From b59ee285cd3a7d7901c75cfaabe6c6e023eebd3f Mon Sep 17 00:00:00 2001 From: WuXinTao Date: Fri, 9 Aug 2024 14:22:14 +0800 Subject: [PATCH] add code for cycle deps fix 8-9 Signed-off-by: wuxintao --- .../huks_standard/main/crypto_engine/BUILD.gn | 23 + .../include/hks_core_ability.h} | 68 +- .../include/hks_core_get_main_key.h} | 77 +- .../crypto_common/src/hks_core_ability.c | 30 + .../src/hks_core_get_main_key.c} | 134 +- .../main/crypto_engine/mbedtls/BUILD.gn | 15 +- .../mbedtls/src/hks_mbedtls_ability.c | 10 +- .../mbedtls/src/hks_mbedtls_get_main_key.c | 54 - .../main/crypto_engine/openssl/BUILD.gn | 38 +- .../openssl/src/hks_openssl_ability.c | 10 +- interfaces/inner_api/huks_lite/BUILD.gn | 27 +- .../inner_api/huks_standard/main/BUILD.gn | 9 +- .../{main/src => source}/hks_api.c | 0 .../{main/src => source}/hks_api_adapter.c | 0 .../{main/src => source}/hks_api_adapter.h | 0 .../huks_engine/main/core/BUILD.gn | 15 +- .../main/core/src/hks_core_service.c | 5 +- .../huks_engine/main/core_dependency/BUILD.gn | 5 +- .../device_cert_manager/include/dcm_attest.h | 4 +- .../main/device_cert_manager/src/dcm_attest.c | 25 +- .../huks_service/main/core/BUILD.gn | 34 +- .../main/core/src/hks_client_service.c | 4 +- .../{core => hks_storage}/include/hks_lock.h | 0 .../include/hks_storage.h | 190 +- .../include/hks_storage_adapter.h | 74 +- .../include/hks_storage_file_lock.h | 0 .../include/hks_storage_manager.h | 0 .../include/hks_storage_utils.h | 0 .../main/{core => hks_storage}/src/hks_lock.c | 0 .../{core => hks_storage}/src/hks_lock_lite.c | 0 .../{core => hks_storage}/src/hks_storage.c | 1743 ++++++++-------- .../src/hks_storage_adapter.c | 272 +-- .../src/hks_storage_file_lock.c | 0 .../src/hks_storage_lite.c | 1836 ++++++++--------- .../src/hks_storage_manager.c | 0 .../src/hks_storage_utils.c | 0 .../main/os_dependency/sa/hks_sa.cpp | 5 + .../plugin_proxy/include/hks_plugin_adapter.h | 2 +- .../plugin_proxy/src/hks_plugin_adapter.cpp | 8 +- .../src/hks_plugin_adapter_mock.c | 5 + .../dcm}/include/hks_client_service_dcm.h | 0 .../dcm}/src/hks_client_service_dcm.cpp | 0 .../main/upgrade/file_transfer/BUILD.gn | 5 +- .../innerapi_fuzzer/hksrkc_fuzzer/BUILD.gn | 1 + .../huks_lite_test/liteos_a_adapter/BUILD.gn | 1 + .../crypto_engine_test/BUILD.gn | 1 + .../huks_standard_test/module_test/BUILD.gn | 1 + .../inner_kits_passthrough/BUILD.gn | 18 +- .../core/src/hks_storage_test.cpp | 2 +- .../storage/src/hks_storage_manager_test.cpp | 2 +- .../storage/src/hks_storage_util_test.cpp | 2 +- .../storage_multithread_test/BUILD.gn | 11 +- 52 files changed, 2396 insertions(+), 2370 deletions(-) rename frameworks/huks_standard/main/crypto_engine/{openssl/include/hks_openssl_get_main_key.h => crypto_common/include/hks_core_ability.h} (62%) rename frameworks/huks_standard/main/crypto_engine/{mbedtls/include/hks_mbedtls_get_main_key.h => crypto_common/include/hks_core_get_main_key.h} (70%) create mode 100644 frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c rename frameworks/huks_standard/main/crypto_engine/{openssl/src/hks_openssl_get_main_key.c => crypto_common/src/hks_core_get_main_key.c} (73%) delete mode 100644 frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_get_main_key.c rename interfaces/inner_api/huks_standard/{main/src => source}/hks_api.c (100%) rename interfaces/inner_api/huks_standard/{main/src => source}/hks_api_adapter.c (100%) rename interfaces/inner_api/huks_standard/{main/src => source}/hks_api_adapter.h (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/include/hks_lock.h (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/include/hks_storage.h (96%) rename services/huks_standard/huks_service/main/{core => hks_storage}/include/hks_storage_adapter.h (93%) rename services/huks_standard/huks_service/main/{core => hks_storage}/include/hks_storage_file_lock.h (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/include/hks_storage_manager.h (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/include/hks_storage_utils.h (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/src/hks_lock.c (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/src/hks_lock_lite.c (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/src/hks_storage.c (96%) rename services/huks_standard/huks_service/main/{core => hks_storage}/src/hks_storage_adapter.c (97%) rename services/huks_standard/huks_service/main/{core => hks_storage}/src/hks_storage_file_lock.c (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/src/hks_storage_lite.c (97%) rename services/huks_standard/huks_service/main/{core => hks_storage}/src/hks_storage_manager.c (100%) rename services/huks_standard/huks_service/main/{core => hks_storage}/src/hks_storage_utils.c (100%) rename services/huks_standard/huks_service/main/{core => systemapi_wrap/dcm}/include/hks_client_service_dcm.h (100%) rename services/huks_standard/huks_service/main/{core => systemapi_wrap/dcm}/src/hks_client_service_dcm.cpp (100%) diff --git a/frameworks/huks_standard/main/crypto_engine/BUILD.gn b/frameworks/huks_standard/main/crypto_engine/BUILD.gn index 6a8731ee..b616a158 100644 --- a/frameworks/huks_standard/main/crypto_engine/BUILD.gn +++ b/frameworks/huks_standard/main/crypto_engine/BUILD.gn @@ -26,6 +26,18 @@ if (os_level == "standard") { public_deps = [ "//base/security/huks/frameworks/huks_standard/main/crypto_engine/mbedtls:libhuks_mbedtls_standard_static" ] } + sources = [ + "//base/security/huks/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c", + "//base/security/huks/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_get_main_key.c", + ] + include_dirs = [ + "//base/security/huks/interfaces/inner_api/huks_standard/main/include", + "//base/security/huks/frameworks/huks_standard/main/common/include", + "//base/security/huks/frameworks/huks_standard/main/crypto_engine/crypto_common/include", + ] + + external_deps = [ "c_utils:utils" ] + complete_static_lib = true branch_protector_ret = "pac_ret" @@ -48,6 +60,17 @@ if (os_level == "standard") { "//base/security/huks/frameworks/config/build:l1_small_common_config", ] + sources = [ + "//base/security/huks/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c", + "//base/security/huks/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_get_main_key.c", + ] + include_dirs = [ + "//base/security/huks/interfaces/inner_api/huks_standard/main/include", + "//base/security/huks/frameworks/huks_standard/main/common/include", + "//base/security/huks/frameworks/huks_standard/main/crypto_engine/crypto_common/include", + "//third_party/bounds_checking_function/include", + ] + if (huks_use_mbedtls) { public_deps = [ "//base/security/huks/frameworks/huks_standard/main/crypto_engine/mbedtls:libhuks_mbedtls_small_static" ] } else { diff --git a/frameworks/huks_standard/main/crypto_engine/openssl/include/hks_openssl_get_main_key.h b/frameworks/huks_standard/main/crypto_engine/crypto_common/include/hks_core_ability.h similarity index 62% rename from frameworks/huks_standard/main/crypto_engine/openssl/include/hks_openssl_get_main_key.h rename to frameworks/huks_standard/main/crypto_engine/crypto_common/include/hks_core_ability.h index dac8efb7..a59151b8 100644 --- a/frameworks/huks_standard/main/crypto_engine/openssl/include/hks_openssl_get_main_key.h +++ b/frameworks/huks_standard/main/crypto_engine/crypto_common/include/hks_core_ability.h @@ -1,38 +1,30 @@ -/* - * Copyright (c) 2023-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef HKS_OPENSSL_GET_MAIN_KEY_H -#define HKS_OPENSSL_GET_MAIN_KEY_H - -#ifdef HKS_CONFIG_FILE -#include HKS_CONFIG_FILE -#else -#include "hks_config.h" -#endif - -#include "hks_crypto_hal.h" -#include "hks_type_inner.h" - -#ifdef __cplusplus -extern "C" { -#endif - -int32_t HksOpensslGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey); - -#ifdef __cplusplus -} -#endif - -#endif /* HKS_OPENSSL_GET_MAIN_KEY_H */ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef HKS_CORE_ABILITY_H +#define HKS_CORE_ABILITY_H + +#include "hks_crypto_hal.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksCryptoAbilityInitBase(void); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_CORE_ABILITY_H */ \ No newline at end of file diff --git a/frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_get_main_key.h b/frameworks/huks_standard/main/crypto_engine/crypto_common/include/hks_core_get_main_key.h similarity index 70% rename from frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_get_main_key.h rename to frameworks/huks_standard/main/crypto_engine/crypto_common/include/hks_core_get_main_key.h index aa2526de..9285c79e 100644 --- a/frameworks/huks_standard/main/crypto_engine/mbedtls/include/hks_mbedtls_get_main_key.h +++ b/frameworks/huks_standard/main/crypto_engine/crypto_common/include/hks_core_get_main_key.h @@ -1,38 +1,39 @@ -/* - * Copyright (c) 2023-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef HKS_MBEDTLS_GET_MAIN_KEY_H -#define HKS_MBEDTLS_GET_MAIN_KEY_H - -#ifdef HKS_CONFIG_FILE -#include HKS_CONFIG_FILE -#else -#include "hks_config.h" -#endif - -#include "hks_crypto_hal.h" -#include "hks_type_inner.h" - -#ifdef __cplusplus -extern "C" { -#endif - -int32_t HksMbedtlsGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey); - -#ifdef __cplusplus -} -#endif - -#endif /* HKS_MBEDTLS_GET_MAIN_KEY_H */ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_CORE_GET_MAIN_KEY_H +#define HKS_CORE_GET_MAIN_KEY_H + +#ifdef HKS_CONFIG_FILE +#include HKS_CONFIG_FILE +#else +#include "hks_config.h" +#endif + +#include "hks_crypto_hal.h" + +#ifdef __cplusplus +extern "C" { +#endif + +int32_t HksCoreGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey); + +void RegisterAbilityGetMainKey(void); + +#ifdef __cplusplus +} +#endif + +#endif /* HKS_CORE_GET_MAIN_KEY_H */ diff --git a/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c b/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c new file mode 100644 index 00000000..739f99f4 --- /dev/null +++ b/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifdef HKS_CONFIG_FILE +#include HKS_CONFIG_FILE +#else +#include "hks_config.h" +#endif + +#include "hks_core_ability.h" +#include "hks_core_get_main_key.h" + +int32_t HksCryptoAbilityInit(void) +{ + HksCryptoAbilityInitBase(); + RegisterAbilityGetMainKey(); + return HKS_SUCCESS; +} diff --git a/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_get_main_key.c b/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_get_main_key.c similarity index 73% rename from frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_get_main_key.c rename to frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_get_main_key.c index 17abec32..3eafd23c 100644 --- a/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_get_main_key.c +++ b/frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_get_main_key.c @@ -1,59 +1,77 @@ -/* - * Copyright (c) 2023-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifdef HKS_CONFIG_FILE -#include HKS_CONFIG_FILE -#else -#include "hks_config.h" -#endif - -#include "hks_log.h" -#include "hks_template.h" -#include "hks_openssl_get_main_key.h" - -#ifndef _HARDWARE_ROOT_KEY_ -#include "hks_rkc.h" -#endif - -int32_t HksOpensslGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey) -{ - (void)message; - -#ifndef _HARDWARE_ROOT_KEY_ -#ifdef HKS_USE_RKC_IN_STANDARD - return HksRkcGetMainKey(mainKey); -#else - (void)mainKey; - return HKS_ERROR_NOT_SUPPORTED; -#endif -#else - /* - * Currently, root key is implemented using stubs. - * Product adaptation needs to be performed based on hardware capabilities. - */ - uint8_t stubBuf[] = { - 0x0c, 0xb4, 0x29, 0x39, 0xb7, 0x46, 0xa6, 0x4b, - 0xdd, 0xf3, 0x75, 0x4c, 0xe0, 0x73, 0x91, 0x51, - 0xc4, 0x88, 0xbe, 0xa4, 0xe1, 0x87, 0xb5, 0x42, - 0x06, 0x27, 0x08, 0x21, 0xe2, 0x8f, 0x9b, 0xc1, - }; - - if (memcpy_s(mainKey->data, mainKey->size, stubBuf, sizeof(stubBuf)) != EOK) { - HKS_LOG_E("memcpy failed, get stub main key failed"); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - return HKS_SUCCESS; -#endif +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifdef HKS_CONFIG_FILE +#include HKS_CONFIG_FILE +#else +#include "hks_config.h" +#endif + +#include "hks_core_get_main_key.h" +#include "hks_ability.h" +#include "securec.h" + +#ifndef _HARDWARE_ROOT_KEY_ +#include "hks_rkc.h" + +#ifdef L2_STANDARD +static int32_t L2CoreGetMainKey(struct HksBlob *mainKey) +{ +#ifdef HKS_USE_RKC_IN_STANDARD + return HksRkcGetMainKey(mainKey); +#else + (void)mainKey; + return HKS_ERROR_NOT_SUPPORTED; +#endif +} +#endif +#endif + +int32_t HksCoreGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey) +{ + (void)message; + +#ifndef _HARDWARE_ROOT_KEY_ + +#ifdef L2_STANDARD + return L2CoreGetMainKey(mainKey) +#else + return HksRkcGetMainKey(mainKey); +#endif + +#else + /* + * Currently, root key is implemented using stubs. + * Product adaptation needs to be performed based on hardware capabilities. + */ + uint8_t stubBuf[] = { + 0x0c, 0xb4, 0x29, 0x39, 0xb7, 0x46, 0xa6, 0x4b, + 0xdd, 0xf3, 0x75, 0x4c, 0xe0, 0x73, 0x91, 0x51, + 0xc4, 0x88, 0xbe, 0xa4, 0xe1, 0x87, 0xb5, 0x42, + 0x06, 0x27, 0x08, 0x21, 0xe2, 0x8f, 0x9b, 0xc1, + }; + + if (memcpy_s(mainKey->data, mainKey->size, stubBuf, sizeof(stubBuf)) != EOK) { + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + return HKS_SUCCESS; +#endif +} + +void RegisterAbilityGetMainKey(void) +{ + (void)RegisterAbility(HKS_CRYPTO_ABILITY_GET_MAIN_KEY, (void *)HksCoreGetMainKey); } \ No newline at end of file diff --git a/frameworks/huks_standard/main/crypto_engine/mbedtls/BUILD.gn b/frameworks/huks_standard/main/crypto_engine/mbedtls/BUILD.gn index f6d81497..a2c66fdb 100644 --- a/frameworks/huks_standard/main/crypto_engine/mbedtls/BUILD.gn +++ b/frameworks/huks_standard/main/crypto_engine/mbedtls/BUILD.gn @@ -18,6 +18,7 @@ if (os_level == "standard") { config("huks_config") { include_dirs = [ "include", + "../crypto_common/include", "//base/security/huks/frameworks/huks_standard/main/crypto_engine/rkc/include", ] } @@ -38,7 +39,6 @@ if (os_level == "standard") { "src/hks_mbedtls_ecdh.c", "src/hks_mbedtls_ecdsa.c", "src/hks_mbedtls_engine.c", - "src/hks_mbedtls_get_main_key.c", "src/hks_mbedtls_hash.c", "src/hks_mbedtls_hmac.c", "src/hks_mbedtls_kdf.c", @@ -80,6 +80,7 @@ if (os_level == "standard") { include_dirs = [ "include", "//base/security/huks/services/huks_standard/huks_service/main/core/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", "//base/security/huks/frameworks/huks_standard/main/crypto_engine/rkc/include", ] } @@ -87,7 +88,10 @@ if (os_level == "standard") { ohos_static_library("libhuks_mbedtls_small_static") { public_configs = [ ":huks_config" ] - include_dirs = [ "//base/security/huks/frameworks/huks_standard/main/crypto_engine/rkc/include" ] + include_dirs = [ + "//base/security/huks/frameworks/huks_standard/main/crypto_engine/rkc/include", + "../crypto_common/include", + ] defines = [] @@ -105,7 +109,6 @@ if (os_level == "standard") { "src/hks_mbedtls_ecdh.c", "src/hks_mbedtls_ecdsa.c", "src/hks_mbedtls_engine.c", - "src/hks_mbedtls_get_main_key.c", "src/hks_mbedtls_hash.c", "src/hks_mbedtls_hmac.c", "src/hks_mbedtls_kdf.c", @@ -114,9 +117,9 @@ if (os_level == "standard") { ] sources += [ - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", ] if (huks_enable_upgrade_rkc_v1tov2) { diff --git a/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c b/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c index 6849672f..aa123675 100644 --- a/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c +++ b/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c @@ -20,6 +20,7 @@ #endif #include "hks_ability.h" +#include "hks_core_ability.h" #include "hks_crypto_ed25519.h" #include "hks_log.h" @@ -31,7 +32,6 @@ #include "hks_mbedtls_ecc.h" #include "hks_mbedtls_ecdh.h" #include "hks_mbedtls_ecdsa.h" -#include "hks_mbedtls_get_main_key.h" #include "hks_mbedtls_hash.h" #include "hks_mbedtls_hmac.h" #include "hks_mbedtls_kdf.h" @@ -216,12 +216,7 @@ static void RegisterAbilityBnExpMod(void) #endif } -static void RegisterAbilityGetMainKey(void) -{ - (void)RegisterAbility(HKS_CRYPTO_ABILITY_GET_MAIN_KEY, (void *)HksMbedtlsGetMainKey); -} - -int32_t HksCryptoAbilityInit(void) +int32_t HksCryptoAbilityInitBase(void) { RegisterAbilityGenerateKey(); RegisterAbilityGetPublicKey(); @@ -235,6 +230,5 @@ int32_t HksCryptoAbilityInit(void) RegisterAbilityHash(); RegisterAbilityFillRandom(); RegisterAbilityBnExpMod(); - RegisterAbilityGetMainKey(); return HKS_SUCCESS; } \ No newline at end of file diff --git a/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_get_main_key.c b/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_get_main_key.c deleted file mode 100644 index 29f64aae..00000000 --- a/frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_get_main_key.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2023-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifdef HKS_CONFIG_FILE -#include HKS_CONFIG_FILE -#else -#include "hks_config.h" -#endif - -#include "hks_mbedtls_get_main_key.h" - -#include "hks_log.h" -#include "hks_template.h" - -#ifndef _HARDWARE_ROOT_KEY_ -#include "hks_rkc.h" -#endif - -int32_t HksMbedtlsGetMainKey(const struct HksBlob *message, struct HksBlob *mainKey) -{ - (void)message; -#ifndef _HARDWARE_ROOT_KEY_ - return HksRkcGetMainKey(mainKey); -#else - /* - * Currently, root key is implemented using stubs. - * Product adaptation needs to be performed based on hardware capabilities. - */ - uint8_t stubBuf[] = { - 0x0c, 0xb4, 0x29, 0x39, 0xb7, 0x46, 0xa6, 0x4b, - 0xdd, 0xf3, 0x75, 0x4c, 0xe0, 0x73, 0x91, 0x51, - 0xc4, 0x88, 0xbe, 0xa4, 0xe1, 0x87, 0xb5, 0x42, - 0x06, 0x27, 0x08, 0x21, 0xe2, 0x8f, 0x9b, 0xc1, - }; - - if (memcpy_s(mainKey->data, mainKey->size, stubBuf, sizeof(stubBuf)) != EOK) { - HKS_LOG_E("memcpy failed, get stub main key failed"); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - return HKS_SUCCESS; -#endif -} \ No newline at end of file diff --git a/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn b/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn index 4584d116..7d9f642c 100644 --- a/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn +++ b/frameworks/huks_standard/main/crypto_engine/openssl/BUILD.gn @@ -12,12 +12,14 @@ # limitations under the License. import("//base/security/huks/build/config.gni") -import("//base/security/huks/huks.gni") import("//build/ohos.gni") if (os_level == "standard") { config("huks_config") { - include_dirs = [ "include" ] + include_dirs = [ + "include", + "../crypto_common/include", + ] if (huks_use_rkc_in_standard) { include_dirs += [ "//base/security/huks/frameworks/huks_standard/main/crypto_engine/rkc/include" ] } @@ -39,7 +41,6 @@ if (os_level == "standard") { "src/hks_openssl_ecc.c", "src/hks_openssl_ed25519tox25519.c", "src/hks_openssl_engine.c", - "src/hks_openssl_get_main_key.c", "src/hks_openssl_hash.c", "src/hks_openssl_hmac.c", "src/hks_openssl_kdf.c", @@ -51,33 +52,24 @@ if (os_level == "standard") { deps = [] defines = [] include_dirs = [] - external_deps = [] if (huks_use_rkc_in_standard) { defines += [ "HKS_USE_RKC_IN_STANDARD" ] - include_dirs += [ "//base/security/huks/services/huks_standard/huks_service/main/core/include" ] + include_dirs += [ + "//base/security/huks/services/huks_standard/huks_service/main/core/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", + ] sources += [ "../rkc/src/hks_rkc.c", "../rkc/src/hks_rkc_rw.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_lock.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_file_lock.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_lock.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_file_lock.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/posix/hks_rwlock.c", ] - # when uks_use_rkc_in_standard and HKS_ENABLE_CLEAN_FILE are enabled at the same time, add the dependency of HDI to the engine - if (huks_enable_hdi_in_standard) { - sources += [ "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/passthrough/huks_hdi_access.c" ] - external_deps += [ "drivers_interface_huks:libhuks_proxy_1.0" ] - } else { - sources += [ - "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/passthrough/huks_access.c", - "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/passthrough/huks_core_dynamic_hal.c", - ] - } - deps += [ "//base/security/huks/frameworks/huks_standard/main/os_dependency:libhuks_os_dependency_standard_static", "//base/security/huks/utils/file_operator:libhuks_utils_file_operator_static", @@ -104,7 +96,7 @@ if (os_level == "standard") { boundary_sanitize = true ubsan = true } - external_deps += [ + external_deps = [ "c_utils:utils", "hilog:libhilog", ] @@ -119,6 +111,7 @@ if (os_level == "standard") { } } else { ohos_static_library("libhuks_openssl_small_static") { + include_dirs = [ "../crypto_common/include" ] sources = [ "src/hks_openssl_ability.c", "src/hks_openssl_aes.c", @@ -130,7 +123,6 @@ if (os_level == "standard") { "src/hks_openssl_ecc.c", "src/hks_openssl_ed25519tox25519.c", "src/hks_openssl_engine.c", - "src/hks_openssl_get_main_key.c", "src/hks_openssl_hash.c", "src/hks_openssl_hmac.c", "src/hks_openssl_kdf.c", diff --git a/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_ability.c b/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_ability.c index fb32a635..c027d07a 100644 --- a/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_ability.c +++ b/frameworks/huks_standard/main/crypto_engine/openssl/src/hks_openssl_ability.c @@ -22,6 +22,7 @@ #include #include "hks_ability.h" +#include "hks_core_ability.h" #include "hks_openssl_aes.h" #include "hks_openssl_bn.h" #include "hks_openssl_common.h" @@ -29,7 +30,6 @@ #include "hks_openssl_dh.h" #include "hks_openssl_dsa.h" #include "hks_openssl_ecc.h" -#include "hks_openssl_get_main_key.h" #include "hks_openssl_hash.h" #include "hks_openssl_hmac.h" #include "hks_openssl_kdf.h" @@ -254,11 +254,6 @@ static void RegisterAbilityHmac(void) #endif } -static void RegisterAbilityGetMainKey(void) -{ - (void)RegisterAbility(HKS_CRYPTO_ABILITY_GET_MAIN_KEY, HksOpensslGetMainKey); -} - static void RegisterAbilityFillRandom(void) { (void)RegisterAbility(HKS_CRYPTO_ABILITY_FILL_RANDOM, HksOpensslFillRandom); @@ -272,9 +267,8 @@ static void RegisterAbilityBnExpMod(void) #endif } -int32_t HksCryptoAbilityInit(void) +int32_t HksCryptoAbilityInitBase(void) { - RegisterAbilityGetMainKey(); RegisterAbilityGenerateKey(); RegisterAbilityGetPublicKey(); RegisterAbilitySign(); diff --git a/interfaces/inner_api/huks_lite/BUILD.gn b/interfaces/inner_api/huks_lite/BUILD.gn index 7c22b634..bad8241b 100644 --- a/interfaces/inner_api/huks_lite/BUILD.gn +++ b/interfaces/inner_api/huks_lite/BUILD.gn @@ -36,6 +36,7 @@ config("soft_huks_config") { include_dirs = [ "../../../frameworks/huks_standard/main/common/include", "../../../frameworks/huks_standard/main/core/include", + "../../../frameworks/huks_standard/main/crypto_engine/crypto_common/include", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/include", "../../../frameworks/huks_standard/main/crypto_engine/openssl/include", "../../../frameworks/huks_standard/main/crypto_engine/rkc/include", @@ -125,6 +126,8 @@ if (ohos_kernel_type == "liteos_m") { if (huks_use_mbedtls == true) { sources += [ + "../../../frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_ability.c", + "../../../frameworks/huks_standard/main/crypto_engine/crypto_common/src/hks_core_get_main_key.c", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_crypto_ed25519.c", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ability.c", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_aes.c", @@ -134,7 +137,6 @@ if (ohos_kernel_type == "liteos_m") { "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ecdh.c", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_ecdsa.c", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_engine.c", - "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_get_main_key.c", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_hash.c", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_hmac.c", "../../../frameworks/huks_standard/main/crypto_engine/mbedtls/src/hks_mbedtls_kdf.c", @@ -165,8 +167,8 @@ if (ohos_kernel_type == "liteos_m") { "../../../frameworks/huks_standard/main/os_dependency/posix/hks_util.c", "../../../frameworks/huks_standard/main/os_dependency/sysinfo/src/hks_get_process_info_passthrough.c", "../../../frameworks/huks_standard/main/os_dependency/sysinfo/src/hks_get_udid.c", - "../../../interfaces/inner_api/huks_standard/main/src/hks_api.c", - "../../../interfaces/inner_api/huks_standard/main/src/hks_api_adapter.c", + "../../../interfaces/inner_api/huks_standard/source/hks_api.c", + "../../../interfaces/inner_api/huks_standard/source/hks_api_adapter.c", "../../../services/huks_standard/huks_engine/main/core/src/hks_auth.c", "../../../services/huks_standard/huks_engine/main/core/src/hks_core_interfaces.c", "../../../services/huks_standard/huks_engine/main/core/src/hks_core_service.c", @@ -199,22 +201,23 @@ if (ohos_kernel_type == "liteos_m") { if (huks_use_lite_storage == true) { sources += [ "../../../services/huks_standard/huks_engine/main/core/src/hks_keyblob_lite.c", - "../../../services/huks_standard/huks_service/main/core/src/hks_storage_adapter.c", - "../../../services/huks_standard/huks_service/main/core/src/hks_storage_lite.c", - "../../../services/huks_standard/huks_service/main/core/src/hks_storage_manager.c", - "../../../services/huks_standard/huks_service/main/core/src/hks_storage_utils.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_adapter.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_lite.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", ] } else { sources += [ - "../../../services/huks_standard/huks_service/main/core/src/hks_storage.c", - "../../../services/huks_standard/huks_service/main/core/src/hks_storage_manager.c", - "../../../services/huks_standard/huks_service/main/core/src/hks_storage_utils.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", ] } include_dirs = [ "//base/security/huks/frameworks/huks_standard/main/common/include", "//base/security/huks/services/huks_standard/huks_engine/main/core/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/ipc", "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/include", ] @@ -288,8 +291,8 @@ if (ohos_kernel_type == "liteos_m") { sources = [] sources = [ - "//base/security/huks/interfaces/inner_api/huks_standard/main/src/hks_api.c", - "//base/security/huks/interfaces/inner_api/huks_standard/main/src/hks_api_adapter.c", + "//base/security/huks/interfaces/inner_api/huks_standard/source/hks_api.c", + "//base/security/huks/interfaces/inner_api/huks_standard/source/hks_api_adapter.c", "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/ipc/hks_permission_check.cpp", ] diff --git a/interfaces/inner_api/huks_standard/main/BUILD.gn b/interfaces/inner_api/huks_standard/main/BUILD.gn index f3747314..0ca8907a 100644 --- a/interfaces/inner_api/huks_standard/main/BUILD.gn +++ b/interfaces/inner_api/huks_standard/main/BUILD.gn @@ -42,13 +42,16 @@ if (os_level == "standard") { "//base/security/huks/frameworks/config/build:l2_standard_common_config", ] - include_dirs = [ "//base/security/huks/utils/crypto_adapter" ] + include_dirs = [ + "//base/security/huks/utils/crypto_adapter", + "../source", + ] if (huks_security_level == "software") { defines = [ "HKS_UNTRUSTED_RUNNING_ENV" ] } sources = [ - "src/hks_api.c", - "src/hks_api_adapter.c", + "../source/hks_api.c", + "../source/hks_api_adapter.c", ] deps = [ diff --git a/interfaces/inner_api/huks_standard/main/src/hks_api.c b/interfaces/inner_api/huks_standard/source/hks_api.c similarity index 100% rename from interfaces/inner_api/huks_standard/main/src/hks_api.c rename to interfaces/inner_api/huks_standard/source/hks_api.c diff --git a/interfaces/inner_api/huks_standard/main/src/hks_api_adapter.c b/interfaces/inner_api/huks_standard/source/hks_api_adapter.c similarity index 100% rename from interfaces/inner_api/huks_standard/main/src/hks_api_adapter.c rename to interfaces/inner_api/huks_standard/source/hks_api_adapter.c diff --git a/interfaces/inner_api/huks_standard/main/src/hks_api_adapter.h b/interfaces/inner_api/huks_standard/source/hks_api_adapter.h similarity index 100% rename from interfaces/inner_api/huks_standard/main/src/hks_api_adapter.h rename to interfaces/inner_api/huks_standard/source/hks_api_adapter.h diff --git a/services/huks_standard/huks_engine/main/core/BUILD.gn b/services/huks_standard/huks_engine/main/core/BUILD.gn index 873491ac..65b3a38c 100644 --- a/services/huks_standard/huks_engine/main/core/BUILD.gn +++ b/services/huks_standard/huks_engine/main/core/BUILD.gn @@ -107,6 +107,7 @@ if (os_level == "standard") { "//base/security/huks/utils/list", "//base/security/huks/utils/mutex", "//base/security/huks/services/huks_standard/huks_service/main/core/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", ] sources = [ @@ -129,16 +130,16 @@ if (os_level == "standard") { if (huks_use_lite_storage == true) { sources += [ - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_adapter.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_lite.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_adapter.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_lite.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", ] } else { sources += [ - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", ] } diff --git a/services/huks_standard/huks_engine/main/core/src/hks_core_service.c b/services/huks_standard/huks_engine/main/core/src/hks_core_service.c index fc5ecf47..f0425b0a 100644 --- a/services/huks_standard/huks_engine/main/core/src/hks_core_service.c +++ b/services/huks_standard/huks_engine/main/core/src/hks_core_service.c @@ -1898,8 +1898,11 @@ int32_t HksCoreAttestKey(const struct HksBlob *key, const struct HksParamSet *p return ret; } - ret = CreateAttestCertChain(keyNode, paramSet, certChain); + struct HksBlob rawKey; + HksGetRawKey(keyNode->paramSet, &rawKey); + ret = CreateAttestCertChain(keyNode->paramSet, paramSet, certChain, &rawKey); HksFreeKeyNode(&keyNode); + HKS_FREE_BLOB(rawKey); return ret; #else (void)key; diff --git a/services/huks_standard/huks_engine/main/core_dependency/BUILD.gn b/services/huks_standard/huks_engine/main/core_dependency/BUILD.gn index 2ebe5c29..1be3ffbb 100644 --- a/services/huks_standard/huks_engine/main/core_dependency/BUILD.gn +++ b/services/huks_standard/huks_engine/main/core_dependency/BUILD.gn @@ -41,7 +41,10 @@ ohos_static_library("libhuks_core_hal_api_static") { "src/hks_core_useriam_wrap.cpp", ] - deps = [ "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static" ] + deps = [ + "//base/security/huks/frameworks/huks_standard/main/common:libhuks_common_standard_static", + "//base/security/huks/frameworks/huks_standard/main/crypto_engine:libhuks_crypto_engine_standard_static", + ] include_dirs = [ "include", "//base/security/huks/services/huks_standard/huks_engine/main/core/include", diff --git a/services/huks_standard/huks_engine/main/device_cert_manager/include/dcm_attest.h b/services/huks_standard/huks_engine/main/device_cert_manager/include/dcm_attest.h index 9253723c..5058ea7a 100644 --- a/services/huks_standard/huks_engine/main/device_cert_manager/include/dcm_attest.h +++ b/services/huks_standard/huks_engine/main/device_cert_manager/include/dcm_attest.h @@ -120,8 +120,8 @@ struct HksAttestSpec { extern "C" { #endif -int32_t CreateAttestCertChain(struct HksKeyNode *keyNode, const struct HksParamSet *paramSet, - struct HksBlob *certChain); +int32_t CreateAttestCertChain(const struct HksParamSet *keyNodeParamSet, const struct HksParamSet *paramSet, + struct HksBlob *certChain, struct HksBlob *rawKey); #ifdef __cplusplus } diff --git a/services/huks_standard/huks_engine/main/device_cert_manager/src/dcm_attest.c b/services/huks_standard/huks_engine/main/device_cert_manager/src/dcm_attest.c index 3c4f3c90..0477c606 100644 --- a/services/huks_standard/huks_engine/main/device_cert_manager/src/dcm_attest.c +++ b/services/huks_standard/huks_engine/main/device_cert_manager/src/dcm_attest.c @@ -1273,7 +1273,7 @@ static int32_t GetCertOrKey(enum HksCertType type, struct HksBlob *out) return HKS_ERROR_NOT_SUPPORTED; } -static int32_t GetCertAndKey(const struct HksKeyNode *keyNode, struct HksAttestSpec *attestSpec) +static int32_t GetCertAndKey(struct HksAttestSpec *attestSpec) { int32_t ret = GetCertOrKey(HKS_DEVICE_CERT, &attestSpec->devCert); HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get devCert fail") @@ -1281,9 +1281,6 @@ static int32_t GetCertAndKey(const struct HksKeyNode *keyNode, struct HksAttestS ret = GetCertOrKey(HKS_DEVICE_KEY, &attestSpec->devKey); HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get devKey fail") - ret = HksGetRawKey(keyNode->paramSet, &attestSpec->attestKey); - HKS_IF_NOT_SUCC_LOGE(ret, "get attestKey fail") - return ret; } @@ -1327,8 +1324,8 @@ static int32_t CheckAttestUsageSpec(const struct HksUsageSpec *usageSpec) return HKS_SUCCESS; } -static int32_t BuildAttestSpec(const struct HksKeyNode *keyNode, const struct HksParamSet *paramSet, - struct HksAttestSpec **outAttestSpec) +static int32_t BuildAttestSpec(const struct HksParamSet *keyNodeParamSet, const struct HksParamSet *paramSet, + struct HksBlob *rawKey, struct HksAttestSpec **outAttestSpec) { struct HksAttestSpec *attestSpec = HksMalloc(sizeof(struct HksAttestSpec)); HKS_IF_NULL_LOGE_RETURN(attestSpec, HKS_ERROR_MALLOC_FAIL, "malloc attestSpec fail\n") @@ -1337,22 +1334,26 @@ static int32_t BuildAttestSpec(const struct HksKeyNode *keyNode, const struct Hk SetAttestCertValid(&attestSpec->validity); - HksFillUsageSpec(keyNode->paramSet, &attestSpec->usageSpec); + HksFillUsageSpec(keyNodeParamSet, &attestSpec->usageSpec); int32_t ret = CheckAttestUsageSpec(&attestSpec->usageSpec); if (ret != HKS_SUCCESS) { FreeAttestSpec(&attestSpec); return ret; } - ret = BuildAttestClaims(paramSet, keyNode->paramSet, attestSpec); + ret = BuildAttestClaims(paramSet, keyNodeParamSet, attestSpec); if (ret != HKS_SUCCESS) { FreeAttestSpec(&attestSpec); return ret; } attestSpec->claimsOid = hksAttestationExtensionOid; + attestSpec->attestKey.size = rawKey->size; + attestSpec->attestKey.data = HksMalloc(rawKey->size); + HKS_IF_NULL_LOGE_RETURN(attestSpec->attestKey.data, HKS_ERROR_MALLOC_FAIL, "fail to malloc raw key") + (void)memcpy_s(attestSpec->attestKey.data, rawKey->size, rawKey->data, rawKey->size); - ret = GetCertAndKey(keyNode, attestSpec); + ret = GetCertAndKey(attestSpec); if (ret != HKS_SUCCESS) { HKS_LOG_E("get cert and key fail\n"); FreeAttestSpec(&attestSpec); @@ -1441,11 +1442,11 @@ static int32_t FormatAttestChain(const struct HksBlob *attestCert, const struct return HKS_SUCCESS; } -int32_t CreateAttestCertChain(struct HksKeyNode *keyNode, const struct HksParamSet *paramSet, - struct HksBlob *certChain) +int32_t CreateAttestCertChain(const struct HksParamSet *keyNodeParamSet, const struct HksParamSet *paramSet, + struct HksBlob *certChain, struct HksBlob *rawKey) { struct HksAttestSpec *attestSpec = NULL; - int32_t ret = BuildAttestSpec(keyNode, paramSet, &attestSpec); + int32_t ret = BuildAttestSpec(keyNodeParamSet, paramSet, rawKey, &attestSpec); HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "build attest spec failed") struct HksBlob attestCert; diff --git a/services/huks_standard/huks_service/main/core/BUILD.gn b/services/huks_standard/huks_service/main/core/BUILD.gn index 40c1acfe..46a2adfd 100644 --- a/services/huks_standard/huks_service/main/core/BUILD.gn +++ b/services/huks_standard/huks_service/main/core/BUILD.gn @@ -18,6 +18,8 @@ import("//build/ohos.gni") config("huks_config") { include_dirs = [ "include", + "//base/security/huks/services/huks_standard/huks_service/main/systemapi_wrap/dcm/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/include", ] } @@ -36,14 +38,14 @@ if (os_level == "standard") { ] sources = [ + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_file_lock.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", "src/hks_client_check.c", "src/hks_client_service.c", "src/hks_client_service_util.c", "src/hks_session_manager.c", - "src/hks_storage.c", - "src/hks_storage_file_lock.c", - "src/hks_storage_manager.c", - "src/hks_storage_utils.c", ] defines = [ "HKS_ENABLE_CLEAN_FILE" ] @@ -53,7 +55,7 @@ if (os_level == "standard") { } if (huks_security_level == "trusted_environment") { - sources += [ "src/hks_client_service_dcm.cpp" ] + sources += [ "//base/security/huks/services/huks_standard/huks_service/main/systemapi_wrap/dcm/src/hks_client_service_dcm.cpp" ] } sources += [ "../plugin_proxy/src/hks_plugin_adapter.cpp" ] @@ -64,9 +66,9 @@ if (os_level == "standard") { ] if (non_rwlock_support) { - sources += [ "src/hks_lock_lite.c" ] + sources += [ "../hks_storage/src/hks_lock_lite.c" ] } else { - sources += [ "src/hks_lock.c" ] + sources += [ "../hks_storage/src/hks_lock.c" ] } deps = [ @@ -138,14 +140,14 @@ if (os_level == "standard") { defines = [ "HKS_ENABLE_CLEAN_FILE" ] sources = [ + "../hks_storage/src/hks_storage_file_lock.c", + "../hks_storage/src/hks_storage_lite.c", + "../hks_storage/src/hks_storage_manager.c", + "../hks_storage/src/hks_storage_utils.c", "src/hks_client_check.c", "src/hks_client_service.c", "src/hks_client_service_util.c", "src/hks_session_manager.c", - "src/hks_storage_file_lock.c", - "src/hks_storage_lite.c", - "src/hks_storage_manager.c", - "src/hks_storage_utils.c", ] sources += [ "src/hks_hitrace.c", @@ -161,16 +163,16 @@ if (os_level == "standard") { if (huks_use_lite_storage == true) { sources += [ - "src/hks_storage_adapter.c", - "src/hks_storage_lite.c", + "../hks_storage/src/hks_storage_adapter.c", + "../hks_storage/src/hks_storage_lite.c", ] } else { - sources += [ "src/hks_storage.c" ] + sources += [ "../hks_storage/src/hks_storage.c" ] } if (non_rwlock_support) { - sources += [ "src/hks_lock_lite.c" ] + sources += [ "../hks_storage/src/hks_lock_lite.c" ] } else { - sources += [ "src/hks_lock.c" ] + sources += [ "../hks_storage/src/hks_lock.c" ] } cflags = [] diff --git a/services/huks_standard/huks_service/main/core/src/hks_client_service.c b/services/huks_standard/huks_service/main/core/src/hks_client_service.c index a29d3cb1..f15ecfea 100644 --- a/services/huks_standard/huks_service/main/core/src/hks_client_service.c +++ b/services/huks_standard/huks_service/main/core/src/hks_client_service.c @@ -25,9 +25,11 @@ #include #include #include "hks_type.h" -#include "hks_base_check.h" // for HksAttestIsAnonymous +#include "hks_base_check.h" #include "hks_client_check.h" +#ifdef HKS_SUPPORT_API_ATTEST_KEY #include "hks_client_service_dcm.h" +#endif #include "hks_client_service_util.h" #include "hks_common_check.h" #include "hks_hitrace.h" diff --git a/services/huks_standard/huks_service/main/core/include/hks_lock.h b/services/huks_standard/huks_service/main/hks_storage/include/hks_lock.h similarity index 100% rename from services/huks_standard/huks_service/main/core/include/hks_lock.h rename to services/huks_standard/huks_service/main/hks_storage/include/hks_lock.h diff --git a/services/huks_standard/huks_service/main/core/include/hks_storage.h b/services/huks_standard/huks_service/main/hks_storage/include/hks_storage.h similarity index 96% rename from services/huks_standard/huks_service/main/core/include/hks_storage.h rename to services/huks_standard/huks_service/main/hks_storage/include/hks_storage.h index 549dadad..61155c42 100644 --- a/services/huks_standard/huks_service/main/core/include/hks_storage.h +++ b/services/huks_standard/huks_service/main/hks_storage/include/hks_storage.h @@ -1,96 +1,96 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef HKS_STORAGE_H -#define HKS_STORAGE_H - -#include "hks_storage_utils.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef _CUT_AUTHENTICATE_ -#ifdef _STORAGE_LITE_ -int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyAlias, - uint32_t storageType, const struct HksBlob *keyBlob); - -int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo, - const struct HksBlob *keyAlias, uint32_t storageType); - -int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo, - const struct HksBlob *keyAlias, uint32_t storageType); - -int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, - const struct HksBlob *keyAlias, uint32_t storageType, struct HksBlob *keyBlob); - -int32_t HksStoreGetKeyBlobSize(const struct HksBlob *processName, - const struct HksBlob *keyAlias, uint32_t storageType, uint32_t *keyBlobSize); - -int32_t HksGetKeyCountByProcessName(const struct HksBlob *processName, uint32_t *fileCount); -#else // _STORAGE_LITE_ - -int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyBlob); - -int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo); - -int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo); - -int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob); - -int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize); - -int32_t HksGetKeyCountByProcessName(const struct HksStoreFileInfo *fileInfo, uint32_t *fileCount); - -int32_t HksStorageWriteFile( - const char *path, const char *fileName, uint32_t offset, const uint8_t *buf, uint32_t len); - -#endif // _STORAGE_LITE_ -#endif // _CUT_AUTHENTICATE_ - -int32_t HksGetKeyAliasByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyInfo *keyInfoList, - uint32_t *listCount); - -int32_t HksStoreDestroy(const struct HksBlob *processName); - -void HksServiceDeleteUserIDKeyAliasFile(const struct HksBlob *userId); - -void HksServiceDeleteUIDKeyAliasFile(const struct HksProcessInfo *processInfo); - -int32_t HksListAliasesByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyAliasSet **outData); - -#ifdef HKS_ENABLE_SMALL_TO_SERVICE -int32_t HksIsOldKeyPathCleared(uint32_t *keyCount); -#endif - -#ifdef _STORAGE_LITE_ - -#define HKS_KEY_STORE_FILE_NAME "hks_keystore" - -int32_t HksLoadFileToBuffer(void); - -int32_t HksFileBufferRefresh(void); - -int32_t HksStoreGetToatalSize(uint32_t *size); - -int32_t HksStoreGetKeyInfoList(struct HksKeyInfo *keyInfoList, uint32_t *listCount); - -#endif /* _STORAGE_LITE_ */ - -#ifdef __cplusplus -} -#endif - +/* + * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_STORAGE_H +#define HKS_STORAGE_H + +#include "hks_storage_utils.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef _CUT_AUTHENTICATE_ +#ifdef _STORAGE_LITE_ +int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyAlias, + uint32_t storageType, const struct HksBlob *keyBlob); + +int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo, + const struct HksBlob *keyAlias, uint32_t storageType); + +int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo, + const struct HksBlob *keyAlias, uint32_t storageType); + +int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, + const struct HksBlob *keyAlias, uint32_t storageType, struct HksBlob *keyBlob); + +int32_t HksStoreGetKeyBlobSize(const struct HksBlob *processName, + const struct HksBlob *keyAlias, uint32_t storageType, uint32_t *keyBlobSize); + +int32_t HksGetKeyCountByProcessName(const struct HksBlob *processName, uint32_t *fileCount); +#else // _STORAGE_LITE_ + +int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyBlob); + +int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo); + +int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo); + +int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob); + +int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize); + +int32_t HksGetKeyCountByProcessName(const struct HksStoreFileInfo *fileInfo, uint32_t *fileCount); + +int32_t HksStorageWriteFile( + const char *path, const char *fileName, uint32_t offset, const uint8_t *buf, uint32_t len); + +#endif // _STORAGE_LITE_ +#endif // _CUT_AUTHENTICATE_ + +int32_t HksGetKeyAliasByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyInfo *keyInfoList, + uint32_t *listCount); + +int32_t HksStoreDestroy(const struct HksBlob *processName); + +void HksServiceDeleteUserIDKeyAliasFile(const struct HksBlob *userId); + +void HksServiceDeleteUIDKeyAliasFile(const struct HksProcessInfo *processInfo); + +int32_t HksListAliasesByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyAliasSet **outData); + +#ifdef HKS_ENABLE_SMALL_TO_SERVICE +int32_t HksIsOldKeyPathCleared(uint32_t *keyCount); +#endif + +#ifdef _STORAGE_LITE_ + +#define HKS_KEY_STORE_FILE_NAME "hks_keystore" + +int32_t HksLoadFileToBuffer(void); + +int32_t HksFileBufferRefresh(void); + +int32_t HksStoreGetToatalSize(uint32_t *size); + +int32_t HksStoreGetKeyInfoList(struct HksKeyInfo *keyInfoList, uint32_t *listCount); + +#endif /* _STORAGE_LITE_ */ + +#ifdef __cplusplus +} +#endif + #endif /* HKS_STORAGE_H */ \ No newline at end of file diff --git a/services/huks_standard/huks_service/main/core/include/hks_storage_adapter.h b/services/huks_standard/huks_service/main/hks_storage/include/hks_storage_adapter.h similarity index 93% rename from services/huks_standard/huks_service/main/core/include/hks_storage_adapter.h rename to services/huks_standard/huks_service/main/hks_storage/include/hks_storage_adapter.h index f7bb362d..1274f86c 100644 --- a/services/huks_standard/huks_service/main/core/include/hks_storage_adapter.h +++ b/services/huks_standard/huks_service/main/hks_storage/include/hks_storage_adapter.h @@ -1,38 +1,38 @@ -/* - * Copyright (c) 2020-2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef HKS_STORAGE_ADAPTER_H -#define HKS_STORAGE_ADAPTER_H - -#ifdef _STORAGE_LITE_ - -#include "hks_type_inner.h" - -#ifdef __cplusplus -extern "C" { -#endif - -bool HksIsKeyInfoLenInvalid(struct HksStoreKeyInfo *keyInfo); - -int32_t TranslateKeyInfoBlobToParamSet(const struct HksBlob *key, const struct HksBlob *keyInfoBlob, - struct HksParamSet **paramSet); - -#ifdef __cplusplus -} -#endif - -#endif /* _STORAGE_LITE_ */ - +/* + * Copyright (c) 2020-2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HKS_STORAGE_ADAPTER_H +#define HKS_STORAGE_ADAPTER_H + +#ifdef _STORAGE_LITE_ + +#include "hks_type_inner.h" + +#ifdef __cplusplus +extern "C" { +#endif + +bool HksIsKeyInfoLenInvalid(struct HksStoreKeyInfo *keyInfo); + +int32_t TranslateKeyInfoBlobToParamSet(const struct HksBlob *key, const struct HksBlob *keyInfoBlob, + struct HksParamSet **paramSet); + +#ifdef __cplusplus +} +#endif + +#endif /* _STORAGE_LITE_ */ + #endif /* HKS_STORAGE_ADAPTER_H */ \ No newline at end of file diff --git a/services/huks_standard/huks_service/main/core/include/hks_storage_file_lock.h b/services/huks_standard/huks_service/main/hks_storage/include/hks_storage_file_lock.h similarity index 100% rename from services/huks_standard/huks_service/main/core/include/hks_storage_file_lock.h rename to services/huks_standard/huks_service/main/hks_storage/include/hks_storage_file_lock.h diff --git a/services/huks_standard/huks_service/main/core/include/hks_storage_manager.h b/services/huks_standard/huks_service/main/hks_storage/include/hks_storage_manager.h similarity index 100% rename from services/huks_standard/huks_service/main/core/include/hks_storage_manager.h rename to services/huks_standard/huks_service/main/hks_storage/include/hks_storage_manager.h diff --git a/services/huks_standard/huks_service/main/core/include/hks_storage_utils.h b/services/huks_standard/huks_service/main/hks_storage/include/hks_storage_utils.h similarity index 100% rename from services/huks_standard/huks_service/main/core/include/hks_storage_utils.h rename to services/huks_standard/huks_service/main/hks_storage/include/hks_storage_utils.h diff --git a/services/huks_standard/huks_service/main/core/src/hks_lock.c b/services/huks_standard/huks_service/main/hks_storage/src/hks_lock.c similarity index 100% rename from services/huks_standard/huks_service/main/core/src/hks_lock.c rename to services/huks_standard/huks_service/main/hks_storage/src/hks_lock.c diff --git a/services/huks_standard/huks_service/main/core/src/hks_lock_lite.c b/services/huks_standard/huks_service/main/hks_storage/src/hks_lock_lite.c similarity index 100% rename from services/huks_standard/huks_service/main/core/src/hks_lock_lite.c rename to services/huks_standard/huks_service/main/hks_storage/src/hks_lock_lite.c diff --git a/services/huks_standard/huks_service/main/core/src/hks_storage.c b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c similarity index 96% rename from services/huks_standard/huks_service/main/core/src/hks_storage.c rename to services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c index 3e65192c..4cb9e5ac 100644 --- a/services/huks_standard/huks_service/main/core/src/hks_storage.c +++ b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c @@ -1,871 +1,872 @@ -/* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _CUT_AUTHENTICATE_ - -#ifdef HKS_CONFIG_FILE -#include HKS_CONFIG_FILE -#else -#include "hks_config.h" -#endif - -#include "hks_storage.h" - -#include -#include -#include -#include - -#include "hks_file_operator.h" -#include "hks_log.h" -#include "hks_mem.h" -#include "hks_storage_file_lock.h" -#include "hks_template.h" -#include "huks_access.h" -#include "securec.h" -#include "hks_storage_utils.h" - -#ifdef HKS_SUPPORT_THREAD -static HksStorageFileLock *CreateStorageFileLock(const char *path, const char *fileName) -{ - char *fullPath = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_RETURN(fullPath, NULL) - - int32_t ret = HksGetFileName(path, fileName, fullPath, HKS_MAX_FILE_NAME_LEN); - if (ret != HKS_SUCCESS) { - HKS_LOG_E("get full path failed, ret = %" LOG_PUBLIC "d.", ret); - HKS_FREE(fullPath); - return NULL; - } - - HksStorageFileLock *lock = HksStorageFileLockCreate(fullPath); - HKS_FREE(fullPath); - return lock; -} -#endif - -int32_t HksStorageWriteFile( - const char *path, const char *fileName, uint32_t offset, const uint8_t *buf, uint32_t len) -{ -#ifdef HKS_SUPPORT_THREAD - HksStorageFileLock *lock = CreateStorageFileLock(path, fileName); - HksStorageFileLockWrite(lock); - int32_t ret = HksFileWrite(path, fileName, offset, buf, len); - HksStorageFileUnlockWrite(lock); - HksStorageFileLockRelease(lock); - return ret; -#else - return HksFileWrite(path, fileName, offset, buf, len); -#endif -} - -static int32_t HksStorageReadFile( - const char *path, const char *fileName, uint32_t offset, struct HksBlob *blob, uint32_t *size) -{ -#ifdef HKS_SUPPORT_THREAD - HksStorageFileLock *lock = CreateStorageFileLock(path, fileName); - HksStorageFileLockRead(lock); - int32_t ret = HksFileRead(path, fileName, offset, blob, size); - HksStorageFileUnlockRead(lock); - HksStorageFileLockRelease(lock); -#else - int32_t ret = HksFileRead(path, fileName, offset, blob, size); -#endif - return ret; -} - -#ifdef HKS_ENABLE_CLEAN_FILE -static int32_t CleanFile(const char *path, const char *fileName) -{ - uint32_t size = HksFileSize(path, fileName); - if (size == 0 || size > HKS_MAX_FILE_SIZE) { - HKS_LOG_E("get file size failed, ret = %" LOG_PUBLIC "u.", size); - return HKS_ERROR_FILE_SIZE_FAIL; - } - - int32_t ret = HKS_SUCCESS; - uint8_t *buf; - do { - buf = (uint8_t *)HksMalloc(size); - if (buf == NULL) { - HKS_LOG_E("malloc buf failed!"); - ret = HKS_ERROR_MALLOC_FAIL; - break; - } - - (void)memset_s(buf, size, 0, size); - ret = HksStorageWriteFile(path, fileName, 0, buf, size); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file 0 failed!") - - (void)memset_s(buf, size, 1, size); - ret = HksStorageWriteFile(path, fileName, 0, buf, size); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file 1 failed!") - - struct HksBlob bufBlob = { .size = size, .data = buf }; - ret = HuksAccessGenerateRandom(NULL, &bufBlob); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "fill buf random failed!") - - ret = HksStorageWriteFile(path, fileName, 0, buf, size); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file random failed!") - } while (0); - - HKS_FREE(buf); - - return ret; -} -#endif - -static int32_t HksStorageRemoveFile(const char *path, const char *fileName) -{ - int32_t ret; -#ifdef HKS_ENABLE_CLEAN_FILE - ret = CleanFile(path, fileName); - if (ret != HKS_SUCCESS) { - HKS_LOG_E("clean file failed!"); - } -#endif -#ifdef HKS_SUPPORT_THREAD - HksStorageFileLock *lock = CreateStorageFileLock(path, fileName); - HksStorageFileLockWrite(lock); - ret = HksFileRemove(path, fileName); - HksStorageFileUnlockWrite(lock); - HksStorageFileLockRelease(lock); -#else - ret = HksFileRemove(path, fileName); -#endif - return ret; -} - -#ifdef SUPPORT_STORAGE_BACKUP -static int32_t CopyKeyBlobFromSrc(const char *srcPath, const char *srcFileName, - const char *destPath, const char *destFileName) -{ - uint32_t size = HksFileSize(srcPath, srcFileName); - if (size == 0) { - HKS_LOG_E("get file size failed, ret = %" LOG_PUBLIC "u.", size); - return HKS_ERROR_FILE_SIZE_FAIL; - } - - uint8_t *buffer = (uint8_t *)HksMalloc(size); - HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL) - - (void)memset_s(buffer, size, 0, size); - - struct HksBlob blob = { .size = size, .data = buffer }; - - int32_t ret; - do { - ret = HksStorageReadFile(srcPath, srcFileName, 0, &blob, &size); - if (ret != HKS_SUCCESS) { - if (ret == HKS_ERROR_NO_PERMISSION) { - HKS_LOG_E("Check Permission failed, ret = %" LOG_PUBLIC "d.", ret); - break; - } - HKS_LOG_E("read file failed, ret = %" LOG_PUBLIC "d.", ret); - ret = HKS_ERROR_READ_FILE_FAIL; - break; - } - - ret = HksStorageWriteFile(destPath, destFileName, 0, buffer, size); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "file write destPath failed, ret = %" LOG_PUBLIC "d.", ret) - } while (0); - - HKS_FREE(buffer); - return ret; -} -#endif - -static int32_t GetKeyBlobFromFile(const char *path, const char *fileName, struct HksBlob *keyBlob) -{ - uint32_t size = HksFileSize(path, fileName); - if (size == 0) { - return HKS_ERROR_FILE_SIZE_FAIL; - } - - if (keyBlob->size < size) { - return HKS_ERROR_INSUFFICIENT_DATA; - } - - int32_t ret = HksStorageReadFile(path, fileName, 0, keyBlob, &size); - if (ret != HKS_SUCCESS) { - if (ret == HKS_ERROR_NO_PERMISSION) { - HKS_LOG_E("Check Permission failed, ret = %" LOG_PUBLIC "d.", ret); - return ret; - } - HKS_LOG_E("read file failed, ret = %" LOG_PUBLIC "d.", ret); - return HKS_ERROR_READ_FILE_FAIL; - } - keyBlob->size = size; - return HKS_SUCCESS; -} - -static int32_t DeleteKeyBlob(const struct HksStoreFileInfo *fileInfo) -{ - int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName); - int32_t ret = HKS_SUCCESS; -#ifdef SUPPORT_STORAGE_BACKUP - int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName); - if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) { - return HKS_ERROR_NOT_EXIST; - } - - if (isBakFileExist == HKS_SUCCESS) { - ret = HksStorageRemoveFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove bakfile failed, ret = %" LOG_PUBLIC "d.", ret) - } -#endif - if (isMainFileExist == HKS_SUCCESS) { - ret = HksStorageRemoveFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove file failed, ret = %" LOG_PUBLIC "d.", ret) - } else { - return HKS_ERROR_NOT_EXIST; - } - - return ret; -} - -static int32_t GetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob) -{ - int32_t isFileExist = HksIsFileExist(fileInfoPath->path, fileInfoPath->fileName); - HKS_IF_NOT_SUCC_RETURN(isFileExist, HKS_ERROR_NOT_EXIST) - - int32_t ret = GetKeyBlobFromFile(fileInfoPath->path, fileInfoPath->fileName, keyBlob); - return ret; -} - -static int32_t GetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize) -{ - int32_t isFileExist = HksIsFileExist(fileInfoPath->path, fileInfoPath->fileName); - HKS_IF_NOT_SUCC_RETURN(isFileExist, HKS_ERROR_NOT_EXIST) - - uint32_t size = HksFileSize(fileInfoPath->path, fileInfoPath->fileName); - if (size == 0) { - return HKS_ERROR_FILE_SIZE_FAIL; - } - *keyBlobSize = size; - return HKS_SUCCESS; -} - -static int32_t IsKeyBlobExist(const struct HksStoreFileInfo *fileInfo) -{ - int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName); -#ifndef SUPPORT_STORAGE_BACKUP - HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST) -#else - if (isMainFileExist != HKS_SUCCESS) { - int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName); - HKS_IF_NOT_SUCC_LOGE_RETURN(isBakFileExist, HKS_ERROR_NOT_EXIST, "hks mainkey and backupkey not exist") - - if (CopyKeyBlobFromSrc(fileInfo->bakPath.path, fileInfo->bakPath.fileName, - fileInfo->mainPath.path, fileInfo->mainPath.fileName) != HKS_SUCCESS) { - HKS_LOG_E("hks copy bak key to main key failed"); - } - } -#endif - return HKS_SUCCESS; -} - -int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyBlob) -{ - int32_t ret; - do { - ret = RecordKeyOperation(KEY_OPERATION_SAVE, fileInfo->mainPath.path, fileInfo->mainPath.fileName); - HKS_IF_NOT_SUCC_BREAK(ret) - - ret = HksStorageWriteFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, 0, - keyBlob->data, keyBlob->size); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks save main key blob failed, ret = %" LOG_PUBLIC "d.", ret) - -#ifdef SUPPORT_STORAGE_BACKUP - if (HksStorageWriteFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName, 0, - keyBlob->data, keyBlob->size) != HKS_SUCCESS) { - HKS_LOG_E("hks save backup key blob failed"); - } -#endif - } while (0); - - return ret; -} - -int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo) -{ - int32_t ret; - do { - ret = RecordKeyOperation(KEY_OPERATION_DELETE, fileInfo->mainPath.path, fileInfo->mainPath.fileName); - HKS_IF_NOT_SUCC_BREAK(ret) - - ret = DeleteKeyBlob(fileInfo); - } while (0); - - return ret; -} - -int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo) -{ - int32_t ret; - do { - ret = IsKeyBlobExist(fileInfo); - HKS_IF_NOT_SUCC_LOGE(ret, "check is key exist, ret = %" LOG_PUBLIC "d.", ret) - } while (0); - - return ret; -} - -int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob) -{ - int32_t ret; - do { - ret = RecordKeyOperation(KEY_OPERATION_GET, fileInfoPath->path, fileInfoPath->fileName); - HKS_IF_NOT_SUCC_BREAK(ret) - - ret = GetKeyBlob(fileInfoPath, keyBlob); - HKS_IF_NOT_SUCC_LOGE(ret, "hks get keyblob failed, ret = %" LOG_PUBLIC "d.", ret) - } while (0); - - return ret; -} - -int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize) -{ - int32_t ret; - do { - ret = GetKeyBlobSize(fileInfoPath, keyBlobSize); - HKS_IF_NOT_SUCC_LOGE(ret, "hks get keyblob size failed, ret = %" LOG_PUBLIC "d.", ret) - } while (0); - - return ret; -} - -static int32_t GetFileCount(const char *path, uint32_t *fileCount) -{ - if ((path == NULL) || (fileCount == NULL)) { - return HKS_ERROR_NULL_POINTER; - } - - void *dir = HksOpenDir(path); - if (dir == NULL) { - HKS_LOG_W("can't open directory"); - *fileCount = 0; - return HKS_SUCCESS; - } - - uint32_t count = 0; - struct HksFileDirentInfo dire = {{0}}; - int32_t ret = HksGetDirFile(dir, &dire); - while (ret == HKS_SUCCESS) { - count++; - ret = HksGetDirFile(dir, &dire); - } - (void)HksCloseDir(dir); - *fileCount = count; - - return HKS_SUCCESS; -} - -static int32_t GetFileNameList(const char *path, struct HksFileEntry *fileNameList, uint32_t *fileCount) -{ - if ((path == NULL) || (fileCount == NULL) || (fileNameList == NULL)) { - return HKS_ERROR_NULL_POINTER; - } - - void *dir = HksOpenDir(path); - if (dir == NULL) { - HKS_LOG_W("can't open directory"); - *fileCount = 0; - return HKS_SUCCESS; - } - - struct HksFileDirentInfo dire = {{0}}; - int32_t ret = HksGetDirFile(dir, &dire); - uint32_t count = 0; - while (ret == HKS_SUCCESS) { - count++; - uint32_t nameLen = strlen(dire.fileName); - if ((*fileCount < count) || (fileNameList[count - 1].fileNameLen < (nameLen + 1))) { - HKS_LOG_E("the input params are wrong and too small"); - break; - } - - if (strncpy_s(fileNameList[count - 1].fileName, fileNameList[count - 1].fileNameLen, - dire.fileName, nameLen) != EOK) { - HKS_LOG_E("failed to copy the string"); - break; - } - fileNameList[count - 1].fileName[nameLen] = '\0'; - ret = HksGetDirFile(dir, &dire); - } - (void)HksCloseDir(dir); - *fileCount = count; - - return HKS_SUCCESS; -} - -static int32_t GetAndCheckFileCount(const char *path, uint32_t *fileCount, const uint32_t *inputCount) -{ - int32_t ret = GetFileCount(path, fileCount); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get storage file count, ret = %" LOG_PUBLIC "d.", ret) - - if (*inputCount < *fileCount) { - HKS_LOG_E("listCount space not enough"); - ret = HKS_ERROR_BUFFER_TOO_SMALL; - } - - return ret; -} - -static int32_t GetKeyAliasByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyInfo *keyInfoList, - uint32_t *listCount) -{ - uint32_t fileCount; - int32_t ret = GetAndCheckFileCount(fileInfo->mainPath.path, &fileCount, listCount); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - if (fileCount == 0) { - *listCount = 0; - return HKS_SUCCESS; - } - - struct HksFileEntry *fileNameList = NULL; - ret = FileNameListInit(&fileNameList, fileCount); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "init file name list failed.") - - uint32_t realFileCount = fileCount; - do { - ret = GetFileNameList(fileInfo->mainPath.path, fileNameList, &realFileCount); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get file name list failed, ret = %" LOG_PUBLIC "d", ret) - - for (uint32_t i = 0; i < realFileCount; ++i) { - ret = ConstructBlob(fileNameList[i].fileName, &(keyInfoList[i].alias)); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "construct blob failed, ret = %" LOG_PUBLIC "d", ret) - } - } while (0); - - FileNameListFree(&fileNameList, fileCount); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - *listCount = realFileCount; - return ret; -} - -int32_t HksGetKeyAliasByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyInfo *keyInfoList, - uint32_t *listCount) -{ - int32_t ret; - do { - ret = GetKeyAliasByProcessName(fileInfo, keyInfoList, listCount); - HKS_IF_NOT_SUCC_LOGE(ret, "get key alias by processName failed, ret = %" LOG_PUBLIC "d.", ret) - } while (0); - - return ret; -} - -int32_t HksGetKeyCountByProcessName(const struct HksStoreFileInfo *fileInfo, uint32_t *fileCount) -{ - int32_t ret; - do { - ret = GetFileCount(fileInfo->mainPath.path, fileCount); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get storage file count failed, ret = %" LOG_PUBLIC "d.", ret) - } while (0); - - return ret; -} - -static int32_t DestroyType(const char *storePath, const char *typePath, uint32_t bakFlag) -{ - char *destroyPath = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_RETURN(destroyPath, HKS_ERROR_MALLOC_FAIL) - - (void)memset_s(destroyPath, HKS_MAX_FILE_NAME_LEN, 0, HKS_MAX_FILE_NAME_LEN); - - int32_t ret = GetPath(storePath, typePath, destroyPath, HKS_MAX_FILE_NAME_LEN, bakFlag); - if (ret != HKS_SUCCESS) { - HKS_LOG_E("Get Path failed! ret = 0x%" LOG_PUBLIC "X", ret); - HKS_FREE(destroyPath); - return ret; - } - - ret = HksIsDirExist(destroyPath); - if (ret != HKS_SUCCESS) { - HKS_FREE(destroyPath); - return HKS_SUCCESS; - } - - ret = HksRemoveDir(destroyPath); - HKS_IF_NOT_SUCC_LOGE(ret, "Destroy dir failed! ret = 0x%" LOG_PUBLIC "X", ret) - - HKS_FREE(destroyPath); - return ret; -} - -static int32_t StoreDestroy(const char *processNameEncoded, uint32_t bakFlag) -{ - char *rootPath = NULL; - if (bakFlag == HKS_STORAGE_BAK_FLAG_TRUE) { - rootPath = HKS_KEY_STORE_BAK_PATH; - } else { - rootPath = HKS_KEY_STORE_PATH; - } - - char *storePath = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_RETURN(storePath, HKS_ERROR_MALLOC_FAIL) - - int32_t ret = GetPath(rootPath, processNameEncoded, storePath, HKS_MAX_FILE_NAME_LEN, bakFlag); - if (ret != HKS_SUCCESS) { - HKS_LOG_E("Get Path failed! ret = 0x%" LOG_PUBLIC "X", ret); - HKS_FREE(storePath); - return ret; - } - - ret = DestroyType(storePath, HKS_KEY_STORE_ROOT_KEY_PATH, bakFlag); - if (ret != HKS_SUCCESS) { - HKS_LOG_I("Destroy info dir failed! ret = 0x%" LOG_PUBLIC "X", ret); /* continue delete */ - } - - ret = DestroyType(storePath, HKS_KEY_STORE_KEY_PATH, bakFlag); - if (ret != HKS_SUCCESS) { - HKS_LOG_I("Destroy key dir failed! ret = 0x%" LOG_PUBLIC "X", ret); /* continue delete */ - } - - HKS_FREE(storePath); - return HKS_SUCCESS; -} - -int32_t HksStoreDestroy(const struct HksBlob *processName) -{ - char *name = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_RETURN(name, HKS_ERROR_MALLOC_FAIL) - - int32_t ret; - do { - ret = ConstructName(processName, name, HKS_MAX_FILE_NAME_LEN); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "Construct process name failed! ret = 0x%" LOG_PUBLIC "X.", ret) - - ret = StoreDestroy(name, HKS_STORAGE_BAK_FLAG_FLASE); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "Hks destroy dir failed! ret = 0x%" LOG_PUBLIC "X.", ret) - -#ifdef SUPPORT_STORAGE_BACKUP - ret = StoreDestroy(name, HKS_STORAGE_BAK_FLAG_TRUE); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "Hks destroy back dir failed! ret = 0x%" LOG_PUBLIC "X.", ret) -#endif - } while (0); - - HKS_FREE(name); - return ret; -} - -#ifdef HKS_ENABLE_SMALL_TO_SERVICE -int32_t HksIsOldKeyPathCleared(uint32_t *keyCount) -{ - return GetFileCount(HKS_KEY_STORE_PATH "/hks_client/key", keyCount); -} -#endif - -#ifdef HKS_ENABLE_EVENT_DELETE -#ifdef L2_STANDARD -static void DeleteUserIdMainPathAndBakPath(const char *userData, const char *deDataPath, const char *ceOrEceDataPath) -{ - char dePath[HKS_MAX_DIRENT_FILE_LEN] = ""; - int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s", - deDataPath, userData); - if (offset > 0) { - HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath); - (void)HksDeleteDir(dePath); - } else { - HKS_LOG_E("get de path failed"); - } - - char cePath[HKS_MAX_DIRENT_FILE_LEN] = ""; - offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s", - HKS_CE_ROOT_PATH, userData, ceOrEceDataPath); - if (offset > 0) { - HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath); - (void)HksDeleteDir(cePath); - } else { - HKS_LOG_E("get ce path failed"); - } - - char ecePath[HKS_MAX_DIRENT_FILE_LEN] = ""; - offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s", - HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath); - if (offset > 0) { - HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath); - (void)HksDeleteDir(ecePath); - } else { - HKS_LOG_E("get ece path failed"); - } -} - -static void DeleteUserIdPath(const struct HksBlob *userId) -{ - int32_t ret; - char *userData = NULL; - do { - userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed") - - ret = ConstructPlainName(userId, userData, HKS_MAX_FILE_NAME_LEN); - HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret) - - (void)DeleteUserIdMainPathAndBakPath(userData, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH); -#ifdef SUPPORT_STORAGE_BACKUP - (void)DeleteUserIdMainPathAndBakPath(userData, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH); -#endif - } while (0); - HKS_FREE(userData); - return; -} - -static void DeleteUidMainPathAndBakPath(const char *userData, const char *uidData, - const char *deDataPath, const char *ceOrEceDataPath) -{ - char dePath[HKS_MAX_DIRENT_FILE_LEN] = ""; - int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s", - deDataPath, userData, uidData); - if (offset > 0) { - HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath); - (void)HksDeleteDir(dePath); - } else { - HKS_LOG_E("get de path failed"); - } - - char cePath[HKS_MAX_DIRENT_FILE_LEN] = ""; - offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s", - HKS_CE_ROOT_PATH, userData, ceOrEceDataPath, uidData); - if (offset > 0) { - HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath); - (void)HksDeleteDir(cePath); - } else { - HKS_LOG_E("get ce path failed"); - } - - char ecePath[HKS_MAX_DIRENT_FILE_LEN] = ""; - offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s", - HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath, uidData); - if (offset > 0) { - HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath); - (void)HksDeleteDir(ecePath); - } else { - HKS_LOG_E("get ece path failed"); - } -} - -static void DeleteUidPath(const struct HksProcessInfo *processInfo) -{ - int32_t ret; - char *userData = NULL; - char *uidData = NULL; - do { - userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed") - - uidData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_LOGE_BREAK(uidData, "malloc uid data failed") - - ret = ConstructPlainName(&processInfo->userId, userData, HKS_MAX_FILE_NAME_LEN); - HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret) - - ret = ConstructPlainName(&processInfo->processName, uidData, HKS_MAX_FILE_NAME_LEN); - HKS_IF_NOT_SUCC_BREAK(ret, "construct uid name failed, ret = %" LOG_PUBLIC "d", ret) - - (void)DeleteUidMainPathAndBakPath(userData, uidData, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH); -#ifdef SUPPORT_STORAGE_BACKUP - (void)DeleteUidMainPathAndBakPath(userData, uidData, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH); -#endif - } while (0); - HKS_FREE(userData); - HKS_FREE(uidData); - return; -} -#endif - -void HksServiceDeleteUserIDKeyAliasFile(const struct HksBlob *userId) -{ - char *userData = NULL; - int32_t ret; - do { - userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed") - - // construct non-plain name for de path - ret = ConstructName(userId, userData, HKS_MAX_FILE_NAME_LEN); - HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret) - - char userProcess[HKS_MAX_DIRENT_FILE_LEN] = ""; - int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s", HKS_KEY_STORE_PATH, userData); - if (offset < 0) { - HKS_LOG_E("concatenate UserIdPath failed."); - ret = HKS_ERROR_BUFFER_TOO_SMALL; - break; - } - - // ignore these results for ensure to clear data as most as possible - ret = HksDeleteDir(userProcess); - HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret) -#ifdef L2_STANDARD - (void)DeleteUserIdPath(userId); -#endif - } while (0); - HKS_FREE(userData); -} - -void HksServiceDeleteUIDKeyAliasFile(const struct HksProcessInfo *processInfo) -{ - char *userData = NULL; - char *uidData = NULL; - int32_t ret; - do { - userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed") - - // construct non-plain name for de path, and skip user path for user 0 - if (processInfo->userIdInt != 0) { - ret = ConstructName(&processInfo->userId, userData, HKS_MAX_FILE_NAME_LEN); - HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret) - } - - uidData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); - if (uidData == NULL) { - HKS_LOG_E("malloc user data failed"); - ret = HKS_ERROR_MALLOC_FAIL; - break; - } - - ret = ConstructName(&processInfo->processName, uidData, HKS_MAX_FILE_NAME_LEN); - HKS_IF_NOT_SUCC_BREAK(ret, "construct uid name failed, ret = %" LOG_PUBLIC "d", ret) - - char userProcess[HKS_MAX_DIRENT_FILE_LEN] = ""; - int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s", - HKS_KEY_STORE_PATH, userData, uidData); - if (offset < 0) { - HKS_LOG_E("concatenate uidPath failed."); - ret = HKS_ERROR_BUFFER_TOO_SMALL; - break; - } - - HKS_LOG_I("delete path : %" LOG_PUBLIC "s", userProcess); - - // ignore these results for ensure to clear data as most as possible - ret = HksDeleteDir(userProcess); - HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret) -#ifdef L2_STANDARD - (void)DeleteUidPath(processInfo); -#endif - } while (0); - HKS_FREE(userData); - HKS_FREE(uidData); -} - -static int32_t GetHksKeyAliasSet(const struct HksFileEntry *fileNameList, const uint32_t fileCount, - struct HksKeyAliasSet **outData) -{ - if (fileCount == 0) { - return HKS_SUCCESS; - } - - int32_t ret; - struct HksKeyAliasSet *tempAliasSet = (struct HksKeyAliasSet *)(HksMalloc(sizeof(struct HksKeyAliasSet))); - HKS_IF_NULL_LOGE_RETURN(tempAliasSet, HKS_ERROR_MALLOC_FAIL, "malloc key alias set failed") - tempAliasSet->aliasesCnt = fileCount; - - do { - tempAliasSet->aliases = (struct HksBlob *)HksMalloc(fileCount * sizeof(struct HksBlob)); - if (tempAliasSet->aliases == NULL) { - HKS_LOG_E("malloc aliases fail"); - ret = HKS_ERROR_MALLOC_FAIL; - break; - } - - for (uint32_t i = 0; i < fileCount; i++) { - uint32_t size = strlen(fileNameList[i].fileName); - tempAliasSet->aliases[i].size = size; - tempAliasSet->aliases[i].data = (uint8_t *)HksMalloc(size); - if (tempAliasSet->aliases[i].data == NULL) { - HKS_LOG_E("malloc alias %" LOG_PUBLIC "d fail", i); - ret = HKS_ERROR_MALLOC_FAIL; - break; - } - - ret = ConstructBlob(fileNameList[i].fileName, &(tempAliasSet->aliases[i])); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "construct blob failed, ret = %" LOG_PUBLIC "d", ret) - } - } while (0); - - if (ret != HKS_SUCCESS) { - HksFreeKeyAliasSet(tempAliasSet); - return ret; - } - - *outData = tempAliasSet; - return ret; -} - -static int32_t GetHksFileEntry(const struct HksStoreFileInfo *fileInfo, struct HksFileEntry **fileNameList, - uint32_t *fileCnt) -{ - uint32_t fileCount; - int32_t ret = GetFileCount(fileInfo->mainPath.path, &fileCount); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get storage file count, ret = %" LOG_PUBLIC "d.", ret) - if (fileCount == 0) { - return HKS_SUCCESS; - } - if (fileCount > HKS_MAX_KEY_ALIAS_COUNT) { - HKS_LOG_E("file count too long, count = %" LOG_PUBLIC "u.", fileCount); - return HKS_ERROR_BUFFER_TOO_SMALL; - } - - struct HksFileEntry *tempFileNameList = NULL; - uint32_t realfileCount = fileCount; - do { - ret = FileNameListInit(&tempFileNameList, fileCount); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "init file name list failed, ret = %" LOG_PUBLIC "d", ret) - - ret = GetFileNameList(fileInfo->mainPath.path, tempFileNameList, &realfileCount); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get file name list failed, ret = %" LOG_PUBLIC "d", ret) - } while (0); - - if (ret != HKS_SUCCESS) { - FileNameListFree(&tempFileNameList, fileCount); - return ret; - } - - *fileCnt = fileCount; - *fileNameList = tempFileNameList; - return ret; -} - -int32_t HksListAliasesByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyAliasSet **outData) -{ - int32_t ret; - struct HksFileEntry *fileNameList = NULL; - uint32_t fileCnt; - do { - ret = GetHksFileEntry(fileInfo, &fileNameList, &fileCnt); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get file entry failed, ret = %" LOG_PUBLIC "d.", ret) - - // case success and has data - if (fileNameList != NULL) { - ret = GetHksKeyAliasSet(fileNameList, fileCnt, outData); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get key alias set failed, ret = %" LOG_PUBLIC "d.", ret) - } - } while (0); - - if (fileNameList != NULL) { - FileNameListFree(&fileNameList, fileCnt); - } - return ret; -} - -#endif -#endif /* _CUT_AUTHENTICATE_ */ +/* + * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _CUT_AUTHENTICATE_ + +#ifdef HKS_CONFIG_FILE +#include HKS_CONFIG_FILE +#else +#include "hks_config.h" +#endif + +#include "hks_storage.h" + +#include +#include +#include +#include + +#include "hks_file_operator.h" +#include "hks_log.h" +#include "hks_mem.h" +#include "hks_storage_file_lock.h" +#include "hks_template.h" +#include "huks_access.h" +#include "securec.h" +#include "hks_storage_utils.h" + +#ifdef HKS_SUPPORT_THREAD +static HksStorageFileLock *CreateStorageFileLock(const char *path, const char *fileName) +{ + char *fullPath = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_RETURN(fullPath, NULL) + + int32_t ret = HksGetFileName(path, fileName, fullPath, HKS_MAX_FILE_NAME_LEN); + if (ret != HKS_SUCCESS) { + HKS_LOG_E("get full path failed, ret = %" LOG_PUBLIC "d.", ret); + HKS_FREE(fullPath); + return NULL; + } + + HksStorageFileLock *lock = HksStorageFileLockCreate(fullPath); + HKS_FREE(fullPath); + return lock; +} +#endif + +int32_t HksStorageWriteFile( + const char *path, const char *fileName, uint32_t offset, const uint8_t *buf, uint32_t len) +{ +#ifdef HKS_SUPPORT_THREAD + HksStorageFileLock *lock = CreateStorageFileLock(path, fileName); + HksStorageFileLockWrite(lock); + int32_t ret = HksFileWrite(path, fileName, offset, buf, len); + HksStorageFileUnlockWrite(lock); + HksStorageFileLockRelease(lock); + return ret; +#else + return HksFileWrite(path, fileName, offset, buf, len); +#endif +} + +static int32_t HksStorageReadFile( + const char *path, const char *fileName, uint32_t offset, struct HksBlob *blob, uint32_t *size) +{ +#ifdef HKS_SUPPORT_THREAD + HksStorageFileLock *lock = CreateStorageFileLock(path, fileName); + HksStorageFileLockRead(lock); + int32_t ret = HksFileRead(path, fileName, offset, blob, size); + HksStorageFileUnlockRead(lock); + HksStorageFileLockRelease(lock); +#else + int32_t ret = HksFileRead(path, fileName, offset, blob, size); +#endif + return ret; +} + +#ifdef HKS_ENABLE_CLEAN_FILE +static int32_t CleanFile(const char *path, const char *fileName) +{ + uint32_t size = HksFileSize(path, fileName); + if (size == 0 || size > HKS_MAX_FILE_SIZE) { + HKS_LOG_E("get file size failed, ret = %" LOG_PUBLIC "u.", size); + return HKS_ERROR_FILE_SIZE_FAIL; + } + + int32_t ret = HKS_SUCCESS; + uint8_t *buf; + do { + buf = (uint8_t *)HksMalloc(size); + if (buf == NULL) { + HKS_LOG_E("malloc buf failed!"); + ret = HKS_ERROR_MALLOC_FAIL; + break; + } + + (void)memset_s(buf, size, 0, size); + ret = HksStorageWriteFile(path, fileName, 0, buf, size); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file 0 failed!") + + (void)memset_s(buf, size, 1, size); + ret = HksStorageWriteFile(path, fileName, 0, buf, size); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file 1 failed!") + + struct HksBlob bufBlob = { .size = size, .data = buf }; + ret = HuksAccessGenerateRandom(NULL, &bufBlob); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "fill buf random failed!") + + ret = HksStorageWriteFile(path, fileName, 0, buf, size); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file random failed!") + } while (0); + + HKS_FREE(buf); + + return ret; +} +#endif + +static int32_t HksStorageRemoveFile(const char *path, const char *fileName) +{ + int32_t ret; +#ifdef HKS_ENABLE_CLEAN_FILE + ret = CleanFile(path, fileName); + if (ret != HKS_SUCCESS) { + HKS_LOG_E("clean file failed!"); + } +#endif +#ifdef HKS_SUPPORT_THREAD + HksStorageFileLock *lock = CreateStorageFileLock(path, fileName); + HksStorageFileLockWrite(lock); + ret = HksFileRemove(path, fileName); + HksStorageFileUnlockWrite(lock); + HksStorageFileLockRelease(lock); +#else + ret = HksFileRemove(path, fileName); +#endif + return ret; +} + +#ifdef SUPPORT_STORAGE_BACKUP +static int32_t CopyKeyBlobFromSrc(const char *srcPath, const char *srcFileName, + const char *destPath, const char *destFileName) +{ + uint32_t size = HksFileSize(srcPath, srcFileName); + if (size == 0) { + HKS_LOG_E("get file size failed, ret = %" LOG_PUBLIC "u.", size); + return HKS_ERROR_FILE_SIZE_FAIL; + } + + uint8_t *buffer = (uint8_t *)HksMalloc(size); + HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL) + + (void)memset_s(buffer, size, 0, size); + + struct HksBlob blob = { .size = size, .data = buffer }; + + int32_t ret; + do { + ret = HksStorageReadFile(srcPath, srcFileName, 0, &blob, &size); + if (ret != HKS_SUCCESS) { + if (ret == HKS_ERROR_NO_PERMISSION) { + HKS_LOG_E("Check Permission failed, ret = %" LOG_PUBLIC "d.", ret); + break; + } + HKS_LOG_E("read file failed, ret = %" LOG_PUBLIC "d.", ret); + ret = HKS_ERROR_READ_FILE_FAIL; + break; + } + + ret = HksStorageWriteFile(destPath, destFileName, 0, buffer, size); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "file write destPath failed, ret = %" LOG_PUBLIC "d.", ret) + } while (0); + + HKS_FREE(buffer); + return ret; +} +#endif + +static int32_t GetKeyBlobFromFile(const char *path, const char *fileName, struct HksBlob *keyBlob) +{ + uint32_t size = HksFileSize(path, fileName); + if (size == 0) { + return HKS_ERROR_FILE_SIZE_FAIL; + } + + if (keyBlob->size < size) { + return HKS_ERROR_INSUFFICIENT_DATA; + } + + int32_t ret = HksStorageReadFile(path, fileName, 0, keyBlob, &size); + if (ret != HKS_SUCCESS) { + if (ret == HKS_ERROR_NO_PERMISSION) { + HKS_LOG_E("Check Permission failed, ret = %" LOG_PUBLIC "d.", ret); + return ret; + } + HKS_LOG_E("read file failed, ret = %" LOG_PUBLIC "d.", ret); + return HKS_ERROR_READ_FILE_FAIL; + } + keyBlob->size = size; + return HKS_SUCCESS; +} + +static int32_t DeleteKeyBlob(const struct HksStoreFileInfo *fileInfo) +{ + int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName); + int32_t ret = HKS_SUCCESS; +#ifdef SUPPORT_STORAGE_BACKUP + int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName); + if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) { + return HKS_ERROR_NOT_EXIST; + } + + if (isBakFileExist == HKS_SUCCESS) { + ret = HksStorageRemoveFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove bakfile failed, ret = %" LOG_PUBLIC "d.", ret) + } +#endif + if (isMainFileExist == HKS_SUCCESS) { + ret = HksStorageRemoveFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove file failed, ret = %" LOG_PUBLIC "d.", ret) + } else { + return HKS_ERROR_NOT_EXIST; + } + + return ret; +} + +static int32_t GetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob) +{ + int32_t isFileExist = HksIsFileExist(fileInfoPath->path, fileInfoPath->fileName); + HKS_IF_NOT_SUCC_RETURN(isFileExist, HKS_ERROR_NOT_EXIST) + + int32_t ret = GetKeyBlobFromFile(fileInfoPath->path, fileInfoPath->fileName, keyBlob); + return ret; +} + +static int32_t GetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize) +{ + int32_t isFileExist = HksIsFileExist(fileInfoPath->path, fileInfoPath->fileName); + HKS_IF_NOT_SUCC_RETURN(isFileExist, HKS_ERROR_NOT_EXIST) + + uint32_t size = HksFileSize(fileInfoPath->path, fileInfoPath->fileName); + if (size == 0) { + return HKS_ERROR_FILE_SIZE_FAIL; + } + *keyBlobSize = size; + return HKS_SUCCESS; +} + +static int32_t IsKeyBlobExist(const struct HksStoreFileInfo *fileInfo) +{ + int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName); +#ifndef SUPPORT_STORAGE_BACKUP + HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST) +#else + if (isMainFileExist != HKS_SUCCESS) { + int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName); + HKS_IF_NOT_SUCC_LOGE_RETURN(isBakFileExist, HKS_ERROR_NOT_EXIST, "hks mainkey and backupkey not exist") + + if (CopyKeyBlobFromSrc(fileInfo->bakPath.path, fileInfo->bakPath.fileName, + fileInfo->mainPath.path, fileInfo->mainPath.fileName) != HKS_SUCCESS) { + HKS_LOG_E("hks copy bak key to main key failed"); + } + } +#endif + return HKS_SUCCESS; +} + +int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyBlob) +{ + int32_t ret; + do { + ret = RecordKeyOperation(KEY_OPERATION_SAVE, fileInfo->mainPath.path, fileInfo->mainPath.fileName); + HKS_IF_NOT_SUCC_BREAK(ret) + + ret = HksStorageWriteFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, 0, + keyBlob->data, keyBlob->size); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks save main key blob failed, ret = %" LOG_PUBLIC "d.", ret) + +#ifdef SUPPORT_STORAGE_BACKUP + if (HksStorageWriteFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName, 0, + keyBlob->data, keyBlob->size) != HKS_SUCCESS) { + HKS_LOG_E("hks save backup key blob failed"); + } +#endif + } while (0); + + return ret; +} + +int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo) +{ + int32_t ret; + do { + ret = RecordKeyOperation(KEY_OPERATION_DELETE, fileInfo->mainPath.path, fileInfo->mainPath.fileName); + HKS_IF_NOT_SUCC_BREAK(ret) + + ret = DeleteKeyBlob(fileInfo); + } while (0); + + return ret; +} + +int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo) +{ + int32_t ret; + do { + ret = IsKeyBlobExist(fileInfo); // hks_storage.c:319 ? + HKS_IF_NOT_SUCC_LOGE(ret, "check is key exist, ret = %" LOG_PUBLIC "d.", ret) + } while (0); + + return ret; +} + +int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob) +{ + int32_t ret; + do { + ret = RecordKeyOperation(KEY_OPERATION_GET, fileInfoPath->path, fileInfoPath->fileName); + HKS_IF_NOT_SUCC_BREAK(ret) + + ret = GetKeyBlob(fileInfoPath, keyBlob); + HKS_IF_NOT_SUCC_LOGE(ret, "hks get keyblob failed, ret = %" LOG_PUBLIC "d.", ret) + } while (0); + + return ret; +} + +int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize) +{ + int32_t ret; + do { + ret = GetKeyBlobSize(fileInfoPath, keyBlobSize); + HKS_IF_NOT_SUCC_LOGE(ret, "hks get keyblob size failed, ret = %" LOG_PUBLIC "d.", ret) + } while (0); + + return ret; +} + +static int32_t GetFileCount(const char *path, uint32_t *fileCount) +{ + if ((path == NULL) || (fileCount == NULL)) { + return HKS_ERROR_NULL_POINTER; + } + + void *dir = HksOpenDir(path); + if (dir == NULL) { + HKS_LOG_W("can't open directory"); + *fileCount = 0; + return HKS_SUCCESS; + } + + uint32_t count = 0; + struct HksFileDirentInfo dire = {{0}}; + int32_t ret = HksGetDirFile(dir, &dire); + while (ret == HKS_SUCCESS) { + count++; + ret = HksGetDirFile(dir, &dire); + } + (void)HksCloseDir(dir); + *fileCount = count; + + return HKS_SUCCESS; +} + +static int32_t GetFileNameList(const char *path, struct HksFileEntry *fileNameList, uint32_t *fileCount) +{ + if ((path == NULL) || (fileCount == NULL) || (fileNameList == NULL)) { + return HKS_ERROR_NULL_POINTER; + } + + void *dir = HksOpenDir(path); + if (dir == NULL) { + HKS_LOG_W("can't open directory"); + *fileCount = 0; + return HKS_SUCCESS; + } + + struct HksFileDirentInfo dire = {{0}}; + int32_t ret = HksGetDirFile(dir, &dire); + uint32_t count = 0; + while (ret == HKS_SUCCESS) { + count++; + uint32_t nameLen = strlen(dire.fileName); + if ((*fileCount < count) || (fileNameList[count - 1].fileNameLen < (nameLen + 1))) { + HKS_LOG_E("the input params are wrong and too small"); + break; + } + + if (strncpy_s(fileNameList[count - 1].fileName, fileNameList[count - 1].fileNameLen, + dire.fileName, nameLen) != EOK) { + HKS_LOG_E("failed to copy the string"); + break; + } + fileNameList[count - 1].fileName[nameLen] = '\0'; + ret = HksGetDirFile(dir, &dire); + } + (void)HksCloseDir(dir); + *fileCount = count; + + return HKS_SUCCESS; +} + +static int32_t GetAndCheckFileCount(const char *path, uint32_t *fileCount, const uint32_t *inputCount) +{ + int32_t ret = GetFileCount(path, fileCount); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get storage file count, ret = %" LOG_PUBLIC "d.", ret) + + if (*inputCount < *fileCount) { + HKS_LOG_E("listCount space not enough"); + ret = HKS_ERROR_BUFFER_TOO_SMALL; + } + + return ret; +} + +static int32_t GetKeyAliasByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyInfo *keyInfoList, + uint32_t *listCount) +{ + uint32_t fileCount; + int32_t ret = GetAndCheckFileCount(fileInfo->mainPath.path, &fileCount, listCount); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + if (fileCount == 0) { + *listCount = 0; + return HKS_SUCCESS; + } + + struct HksFileEntry *fileNameList = NULL; + ret = FileNameListInit(&fileNameList, fileCount); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "init file name list failed.") + + uint32_t realFileCount = fileCount; + do { + ret = GetFileNameList(fileInfo->mainPath.path, fileNameList, &realFileCount); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get file name list failed, ret = %" LOG_PUBLIC "d", ret) + + for (uint32_t i = 0; i < realFileCount; ++i) { + ret = ConstructBlob(fileNameList[i].fileName, &(keyInfoList[i].alias)); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "construct blob failed, ret = %" LOG_PUBLIC "d", ret) + } + } while (0); + + FileNameListFree(&fileNameList, fileCount); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + *listCount = realFileCount; + return ret; +} + +int32_t HksGetKeyAliasByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyInfo *keyInfoList, + uint32_t *listCount) +{ + int32_t ret; + do { + ret = GetKeyAliasByProcessName(fileInfo, keyInfoList, listCount); + HKS_IF_NOT_SUCC_LOGE(ret, "get key alias by processName failed, ret = %" LOG_PUBLIC "d.", ret) + } while (0); + + return ret; +} + +int32_t HksGetKeyCountByProcessName(const struct HksStoreFileInfo *fileInfo, uint32_t *fileCount) +{ + int32_t ret; + do { + ret = GetFileCount(fileInfo->mainPath.path, fileCount); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get storage file count failed, ret = %" LOG_PUBLIC "d.", ret) + } while (0); + + return ret; +} + +static int32_t DestroyType(const char *storePath, const char *typePath, uint32_t bakFlag) +{ + char *destroyPath = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_RETURN(destroyPath, HKS_ERROR_MALLOC_FAIL) + + (void)memset_s(destroyPath, HKS_MAX_FILE_NAME_LEN, 0, HKS_MAX_FILE_NAME_LEN); + + int32_t ret = GetPath(storePath, typePath, destroyPath, HKS_MAX_FILE_NAME_LEN, bakFlag); + if (ret != HKS_SUCCESS) { + HKS_LOG_E("Get Path failed! ret = 0x%" LOG_PUBLIC "X", ret); + HKS_FREE(destroyPath); + return ret; + } + + ret = HksIsDirExist(destroyPath); + if (ret != HKS_SUCCESS) { + HKS_FREE(destroyPath); + return HKS_SUCCESS; + } + + ret = HksRemoveDir(destroyPath); + HKS_IF_NOT_SUCC_LOGE(ret, "Destroy dir failed! ret = 0x%" LOG_PUBLIC "X", ret) + + HKS_FREE(destroyPath); + return ret; +} + +static int32_t StoreDestroy(const char *processNameEncoded, uint32_t bakFlag) +{ + char *rootPath = NULL; + if (bakFlag == HKS_STORAGE_BAK_FLAG_TRUE) { + rootPath = HKS_KEY_STORE_BAK_PATH; + } else { + rootPath = HKS_KEY_STORE_PATH; + } + + char *storePath = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_RETURN(storePath, HKS_ERROR_MALLOC_FAIL) + + int32_t ret = GetPath(rootPath, processNameEncoded, storePath, HKS_MAX_FILE_NAME_LEN, bakFlag); + if (ret != HKS_SUCCESS) { + HKS_LOG_E("Get Path failed! ret = 0x%" LOG_PUBLIC "X", ret); + HKS_FREE(storePath); + return ret; + } + + ret = DestroyType(storePath, HKS_KEY_STORE_ROOT_KEY_PATH, bakFlag); + if (ret != HKS_SUCCESS) { + HKS_LOG_I("Destroy info dir failed! ret = 0x%" LOG_PUBLIC "X", ret); /* continue delete */ + } + + ret = DestroyType(storePath, HKS_KEY_STORE_KEY_PATH, bakFlag); + if (ret != HKS_SUCCESS) { + HKS_LOG_I("Destroy key dir failed! ret = 0x%" LOG_PUBLIC "X", ret); /* continue delete */ + } + + HKS_FREE(storePath); + return HKS_SUCCESS; +} + +int32_t HksStoreDestroy(const struct HksBlob *processName) +{ + char *name = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_RETURN(name, HKS_ERROR_MALLOC_FAIL) + + int32_t ret; + do { + ret = ConstructName(processName, name, HKS_MAX_FILE_NAME_LEN); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "Construct process name failed! ret = 0x%" LOG_PUBLIC "X.", ret) + + ret = StoreDestroy(name, HKS_STORAGE_BAK_FLAG_FLASE); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "Hks destroy dir failed! ret = 0x%" LOG_PUBLIC "X.", ret) + +#ifdef SUPPORT_STORAGE_BACKUP + ret = StoreDestroy(name, HKS_STORAGE_BAK_FLAG_TRUE); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "Hks destroy back dir failed! ret = 0x%" LOG_PUBLIC "X.", ret) +#endif + } while (0); + + HKS_FREE(name); + return ret; +} + +#ifdef HKS_ENABLE_SMALL_TO_SERVICE +int32_t HksIsOldKeyPathCleared(uint32_t *keyCount) +{ + return GetFileCount(HKS_KEY_STORE_PATH "/hks_client/key", keyCount); +} +#endif + +#ifdef HKS_ENABLE_EVENT_DELETE +#ifdef L2_STANDARD +static void DeleteUserIdMainPathAndBakPath(const char *userData, const char *deDataPath, const char *ceOrEceDataPath) +{ + char dePath[HKS_MAX_DIRENT_FILE_LEN] = ""; + int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s", + deDataPath, userData); + if (offset > 0) { + HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath); + (void)HksDeleteDir(dePath); + } else { + HKS_LOG_E("get de path failed"); + } + + char cePath[HKS_MAX_DIRENT_FILE_LEN] = ""; + offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s", + HKS_CE_ROOT_PATH, userData, ceOrEceDataPath); + if (offset > 0) { + HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath); + (void)HksDeleteDir(cePath); + } else { + HKS_LOG_E("get ce path failed"); + } + + char ecePath[HKS_MAX_DIRENT_FILE_LEN] = ""; + offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s", + HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath); + if (offset > 0) { + HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath); + (void)HksDeleteDir(ecePath); + } else { + HKS_LOG_E("get ece path failed"); + } +} + +static void DeleteUserIdPath(const struct HksBlob *userId) +{ + int32_t ret; + char *userData = NULL; + do { + userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed") + + ret = ConstructPlainName(userId, userData, HKS_MAX_FILE_NAME_LEN); + HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret) + + (void)DeleteUserIdMainPathAndBakPath(userData, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH); +#ifdef SUPPORT_STORAGE_BACKUP + (void)DeleteUserIdMainPathAndBakPath(userData, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH); +#endif + } while (0); + HKS_FREE(userData); + return; +} + +static void DeleteUidMainPathAndBakPath(const char *userData, const char *uidData, + const char *deDataPath, const char *ceOrEceDataPath) +{ + char dePath[HKS_MAX_DIRENT_FILE_LEN] = ""; + int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s", + deDataPath, userData, uidData); + if (offset > 0) { + HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath); + (void)HksDeleteDir(dePath); + } else { + HKS_LOG_E("get de path failed"); + } + + char cePath[HKS_MAX_DIRENT_FILE_LEN] = ""; + offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s", + HKS_CE_ROOT_PATH, userData, ceOrEceDataPath, uidData); + if (offset > 0) { + HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath); + (void)HksDeleteDir(cePath); + } else { + HKS_LOG_E("get ce path failed"); + } + + char ecePath[HKS_MAX_DIRENT_FILE_LEN] = ""; + offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s", + HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath, uidData); + if (offset > 0) { + HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath); + (void)HksDeleteDir(ecePath); + } else { + HKS_LOG_E("get ece path failed"); + } +} + +static void DeleteUidPath(const struct HksProcessInfo *processInfo) +{ + int32_t ret; + char *userData = NULL; + char *uidData = NULL; + do { + userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed") + + uidData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_LOGE_BREAK(uidData, "malloc uid data failed") + + ret = ConstructPlainName(&processInfo->userId, userData, HKS_MAX_FILE_NAME_LEN); + HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret) + + ret = ConstructPlainName(&processInfo->processName, uidData, HKS_MAX_FILE_NAME_LEN); + HKS_IF_NOT_SUCC_BREAK(ret, "construct uid name failed, ret = %" LOG_PUBLIC "d", ret) + + (void)DeleteUidMainPathAndBakPath(userData, uidData, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH); +#ifdef SUPPORT_STORAGE_BACKUP + (void)DeleteUidMainPathAndBakPath(userData, uidData, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH); +#endif + } while (0); + HKS_FREE(userData); + HKS_FREE(uidData); + return; +} +#endif + +void HksServiceDeleteUserIDKeyAliasFile(const struct HksBlob *userId) +{ + char *userData = NULL; + int32_t ret; + do { + userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed") + + // construct non-plain name for de path + ret = ConstructName(userId, userData, HKS_MAX_FILE_NAME_LEN); + HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret) + + char userProcess[HKS_MAX_DIRENT_FILE_LEN] = ""; + int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s", HKS_KEY_STORE_PATH, userData); + if (offset < 0) { + HKS_LOG_E("concatenate UserIdPath failed."); + ret = HKS_ERROR_BUFFER_TOO_SMALL; + break; + } + + // ignore these results for ensure to clear data as most as possible + ret = HksDeleteDir(userProcess); + HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret) +#ifdef L2_STANDARD + (void)DeleteUserIdPath(userId); +#endif + } while (0); + HKS_FREE(userData); +} + +void HksServiceDeleteUIDKeyAliasFile(const struct HksProcessInfo *processInfo) +{ + char *userData = NULL; + char *uidData = NULL; + int32_t ret; + do { + userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed") + + // construct non-plain name for de path, and skip user path for user 0 + if (processInfo->userIdInt != 0) { + ret = ConstructName(&processInfo->userId, userData, HKS_MAX_FILE_NAME_LEN); + HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret) + } + + uidData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN); + if (uidData == NULL) { + HKS_LOG_E("malloc user data failed"); + ret = HKS_ERROR_MALLOC_FAIL; + break; + } + + ret = ConstructName(&processInfo->processName, uidData, HKS_MAX_FILE_NAME_LEN); + HKS_IF_NOT_SUCC_BREAK(ret, "construct uid name failed, ret = %" LOG_PUBLIC "d", ret) + + char userProcess[HKS_MAX_DIRENT_FILE_LEN] = ""; + int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s", + HKS_KEY_STORE_PATH, userData, uidData); + if (offset < 0) { + HKS_LOG_E("concatenate uidPath failed."); + ret = HKS_ERROR_BUFFER_TOO_SMALL; + break; + } + + HKS_LOG_I("delete path : %" LOG_PUBLIC "s", userProcess); + + // ignore these results for ensure to clear data as most as possible + ret = HksDeleteDir(userProcess); + HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret) +#ifdef L2_STANDARD + (void)DeleteUidPath(processInfo); +#endif + } while (0); + HKS_FREE(userData); + HKS_FREE(uidData); +} + +static int32_t GetHksKeyAliasSet(const struct HksFileEntry *fileNameList, const uint32_t fileCount, + struct HksKeyAliasSet **outData) +{ + if (fileCount == 0) { + return HKS_SUCCESS; + } + + int32_t ret; + struct HksKeyAliasSet *tempAliasSet = (struct HksKeyAliasSet *)(HksMalloc(sizeof(struct HksKeyAliasSet))); + HKS_IF_NULL_LOGE_RETURN(tempAliasSet, HKS_ERROR_MALLOC_FAIL, "malloc key alias set failed") + tempAliasSet->aliasesCnt = fileCount; + + do { + tempAliasSet->aliases = (struct HksBlob *)HksMalloc(fileCount * sizeof(struct HksBlob)); + if (tempAliasSet->aliases == NULL) { + HKS_LOG_E("malloc aliases fail"); + ret = HKS_ERROR_MALLOC_FAIL; + break; + } + + for (uint32_t i = 0; i < fileCount; i++) { + uint32_t size = strlen(fileNameList[i].fileName); + tempAliasSet->aliases[i].size = size; + tempAliasSet->aliases[i].data = (uint8_t *)HksMalloc(size); + if (tempAliasSet->aliases[i].data == NULL) { + HKS_LOG_E("malloc alias %" LOG_PUBLIC "d fail", i); + ret = HKS_ERROR_MALLOC_FAIL; + break; + } + + ret = ConstructBlob(fileNameList[i].fileName, &(tempAliasSet->aliases[i])); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "construct blob failed, ret = %" LOG_PUBLIC "d", ret) + } + } while (0); + + if (ret != HKS_SUCCESS) { + HksFreeKeyAliasSet(tempAliasSet); + return ret; + } + + *outData = tempAliasSet; + return ret; +} + +static int32_t GetHksFileEntry(const struct HksStoreFileInfo *fileInfo, struct HksFileEntry **fileNameList, + uint32_t *fileCnt) +{ + uint32_t fileCount; + int32_t ret = GetFileCount(fileInfo->mainPath.path, &fileCount); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get storage file count, ret = %" LOG_PUBLIC "d.", ret) + if (fileCount == 0) { + return HKS_SUCCESS; + } + if (fileCount > HKS_MAX_KEY_ALIAS_COUNT) { + HKS_LOG_E("file count too long, count = %" LOG_PUBLIC "u.", fileCount); + return HKS_ERROR_BUFFER_TOO_SMALL; + } + + struct HksFileEntry *tempFileNameList = NULL; + uint32_t realfileCount = fileCount; + do { + ret = FileNameListInit(&tempFileNameList, fileCount); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "init file name list failed, ret = %" LOG_PUBLIC "d", ret) + + ret = GetFileNameList(fileInfo->mainPath.path, tempFileNameList, &realfileCount); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get file name list failed, ret = %" LOG_PUBLIC "d", ret) + } while (0); + + // case: do GetFileNameList, maybe realfileCount < fileCount + if (ret != HKS_SUCCESS || realfileCount < fileCount) { + FileNameListFree(&tempFileNameList, fileCount); + return ret; + } + + *fileCnt = fileCount; + *fileNameList = tempFileNameList; + return ret; +} + +int32_t HksListAliasesByProcessName(const struct HksStoreFileInfo *fileInfo, struct HksKeyAliasSet **outData) +{ + int32_t ret; + struct HksFileEntry *fileNameList = NULL; + uint32_t fileCnt; + do { + ret = GetHksFileEntry(fileInfo, &fileNameList, &fileCnt); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get file entry failed, ret = %" LOG_PUBLIC "d.", ret) + + // case success and has data + if (fileNameList != NULL) { + ret = GetHksKeyAliasSet(fileNameList, fileCnt, outData); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get key alias set failed, ret = %" LOG_PUBLIC "d.", ret) + } + } while (0); + + if (fileNameList != NULL) { + FileNameListFree(&fileNameList, fileCnt); + } + return ret; +} + +#endif +#endif /* _CUT_AUTHENTICATE_ */ diff --git a/services/huks_standard/huks_service/main/core/src/hks_storage_adapter.c b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_adapter.c similarity index 97% rename from services/huks_standard/huks_service/main/core/src/hks_storage_adapter.c rename to services/huks_standard/huks_service/main/hks_storage/src/hks_storage_adapter.c index a5dbc13d..91685cfd 100644 --- a/services/huks_standard/huks_service/main/core/src/hks_storage_adapter.c +++ b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_adapter.c @@ -1,136 +1,136 @@ -/* - * Copyright (c) 2020-2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _CUT_AUTHENTICATE_ -#ifdef _STORAGE_LITE_ - -#include "hks_storage_adapter.h" - -#include "hks_log.h" -#include "hks_param.h" -#include "hks_template.h" - -bool HksIsKeyInfoLenInvalid(struct HksStoreKeyInfo *keyInfo) -{ - return (keyInfo->aliasSize > HKS_MAX_KEY_ALIAS_LEN) || (keyInfo->aliasSize == 0) || - (keyInfo->keySize > HKS_MAX_KEY_MATERIAL_LEN) || (keyInfo->keySize == 0) || - (keyInfo->authIdSize > HKS_MAX_KEY_AUTH_ID_LEN) || - (keyInfo->keyInfoLen != (sizeof(*keyInfo) + keyInfo->aliasSize + keyInfo->authIdSize + keyInfo->keySize)); -} - -static int32_t AddStorageFixedParams(const struct HksStoreKeyInfo *keyInfo, struct HksParamSet *paramSet) -{ - struct HksParam params[] = { - { - .tag = HKS_TAG_KEY_FLAG, - .uint32Param = keyInfo->flag - }, { - .tag = HKS_TAG_ALGORITHM, - .uint32Param = keyInfo->keyAlg - }, { - .tag = HKS_TAG_PURPOSE, - .uint32Param = keyInfo->purpose - }, { - .tag = HKS_TAG_KEY_SIZE, - .uint32Param = keyInfo->keyLen - }, { - .tag = HKS_TAG_DIGEST, - .uint32Param = keyInfo->digest - }, { - .tag = HKS_TAG_PADDING, - .uint32Param = keyInfo->padding - }, { - .tag = HKS_TAG_BLOCK_MODE, - .uint32Param = keyInfo->keyMode - }, { - .tag = HKS_TAG_KEY_ROLE, - .uint32Param = keyInfo->role - }, { - .tag = HKS_TAG_KEY_DOMAIN, - .uint32Param = keyInfo->domain - }, - }; - - int32_t ret = HksAddParams(paramSet, params, sizeof(params) / sizeof(params[0])); - HKS_IF_NOT_SUCC_LOGE(ret, "HksAddParams failed!") - - return ret; -} - -static int32_t AddStorageParams(const struct HksBlob *key, const struct HksBlob *keyInfoBlob, - struct HksParamSet *paramSet) -{ - if (keyInfoBlob->size < sizeof(struct HksStoreKeyInfo)) { - HKS_LOG_E("invalid keyInfoBlob, size too small, size = %" LOG_PUBLIC "u", keyInfoBlob->size); - return HKS_ERROR_INVALID_KEY_INFO; - } - - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)keyInfoBlob->data; - if (HksIsKeyInfoLenInvalid(keyInfo)) { - HKS_LOG_E("invalid keyInfoBlob len"); - return HKS_ERROR_INVALID_KEY_INFO; - } - - int32_t ret = AddStorageFixedParams(keyInfo, paramSet); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "add storage fixed params failed!") - - if (keyInfo->authIdSize != 0) { - struct HksBlob keyAuthId = { keyInfo->authIdSize, keyInfoBlob->data + sizeof(*keyInfo) + keyInfo->aliasSize }; - struct HksParam keyAuthIdParam = { - .tag = HKS_TAG_KEY_AUTH_ID, - .blob = keyAuthId - }; - ret = HksAddParams(paramSet, &keyAuthIdParam, 1); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksAddParams keyAuthId failed!") - } - - if (key != NULL) { - struct HksParam keyParam = { - .tag = HKS_TAG_KEY, - .blob = *key - }; - ret = HksAddParams(paramSet, &keyParam, 1); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksAddParams key failed!") - } - return ret; -} - -int32_t TranslateKeyInfoBlobToParamSet(const struct HksBlob *key, const struct HksBlob *keyInfoBlob, - struct HksParamSet **paramSet) -{ - struct HksParamSet *outputParamSet = NULL; - int32_t ret = HksInitParamSet(&outputParamSet); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksInitParamSet failed!") - - do { - ret = AddStorageParams(key, keyInfoBlob, outputParamSet); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddParams failed!") - - ret = HksBuildParamSet(&outputParamSet); - HKS_IF_NOT_SUCC_LOGE(ret, "HksBuildParamSet failed!") - } while (0); - - if (ret != HKS_SUCCESS) { - HKS_LOG_E("ConstructParamSet failed."); - HksFreeParamSet(&outputParamSet); - return ret; - } - - *paramSet = outputParamSet; - return ret; -} - -#endif /* _STORAGE_LITE_ */ -#endif /* _CUT_AUTHENTICATE_ */ +/* + * Copyright (c) 2020-2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _CUT_AUTHENTICATE_ +#ifdef _STORAGE_LITE_ + +#include "hks_storage_adapter.h" + +#include "hks_log.h" +#include "hks_param.h" +#include "hks_template.h" + +bool HksIsKeyInfoLenInvalid(struct HksStoreKeyInfo *keyInfo) +{ + return (keyInfo->aliasSize > HKS_MAX_KEY_ALIAS_LEN) || (keyInfo->aliasSize == 0) || + (keyInfo->keySize > HKS_MAX_KEY_MATERIAL_LEN) || (keyInfo->keySize == 0) || + (keyInfo->authIdSize > HKS_MAX_KEY_AUTH_ID_LEN) || + (keyInfo->keyInfoLen != (sizeof(*keyInfo) + keyInfo->aliasSize + keyInfo->authIdSize + keyInfo->keySize)); +} + +static int32_t AddStorageFixedParams(const struct HksStoreKeyInfo *keyInfo, struct HksParamSet *paramSet) +{ + struct HksParam params[] = { + { + .tag = HKS_TAG_KEY_FLAG, + .uint32Param = keyInfo->flag + }, { + .tag = HKS_TAG_ALGORITHM, + .uint32Param = keyInfo->keyAlg + }, { + .tag = HKS_TAG_PURPOSE, + .uint32Param = keyInfo->purpose + }, { + .tag = HKS_TAG_KEY_SIZE, + .uint32Param = keyInfo->keyLen + }, { + .tag = HKS_TAG_DIGEST, + .uint32Param = keyInfo->digest + }, { + .tag = HKS_TAG_PADDING, + .uint32Param = keyInfo->padding + }, { + .tag = HKS_TAG_BLOCK_MODE, + .uint32Param = keyInfo->keyMode + }, { + .tag = HKS_TAG_KEY_ROLE, + .uint32Param = keyInfo->role + }, { + .tag = HKS_TAG_KEY_DOMAIN, + .uint32Param = keyInfo->domain + }, + }; + + int32_t ret = HksAddParams(paramSet, params, sizeof(params) / sizeof(params[0])); + HKS_IF_NOT_SUCC_LOGE(ret, "HksAddParams failed!") + + return ret; +} + +static int32_t AddStorageParams(const struct HksBlob *key, const struct HksBlob *keyInfoBlob, + struct HksParamSet *paramSet) +{ + if (keyInfoBlob->size < sizeof(struct HksStoreKeyInfo)) { + HKS_LOG_E("invalid keyInfoBlob, size too small, size = %" LOG_PUBLIC "u", keyInfoBlob->size); + return HKS_ERROR_INVALID_KEY_INFO; + } + + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)keyInfoBlob->data; + if (HksIsKeyInfoLenInvalid(keyInfo)) { + HKS_LOG_E("invalid keyInfoBlob len"); + return HKS_ERROR_INVALID_KEY_INFO; + } + + int32_t ret = AddStorageFixedParams(keyInfo, paramSet); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "add storage fixed params failed!") + + if (keyInfo->authIdSize != 0) { + struct HksBlob keyAuthId = { keyInfo->authIdSize, keyInfoBlob->data + sizeof(*keyInfo) + keyInfo->aliasSize }; + struct HksParam keyAuthIdParam = { + .tag = HKS_TAG_KEY_AUTH_ID, + .blob = keyAuthId + }; + ret = HksAddParams(paramSet, &keyAuthIdParam, 1); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksAddParams keyAuthId failed!") + } + + if (key != NULL) { + struct HksParam keyParam = { + .tag = HKS_TAG_KEY, + .blob = *key + }; + ret = HksAddParams(paramSet, &keyParam, 1); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksAddParams key failed!") + } + return ret; +} + +int32_t TranslateKeyInfoBlobToParamSet(const struct HksBlob *key, const struct HksBlob *keyInfoBlob, + struct HksParamSet **paramSet) +{ + struct HksParamSet *outputParamSet = NULL; + int32_t ret = HksInitParamSet(&outputParamSet); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "HksInitParamSet failed!") + + do { + ret = AddStorageParams(key, keyInfoBlob, outputParamSet); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddParams failed!") + + ret = HksBuildParamSet(&outputParamSet); + HKS_IF_NOT_SUCC_LOGE(ret, "HksBuildParamSet failed!") + } while (0); + + if (ret != HKS_SUCCESS) { + HKS_LOG_E("ConstructParamSet failed."); + HksFreeParamSet(&outputParamSet); + return ret; + } + + *paramSet = outputParamSet; + return ret; +} + +#endif /* _STORAGE_LITE_ */ +#endif /* _CUT_AUTHENTICATE_ */ diff --git a/services/huks_standard/huks_service/main/core/src/hks_storage_file_lock.c b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_file_lock.c similarity index 100% rename from services/huks_standard/huks_service/main/core/src/hks_storage_file_lock.c rename to services/huks_standard/huks_service/main/hks_storage/src/hks_storage_file_lock.c diff --git a/services/huks_standard/huks_service/main/core/src/hks_storage_lite.c b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_lite.c similarity index 97% rename from services/huks_standard/huks_service/main/core/src/hks_storage_lite.c rename to services/huks_standard/huks_service/main/hks_storage/src/hks_storage_lite.c index 62841cdb..0bbd360a 100644 --- a/services/huks_standard/huks_service/main/core/src/hks_storage_lite.c +++ b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_lite.c @@ -1,918 +1,918 @@ -/* - * Copyright (c) 2020-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _CUT_AUTHENTICATE_ - -#ifdef _STORAGE_LITE_ - -#include "hks_storage.h" - -#include "hks_file_operator.h" -#include "hks_log.h" -#include "hks_mem.h" -#include "hks_param.h" -#include "hks_storage_adapter.h" -#include "hks_template.h" - -#include "huks_access.h" - -#define HKS_FILE_OFFSET_BASE 0 -#define MAX_STORAGE_SIZE 5120 -#define MAX_BUF_SIZE 65536 -#define BUF_SIZE_ADDEND_PER_TIME 1024 -#define HKS_STORAGE_VERSION 1 -#define HKS_STORAGE_RESERVED_SEALING_ALG 0xFEDCBA98 - -struct HksBlob g_storageImageBuffer = { 0, NULL }; - -static uint32_t HksGetStoreFileOffset(void) -{ - return HKS_FILE_OFFSET_BASE; -} - -static int32_t ConstructCalcMacParamSet(struct HksParamSet **paramSet) -{ - struct HksParamSet *outputParamSet = NULL; - int32_t ret = HksInitParamSet(&outputParamSet); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - do { - struct HksParam digestParam = { - .tag = HKS_TAG_DIGEST, - .uint32Param = HKS_DIGEST_SHA512 - }; - - ret = HksAddParams(outputParamSet, &digestParam, 1); /* 1: param count */ - HKS_IF_NOT_SUCC_BREAK(ret) - - ret = HksBuildParamSet(&outputParamSet); - } while (0); - - if (ret != HKS_SUCCESS) { - HksFreeParamSet(&outputParamSet); - return ret; - } - - *paramSet = outputParamSet; - return ret; -} - -static int32_t CalcHeaderMac(const struct HksBlob *salt, const uint8_t *buf, - const uint32_t srcSize, struct HksBlob *mac) -{ - if (srcSize == 0) { - return HKS_ERROR_INVALID_ARGUMENT; - } - - struct HksBlob srcData = { srcSize, NULL }; - srcData.data = (uint8_t *)HksMalloc(srcData.size); - HKS_IF_NULL_RETURN(srcData.data, HKS_ERROR_MALLOC_FAIL) - - int32_t ret; - struct HksParamSet *paramSet = NULL; - do { - if (memcpy_s(srcData.data, srcData.size, buf, srcSize) != EOK) { - ret = HKS_ERROR_INSUFFICIENT_MEMORY; - break; - } - - ret = ConstructCalcMacParamSet(¶mSet); - HKS_IF_NOT_SUCC_BREAK(ret) - - ret = HuksAccessCalcHeaderMac(paramSet, salt, &srcData, mac); - HKS_IF_NOT_SUCC_LOGE(ret, "access calc header mac failed, ret = %" LOG_PUBLIC "d.", ret) - } while (0); - - HKS_FREE_BLOB(srcData); - HksFreeParamSet(¶mSet); - return ret; -} - -static int32_t InitImageBuffer(void) -{ - /* caller func ensure g_storageImageBuffer.size is larger than sizeof(*keyInfoHead) */ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - keyInfoHead->version = HKS_STORAGE_VERSION; - keyInfoHead->keyCount = 0; - keyInfoHead->totalLen = sizeof(*keyInfoHead); - keyInfoHead->sealingAlg = HKS_STORAGE_RESERVED_SEALING_ALG; - - struct HksBlob salt = { HKS_DERIVE_DEFAULT_SALT_LEN, keyInfoHead->salt }; - int32_t ret = HuksAccessGenerateRandom(NULL, &salt); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "generate random failed, ret = %" LOG_PUBLIC "d", ret) - - struct HksBlob mac = { HKS_HMAC_DIGEST_SHA512_LEN, keyInfoHead->hmac }; - uint16_t size = sizeof(*keyInfoHead) - HKS_HMAC_DIGEST_SHA512_LEN; - - return CalcHeaderMac(&salt, g_storageImageBuffer.data, size, &mac); -} - -static void CleanImageBuffer(void) -{ - if (g_storageImageBuffer.data == NULL) { - return; - } - (void)memset_s(g_storageImageBuffer.data, g_storageImageBuffer.size, 0, g_storageImageBuffer.size); -} - -static int32_t ApplyImageBuffer(uint32_t size) -{ - if (g_storageImageBuffer.data != NULL) { - return HKS_SUCCESS; - } - - if ((size == 0) || (size > MAX_BUF_SIZE)) { - HKS_LOG_E("invalid size = %" LOG_PUBLIC "u", size); - return HKS_ERROR_INVALID_ARGUMENT; - } - - g_storageImageBuffer.data = (uint8_t *)HksMalloc(size); - HKS_IF_NULL_RETURN(g_storageImageBuffer.data, HKS_ERROR_MALLOC_FAIL) - - g_storageImageBuffer.size = size; - - return HKS_SUCCESS; -} - -static void FreeImageBuffer(void) -{ - CleanImageBuffer(); - HKS_FREE_BLOB(g_storageImageBuffer); -} - -static int32_t FreshImageBuffer(const char *fileName) -{ - /* caller func ensure g_storageImageBuffer.size is larger than sizeof(*keyInfoHead) */ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - uint32_t totalLen = keyInfoHead->totalLen; - - /* check totalLen */ - if ((totalLen < sizeof(*keyInfoHead)) || (totalLen > MAX_STORAGE_SIZE)) { - return HKS_ERROR_INVALID_KEY_FILE; - } - - if (totalLen == sizeof(*keyInfoHead)) { - return HKS_SUCCESS; - } - - uint32_t offset = HksGetStoreFileOffset(); - uint32_t fileLen = HksFileSize(HKS_KEY_STORE_PATH, fileName); - if (fileLen < (totalLen + offset)) { /* keyfile len at least totalLen + offset */ - HKS_LOG_E("total Len: %" LOG_PUBLIC "u, invalid file size: %" LOG_PUBLIC "u", totalLen, fileLen); - return HKS_ERROR_INVALID_KEY_FILE; - } - - uint8_t *buf = (uint8_t *)HksMalloc(totalLen); - HKS_IF_NULL_RETURN(buf, HKS_ERROR_MALLOC_FAIL) - - struct HksBlob blob = { .size = totalLen, .data = buf }; - - int32_t ret = HksFileRead(HKS_KEY_STORE_PATH, fileName, offset, &blob, &fileLen); - if (ret != HKS_SUCCESS) { - HKS_FREE(buf); - return HKS_ERROR_READ_FILE_FAIL; - } - - FreeImageBuffer(); - g_storageImageBuffer.data = buf; - g_storageImageBuffer.size = totalLen; - - return HKS_SUCCESS; -} - -static int32_t CheckKeyInfoHeaderValid(void) -{ - /* caller func ensure g_storageImageBuffer.size is larger than sizeof(*keyInfoHead) */ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - - uint8_t mac512[HKS_HMAC_DIGEST_SHA512_LEN] = {0}; - struct HksBlob mac = { HKS_HMAC_DIGEST_SHA512_LEN, mac512 }; - struct HksBlob salt = { HKS_DERIVE_DEFAULT_SALT_LEN, keyInfoHead->salt }; - uint16_t size = sizeof(*keyInfoHead) - HKS_HMAC_DIGEST_SHA512_LEN; - - int32_t ret = CalcHeaderMac(&salt, g_storageImageBuffer.data, size, &mac); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - if (HksMemCmp(mac.data, keyInfoHead->hmac, HKS_HMAC_DIGEST_SHA512_LEN) != 0) { - HKS_LOG_E("hmac value not match"); - return HKS_ERROR_INVALID_KEY_FILE; - } - - return HKS_SUCCESS; -} - -static int32_t RefreshKeyInfoHeaderHmac(struct HksStoreHeaderInfo *keyInfoHead) -{ - struct HksBlob mac = { HKS_HMAC_DIGEST_SHA512_LEN, keyInfoHead->hmac }; - struct HksBlob salt = { HKS_DERIVE_DEFAULT_SALT_LEN, keyInfoHead->salt }; - uint16_t size = sizeof(*keyInfoHead) - HKS_HMAC_DIGEST_SHA512_LEN; - - uint8_t *buffer = (uint8_t *)HksMalloc(sizeof(*keyInfoHead)); - HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL) - - (void)memcpy_s(buffer, sizeof(*keyInfoHead), keyInfoHead, sizeof(*keyInfoHead)); - - int32_t ret = CalcHeaderMac(&salt, buffer, size, &mac); - HKS_FREE(buffer); - return ret; -} - -static struct HksBlob HksGetImageBuffer(void) -{ - return g_storageImageBuffer; -} - -static int32_t LoadFileToBuffer(const char *fileName) -{ - /* 1. read key info header */ - uint32_t offset = HksGetStoreFileOffset(); - uint32_t len = 0; - int32_t ret = HksFileRead(HKS_KEY_STORE_PATH, fileName, offset, - &g_storageImageBuffer, &len); - - do { - /* 2. file not exist or read nothing, init image */ - if (ret != HKS_SUCCESS) { - HKS_LOG_I("file not exist, init buffer."); - ret = InitImageBuffer(); - HKS_IF_NOT_SUCC_BREAK(ret) /* init fail, need free global buf */ - return ret; - } - - /* 3. read header success, check keyinfo header */ - HKS_LOG_I("file exist, check buffer."); - ret = CheckKeyInfoHeaderValid(); - HKS_IF_NOT_SUCC_BREAK(ret) - - /* 4. check success, load full buffer */ - ret = FreshImageBuffer(fileName); - } while (0); - - if (ret != HKS_SUCCESS) { - FreeImageBuffer(); - } - - return ret; -} - -int32_t HksLoadFileToBuffer(void) -{ - if (g_storageImageBuffer.data != NULL) { - return HKS_SUCCESS; - } - - /* 1. malloc keyinfo header size buffer */ - int32_t ret = ApplyImageBuffer(sizeof(struct HksStoreHeaderInfo)); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - CleanImageBuffer(); - - /* 2. read file to buffer */ - return LoadFileToBuffer(HKS_KEY_STORE_FILE_NAME); -} - -static int32_t CleanStorageKeyInfo(const char *fileName) -{ - int32_t ret = InitImageBuffer(); - if (ret != HKS_SUCCESS) { - FreeImageBuffer(); - return ret; - } - - /* write to file */ - uint32_t totalLen = sizeof(struct HksStoreHeaderInfo); - uint32_t fileOffset = HksGetStoreFileOffset(); - ret = HksFileWrite(HKS_KEY_STORE_PATH, fileName, fileOffset, g_storageImageBuffer.data, totalLen); - if (ret != HKS_SUCCESS) { - HKS_LOG_E("write file failed when hks refresh file buffer"); - FreeImageBuffer(); - } - return ret; -} - -int32_t HksFileBufferRefresh(void) -{ - /* malloc keyinfo header size buffer */ - int32_t ret = ApplyImageBuffer(sizeof(struct HksStoreHeaderInfo)); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - CleanImageBuffer(); - - return CleanStorageKeyInfo(HKS_KEY_STORE_FILE_NAME); -} - -/* - * Storage format: - * keyInfoHeader + keyInfo1 + keyInfo2 + ... + keyInfoN - * - * +--------------------------------------------------------------+ - * KeyInfoHeader: | version | keyCount | totalLen | sealingAlg | salt | hmac | - * | 2bytes | 2bytes | 4bytes | 4bytes |16bytes |64bytes | - * +--------------------------------------------------------------+ - * - * +---------------------------------------------------------------------+ - * KeyInfo: | keyInfoLen | keySize | nonce | flag | keyAlg | keyMode | digest | - * | 2bytes | 2bytes | 16bytes | 1bytes | 1bytes | 1bytes | 1bytes | - * +---------------------------------------------------------------------+ - * | padding | rsv | keyLen | purpose | role | domain | aliasSize | - * | 1bytes | 1bytes | 2bytes | 4bytes | 4bytes | 21bytes | 1bytes | - * +--------------------------------------------------------------------+ - * | AuthIdSize | keyAlias | keyAuthId | key | - * | 1bytes | max 64bytes | max 64bytes | max keyMaterial size | - * +---------------------------------------------------------------+ - */ -static int32_t GetKeyOffsetByKeyAlias(const struct HksBlob *keyAlias, uint32_t *keyOffset) -{ - struct HksBlob storageBuf = HksGetImageBuffer(); - if (storageBuf.size < sizeof(struct HksStoreHeaderInfo)) { - HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", storageBuf.size); - return HKS_ERROR_INVALID_KEY_FILE; - } - - /* 1. get imageBuffer total Len */ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)storageBuf.data; - uint32_t keyCount = keyInfoHead->keyCount; - uint32_t totalLen = keyInfoHead->totalLen; - if (keyCount == 0) { - return HKS_ERROR_NOT_EXIST; - } - if (totalLen > storageBuf.size) { - HKS_LOG_E("storageBuf size invalid"); - return HKS_ERROR_INVALID_KEY_FILE; - } - - /* 2. traverse imageBuffer to search for keyAlias */ - uint32_t offset = sizeof(*keyInfoHead); - for (uint32_t i = 0; i < keyCount; ++i) { - if ((totalLen < offset) || ((totalLen - offset) < sizeof(struct HksStoreKeyInfo))) { - HKS_LOG_E("invalid keyinfo size."); - return HKS_ERROR_INVALID_KEY_FILE; - } - - uint8_t *tmpBuf = storageBuf.data + offset; - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)tmpBuf; - if (HksIsKeyInfoLenInvalid(keyInfo) || (keyInfo->keyInfoLen > (totalLen - offset))) { - HKS_LOG_E("invalid keyinfo len"); - return HKS_ERROR_INVALID_KEY_FILE; - } - - if (keyInfo->aliasSize == keyAlias->size) { - if (HksMemCmp(keyAlias->data, tmpBuf + sizeof(*keyInfo), keyAlias->size) == 0) { - *keyOffset = offset; - return HKS_SUCCESS; - } - } - - offset += keyInfo->keyInfoLen; - } - - return HKS_ERROR_NOT_EXIST; -} - -static int32_t AdjustImageBuffer(uint32_t totalLenAdded, const struct HksBlob *keyBlob) -{ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - - /* buffer has been checked will not overflow */ - uint32_t newBufLen = g_storageImageBuffer.size + - ((keyBlob->size > BUF_SIZE_ADDEND_PER_TIME) ? keyBlob->size : BUF_SIZE_ADDEND_PER_TIME); - uint8_t *buf = (uint8_t *)HksMalloc(newBufLen); - HKS_IF_NULL_RETURN(buf, HKS_ERROR_MALLOC_FAIL) - - (void)memset_s(buf, newBufLen, 0, newBufLen); - - /* copy old imagebuf to new malloc buf */ - if (memcpy_s(buf, newBufLen, g_storageImageBuffer.data, keyInfoHead->totalLen) != EOK) { - HKS_FREE(buf); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - - /* append new add key buffer to the end */ - if (memcpy_s(buf + keyInfoHead->totalLen, newBufLen - keyInfoHead->totalLen, - keyBlob->data, keyBlob->size) != EOK) { - HKS_FREE(buf); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - - struct HksStoreHeaderInfo *newHead = (struct HksStoreHeaderInfo *)buf; - newHead->totalLen = totalLenAdded; - newHead->keyCount += 1; - - FreeImageBuffer(); - g_storageImageBuffer.data = buf; - g_storageImageBuffer.size = newBufLen; - - return HKS_SUCCESS; -} - -static int32_t AppendNewKey(const struct HksBlob *keyBlob) -{ - struct HksBlob storageBuf = HksGetImageBuffer(); - if (storageBuf.size < sizeof(struct HksStoreHeaderInfo)) { - HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", storageBuf.size); - return HKS_ERROR_INVALID_KEY_FILE; - } - - /* 1. get imagebuf total Len */ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)storageBuf.data; - - if (IsAdditionOverflow(keyInfoHead->totalLen, keyBlob->size)) { - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - - uint32_t totalLenAdded = keyInfoHead->totalLen + keyBlob->size; - if (totalLenAdded > MAX_STORAGE_SIZE) { - HKS_LOG_E("after add, buffer too big to store"); - return HKS_ERROR_STORAGE_FAILURE; - } - - /* imagebuf is enough to append new keyinfo */ - if (storageBuf.size >= totalLenAdded) { - if (memcpy_s(storageBuf.data + keyInfoHead->totalLen, storageBuf.size - keyInfoHead->totalLen, - keyBlob->data, keyBlob->size) != EOK) { - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - keyInfoHead->totalLen = totalLenAdded; - keyInfoHead->keyCount += 1; - return HKS_SUCCESS; - } - - /* need malloc new buffer */ - return AdjustImageBuffer(totalLenAdded, keyBlob); -} - -static int32_t GetLenAfterAddKey(const struct HksBlob *keyBlob, uint32_t totalLen, uint32_t *totalLenAdded) -{ - if (IsAdditionOverflow(totalLen, keyBlob->size)) { - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - - uint32_t newTotalLen = totalLen + keyBlob->size; - if (newTotalLen > MAX_STORAGE_SIZE) { - HKS_LOG_E("after add, buffer too big to store"); - return HKS_ERROR_STORAGE_FAILURE; - } - - *totalLenAdded = newTotalLen; - return HKS_SUCCESS; -} - -static int32_t DeleteKey(uint32_t keyOffset) -{ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)(g_storageImageBuffer.data + keyOffset); - - uint32_t keyInfoLen = keyInfo->keyInfoLen; - uint32_t nextKeyOffset = keyOffset + keyInfoLen; - if (nextKeyOffset > keyInfoHead->totalLen) { - return HKS_ERROR_INVALID_KEY_FILE; - } - - (void)memset_s(keyInfo, keyInfoLen, 0, keyInfoLen); - - /* If key to delete is not the last key, need to be move image buffer */ - if (nextKeyOffset < keyInfoHead->totalLen) { - if (memmove_s(keyInfo, keyInfoHead->totalLen - keyOffset, g_storageImageBuffer.data + nextKeyOffset, - keyInfoHead->totalLen - nextKeyOffset) != EOK) { - HKS_LOG_E("memmove image buffer failed"); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - /* clear the last buffer */ - (void)memset_s(g_storageImageBuffer.data + keyInfoHead->totalLen - keyInfoLen, keyInfoLen, 0, keyInfoLen); - } - keyInfoHead->keyCount -= 1; - keyInfoHead->totalLen -= keyInfoLen; - - return HKS_SUCCESS; -} - -static int32_t StoreKeyBlob(bool needDeleteKey, uint32_t offset, const struct HksBlob *keyBlob) -{ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)(g_storageImageBuffer.data + offset); - - struct HksStoreHeaderInfo newkeyInfoHead; - if (memcpy_s(&newkeyInfoHead, sizeof(newkeyInfoHead), keyInfoHead, sizeof(*keyInfoHead)) != EOK) { - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - - uint32_t totalLenAdded = 0; - int32_t ret; - - /* 1. check storage buffer enough for store new key */ - if (needDeleteKey) { - ret = GetLenAfterAddKey(keyBlob, keyInfoHead->totalLen - keyInfo->keyInfoLen, &totalLenAdded); - } else { - newkeyInfoHead.keyCount += 1, - ret = GetLenAfterAddKey(keyBlob, keyInfoHead->totalLen, &totalLenAdded); - } - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* 2. calc temp hmac */ - newkeyInfoHead.totalLen = totalLenAdded; - ret = RefreshKeyInfoHeaderHmac(&newkeyInfoHead); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* 3. delete key if keyExist */ - if (needDeleteKey) { - ret = DeleteKey(offset); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - } - - /* 4. append key */ - ret = AppendNewKey(keyBlob); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* 5. replace header */ - if (memcpy_s(g_storageImageBuffer.data, sizeof(newkeyInfoHead), &newkeyInfoHead, sizeof(newkeyInfoHead)) != EOK) { - HKS_LOG_E("replace header memcpy failed"); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - return HKS_SUCCESS; -} - -static int32_t GetFileName(const struct HksBlob *name, char **fileName) -{ - char *tmpName = (char *)HksMalloc(name->size + 1); /* \0 at the end */ - HKS_IF_NULL_RETURN(tmpName, HKS_ERROR_MALLOC_FAIL) - - (void)memcpy_s(tmpName, name->size, name->data, name->size); - tmpName[name->size] = '\0'; - *fileName = tmpName; - return HKS_SUCCESS; -} - -static int32_t StoreRootMaterial(const struct HksBlob *name, const struct HksBlob *buffer) -{ - char *fileName = NULL; - int32_t ret = GetFileName(name, &fileName); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - ret = HksFileWrite(HKS_KEY_STORE_PATH, fileName, 0, buffer->data, buffer->size); - HKS_FREE(fileName); - return ret; -} - -static int32_t IsRootMaterialExist(const struct HksBlob *name) -{ - char *fileName = NULL; - int32_t ret = GetFileName(name, &fileName); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - ret = HksIsFileExist(HKS_KEY_STORE_PATH, fileName); - HKS_FREE(fileName); - HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_NOT_EXIST, "file not exist") - - return ret; -} - -static int32_t GetRootMaterial(const struct HksBlob *name, struct HksBlob *buffer) -{ - char *fileName = NULL; - int32_t ret = GetFileName(name, &fileName); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - uint32_t len = 0; - ret = HksFileRead(HKS_KEY_STORE_PATH, fileName, 0, buffer, &len); - HKS_FREE(fileName); - if (ret != HKS_SUCCESS) { - return HKS_ERROR_READ_FILE_FAIL; - } - return HKS_SUCCESS; -} - -int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyAlias, - uint32_t storageType, const struct HksBlob *keyBlob) -{ - (void)fileInfo; - if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) { - return StoreRootMaterial(keyAlias, keyBlob); - } - - /* 1. check key exist or not */ - uint32_t offset = 0; - int32_t ret = GetKeyOffsetByKeyAlias(keyAlias, &offset); - if ((ret != HKS_SUCCESS) && (ret != HKS_ERROR_NOT_EXIST)) { - return ret; - } - - /* 2. store key blob */ - bool needDeleteKey = (ret == HKS_SUCCESS); - ret = StoreKeyBlob(needDeleteKey, offset, keyBlob); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* 3. write to file */ - uint32_t totalLen = 0; - ret = HksStoreGetToatalSize(&totalLen); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - uint32_t fileOffset = HksGetStoreFileOffset(); - return HksFileWrite(HKS_KEY_STORE_PATH, HKS_KEY_STORE_FILE_NAME, fileOffset, g_storageImageBuffer.data, totalLen); -} - -int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo, - const struct HksBlob *keyAlias, uint32_t storageType) -{ - (void)fileInfo; - (void)storageType; - - /* 1. check key exist or not */ - uint32_t offset = 0; - int32_t ret = GetKeyOffsetByKeyAlias(keyAlias, &offset); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* 2. calc tmp header hmac */ - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)(g_storageImageBuffer.data + offset); - struct HksStoreHeaderInfo newkeyInfoHead; - if (memcpy_s(&newkeyInfoHead, sizeof(newkeyInfoHead), keyInfoHead, sizeof(*keyInfoHead)) != EOK) { - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - newkeyInfoHead.totalLen -= keyInfo->keyInfoLen; - newkeyInfoHead.keyCount -= 1; - - ret = RefreshKeyInfoHeaderHmac(&newkeyInfoHead); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* 3. delete key */ - ret = DeleteKey(offset); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* 4. replace header */ - if (memcpy_s(keyInfoHead, sizeof(*keyInfoHead), &newkeyInfoHead, sizeof(newkeyInfoHead)) != EOK) { - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - - uint32_t fileOffset = HksGetStoreFileOffset(); - return HksFileWrite(HKS_KEY_STORE_PATH, HKS_KEY_STORE_FILE_NAME, fileOffset, - g_storageImageBuffer.data, keyInfoHead->totalLen); -} - -int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo, - const struct HksBlob *keyAlias, uint32_t storageType) -{ - (void)fileInfo; - if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) { - return IsRootMaterialExist(keyAlias); - } - - uint32_t offset = 0; - return GetKeyOffsetByKeyAlias(keyAlias, &offset); -} - -int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, - const struct HksBlob *keyAlias, uint32_t storageType, struct HksBlob *keyBlob) -{ - (void)fileInfoPath; - if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) { - return GetRootMaterial(keyAlias, keyBlob); - } - - uint32_t offset = 0; - int32_t ret = GetKeyOffsetByKeyAlias(keyAlias, &offset); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* get offset success, len has been check valid */ - uint8_t *tmpBuf = g_storageImageBuffer.data + offset; - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)tmpBuf; - - keyBlob->data = (uint8_t *)HksMalloc(keyInfo->keyInfoLen); /* need be freed by caller functions */ - HKS_IF_NULL_RETURN(keyBlob->data, HKS_ERROR_MALLOC_FAIL) - - keyBlob->size = keyInfo->keyInfoLen; - - if (memcpy_s(keyBlob->data, keyBlob->size, tmpBuf, keyInfo->keyInfoLen) != EOK) { - HKS_LOG_E("memcpy to key blob failed."); - HKS_FREE(keyBlob->data); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - - return HKS_SUCCESS; -} - -int32_t HksStoreGetKeyBlobSize(const struct HksBlob *processName, - const struct HksBlob *keyAlias, uint32_t storageType, uint32_t *keyBlobSize) -{ - (void)processName; - (void)storageType; - - uint32_t offset = 0; - int32_t ret = GetKeyOffsetByKeyAlias(keyAlias, &offset); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* get offset success, len has been check valid */ - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)(g_storageImageBuffer.data + offset); - *keyBlobSize = keyInfo->keyInfoLen; - return HKS_SUCCESS; -} - -int32_t HksGetKeyCountByProcessName(const struct HksBlob *processName, uint32_t *keyCount) -{ - (void)processName; - if (g_storageImageBuffer.size < sizeof(struct HksStoreHeaderInfo)) { - HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", g_storageImageBuffer.size); - return HKS_ERROR_INVALID_KEY_FILE; - } - - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - *keyCount = keyInfoHead->keyCount; - return HKS_SUCCESS; -} - -int32_t HksStoreGetToatalSize(uint32_t *size) -{ - if (g_storageImageBuffer.size < sizeof(struct HksStoreHeaderInfo)) { - HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", g_storageImageBuffer.size); - return HKS_ERROR_INVALID_KEY_FILE; - } - - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; - *size = keyInfoHead->totalLen; - return HKS_SUCCESS; -} - -static int32_t GetKeyInfoList(struct HksKeyInfo *keyInfoList, const struct HksBlob *keyInfoBlob) -{ - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)keyInfoBlob->data; - - if (keyInfoList->alias.size < keyInfo->aliasSize) { - return HKS_ERROR_BUFFER_TOO_SMALL; - } - - if (memcpy_s(keyInfoList->alias.data, keyInfoList->alias.size, - keyInfoBlob->data + sizeof(*keyInfo), keyInfo->aliasSize) != EOK) { - HKS_LOG_E("memcpy keyAlias failed"); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - keyInfoList->alias.size = keyInfo->aliasSize; - - struct HksParamSet *paramSet = NULL; - int32_t ret = TranslateKeyInfoBlobToParamSet(NULL, keyInfoBlob, ¶mSet); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - if (keyInfoList->paramSet->paramSetSize < paramSet->paramSetSize) { - HksFreeParamSet(¶mSet); - return HKS_ERROR_BUFFER_TOO_SMALL; - } - if (memcpy_s(keyInfoList->paramSet, keyInfoList->paramSet->paramSetSize, - paramSet, paramSet->paramSetSize) != EOK) { - HKS_LOG_E("memcpy paramSet failed."); - HksFreeParamSet(¶mSet); - return HKS_ERROR_INSUFFICIENT_MEMORY; - } - - HksFreeParamSet(¶mSet); - return HKS_SUCCESS; -} - -static int32_t GetAndCheckKeyCount(uint32_t *inputCount, uint32_t *keyCount) -{ - struct HksBlob storageBuf = HksGetImageBuffer(); - if (storageBuf.size < sizeof(struct HksStoreHeaderInfo)) { - HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", storageBuf.size); - return HKS_ERROR_INVALID_KEY_FILE; - } - - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)storageBuf.data; - *keyCount = keyInfoHead->keyCount; - if (*keyCount == 0) { - *inputCount = 0; - return HKS_SUCCESS; - } - - if (storageBuf.size < keyInfoHead->totalLen) { - HKS_LOG_E("storageBuf size invalid"); - return HKS_ERROR_INVALID_KEY_FILE; - } - - if (*inputCount < *keyCount) { - HKS_LOG_E("listCount space not enough"); - return HKS_ERROR_BUFFER_TOO_SMALL; - } - return HKS_SUCCESS; -} - -int32_t HksStoreGetKeyInfoList(struct HksKeyInfo *keyInfoList, uint32_t *listCount) -{ - uint32_t keyCount; - int32_t ret = GetAndCheckKeyCount(listCount, &keyCount); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - /* 2. traverse ImageBuffer to search for keyAlias */ - struct HksBlob storageBuf = HksGetImageBuffer(); - struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)storageBuf.data; - uint32_t totalLen = keyInfoHead->totalLen; - uint32_t num = 0; - uint32_t offset = sizeof(*keyInfoHead); - for (uint32_t i = 0; i < keyCount; ++i) { - if ((totalLen < offset) || ((totalLen - offset) < sizeof(struct HksStoreKeyInfo))) { - HKS_LOG_E("invalid keyinfo size."); - return HKS_ERROR_INVALID_KEY_FILE; - } - - uint8_t *tmpBuf = storageBuf.data + offset; /* storageBuf.size has been checked */ - struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)tmpBuf; - - if (HksIsKeyInfoLenInvalid(keyInfo) || ((totalLen - offset) < keyInfo->keyInfoLen)) { - HKS_LOG_E("invalid keyinfo len"); - return HKS_ERROR_INVALID_KEY_FILE; - } - - struct HksBlob keyInfoBlob = { keyInfo->keyInfoLen, tmpBuf }; - ret = GetKeyInfoList(&keyInfoList[i], &keyInfoBlob); - HKS_IF_NOT_SUCC_RETURN(ret, ret) - - num++; - offset += keyInfo->keyInfoLen; - } - - *listCount = num; - return HKS_SUCCESS; -} - -#ifdef HKS_ENABLE_CLEAN_FILE -static int32_t CleanFile(const char *path, const char *fileName) -{ - uint32_t size = HksFileSize(path, fileName); - if (size == 0 || size > HKS_MAX_FILE_SIZE) { - HKS_LOG_E("storage lite get file size failed, ret = %" LOG_PUBLIC "u.", size); - return HKS_ERROR_FILE_SIZE_FAIL; - } - - int32_t ret = HKS_SUCCESS; - uint8_t *buf; - do { - buf = (uint8_t *)HksMalloc(size); - if (buf == NULL) { - HKS_LOG_E("storage lite malloc buf failed!"); - ret = HKS_ERROR_MALLOC_FAIL; - break; - } - - (void)memset_s(buf, size, 0, size); - ret = HksFileWrite(path, fileName, 0, buf, size); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file 0 failed!") - - (void)memset_s(buf, size, 1, size); - ret = HksFileWrite(path, fileName, 0, buf, size); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file 1 failed!") - - struct HksBlob bufBlob = { .size = size, .data = buf }; - ret = HuksAccessGenerateRandom(NULL, &bufBlob); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "fill buf random failed!") - - ret = HksFileWrite(path, fileName, 0, buf, size); - HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file random failed!") - } while (0); - HKS_FREE(buf); - return ret; -} -#endif - -static int32_t RemoveFile(const char *path, const char *fileName) -{ -#ifdef HKS_ENABLE_CLEAN_FILE - if (CleanFile(path, fileName) != HKS_SUCCESS) { - HKS_LOG_E("clean file failed"); - } -#endif - - if (HksFileRemove(path, fileName) != HKS_SUCCESS) { - HKS_LOG_E("remove file failed"); - } - return HKS_SUCCESS; -} - -int32_t HksStoreDestroy(const struct HksBlob *processName) -{ - (void)processName; - /* only record log, continue delete */ - - if (RemoveFile(HKS_KEY_STORE_PATH, HKS_KEY_STORE_FILE_NAME) != HKS_SUCCESS) { - HKS_LOG_E("remove key store file failed"); - } - - if (RemoveFile(HKS_KEY_STORE_PATH, "info1.data") != HKS_SUCCESS) { - HKS_LOG_E("remove info1 file failed"); - } - - if (RemoveFile(HKS_KEY_STORE_PATH, "info2.data") != HKS_SUCCESS) { - HKS_LOG_E("remove info2 file failed"); - } - return HKS_SUCCESS; -} -#endif /* _STORAGE_LITE_ */ - -#endif /* _CUT_AUTHENTICATE_ */ +/* + * Copyright (c) 2020-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _CUT_AUTHENTICATE_ + +#ifdef _STORAGE_LITE_ + +#include "hks_storage.h" + +#include "hks_file_operator.h" +#include "hks_log.h" +#include "hks_mem.h" +#include "hks_param.h" +#include "hks_storage_adapter.h" +#include "hks_template.h" + +#include "huks_access.h" + +#define HKS_FILE_OFFSET_BASE 0 +#define MAX_STORAGE_SIZE 5120 +#define MAX_BUF_SIZE 65536 +#define BUF_SIZE_ADDEND_PER_TIME 1024 +#define HKS_STORAGE_VERSION 1 +#define HKS_STORAGE_RESERVED_SEALING_ALG 0xFEDCBA98 + +struct HksBlob g_storageImageBuffer = { 0, NULL }; + +static uint32_t HksGetStoreFileOffset(void) +{ + return HKS_FILE_OFFSET_BASE; +} + +static int32_t ConstructCalcMacParamSet(struct HksParamSet **paramSet) +{ + struct HksParamSet *outputParamSet = NULL; + int32_t ret = HksInitParamSet(&outputParamSet); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + do { + struct HksParam digestParam = { + .tag = HKS_TAG_DIGEST, + .uint32Param = HKS_DIGEST_SHA512 + }; + + ret = HksAddParams(outputParamSet, &digestParam, 1); /* 1: param count */ + HKS_IF_NOT_SUCC_BREAK(ret) + + ret = HksBuildParamSet(&outputParamSet); + } while (0); + + if (ret != HKS_SUCCESS) { + HksFreeParamSet(&outputParamSet); + return ret; + } + + *paramSet = outputParamSet; + return ret; +} + +static int32_t CalcHeaderMac(const struct HksBlob *salt, const uint8_t *buf, + const uint32_t srcSize, struct HksBlob *mac) +{ + if (srcSize == 0) { + return HKS_ERROR_INVALID_ARGUMENT; + } + + struct HksBlob srcData = { srcSize, NULL }; + srcData.data = (uint8_t *)HksMalloc(srcData.size); + HKS_IF_NULL_RETURN(srcData.data, HKS_ERROR_MALLOC_FAIL) + + int32_t ret; + struct HksParamSet *paramSet = NULL; + do { + if (memcpy_s(srcData.data, srcData.size, buf, srcSize) != EOK) { + ret = HKS_ERROR_INSUFFICIENT_MEMORY; + break; + } + + ret = ConstructCalcMacParamSet(¶mSet); + HKS_IF_NOT_SUCC_BREAK(ret) + + ret = HuksAccessCalcHeaderMac(paramSet, salt, &srcData, mac); + HKS_IF_NOT_SUCC_LOGE(ret, "access calc header mac failed, ret = %" LOG_PUBLIC "d.", ret) + } while (0); + + HKS_FREE_BLOB(srcData); + HksFreeParamSet(¶mSet); + return ret; +} + +static int32_t InitImageBuffer(void) +{ + /* caller func ensure g_storageImageBuffer.size is larger than sizeof(*keyInfoHead) */ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + keyInfoHead->version = HKS_STORAGE_VERSION; + keyInfoHead->keyCount = 0; + keyInfoHead->totalLen = sizeof(*keyInfoHead); + keyInfoHead->sealingAlg = HKS_STORAGE_RESERVED_SEALING_ALG; + + struct HksBlob salt = { HKS_DERIVE_DEFAULT_SALT_LEN, keyInfoHead->salt }; + int32_t ret = HuksAccessGenerateRandom(NULL, &salt); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "generate random failed, ret = %" LOG_PUBLIC "d", ret) + + struct HksBlob mac = { HKS_HMAC_DIGEST_SHA512_LEN, keyInfoHead->hmac }; + uint16_t size = sizeof(*keyInfoHead) - HKS_HMAC_DIGEST_SHA512_LEN; + + return CalcHeaderMac(&salt, g_storageImageBuffer.data, size, &mac); +} + +static void CleanImageBuffer(void) +{ + if (g_storageImageBuffer.data == NULL) { + return; + } + (void)memset_s(g_storageImageBuffer.data, g_storageImageBuffer.size, 0, g_storageImageBuffer.size); +} + +static int32_t ApplyImageBuffer(uint32_t size) +{ + if (g_storageImageBuffer.data != NULL) { + return HKS_SUCCESS; + } + + if ((size == 0) || (size > MAX_BUF_SIZE)) { + HKS_LOG_E("invalid size = %" LOG_PUBLIC "u", size); + return HKS_ERROR_INVALID_ARGUMENT; + } + + g_storageImageBuffer.data = (uint8_t *)HksMalloc(size); + HKS_IF_NULL_RETURN(g_storageImageBuffer.data, HKS_ERROR_MALLOC_FAIL) + + g_storageImageBuffer.size = size; + + return HKS_SUCCESS; +} + +static void FreeImageBuffer(void) +{ + CleanImageBuffer(); + HKS_FREE_BLOB(g_storageImageBuffer); +} + +static int32_t FreshImageBuffer(const char *fileName) +{ + /* caller func ensure g_storageImageBuffer.size is larger than sizeof(*keyInfoHead) */ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + uint32_t totalLen = keyInfoHead->totalLen; + + /* check totalLen */ + if ((totalLen < sizeof(*keyInfoHead)) || (totalLen > MAX_STORAGE_SIZE)) { + return HKS_ERROR_INVALID_KEY_FILE; + } + + if (totalLen == sizeof(*keyInfoHead)) { + return HKS_SUCCESS; + } + + uint32_t offset = HksGetStoreFileOffset(); + uint32_t fileLen = HksFileSize(HKS_KEY_STORE_PATH, fileName); + if (fileLen < (totalLen + offset)) { /* keyfile len at least totalLen + offset */ + HKS_LOG_E("total Len: %" LOG_PUBLIC "u, invalid file size: %" LOG_PUBLIC "u", totalLen, fileLen); + return HKS_ERROR_INVALID_KEY_FILE; + } + + uint8_t *buf = (uint8_t *)HksMalloc(totalLen); + HKS_IF_NULL_RETURN(buf, HKS_ERROR_MALLOC_FAIL) + + struct HksBlob blob = { .size = totalLen, .data = buf }; + + int32_t ret = HksFileRead(HKS_KEY_STORE_PATH, fileName, offset, &blob, &fileLen); + if (ret != HKS_SUCCESS) { + HKS_FREE(buf); + return HKS_ERROR_READ_FILE_FAIL; + } + + FreeImageBuffer(); + g_storageImageBuffer.data = buf; + g_storageImageBuffer.size = totalLen; + + return HKS_SUCCESS; +} + +static int32_t CheckKeyInfoHeaderValid(void) +{ + /* caller func ensure g_storageImageBuffer.size is larger than sizeof(*keyInfoHead) */ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + + uint8_t mac512[HKS_HMAC_DIGEST_SHA512_LEN] = {0}; + struct HksBlob mac = { HKS_HMAC_DIGEST_SHA512_LEN, mac512 }; + struct HksBlob salt = { HKS_DERIVE_DEFAULT_SALT_LEN, keyInfoHead->salt }; + uint16_t size = sizeof(*keyInfoHead) - HKS_HMAC_DIGEST_SHA512_LEN; + + int32_t ret = CalcHeaderMac(&salt, g_storageImageBuffer.data, size, &mac); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + if (HksMemCmp(mac.data, keyInfoHead->hmac, HKS_HMAC_DIGEST_SHA512_LEN) != 0) { + HKS_LOG_E("hmac value not match"); + return HKS_ERROR_INVALID_KEY_FILE; + } + + return HKS_SUCCESS; +} + +static int32_t RefreshKeyInfoHeaderHmac(struct HksStoreHeaderInfo *keyInfoHead) +{ + struct HksBlob mac = { HKS_HMAC_DIGEST_SHA512_LEN, keyInfoHead->hmac }; + struct HksBlob salt = { HKS_DERIVE_DEFAULT_SALT_LEN, keyInfoHead->salt }; + uint16_t size = sizeof(*keyInfoHead) - HKS_HMAC_DIGEST_SHA512_LEN; + + uint8_t *buffer = (uint8_t *)HksMalloc(sizeof(*keyInfoHead)); + HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL) + + (void)memcpy_s(buffer, sizeof(*keyInfoHead), keyInfoHead, sizeof(*keyInfoHead)); + + int32_t ret = CalcHeaderMac(&salt, buffer, size, &mac); + HKS_FREE(buffer); + return ret; +} + +static struct HksBlob HksGetImageBuffer(void) +{ + return g_storageImageBuffer; +} + +static int32_t LoadFileToBuffer(const char *fileName) +{ + /* 1. read key info header */ + uint32_t offset = HksGetStoreFileOffset(); + uint32_t len = 0; + int32_t ret = HksFileRead(HKS_KEY_STORE_PATH, fileName, offset, + &g_storageImageBuffer, &len); + + do { + /* 2. file not exist or read nothing, init image */ + if (ret != HKS_SUCCESS) { + HKS_LOG_I("file not exist, init buffer."); + ret = InitImageBuffer(); + HKS_IF_NOT_SUCC_BREAK(ret) /* init fail, need free global buf */ + return ret; + } + + /* 3. read header success, check keyinfo header */ + HKS_LOG_I("file exist, check buffer."); + ret = CheckKeyInfoHeaderValid(); + HKS_IF_NOT_SUCC_BREAK(ret) + + /* 4. check success, load full buffer */ + ret = FreshImageBuffer(fileName); + } while (0); + + if (ret != HKS_SUCCESS) { + FreeImageBuffer(); + } + + return ret; +} + +int32_t HksLoadFileToBuffer(void) +{ + if (g_storageImageBuffer.data != NULL) { + return HKS_SUCCESS; + } + + /* 1. malloc keyinfo header size buffer */ + int32_t ret = ApplyImageBuffer(sizeof(struct HksStoreHeaderInfo)); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + CleanImageBuffer(); + + /* 2. read file to buffer */ + return LoadFileToBuffer(HKS_KEY_STORE_FILE_NAME); +} + +static int32_t CleanStorageKeyInfo(const char *fileName) +{ + int32_t ret = InitImageBuffer(); + if (ret != HKS_SUCCESS) { + FreeImageBuffer(); + return ret; + } + + /* write to file */ + uint32_t totalLen = sizeof(struct HksStoreHeaderInfo); + uint32_t fileOffset = HksGetStoreFileOffset(); + ret = HksFileWrite(HKS_KEY_STORE_PATH, fileName, fileOffset, g_storageImageBuffer.data, totalLen); + if (ret != HKS_SUCCESS) { + HKS_LOG_E("write file failed when hks refresh file buffer"); + FreeImageBuffer(); + } + return ret; +} + +int32_t HksFileBufferRefresh(void) +{ + /* malloc keyinfo header size buffer */ + int32_t ret = ApplyImageBuffer(sizeof(struct HksStoreHeaderInfo)); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + CleanImageBuffer(); + + return CleanStorageKeyInfo(HKS_KEY_STORE_FILE_NAME); +} + +/* + * Storage format: + * keyInfoHeader + keyInfo1 + keyInfo2 + ... + keyInfoN + * + * +--------------------------------------------------------------+ + * KeyInfoHeader: | version | keyCount | totalLen | sealingAlg | salt | hmac | + * | 2bytes | 2bytes | 4bytes | 4bytes |16bytes |64bytes | + * +--------------------------------------------------------------+ + * + * +---------------------------------------------------------------------+ + * KeyInfo: | keyInfoLen | keySize | nonce | flag | keyAlg | keyMode | digest | + * | 2bytes | 2bytes | 16bytes | 1bytes | 1bytes | 1bytes | 1bytes | + * +---------------------------------------------------------------------+ + * | padding | rsv | keyLen | purpose | role | domain | aliasSize | + * | 1bytes | 1bytes | 2bytes | 4bytes | 4bytes | 21bytes | 1bytes | + * +--------------------------------------------------------------------+ + * | AuthIdSize | keyAlias | keyAuthId | key | + * | 1bytes | max 64bytes | max 64bytes | max keyMaterial size | + * +---------------------------------------------------------------+ + */ +static int32_t GetKeyOffsetByKeyAlias(const struct HksBlob *keyAlias, uint32_t *keyOffset) +{ + struct HksBlob storageBuf = HksGetImageBuffer(); + if (storageBuf.size < sizeof(struct HksStoreHeaderInfo)) { + HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", storageBuf.size); + return HKS_ERROR_INVALID_KEY_FILE; + } + + /* 1. get imageBuffer total Len */ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)storageBuf.data; + uint32_t keyCount = keyInfoHead->keyCount; + uint32_t totalLen = keyInfoHead->totalLen; + if (keyCount == 0) { + return HKS_ERROR_NOT_EXIST; + } + if (totalLen > storageBuf.size) { + HKS_LOG_E("storageBuf size invalid"); + return HKS_ERROR_INVALID_KEY_FILE; + } + + /* 2. traverse imageBuffer to search for keyAlias */ + uint32_t offset = sizeof(*keyInfoHead); + for (uint32_t i = 0; i < keyCount; ++i) { + if ((totalLen < offset) || ((totalLen - offset) < sizeof(struct HksStoreKeyInfo))) { + HKS_LOG_E("invalid keyinfo size."); + return HKS_ERROR_INVALID_KEY_FILE; + } + + uint8_t *tmpBuf = storageBuf.data + offset; + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)tmpBuf; + if (HksIsKeyInfoLenInvalid(keyInfo) || (keyInfo->keyInfoLen > (totalLen - offset))) { + HKS_LOG_E("invalid keyinfo len"); + return HKS_ERROR_INVALID_KEY_FILE; + } + + if (keyInfo->aliasSize == keyAlias->size) { + if (HksMemCmp(keyAlias->data, tmpBuf + sizeof(*keyInfo), keyAlias->size) == 0) { + *keyOffset = offset; + return HKS_SUCCESS; + } + } + + offset += keyInfo->keyInfoLen; + } + + return HKS_ERROR_NOT_EXIST; +} + +static int32_t AdjustImageBuffer(uint32_t totalLenAdded, const struct HksBlob *keyBlob) +{ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + + /* buffer has been checked will not overflow */ + uint32_t newBufLen = g_storageImageBuffer.size + + ((keyBlob->size > BUF_SIZE_ADDEND_PER_TIME) ? keyBlob->size : BUF_SIZE_ADDEND_PER_TIME); + uint8_t *buf = (uint8_t *)HksMalloc(newBufLen); + HKS_IF_NULL_RETURN(buf, HKS_ERROR_MALLOC_FAIL) + + (void)memset_s(buf, newBufLen, 0, newBufLen); + + /* copy old imagebuf to new malloc buf */ + if (memcpy_s(buf, newBufLen, g_storageImageBuffer.data, keyInfoHead->totalLen) != EOK) { + HKS_FREE(buf); + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + + /* append new add key buffer to the end */ + if (memcpy_s(buf + keyInfoHead->totalLen, newBufLen - keyInfoHead->totalLen, + keyBlob->data, keyBlob->size) != EOK) { + HKS_FREE(buf); + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + + struct HksStoreHeaderInfo *newHead = (struct HksStoreHeaderInfo *)buf; + newHead->totalLen = totalLenAdded; + newHead->keyCount += 1; + + FreeImageBuffer(); + g_storageImageBuffer.data = buf; + g_storageImageBuffer.size = newBufLen; + + return HKS_SUCCESS; +} + +static int32_t AppendNewKey(const struct HksBlob *keyBlob) +{ + struct HksBlob storageBuf = HksGetImageBuffer(); + if (storageBuf.size < sizeof(struct HksStoreHeaderInfo)) { + HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", storageBuf.size); + return HKS_ERROR_INVALID_KEY_FILE; + } + + /* 1. get imagebuf total Len */ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)storageBuf.data; + + if (IsAdditionOverflow(keyInfoHead->totalLen, keyBlob->size)) { + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + + uint32_t totalLenAdded = keyInfoHead->totalLen + keyBlob->size; + if (totalLenAdded > MAX_STORAGE_SIZE) { + HKS_LOG_E("after add, buffer too big to store"); + return HKS_ERROR_STORAGE_FAILURE; + } + + /* imagebuf is enough to append new keyinfo */ + if (storageBuf.size >= totalLenAdded) { + if (memcpy_s(storageBuf.data + keyInfoHead->totalLen, storageBuf.size - keyInfoHead->totalLen, + keyBlob->data, keyBlob->size) != EOK) { + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + keyInfoHead->totalLen = totalLenAdded; + keyInfoHead->keyCount += 1; + return HKS_SUCCESS; + } + + /* need malloc new buffer */ + return AdjustImageBuffer(totalLenAdded, keyBlob); +} + +static int32_t GetLenAfterAddKey(const struct HksBlob *keyBlob, uint32_t totalLen, uint32_t *totalLenAdded) +{ + if (IsAdditionOverflow(totalLen, keyBlob->size)) { + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + + uint32_t newTotalLen = totalLen + keyBlob->size; + if (newTotalLen > MAX_STORAGE_SIZE) { + HKS_LOG_E("after add, buffer too big to store"); + return HKS_ERROR_STORAGE_FAILURE; + } + + *totalLenAdded = newTotalLen; + return HKS_SUCCESS; +} + +static int32_t DeleteKey(uint32_t keyOffset) +{ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)(g_storageImageBuffer.data + keyOffset); + + uint32_t keyInfoLen = keyInfo->keyInfoLen; + uint32_t nextKeyOffset = keyOffset + keyInfoLen; + if (nextKeyOffset > keyInfoHead->totalLen) { + return HKS_ERROR_INVALID_KEY_FILE; + } + + (void)memset_s(keyInfo, keyInfoLen, 0, keyInfoLen); + + /* If key to delete is not the last key, need to be move image buffer */ + if (nextKeyOffset < keyInfoHead->totalLen) { + if (memmove_s(keyInfo, keyInfoHead->totalLen - keyOffset, g_storageImageBuffer.data + nextKeyOffset, + keyInfoHead->totalLen - nextKeyOffset) != EOK) { + HKS_LOG_E("memmove image buffer failed"); + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + /* clear the last buffer */ + (void)memset_s(g_storageImageBuffer.data + keyInfoHead->totalLen - keyInfoLen, keyInfoLen, 0, keyInfoLen); + } + keyInfoHead->keyCount -= 1; + keyInfoHead->totalLen -= keyInfoLen; + + return HKS_SUCCESS; +} + +static int32_t StoreKeyBlob(bool needDeleteKey, uint32_t offset, const struct HksBlob *keyBlob) +{ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)(g_storageImageBuffer.data + offset); + + struct HksStoreHeaderInfo newkeyInfoHead; + if (memcpy_s(&newkeyInfoHead, sizeof(newkeyInfoHead), keyInfoHead, sizeof(*keyInfoHead)) != EOK) { + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + + uint32_t totalLenAdded = 0; + int32_t ret; + + /* 1. check storage buffer enough for store new key */ + if (needDeleteKey) { + ret = GetLenAfterAddKey(keyBlob, keyInfoHead->totalLen - keyInfo->keyInfoLen, &totalLenAdded); + } else { + newkeyInfoHead.keyCount += 1, + ret = GetLenAfterAddKey(keyBlob, keyInfoHead->totalLen, &totalLenAdded); + } + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* 2. calc temp hmac */ + newkeyInfoHead.totalLen = totalLenAdded; + ret = RefreshKeyInfoHeaderHmac(&newkeyInfoHead); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* 3. delete key if keyExist */ + if (needDeleteKey) { + ret = DeleteKey(offset); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + } + + /* 4. append key */ + ret = AppendNewKey(keyBlob); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* 5. replace header */ + if (memcpy_s(g_storageImageBuffer.data, sizeof(newkeyInfoHead), &newkeyInfoHead, sizeof(newkeyInfoHead)) != EOK) { + HKS_LOG_E("replace header memcpy failed"); + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + return HKS_SUCCESS; +} + +static int32_t GetFileName(const struct HksBlob *name, char **fileName) +{ + char *tmpName = (char *)HksMalloc(name->size + 1); /* \0 at the end */ + HKS_IF_NULL_RETURN(tmpName, HKS_ERROR_MALLOC_FAIL) + + (void)memcpy_s(tmpName, name->size, name->data, name->size); + tmpName[name->size] = '\0'; + *fileName = tmpName; + return HKS_SUCCESS; +} + +static int32_t StoreRootMaterial(const struct HksBlob *name, const struct HksBlob *buffer) +{ + char *fileName = NULL; + int32_t ret = GetFileName(name, &fileName); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + ret = HksFileWrite(HKS_KEY_STORE_PATH, fileName, 0, buffer->data, buffer->size); + HKS_FREE(fileName); + return ret; +} + +static int32_t IsRootMaterialExist(const struct HksBlob *name) +{ + char *fileName = NULL; + int32_t ret = GetFileName(name, &fileName); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + ret = HksIsFileExist(HKS_KEY_STORE_PATH, fileName); + HKS_FREE(fileName); + HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_NOT_EXIST, "file not exist") + + return ret; +} + +static int32_t GetRootMaterial(const struct HksBlob *name, struct HksBlob *buffer) +{ + char *fileName = NULL; + int32_t ret = GetFileName(name, &fileName); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + uint32_t len = 0; + ret = HksFileRead(HKS_KEY_STORE_PATH, fileName, 0, buffer, &len); + HKS_FREE(fileName); + if (ret != HKS_SUCCESS) { + return HKS_ERROR_READ_FILE_FAIL; + } + return HKS_SUCCESS; +} + +int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct HksBlob *keyAlias, + uint32_t storageType, const struct HksBlob *keyBlob) +{ + (void)fileInfo; + if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) { + return StoreRootMaterial(keyAlias, keyBlob); + } + + /* 1. check key exist or not */ + uint32_t offset = 0; + int32_t ret = GetKeyOffsetByKeyAlias(keyAlias, &offset); + if ((ret != HKS_SUCCESS) && (ret != HKS_ERROR_NOT_EXIST)) { + return ret; + } + + /* 2. store key blob */ + bool needDeleteKey = (ret == HKS_SUCCESS); + ret = StoreKeyBlob(needDeleteKey, offset, keyBlob); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* 3. write to file */ + uint32_t totalLen = 0; + ret = HksStoreGetToatalSize(&totalLen); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + uint32_t fileOffset = HksGetStoreFileOffset(); + return HksFileWrite(HKS_KEY_STORE_PATH, HKS_KEY_STORE_FILE_NAME, fileOffset, g_storageImageBuffer.data, totalLen); +} + +int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo, + const struct HksBlob *keyAlias, uint32_t storageType) +{ + (void)fileInfo; + (void)storageType; + + /* 1. check key exist or not */ + uint32_t offset = 0; + int32_t ret = GetKeyOffsetByKeyAlias(keyAlias, &offset); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* 2. calc tmp header hmac */ + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)(g_storageImageBuffer.data + offset); + struct HksStoreHeaderInfo newkeyInfoHead; + if (memcpy_s(&newkeyInfoHead, sizeof(newkeyInfoHead), keyInfoHead, sizeof(*keyInfoHead)) != EOK) { + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + newkeyInfoHead.totalLen -= keyInfo->keyInfoLen; + newkeyInfoHead.keyCount -= 1; + + ret = RefreshKeyInfoHeaderHmac(&newkeyInfoHead); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* 3. delete key */ + ret = DeleteKey(offset); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* 4. replace header */ + if (memcpy_s(keyInfoHead, sizeof(*keyInfoHead), &newkeyInfoHead, sizeof(newkeyInfoHead)) != EOK) { + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + + uint32_t fileOffset = HksGetStoreFileOffset(); + return HksFileWrite(HKS_KEY_STORE_PATH, HKS_KEY_STORE_FILE_NAME, fileOffset, + g_storageImageBuffer.data, keyInfoHead->totalLen); +} + +int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo, + const struct HksBlob *keyAlias, uint32_t storageType) +{ + (void)fileInfo; + if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) { + return IsRootMaterialExist(keyAlias); + } + + uint32_t offset = 0; + return GetKeyOffsetByKeyAlias(keyAlias, &offset); +} + +int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, + const struct HksBlob *keyAlias, uint32_t storageType, struct HksBlob *keyBlob) +{ + (void)fileInfoPath; + if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) { + return GetRootMaterial(keyAlias, keyBlob); + } + + uint32_t offset = 0; + int32_t ret = GetKeyOffsetByKeyAlias(keyAlias, &offset); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* get offset success, len has been check valid */ + uint8_t *tmpBuf = g_storageImageBuffer.data + offset; + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)tmpBuf; + + keyBlob->data = (uint8_t *)HksMalloc(keyInfo->keyInfoLen); /* need be freed by caller functions */ + HKS_IF_NULL_RETURN(keyBlob->data, HKS_ERROR_MALLOC_FAIL) + + keyBlob->size = keyInfo->keyInfoLen; + + if (memcpy_s(keyBlob->data, keyBlob->size, tmpBuf, keyInfo->keyInfoLen) != EOK) { + HKS_LOG_E("memcpy to key blob failed."); + HKS_FREE(keyBlob->data); + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + + return HKS_SUCCESS; +} + +int32_t HksStoreGetKeyBlobSize(const struct HksBlob *processName, + const struct HksBlob *keyAlias, uint32_t storageType, uint32_t *keyBlobSize) +{ + (void)processName; + (void)storageType; + + uint32_t offset = 0; + int32_t ret = GetKeyOffsetByKeyAlias(keyAlias, &offset); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* get offset success, len has been check valid */ + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)(g_storageImageBuffer.data + offset); + *keyBlobSize = keyInfo->keyInfoLen; + return HKS_SUCCESS; +} + +int32_t HksGetKeyCountByProcessName(const struct HksBlob *processName, uint32_t *keyCount) +{ + (void)processName; + if (g_storageImageBuffer.size < sizeof(struct HksStoreHeaderInfo)) { + HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", g_storageImageBuffer.size); + return HKS_ERROR_INVALID_KEY_FILE; + } + + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + *keyCount = keyInfoHead->keyCount; + return HKS_SUCCESS; +} + +int32_t HksStoreGetToatalSize(uint32_t *size) +{ + if (g_storageImageBuffer.size < sizeof(struct HksStoreHeaderInfo)) { + HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", g_storageImageBuffer.size); + return HKS_ERROR_INVALID_KEY_FILE; + } + + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)g_storageImageBuffer.data; + *size = keyInfoHead->totalLen; + return HKS_SUCCESS; +} + +static int32_t GetKeyInfoList(struct HksKeyInfo *keyInfoList, const struct HksBlob *keyInfoBlob) +{ + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)keyInfoBlob->data; + + if (keyInfoList->alias.size < keyInfo->aliasSize) { + return HKS_ERROR_BUFFER_TOO_SMALL; + } + + if (memcpy_s(keyInfoList->alias.data, keyInfoList->alias.size, + keyInfoBlob->data + sizeof(*keyInfo), keyInfo->aliasSize) != EOK) { + HKS_LOG_E("memcpy keyAlias failed"); + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + keyInfoList->alias.size = keyInfo->aliasSize; + + struct HksParamSet *paramSet = NULL; + int32_t ret = TranslateKeyInfoBlobToParamSet(NULL, keyInfoBlob, ¶mSet); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + if (keyInfoList->paramSet->paramSetSize < paramSet->paramSetSize) { + HksFreeParamSet(¶mSet); + return HKS_ERROR_BUFFER_TOO_SMALL; + } + if (memcpy_s(keyInfoList->paramSet, keyInfoList->paramSet->paramSetSize, + paramSet, paramSet->paramSetSize) != EOK) { + HKS_LOG_E("memcpy paramSet failed."); + HksFreeParamSet(¶mSet); + return HKS_ERROR_INSUFFICIENT_MEMORY; + } + + HksFreeParamSet(¶mSet); + return HKS_SUCCESS; +} + +static int32_t GetAndCheckKeyCount(uint32_t *inputCount, uint32_t *keyCount) +{ + struct HksBlob storageBuf = HksGetImageBuffer(); + if (storageBuf.size < sizeof(struct HksStoreHeaderInfo)) { + HKS_LOG_E("invalid keyinfo buffer size %" LOG_PUBLIC "u.", storageBuf.size); + return HKS_ERROR_INVALID_KEY_FILE; + } + + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)storageBuf.data; + *keyCount = keyInfoHead->keyCount; + if (*keyCount == 0) { + *inputCount = 0; + return HKS_SUCCESS; + } + + if (storageBuf.size < keyInfoHead->totalLen) { + HKS_LOG_E("storageBuf size invalid"); + return HKS_ERROR_INVALID_KEY_FILE; + } + + if (*inputCount < *keyCount) { + HKS_LOG_E("listCount space not enough"); + return HKS_ERROR_BUFFER_TOO_SMALL; + } + return HKS_SUCCESS; +} + +int32_t HksStoreGetKeyInfoList(struct HksKeyInfo *keyInfoList, uint32_t *listCount) +{ + uint32_t keyCount; + int32_t ret = GetAndCheckKeyCount(listCount, &keyCount); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + /* 2. traverse ImageBuffer to search for keyAlias */ + struct HksBlob storageBuf = HksGetImageBuffer(); + struct HksStoreHeaderInfo *keyInfoHead = (struct HksStoreHeaderInfo *)storageBuf.data; + uint32_t totalLen = keyInfoHead->totalLen; + uint32_t num = 0; + uint32_t offset = sizeof(*keyInfoHead); + for (uint32_t i = 0; i < keyCount; ++i) { + if ((totalLen < offset) || ((totalLen - offset) < sizeof(struct HksStoreKeyInfo))) { + HKS_LOG_E("invalid keyinfo size."); + return HKS_ERROR_INVALID_KEY_FILE; + } + + uint8_t *tmpBuf = storageBuf.data + offset; /* storageBuf.size has been checked */ + struct HksStoreKeyInfo *keyInfo = (struct HksStoreKeyInfo *)tmpBuf; + + if (HksIsKeyInfoLenInvalid(keyInfo) || ((totalLen - offset) < keyInfo->keyInfoLen)) { + HKS_LOG_E("invalid keyinfo len"); + return HKS_ERROR_INVALID_KEY_FILE; + } + + struct HksBlob keyInfoBlob = { keyInfo->keyInfoLen, tmpBuf }; + ret = GetKeyInfoList(&keyInfoList[i], &keyInfoBlob); + HKS_IF_NOT_SUCC_RETURN(ret, ret) + + num++; + offset += keyInfo->keyInfoLen; + } + + *listCount = num; + return HKS_SUCCESS; +} + +#ifdef HKS_ENABLE_CLEAN_FILE +static int32_t CleanFile(const char *path, const char *fileName) +{ + uint32_t size = HksFileSize(path, fileName); + if (size == 0 || size > HKS_MAX_FILE_SIZE) { + HKS_LOG_E("storage lite get file size failed, ret = %" LOG_PUBLIC "u.", size); + return HKS_ERROR_FILE_SIZE_FAIL; + } + + int32_t ret = HKS_SUCCESS; + uint8_t *buf; + do { + buf = (uint8_t *)HksMalloc(size); + if (buf == NULL) { + HKS_LOG_E("storage lite malloc buf failed!"); + ret = HKS_ERROR_MALLOC_FAIL; + break; + } + + (void)memset_s(buf, size, 0, size); + ret = HksFileWrite(path, fileName, 0, buf, size); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file 0 failed!") + + (void)memset_s(buf, size, 1, size); + ret = HksFileWrite(path, fileName, 0, buf, size); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file 1 failed!") + + struct HksBlob bufBlob = { .size = size, .data = buf }; + ret = HuksAccessGenerateRandom(NULL, &bufBlob); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "fill buf random failed!") + + ret = HksFileWrite(path, fileName, 0, buf, size); + HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "write file random failed!") + } while (0); + HKS_FREE(buf); + return ret; +} +#endif + +static int32_t RemoveFile(const char *path, const char *fileName) +{ +#ifdef HKS_ENABLE_CLEAN_FILE + if (CleanFile(path, fileName) != HKS_SUCCESS) { + HKS_LOG_E("clean file failed"); + } +#endif + + if (HksFileRemove(path, fileName) != HKS_SUCCESS) { + HKS_LOG_E("remove file failed"); + } + return HKS_SUCCESS; +} + +int32_t HksStoreDestroy(const struct HksBlob *processName) +{ + (void)processName; + /* only record log, continue delete */ + + if (RemoveFile(HKS_KEY_STORE_PATH, HKS_KEY_STORE_FILE_NAME) != HKS_SUCCESS) { + HKS_LOG_E("remove key store file failed"); + } + + if (RemoveFile(HKS_KEY_STORE_PATH, "info1.data") != HKS_SUCCESS) { + HKS_LOG_E("remove info1 file failed"); + } + + if (RemoveFile(HKS_KEY_STORE_PATH, "info2.data") != HKS_SUCCESS) { + HKS_LOG_E("remove info2 file failed"); + } + return HKS_SUCCESS; +} +#endif /* _STORAGE_LITE_ */ + +#endif /* _CUT_AUTHENTICATE_ */ diff --git a/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c similarity index 100% rename from services/huks_standard/huks_service/main/core/src/hks_storage_manager.c rename to services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c diff --git a/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c similarity index 100% rename from services/huks_standard/huks_service/main/core/src/hks_storage_utils.c rename to services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c diff --git a/services/huks_standard/huks_service/main/os_dependency/sa/hks_sa.cpp b/services/huks_standard/huks_service/main/os_dependency/sa/hks_sa.cpp index 945e6649..9279e65b 100644 --- a/services/huks_standard/huks_service/main/os_dependency/sa/hks_sa.cpp +++ b/services/huks_standard/huks_service/main/os_dependency/sa/hks_sa.cpp @@ -376,6 +376,11 @@ int HksService::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParce HKS_LOG_I("OnRemoteRequest code:%" LOG_PUBLIC "d, sessionId = %" LOG_PUBLIC "u", code, g_sessionId); if (code < HksIpcInterfaceCode::HKS_MSG_BASE || code >= HksIpcInterfaceCode::HKS_MSG_MAX) { + int32_t ret = RetryLoadPlugin(); + if (ret != HKS_SUCCESS) { + HksSendResponse(reinterpret_cast(&reply), ret, nullptr); + return HKS_SUCCESS; // send error code by IPC. + } return HksPluginOnRemoteRequest(code, &data, &reply, &option); } // this is the temporary version which comments the descriptor check diff --git a/services/huks_standard/huks_service/main/plugin_proxy/include/hks_plugin_adapter.h b/services/huks_standard/huks_service/main/plugin_proxy/include/hks_plugin_adapter.h index 298ad43c..a3100edb 100755 --- a/services/huks_standard/huks_service/main/plugin_proxy/include/hks_plugin_adapter.h +++ b/services/huks_standard/huks_service/main/plugin_proxy/include/hks_plugin_adapter.h @@ -29,7 +29,7 @@ extern "C" { #endif int32_t HksInitPluginProxy(void); - +int32_t RetryLoadPlugin(void); int32_t HksPluginOnRemoteRequest(uint32_t code, void *data, void *reply, void *option); int32_t HksPluginOnLocalRequest(uint32_t code, const void *data, void *reply); void HksPluginOnReceiveEvent(const void *data); diff --git a/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter.cpp b/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter.cpp index 8bb35815..d6263203 100755 --- a/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter.cpp +++ b/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter.cpp @@ -95,7 +95,7 @@ ENABLE_CFI(static int32_t HksCreatePluginProxy(void)) return ret; } -static int32_t RetryLoadPlugin(void) +int32_t RetryLoadPlugin(void) { if (HksCreatePluginProxy() != HKS_SUCCESS) { HKS_LOG_E("Failed to create the plugin again."); @@ -124,12 +124,6 @@ int32_t HksInitPluginProxy(void) int32_t HksPluginOnRemoteRequest(uint32_t code, void *data, void *reply, void *option) { - int32_t ret = RetryLoadPlugin(); - if (ret != HKS_SUCCESS) { - HksSendResponse(reinterpret_cast(&reply), ret, nullptr); - return HKS_SUCCESS; // send error code by IPC. - } - return g_pluginProxy->hksPluginOnRemoteRequest(code, data, reply, option); } diff --git a/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter_mock.c b/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter_mock.c index a99cb938..02d9bef7 100755 --- a/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter_mock.c +++ b/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter_mock.c @@ -44,3 +44,8 @@ void HksPluginOnReceiveEvent(const void *data) { (void)(data); } + +int32_t RetryLoadPlugin(void) +{ + return HKS_SUCCESS; +} diff --git a/services/huks_standard/huks_service/main/core/include/hks_client_service_dcm.h b/services/huks_standard/huks_service/main/systemapi_wrap/dcm/include/hks_client_service_dcm.h similarity index 100% rename from services/huks_standard/huks_service/main/core/include/hks_client_service_dcm.h rename to services/huks_standard/huks_service/main/systemapi_wrap/dcm/include/hks_client_service_dcm.h diff --git a/services/huks_standard/huks_service/main/core/src/hks_client_service_dcm.cpp b/services/huks_standard/huks_service/main/systemapi_wrap/dcm/src/hks_client_service_dcm.cpp similarity index 100% rename from services/huks_standard/huks_service/main/core/src/hks_client_service_dcm.cpp rename to services/huks_standard/huks_service/main/systemapi_wrap/dcm/src/hks_client_service_dcm.cpp diff --git a/services/huks_standard/huks_service/main/upgrade/file_transfer/BUILD.gn b/services/huks_standard/huks_service/main/upgrade/file_transfer/BUILD.gn index 8ef77efe..20711d78 100755 --- a/services/huks_standard/huks_service/main/upgrade/file_transfer/BUILD.gn +++ b/services/huks_standard/huks_service/main/upgrade/file_transfer/BUILD.gn @@ -29,7 +29,10 @@ ohos_static_library("libhuks_upgrade_file_transfer_static") { "src/hks_file_transfer.c", ] - include_dirs = [ "../../core/include" ] + include_dirs = [ + "../../core/include", + "../../hks_storage/include", + ] deps = [ "../../../../../../frameworks/huks_standard/main/common:libhuks_common_standard_static", diff --git a/test/fuzz_test/innerapi_fuzzer/hksrkc_fuzzer/BUILD.gn b/test/fuzz_test/innerapi_fuzzer/hksrkc_fuzzer/BUILD.gn index 6e1e38a7..f821cd8b 100644 --- a/test/fuzz_test/innerapi_fuzzer/hksrkc_fuzzer/BUILD.gn +++ b/test/fuzz_test/innerapi_fuzzer/hksrkc_fuzzer/BUILD.gn @@ -27,6 +27,7 @@ ohos_fuzztest("HksRkcFuzzTest") { "//base/security/huks/frameworks/huks_standard/main/crypto_engine/rkc/include", "//base/security/huks/frameworks/huks_standard/main/crypto_engine/rkc/src", "//base/security/huks/services/huks_standard/huks_service/main/core/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", "//base/security/huks/utils/file_operator", ] cflags = [ diff --git a/test/unittest/huks_lite_test/liteos_a_adapter/BUILD.gn b/test/unittest/huks_lite_test/liteos_a_adapter/BUILD.gn index cf8db00c..2b43cfc8 100644 --- a/test/unittest/huks_lite_test/liteos_a_adapter/BUILD.gn +++ b/test/unittest/huks_lite_test/liteos_a_adapter/BUILD.gn @@ -109,6 +109,7 @@ unittest("huks_3.0_test") { deps = [ "../../../../frameworks/huks_standard/main/crypto_engine/mbedtls:libhuks_mbedtls_small_static", + "//base/security/huks/frameworks/huks_standard/main/crypto_engine:libhuks_crypto_engine_small_static", "//base/security/huks/interfaces/inner_api/huks_lite:huks_3.0_sdk", "//base/security/huks/test/unittest/huks_lite_test/common:huks_3.0_test_common", ] diff --git a/test/unittest/huks_standard_test/crypto_engine_test/BUILD.gn b/test/unittest/huks_standard_test/crypto_engine_test/BUILD.gn index f7a2773d..28572dc3 100644 --- a/test/unittest/huks_standard_test/crypto_engine_test/BUILD.gn +++ b/test/unittest/huks_standard_test/crypto_engine_test/BUILD.gn @@ -81,6 +81,7 @@ ohos_unittest("crypto_engine_unit_test") { ] deps = [ + "//base/security/huks/frameworks/huks_standard/main/crypto_engine:libhuks_crypto_engine_standard_static", "//base/security/huks/frameworks/huks_standard/main/os_dependency:libhuks_mem_standard_static", "//base/security/huks/frameworks/huks_standard/main/os_dependency:libhuks_os_dependency_standard_static", "//base/security/huks/frameworks/huks_standard/main/os_dependency:libhuks_util_standard_static", diff --git a/test/unittest/huks_standard_test/module_test/BUILD.gn b/test/unittest/huks_standard_test/module_test/BUILD.gn index 46a9eccf..8f1816bf 100644 --- a/test/unittest/huks_standard_test/module_test/BUILD.gn +++ b/test/unittest/huks_standard_test/module_test/BUILD.gn @@ -46,6 +46,7 @@ ohos_unittest("huks_module_test") { "//base/security/huks/test/unittest/huks_common_test/include", "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/ipc", # hks_response.h "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", ] sources = [] diff --git a/test/unittest/huks_standard_test/module_test/inner_kits_passthrough/BUILD.gn b/test/unittest/huks_standard_test/module_test/inner_kits_passthrough/BUILD.gn index ea43f23b..9434b2f9 100644 --- a/test/unittest/huks_standard_test/module_test/inner_kits_passthrough/BUILD.gn +++ b/test/unittest/huks_standard_test/module_test/inner_kits_passthrough/BUILD.gn @@ -29,6 +29,8 @@ config("public_huks_config") { "//base/security/huks/frameworks/huks_standard/main/core/include", "//base/security/huks/frameworks/huks_standard/main/os_dependency/sysinfo/include", "//base/security/huks/services/huks_standard/huks_service/main/core/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", + "//base/security/huks/services/huks_standard/huks_service/main/systemapi_wrap/dcm/include", "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/idl/passthrough", "//base/security/huks/utils/crypto_adapter", "//base/security/huks/services/huks_standard/huks_service/main/systemapi_wrap/useridm/inc", @@ -64,22 +66,22 @@ huks_sources = [ "//base/security/huks/frameworks/huks_standard/main/os_dependency/posix/hks_mem.c", "//base/security/huks/frameworks/huks_standard/main/os_dependency/sysinfo/src/hks_get_process_info_passthrough.c", "//base/security/huks/frameworks/huks_standard/main/os_dependency/sysinfo/src/hks_get_udid.c", - "//base/security/huks/interfaces/inner_api/huks_standard/main/src/hks_api.c", - "//base/security/huks/interfaces/inner_api/huks_standard/main/src/hks_api_adapter.c", + "//base/security/huks/interfaces/inner_api/huks_standard/source/hks_api.c", + "//base/security/huks/interfaces/inner_api/huks_standard/source/hks_api_adapter.c", "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_client_check.c", "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_client_service.c", "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_client_service_util.c", "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_hitrace.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_lock.c", "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_report.c", "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_session_manager.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_adapter.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_file_lock.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c", "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_upgrade_helper.c", "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_upgrade_key_accesser.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_lock.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_adapter.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_file_lock.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/posix/hks_rwlock.c", "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/sa/hks_event_observer.cpp", "//base/security/huks/services/huks_standard/huks_service/main/plugin_proxy/src/hks_plugin_adapter_mock.c", diff --git a/test/unittest/huks_standard_test/module_test/service_test/huks_service/core/src/hks_storage_test.cpp b/test/unittest/huks_standard_test/module_test/service_test/huks_service/core/src/hks_storage_test.cpp index 5f43477f..9c462934 100644 --- a/test/unittest/huks_standard_test/module_test/service_test/huks_service/core/src/hks_storage_test.cpp +++ b/test/unittest/huks_standard_test/module_test/service_test/huks_service/core/src/hks_storage_test.cpp @@ -23,7 +23,7 @@ #include "hks_type_inner.h" #include "hks_param.h" -#include "base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c" +#include "base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c" using namespace testing::ext; namespace Unittest::HksStorageTest { diff --git a/test/unittest/huks_standard_test/module_test/service_test/huks_service/storage/src/hks_storage_manager_test.cpp b/test/unittest/huks_standard_test/module_test/service_test/huks_service/storage/src/hks_storage_manager_test.cpp index a9d2a213..2fbf6491 100755 --- a/test/unittest/huks_standard_test/module_test/service_test/huks_service/storage/src/hks_storage_manager_test.cpp +++ b/test/unittest/huks_standard_test/module_test/service_test/huks_service/storage/src/hks_storage_manager_test.cpp @@ -38,7 +38,7 @@ #include "hks_storage_manager.h" #include "hks_storage_utils.h" -#include "base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c" +#include "base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c" using namespace testing::ext; namespace Unittest::HksStorageManagerTest { diff --git a/test/unittest/huks_standard_test/module_test/service_test/huks_service/storage/src/hks_storage_util_test.cpp b/test/unittest/huks_standard_test/module_test/service_test/huks_service/storage/src/hks_storage_util_test.cpp index 59b8829b..3ca5f016 100755 --- a/test/unittest/huks_standard_test/module_test/service_test/huks_service/storage/src/hks_storage_util_test.cpp +++ b/test/unittest/huks_standard_test/module_test/service_test/huks_service/storage/src/hks_storage_util_test.cpp @@ -38,7 +38,7 @@ #include "hks_storage_utils.h" -#include "base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c" +#include "base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c" using namespace testing::ext; namespace Unittest::HksStorageUtilTest { diff --git a/test/unittest/huks_standard_test/storage_multithread_test/BUILD.gn b/test/unittest/huks_standard_test/storage_multithread_test/BUILD.gn index 773bd39c..4861a83f 100644 --- a/test/unittest/huks_standard_test/storage_multithread_test/BUILD.gn +++ b/test/unittest/huks_standard_test/storage_multithread_test/BUILD.gn @@ -21,11 +21,11 @@ ohos_unittest("huks_multithread_test") { module_out_path = module_output_path sources = [ - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_lock.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_file_lock.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_manager.c", - "//base/security/huks/services/huks_standard/huks_service/main/core/src/hks_storage_utils.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_lock.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_file_lock.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_manager.c", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c", "//base/security/huks/services/huks_standard/huks_service/main/os_dependency/posix/hks_rwlock.c", "//base/security/huks/utils/file_operator/hks_file_operator.c", "//base/security/huks/utils/mutex/hks_mutex.c", @@ -56,6 +56,7 @@ ohos_unittest("huks_multithread_test") { include_dirs = [ "//base/security/huks/frameworks/huks_standard/main/common/include", "//base/security/huks/services/huks_standard/huks_service/main/core/include", + "//base/security/huks/services/huks_standard/huks_service/main/hks_storage/include", "//base/security/huks/utils/file_operator", "//base/security/huks/utils/mutex", "unittest/include",