diff --git a/common/include/dslm_cred.h b/common/include/dslm_cred.h index 94094ff392a1c9a324b0758616cd4ce165f459bf..ba4b1d00f30ca4bdac91ec132814e5a655e1b782 100644 --- a/common/include/dslm_cred.h +++ b/common/include/dslm_cred.h @@ -39,6 +39,7 @@ typedef enum { } CredType; typedef struct DslmCredInfo { + CredType credType; // the parsed and validated type value char version[CRED_INFO_VERSION_LEN]; // the cred version char type[CRED_INFO_TYPE_LEN]; // debug or release char signTime[CRED_INFO_SIGNTIME_LEN]; @@ -48,7 +49,6 @@ typedef struct DslmCredInfo { char brand[CRED_INFO_BRAND_LEN]; char securityLevel[CRED_INFO_LEVEL_LEN]; char softwareVersion[CRED_INFO_SOFTVERSION_LEN]; - CredType credType; // the parsed and validated type value, assigned only after verification. uint32_t credLevel; // the parsed level value, assigned only after verification. } DslmCredInfo; diff --git a/interfaces/inner_api/include/device_security_defines.h b/interfaces/inner_api/include/device_security_defines.h index 69bd6e800fd61d1d39d1146ca253436310fb3244..74470b582908cc5fca5c14071e88abe78e53ce34 100644 --- a/interfaces/inner_api/include/device_security_defines.h +++ b/interfaces/inner_api/include/device_security_defines.h @@ -52,7 +52,7 @@ enum { ERR_NO_CRED = 6, ERR_SA_BUSY = 7, ERR_TIMEOUT = 8, - ERR_NOEXIST_REQUEST = 9, + ERR_NO_EXIST_REQUEST = 9, ERR_INVALID_VERSION = 10, ERR_OEM_ERR = 11, ERR_HUKS_ERR = 12, @@ -81,12 +81,12 @@ enum { ERR_PROFILE_CONNECT_ERR = 35, ERR_MSG_OPEN_SESSION = 36, ERR_QUERY_WAITING = 37, - ERR_NOEXIST_DEVICE = 38, - ERR_NOEXIST_COMMON_PK_INFO = 39, + ERR_NO_EXIST_DEVICE = 38, + ERR_NO_EXIST_COMMON_PK_INFO = 39, ERR_ECC_VERIFY_ERR = 40, ERR_GET_CLOUD_CRED_INFO = 41, ERR_CALL_EXTERNAL_FUNC = 42, - ERR_PARSE_NOUNCE = 43, + ERR_PARSE_NONCE = 43, ERR_ROOT_PUBKEY_NOT_RIGHT = 44, ERR_PARSE_CLOUD_CRED_DATA = 45, ERR_PARSE_PUBKEY_CHAIN = 46, diff --git a/oem_property/common/BUILD.gn b/oem_property/common/BUILD.gn index 90946ad9a2750fb3db7a3d8c4b09b99d5260d560..832205b26985e5a5bee637a1c0acbe2fc8c4745d 100644 --- a/oem_property/common/BUILD.gn +++ b/oem_property/common/BUILD.gn @@ -13,7 +13,7 @@ import("//build/ohos.gni") -# service_msg object +# oem common object ohos_source_set("oem_common_obj") { sources = [ "dslm_credential_utils.c" ] diff --git a/oem_property/common/dslm_credential_utils.c b/oem_property/common/dslm_credential_utils.c index 48040441624002e02716ef27e06710dd33a220a1..0bd18364e8f34e47505cae2a31b4b7c60597ec17 100644 --- a/oem_property/common/dslm_credential_utils.c +++ b/oem_property/common/dslm_credential_utils.c @@ -79,7 +79,7 @@ static bool CreateCredentialCb(const char *credentialString, CredentialCb *credC static bool VerifyCredentialCb(const CredentialCb *credCb); static void MovePublicKeysToAttestationList(CredentialCb *credCb, AttestationList *list); -static void CredentialCbToDslmCredInfo(CredentialCb *credCb, DslmCredInfo *credInfo); +static void CredentialCbToDslmCredInfo(CredentialCb *credCb, DslmCredInfo *credInfo, bool verified); static void DestroyCredentialCb(CredentialCb *credCb); @@ -95,7 +95,7 @@ int32_t EcdsaVerify(const struct DataBuffer *srcData, const struct DataBuffer *s int32_t VerifyDslmCredential(const char *credentialString, DslmCredInfo *credentialInfo, AttestationList *list) { - if (credentialString == NULL || credentialInfo == NULL || list == NULL) { + if (credentialString == NULL || credentialInfo == NULL) { SECURITY_LOG_ERROR("VerifyDslmCredential input error"); return ERR_PARSE_CLOUD_CRED_DATA; } @@ -106,8 +106,9 @@ int32_t VerifyDslmCredential(const char *credentialString, DslmCredInfo *credent SECURITY_LOG_ERROR("CredentialStringToCredentialCb error"); return ERR_PARSE_CLOUD_CRED_DATA; } - CredentialCbToDslmCredInfo(&credentialCb, credentialInfo); + ret = VerifyCredentialCb(&credentialCb); + CredentialCbToDslmCredInfo(&credentialCb, credentialInfo, ret); if (!ret) { SECURITY_LOG_ERROR("VerifyCredentialCb error"); DestroyCredentialCb(&credentialCb); @@ -470,7 +471,7 @@ static int32_t GetDataFromJson(JsonHandle json, const char *paramKey, char *dest return SUCCESS; } -static void CredentialCbToDslmCredInfo(CredentialCb *credCb, DslmCredInfo *credInfo) +static void CredentialCbToDslmCredInfo(CredentialCb *credCb, DslmCredInfo *credInfo, bool verified) { if (credCb == NULL || credInfo == NULL) { return; @@ -499,6 +500,10 @@ static void CredentialCbToDslmCredInfo(CredentialCb *credCb, DslmCredInfo *credI (void)GetDataFromJson(json, CRED_KEY_SIGN_TIME, credInfo->signTime, CRED_INFO_SIGNTIME_LEN); (void)GetDataFromJson(json, CRED_KEY_SECURITY_LEVEL, credInfo->securityLevel, CRED_INFO_LEVEL_LEN); + if (verified) { + (void)sscanf_s(credInfo->securityLevel, "SL%d", &credInfo->credLevel); + } + FREE(buffer); DestroyJson(json); } diff --git a/oem_property/ohos/BUILD.gn b/oem_property/ohos/BUILD.gn index a1162a27928bd9915398d480a51d3382b6110459..5e2b1033d3e7d66a1e8c947ce63418d28fd136c6 100644 --- a/oem_property/ohos/BUILD.gn +++ b/oem_property/ohos/BUILD.gn @@ -50,11 +50,13 @@ ohos_source_set("dslm_ohos_cred_obj") { "//base/security/device_security_level/common/include", "//base/security/device_security_level/interfaces/inner_api/include", "//base/security/device_security_level/services/include", + "//base/security/device_security_level/oem_property/common", "//base/security/deviceauth/interfaces/innerkits", ] deps = [ "//base/security/device_security_level/baselib/utils:utils_static", + "//base/security/device_security_level/oem_property/common:oem_common_obj", "//base/security/deviceauth/services:deviceauth_sdk", ] @@ -62,7 +64,6 @@ ohos_source_set("dslm_ohos_cred_obj") { "deviceauth_standard:deviceauth_sdk", "hilog_native:libhilog", "huks:libhukssdk", - "startup_l2:syspara", "utils_base:utils", ] diff --git a/oem_property/ohos/impl/dslm_ohos_init.c b/oem_property/ohos/impl/dslm_ohos_init.c index 67728079a5e7ced9af611d08620a02f12bea7f35..bbef123dbaf8bbb56ea2664f85e99b42dc7190f1 100644 --- a/oem_property/ohos/impl/dslm_ohos_init.c +++ b/oem_property/ohos/impl/dslm_ohos_init.c @@ -14,13 +14,15 @@ */ #include "dslm_ohos_init.h" -#include "dslm_ohos_request.h" -#include "dslm_ohos_verify.h" #include #include "utils_log.h" +#include "dslm_credential_utils.h" +#include "dslm_ohos_request.h" +#include "dslm_ohos_verify.h" + #define DSLM_CRED_STR_LEN_MAX 4096 int32_t InitOhosDslmCred(DslmCredInfo *credInfo) @@ -33,7 +35,7 @@ int32_t InitOhosDslmCred(DslmCredInfo *credInfo) return ret; } - ret = VerifyCredData(credStr, credInfo); + ret = VerifyDslmCredential(credStr, credInfo, NULL); if (ret != SUCCESS) { SECURITY_LOG_ERROR("InitOhosDslmCred, VerifyCredData failed!"); return ret; diff --git a/oem_property/ohos/impl/dslm_ohos_request.c b/oem_property/ohos/impl/dslm_ohos_request.c index f26470502d62e8fc55256106126b717bd0932412..a9dd4c7c365f9556f42534cdd126868c08326e39 100644 --- a/oem_property/ohos/impl/dslm_ohos_request.c +++ b/oem_property/ohos/impl/dslm_ohos_request.c @@ -33,7 +33,7 @@ #define DEVAUTH_JSON_KEY_CHALLENGE "challenge" #define DEVAUTH_JSON_KEY_PKINFO_LIST "pkInfoList" -static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListStr, char **nounceStr) +static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListStr, char **nonceStr) { JsonHandle json = CreateJson(NULL); if (json == NULL) { @@ -47,8 +47,8 @@ static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListSt AddFieldStringToJson(json, DEVAUTH_JSON_KEY_PKINFO_LIST, pkInfoListStr); // tran to json - *nounceStr = (char *)ConvertJsonToString(json); - if (*nounceStr == NULL) { + *nonceStr = (char *)ConvertJsonToString(json); + if (*nonceStr == NULL) { DestroyJson(json); return ERR_JSON_ERR; } @@ -60,7 +60,7 @@ static int32_t GenerateDslmCertChain(const DeviceIdentify *device, const Request uint8_t **certChain, uint32_t *certChainLen) { char *pkInfoListStr = NULL; - char *nounceStr = NULL; + char *nonceStr = NULL; char challengeStr[CHALLENGE_STRING_LENGTH] = {0}; ByteToHexString((uint8_t *)&(obj->challenge), sizeof(obj->challenge), (uint8_t *)challengeStr, CHALLENGE_STRING_LENGTH); @@ -76,12 +76,12 @@ static int32_t GenerateDslmCertChain(const DeviceIdentify *device, const Request break; } - ret = TransToJsonStr(challengeStr, pkInfoListStr, &nounceStr); + ret = TransToJsonStr(challengeStr, pkInfoListStr, &nonceStr); if (ret != SUCCESS) { SECURITY_LOG_ERROR("TransToJsonStr failed"); break; } - struct DslmInfoInCertChain saveInfo = {.credStr = credStr, .nounceStr = nounceStr, .udidStr = udidStr}; + struct DslmInfoInCertChain saveInfo = {.credStr = credStr, .nonceStr = nonceStr, .udidStr = udidStr}; ret = DslmCredAttestAdapter(&saveInfo, certChain, certChainLen); if (ret != SUCCESS) { SECURITY_LOG_ERROR("DslmCredAttestAdapter failed"); @@ -92,8 +92,8 @@ static int32_t GenerateDslmCertChain(const DeviceIdentify *device, const Request if (pkInfoListStr != NULL) { FREE(pkInfoListStr); } - if (nounceStr != NULL) { - FREE(nounceStr); + if (nonceStr != NULL) { + FREE(nonceStr); } return ret; } diff --git a/oem_property/ohos/impl/dslm_ohos_verify.c b/oem_property/ohos/impl/dslm_ohos_verify.c index 3ce9e134e2013c32e2ec2944088a3b65249edaf6..3241d85adfca1585dc3e34a2232262825a36d811 100644 --- a/oem_property/ohos/impl/dslm_ohos_verify.c +++ b/oem_property/ohos/impl/dslm_ohos_verify.c @@ -18,47 +18,19 @@ #include #include -#include "dslm_crypto.h" -#include "external_interface_adapter.h" -#include "parameter.h" -#include "utils_base64.h" #include "utils_hexstring.h" #include "utils_json.h" #include "utils_log.h" #include "utils_mem.h" -#define OHOS_DEFAULT_LEVEL 1 - -#define DEVICE_LEVEL_CRED_TYPE_CRED_CLOUD_WITH_HUKS 100 +#include "dslm_credential_utils.h" +#include "external_interface_adapter.h" #define UDID_STRING_LENGTH 65 -#define SHA_256_HASH_RESULT_LEN 32 - -#define PBK_CHAIN_LEVEL 3 -#define PBK_CHAIN_THIRD_KEY_INDEX 2 - -#define JSON_KEY_USER_PUBLIC_KEY "userPublicKey" -#define JSON_KEY_SIGNATURE "signature" -#define JSON_KEY_ALGORITHM "algorithm" - -#define SEC_LEVEL_STR_LEN 3 // "SL0" -#define CRED_SEC_LEVEL_MIN 1 -#define CRED_SEC_LEVEL_MAX 5 - #define CRED_MAX_LEVEL_TYPE_SMALL 2 #define CRED_MAX_LEVEL_TYPE_STANDARD 5 -#define CRED_KEY_CRED_VERSION "version" -#define CRED_KEY_MANUFACTURE "manufacture" -#define CRED_KEY_MODEL_NAME "model" -#define CRED_KEY_BRAND "brand" -#define CRED_KEY_OS_VERSION "softwareVersion" -#define CRED_KEY_UDID "udid" -#define CRED_KEY_TYPE "type" -#define CRED_KEY_SIGN_TIME "signTime" -#define CRED_KEY_SECURITY_LEVEL "securityLevel" - #define CRED_VALUE_TYPE_DEBUG "debug" #define CRED_VALUE_TYPE_RELEASE "release" @@ -70,142 +42,6 @@ struct NounceOfCertChain { uint32_t pbkInfoListLen; }; -struct PbkChain { - struct DataBuffer src; - struct DataBuffer sig; - struct DataBuffer pbk; - uint32_t algorithm; -}; - -struct CredData { - char *credPtr; - const char *header; - const char *payload; - const char *signature; - const char *attestionInfo; - struct PbkChain pbkChain[PBK_CHAIN_LEVEL]; -}; - -static int32_t GetSecLevelFromString(const char *data, uint32_t dataLen, uint32_t *securityLevel) -{ - if (data == NULL || dataLen != SEC_LEVEL_STR_LEN) { - return ERR_INVALID_PARA; - } - if (memcmp(data, "SL", SEC_LEVEL_STR_LEN - 1) != 0) { - return ERR_INVALID_PARA; - } - int32_t num = data[SEC_LEVEL_STR_LEN - 1] - '0'; - if (num < CRED_SEC_LEVEL_MIN || num > CRED_SEC_LEVEL_MAX) { - return ERR_INVALID_PARA; - } - *securityLevel = num; - return SUCCESS; -} - -static int32_t GetAlgorithmType(const char *data, uint32_t dataLen, uint32_t *algorithm) -{ - if (data == NULL || dataLen == 0) { - return ERR_INVALID_PARA; - } - if (strncmp(data, "SHA384withECDSA", strlen("SHA384withECDSA")) == 0) { - *algorithm = TYPE_ECDSA_SHA_384; - } else if (strncmp(data, "SHA256withECDSA", strlen("SHA256withECDSA")) == 0) { - *algorithm = TYPE_ECDSA_SHA_256; - } else { - return ERR_INVALID_PARA; - } - return SUCCESS; -} - -static int32_t CopyParamDataFromJson(const JsonHandle json, const char *paramKey, char *dest, uint32_t destLen) -{ - const char *tempData = GetJsonFieldString(json, paramKey); - if (tempData == NULL) { - return ERR_INVALID_PARA; - } - if (strcpy_s(dest, destLen, tempData) != EOK) { - return ERR_MEMORY_ERR; - } - return SUCCESS; -} - -static int32_t GetCredPayloadInfo(const char *credPayload, DslmCredInfo *credInfo) -{ - uint8_t *buffer = NULL; - Base64DecodeApp((uint8_t *)credPayload, &buffer); - if (buffer == NULL) { - return ERR_INVALID_PARA; - } - JsonHandle json = CreateJson((char *)buffer); - if (json == NULL) { - FREE(buffer); - return ERR_INVALID_PARA; - } - FREE(buffer); - buffer = NULL; - - do { - credInfo->credType = DEVICE_LEVEL_CRED_TYPE_CRED_CLOUD_WITH_HUKS; - - // get security level - if (CopyParamDataFromJson(json, CRED_KEY_SECURITY_LEVEL, credInfo->securityLevel, CRED_INFO_LEVEL_LEN) != - SUCCESS) { - SECURITY_LOG_ERROR("get securityLevel failed!"); - break; - } - if (GetSecLevelFromString(credInfo->securityLevel, strlen(credInfo->securityLevel), &(credInfo->credLevel)) != - SUCCESS) { - SECURITY_LOG_ERROR("get credLevel failed!"); - break; - } - - // get type, debug or release - if (CopyParamDataFromJson(json, CRED_KEY_TYPE, credInfo->type, CRED_INFO_TYPE_LEN) != SUCCESS) { - SECURITY_LOG_ERROR("get type failed!"); - break; - } - - // get cred version. The following data is not important, so continue even it fails. - if (CopyParamDataFromJson(json, CRED_KEY_CRED_VERSION, credInfo->version, CRED_INFO_VERSION_LEN) != SUCCESS) { - SECURITY_LOG_ERROR("get version failed!"); - } - - // get udid, when type is debug - if (strncmp(credInfo->type, CRED_VALUE_TYPE_DEBUG, strlen(CRED_VALUE_TYPE_DEBUG)) == 0) { - if (CopyParamDataFromJson(json, CRED_KEY_UDID, credInfo->udid, CRED_INFO_UDID_LEN) != SUCCESS) { - SECURITY_LOG_ERROR("get udid failed!"); - } - } - - // get signTime - if (CopyParamDataFromJson(json, CRED_KEY_SIGN_TIME, credInfo->signTime, CRED_INFO_SIGNTIME_LEN) != SUCCESS) { - SECURITY_LOG_ERROR("get signTime failed!"); - } - - // get manufacture - if (CopyParamDataFromJson(json, CRED_KEY_MANUFACTURE, credInfo->manufacture, CRED_INFO_MANU_LEN) != SUCCESS) { - SECURITY_LOG_ERROR("get manufacture failed!"); - } - - // get model - if (CopyParamDataFromJson(json, CRED_KEY_MODEL_NAME, credInfo->model, CRED_INFO_MODEL_LEN) != SUCCESS) { - SECURITY_LOG_ERROR("get model name failed!"); - } - - // get brand - if (CopyParamDataFromJson(json, CRED_KEY_BRAND, credInfo->brand, CRED_INFO_BRAND_LEN) != SUCCESS) { - SECURITY_LOG_ERROR("get brand failed!"); - } - - SECURITY_LOG_DEBUG("ParseCredPayload SUCCESS!"); - DestroyJson(json); - return SUCCESS; - } while (0); - - DestroyJson(json); - return ERR_GET_CLOUD_CRED_INFO; -} - static int32_t CheckCredInfo(const struct DeviceIdentify *device, DslmCredInfo *info, uint32_t maxLevel) { SECURITY_LOG_DEBUG("CheckCredInfo start!"); @@ -228,7 +64,7 @@ static int32_t CheckCredInfo(const struct DeviceIdentify *device, DslmCredInfo * return SUCCESS; } -static int32_t ParseNounceOfCertChain(const char *jsonBuffer, struct NounceOfCertChain *nounce) +static int32_t ParseNounceOfCertChain(const char *jsonBuffer, struct NounceOfCertChain *nonce) { JsonHandle json = CreateJson(jsonBuffer); if (json == NULL) { @@ -239,31 +75,31 @@ static int32_t ParseNounceOfCertChain(const char *jsonBuffer, struct NounceOfCer const char *challengeStr = GetJsonFieldString(json, "challenge"); if (challengeStr == NULL) { DestroyJson(json); - return ERR_PARSE_NOUNCE; + return ERR_PARSE_NONCE; } int32_t ret = - HexStringToByte(challengeStr, strlen(challengeStr), (uint8_t *)&nounce->challenge, sizeof(nounce->challenge)); + HexStringToByte(challengeStr, strlen(challengeStr), (uint8_t *)&nonce->challenge, sizeof(nonce->challenge)); if (ret != SUCCESS) { DestroyJson(json); - return ERR_PARSE_NOUNCE; + return ERR_PARSE_NONCE; } // 2. Get PublicKey Info. const char *pkInfoListStr = GetJsonFieldString(json, "pkInfoList"); if (pkInfoListStr == NULL) { DestroyJson(json); - return ERR_PARSE_NOUNCE; + return ERR_PARSE_NONCE; } - nounce->pbkInfoList = (uint8_t *)MALLOC(strlen(pkInfoListStr) + 1); - if (nounce->pbkInfoList == NULL) { + nonce->pbkInfoList = (uint8_t *)MALLOC(strlen(pkInfoListStr) + 1); + if (nonce->pbkInfoList == NULL) { DestroyJson(json); return ERR_NO_MEMORY; } - ret = strcpy_s((char *)nounce->pbkInfoList, strlen(pkInfoListStr) + 1, pkInfoListStr); + ret = strcpy_s((char *)nonce->pbkInfoList, strlen(pkInfoListStr) + 1, pkInfoListStr); if (ret != EOK) { - FREE(nounce->pbkInfoList); - nounce->pbkInfoList = NULL; + FREE(nonce->pbkInfoList); + nonce->pbkInfoList = NULL; DestroyJson(json); return ERR_MEMORY_ERR; } @@ -271,16 +107,16 @@ static int32_t ParseNounceOfCertChain(const char *jsonBuffer, struct NounceOfCer return SUCCESS; } -static void FreeNounceOfCertChain(struct NounceOfCertChain *nounce) +static void FreeNounceOfCertChain(struct NounceOfCertChain *nonce) { - if (nounce == NULL) { + if (nonce == NULL) { return; } - if (nounce->pbkInfoList != NULL) { - FREE(nounce->pbkInfoList); - nounce->pbkInfoList = NULL; + if (nonce->pbkInfoList != NULL) { + FREE(nonce->pbkInfoList); + nonce->pbkInfoList = NULL; } - (void)memset_s(nounce, sizeof(struct NounceOfCertChain), 0, sizeof(struct NounceOfCertChain)); + (void)memset_s(nonce, sizeof(struct NounceOfCertChain), 0, sizeof(struct NounceOfCertChain)); } static int32_t FindCommonPkInfo(const char *bufferA, const char *bufferB) @@ -311,20 +147,20 @@ static int32_t FindCommonPkInfo(const char *bufferA, const char *bufferB) } DestroyJson(jsonA); DestroyJson(jsonB); - return ERR_NOEXIST_COMMON_PK_INFO; + return ERR_NO_EXIST_COMMON_PK_INFO; } -static int32_t CheckNounceOfCertChain(const struct NounceOfCertChain *nounce, uint64_t challenge, +static int32_t CheckNounceOfCertChain(const struct NounceOfCertChain *nonce, uint64_t challenge, const char *pbkInfoList) { - if (challenge != nounce->challenge) { - SECURITY_LOG_ERROR("compare nounce challenge failed!"); + if (challenge != nonce->challenge) { + SECURITY_LOG_ERROR("compare nonce challenge failed!"); return ERR_CHALLENGE_ERR; } - int32_t ret = FindCommonPkInfo((char *)pbkInfoList, (char *)nounce->pbkInfoList); + int32_t ret = FindCommonPkInfo((char *)pbkInfoList, (char *)nonce->pbkInfoList); if (ret != SUCCESS) { - SECURITY_LOG_ERROR("compare nounce public key info failed!"); + SECURITY_LOG_ERROR("compare nonce public key info failed!"); return ret; } return SUCCESS; @@ -333,8 +169,8 @@ static int32_t CheckNounceOfCertChain(const struct NounceOfCertChain *nounce, ui static int32_t VerifyNounceOfCertChain(const char *jsonStr, const struct DeviceIdentify *device, uint64_t challenge) { char *pkInfoListStr = NULL; - struct NounceOfCertChain nounce; - (void)memset_s(&nounce, sizeof(struct NounceOfCertChain), 0, sizeof(struct NounceOfCertChain)); + struct NounceOfCertChain nonce; + (void)memset_s(&nonce, sizeof(struct NounceOfCertChain), 0, sizeof(struct NounceOfCertChain)); char udidStr[UDID_STRING_LENGTH] = {0}; if (memcpy_s(udidStr, UDID_STRING_LENGTH, device->identity, device->length) != EOK) { @@ -343,7 +179,7 @@ static int32_t VerifyNounceOfCertChain(const char *jsonStr, const struct DeviceI int32_t ret = ERR_DEFAULT; do { - ret = ParseNounceOfCertChain(jsonStr, &nounce); + ret = ParseNounceOfCertChain(jsonStr, &nonce); if (ret != SUCCESS) { SECURITY_LOG_ERROR("ParseNounceOfCertChain failed!"); break; @@ -355,7 +191,7 @@ static int32_t VerifyNounceOfCertChain(const char *jsonStr, const struct DeviceI break; } - ret = CheckNounceOfCertChain(&nounce, challenge, pkInfoListStr); + ret = CheckNounceOfCertChain(&nonce, challenge, pkInfoListStr); if (ret != SUCCESS) { SECURITY_LOG_ERROR("CheckNounceOfCertChain failed!"); break; @@ -363,190 +199,11 @@ static int32_t VerifyNounceOfCertChain(const char *jsonStr, const struct DeviceI SECURITY_LOG_DEBUG("VerifyNounceOfCertChain success!"); } while (0); - FreeNounceOfCertChain(&nounce); + FreeNounceOfCertChain(&nonce); FREE(pkInfoListStr); return ret; } -static int32_t ParsePubKeyChain(const char *credAttestionInfo, uint32_t length, struct PbkChain *pbkChain) -{ - uint8_t *buffer = NULL; - Base64DecodeApp((uint8_t *)credAttestionInfo, &buffer); - if (buffer == NULL) { - return ERR_INVALID_PARA; - } - JsonHandle json = CreateJson((char *)buffer); - if (json == NULL) { - FREE(buffer); - return ERR_INVALID_PARA; - } - FREE(buffer); - if (GetJsonFieldJsonArraySize(json) != PBK_CHAIN_LEVEL) { - DestroyJson(json); - return ERR_JSON_ERR; - } - - JsonHandle item = NULL; - const char *srcMsg = NULL; - const char *sigMsg = NULL; - const char *pbkMsg = NULL; - const char *algMsg = NULL; - for (uint32_t i = 0; i < PBK_CHAIN_LEVEL; i++) { - item = GetJsonFieldJsonArray(json, PBK_CHAIN_LEVEL - i - 1); - pbkMsg = srcMsg; - srcMsg = GetJsonFieldString(item, JSON_KEY_USER_PUBLIC_KEY); - if (srcMsg == NULL) { - break; - } - sigMsg = GetJsonFieldString(item, JSON_KEY_SIGNATURE); - if (sigMsg == NULL) { - break; - } - algMsg = GetJsonFieldString(item, JSON_KEY_ALGORITHM); - if (algMsg == NULL) { - algMsg = "SHA384withECDSA"; - } - if (i == 0) { - pbkMsg = srcMsg; - } - pbkChain[i].src.length = (uint32_t)Base64UrlDecodeApp((uint8_t *)srcMsg, &(pbkChain[i].src.data)); - if (pbkChain[i].src.data == NULL) { - break; - } - pbkChain[i].sig.length = (uint32_t)Base64UrlDecodeApp((uint8_t *)sigMsg, &(pbkChain[i].sig.data)); - if (pbkChain[i].sig.data == NULL) { - break; - } - pbkChain[i].pbk.length = (uint32_t)Base64UrlDecodeApp((uint8_t *)pbkMsg, &(pbkChain[i].pbk.data)); - if (pbkChain[i].pbk.data == NULL) { - break; - } - if (GetAlgorithmType(algMsg, strlen(algMsg), &(pbkChain[i].algorithm)) != SUCCESS) { - SECURITY_LOG_ERROR("ParsePubKeyChain get type error"); - break; - } - - if (i == PBK_CHAIN_THIRD_KEY_INDEX) { - DestroyJson(json); - SECURITY_LOG_DEBUG("ParsePubKeyChain ok and return"); - return SUCCESS; - } - } - DestroyJson(json); - return ERR_PARSE_PUBKEY_CHAIN; -} - -static int32_t ParseCredData(const char *credStr, struct CredData *credData) -{ - char *context = NULL; - credData->header = strtok_s(credData->credPtr, ".", &context); - if (context == NULL) { - return ERR_PARSE_CLOUD_CRED_DATA; - } - credData->payload = strtok_s(NULL, ".", &context); - if (context == NULL) { - return ERR_PARSE_CLOUD_CRED_DATA; - } - credData->signature = strtok_s(NULL, ".", &context); - if (context == NULL) { - return ERR_PARSE_CLOUD_CRED_DATA; - } - credData->attestionInfo = strtok_s(NULL, ".", &context); - if (context == NULL) { - return ERR_PARSE_CLOUD_CRED_DATA; - } - return ParsePubKeyChain(credData->attestionInfo, strlen(credData->attestionInfo), &credData->pbkChain[0]); -} - -static int32_t VerifyCredPubKeyChain(const struct PbkChain *pbkChain) -{ - for (int i = 0; i < PBK_CHAIN_LEVEL; i++) { - if (EcdsaVerify(&(pbkChain[i].src), &(pbkChain[i].sig), &(pbkChain[i].pbk), pbkChain[i].algorithm) != SUCCESS) { - return ERR_ECC_VERIFY_ERR; - } - } - SECURITY_LOG_INFO("verifyCredPubKeyChain success!"); - return SUCCESS; -} - -static int32_t VerifyCredPayload(const char *cred, const struct CredData *credData) -{ - SECURITY_LOG_INFO("VerifyCredPayload start!"); - - uint32_t srcMsgLen = strlen(credData->header) + strlen(credData->payload) + 1; - char *srcMsg = (char *)MALLOC(srcMsgLen + 1); - if (srcMsg == NULL) { - return ERR_NO_MEMORY; - } - (void)memset_s(srcMsg, srcMsgLen + 1, 0, srcMsgLen + 1); - if (memcpy_s(srcMsg, srcMsgLen, cred, srcMsgLen) != EOK) { - FREE(srcMsg); - return ERR_MEMORY_ERR; - } - - struct DataBuffer srcData, sigData, pbkData; - srcData.data = (uint8_t *)srcMsg; - srcData.length = strlen(srcMsg); - pbkData.data = credData->pbkChain[PBK_CHAIN_THIRD_KEY_INDEX].src.data; - pbkData.length = credData->pbkChain[PBK_CHAIN_THIRD_KEY_INDEX].src.length; - sigData.length = (uint32_t)Base64UrlDecodeApp((uint8_t *)credData->signature, &(sigData.data)); - if (sigData.data == NULL) { - FREE(srcMsg); - return ERR_MEMORY_ERR; - } - - if (EcdsaVerify(&srcData, &sigData, &pbkData, TYPE_ECDSA_SHA_384) == SUCCESS || - EcdsaVerify(&srcData, &sigData, &pbkData, TYPE_ECDSA_SHA_256) == SUCCESS) { - SECURITY_LOG_INFO("VerifyCredPayload success!"); - FREE(srcMsg); - FREE(sigData.data); - return SUCCESS; - } - FREE(srcMsg); - FREE(sigData.data); - return ERR_ECC_VERIFY_ERR; -} - -static int32_t InitCredData(const char* credStr, struct CredData *credData) -{ - (void)memset_s(credData, sizeof(struct CredData), 0, sizeof(struct CredData)); - credData->credPtr = (char *)MALLOC(strlen(credStr) + 1); - if (credData->credPtr == NULL) { - return ERR_NO_MEMORY; - } - if (strcpy_s(credData->credPtr, strlen(credStr) + 1, credStr) != EOK) { - FREE(credData->credPtr); - return ERR_MEMORY_ERR; - } - return SUCCESS; -} - -static void FreeCredData(struct CredData *credData) -{ - if (credData == NULL) { - return; - } - if (credData->credPtr != NULL) { - FREE(credData->credPtr); - credData->credPtr = NULL; - } - for (uint32_t i = 0; i < PBK_CHAIN_LEVEL; i++) { - if (credData->pbkChain[i].src.data != NULL) { - FREE(credData->pbkChain[i].src.data); - credData->pbkChain[i].src.data = NULL; - } - if (credData->pbkChain[i].sig.data != NULL) { - FREE(credData->pbkChain[i].sig.data); - credData->pbkChain[i].sig.data = NULL; - } - if (credData->pbkChain[i].pbk.data != NULL) { - FREE(credData->pbkChain[i].pbk.data); - credData->pbkChain[i].pbk.data = NULL; - } - } - (void)memset_s(credData, sizeof(struct CredData), 0, sizeof(struct CredData)); -} - static int32_t verifySmallDslmCred(const DeviceIdentify *device, const DslmCredBuff *credBuff, DslmCredInfo *credInfo) { char credStr[DSLM_CRED_STR_LEN_MAX] = {0}; @@ -554,7 +211,7 @@ static int32_t verifySmallDslmCred(const DeviceIdentify *device, const DslmCredB return ERR_MEMORY_ERR; } - int32_t ret = VerifyCredData(credStr, credInfo); + int32_t ret = VerifyDslmCredential(credStr, credInfo, NULL); if (ret != SUCCESS) { SECURITY_LOG_ERROR("VerifyCredData failed!"); return ret; @@ -580,22 +237,22 @@ static int32_t verifyStandardDslmCred(const DeviceIdentify *device, uint64_t cha } do { - // 1. Verify the certificate chain, get data in the certificate chain(nounce + UDID + cred). + // 1. Verify the certificate chain, get data in the certificate chain(nonce + UDID + cred). ret = ValidateCertChainAdapter(credBuff->credVal, credBuff->credLen, &resultInfo); if (ret != SUCCESS) { SECURITY_LOG_ERROR("ValidateCertChainAdapter failed!"); break; } - // 2. Parses the NOUNCE into CHALLENGE and PK_INFO_LIST, verifies them separtely. - ret = VerifyNounceOfCertChain(resultInfo.nounceStr, device, challenge); + // 2. Parses the NONCE into CHALLENGE and PK_INFO_LIST, verifies them separtely. + ret = VerifyNounceOfCertChain(resultInfo.nonceStr, device, challenge); if (ret != SUCCESS) { SECURITY_LOG_ERROR("verifyNounceOfCertChain failed!"); break; } - // 3. The cred content is "
...", parse and vefity it. - ret = VerifyCredData(resultInfo.credStr, credInfo); + // 3. The cred content is "
...", parse and verify it. + ret = VerifyDslmCredential(resultInfo.credStr, credInfo, NULL); if (ret != SUCCESS) { SECURITY_LOG_ERROR("VerifyCredData failed!"); break; @@ -615,56 +272,6 @@ static int32_t verifyStandardDslmCred(const DeviceIdentify *device, uint64_t cha return ret; } -int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo) -{ - if (credStr == NULL || credInfo == NULL) { - return ERR_INVALID_PARA; - } - - struct CredData credData; - int32_t ret = InitCredData(credStr, &credData); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("InitCredData failed!"); - return ret; - } - - do { - // 1. Parse Cred. - ret = ParseCredData(credStr, &credData); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("ParseCredData failed!"); - break; - } - - // 2. Verify public key chain, get root public key. - ret = VerifyCredPubKeyChain(&credData.pbkChain[0]); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("verifyCredPubKeyChain failed!"); - break; - } - - // 3. Verify source data by root public key. - ret = VerifyCredPayload(credStr, &credData); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("verifyCredPayload failed!"); - break; - } - - // 4. Parse cred payload. - ret = GetCredPayloadInfo(credData.payload, credInfo); - if (ret != SUCCESS) { - SECURITY_LOG_ERROR("VerifyCredData success!"); - break; - } - } while (0); - - FreeCredData(&credData); - if (ret == SUCCESS) { - SECURITY_LOG_INFO("VerifyCredData SUCCESS!"); - } - return ret; -} - int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo) { diff --git a/oem_property/ohos/impl/dslm_ohos_verify.h b/oem_property/ohos/impl/dslm_ohos_verify.h index 3679154f3be8b00bad2d0613e28363d0829c1834..170100b04e22bf6bd2ac4e40f26ac8f83411b05e 100644 --- a/oem_property/ohos/impl/dslm_ohos_verify.h +++ b/oem_property/ohos/impl/dslm_ohos_verify.h @@ -25,8 +25,6 @@ extern "C" { #endif -int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo); - int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff, DslmCredInfo *credInfo); diff --git a/oem_property/ohos/impl/external_interface_adapter.c b/oem_property/ohos/impl/external_interface_adapter.c index 629eeec8b93facd5436b1e6084808d4d5d9f04e3..a0eb811251dfd039c023cff8b685f9c541768327 100644 --- a/oem_property/ohos/impl/external_interface_adapter.c +++ b/oem_property/ohos/impl/external_interface_adapter.c @@ -27,29 +27,29 @@ const char g_dslmKey[] = "dslm_key"; -#define HICHAIN_INPUT_PARAM_STRING_LENGTH 512 +#define DEVICE_AUTH_INPUT_PARAM_STRING_LENGTH 512 #define DSLM_CERT_CHAIN_BASE_LENGTH 4096 #define DSLM_INFO_MAX_LEN_UDID 68 #define DSLM_INFO_MAX_LEN_SERIAL 68 #define DSLM_INFO_MAX_LEN_VERSION 128 #define DSLM_INFO_MAX_LEN_CRED 2048 -#define DSLM_INFO_MAX_LEN_NOUNCE 2048 +#define DSLM_INFO_MAX_LEN_NONCE 2048 static int32_t GenerateFuncParamJson(bool isSelfPk, const char *udidStr, char *dest, uint32_t destMax); -const char *pkInfoEmpty = "[]"; -const char *pkInfoBase = "[{\"groupId\" : \"0\",\"publicKey\" : \"0\"}]"; +const static char *pkInfoEmpty = "[]"; +const static char *pkInfoBase = "[{\"groupId\" : \"0\",\"publicKey\" : \"0\"}]"; int32_t GetPkInfoListStr(bool isSelf, const char *udidStr, char **pkInfoList) { SECURITY_LOG_INFO("GetPkInfoListStr start"); - char paramJson[HICHAIN_INPUT_PARAM_STRING_LENGTH] = {0}; + char paramJson[DEVICE_AUTH_INPUT_PARAM_STRING_LENGTH] = {0}; char *resultBuffer = NULL; uint32_t resultNum = 0; - int32_t ret = GenerateFuncParamJson(isSelf, udidStr, ¶mJson[0], HICHAIN_INPUT_PARAM_STRING_LENGTH); + int32_t ret = GenerateFuncParamJson(isSelf, udidStr, ¶mJson[0], DEVICE_AUTH_INPUT_PARAM_STRING_LENGTH); if (ret != SUCCESS) { SECURITY_LOG_INFO("GenerateFuncParamJson failed"); return ret; @@ -75,7 +75,7 @@ int32_t GetPkInfoListStr(bool isSelf, const char *udidStr, char **pkInfoList) } } if (ret == SUCCESS) { - SECURITY_LOG_INFO("pkinfo = %{public}s", *pkInfoList); + SECURITY_LOG_INFO("pkInfo = %{public}s", *pkInfoList); } interface->destroyInfo(&resultBuffer); return SUCCESS; @@ -91,14 +91,14 @@ int32_t DslmCredAttestAdapter(struct DslmInfoInCertChain *info, uint8_t **certCh return ERR_HUKS_ERR; } struct HksParam inputData[] = { - {.tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = {strlen(info->nounceStr) + 1, (uint8_t *)info->nounceStr}}, + {.tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = {strlen(info->nonceStr) + 1, (uint8_t *)info->nonceStr}}, {.tag = HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = {strlen(info->credStr) + 1, (uint8_t *)info->credStr}}, {.tag = HKS_TAG_ATTESTATION_ID_UDID, .blob = {strlen(info->udidStr) + 1, (uint8_t *)info->udidStr}}, {.tag = HKS_TAG_ATTESTATION_ID_ALIAS, .blob = keyAlias}, }; struct HksParamSet *inputParam = NULL; - uint32_t certChainMaxLen = strlen(info->credStr) + strlen(info->nounceStr) + DSLM_CERT_CHAIN_BASE_LENGTH; + uint32_t certChainMaxLen = strlen(info->credStr) + strlen(info->nonceStr) + DSLM_CERT_CHAIN_BASE_LENGTH; struct HksCertChain *hksCertChain = NULL; const struct HksCertChainInitParams certParam = {true, true, true, certChainMaxLen}; @@ -138,11 +138,11 @@ int32_t ValidateCertChainAdapter(const uint8_t *data, uint32_t dataLen, struct D { SECURITY_LOG_INFO("ValidateCertChainAdapter start"); - char nounceStr[DSLM_INFO_MAX_LEN_NOUNCE] = {0}; + char nonceStr[DSLM_INFO_MAX_LEN_NONCE] = {0}; char credStr[DSLM_INFO_MAX_LEN_CRED] = {0}; char udidStr[DSLM_INFO_MAX_LEN_UDID] = {0}; struct HksParam outputData[] = { - {.tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = {DSLM_INFO_MAX_LEN_NOUNCE, (uint8_t *)nounceStr}}, + {.tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = {DSLM_INFO_MAX_LEN_NONCE, (uint8_t *)nonceStr}}, {.tag = HKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, .blob = {DSLM_INFO_MAX_LEN_CRED, (uint8_t *)credStr}}, {.tag = HKS_TAG_ATTESTATION_ID_UDID, .blob = {DSLM_INFO_MAX_LEN_UDID, (uint8_t *)udidStr}}, }; @@ -166,8 +166,8 @@ int32_t ValidateCertChainAdapter(const uint8_t *data, uint32_t dataLen, struct D return ERR_CALL_EXTERNAL_FUNC; } uint32_t cnt = 0; - if (memcpy_s(resultInfo->nounceStr, DSLM_INFO_MAX_LEN_NOUNCE, outputParam->params[cnt].blob.data, - outputParam->params[cnt].blob.size) != EOK) { + if (memcpy_s(resultInfo->nonceStr, DSLM_INFO_MAX_LEN_NONCE, outputParam->params[cnt].blob.data, + outputParam->params[cnt].blob.size) != EOK) { HksFreeParamSet(&outputParam); return ERR_MEMORY_ERR; } @@ -229,20 +229,20 @@ int32_t InitDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo) if (saveInfo == NULL) { return ERR_INVALID_PARA; } - saveInfo->nounceStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_NOUNCE); - if (saveInfo->nounceStr == NULL) { + saveInfo->nonceStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_NONCE); + if (saveInfo->nonceStr == NULL) { return ERR_NO_MEMORY; } saveInfo->credStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_CRED); if (saveInfo->credStr == NULL) { - FREE(saveInfo->nounceStr); - saveInfo->nounceStr = NULL; + FREE(saveInfo->nonceStr); + saveInfo->nonceStr = NULL; return ERR_NO_MEMORY; } saveInfo->udidStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_UDID); if (saveInfo->udidStr == NULL) { - FREE(saveInfo->nounceStr); - saveInfo->nounceStr = NULL; + FREE(saveInfo->nonceStr); + saveInfo->nonceStr = NULL; FREE(saveInfo->credStr); saveInfo->credStr = NULL; return ERR_NO_MEMORY; @@ -255,9 +255,9 @@ void DestroyDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo) if (saveInfo == NULL) { return; } - if (saveInfo->nounceStr != NULL) { - FREE(saveInfo->nounceStr); - saveInfo->nounceStr = NULL; + if (saveInfo->nonceStr != NULL) { + FREE(saveInfo->nonceStr); + saveInfo->nonceStr = NULL; } if (saveInfo->credStr != NULL) { FREE(saveInfo->credStr); diff --git a/oem_property/ohos/impl/external_interface_adapter.h b/oem_property/ohos/impl/external_interface_adapter.h index 2e77a0f065f4da2e79f462ee053a8a9f2fc2e652..f37a9641c146ad91d94c604dd69b62613af81120 100644 --- a/oem_property/ohos/impl/external_interface_adapter.h +++ b/oem_property/ohos/impl/external_interface_adapter.h @@ -26,7 +26,7 @@ extern "C" { struct DslmInfoInCertChain { char *udidStr; char *credStr; - char *nounceStr; // challenge + pkinfoList + char *nonceStr; // challenge + pkInfoList }; int32_t GetPkInfoListStr(bool isSelf, const char *udidStr, char **pkInfoList); diff --git a/services/common/dslm_crypto.c b/services/common/dslm_crypto.c index 07f760eb497fc21e2e9db2bf74d25467a8e2e42b..7e167b7822b8fe0cf2b6c9c1783d81c1f99392f2 100644 --- a/services/common/dslm_crypto.c +++ b/services/common/dslm_crypto.c @@ -15,12 +15,7 @@ #include "dslm_crypto.h" -#include #include -#include - -#include "device_security_defines.h" -#include "utils_log.h" void GenerateRandom(RandomValue *rand, uint32_t length) { @@ -31,53 +26,3 @@ void GenerateRandom(RandomValue *rand, uint32_t length) RAND_bytes(&rand->value[0], rand->length); } - -int32_t EcdsaVerify(const struct DataBuffer *srcData, const struct DataBuffer *sigData, - const struct DataBuffer *pbkData, uint32_t algorithm) -{ - if (srcData == NULL || sigData == NULL || pbkData == NULL) { - return ERR_INVALID_PARA; - } - if (srcData->data == NULL || sigData->data == NULL || pbkData->data == NULL || srcData->length == 0 || - sigData->length == 0 || pbkData->length == 0) { - return ERR_INVALID_PARA; - } - if ((algorithm != TYPE_ECDSA_SHA_256) && (algorithm != TYPE_ECDSA_SHA_384)) { - return ERR_INVALID_PARA; - } - - int32_t ret = ERR_ECC_VERIFY_ERR; - uint8_t *publicKey = pbkData->data; - const EVP_MD *type = (algorithm == TYPE_ECDSA_SHA_256) ? EVP_sha256() : EVP_sha384(); - EVP_PKEY *pkey = d2i_PUBKEY(NULL, (const unsigned char **)&(publicKey), pbkData->length); - if (pkey == NULL) { - return ret; - } - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - if (ctx == NULL) { - EVP_PKEY_free(pkey); - return ret; - } - - do { - ret = EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey); - if (ret != 1) { - break; - } - if (srcData == NULL) { - SECURITY_LOG_ERROR("srcData NULL!"); - } - ret = EVP_DigestUpdate(ctx, srcData->data, srcData->length); - if (ret != 1) { - break; - } - if (EVP_DigestVerifyFinal(ctx, sigData->data, sigData->length) <= 0) { - break; - } - ret = SUCCESS; - } while (0); - - EVP_PKEY_free(pkey); - EVP_MD_CTX_free(ctx); - return ret; -} \ No newline at end of file diff --git a/services/dslm/dslm_core_process.c b/services/dslm/dslm_core_process.c index c0cfd218a454bc338fc45075b452e206959eed2c..1e7425cdb1bb60d78c613e7286bac95fb4a15710 100644 --- a/services/dslm/dslm_core_process.c +++ b/services/dslm/dslm_core_process.c @@ -84,7 +84,7 @@ int32_t OnPeerMsgResponseInfoReceived(const DeviceIdentify *deviceId, const uint DslmDeviceInfo *deviceInfo = GetDslmDeviceInfo(deviceId); if (deviceInfo == NULL) { SECURITY_LOG_ERROR("OnPeerMsgResponseInfoReceived no existed device"); - return ERR_NOEXIST_DEVICE; + return ERR_NO_EXIST_DEVICE; } MessageBuff buff = { @@ -142,7 +142,7 @@ int32_t OnRequestDeviceSecLevelInfo(const DeviceIdentify *deviceId, const Reques DslmDeviceInfo *deviceInfo = GetDslmDeviceInfo(curr); if (deviceInfo == NULL) { SECURITY_LOG_ERROR("OnRequestDeviceSecLevelInfo input device not exist"); - return ERR_NOEXIST_DEVICE; + return ERR_NO_EXIST_DEVICE; } ReportHiEventAppInvoke(deviceInfo); @@ -151,17 +151,17 @@ int32_t OnRequestDeviceSecLevelInfo(const DeviceIdentify *deviceId, const Reques SECURITY_LOG_ERROR("OnRequestDeviceSecLevelInfo input device not online"); return ERR_NOT_ONLINE; } - DslmNotifyListNode *nofityNode = MALLOC(sizeof(DslmNotifyListNode)); - if (nofityNode == NULL) { + DslmNotifyListNode *notifyNode = MALLOC(sizeof(DslmNotifyListNode)); + if (notifyNode == NULL) { SECURITY_LOG_ERROR("OnRequestDeviceSecLevelInfo malloc error"); return ERR_NO_MEMORY; } - nofityNode->owner = owner; - nofityNode->cookie = cookie; - nofityNode->requestCallback = callback; - nofityNode->start = GetMillisecondSinceBoot(); - nofityNode->keep = option->timeout * 1000; // 1000 ms per second - ScheduleDslmStateMachine(deviceInfo, EVENT_SDK_GET, nofityNode); + notifyNode->owner = owner; + notifyNode->cookie = cookie; + notifyNode->requestCallback = callback; + notifyNode->start = GetMillisecondSinceBoot(); + notifyNode->keep = option->timeout * 1000; // 1000 ms per second + ScheduleDslmStateMachine(deviceInfo, EVENT_SDK_GET, notifyNode); return SUCCESS; } diff --git a/services/include/dslm_crypto.h b/services/include/dslm_crypto.h index 1fd818979485411a324aa129a3bbf493dce8b396..48a7abf2b71241616fab5de25245610e5c0f63d4 100644 --- a/services/include/dslm_crypto.h +++ b/services/include/dslm_crypto.h @@ -21,9 +21,6 @@ #define RAMDOM_MAX_LEN 32 -#define TYPE_ECDSA_SHA_256 0 -#define TYPE_ECDSA_SHA_384 1 - #ifdef __cplusplus extern "C" { #endif @@ -33,14 +30,7 @@ typedef struct RandomValue { uint8_t value[RAMDOM_MAX_LEN]; } RandomValue; -struct DataBuffer { - uint8_t *data; - uint32_t length; -}; - void GenerateRandom(RandomValue *rand, uint32_t length); -int32_t EcdsaVerify(const struct DataBuffer *srcData, const struct DataBuffer *sigData, - const struct DataBuffer *pbkData, uint32_t algorithm); #ifdef __cplusplus }