mirror of
https://gitee.com/openharmony/security_huks
synced 2024-10-07 06:04:10 +00:00
容灾备份
Signed-off-by: tangboyi <tangboyi1@huawei.com> Change-Id: Iafa29ac2b3b7199245e61f14c8e39872f3c45958 Signed-off-by: tangboyi <tangboyi1@huawei.com>
This commit is contained in:
parent
05e8fe829d
commit
bf4fa2cd54
@ -34,6 +34,7 @@ config("l2_standard_common_config") {
|
||||
"_HUKS_LOG_ENABLE_",
|
||||
"L2_STANDARD",
|
||||
"HKS_ENABLE_CLEAN_FILE",
|
||||
"SUPPORT_STORAGE_BACKUP",
|
||||
]
|
||||
if (!huks_use_rkc_in_standard) {
|
||||
defines += [ "_HARDWARE_ROOT_KEY_" ]
|
||||
|
@ -412,6 +412,7 @@ enum HksErrorCode {
|
||||
HKS_ERROR_EXCEED_LIMIT = -141,
|
||||
HKS_ERROR_UPGRADE_FAIL = -142,
|
||||
HKS_ERROR_INVALID_ACCOUNT_INFO = -143,
|
||||
HKS_ERROR_CORRUPT_FILE = -144,
|
||||
|
||||
HKS_ERROR_LOAD_PLUGIN_FAIL = -998,
|
||||
HKS_ERROR_INTERNAL_ERROR = -999,
|
||||
|
@ -178,7 +178,7 @@ static int32_t GetAgreeBaseKey(const bool isPubKey, const bool isPlainPubKey, co
|
||||
struct HksKeyNode *keyNode = HksGenerateKeyNode(&tempKey);
|
||||
(void)memset_s(buffer, size, 0, size);
|
||||
HKS_FREE(buffer);
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "generating keynode with agree key failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "generating keynode with agree key failed")
|
||||
|
||||
bool isSupportUserAuth = false;
|
||||
int32_t ret = HksCheckKeybBlobIsSupportUserAuth(keyNode->paramSet, &isSupportUserAuth);
|
||||
@ -415,7 +415,7 @@ static int32_t SignVerify(uint32_t cmdId, const struct HksBlob *key, const struc
|
||||
"hks failed to check signature or verify params, cmdId:%" LOG_PUBLIC "x, ret:%" LOG_PUBLIC "x!\n", cmdId, ret)
|
||||
|
||||
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "SignVerify generate keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
|
||||
|
||||
bool needFree = true;
|
||||
struct HksBlob message = { 0, NULL };
|
||||
@ -480,7 +480,7 @@ static int32_t Cipher(uint32_t cmdId, const struct HksBlob *key, const struct Hk
|
||||
"hks core check cipher params failed, cmdId:%" LOG_PUBLIC "x, ret:%" LOG_PUBLIC "x!\n", cmdId, ret)
|
||||
|
||||
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "Cipher generate keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "Cipher generate keynode failed")
|
||||
|
||||
do {
|
||||
ret = CipherPreCheck(keyNode, paramSet);
|
||||
@ -616,7 +616,7 @@ static int32_t BuildDecryptUsageSpecOfUnwrap(const struct HksBlob *aad, const st
|
||||
static int32_t CheckWrappingKeyIsUsedForUnwrap(const struct HksBlob *wrappingKey)
|
||||
{
|
||||
struct HksKeyNode *wrappingKeyNode = HksGenerateKeyNode(wrappingKey);
|
||||
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_BAD_STATE,
|
||||
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_CORRUPT_FILE,
|
||||
"check agree params: generate wrapping keynode failed!")
|
||||
|
||||
struct HksParam *purposeParamWrappingKey = NULL;
|
||||
@ -647,7 +647,7 @@ static int32_t GetPublicKeyInnerFormat(const struct HksBlob *wrappingKey, const
|
||||
|
||||
/* peer public key format should be same as wrapping key */
|
||||
struct HksKeyNode *wrappingKeyNode = HksGenerateKeyNode(wrappingKey);
|
||||
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_BAD_STATE, "generate wrapping key keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_CORRUPT_FILE, "generate wrapping key keynode failed")
|
||||
|
||||
ret = GetHksPubKeyInnerFormat(wrappingKeyNode->paramSet, &peerPubKeyPart, outPublicKey);
|
||||
HksFreeKeyNode(&wrappingKeyNode);
|
||||
@ -900,7 +900,7 @@ int32_t HksCoreDecrypt(const struct HksBlob *key, const struct HksParamSet *para
|
||||
static int32_t HksCheckKeyValidity(const struct HksParamSet *paramSet, const struct HksBlob *key)
|
||||
{
|
||||
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "check key legality failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "check key legality failed")
|
||||
|
||||
int32_t ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
|
||||
|
||||
@ -1079,7 +1079,7 @@ int32_t HksCoreExportPublicKey(const struct HksBlob *key,
|
||||
}
|
||||
|
||||
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "SignVerify generate keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
|
||||
|
||||
int32_t ret;
|
||||
do {
|
||||
@ -1106,7 +1106,7 @@ int32_t HksCoreAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check agreeKey params failed")
|
||||
|
||||
struct HksKeyNode *privateKeyNode = HksGenerateKeyNode(privateKey);
|
||||
HKS_IF_NULL_LOGE_RETURN(privateKeyNode, HKS_ERROR_BAD_STATE, "agree key generate keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(privateKeyNode, HKS_ERROR_CORRUPT_FILE, "agree key generate keynode failed")
|
||||
|
||||
do {
|
||||
ret = HksProcessIdentityVerify(privateKeyNode->paramSet, paramSet);
|
||||
@ -1144,7 +1144,7 @@ int32_t HksCoreDeriveKey(const struct HksParamSet *paramSet, const struct HksBlo
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check deriveKey params failed")
|
||||
|
||||
struct HksKeyNode *keyNode = HksGenerateKeyNode(mainKey);
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "SignVerify generate keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
|
||||
|
||||
do {
|
||||
ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
|
||||
@ -1178,7 +1178,7 @@ int32_t HksCoreMac(const struct HksBlob *key, const struct HksParamSet *paramSet
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check mac params failed")
|
||||
|
||||
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "mac generate keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "mac generate keynode failed")
|
||||
|
||||
do {
|
||||
ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
|
||||
@ -1878,7 +1878,7 @@ int32_t HksCoreAttestKey(const struct HksBlob *key, const struct HksParamSet *p
|
||||
HKS_IF_NOT_SUCC_RETURN(ret, ret)
|
||||
|
||||
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "generate keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "generate keynode failed")
|
||||
|
||||
ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
|
||||
if (ret != HKS_SUCCESS) {
|
||||
|
@ -581,7 +581,7 @@ int32_t HksSmImportWrappedKey(const struct HksBlob *keyAlias, const struct HksPa
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "check failed.");
|
||||
|
||||
struct HksKeyNode *wrappingKeyNode = HksGenerateKeyNode(wrappingKey);
|
||||
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_BAD_STATE, "generate keynode failed")
|
||||
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_CORRUPT_FILE, "generate keynode failed")
|
||||
|
||||
if (algSuit == HKS_UNWRAP_SUITE_SM2_SM4_128_CBC_PKCS7_WITH_VERIFY_DIG_SM3) {
|
||||
ret = HksSmImportWrappedKeyWithVerify(keyAlias, paramSet, wrappingKeyNode, wrappedKeyData, keyOut);
|
||||
|
@ -33,7 +33,7 @@ int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo,
|
||||
int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo,
|
||||
const struct HksBlob *keyAlias, uint32_t storageType);
|
||||
|
||||
int32_t HksStoreGetKeyBlob(const struct HksStoreFileInfo *fileInfo,
|
||||
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath,
|
||||
const struct HksBlob *keyAlias, uint32_t storageType, struct HksBlob *keyBlob);
|
||||
|
||||
int32_t HksStoreGetKeyBlobSize(const struct HksBlob *processName,
|
||||
@ -48,11 +48,15 @@ int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo);
|
||||
|
||||
int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo);
|
||||
|
||||
int32_t HksStoreGetKeyBlob(const struct HksStoreFileInfo *fileInfo, struct HksBlob *keyBlob);
|
||||
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob);
|
||||
|
||||
int32_t HksStoreGetKeyBlobSize(const struct HksStoreFileInfo *fileInfo, uint32_t *keyBlobSize);
|
||||
int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize);
|
||||
|
||||
int32_t HksGetKeyCountByProcessName(const struct HksStoreFileInfo *fileInfo, uint32_t *fileCount);
|
||||
|
||||
int32_t HksStorageWriteFile(
|
||||
const char *path, const char *fileName, uint32_t offset, const uint8_t *buf, uint32_t len);
|
||||
|
||||
#endif // _STORAGE_LITE_
|
||||
#endif // _CUT_AUTHENTICATE_
|
||||
|
||||
|
@ -23,7 +23,8 @@
|
||||
|
||||
enum HksStorageType {
|
||||
HKS_STORAGE_TYPE_KEY = 0,
|
||||
HKS_STORAGE_TYPE_ROOT_KEY,
|
||||
HKS_STORAGE_TYPE_ROOT_KEY = 1,
|
||||
HKS_STORAGE_TYPE_BAK_KEY = 2,
|
||||
};
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
@ -722,10 +722,8 @@ static int32_t GetKeyAndNewParamSet(const struct HksProcessInfo *processInfo, co
|
||||
"append process info and default strategy failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyData(processInfo, keyAlias, *outParamSet, key, HKS_STORAGE_TYPE_KEY);
|
||||
if (ret != HKS_SUCCESS) {
|
||||
HKS_LOG_E("get key data failed, ret = %" LOG_PUBLIC "d.", ret);
|
||||
HksFreeParamSet(outParamSet);
|
||||
}
|
||||
// free outParamSet together after do-while
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "get key data failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -1023,9 +1021,20 @@ int32_t HksServiceSign(const struct HksProcessInfo *processInfo, const struct Hk
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check sign params failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "sign: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "sign: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessSign(&keyFromFile, newParamSet, srcData, signature);
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessSign(&keyFromFile, newParamSet, srcData, signature);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "sign: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessSign(&keyFromFile, newParamSet, srcData, signature);
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1051,9 +1060,20 @@ int32_t HksServiceVerify(const struct HksProcessInfo *processInfo, const struct
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check verify params failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "verify: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "verify: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessVerify(&keyFromFile, newParamSet, srcData, signature);
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessVerify(&keyFromFile, newParamSet, srcData, signature);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "verify: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessVerify(&keyFromFile, newParamSet, srcData, signature);
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1074,9 +1094,20 @@ int32_t HksServiceEncrypt(const struct HksProcessInfo *processInfo, const struct
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check encrypt failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "encrypt: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "encrypt: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessEncrypt(&keyFromFile, newParamSet, plainText, cipherText);
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessEncrypt(&keyFromFile, newParamSet, plainText, cipherText);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
|
||||
"encrypt: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessEncrypt(&keyFromFile, newParamSet, plainText, cipherText);
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1104,9 +1135,20 @@ int32_t HksServiceDecrypt(const struct HksProcessInfo *processInfo, const struct
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check decrypt failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "decrypt: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "decrypt: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessDecrypt(&keyFromFile, newParamSet, cipherText, plainText);
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessDecrypt(&keyFromFile, newParamSet, cipherText, plainText);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
|
||||
"decrypt: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessDecrypt(&keyFromFile, newParamSet, cipherText, plainText);
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1204,11 +1246,23 @@ int32_t HksServiceGetKeyParamSet(const struct HksProcessInfo *processInfo, const
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check get key paramSet params failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSetIn, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
|
||||
HKS_IF_NOT_SUCC_LOGE(ret,
|
||||
"get key paramSet: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessGetKeyProperties(newParamSet, &keyFromFile);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "access level check key validity failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessGetKeyProperties(newParamSet, &keyFromFile);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
|
||||
"get key paramSet: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessGetKeyProperties(newParamSet, &keyFromFile);
|
||||
}
|
||||
#endif
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
|
||||
"get key paramset or access level check key validity failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyParamSet(&keyFromFile, paramSetOut);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "get Key paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
@ -1345,9 +1399,20 @@ int32_t HksServiceExportPublicKey(const struct HksProcessInfo *processInfo, cons
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check export public key params failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "export public: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "export public: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessExportPublicKey(&keyFromFile, newParamSet, key);
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessExportPublicKey(&keyFromFile, newParamSet, key);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
|
||||
"export public: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessExportPublicKey(&keyFromFile, newParamSet, key);
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1377,9 +1442,19 @@ int32_t HksServiceAgreeKey(const struct HksProcessInfo *processInfo, const struc
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check agree key params failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, privateKey, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "agree: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "agree: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessAgreeKey(newParamSet, &keyFromFile, peerPublicKey, agreedKey);
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessAgreeKey(newParamSet, &keyFromFile, peerPublicKey, agreedKey);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, privateKey, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "agree: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessAgreeKey(newParamSet, &keyFromFile, peerPublicKey, agreedKey);
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1405,9 +1480,19 @@ int32_t HksServiceDeriveKey(const struct HksProcessInfo *processInfo, const stru
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check derive key params failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, mainKey, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "derive: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "derive: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessDeriveKey(newParamSet, &keyFromFile, derivedKey);
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessDeriveKey(newParamSet, &keyFromFile, derivedKey);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, mainKey, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "derive: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessDeriveKey(newParamSet, &keyFromFile, derivedKey);
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1433,9 +1518,19 @@ int32_t HksServiceMac(const struct HksProcessInfo *processInfo, const struct Hks
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check mac params failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, key, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "mac: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "mac: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessMac(&keyFromFile, newParamSet, srcData, mac);
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessMac(&keyFromFile, newParamSet, srcData, mac);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, key, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "mac: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessMac(&keyFromFile, newParamSet, srcData, mac);
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1501,7 +1596,7 @@ int32_t HksServiceRefreshKeyInfo(const struct HksBlob *processName)
|
||||
}
|
||||
|
||||
#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
|
||||
static int32_t AddAppInfoToParamSet(const struct HksProcessInfo *processInfo, struct HksParamSet *paramSet,
|
||||
static int32_t AddAppInfoToParamSet(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
|
||||
struct HksParamSet **outParamSet)
|
||||
{
|
||||
int32_t ret;
|
||||
@ -1550,6 +1645,28 @@ static int32_t AddAppInfoToParamSet(const struct HksProcessInfo *processInfo, st
|
||||
#endif
|
||||
|
||||
#ifdef HKS_SUPPORT_API_ATTEST_KEY
|
||||
static int32_t DcmGenerateCertChainInAttestKey(const struct HksParamSet *paramSet, const uint8_t *remoteObject,
|
||||
struct HksBlob *certChain, uint32_t certChainCapacity)
|
||||
{
|
||||
(void)paramSet;
|
||||
(void)remoteObject;
|
||||
(void)certChain;
|
||||
(void)certChainCapacity;
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
#ifndef HKS_UNTRUSTED_RUNNING_ENV
|
||||
if (!HksAttestIsAnonymous(paramSet)) {
|
||||
HKS_LOG_I("non anonymous attest key.");
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
ret = DcmGenerateCertChain(certChain, remoteObject);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "DcmGenerateCertChain fail, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
(void)memset_s(certChain->data, certChainCapacity, 0, certChainCapacity);
|
||||
certChain->size = certChainCapacity; // restore capacity size
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
int32_t HksServiceAttestKey(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
|
||||
const struct HksParamSet *paramSet, struct HksBlob *certChain, const uint8_t *remoteObject)
|
||||
{
|
||||
@ -1564,34 +1681,35 @@ int32_t HksServiceAttestKey(const struct HksProcessInfo *processInfo, const stru
|
||||
|
||||
#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
|
||||
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &processInfoParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
ret = AddAppInfoToParamSet(processInfo, processInfoParamSet, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddAppInfoToParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
#else
|
||||
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
#endif
|
||||
|
||||
#ifndef HKS_UNTRUSTED_RUNNING_ENV
|
||||
uint32_t certChainCapacity = certChain->size;
|
||||
if (ret == HKS_SUCCESS) {
|
||||
#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
|
||||
ret = AddAppInfoToParamSet(processInfo, processInfoParamSet, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddAppInfoToParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
#endif
|
||||
ret = HuksAccessAttestKey(&keyFromFile, newParamSet, certChain);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HuksAccessAttestKey fail, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
#ifndef HKS_UNTRUSTED_RUNNING_ENV
|
||||
if (!HksAttestIsAnonymous(paramSet)) {
|
||||
HKS_LOG_I("non anonymous attest key.");
|
||||
break;
|
||||
ret = HuksAccessAttestKey(&keyFromFile, newParamSet, certChain);
|
||||
}
|
||||
ret = DcmGenerateCertChain(certChain, remoteObject);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DcmGenerateCertChain fail, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
(void)memset_s(certChain->data, certChainCapacity, 0, certChainCapacity);
|
||||
certChain->size = certChainCapacity; // restore capacity size
|
||||
#else
|
||||
(void)(remoteObject);
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
|
||||
HksFreeParamSet(&newParamSet);
|
||||
ret = AddAppInfoToParamSet(processInfo, processInfoParamSet, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddAppInfoToParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
#endif
|
||||
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessAttestKey(&keyFromFile, newParamSet, certChain);
|
||||
}
|
||||
#endif
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HuksAttestKey fail, ret = %" LOG_PUBLIC "d.", ret)
|
||||
ret = DcmGenerateCertChainInAttestKey(paramSet, remoteObject, certChain, certChainCapacity);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret)
|
||||
} while (0);
|
||||
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
@ -1633,10 +1751,20 @@ int32_t HksServiceInit(const struct HksProcessInfo *processInfo, const struct Hk
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check ServiceInit params failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = GetKeyAndNewParamSet(processInfo, key, paramSet, &keyFromFile, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = HuksAccessInit(&keyFromFile, newParamSet, handle, token);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HuksAccessInit failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
if (ret == HKS_SUCCESS) {
|
||||
ret = HuksAccessInit(&keyFromFile, newParamSet, handle, token);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
|
||||
HKS_FREE_BLOB(keyFromFile);
|
||||
ret = GetKeyData(processInfo, key, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
ret = HuksAccessInit(&keyFromFile, newParamSet, handle, token);
|
||||
}
|
||||
#endif
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "Huks Init failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = CreateOperation(processInfo, paramSet, handle, true);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "create operation failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
@ -56,7 +56,7 @@ static HksStorageFileLock *CreateStorageFileLock(const char *path, const char *f
|
||||
}
|
||||
#endif
|
||||
|
||||
static int32_t HksStorageWriteFile(
|
||||
int32_t HksStorageWriteFile(
|
||||
const char *path, const char *fileName, uint32_t offset, const uint8_t *buf, uint32_t len)
|
||||
{
|
||||
#ifdef HKS_SUPPORT_THREAD
|
||||
@ -148,69 +148,6 @@ static int32_t HksStorageRemoveFile(const char *path, const char *fileName)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
static int32_t CopyKeyBlobFromSrc(const char *srcPath, const char *srcFileName,
|
||||
const char *destPath, const char *destFileName)
|
||||
{
|
||||
uint32_t size = HksFileSize(srcPath, srcFileName);
|
||||
if (size == 0) {
|
||||
HKS_LOG_E("get file size failed, ret = %" LOG_PUBLIC "u.", size);
|
||||
return HKS_ERROR_FILE_SIZE_FAIL;
|
||||
}
|
||||
|
||||
uint8_t *buffer = (uint8_t *)HksMalloc(size);
|
||||
HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL)
|
||||
|
||||
(void)memset_s(buffer, size, 0, size);
|
||||
|
||||
struct HksBlob blob = { .size = size, .data = buffer };
|
||||
|
||||
int32_t ret;
|
||||
do {
|
||||
ret = HksStorageReadFile(srcPath, srcFileName, 0, &blob, &size);
|
||||
if (ret != HKS_SUCCESS) {
|
||||
if (ret == HKS_ERROR_NO_PERMISSION) {
|
||||
HKS_LOG_E("Check Permission failed, ret = %" LOG_PUBLIC "d.", ret);
|
||||
break;
|
||||
}
|
||||
HKS_LOG_E("read file failed, ret = %" LOG_PUBLIC "d.", ret);
|
||||
ret = HKS_ERROR_READ_FILE_FAIL;
|
||||
break;
|
||||
}
|
||||
|
||||
ret = HksMakeFullDir(destPath);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "makdir destPath failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
ret = HksStorageWriteFile(destPath, destFileName, 0, buffer, size);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "file write destPath failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
} while (0);
|
||||
|
||||
HKS_FREE(buffer);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t CopyKeyBlob(const struct HksStoreFileInfo *fileInfo,
|
||||
int32_t isMainFileExist, int32_t isBakFileExist)
|
||||
{
|
||||
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
|
||||
return HKS_ERROR_NOT_EXIST;
|
||||
} else if ((isMainFileExist == HKS_SUCCESS) && (isBakFileExist == HKS_SUCCESS)) {
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
if (isMainFileExist != HKS_SUCCESS) {
|
||||
ret = CopyKeyBlobFromSrc(fileInfo->bakPath.path, fileInfo->bakPath.fileName,
|
||||
fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
} else if (isBakFileExist != HKS_SUCCESS) {
|
||||
ret = CopyKeyBlobFromSrc(fileInfo->mainPath.path, fileInfo->mainPath.fileName,
|
||||
fileInfo->bakPath.path, fileInfo->bakPath.fileName);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
static int32_t GetKeyBlobFromFile(const char *path, const char *fileName, struct HksBlob *keyBlob)
|
||||
{
|
||||
uint32_t size = HksFileSize(path, fileName);
|
||||
@ -238,94 +175,47 @@ static int32_t GetKeyBlobFromFile(const char *path, const char *fileName, struct
|
||||
static int32_t DeleteKeyBlob(const struct HksStoreFileInfo *fileInfo)
|
||||
{
|
||||
int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
#ifndef SUPPORT_STORAGE_BACKUP
|
||||
HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST)
|
||||
|
||||
int32_t ret = HksStorageRemoveFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove file failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
#else
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
|
||||
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
|
||||
return HKS_ERROR_NOT_EXIST;
|
||||
}
|
||||
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
if (isMainFileExist == HKS_SUCCESS) {
|
||||
ret = HksStorageRemoveFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove file failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
}
|
||||
|
||||
if (isBakFileExist == HKS_SUCCESS) {
|
||||
ret = HksStorageRemoveFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove bakfile failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
}
|
||||
#endif
|
||||
if (isMainFileExist == HKS_SUCCESS) {
|
||||
ret = HksStorageRemoveFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove file failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
} else {
|
||||
return HKS_ERROR_NOT_EXIST;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t GetKeyBlob(const struct HksStoreFileInfo *fileInfo, struct HksBlob *keyBlob)
|
||||
static int32_t GetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob)
|
||||
{
|
||||
int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
#ifndef SUPPORT_STORAGE_BACKUP
|
||||
HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST)
|
||||
|
||||
int32_t ret = GetKeyBlobFromFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, keyBlob);
|
||||
#else
|
||||
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
|
||||
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
|
||||
return HKS_ERROR_NOT_EXIST;
|
||||
}
|
||||
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
if (isMainFileExist == HKS_SUCCESS) {
|
||||
ret = GetKeyBlobFromFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, keyBlob);
|
||||
} else if (isBakFileExist == HKS_SUCCESS) {
|
||||
ret = GetKeyBlobFromFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName, keyBlob);
|
||||
}
|
||||
|
||||
if (CopyKeyBlob(fileInfo, isMainFileExist, isBakFileExist) != HKS_SUCCESS) {
|
||||
HKS_LOG_W("CopyKeyBlob failed");
|
||||
}
|
||||
#endif
|
||||
int32_t isFileExist = HksIsFileExist(fileInfoPath->path, fileInfoPath->fileName);
|
||||
HKS_IF_NOT_SUCC_RETURN(isFileExist, HKS_ERROR_NOT_EXIST)
|
||||
|
||||
int32_t ret = GetKeyBlobFromFile(fileInfoPath->path, fileInfoPath->fileName, keyBlob);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t GetKeyBlobSize(const struct HksStoreFileInfo *fileInfo, uint32_t *keyBlobSize)
|
||||
static int32_t GetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize)
|
||||
{
|
||||
int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
#ifndef SUPPORT_STORAGE_BACKUP
|
||||
HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST)
|
||||
int32_t isFileExist = HksIsFileExist(fileInfoPath->path, fileInfoPath->fileName);
|
||||
HKS_IF_NOT_SUCC_RETURN(isFileExist, HKS_ERROR_NOT_EXIST)
|
||||
|
||||
uint32_t size = HksFileSize(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
uint32_t size = HksFileSize(fileInfoPath->path, fileInfoPath->fileName);
|
||||
if (size == 0) {
|
||||
return HKS_ERROR_FILE_SIZE_FAIL;
|
||||
}
|
||||
*keyBlobSize = size;
|
||||
#else
|
||||
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
|
||||
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
|
||||
return HKS_ERROR_NOT_EXIST;
|
||||
}
|
||||
|
||||
uint32_t size = 0;
|
||||
if (isMainFileExist == HKS_SUCCESS) {
|
||||
size = HksFileSize(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
} else if (isBakFileExist == HKS_SUCCESS) {
|
||||
size = HksFileSize(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
|
||||
}
|
||||
|
||||
if (size == 0) {
|
||||
return HKS_ERROR_FILE_SIZE_FAIL;
|
||||
}
|
||||
|
||||
*keyBlobSize = size;
|
||||
if (CopyKeyBlob(fileInfo, isMainFileExist, isBakFileExist) != HKS_SUCCESS) {
|
||||
HKS_LOG_W("CopyKeyBlob failed");
|
||||
}
|
||||
#endif
|
||||
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
|
||||
@ -335,16 +225,11 @@ static int32_t IsKeyBlobExist(const struct HksStoreFileInfo *fileInfo)
|
||||
#ifndef SUPPORT_STORAGE_BACKUP
|
||||
HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST)
|
||||
#else
|
||||
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
|
||||
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
|
||||
return HKS_ERROR_NOT_EXIST;
|
||||
}
|
||||
|
||||
if (CopyKeyBlob(fileInfo, isMainFileExist, isBakFileExist) != HKS_SUCCESS) {
|
||||
HKS_LOG_W("CopyKeyBlob failed");
|
||||
if (isMainFileExist != HKS_SUCCESS) {
|
||||
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(isBakFileExist, HKS_ERROR_NOT_EXIST, "hks mainkey and backupkey not exist")
|
||||
}
|
||||
#endif
|
||||
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
|
||||
@ -357,12 +242,13 @@ int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct Hk
|
||||
|
||||
ret = HksStorageWriteFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, 0,
|
||||
keyBlob->data, keyBlob->size);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks save key blob failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks save main key blob failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
ret = HksStorageWriteFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName, 0,
|
||||
keyBlob->data, keyBlob->size);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks save key blob failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
if (HksStorageWriteFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName, 0,
|
||||
keyBlob->data, keyBlob->size) != HKS_SUCCESS) {
|
||||
HKS_LOG_E("hks save backup key blob failed");
|
||||
}
|
||||
#endif
|
||||
} while (0);
|
||||
|
||||
@ -393,25 +279,25 @@ int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo)
|
||||
return ret;
|
||||
}
|
||||
|
||||
int32_t HksStoreGetKeyBlob(const struct HksStoreFileInfo *fileInfo, struct HksBlob *keyBlob)
|
||||
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob)
|
||||
{
|
||||
int32_t ret;
|
||||
do {
|
||||
ret = RecordKeyOperation(KEY_OPERATION_GET, fileInfo->mainPath.path, fileInfo->mainPath.fileName);
|
||||
ret = RecordKeyOperation(KEY_OPERATION_GET, fileInfoPath->path, fileInfoPath->fileName);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret)
|
||||
|
||||
ret = GetKeyBlob(fileInfo, keyBlob);
|
||||
ret = GetKeyBlob(fileInfoPath, keyBlob);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "hks get keyblob failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
} while (0);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int32_t HksStoreGetKeyBlobSize(const struct HksStoreFileInfo *fileInfo, uint32_t *keyBlobSize)
|
||||
int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize)
|
||||
{
|
||||
int32_t ret;
|
||||
do {
|
||||
ret = GetKeyBlobSize(fileInfo, keyBlobSize);
|
||||
ret = GetKeyBlobSize(fileInfoPath, keyBlobSize);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "hks get keyblob size failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
} while (0);
|
||||
|
||||
@ -644,70 +530,104 @@ int32_t HksIsOldKeyPathCleared(uint32_t *keyCount)
|
||||
|
||||
#ifdef HKS_ENABLE_EVENT_DELETE
|
||||
#ifdef L2_STANDARD
|
||||
static int32_t DeleteServiceEceOrCeUserIdPath(const struct HksBlob *userId, const char *rootPath)
|
||||
static void DeleteUserIdMainPathAndBakPath(const char *userData, const char *deDataPath, const char *ceOrEceDataPath)
|
||||
{
|
||||
char *userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NULL_LOGE_RETURN(userData, HKS_ERROR_MALLOC_FAIL, "malloc user data failed")
|
||||
char dePath[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s",
|
||||
deDataPath, userData);
|
||||
if (offset > 0) {
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath);
|
||||
(void)HksDeleteDir(dePath);
|
||||
} else {
|
||||
HKS_LOG_E("get de path failed");
|
||||
}
|
||||
|
||||
char cePath[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
|
||||
HKS_CE_ROOT_PATH, userData, ceOrEceDataPath);
|
||||
if (offset > 0) {
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath);
|
||||
(void)HksDeleteDir(cePath);
|
||||
} else {
|
||||
HKS_LOG_E("get ce path failed");
|
||||
}
|
||||
|
||||
char ecePath[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
|
||||
HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath);
|
||||
if (offset > 0) {
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath);
|
||||
(void)HksDeleteDir(ecePath);
|
||||
} else {
|
||||
HKS_LOG_E("get ece path failed");
|
||||
}
|
||||
}
|
||||
|
||||
static void DeleteUserIdPath(const struct HksBlob *userId)
|
||||
{
|
||||
int32_t ret;
|
||||
char *userData = NULL;
|
||||
do {
|
||||
userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed")
|
||||
|
||||
ret = ConstructPlainName(userId, userData, HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
char userProcess[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
|
||||
rootPath, userData, HKS_STORE_SERVICE_PATH);
|
||||
if (offset <= 0) {
|
||||
HKS_LOG_E("get user process path failed");
|
||||
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
|
||||
break;
|
||||
}
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", userProcess);
|
||||
ret = HksDeleteDir(userProcess);
|
||||
(void)DeleteUserIdMainPathAndBakPath(userData, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH);
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
(void)DeleteUserIdMainPathAndBakPath(userData, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH);
|
||||
#endif
|
||||
} while (0);
|
||||
HKS_FREE(userData);
|
||||
return ret;
|
||||
return;
|
||||
}
|
||||
|
||||
static int32_t DeleteServiceDeUserIdPath(const struct HksBlob *userId)
|
||||
static void DeleteUidMainPathAndBakPath(const char *userData, const char *uidData,
|
||||
const char *deDataPath, const char *ceOrEceDataPath)
|
||||
{
|
||||
char *userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NULL_LOGE_RETURN(userData, HKS_ERROR_MALLOC_FAIL, "malloc user data failed")
|
||||
char dePath[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
|
||||
deDataPath, userData, uidData);
|
||||
if (offset > 0) {
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath);
|
||||
(void)HksDeleteDir(dePath);
|
||||
} else {
|
||||
HKS_LOG_E("get de path failed");
|
||||
}
|
||||
|
||||
int32_t ret;
|
||||
do {
|
||||
ret = ConstructPlainName(userId, userData, HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
char cePath[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
HKS_CE_ROOT_PATH, userData, ceOrEceDataPath, uidData);
|
||||
if (offset > 0) {
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath);
|
||||
(void)HksDeleteDir(cePath);
|
||||
} else {
|
||||
HKS_LOG_E("get ce path failed");
|
||||
}
|
||||
|
||||
char userProcess[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s",
|
||||
HKS_KEY_STORE_PATH, userData);
|
||||
if (offset <= 0) {
|
||||
HKS_LOG_E("get user process path failed");
|
||||
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
|
||||
break;
|
||||
}
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", userProcess);
|
||||
ret = HksDeleteDir(userProcess);
|
||||
} while (0);
|
||||
HKS_FREE(userData);
|
||||
return ret;
|
||||
char ecePath[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath, uidData);
|
||||
if (offset > 0) {
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath);
|
||||
(void)HksDeleteDir(ecePath);
|
||||
} else {
|
||||
HKS_LOG_E("get ece path failed");
|
||||
}
|
||||
}
|
||||
|
||||
static int32_t DeleteServiceEceOrCeUidPath(const struct HksProcessInfo *processInfo, const char *rootPath)
|
||||
static void DeleteUidPath(const struct HksProcessInfo *processInfo)
|
||||
{
|
||||
char *userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NULL_LOGE_RETURN(userData, HKS_ERROR_MALLOC_FAIL, "malloc user data failed")
|
||||
|
||||
int32_t ret;
|
||||
char *userData = NULL;
|
||||
char *uidData = NULL;
|
||||
do {
|
||||
userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed")
|
||||
|
||||
uidData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
|
||||
if (uidData == NULL) {
|
||||
HKS_LOG_E("malloc uid data failed");
|
||||
ret = HKS_ERROR_MALLOC_FAIL;
|
||||
break;
|
||||
}
|
||||
HKS_IF_NULL_LOGE_BREAK(uidData, "malloc uid data failed")
|
||||
|
||||
ret = ConstructPlainName(&processInfo->userId, userData, HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
@ -715,57 +635,14 @@ static int32_t DeleteServiceEceOrCeUidPath(const struct HksProcessInfo *processI
|
||||
ret = ConstructPlainName(&processInfo->processName, uidData, HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret, "construct uid name failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
char userProcess[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
rootPath, userData, HKS_STORE_SERVICE_PATH, uidData);
|
||||
if (offset <= 0) {
|
||||
HKS_LOG_E("get user process path failed");
|
||||
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
|
||||
break;
|
||||
}
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", userProcess);
|
||||
ret = HksDeleteDir(userProcess);
|
||||
(void)DeleteUidMainPathAndBakPath(userData, uidData, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH);
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
(void)DeleteUidMainPathAndBakPath(userData, uidData, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH);
|
||||
#endif
|
||||
} while (0);
|
||||
HKS_FREE(userData);
|
||||
HKS_FREE(uidData);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t DeleteServiceDeUidPath(const struct HksProcessInfo *processInfo)
|
||||
{
|
||||
char *userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NULL_LOGE_RETURN(userData, HKS_ERROR_MALLOC_FAIL, "malloc user data failed")
|
||||
|
||||
int32_t ret;
|
||||
char *uidData = NULL;
|
||||
do {
|
||||
uidData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
|
||||
if (uidData == NULL) {
|
||||
HKS_LOG_E("malloc uid data failed");
|
||||
ret = HKS_ERROR_MALLOC_FAIL;
|
||||
break;
|
||||
}
|
||||
|
||||
ret = ConstructPlainName(&processInfo->userId, userData, HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = ConstructPlainName(&processInfo->processName, uidData, HKS_MAX_FILE_NAME_LEN);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret, "construct uid name failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
char userProcess[HKS_MAX_DIRENT_FILE_LEN] = "";
|
||||
int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
|
||||
HKS_KEY_STORE_PATH, userData, uidData);
|
||||
if (offset <= 0) {
|
||||
HKS_LOG_E("get user process path failed");
|
||||
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
|
||||
break;
|
||||
}
|
||||
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", userProcess);
|
||||
ret = HksDeleteDir(userProcess);
|
||||
} while (0);
|
||||
HKS_FREE(userData);
|
||||
HKS_FREE(uidData);
|
||||
return ret;
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -793,14 +670,7 @@ void HksServiceDeleteUserIDKeyAliasFile(const struct HksBlob *userId)
|
||||
ret = HksDeleteDir(userProcess);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret)
|
||||
#ifdef L2_STANDARD
|
||||
ret = DeleteServiceEceOrCeUserIdPath(userId, HKS_ECE_ROOT_PATH);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "delete ece path failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = DeleteServiceEceOrCeUserIdPath(userId, HKS_CE_ROOT_PATH);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "delete ce path failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = DeleteServiceDeUserIdPath(userId);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "delete new de path failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
(void)DeleteUserIdPath(userId);
|
||||
#endif
|
||||
} while (0);
|
||||
HKS_FREE(userData);
|
||||
@ -846,14 +716,7 @@ void HksServiceDeleteUIDKeyAliasFile(const struct HksProcessInfo *processInfo)
|
||||
ret = HksDeleteDir(userProcess);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret)
|
||||
#ifdef L2_STANDARD
|
||||
ret = DeleteServiceEceOrCeUidPath(processInfo, HKS_ECE_ROOT_PATH);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "delete ece path failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = DeleteServiceEceOrCeUidPath(processInfo, HKS_CE_ROOT_PATH);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "delete ce path failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
ret = DeleteServiceDeUidPath(processInfo);
|
||||
HKS_IF_NOT_SUCC_LOGE(ret, "delete new de path failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
(void)DeleteUidPath(processInfo);
|
||||
#endif
|
||||
} while (0);
|
||||
HKS_FREE(userData);
|
||||
|
@ -672,10 +672,10 @@ int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo,
|
||||
return GetKeyOffsetByKeyAlias(keyAlias, &offset);
|
||||
}
|
||||
|
||||
int32_t HksStoreGetKeyBlob(const struct HksStoreFileInfo *fileInfo,
|
||||
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath,
|
||||
const struct HksBlob *keyAlias, uint32_t storageType, struct HksBlob *keyBlob)
|
||||
{
|
||||
(void)fileInfo;
|
||||
(void)fileInfoPath;
|
||||
if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) {
|
||||
return GetRootMaterial(keyAlias, keyBlob);
|
||||
}
|
||||
|
@ -130,6 +130,7 @@ static int32_t GetStorageTypePath(uint32_t storageType, struct HksStoreMaterial
|
||||
{
|
||||
switch (storageType) {
|
||||
case HKS_STORAGE_TYPE_KEY:
|
||||
case HKS_STORAGE_TYPE_BAK_KEY:
|
||||
outMaterial->storageTypePath = (char *)HksMalloc(sizeof(HKS_KEY_STORE_KEY_PATH) + 1);
|
||||
if (outMaterial->storageTypePath == NULL) {
|
||||
return HKS_ERROR_MALLOC_FAIL;
|
||||
@ -375,7 +376,20 @@ int32_t HksManageStoreGetKeyBlob(const struct HksProcessInfo *processInfo, const
|
||||
ret = HksConstructStoreFileInfo(processInfo, paramSet, &material, &fileInfo);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks construct store file info failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
ret = HksStoreGetKeyBlob(&fileInfo, keyBlob);
|
||||
if (storageType != HKS_STORAGE_TYPE_BAK_KEY) {
|
||||
ret = HksStoreGetKeyBlob(&fileInfo.mainPath, keyBlob);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
else {
|
||||
ret = HksStoreGetKeyBlob(&fileInfo.bakPath, keyBlob);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks get key blob failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
if (HksStorageWriteFile(fileInfo.mainPath.path, fileInfo.mainPath.fileName, 0,
|
||||
keyBlob->data, keyBlob->size) != HKS_SUCCESS) {
|
||||
HKS_LOG_E("hks copy bak key to main key failed");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks get key blob failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
} while (0);
|
||||
@ -403,7 +417,14 @@ int32_t HksManageStoreGetKeyBlobSize(const struct HksProcessInfo *processInfo, c
|
||||
ret = HksConstructStoreFileInfo(processInfo, paramSet, &material, &fileInfo);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks construct store file info failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
ret = HksStoreGetKeyBlobSize(&fileInfo, keyBlobSize);
|
||||
if (storageType != HKS_STORAGE_TYPE_BAK_KEY) {
|
||||
ret = HksStoreGetKeyBlobSize(&fileInfo.mainPath, keyBlobSize);
|
||||
}
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
else {
|
||||
ret = HksStoreGetKeyBlobSize(&fileInfo.bakPath, keyBlobSize);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks get key blob failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
} while (0);
|
||||
|
@ -480,59 +480,62 @@ static int32_t CheckUserPathExist(enum HksPathType pathType, const char *userIdP
|
||||
}
|
||||
#endif
|
||||
|
||||
static int32_t ConstructPath(const struct HksStoreMaterial *material, struct HksStoreFileInfo *fileInfo)
|
||||
static int32_t ConstructPath(const struct HksStoreMaterial *material, const char *deDataPath,
|
||||
const char *ceOrEceDataPath, struct HksStoreInfo *fileInfoPath)
|
||||
{
|
||||
(void)ceOrEceDataPath;
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
int32_t offset = 0;
|
||||
switch (material->pathType) {
|
||||
case DE_PATH:
|
||||
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
HKS_KEY_STORE_PATH, material->userIdPath, material->uidPath, material->storageTypePath);
|
||||
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
deDataPath, material->userIdPath, material->uidPath, material->storageTypePath);
|
||||
break;
|
||||
#ifdef L2_STANDARD
|
||||
case CE_PATH:
|
||||
ret = CheckUserPathExist(CE_PATH, material->userIdPath);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check user path exist failed.")
|
||||
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s/%s",
|
||||
HKS_CE_ROOT_PATH, material->userIdPath, HKS_STORE_SERVICE_PATH, material->uidPath,
|
||||
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s/%s",
|
||||
HKS_CE_ROOT_PATH, material->userIdPath, ceOrEceDataPath, material->uidPath,
|
||||
material->storageTypePath);
|
||||
break;
|
||||
case ECE_PATH:
|
||||
ret = CheckUserPathExist(ECE_PATH, material->userIdPath);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check user path exist failed.")
|
||||
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s/%s",
|
||||
HKS_ECE_ROOT_PATH, material->userIdPath, HKS_STORE_SERVICE_PATH, material->uidPath,
|
||||
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s/%s",
|
||||
HKS_ECE_ROOT_PATH, material->userIdPath, ceOrEceDataPath, material->uidPath,
|
||||
material->storageTypePath);
|
||||
break;
|
||||
#ifdef HUKS_ENABLE_SKIP_UPGRADE_KEY_STORAGE_SECURE_LEVEL
|
||||
case TMP_PATH:
|
||||
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
HKS_KEY_STORE_TMP_PATH, material->userIdPath, material->uidPath, material->storageTypePath);
|
||||
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
HKS_KEY_STORE_TMP_PATH, material->userIdPath, material->uidPath, material->storageTypePath);
|
||||
break;
|
||||
#endif
|
||||
#ifdef HKS_USE_RKC_IN_STANDARD
|
||||
case RKC_IN_STANDARD_PATH:
|
||||
// there is no user id path in rkc of standard
|
||||
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
|
||||
HKS_KEY_RKC_PATH, material->uidPath, material->storageTypePath);
|
||||
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
|
||||
HKS_KEY_RKC_PATH, material->uidPath, material->storageTypePath);
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HKS_ENABLE_LITE_HAP
|
||||
case LITE_HAP_PATH:
|
||||
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
|
||||
HKS_KEY_STORE_LITE_HAP, material->userIdPath, material->uidPath, material->storageTypePath);
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
if (offset <= 0) {
|
||||
HKS_LOG_E("get main path failed, path type is %" LOG_PUBLIC "d.", material->pathType);
|
||||
HKS_LOG_E("get path failed, path type is %" LOG_PUBLIC "d.", material->pathType);
|
||||
return HKS_ERROR_INSUFFICIENT_MEMORY;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t GetMainPath(const struct HksStoreMaterial *material, struct HksStoreFileInfo *fileInfo)
|
||||
static int32_t GetPathInfo(const struct HksStoreMaterial *material, const char *deDataPath,
|
||||
const char *ceOrEceDataPath, struct HksStoreInfo *fileInfoPath)
|
||||
{
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
#ifdef L2_STANDARD
|
||||
@ -541,18 +544,18 @@ static int32_t GetMainPath(const struct HksStoreMaterial *material, struct HksSt
|
||||
bool isUserPath = false;
|
||||
#endif
|
||||
|
||||
ret = ConstructPath(material, fileInfo);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "construct path failed")
|
||||
ret = ConstructPath(material, deDataPath, ceOrEceDataPath, fileInfoPath);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "construct main path failed")
|
||||
|
||||
StandardizePath(fileInfo->mainPath.path);
|
||||
ret = HksMakeFullDir(fileInfo->mainPath.path);
|
||||
StandardizePath(fileInfoPath->path);
|
||||
ret = HksMakeFullDir(fileInfoPath->path);
|
||||
if (isUserPath) {
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_NO_PERMISSION, "make full dir failed.")
|
||||
} else {
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "make full dir failed.")
|
||||
}
|
||||
if (material->keyAliasPath != NULL) {
|
||||
if (memcpy_s(fileInfo->mainPath.fileName, HKS_MAX_FILE_NAME_LEN,
|
||||
if (memcpy_s(fileInfoPath->fileName, HKS_MAX_FILE_NAME_LEN,
|
||||
material->keyAliasPath, strlen(material->keyAliasPath)) != EOK) {
|
||||
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
|
||||
}
|
||||
@ -560,12 +563,23 @@ static int32_t GetMainPath(const struct HksStoreMaterial *material, struct HksSt
|
||||
return ret;
|
||||
}
|
||||
|
||||
// for now only construct for mainPath, bakPath is not on the table
|
||||
int32_t HksGetFileInfo(const struct HksStoreMaterial *material, struct HksStoreFileInfo *fileInfo)
|
||||
{
|
||||
int32_t ret = FileInfoInit(fileInfo);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hks file info init failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
return GetMainPath(material, fileInfo);
|
||||
#ifdef L2_STANDARD
|
||||
ret = GetPathInfo(material, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH, &fileInfo->mainPath);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hks get main path info failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
#else
|
||||
ret = GetPathInfo(material, HKS_KEY_STORE_PATH, NULL, &fileInfo->mainPath);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hks get main path info failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
#endif
|
||||
|
||||
#ifdef SUPPORT_STORAGE_BACKUP
|
||||
ret = GetPathInfo(material, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH, &fileInfo->bakPath);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hks get bak path info failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
#endif
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
#endif /* _CUT_AUTHENTICATE_ */
|
||||
|
@ -35,6 +35,7 @@
|
||||
#define HKS_CE_ROOT_PATH "/data/service/el2"
|
||||
#define HKS_ECE_ROOT_PATH "/data/service/el4"
|
||||
#define HKS_STORE_SERVICE_PATH "huks_service/maindata"
|
||||
#define HKS_STORE_SERVICE_BAK_PATH "huks_service/bakdata"
|
||||
#ifdef HKS_USE_RKC_IN_STANDARD
|
||||
#define HKS_KEY_RKC_PATH HKS_CONFIG_RKC_STORE_PATH "/maindata"
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user