增加首次使用密钥时迁移

Signed-off-by: tangboyi <tangboyi1@huawei.com> Change-Id: I6b262808ea9a4a98cb0c8f4d4f7a751324b443b0 Signed-off-by: tangboyi <tangboyi1@huawei.com>
2025-02-21 10:41:55 +00:00 · 2024-07-19 17:20:48 +08:00 · 2024-07-19 17:20:48 +08:00 · 2f113cf9f8
commit 2f113cf9f8
parent d6983c05f8
6 changed files with 97 additions and 5 deletions
--- a/services/huks_standard/huks_service/main/core/BUILD.gn
+++ b/services/huks_standard/huks_service/main/core/BUILD.gn
@ -108,6 +108,7 @@ if (os_level == "standard") {

    if (huks_enable_upgrade_key_storage_secure_level) {
      deps += [ "//base/security/huks/services/huks_standard/huks_service/main/upgrade/file_transfer:libhuks_upgrade_file_transfer_static" ]
+      sources += [ "src/hks_osaccount_check.cpp" ]
    }

    if (enable_bundle_framework) {
--- a/services/huks_standard/huks_service/main/core/include/hks_osaccount_check.h
+++ b/services/huks_standard/huks_service/main/core/include/hks_osaccount_check.h
@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef HKS_OSACCOUNT_CHECK_H
+#define HKS_OSACCOUNT_CHECK_H
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void HksCheckIfNeedTransferFile(uint32_t storageLevel, int32_t storeUserId);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // HKS_OSACCOUNT_CHECK_H
--- a/services/huks_standard/huks_service/main/core/src/hks_osaccount_check.cpp
+++ b/services/huks_standard/huks_service/main/core/src/hks_osaccount_check.cpp
@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifdef L2_STANDARD
+#ifdef HUKS_ENABLE_UPGRADE_KEY_STORAGE_SECURE_LEVEL
+#include "hks_file_transfer.h"
+#include "hks_log.h"
+#include "hks_type.h"
+#include "hks_osaccount_check.h"
+
+#ifdef HAS_OS_ACCOUNT_PART
+#include "os_account_manager.h"
+#endif // HAS_OS_ACCOUNT_PART
+
+static volatile bool g_isCeUpgradeSucc = false;
+
+static bool HksIsOsAccountVerified(const int32_t userId)
+{
+    bool isVerified = false;
+#ifdef HAS_OS_ACCOUNT_PART
+    OHOS::AccountSA::OsAccountManager::IsOsAccountVerified(userId, isVerified);
+    if (!isVerified) {
+        HKS_LOG_E("os account verify failed, userid is : %" LOG_PUBLIC "d", userId);
+    }
+#else
+    HKS_LOG_E("os account not support");
+#endif
+    return isVerified;
+}
+
+void HksCheckIfNeedTransferFile(const uint32_t storageLevel, const int32_t storeUserId)
+{
+    if (!g_isCeUpgradeSucc && storageLevel == HKS_AUTH_STORAGE_LEVEL_CE && HksIsOsAccountVerified(storeUserId)) {
+        UpgradeFileTransfer();
+        g_isCeUpgradeSucc = true;
+    }
+}
+
+#endif // HUKS_ENABLE_UPGRADE_KEY_STORAGE_SECURE_LEVEL
+#endif // L2_STANDARD
--- a/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c
+++ b/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c
@ -36,13 +36,17 @@
 #include "hks_type_inner.h"

 #ifdef L2_STANDARD
+#ifdef HUKS_ENABLE_UPGRADE_KEY_STORAGE_SECURE_LEVEL
+#include "hks_osaccount_check.h"
+#endif
+
 static int32_t GetStorageLevelAndStoreUserIdParam(const struct HksProcessInfo* processInfo,
-    const struct HksParamSet *paramSet, uint32_t *storageLevel, uint32_t *storeUserId)
+    const struct HksParamSet *paramSet, uint32_t *storageLevel, int32_t *storeUserId)
 {
    struct HksParam *specificUserIdParam = NULL;
    int32_t ret = HksGetParam(paramSet, HKS_TAG_SPECIFIC_USER_ID, &specificUserIdParam);
    if (ret == HKS_SUCCESS) {
-        *storeUserId = specificUserIdParam->uint32Param;
+        *storeUserId = specificUserIdParam->int32Param;
    } else if (ret == HKS_ERROR_PARAM_NOT_EXIST) {
        *storeUserId = processInfo->userIdInt;
        ret = HKS_SUCCESS;
@ -55,6 +59,9 @@ static int32_t GetStorageLevelAndStoreUserIdParam(const struct HksProcessInfo* p

    *storageLevel = storageLevelParam->uint32Param;

+#ifdef HUKS_ENABLE_UPGRADE_KEY_STORAGE_SECURE_LEVEL
+    HksCheckIfNeedTransferFile(*storageLevel, *storeUserId);
+#endif
    return ret;
 }
 #endif
@ -82,7 +89,7 @@ static int32_t GetKeyAliasPath(const struct HksBlob *keyAlias, struct HksStoreMa
    return ConstructName(keyAlias, outMaterial->keyAliasPath, HKS_MAX_FILE_NAME_LEN);
 }

-static int32_t GetUserIdPath(uint32_t userId, bool isPlain, struct HksStoreMaterial *outMaterial)
+static int32_t GetUserIdPath(int32_t userId, bool isPlain, struct HksStoreMaterial *outMaterial)
 {
    outMaterial->userIdPath = (char *)HksMalloc(HKS_MAX_DIRENT_FILE_LEN);
    HKS_IF_NULL_LOGE_RETURN(outMaterial->userIdPath, HKS_ERROR_MALLOC_FAIL, "malloc userIdPath failed.")
@ -225,7 +232,7 @@ static int32_t InitStorageMaterial(const struct HksProcessInfo *processInfo,
 {
    (void)paramSet;
    uint32_t storageLevel = HKS_AUTH_STORAGE_LEVEL_DE;
-    uint32_t storeUserId = processInfo->userIdInt;
+    int32_t storeUserId = processInfo->userIdInt;
    int32_t ret;
 #ifdef L2_STANDARD
    ret = GetStorageLevelAndStoreUserIdParam(processInfo, paramSet, &storageLevel, &storeUserId);
--- a/services/huks_standard/huks_service/main/upgrade/file_transfer/include/hks_file_transfer.h
+++ b/services/huks_standard/huks_service/main/upgrade/file_transfer/include/hks_file_transfer.h
@ -24,6 +24,7 @@ extern "C" {

 int32_t HksUpgradeFileTransferOnPowerOn(void);
 int32_t HksUpgradeFileTransferOnUserUnlock(uint32_t userId);
+int32_t UpgradeFileTransfer(void);

 #ifdef __cplusplus
 }
--- a/services/huks_standard/huks_service/main/upgrade/file_transfer/src/hks_file_transfer.c
+++ b/services/huks_standard/huks_service/main/upgrade/file_transfer/src/hks_file_transfer.c
@ -245,7 +245,7 @@ static int ProcessFileUpgrade(const char *filePath, const struct stat *st, int t
    return 0;
 }

-ENABLE_CFI(static int32_t UpgradeFileTransfer(void))
+ENABLE_CFI(int32_t UpgradeFileTransfer(void))
 {
    // depth first and ignore soft link
    int nftwRet = nftw(HKS_KEY_STORE_TMP_PATH, ProcessFileUpgrade, OPEN_FDS, FTW_DEPTH | FTW_PHYS);