STANDARD; return SUCCESS; } diff --git a/test/dslm_test.cpp b/test/dslm_test.cpp index fb8a66a..768bcec 100644 --- a/test/dslm_test.cpp +++ b/test/dslm_test.cpp @@ -530,7 +530,6 @@ HWTEST_F(DslmTest, InitSelfDeviceSecureLevel_case1, TestSize.Level1) mockMsg.MakeSelfDeviceId(&device); mockMsg.MakeMsgLoopback(); EXPECT_CALL(mockMsg, GetSelfDeviceIdentify(_, _, _)).Times(AtLeast(1)); - EXPECT_CALL(mockMsg, SendMsgTo(_, _, _, _, _)).Times(AtLeast(1)); InitSelfDeviceSecureLevel(); info = GetDslmDeviceInfo(&device); -- Gitee From c231b6e31293e4f0224714878194d892f70bc05e Mon Sep 17 00:00:00 2001 From: lwk <1076278852@qq.com> Date: Mon, 28 Feb 2022 11:50:37 +0800 Subject: [PATCH 3/5] fix: test modify Signed-off-by: lwk <1076278852@qq.com> --- oem_property/ohos/impl/dslm_ohos_init.c | 13 ++----- oem_property/ohos/impl/dslm_ohos_verify.c | 44 +++-------------------- oem_property/ohos/impl/dslm_ohos_verify.h | 2 ++ 3 files changed, 8 insertions(+), 51 deletions(-) diff --git a/oem_property/ohos/impl/dslm_ohos_init.c b/oem_property/ohos/impl/dslm_ohos_init.c index edf6a10..3a7b195 100644 --- a/oem_property/ohos/impl/dslm_ohos_init.c +++ b/oem_property/ohos/impl/dslm_ohos_init.c @@ -33,20 +33,11 @@ int32_t InitOhosDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo) return ret; } - // small type - DslmCredBuff *credBuff = CreateDslmCred(CRED_TYPE_SMALL, strlen(credStr), (uint8_t*)credStr); - if (credBuff == NULL) { - SECURITY_LOG_ERROR("InitOhosDslmCred, CreateDslmCred failed"); - return ERR_MEMORY_ERR; - } - - uint64_t tmpChallenge = 123456; - ret = VerifyOhosDslmCred(device, tmpChallenge, credBuff, credInfo); + ret = VerifyCredData(credStr, credInfo); if (ret != SUCCESS) { - SECURITY_LOG_ERROR("InitOhosDslmCred, VerifyOhosDslmCred failed!"); + SECURITY_LOG_ERROR("InitOhosDslmCred, VerifyCredData failed!"); return ret; } - SECURITY_LOG_INFO("InitOhosDslmCred success!"); return SUCCESS; } \ No newline at end of file diff --git a/oem_property/ohos/impl/dslm_ohos_verify.c b/oem_property/ohos/impl/dslm_ohos_verify.c index ceea3f2..76ad866 100644 --- a/oem_property/ohos/impl/dslm_ohos_verify.c +++ b/oem_property/ohos/impl/dslm_ohos_verify.c @@ -203,34 +203,6 @@ static int32_t GetCredPayloadInfo(const char *credPayload, DslmCredInfo *credInf return ERR_GET_CLOUD_CRED_INFO; } -static int32_t GenerateDeviceUdid(const char *manufacture, const char *productModel, const char *serialNum, - char *udidStr, uint32_t MaxLen) -{ - uint32_t manufactureLen = strlen(manufacture); - uint32_t productModelLen = strlen(productModel); - uint32_t serialNumLen = strlen(serialNum); - - uint32_t dataLen = manufactureLen + productModelLen + serialNumLen; - char *data = (char *)MALLOC(dataLen + 1); - - if (strcat_s(data, dataLen + 1, manufacture) != EOK) { - return ERR_INVALID_PARA; - } - if (strcat_s(data, dataLen + 1, productModel) != EOK) { - return ERR_INVALID_PARA; - } - if (strcat_s(data, dataLen + 1, serialNum) != EOK) { - return ERR_INVALID_PARA; - } - - uint8_t hashResult[SHA_256_HASH_RESULT_LEN] = {0}; - CallHashSha256((uint8_t *)data, dataLen, hashResult); - - ByteToHexString(hashResult, SHA_256_HASH_RESULT_LEN, (uint8_t *)udidStr, UDID_STRING_LENGTH); - - return 0; -} - static int32_t CheckCredInfo(const struct DeviceIdentify *device, const DslmCredInfo *info) { SECURITY_LOG_DEBUG("CheckCredInfo start!"); @@ -242,17 +214,6 @@ static int32_t CheckCredInfo(const struct DeviceIdentify *device, const DslmCred if (memcmp((char *)device->identity, info->udid, strlen(info->udid)) == 0) { return SUCCESS; } - - char udidStr[UDID_STRING_LENGTH] = {0}; - const char *serialStr = GetSerial(); - if (serialStr == NULL) { - return ERR_INVALID_PARA; - } - - GenerateDeviceUdid(info->manufacture, info->model, serialStr, udidStr, UDID_STRING_LENGTH); - if (strcasecmp(udidStr, info->udid) == 0) { - return SUCCESS; - } return ERR_CHECK_CRED_INFO; } SECURITY_LOG_DEBUG("CheckCredInfo SUCCESS!"); @@ -575,8 +536,11 @@ static void FreeCredData(struct CredData *credData) (void)memset_s(credData, sizeof(struct CredData), 0, sizeof(struct CredData)); } -static int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo) +int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo) { + if (credStr == NULL || credInfo == NULL) { + return ERR_INVALID_PARA; + } struct CredData credData; (void)memset_s(&credData, sizeof(struct CredData), 0, sizeof(struct CredData)); diff --git a/oem_property/ohos/impl/dslm_ohos_verify.h b/oem_property/ohos/impl/dslm_ohos_verify.h index bc5d54e..acb0971 100644 --- a/oem_property/ohos/impl/dslm_ohos_verify.h +++ b/oem_property/ohos/impl/dslm_ohos_verify.h @@ -25,6 +25,8 @@ extern "C" { #endif +int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo); + int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo); -- Gitee From bee63a0b8b83a775b75a7c5af11aa79981de14c1 Mon Sep 17 00:00:00 2001 From: lwk <1076278852@qq.com> Date: Mon, 28 Feb 2022 14:59:03 +0800 Subject: [PATCH 4/5] fix: test modify Signed-off-by: lwk <1076278852@qq.com> --- common/include/dslm_cred.h | 2 +- oem_property/ohos/impl/dslm_ohos_init.c | 2 +- oem_property/ohos/impl/dslm_ohos_init.h | 2 +- services/common/dslm_crypto.c | 8 -------- services/dslm/dslm_core_process.c | 2 +- services/dslm/dslm_credential.c | 4 ++-- services/dslm/dslm_credential.h | 2 +- services/include/dslm_crypto.h | 1 - 8 files changed, 7 insertions(+), 16 deletions(-) diff --git a/common/include/dslm_cred.h b/common/include/dslm_cred.h index bfef271..e33c36f 100644 --- a/common/include/dslm_cred.h +++ b/common/include/dslm_cred.h @@ -66,7 +66,7 @@ typedef struct DslmCredBuff { uint8_t *credVal; } DslmCredBuff; -typedef int32_t InitDslmCredFunc(const DeviceIdentify *device, DslmCredInfo *credInfo); +typedef int32_t InitDslmCredFunc(DslmCredInfo *credInfo); typedef int32_t RequestDslmCredFunc(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff); typedef int32_t VerifyDslmCredFunc(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, diff --git a/oem_property/ohos/impl/dslm_ohos_init.c b/oem_property/ohos/impl/dslm_ohos_init.c index 3a7b195..027e221 100644 --- a/oem_property/ohos/impl/dslm_ohos_init.c +++ b/oem_property/ohos/impl/dslm_ohos_init.c @@ -23,7 +23,7 @@ #define DSLM_CRED_STR_LEN_MAX 4096 -int32_t InitOhosDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo) +int32_t InitOhosDslmCred(DslmCredInfo *credInfo) { SECURITY_LOG_INFO("Invoke InitOhosDslmCred"); char credStr[DSLM_CRED_STR_LEN_MAX] = {0}; diff --git a/oem_property/ohos/impl/dslm_ohos_init.h b/oem_property/ohos/impl/dslm_ohos_init.h index 63cad55..854b3d9 100644 --- a/oem_property/ohos/impl/dslm_ohos_init.h +++ b/oem_property/ohos/impl/dslm_ohos_init.h @@ -25,7 +25,7 @@ extern "C" { #endif -int32_t InitOhosDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo); +int32_t InitOhosDslmCred(DslmCredInfo *credInfo); #ifdef __cplusplus } diff --git a/services/common/dslm_crypto.c b/services/common/dslm_crypto.c index 4b8889e..d1c5c71 100644 --- a/services/common/dslm_crypto.c +++ b/services/common/dslm_crypto.c @@ -80,12 +80,4 @@ int32_t EcdsaVerify(const struct DataBuffer *srcData, const struct DataBuffer *s EVP_PKEY_free(pkey); EVP_MD_CTX_free(ctx); return ret; -} - -void CallHashSha256(const uint8_t *data, uint32_t dataLen, uint8_t *out) -{ - SHA256_CTX sctx; - SHA256_Init(&sctx); - SHA256_Update(&sctx, data, dataLen); - SHA256_Final(out, &sctx); } \ No newline at end of file diff --git a/services/dslm/dslm_core_process.c b/services/dslm/dslm_core_process.c index 9c4a6dc..4e7f129 100644 --- a/services/dslm/dslm_core_process.c +++ b/services/dslm/dslm_core_process.c @@ -203,7 +203,7 @@ bool InitSelfDeviceSecureLevel(void) return true; } - int32_t ret = DefaultInitDslmCred(device, &info->credInfo); + int32_t ret = DefaultInitDslmCred(&info->credInfo); if (ret == SUCCESS && info->credInfo.credLevel > 0) { return true; } diff --git a/services/dslm/dslm_credential.c b/services/dslm/dslm_credential.c index 6454b2b..e07ba49 100644 --- a/services/dslm/dslm_credential.c +++ b/services/dslm/dslm_credential.c @@ -64,12 +64,12 @@ int32_t DefaultVerifyDslmCred(const DeviceIdentify *device, uint64_t challenge, return -1; } -int32_t DefaultInitDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo) +int32_t DefaultInitDslmCred(DslmCredInfo *credInfo) { ProcessDslmCredFunctions *cb = GetFunctionCb(); InitDslmCredFunc *init = cb->initFunc; if (init != NULL) { - return init(device, credInfo); + return init(credInfo); } SECURITY_LOG_INFO("invoke DefaultInitDslmCred"); return -1; diff --git a/services/dslm/dslm_credential.h b/services/dslm/dslm_credential.h index 491ec5f..cca9634 100644 --- a/services/dslm/dslm_credential.h +++ b/services/dslm/dslm_credential.h @@ -29,7 +29,7 @@ int32_t DefaultRequestDslmCred(const DeviceIdentify *device, const RequestObject int32_t DefaultVerifyDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo); -int32_t DefaultInitDslmCred(const DeviceIdentify *device, DslmCredInfo *credInfo); +int32_t DefaultInitDslmCred(DslmCredInfo *credInfo); int32_t GetSupportedCredTypes(CredType *list, uint32_t len); diff --git a/services/include/dslm_crypto.h b/services/include/dslm_crypto.h index 32ea666..ed14f63 100644 --- a/services/include/dslm_crypto.h +++ b/services/include/dslm_crypto.h @@ -41,7 +41,6 @@ struct DataBuffer { void GenerateRandom(RandomValue *rand, uint32_t length); int32_t EcdsaVerify(const struct DataBuffer *srcData, const struct DataBuffer *sigData, const struct DataBuffer *pbkData, uint32_t algorithm); -void CallHashSha256(const uint8_t *data, uint32_t dataLen, uint8_t *out); #ifdef __cplusplus } -- Gitee From c7ed61eefe086b4ffa9ecd0f8de1011d9bb2681d Mon Sep 17 00:00:00 2001 From: lwk <1076278852@qq.com> Date: Mon, 28 Feb 2022 16:11:13 +0800 Subject: [PATCH 5/5] fix: test modify Signed-off-by: lwk <1076278852@qq.com> --- oem_property/ohos/impl/dslm_ohos_request.c | 50 ++++++------ oem_property/ohos/impl/dslm_ohos_verify.c | 92 +++++++++++----------- 2 files changed, 71 insertions(+), 71 deletions(-) diff --git a/oem_property/ohos/impl/dslm_ohos_request.c b/oem_property/ohos/impl/dslm_ohos_request.c index 88d9120..5667b66 100644 --- a/oem_property/ohos/impl/dslm_ohos_request.c +++ b/oem_property/ohos/impl/dslm_ohos_request.c @@ -33,31 +33,6 @@ #define DEVAUTH_JSON_KEY_CHALLENGE "challenge" #define DEVAUTH_JSON_KEY_PKINFO_LIST "pkInfoList" -int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen) -{ - if (credStr == NULL || maxLen == 0) { - return ERR_INVALID_PARA; - } - FILE *fp = NULL; - fp = fopen(DSLM_CRED_CFG_FILE_POSITION, "r"); - if (fp == NULL) { - SECURITY_LOG_ERROR("fopen cred file failed!"); - return ERR_INVALID_PARA; - } - int32_t ret = fscanf_s(fp, "%s", credStr, maxLen); - if (ret == -1) { - SECURITY_LOG_ERROR("fscanf_s cred file failed!"); - ret = ERR_INVALID_PARA; - } else { - ret = SUCCESS; - } - if (fclose(fp) != 0) { - SECURITY_LOG_ERROR("fclose cred file failed!"); - ret = ERR_INVALID_PARA; - } - return ret; -} - static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListStr, char **nounceStr) { JsonHandle json = CreateJson(NULL); @@ -166,6 +141,31 @@ static int32_t RequestStandardDslmCred(const DeviceIdentify *device, const Reque return SUCCESS; } +int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen) +{ + if (credStr == NULL || maxLen == 0) { + return ERR_INVALID_PARA; + } + FILE *fp = NULL; + fp = fopen(DSLM_CRED_CFG_FILE_POSITION, "r"); + if (fp == NULL) { + SECURITY_LOG_ERROR("fopen cred file failed!"); + return ERR_INVALID_PARA; + } + int32_t ret = fscanf_s(fp, "%s", credStr, maxLen); + if (ret == -1) { + SECURITY_LOG_ERROR("fscanf_s cred file failed!"); + ret = ERR_INVALID_PARA; + } else { + ret = SUCCESS; + } + if (fclose(fp) != 0) { + SECURITY_LOG_ERROR("fclose cred file failed!"); + ret = ERR_INVALID_PARA; + } + return ret; +} + int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *obj, DslmCredBuff **credBuff) { SECURITY_LOG_INFO("Invoke RequestOhosDslmCred"); diff --git a/oem_property/ohos/impl/dslm_ohos_verify.c b/oem_property/ohos/impl/dslm_ohos_verify.c index 76ad866..6435e10 100644 --- a/oem_property/ohos/impl/dslm_ohos_verify.c +++ b/oem_property/ohos/impl/dslm_ohos_verify.c @@ -536,52 +536,6 @@ static void FreeCredData(struct CredData *credData) (void)memset_s(credData, sizeof(struct CredData), 0, sizeof(struct CredData)); } -int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo) -{ - if (credStr == NULL || credInfo == NULL) { - return ERR_INVALID_PARA; - } - struct CredData credData; - (void)memset_s(&credData, sizeof(struct CredData), 0, sizeof(struct CredData)); - - int32_t ret = ERR_DEFAULT; - do { - // 1. Parse Cred. - ret = ParseCredData(credStr, &credData); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("ParseCredData failed!"); - break; - } - - // 2. Verify public key chain, get root public key. - ret = VerifyCredPubKeyChain(&credData.pbkChain[0]); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("verifyCredPubKeyChain failed!"); - break; - } - - // 3. Verify source data by root public key. - ret = VerifyCredPayload(credStr, &credData); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("verifyCredPayload failed!"); - break; - } - - // 4. Parse cred payload. - ret = GetCredPayloadInfo(credData.payload, credInfo); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("VerifyCredData success!"); - break; - } - } while (0); - - FreeCredData(&credData); - if (ret == SUCCESS) { - SECURITY_LOG_INFO("VerifyCredData SUCCESS!"); - } - return ret; -} - static int32_t verifySmallDslmCred(const DeviceIdentify *device, const DslmCredBuff *credBuff, DslmCredInfo *credInfo) { char credStr[DSLM_CRED_STR_LEN_MAX] = {0}; @@ -651,6 +605,52 @@ static int32_t verifyStandardDslmCred(const DeviceIdentify *device, uint64_t cha return ret; } +int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo) +{ + if (credStr == NULL || credInfo == NULL) { + return ERR_INVALID_PARA; + } + struct CredData credData; + (void)memset_s(&credData, sizeof(struct CredData), 0, sizeof(struct CredData)); + + int32_t ret = ERR_DEFAULT; + do { + // 1. Parse Cred. + ret = ParseCredData(credStr, &credData); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("ParseCredData failed!"); + break; + } + + // 2. Verify public key chain, get root public key. + ret = VerifyCredPubKeyChain(&credData.pbkChain[0]); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("verifyCredPubKeyChain failed!"); + break; + } + + // 3. Verify source data by root public key. + ret = VerifyCredPayload(credStr, &credData); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("verifyCredPayload failed!"); + break; + } + + // 4. Parse cred payload. + ret = GetCredPayloadInfo(credData.payload, credInfo); + if (ret != SUCCESS) { + SECURITY_LOG_ERROR("VerifyCredData success!"); + break; + } + } while (0); + + FreeCredData(&credData); + if (ret == SUCCESS) { + SECURITY_LOG_INFO("VerifyCredData SUCCESS!"); + } + return ret; +} + int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo) { -- Gitee