openharmony/security_device_security_level
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_device_security_level synced 2024-11-28 01:11:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: code style

Browse Source 
Signed-off-by: lwk <1076278852@qq.com>
This commit is contained in:
lwk 2022-02-25 10:56:48 +08:00
parent 3d855f80f6
commit c3fb07f93a
4 changed files with 204 additions and 386 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
oem_property/ohos/impl/dslm_ohos_request.c
View File

@ -36,23 +36,18 @@ static int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen)
{
FILE *fp = NULL;
fp = fopen(DSLM_CRED_CFG_FILE_POSITION, "r");
if (fp == NULL)
{
if (fp == NULL) {
SECURITY_LOG_ERROR("fopen cred file failed!");
return ERR_INVALID_PARA;
}
int32_t ret = fscanf_s(fp, "%s", credStr, maxLen);
if (ret == -1)
{
if (ret == -1) {
SECURITY_LOG_ERROR("fscanf_s cred file failed!");
ret = ERR_INVALID_PARA;
}
else
{
} else {
ret = SUCCESS;
}
if (fclose(fp) != 0)
{
if (fclose(fp) != 0) {
SECURITY_LOG_ERROR("fclose cred file failed!");
ret = ERR_INVALID_PARA;
}
@ -62,8 +57,7 @@ static int32_t GetCredFromCurrentDevice(char *credStr, uint32_t maxLen)
static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListStr, char **nounceStr)
{
JsonHandle json = CreateJson(NULL);
if (json == NULL)
{
if (json == NULL) {
return ERR_INVALID_PARA;
}
@ -75,8 +69,7 @@ static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListSt
// tran to json
*nounceStr = (char *)ConvertJsonToString(json);
if (*nounceStr == NULL)
{
if (*nounceStr == NULL) {
DestroyJson(json);
return ERR_JSON_ERR;
}
@ -85,51 +78,42 @@ static int32_t TransToJsonStr(const char *challengeStr, const char *pkInfoListSt
}
static int32_t GenerateDslmCertChain(const DeviceIdentify *device, const RequestObject *obj, char *credStr,
uint8_t **certChain, uint32_t *certChainLen)
uint8_t **certChain, uint32_t *certChainLen)
{
char *pkInfoListStr = NULL;
char *nounceStr = NULL;
char challengeStr[CHALLENGE_STRING_LENGTH] = {0};
ByteToHexString((uint8_t *)&(obj->challenge), sizeof(obj->challenge), (uint8_t *)challengeStr, CHALLENGE_STRING_LENGTH);
ByteToHexString((uint8_t *)&(obj->challenge), sizeof(obj->challenge), (uint8_t *)challengeStr,
CHALLENGE_STRING_LENGTH);
char udidStr[65] = {0};
if (memcpy_s(udidStr, 65, device->identity, device->length) != EOK)
{
if (memcpy_s(udidStr, 65, device->identity, device->length) != EOK) {
return ERR_MEMORY_ERR;
}
int32_t ret = ERR_DEFAULT;
do
{
do {
ret = GetPkInfoListStr(true, udidStr, &pkInfoListStr);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("GetPkInfoListStr failed");
break;
}
ret = TransToJsonStr(challengeStr, pkInfoListStr, &nounceStr);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("TransToJsonStr failed");
break;
}
struct DslmInfoInCertChain saveInfo = {
.credStr = credStr,
.nounceStr = nounceStr,
.udidStr = udidStr};
struct DslmInfoInCertChain saveInfo = {.credStr = credStr, .nounceStr = nounceStr, .udidStr = udidStr};
ret = DslmCredAttestAdapter(&saveInfo, certChain, certChainLen);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("DslmCredAttestAdapter failed");
break;
}
} while (0);
if (pkInfoListStr != NULL)
{
if (pkInfoListStr != NULL) {
FREE(pkInfoListStr);
}
if (nounceStr != NULL)
{
if (nounceStr != NULL) {
FREE(nounceStr);
}
return ret;
@ -139,21 +123,18 @@ static int32_t SelectDslmCredType(const DeviceIdentify *device, const RequestObj
{
uint32_t devType = 0;
const DeviceIdentify *deviceSelf = GetSelfDevice(&devType);
if (deviceSelf->length == 0)
{
if (deviceSelf->length == 0) {
SECURITY_LOG_ERROR("SelectDslmCredType, GetSelfDevice failed");
return ERR_INVALID_PARA;
}
// is self
if (memcmp(device->identity, deviceSelf->identity, deviceSelf->length) == 0)
{
if (memcmp(device->identity, deviceSelf->identity, deviceSelf->length) == 0) {
*type = CRED_TYPE_SMALL;
return SUCCESS;
}
if (HksAttestIsReadyAdapter() != SUCCESS)
{
if (HksAttestIsReadyAdapter() != SUCCESS) {
*type = CRED_TYPE_SMALL;
return SUCCESS;
}
@ -164,8 +145,7 @@ static int32_t SelectDslmCredType(const DeviceIdentify *device, const RequestObj
static int32_t RequestSmallDslmCred(uint8_t *data, uint32_t dataLen, DslmCredBuff **credBuff)
{
DslmCredBuff *out = CreateDslmCred(CRED_TYPE_SMALL, dataLen, data);
if (out == NULL)
{
if (out == NULL) {
SECURITY_LOG_ERROR("RequestSmallDslmCred, CreateDslmCred failed");
return ERR_MEMORY_ERR;
}
@ -175,20 +155,18 @@ static int32_t RequestSmallDslmCred(uint8_t *data, uint32_t dataLen, DslmCredBuf
}
static int32_t RequestStandardDslmCred(const DeviceIdentify *device, const RequestObject *obj, char *credStr,
DslmCredBuff **credBuff)
DslmCredBuff **credBuff)
{
uint8_t *certChain = NULL; // malloc, need free
uint32_t certChainLen = 0;
int32_t ret = GenerateDslmCertChain(device, obj, credStr, &certChain, &certChainLen);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("RequestStandardDslmCred, GenerateDslmCertChain failed");
return ret;
}
DslmCredBuff *out = CreateDslmCred(CRED_TYPE_STANDARD, certChainLen, certChain);
if (out == NULL)
{
if (out == NULL) {
SECURITY_LOG_ERROR("RequestSmallDslmCred, CreateDslmCred failed");
return ERR_MEMORY_ERR;
}
@ -203,28 +181,25 @@ int32_t RequestOhosDslmCred(const DeviceIdentify *device, const RequestObject *o
uint32_t credType = 0;
char credStr[DSLM_CRED_STR_LEN_MAX] = {0};
int32_t ret = GetCredFromCurrentDevice(credStr, DSLM_CRED_STR_LEN_MAX);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("Read cred data from file failed!");
return ret;
}
ret = SelectDslmCredType(device, obj, &credType);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("SelectDslmCredType failed!");
return ret;
}
credType = CRED_TYPE_STANDARD;
switch (credType)
{
case CRED_TYPE_SMALL:
return RequestSmallDslmCred((uint8_t *)credStr, strlen(credStr), credBuff);
case CRED_TYPE_STANDARD:
return RequestStandardDslmCred(device, obj, credStr, credBuff);
default:
SECURITY_LOG_ERROR("Invalid cred type!");
break;
switch (credType) {
case CRED_TYPE_SMALL:
return RequestSmallDslmCred((uint8_t *)credStr, strlen(credStr), credBuff);
case CRED_TYPE_STANDARD:
return RequestStandardDslmCred(device, obj, credStr, credBuff);
default:
SECURITY_LOG_ERROR("Invalid cred type!");
break;
}
return SUCCESS;

334
oem_property/ohos/impl/dslm_ohos_verify.c
View File

@ -59,23 +59,20 @@
#define CRED_VALUE_TYPE_DEBUG "debug"
#define CRED_VALUE_TYPE_RELEASE "release"
struct NounceOfCertChain
{
struct NounceOfCertChai {
uint64_t challenge;
uint8_t *pbkInfoList;
uint32_t pbkInfoListLen;
};
struct PbkChain
{
struct PbkChain {
struct DataBuffer src;
struct DataBuffer sig;
struct DataBuffer pbk;
uint32_t algorithm;
};
struct CredData
{
struct CredData {
char *credPtr;
const char *header;
const char *payload;
@ -86,17 +83,14 @@ struct CredData
static int32_t GetSecLevelFromString(const char *data, uint32_t dataLen, uint32_t *securityLevel)
{
if (data == NULL || dataLen != SEC_LEVEL_STR_LEN)
{
if (data == NULL || dataLen != SEC_LEVEL_STR_LEN) {
return ERR_INVALID_PARA;
}
if (memcmp(data, "SL", SEC_LEVEL_STR_LEN - 1) != 0)
{
if (memcmp(data, "SL", SEC_LEVEL_STR_LEN - 1) != 0) {
return ERR_INVALID_PARA;
}
int32_t num = data[SEC_LEVEL_STR_LEN - 1] - '0';
if (num < CLOUD_CRED_SEC_LEVEL_0 || num > CLOUD_CRED_SEC_LEVEL_MAX)
{
if (num < CLOUD_CRED_SEC_LEVEL_0 || num > CLOUD_CRED_SEC_LEVEL_MAX) {
return ERR_INVALID_PARA;
}
*securityLevel = num;
@ -105,20 +99,14 @@ static int32_t GetSecLevelFromString(const char *data, uint32_t dataLen, uint32_
static int32_t GetAlgorithmType(const char *data, uint32_t dataLen, uint32_t *algorithm)
{
if (data == NULL || dataLen == 0)
{
if (data == NULL || dataLen == 0) {
return ERR_INVALID_PARA;
}
if (strncmp(data, "SHA384withECDSA", strlen("SHA384withECDSA")) == 0)
{
if (strncmp(data, "SHA384withECDSA", strlen("SHA384withECDSA")) == 0) {
*algorithm = TYPE_ECDSA_SHA_384;
}
else if (strncmp(data, "SHA256withECDSA", strlen("SHA256withECDSA")) == 0)
{
} else if (strncmp(data, "SHA256withECDSA", strlen("SHA256withECDSA")) == 0) {
*algorithm = TYPE_ECDSA_SHA_256;
}
else
{
} else {
return ERR_INVALID_PARA;
}
return SUCCESS;
@ -127,12 +115,10 @@ static int32_t GetAlgorithmType(const char *data, uint32_t dataLen, uint32_t *al
static int32_t CopyParamDataFromJson(const JsonHandle json, const char *paramKey, char *dest, uint32_t destLen)
{
const char *tempData = GetJsonFieldString(json, paramKey);
if (tempData == NULL)
{
if (tempData == NULL) {
return ERR_INVALID_PARA;
}
if (strcpy_s(dest, destLen, tempData) != EOK)
{
if (strcpy_s(dest, destLen, tempData) != EOK) {
return ERR_MEMORY_ERR;
}
return SUCCESS;
@ -142,80 +128,67 @@ static int32_t GetCredPayloadInfo(const char *credPayload, DslmCredInfo *credInf
{
uint8_t *buffer = NULL;
Base64DecodeApp((uint8_t *)credPayload, &buffer);
if (buffer == NULL)
{
if (buffer == NULL) {
return ERR_INVALID_PARA;
}
JsonHandle json = CreateJson((char *)buffer);
if (json == NULL)
{
if (json == NULL) {
FREE(buffer);
return ERR_INVALID_PARA;
}
FREE(buffer);
buffer = NULL;
do
{
do {
credInfo->credType = DEVICE_LEVEL_CRED_TYPE_CRED_CLOUD_WITH_HUKS;
// get security level
if (CopyParamDataFromJson(json, CRED_KEY_SECURITY_LEVEL, credInfo->securityLevel, CRED_INFO_LEVEL_LEN) !=
SUCCESS)
{
SUCCESS) {
SECURITY_LOG_ERROR("get securityLevel failed!");
break;
}
if (GetSecLevelFromString(credInfo->securityLevel, strlen(credInfo->securityLevel), &(credInfo->credLevel)) !=
SUCCESS)
{
SUCCESS) {
SECURITY_LOG_ERROR("get credLevel failed!");
break;
}
// get type, debug or release
if (CopyParamDataFromJson(json, CRED_KEY_TYPE, credInfo->type, CRED_INFO_TYPE_LEN) != SUCCESS)
{
if (CopyParamDataFromJson(json, CRED_KEY_TYPE, credInfo->type, CRED_INFO_TYPE_LEN) != SUCCESS) {
SECURITY_LOG_ERROR("get type failed!");
break;
}
// get cred version. The following data is not important, so continue even it fails.
if (CopyParamDataFromJson(json, CRED_KEY_CRED_VERSION, credInfo->version, CRED_INFO_VERSION_LEN) != SUCCESS)
{
if (CopyParamDataFromJson(json, CRED_KEY_CRED_VERSION, credInfo->version, CRED_INFO_VERSION_LEN) != SUCCESS) {
SECURITY_LOG_ERROR("get version failed!");
}
// get udid, when type is debug
if (strncmp(credInfo->type, CRED_VALUE_TYPE_DEBUG, strlen(CRED_VALUE_TYPE_DEBUG)) == 0)
{
if (CopyParamDataFromJson(json, CRED_KEY_UDID, credInfo->udid, CRED_INFO_UDID_LEN) != SUCCESS)
{
if (strncmp(credInfo->type, CRED_VALUE_TYPE_DEBUG, strlen(CRED_VALUE_TYPE_DEBUG)) == 0) {
if (CopyParamDataFromJson(json, CRED_KEY_UDID, credInfo->udid, CRED_INFO_UDID_LEN) != SUCCESS) {
SECURITY_LOG_ERROR("get udid failed!");
}
}
// get signTime
if (CopyParamDataFromJson(json, CRED_KEY_SIGN_TIME, credInfo->signTime, CRED_INFO_SIGNTIME_LEN) != SUCCESS)
{
if (CopyParamDataFromJson(json, CRED_KEY_SIGN_TIME, credInfo->signTime, CRED_INFO_SIGNTIME_LEN) != SUCCESS) {
SECURITY_LOG_ERROR("get signTime failed!");
}
// get manufacture
if (CopyParamDataFromJson(json, CRED_KEY_MANUFACTURE, credInfo->manufacture, CRED_INFO_MANU_LEN) != SUCCESS)
{
if (CopyParamDataFromJson(json, CRED_KEY_MANUFACTURE, credInfo->manufacture, CRED_INFO_MANU_LEN) != SUCCESS) {
SECURITY_LOG_ERROR("get manufacture failed!");
}
// get model
if (CopyParamDataFromJson(json, CRED_KEY_MODEL_NAME, credInfo->model, CRED_INFO_MODEL_LEN) != SUCCESS)
{
if (CopyParamDataFromJson(json, CRED_KEY_MODEL_NAME, credInfo->model, CRED_INFO_MODEL_LEN) != SUCCESS) {
SECURITY_LOG_ERROR("get model name failed!");
}
// get brand
if (CopyParamDataFromJson(json, CRED_KEY_BRAND, credInfo->brand, CRED_INFO_BRAND_LEN) != SUCCESS)
{
if (CopyParamDataFromJson(json, CRED_KEY_BRAND, credInfo->brand, CRED_INFO_BRAND_LEN) != SUCCESS) {
SECURITY_LOG_ERROR("get brand failed!");
}
@ -229,7 +202,7 @@ static int32_t GetCredPayloadInfo(const char *credPayload, DslmCredInfo *credInf
}
static int32_t GenerateDeviceUdid(const char *manufacture, const char *productModel, const char *serialNum,
char *udidStr, uint32_t MaxLen)
char *udidStr, uint32_t MaxLen)
{
uint32_t manufactureLen = strlen(manufacture);
uint32_t productModelLen = strlen(productModel);
@ -238,16 +211,13 @@ static int32_t GenerateDeviceUdid(const char *manufacture, const char *productMo
uint32_t dataLen = manufactureLen + productModelLen + serialNumLen;
char *data = (char *)MALLOC(dataLen + 1);
if (strcat_s(data, dataLen + 1, manufacture) != EOK)
{
if (strcat_s(data, dataLen + 1, manufacture) != EOK) {
return ERR_INVALID_PARA;
}
if (strcat_s(data, dataLen + 1, productModel) != EOK)
{
if (strcat_s(data, dataLen + 1, productModel) != EOK) {
return ERR_INVALID_PARA;
}
if (strcat_s(data, dataLen + 1, serialNum) != EOK)
{
if (strcat_s(data, dataLen + 1, serialNum) != EOK) {
return ERR_INVALID_PARA;
}
@ -262,28 +232,23 @@ static int32_t GenerateDeviceUdid(const char *manufacture, const char *productMo
static int32_t CheckCredInfo(const struct DeviceIdentify *device, const DslmCredInfo *info)
{
SECURITY_LOG_DEBUG("CheckCredInfo start!");
if (strlen(info->udid) == 0)
{
if (strlen(info->udid) == 0) {
SECURITY_LOG_DEBUG("Current cred has no udid, skip CheckCredInfo.");
return SUCCESS;
}
if (strncmp(info->type, CRED_VALUE_TYPE_DEBUG, strlen(CRED_VALUE_TYPE_DEBUG)) == 0)
{
if (memcmp((char *)device->identity, info->udid, strlen(info->udid)) == 0)
{
if (strncmp(info->type, CRED_VALUE_TYPE_DEBUG, strlen(CRED_VALUE_TYPE_DEBUG)) == 0) {
if (memcmp((char *)device->identity, info->udid, strlen(info->udid)) == 0) {
return SUCCESS;
}
char udidStr[UDID_STRING_LENGTH] = {0};
const char *serialStr = GetSerial();
if (serialStr == NULL)
{
if (serialStr == NULL) {
return ERR_INVALID_PARA;
}
GenerateDeviceUdid(info->manufacture, info->model, serialStr, udidStr, UDID_STRING_LENGTH);
if (strcasecmp(udidStr, info->udid) == 0)
{
if (strcasecmp(udidStr, info->udid) == 0) {
return SUCCESS;
}
return ERR_CHECK_CRED_INFO;
@ -295,43 +260,37 @@ static int32_t CheckCredInfo(const struct DeviceIdentify *device, const DslmCred
static int32_t ParseNounceOfCertChain(const char *jsonBuffer, struct NounceOfCertChain *nounce)
{
JsonHandle json = CreateJson(jsonBuffer);
if (json == NULL)
{
if (json == NULL) {
return ERR_INVALID_PARA;
}
// 1. Get challenge.
const char *challengeStr = GetJsonFieldString(json, "challenge");
if (challengeStr == NULL)
{
if (challengeStr == NULL) {
DestroyJson(json);
return ERR_PARSE_NOUNCE;
}
int32_t ret =
HexStringToByte(challengeStr, strlen(challengeStr), (uint8_t *)&nounce->challenge, sizeof(nounce->challenge));
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
DestroyJson(json);
return ERR_PARSE_NOUNCE;
}
// 2. Get PublicKey Info.
const char *pkInfoListStr = GetJsonFieldString(json, "pkInfoList");
if (pkInfoListStr == NULL)
{
if (pkInfoListStr == NULL) {
DestroyJson(json);
return ERR_PARSE_NOUNCE;
}
nounce->pbkInfoList = (uint8_t *)MALLOC(strlen(pkInfoListStr) + 1);
if (nounce->pbkInfoList == NULL)
{
if (nounce->pbkInfoList == NULL) {
DestroyJson(json);
return ERR_NO_MEMORY;
}
ret = strcpy_s((char *)nounce->pbkInfoList, strlen(pkInfoListStr) + 1, pkInfoListStr);
if (ret != EOK)
{
if (ret != EOK) {
FREE(nounce->pbkInfoList);
nounce->pbkInfoList = NULL;
DestroyJson(json);
@ -343,12 +302,10 @@ static int32_t ParseNounceOfCertChain(const char *jsonBuffer, struct NounceOfCer
static void FreeNounceOfCertChain(struct NounceOfCertChain *nounce)
{
if (nounce == NULL)
{
if (nounce == NULL) {
return;
}
if (nounce->pbkInfoList != NULL)
{
if (nounce->pbkInfoList != NULL) {
FREE(nounce->pbkInfoList);
nounce->pbkInfoList = NULL;
}
@ -357,30 +314,24 @@ static void FreeNounceOfCertChain(struct NounceOfCertChain *nounce)
static int32_t FindCommonPkInfo(const char *bufferA, const char *bufferB)
{
if (bufferA == NULL || bufferB == NULL)
{
if (bufferA == NULL || bufferB == NULL) {
return ERR_INVALID_PARA;
}
JsonHandle jsonA = CreateJson(bufferA);
if (jsonA == NULL)
{
if (jsonA == NULL) {
return ERR_INVALID_PARA;
}
JsonHandle jsonB = CreateJson(bufferB);
if (jsonB == NULL)
{
if (jsonB == NULL) {
DestroyJson(jsonA);
return ERR_INVALID_PARA;
}
uint32_t sizeA = GetJsonFieldJsonArraySize(jsonA);
uint32_t sizeB = GetJsonFieldJsonArraySize(jsonB);
for (uint32_t i = 0; i < sizeA; i++)
{
for (uint32_t j = 0; j < sizeB; j++)
{
if (CompareJsonData(GetJsonFieldJsonArray(jsonA, i), GetJsonFieldJsonArray(jsonB, j), true))
{
for (uint32_t i = 0; i < sizeA; i++) {
for (uint32_t j = 0; j < sizeB; j++) {
if (CompareJsonData(GetJsonFieldJsonArray(jsonA, i), GetJsonFieldJsonArray(jsonB, j), true)) {
DestroyJson(jsonA);
DestroyJson(jsonB);
return SUCCESS;
@ -393,17 +344,15 @@ static int32_t FindCommonPkInfo(const char *bufferA, const char *bufferB)
}
static int32_t CheckNounceOfCertChain(const struct NounceOfCertChain *nounce, uint64_t challenge,
const char *pbkInfoList)
const char *pbkInfoList)
{
if (challenge != nounce->challenge)
{
if (challenge != nounce->challenge) {
SECURITY_LOG_ERROR("compare nounce challenge failed!");
return ERR_CHALLENGE_ERR;
}
int32_t ret = FindCommonPkInfo((char *)pbkInfoList, (char *)nounce->pbkInfoList);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("compare nounce public key info failed!");
return ret;
}
@ -417,31 +366,26 @@ static int32_t VerifyNounceOfCertChain(const char *jsonStr, const struct DeviceI
(void)memset_s(&nounce, sizeof(struct NounceOfCertChain), 0, sizeof(struct NounceOfCertChain));
char udidStr[65] = {0};
if (memcpy_s(udidStr, 65, device->identity, device->length) != EOK)
{
if (memcpy_s(udidStr, 65, device->identity, device->length) != EOK) {
return ERR_MEMORY_ERR;
}
int32_t ret = ERR_DEFAULT;
do
{
do {
ret = ParseNounceOfCertChain(jsonStr, &nounce);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("ParseNounceOfCertChain failed!");
break;
}
ret = GetPkInfoListStr(false, udidStr, &pkInfoListStr);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("GetPkInfoListStr failed!");
break;
}
ret = CheckNounceOfCertChain(&nounce, challenge, pkInfoListStr);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("CheckNounceOfCertChain failed!");
break;
}
@ -457,19 +401,16 @@ static int32_t ParsePubKeyChain(const char *credAttestionInfo, uint32_t length,
{
uint8_t *buffer = NULL;
Base64DecodeApp((uint8_t *)credAttestionInfo, &buffer);
if (buffer == NULL)
{
if (buffer == NULL) {
return ERR_INVALID_PARA;
}
JsonHandle json = CreateJson((char *)buffer);
if (json == NULL)
{
if (json == NULL) {
FREE(buffer);
return ERR_INVALID_PARA;
}
FREE(buffer);
if (GetJsonFieldJsonArraySize(json) != PBK_CHAIN_LEVEL)
{
if (GetJsonFieldJsonArraySize(json) != PBK_CHAIN_LEVEL) {
DestroyJson(json);
return ERR_JSON_ERR;
}
@ -479,52 +420,42 @@ static int32_t ParsePubKeyChain(const char *credAttestionInfo, uint32_t length,
const char *sigMsg = NULL;
const char *pbkMsg = NULL;
const char *algMsg = NULL;
for (uint32_t i = 0; i < PBK_CHAIN_LEVEL; i++)
{
for (uint32_t i = 0; i < PBK_CHAIN_LEVEL; i++) {
item = GetJsonFieldJsonArray(json, PBK_CHAIN_LEVEL - i - 1);
pbkMsg = srcMsg;
srcMsg = GetJsonFieldString(item, JSON_KEY_USER_PUBLIC_KEY);
if (srcMsg == NULL)
{
if (srcMsg == NULL) {
break;
}
sigMsg = GetJsonFieldString(item, JSON_KEY_SIGNATURE);
if (sigMsg == NULL)
{
if (sigMsg == NULL) {
break;
}
algMsg = GetJsonFieldString(item, JSON_KEY_ALGORITHM);
if (algMsg == NULL)
{
if (algMsg == NULL) {
algMsg = "SHA384withECDSA";
}
if (i == 0)
{
if (i == 0) {
pbkMsg = srcMsg;
}
pbkChain[i].src.length = Base64UrlDecodeApp((uint8_t *)srcMsg, &(pbkChain[i].src.data));
if (pbkChain[i].src.data == NULL)
{
if (pbkChain[i].src.data == NULL) {
break;
}
pbkChain[i].sig.length = Base64UrlDecodeApp((uint8_t *)sigMsg, &(pbkChain[i].sig.data));
if (pbkChain[i].sig.data == NULL)
{
if (pbkChain[i].sig.data == NULL) {
break;
}
pbkChain[i].pbk.length = Base64UrlDecodeApp((uint8_t *)pbkMsg, &(pbkChain[i].pbk.data));
if (pbkChain[i].pbk.data == NULL)
{
if (pbkChain[i].pbk.data == NULL) {
break;
}
if (GetAlgorithmType(algMsg, strlen(algMsg), &(pbkChain[i].algorithm)) != SUCCESS)
{
if (GetAlgorithmType(algMsg, strlen(algMsg), &(pbkChain[i].algorithm)) != SUCCESS) {
SECURITY_LOG_DEBUG("ParsePubKeyChain get type error");
break;
}
if (i == PBK_CHAIN_THIRD_KEY_INDEX)
{
if (i == PBK_CHAIN_THIRD_KEY_INDEX) {
DestroyJson(json);
SECURITY_LOG_DEBUG("ParsePubKeyChain ok and return");
return SUCCESS;
@ -537,35 +468,29 @@ static int32_t ParsePubKeyChain(const char *credAttestionInfo, uint32_t length,
static int32_t ParseCredData(const char *credStr, struct CredData *credData)
{
credData->credPtr = (char *)MALLOC(strlen(credStr) + 1);
if (credData->credPtr == NULL)
{
if (credData->credPtr == NULL) {
return ERR_NO_MEMORY;
}
if (strcpy_s(credData->credPtr, strlen(credStr) + 1, credStr) != EOK)
{
if (strcpy_s(credData->credPtr, strlen(credStr) + 1, credStr) != EOK) {
credData->credPtr = NULL;
return ERR_MEMORY_ERR;
}
char *context = NULL;
credData->header = strtok_s(credData->credPtr, ".", &context);
if (context == NULL)
{
if (context == NULL) {
return ERR_PARSE_CLOUD_CRED_DATA;
}
credData->payload = strtok_s(NULL, ".", &context);
if (context == NULL)
{
if (context == NULL) {
return ERR_PARSE_CLOUD_CRED_DATA;
}
credData->signature = strtok_s(NULL, ".", &context);
if (context == NULL)
{
if (context == NULL) {
return ERR_PARSE_CLOUD_CRED_DATA;
}
credData->attestionInfo = strtok_s(NULL, ".", &context);
if (context == NULL)
{
if (context == NULL) {
return ERR_PARSE_CLOUD_CRED_DATA;
}
@ -574,10 +499,8 @@ static int32_t ParseCredData(const char *credStr, struct CredData *credData)
static int32_t VerifyCredPubKeyChain(const struct PbkChain *pbkChain)
{
for (int i = 0; i < 3; i++)
{
if (EcdsaVerify(&(pbkChain[i].src), &(pbkChain[i].sig), &(pbkChain[i].pbk), pbkChain[i].algorithm) != SUCCESS)
{
for (int i = 0; i < 3; i++) {
if (EcdsaVerify(&(pbkChain[i].src), &(pbkChain[i].sig), &(pbkChain[i].pbk), pbkChain[i].algorithm) != SUCCESS) {
return ERR_ECC_VERIFY_ERR;
}
}
@ -591,13 +514,11 @@ static int32_t VerifyCredPayload(const char *cred, const struct CredData *credDa
uint32_t srcMsgLen = strlen(credData->header) + strlen(credData->payload) + 1;
char *srcMsg = (char *)MALLOC(srcMsgLen + 1);
if (srcMsg == NULL)
{
if (srcMsg == NULL) {
return ERR_NO_MEMORY;
}
(void)memset_s(srcMsg, srcMsgLen + 1, 0, srcMsgLen + 1);
if (memcpy_s(srcMsg, srcMsgLen, cred, srcMsgLen) != EOK)
{
if (memcpy_s(srcMsg, srcMsgLen, cred, srcMsgLen) != EOK) {
FREE(srcMsg);
return ERR_MEMORY_ERR;
}
@ -608,20 +529,16 @@ static int32_t VerifyCredPayload(const char *cred, const struct CredData *credDa
pbkData.data = credData->pbkChain[PBK_CHAIN_THIRD_KEY_INDEX].src.data;
pbkData.length = credData->pbkChain[PBK_CHAIN_THIRD_KEY_INDEX].src.length;
sigData.length = Base64UrlDecodeApp((uint8_t *)credData->signature, &(sigData.data));
if (sigData.data == NULL)
{
if (sigData.data == NULL) {
FREE(srcMsg);
return ERR_MEMORY_ERR;
}
int32_t ret = EcdsaVerify(&srcData, &sigData, &pbkData, TYPE_ECDSA_SHA_384);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("EcdsaVerify failed!");
ret = ERR_ECC_VERIFY_ERR;
}
else
{
} else {
SECURITY_LOG_ERROR("VerifyCredPayload success!");
ret = SUCCESS;
}
@ -632,29 +549,23 @@ static int32_t VerifyCredPayload(const char *cred, const struct CredData *credDa
static void FreeCredData(struct CredData *credData)
{
if (credData == NULL)
{
if (credData == NULL) {
return;
}
if (credData->credPtr != NULL)
{
if (credData->credPtr != NULL) {
FREE(credData->credPtr);
credData->credPtr = NULL;
}
for (uint32_t i = 0; i < PBK_CHAIN_LEVEL; i++)
{
if (credData->pbkChain[i].src.data != NULL)
{
for (uint32_t i = 0; i < PBK_CHAIN_LEVEL; i++) {
if (credData->pbkChain[i].src.data != NULL) {
FREE(credData->pbkChain[i].src.data);
credData->pbkChain[i].src.data = NULL;
}
if (credData->pbkChain[i].sig.data != NULL)
{
if (credData->pbkChain[i].sig.data != NULL) {
FREE(credData->pbkChain[i].sig.data);
credData->pbkChain[i].sig.data = NULL;
}
if (credData->pbkChain[i].pbk.data != NULL)
{
if (credData->pbkChain[i].pbk.data != NULL) {
FREE(credData->pbkChain[i].pbk.data);
credData->pbkChain[i].pbk.data = NULL;
}
@ -668,44 +579,38 @@ static int32_t VerifyCredData(const char *credStr, DslmCredInfo *credInfo)
(void)memset_s(&credData, sizeof(struct CredData), 0, sizeof(struct CredData));
int32_t ret = ERR_DEFAULT;
do
{
do {
// 1. Parse Cred.
ret = ParseCredData(credStr, &credData);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("ParseCredData failed!");
break;
}
// 2. Verify public key chain, get root public key.
ret = VerifyCredPubKeyChain(&credData.pbkChain[0]);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("verifyCredPubKeyChain failed!");
break;
}
// 3. Verify source data by root public key.
ret = VerifyCredPayload(credStr, &credData);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("verifyCredPayload failed!");
break;
}
// 4. Parse cred payload.
ret = GetCredPayloadInfo(credData.payload, credInfo);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("VerifyCredData success!");
break;
}
} while (0);
FreeCredData(&credData);
if (ret == SUCCESS)
{
if (ret == SUCCESS) {
SECURITY_LOG_INFO("VerifyCredData SUCCESS!");
}
return ret;
@ -715,15 +620,13 @@ static int32_t verifySmallDslmCred(const DeviceIdentify *device, const DslmCredB
{
char *credStr = (char *)malloc(credBuff->credLen + 1);
(void)memset_s(credStr, credBuff->credLen + 1, 0, credBuff->credLen + 1);
if (memcpy_s(credStr, credBuff->credLen + 1, credBuff->credVal, credBuff->credLen + 1) != EOK)
{
if (memcpy_s(credStr, credBuff->credLen + 1, credBuff->credVal, credBuff->credLen + 1) != EOK) {
FREE(credStr);
return ERR_MEMORY_ERR;
}
int32_t ret = VerifyCredData(credStr, credInfo);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("VerifyCredData failed!");
FREE(credStr);
return ret;
@ -731,8 +634,7 @@ static int32_t verifySmallDslmCred(const DeviceIdentify *device, const DslmCredB
FREE(credStr);
ret = CheckCredInfo(device, credInfo);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("CheckCredInfo failed!");
return ret;
}
@ -741,52 +643,45 @@ static int32_t verifySmallDslmCred(const DeviceIdentify *device, const DslmCredB
}
static int32_t verifyStandardDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff,
DslmCredInfo *credInfo)
DslmCredInfo *credInfo)
{
struct DslmInfoInCertChain resultInfo;
int32_t ret = InitDslmInfoInCertChain(&resultInfo);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("InitDslmInfoInCertChain failed!");
return ret;
}
do
{
do {
// 1. Verify the certificate chain, get data in the certificate chain(nounce + UDID + cred).
ret = ValidateCertChainAdapter(credBuff->credVal, credBuff->credLen, &resultInfo);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("ValidateCertChainAdapter failed!");
break;
}
// 2. Parses the NOUNCE into CHALLENGE and PK_INFO_LIST, verifies them separtely.
ret = VerifyNounceOfCertChain(resultInfo.nounceStr, device, challenge);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("verifyNounceOfCertChain failed!");
break;
}
// 3. The cred content is "<header>.<payload>.<signature>.<attestion>", parse and vefity it.
ret = VerifyCredData(resultInfo.credStr, credInfo);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("VerifyCredData failed!");
break;
}
ret = CheckCredInfo(device, credInfo);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("CheckCredInfo failed!");
break;
}
} while (0);
DestroyDslmInfoInCertChain(&resultInfo);
if (ret == SUCCESS)
{
if (ret == SUCCESS) {
SECURITY_LOG_INFO("cred level = %{public}d", credInfo->credLevel);
SECURITY_LOG_INFO("VerifyOhosDslmCred SUCCESS!");
}
@ -794,19 +689,18 @@ static int32_t verifyStandardDslmCred(const DeviceIdentify *device, uint64_t cha
}
int32_t VerifyOhosDslmCred(const DeviceIdentify *device, uint64_t challenge, const DslmCredBuff *credBuff,
DslmCredInfo *credInfo)
DslmCredInfo *credInfo)
{
SECURITY_LOG_INFO("Invoke VerifyOhosDslmCred");
switch (credBuff->type)
{
case CRED_TYPE_SMALL:
return verifySmallDslmCred(device, credBuff, credInfo);
case CRED_TYPE_STANDARD:
return verifyStandardDslmCred(device, challenge, credBuff, credInfo);
default:
SECURITY_LOG_ERROR("Invalid cred type!");
break;
switch (credBuff->type) {
case CRED_TYPE_SMALL:
return verifySmallDslmCred(device, credBuff, credInfo);
case CRED_TYPE_STANDARD:
return verifyStandardDslmCred(device, challenge, credBuff, credInfo);
default:
SECURITY_LOG_ERROR("Invalid cred type!");
break;
}
return ERR_INVALID_PARA;
}

160
oem_property/ohos/impl/external_interface_adapter.c
View File

@ -44,8 +44,7 @@ const char g_dslmKey[] = "dslm_key";
#define TYPE_CERT_END (TYPE_CERT_BASE + MAX_ENTRY)
#define LIST_MAX_SIZE 8192
struct HksTestCertChain
{
struct HksTestCertChain {
bool certChainExist;
bool certCountValid;
bool certDataExist;
@ -70,39 +69,31 @@ int32_t GetPkInfoListStr(bool isSelf, const char *udidStr, char **pkInfoList)
uint32_t resultNum = 0;
int32_t ret = GenerateFuncParamJson(isSelf, udidStr, &paramJson[0], HICHIAN_INPUT_PARAM_STRING_LENGTH);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_INFO("GenerateFuncParamJson failed");
return ret;
}
const DeviceGroupManager *interface = GetGmInstance();
ret = interface->getPkInfoList(ANY_OS_ACCOUNT, "dslm_service", paramJson, &resultBuffer, &resultNum);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_INFO("getPkInfoList failed! ret = %{public}d", ret);
return ERR_CALL_EXTERNAL_FUNC;
}
if (memcmp(resultBuffer, pkInfoEmpty, strlen(pkInfoEmpty)) == 0)
{
if (memcmp(resultBuffer, pkInfoEmpty, strlen(pkInfoEmpty)) == 0) {
SECURITY_LOG_INFO("Current pkInfoList is NULL.");
*pkInfoList = (char *)MALLOC(strlen(pkInfoBase) + 1);
if (strcpy_s(*pkInfoList, strlen(pkInfoBase) + 1, pkInfoBase) != EOK)
{
if (strcpy_s(*pkInfoList, strlen(pkInfoBase) + 1, pkInfoBase) != EOK) {
ret = ERR_MEMORY_ERR;
}
}
else
{
} else {
*pkInfoList = (char *)MALLOC(strlen(resultBuffer) + 1);
if (strcpy_s(*pkInfoList, strlen(resultBuffer) + 1, resultBuffer) != EOK)
{
if (strcpy_s(*pkInfoList, strlen(resultBuffer) + 1, resultBuffer) != EOK) {
ret = ERR_MEMORY_ERR;
}
}
if (ret == SUCCESS)
{
if (ret == SUCCESS) {
SECURITY_LOG_INFO("pkinfo = %{public}s", *pkInfoList);
}
interface->destroyInfo(&resultBuffer);
@ -114,8 +105,7 @@ int32_t DslmCredAttestAdapter(struct DslmInfoInCertChain *info, uint8_t **certCh
SECURITY_LOG_INFO("DslmCredAttestAdapter start");
struct HksBlob keyAlias = {sizeof(g_dslmKey), (uint8_t *)g_dslmKey};
if (HksGenerateKeyAdapter(&keyAlias) != HKS_SUCCESS)
{
if (HksGenerateKeyAdapter(&keyAlias) != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksGenerateKeyAdapter failed!");
}
struct HksParam inputData[] = {
@ -126,18 +116,15 @@ int32_t DslmCredAttestAdapter(struct DslmInfoInCertChain *info, uint8_t **certCh
};
struct HksParamSet *inputParam = NULL;
if (HksInitParamSet(&inputParam) != HKS_SUCCESS)
{
if (HksInitParamSet(&inputParam) != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksInitParamSet failed!");
return ERR_CALL_EXTERNAL_FUNC;
}
if (HksAddParams(inputParam, inputData, sizeof(inputData) / sizeof(inputData[0])) != HKS_SUCCESS)
{
if (HksAddParams(inputParam, inputData, sizeof(inputData) / sizeof(inputData[0])) != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksAddParams failed!");
return ERR_CALL_EXTERNAL_FUNC;
}
if (HksBuildParamSet(&inputParam) != HKS_SUCCESS)
{
if (HksBuildParamSet(&inputParam) != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksBuildParamSet failed!");
return ERR_CALL_EXTERNAL_FUNC;
}
@ -146,22 +133,19 @@ int32_t DslmCredAttestAdapter(struct DslmInfoInCertChain *info, uint8_t **certCh
struct HksCertChain *hksCertChain = NULL;
const struct HksTestCertChain certParam = {true, true, true, certChainMaxLen};
int32_t ret = ConstructDataToCertChain(&hksCertChain, &certParam);
if (ret != HKS_SUCCESS)
{
if (ret != HKS_SUCCESS) {
SECURITY_LOG_INFO("ConstructDataToCertChain ret = %{public}d ", ret);
return ret;
}
ret = HksAttestKey(&keyAlias, inputParam, hksCertChain);
if (ret != HKS_SUCCESS)
{
if (ret != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksAttestKey failed, ret = %{public}d ", ret);
return ret;
}
ret = HksCertChainToBuffer(hksCertChain, certChain, certChainLen);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("HksCertChainToHksBlob failed!");
return ret;
}
@ -183,18 +167,15 @@ int32_t ValidateCertChainAdapter(uint8_t *data, uint32_t dataLen, struct DslmInf
};
struct HksParamSet *outputParam = NULL;
if (HksInitParamSet(&outputParam) != HKS_SUCCESS)
{
if (HksInitParamSet(&outputParam) != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksInitParamSet failed!");
return ERR_CALL_EXTERNAL_FUNC;
}
if (HksAddParams(outputParam, outputData, sizeof(outputData) / sizeof(outputData[0])) != HKS_SUCCESS)
{
if (HksAddParams(outputParam, outputData, sizeof(outputData) / sizeof(outputData[0])) != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksAddParams failed!");
return ERR_CALL_EXTERNAL_FUNC;
}
if (HksBuildParamSet(&outputParam) != HKS_SUCCESS)
{
if (HksBuildParamSet(&outputParam) != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksBuildParamSet failed!");
return ERR_CALL_EXTERNAL_FUNC;
}
@ -203,30 +184,28 @@ int32_t ValidateCertChainAdapter(uint8_t *data, uint32_t dataLen, struct DslmInf
struct HksCertChain hksCertChain = {&certBlob[0], 4};
int32_t ret = BufferToHksCertChain(data, dataLen, &hksCertChain);
if (ret != SUCCESS)
{
if (ret != SUCCESS) {
SECURITY_LOG_ERROR("HksBlobToHksCertChain error, ret = %{public}d", ret);
return ERR_CALL_EXTERNAL_FUNC;
}
ret = HksValidateCertChain(&hksCertChain, outputParam);
if (ret != HKS_SUCCESS)
{
if (ret != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksValidateCertChain error, ret = %{public}d", ret);
return ERR_CALL_EXTERNAL_FUNC;
}
if (memcpy_s(resultInfo->nounceStr, DSLM_INFO_MAX_LEN_NOUNCE, outputParam->params[0].blob.data, outputParam->params[0].blob.size) != EOK)
{
if (memcpy_s(resultInfo->nounceStr, DSLM_INFO_MAX_LEN_NOUNCE, outputParam->params[0].blob.data,
outputParam->params[0].blob.size) != EOK) {
SECURITY_LOG_INFO("memcpy_s error 1! %{public}d", outputParam->params[0].blob.size);
return ERR_MEMORY_ERR;
}
if (memcpy_s(resultInfo->credStr, DSLM_INFO_MAX_LEN_CRED, outputParam->params[1].blob.data, outputParam->params[1].blob.size) != EOK)
{
if (memcpy_s(resultInfo->credStr, DSLM_INFO_MAX_LEN_CRED, outputParam->params[1].blob.data,
outputParam->params[1].blob.size) != EOK) {
SECURITY_LOG_INFO("memcpy_s error 2! %{public}d", outputParam->params[1].blob.size);
return ERR_MEMORY_ERR;
}
if (memcpy_s(resultInfo->udidStr, DSLM_INFO_MAX_LEN_UDID, outputParam->params[2].blob.data, outputParam->params[2].blob.size) != EOK)
{
if (memcpy_s(resultInfo->udidStr, DSLM_INFO_MAX_LEN_UDID, outputParam->params[2].blob.data,
outputParam->params[2].blob.size) != EOK) {
SECURITY_LOG_INFO("memcpy_s error 3! %{public}d", outputParam->params[2].blob.size);
return ERR_MEMORY_ERR;
}
@ -237,8 +216,7 @@ int32_t ValidateCertChainAdapter(uint8_t *data, uint32_t dataLen, struct DslmInf
int32_t HksAttestIsReadyAdapter()
{
if (HksIsAttestReady() != HKS_SUCCESS)
{
if (HksIsAttestReady() != HKS_SUCCESS) {
SECURITY_LOG_ERROR("Hks attest not ready!");
return ERR_CALL_EXTERNAL_FUNC;
}
@ -259,31 +237,27 @@ static int32_t HksGenerateKeyAdapter(const struct HksBlob *keyAlias)
};
struct HksParamSet *paramSet = NULL;
int32_t ret = HksInitParamSet(&paramSet);
if (ret != HKS_SUCCESS)
{
if (ret != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksInitParamSet failed!");
return ret;
}
ret = HksAddParams(paramSet, tmpParams, sizeof(tmpParams) / sizeof(tmpParams[0]));
if (ret != HKS_SUCCESS)
{
if (ret != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksAddParams failed!");
HksFreeParamSet(&paramSet);
return ret;
}
ret = HksBuildParamSet(&paramSet);
if (ret != HKS_SUCCESS)
{
if (ret != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksBuildParamSet failed!");
HksFreeParamSet(&paramSet);
return ret;
}
ret = HksGenerateKey(keyAlias, paramSet, NULL);
if (ret != HKS_SUCCESS)
{
if (ret != HKS_SUCCESS) {
SECURITY_LOG_ERROR("HksGenerateKey failed!");
}
HksFreeParamSet(&paramSet);
@ -292,34 +266,28 @@ static int32_t HksGenerateKeyAdapter(const struct HksBlob *keyAlias)
static int32_t ConstructDataToCertChain(struct HksCertChain **certChain, const struct HksTestCertChain *certChainParam)
{
if (!certChainParam->certChainExist)
{
if (!certChainParam->certChainExist) {
return 0;
}
*certChain = (struct HksCertChain *)MALLOC(sizeof(struct HksCertChain));
if (*certChain == NULL)
{
if (*certChain == NULL) {
SECURITY_LOG_ERROR("malloc fail");
return HKS_ERROR_MALLOC_FAIL;
}
if (!certChainParam->certCountValid)
{
if (!certChainParam->certCountValid) {
(*certChain)->certsCount = 0;
return 0;
}
(*certChain)->certsCount = 4;
if (!certChainParam->certDataExist)
{
if (!certChainParam->certDataExist) {
(*certChain)->certs = NULL;
return 0;
}
(*certChain)->certs = (struct HksBlob *)MALLOC(sizeof(struct HksBlob) * ((*certChain)->certsCount));
for (uint32_t i = 0; i < (*certChain)->certsCount; i++)
{
for (uint32_t i = 0; i < (*certChain)->certsCount; i++) {
(*certChain)->certs[i].size = certChainParam->certDataSize;
(*certChain)->certs[i].data = (uint8_t *)MALLOC((*certChain)->certs[i].size);
if ((*certChain)->certs[i].data == NULL)
{
if ((*certChain)->certs[i].data == NULL) {
SECURITY_LOG_ERROR("malloc fail");
return HKS_ERROR_MALLOC_FAIL;
}
@ -340,8 +308,7 @@ static int32_t HksCertChainToBuffer(struct HksCertChain *hksCertChain, uint8_t *
tlvs[tlvCnt].len = 100;
tlvs[tlvCnt].value = &lwk;
for (uint32_t i = 0; i < hksCertChain->certsCount; i++)
{
for (uint32_t i = 0; i < hksCertChain->certsCount; i++) {
tlvs[tlvCnt].tag = TYPE_CERT_BASE + 1;
tlvs[tlvCnt].len = hksCertChain->certs[i].size;
tlvs[tlvCnt].value = hksCertChain->certs[i].data;
@ -349,13 +316,11 @@ static int32_t HksCertChainToBuffer(struct HksCertChain *hksCertChain, uint8_t *
}
uint8_t *out = MALLOC(LIST_MAX_SIZE);
if (out == NULL)
{
if (out == NULL) {
return ERR_NO_MEMORY;
}
memset_s(out, LIST_MAX_SIZE, 0, LIST_MAX_SIZE);
if (Serialize(tlvs, tlvCnt, out, LIST_MAX_SIZE, dataLen) != TLV_OK)
{
if (Serialize(tlvs, tlvCnt, out, LIST_MAX_SIZE, dataLen) != TLV_OK) {
FREE(out);
return ERR_NO_MEMORY;
}
@ -372,17 +337,13 @@ static int32_t BufferToHksCertChain(uint8_t *data, uint32_t dataLen, struct HksC
uint32_t cnt = 0;
uint32_t ret = Deserialize(data, dataLen, &tlvs[0], MAX_ENTRY, &cnt);
if (ret != TLV_OK || cnt == 0)
{
if (ret != TLV_OK || cnt == 0) {
return ERR_INVALID_PARA;
}
uint32_t certCnt = 0;
for (uint32_t i = 0; i < cnt; i++)
{
if ((tlvs[i].tag >= TYPE_CERT_BASE) && (tlvs[i].tag <= TYPE_CERT_END))
{
if (certCnt >= MAX_ENTRY)
{
for (uint32_t i = 0; i < cnt; i++) {
if ((tlvs[i].tag >= TYPE_CERT_BASE) && (tlvs[i].tag <= TYPE_CERT_END)) {
if (certCnt >= MAX_ENTRY) {
return ERR_HUKS_ERR;
}
hksCertChain->certs[certCnt].data = tlvs[i].value;
@ -397,8 +358,7 @@ static int32_t BufferToHksCertChain(uint8_t *data, uint32_t dataLen, struct HksC
static int32_t GenerateFuncParamJson(bool isSelfPk, const char *udidStr, char *dest, uint32_t destMax)
{
JsonHandle json = CreateJson(NULL);
if (json == NULL)
{
if (json == NULL) {
return ERR_INVALID_PARA;
}
@ -406,14 +366,12 @@ static int32_t GenerateFuncParamJson(bool isSelfPk, const char *udidStr, char *d
AddFieldStringToJson(json, "udid", udidStr);
char *paramsJsonBuffer = ConvertJsonToString(json);
if (paramsJsonBuffer == NULL)
{
if (paramsJsonBuffer == NULL) {
DestroyJson(json);
return ERR_MEMORY_ERR;
}
DestroyJson(json);
if (strcpy_s(dest, destMax, paramsJsonBuffer) != EOK)
{
if (strcpy_s(dest, destMax, paramsJsonBuffer) != EOK) {
FREE(paramsJsonBuffer);
paramsJsonBuffer = NULL;
return ERR_MEMORY_ERR;
@ -425,23 +383,19 @@ static int32_t GenerateFuncParamJson(bool isSelfPk, const char *udidStr, char *d
int32_t InitDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo)
{
if (saveInfo == NULL)
{
if (saveInfo == NULL) {
return ERR_INVALID_PARA;
}
saveInfo->nounceStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_NOUNCE);
if (saveInfo->nounceStr == NULL)
{
if (saveInfo->nounceStr == NULL) {
return ERR_NO_MEMORY;
}
saveInfo->credStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_CRED);
if (saveInfo->credStr == NULL)
{
if (saveInfo->credStr == NULL) {
return ERR_NO_MEMORY;
}
saveInfo->udidStr = (char *)MALLOC(DSLM_INFO_MAX_LEN_UDID);
if (saveInfo->udidStr == NULL)
{
if (saveInfo->udidStr == NULL) {
return ERR_NO_MEMORY;
}
return SUCCESS;
@ -449,22 +403,18 @@ int32_t InitDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo)
void DestroyDslmInfoInCertChain(struct DslmInfoInCertChain *saveInfo)
{
if (saveInfo == NULL)
{
if (saveInfo == NULL) {
return;
}
if (saveInfo->nounceStr != NULL)
{
if (saveInfo->nounceStr != NULL) {
FREE(saveInfo->nounceStr);
saveInfo->nounceStr = NULL;
}
if (saveInfo->credStr != NULL)
{
if (saveInfo->credStr != NULL) {
FREE(saveInfo->credStr);
saveInfo->credStr = NULL;
}
if (saveInfo->udidStr != NULL)
{
if (saveInfo->udidStr != NULL) {
FREE(saveInfo->udidStr);
saveInfo->udidStr = NULL;
}

3
oem_property/ohos/impl/external_interface_adapter.h
View File

@ -19,8 +19,7 @@
#include <stdbool.h>
#include <stdint.h>
struct DslmInfoInCertChain
{
struct DslmInfoInCertChain {
char *udidStr;
char *credStr;
char *nounceStr; // challenge + pkinfoList