openharmony/security_huks
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_huks synced 2024-10-07 06:04:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

容灾备份

Browse Source 
Signed-off-by: tangboyi <tangboyi1@huawei.com>
Change-Id: Iafa29ac2b3b7199245e61f14c8e39872f3c45958
Signed-off-by: tangboyi <tangboyi1@huawei.com>
This commit is contained in:
tangboyi 2024-05-29 19:16:43 +08:00
parent 05e8fe829d
commit bf4fa2cd54
12 changed files with 374 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
frameworks/config/build/BUILD.gn
View File

@ -34,6 +34,7 @@ config("l2_standard_common_config") {
"_HUKS_LOG_ENABLE_",
"L2_STANDARD",
"HKS_ENABLE_CLEAN_FILE",
"SUPPORT_STORAGE_BACKUP",
]
if (!huks_use_rkc_in_standard) {
defines += [ "_HARDWARE_ROOT_KEY_" ]

1
interfaces/inner_api/huks_standard/main/include/hks_type.h
View File

@ -412,6 +412,7 @@ enum HksErrorCode {
HKS_ERROR_EXCEED_LIMIT = -141,
HKS_ERROR_UPGRADE_FAIL = -142,
HKS_ERROR_INVALID_ACCOUNT_INFO = -143,
HKS_ERROR_CORRUPT_FILE = -144,
HKS_ERROR_LOAD_PLUGIN_FAIL = -998,
HKS_ERROR_INTERNAL_ERROR = -999,

22
services/huks_standard/huks_engine/main/core/src/hks_core_service.c
View File

@ -178,7 +178,7 @@ static int32_t GetAgreeBaseKey(const bool isPubKey, const bool isPlainPubKey, co
struct HksKeyNode *keyNode = HksGenerateKeyNode(&tempKey);
(void)memset_s(buffer, size, 0, size);
HKS_FREE(buffer);
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "generating keynode with agree key failed")
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "generating keynode with agree key failed")
bool isSupportUserAuth = false;
int32_t ret = HksCheckKeybBlobIsSupportUserAuth(keyNode->paramSet, &isSupportUserAuth);
@ -415,7 +415,7 @@ static int32_t SignVerify(uint32_t cmdId, const struct HksBlob *key, const struc
"hks failed to check signature or verify params, cmdId:%" LOG_PUBLIC "x, ret:%" LOG_PUBLIC "x!\n", cmdId, ret)
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "SignVerify generate keynode failed")
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
bool needFree = true;
struct HksBlob message = { 0, NULL };
@ -480,7 +480,7 @@ static int32_t Cipher(uint32_t cmdId, const struct HksBlob *key, const struct Hk
"hks core check cipher params failed, cmdId:%" LOG_PUBLIC "x, ret:%" LOG_PUBLIC "x!\n", cmdId, ret)
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "Cipher generate keynode failed")
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "Cipher generate keynode failed")
do {
ret = CipherPreCheck(keyNode, paramSet);
@ -616,7 +616,7 @@ static int32_t BuildDecryptUsageSpecOfUnwrap(const struct HksBlob *aad, const st
static int32_t CheckWrappingKeyIsUsedForUnwrap(const struct HksBlob *wrappingKey)
{
struct HksKeyNode *wrappingKeyNode = HksGenerateKeyNode(wrappingKey);
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_BAD_STATE,
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_CORRUPT_FILE,
"check agree params: generate wrapping keynode failed!")
struct HksParam *purposeParamWrappingKey = NULL;
@ -647,7 +647,7 @@ static int32_t GetPublicKeyInnerFormat(const struct HksBlob *wrappingKey, const
/* peer public key format should be same as wrapping key */
struct HksKeyNode *wrappingKeyNode = HksGenerateKeyNode(wrappingKey);
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_BAD_STATE, "generate wrapping key keynode failed")
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_CORRUPT_FILE, "generate wrapping key keynode failed")
ret = GetHksPubKeyInnerFormat(wrappingKeyNode->paramSet, &peerPubKeyPart, outPublicKey);
HksFreeKeyNode(&wrappingKeyNode);
@ -900,7 +900,7 @@ int32_t HksCoreDecrypt(const struct HksBlob *key, const struct HksParamSet *para
static int32_t HksCheckKeyValidity(const struct HksParamSet *paramSet, const struct HksBlob *key)
{
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "check key legality failed")
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "check key legality failed")
int32_t ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
@ -1079,7 +1079,7 @@ int32_t HksCoreExportPublicKey(const struct HksBlob *key,
}
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "SignVerify generate keynode failed")
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
int32_t ret;
do {
@ -1106,7 +1106,7 @@ int32_t HksCoreAgreeKey(const struct HksParamSet *paramSet, const struct HksBlob
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check agreeKey params failed")
struct HksKeyNode *privateKeyNode = HksGenerateKeyNode(privateKey);
HKS_IF_NULL_LOGE_RETURN(privateKeyNode, HKS_ERROR_BAD_STATE, "agree key generate keynode failed")
HKS_IF_NULL_LOGE_RETURN(privateKeyNode, HKS_ERROR_CORRUPT_FILE, "agree key generate keynode failed")
do {
ret = HksProcessIdentityVerify(privateKeyNode->paramSet, paramSet);
@ -1144,7 +1144,7 @@ int32_t HksCoreDeriveKey(const struct HksParamSet *paramSet, const struct HksBlo
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check deriveKey params failed")
struct HksKeyNode *keyNode = HksGenerateKeyNode(mainKey);
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "SignVerify generate keynode failed")
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "SignVerify generate keynode failed")
do {
ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
@ -1178,7 +1178,7 @@ int32_t HksCoreMac(const struct HksBlob *key, const struct HksParamSet *paramSet
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check mac params failed")
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "mac generate keynode failed")
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "mac generate keynode failed")
do {
ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
@ -1878,7 +1878,7 @@ int32_t HksCoreAttestKey(const struct HksBlob *key, const struct HksParamSet *p
HKS_IF_NOT_SUCC_RETURN(ret, ret)
struct HksKeyNode *keyNode = HksGenerateKeyNode(key);
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_BAD_STATE, "generate keynode failed")
HKS_IF_NULL_LOGE_RETURN(keyNode, HKS_ERROR_CORRUPT_FILE, "generate keynode failed")
ret = HksProcessIdentityVerify(keyNode->paramSet, paramSet);
if (ret != HKS_SUCCESS) {

2
services/huks_standard/huks_engine/main/core/src/hks_sm_import_wrap_key.c
View File

@ -581,7 +581,7 @@ int32_t HksSmImportWrappedKey(const struct HksBlob *keyAlias, const struct HksPa
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_INVALID_ARGUMENT, "check failed.");
struct HksKeyNode *wrappingKeyNode = HksGenerateKeyNode(wrappingKey);
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_BAD_STATE, "generate keynode failed")
HKS_IF_NULL_LOGE_RETURN(wrappingKeyNode, HKS_ERROR_CORRUPT_FILE, "generate keynode failed")
if (algSuit == HKS_UNWRAP_SUITE_SM2_SM4_128_CBC_PKCS7_WITH_VERIFY_DIG_SM3) {
ret = HksSmImportWrappedKeyWithVerify(keyAlias, paramSet, wrappingKeyNode, wrappedKeyData, keyOut);

10
services/huks_standard/huks_service/main/core/include/hks_storage.h
View File

@ -33,7 +33,7 @@ int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo,
int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo,
const struct HksBlob *keyAlias, uint32_t storageType);
int32_t HksStoreGetKeyBlob(const struct HksStoreFileInfo *fileInfo,
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath,
const struct HksBlob *keyAlias, uint32_t storageType, struct HksBlob *keyBlob);
int32_t HksStoreGetKeyBlobSize(const struct HksBlob *processName,
@ -48,11 +48,15 @@ int32_t HksStoreDeleteKeyBlob(const struct HksStoreFileInfo *fileInfo);
int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo);
int32_t HksStoreGetKeyBlob(const struct HksStoreFileInfo *fileInfo, struct HksBlob *keyBlob);
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob);
int32_t HksStoreGetKeyBlobSize(const struct HksStoreFileInfo *fileInfo, uint32_t *keyBlobSize);
int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize);
int32_t HksGetKeyCountByProcessName(const struct HksStoreFileInfo *fileInfo, uint32_t *fileCount);
int32_t HksStorageWriteFile(
const char *path, const char *fileName, uint32_t offset, const uint8_t *buf, uint32_t len);
#endif // _STORAGE_LITE_
#endif // _CUT_AUTHENTICATE_

3
services/huks_standard/huks_service/main/core/include/hks_storage_utils.h
View File

@ -23,7 +23,8 @@
enum HksStorageType {
HKS_STORAGE_TYPE_KEY = 0,
HKS_STORAGE_TYPE_ROOT_KEY,
HKS_STORAGE_TYPE_ROOT_KEY = 1,
HKS_STORAGE_TYPE_BAK_KEY = 2,
};
#ifdef __cplusplus

224
services/huks_standard/huks_service/main/core/src/hks_client_service.c
View File

@ -722,10 +722,8 @@ static int32_t GetKeyAndNewParamSet(const struct HksProcessInfo *processInfo, co
"append process info and default strategy failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyData(processInfo, keyAlias, *outParamSet, key, HKS_STORAGE_TYPE_KEY);
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get key data failed, ret = %" LOG_PUBLIC "d.", ret);
HksFreeParamSet(outParamSet);
}
// free outParamSet together after do-while
HKS_IF_NOT_SUCC_LOGE(ret, "get key data failed, ret = %" LOG_PUBLIC "d.", ret)
return ret;
}
@ -1023,9 +1021,20 @@ int32_t HksServiceSign(const struct HksProcessInfo *processInfo, const struct Hk
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check sign params failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "sign: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "sign: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessSign(&keyFromFile, newParamSet, srcData, signature);
if (ret == HKS_SUCCESS) {
ret = HuksAccessSign(&keyFromFile, newParamSet, srcData, signature);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "sign: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessSign(&keyFromFile, newParamSet, srcData, signature);
}
#endif
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1051,9 +1060,20 @@ int32_t HksServiceVerify(const struct HksProcessInfo *processInfo, const struct
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check verify params failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "verify: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "verify: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessVerify(&keyFromFile, newParamSet, srcData, signature);
if (ret == HKS_SUCCESS) {
ret = HuksAccessVerify(&keyFromFile, newParamSet, srcData, signature);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "verify: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessVerify(&keyFromFile, newParamSet, srcData, signature);
}
#endif
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1074,9 +1094,20 @@ int32_t HksServiceEncrypt(const struct HksProcessInfo *processInfo, const struct
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check encrypt failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "encrypt: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "encrypt: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessEncrypt(&keyFromFile, newParamSet, plainText, cipherText);
if (ret == HKS_SUCCESS) {
ret = HuksAccessEncrypt(&keyFromFile, newParamSet, plainText, cipherText);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
"encrypt: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessEncrypt(&keyFromFile, newParamSet, plainText, cipherText);
}
#endif
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1104,9 +1135,20 @@ int32_t HksServiceDecrypt(const struct HksProcessInfo *processInfo, const struct
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check decrypt failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "decrypt: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "decrypt: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessDecrypt(&keyFromFile, newParamSet, cipherText, plainText);
if (ret == HKS_SUCCESS) {
ret = HuksAccessDecrypt(&keyFromFile, newParamSet, cipherText, plainText);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
"decrypt: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessDecrypt(&keyFromFile, newParamSet, cipherText, plainText);
}
#endif
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1204,11 +1246,23 @@ int32_t HksServiceGetKeyParamSet(const struct HksProcessInfo *processInfo, const
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check get key paramSet params failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSetIn, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
HKS_IF_NOT_SUCC_LOGE(ret,
"get key paramSet: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessGetKeyProperties(newParamSet, &keyFromFile);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "access level check key validity failed, ret = %" LOG_PUBLIC "d", ret)
if (ret == HKS_SUCCESS) {
ret = HuksAccessGetKeyProperties(newParamSet, &keyFromFile);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
"get key paramSet: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessGetKeyProperties(newParamSet, &keyFromFile);
}
#endif
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
"get key paramset or access level check key validity failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyParamSet(&keyFromFile, paramSetOut);
HKS_IF_NOT_SUCC_LOGE(ret, "get Key paramSet failed, ret = %" LOG_PUBLIC "d", ret)
@ -1345,9 +1399,20 @@ int32_t HksServiceExportPublicKey(const struct HksProcessInfo *processInfo, cons
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check export public key params failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "export public: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "export public: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessExportPublicKey(&keyFromFile, newParamSet, key);
if (ret == HKS_SUCCESS) {
ret = HuksAccessExportPublicKey(&keyFromFile, newParamSet, key);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret,
"export public: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessExportPublicKey(&keyFromFile, newParamSet, key);
}
#endif
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1377,9 +1442,19 @@ int32_t HksServiceAgreeKey(const struct HksProcessInfo *processInfo, const struc
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check agree key params failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, privateKey, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "agree: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "agree: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessAgreeKey(newParamSet, &keyFromFile, peerPublicKey, agreedKey);
if (ret == HKS_SUCCESS) {
ret = HuksAccessAgreeKey(newParamSet, &keyFromFile, peerPublicKey, agreedKey);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, privateKey, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "agree: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessAgreeKey(newParamSet, &keyFromFile, peerPublicKey, agreedKey);
}
#endif
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1405,9 +1480,19 @@ int32_t HksServiceDeriveKey(const struct HksProcessInfo *processInfo, const stru
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check derive key params failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, mainKey, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "derive: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "derive: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessDeriveKey(newParamSet, &keyFromFile, derivedKey);
if (ret == HKS_SUCCESS) {
ret = HuksAccessDeriveKey(newParamSet, &keyFromFile, derivedKey);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, mainKey, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "derive: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessDeriveKey(newParamSet, &keyFromFile, derivedKey);
}
#endif
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1433,9 +1518,19 @@ int32_t HksServiceMac(const struct HksProcessInfo *processInfo, const struct Hks
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check mac params failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, key, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "mac: get key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "mac: get main key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessMac(&keyFromFile, newParamSet, srcData, mac);
if (ret == HKS_SUCCESS) {
ret = HuksAccessMac(&keyFromFile, newParamSet, srcData, mac);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, key, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "mac: get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessMac(&keyFromFile, newParamSet, srcData, mac);
}
#endif
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1501,7 +1596,7 @@ int32_t HksServiceRefreshKeyInfo(const struct HksBlob *processName)
}
#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
static int32_t AddAppInfoToParamSet(const struct HksProcessInfo *processInfo, struct HksParamSet *paramSet,
static int32_t AddAppInfoToParamSet(const struct HksProcessInfo *processInfo, const struct HksParamSet *paramSet,
struct HksParamSet **outParamSet)
{
int32_t ret;
@ -1550,6 +1645,28 @@ static int32_t AddAppInfoToParamSet(const struct HksProcessInfo *processInfo, st
#endif
#ifdef HKS_SUPPORT_API_ATTEST_KEY
static int32_t DcmGenerateCertChainInAttestKey(const struct HksParamSet *paramSet, const uint8_t *remoteObject,
struct HksBlob *certChain, uint32_t certChainCapacity)
{
(void)paramSet;
(void)remoteObject;
(void)certChain;
(void)certChainCapacity;
int32_t ret = HKS_SUCCESS;
#ifndef HKS_UNTRUSTED_RUNNING_ENV
if (!HksAttestIsAnonymous(paramSet)) {
HKS_LOG_I("non anonymous attest key.");
return HKS_SUCCESS;
}
ret = DcmGenerateCertChain(certChain, remoteObject);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "DcmGenerateCertChain fail, ret = %" LOG_PUBLIC "d.", ret)
(void)memset_s(certChain->data, certChainCapacity, 0, certChainCapacity);
certChain->size = certChainCapacity; // restore capacity size
#endif
return ret;
}
int32_t HksServiceAttestKey(const struct HksProcessInfo *processInfo, const struct HksBlob *keyAlias,
const struct HksParamSet *paramSet, struct HksBlob *certChain, const uint8_t *remoteObject)
{
@ -1564,34 +1681,35 @@ int32_t HksServiceAttestKey(const struct HksProcessInfo *processInfo, const stru
#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &processInfoParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
ret = AddAppInfoToParamSet(processInfo, processInfoParamSet, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddAppInfoToParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
#else
ret = GetKeyAndNewParamSet(processInfo, keyAlias, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
#endif
#ifndef HKS_UNTRUSTED_RUNNING_ENV
uint32_t certChainCapacity = certChain->size;
if (ret == HKS_SUCCESS) {
#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
ret = AddAppInfoToParamSet(processInfo, processInfoParamSet, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddAppInfoToParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
#endif
ret = HuksAccessAttestKey(&keyFromFile, newParamSet, certChain);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HuksAccessAttestKey fail, ret = %" LOG_PUBLIC "d.", ret)
#ifndef HKS_UNTRUSTED_RUNNING_ENV
if (!HksAttestIsAnonymous(paramSet)) {
HKS_LOG_I("non anonymous attest key.");
break;
ret = HuksAccessAttestKey(&keyFromFile, newParamSet, certChain);
}
ret = DcmGenerateCertChain(certChain, remoteObject);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "DcmGenerateCertChain fail, ret = %" LOG_PUBLIC "d.", ret)
(void)memset_s(certChain->data, certChainCapacity, 0, certChainCapacity);
certChain->size = certChainCapacity; // restore capacity size
#else
(void)(remoteObject);
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
#ifdef HKS_SUPPORT_GET_BUNDLE_INFO
HksFreeParamSet(&newParamSet);
ret = AddAppInfoToParamSet(processInfo, processInfoParamSet, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddAppInfoToParamSet failed, ret = %" LOG_PUBLIC "d.", ret)
#endif
ret = GetKeyData(processInfo, keyAlias, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessAttestKey(&keyFromFile, newParamSet, certChain);
}
#endif
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HuksAttestKey fail, ret = %" LOG_PUBLIC "d.", ret)
ret = DcmGenerateCertChainInAttestKey(paramSet, remoteObject, certChain, certChainCapacity);
HKS_IF_NOT_SUCC_BREAK(ret)
} while (0);
HKS_FREE_BLOB(keyFromFile);
@ -1633,10 +1751,20 @@ int32_t HksServiceInit(const struct HksProcessInfo *processInfo, const struct Hk
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "check ServiceInit params failed, ret = %" LOG_PUBLIC "d", ret)
ret = GetKeyAndNewParamSet(processInfo, key, paramSet, &keyFromFile, &newParamSet);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d", ret)
HKS_IF_NOT_SUCC_LOGE(ret, "GetKeyAndNewParamSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessInit(&keyFromFile, newParamSet, handle, token);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "HuksAccessInit failed, ret = %" LOG_PUBLIC "d", ret)
if (ret == HKS_SUCCESS) {
ret = HuksAccessInit(&keyFromFile, newParamSet, handle, token);
}
#ifdef SUPPORT_STORAGE_BACKUP
if (ret == HKS_ERROR_CORRUPT_FILE || ret == HKS_ERROR_FILE_SIZE_FAIL || ret == HKS_ERROR_NOT_EXIST) {
HKS_FREE_BLOB(keyFromFile);
ret = GetKeyData(processInfo, key, newParamSet, &keyFromFile, HKS_STORAGE_TYPE_BAK_KEY);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get bak key and new paramSet failed, ret = %" LOG_PUBLIC "d", ret)
ret = HuksAccessInit(&keyFromFile, newParamSet, handle, token);
}
#endif
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "Huks Init failed, ret = %" LOG_PUBLIC "d", ret)
ret = CreateOperation(processInfo, paramSet, handle, true);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "create operation failed, ret = %" LOG_PUBLIC "d", ret)

365
services/huks_standard/huks_service/main/core/src/hks_storage.c
View File

@ -56,7 +56,7 @@ static HksStorageFileLock *CreateStorageFileLock(const char *path, const char *f
}
#endif
static int32_t HksStorageWriteFile(
int32_t HksStorageWriteFile(
const char *path, const char *fileName, uint32_t offset, const uint8_t *buf, uint32_t len)
{
#ifdef HKS_SUPPORT_THREAD
@ -148,69 +148,6 @@ static int32_t HksStorageRemoveFile(const char *path, const char *fileName)
return ret;
}
#ifdef SUPPORT_STORAGE_BACKUP
static int32_t CopyKeyBlobFromSrc(const char *srcPath, const char *srcFileName,
const char *destPath, const char *destFileName)
{
uint32_t size = HksFileSize(srcPath, srcFileName);
if (size == 0) {
HKS_LOG_E("get file size failed, ret = %" LOG_PUBLIC "u.", size);
return HKS_ERROR_FILE_SIZE_FAIL;
}
uint8_t *buffer = (uint8_t *)HksMalloc(size);
HKS_IF_NULL_RETURN(buffer, HKS_ERROR_MALLOC_FAIL)
(void)memset_s(buffer, size, 0, size);
struct HksBlob blob = { .size = size, .data = buffer };
int32_t ret;
do {
ret = HksStorageReadFile(srcPath, srcFileName, 0, &blob, &size);
if (ret != HKS_SUCCESS) {
if (ret == HKS_ERROR_NO_PERMISSION) {
HKS_LOG_E("Check Permission failed, ret = %" LOG_PUBLIC "d.", ret);
break;
}
HKS_LOG_E("read file failed, ret = %" LOG_PUBLIC "d.", ret);
ret = HKS_ERROR_READ_FILE_FAIL;
break;
}
ret = HksMakeFullDir(destPath);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "makdir destPath failed, ret = %" LOG_PUBLIC "d.", ret)
ret = HksStorageWriteFile(destPath, destFileName, 0, buffer, size);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "file write destPath failed, ret = %" LOG_PUBLIC "d.", ret)
} while (0);
HKS_FREE(buffer);
return ret;
}
static int32_t CopyKeyBlob(const struct HksStoreFileInfo *fileInfo,
int32_t isMainFileExist, int32_t isBakFileExist)
{
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
return HKS_ERROR_NOT_EXIST;
} else if ((isMainFileExist == HKS_SUCCESS) && (isBakFileExist == HKS_SUCCESS)) {
return HKS_SUCCESS;
}
int32_t ret = HKS_SUCCESS;
if (isMainFileExist != HKS_SUCCESS) {
ret = CopyKeyBlobFromSrc(fileInfo->bakPath.path, fileInfo->bakPath.fileName,
fileInfo->mainPath.path, fileInfo->mainPath.fileName);
} else if (isBakFileExist != HKS_SUCCESS) {
ret = CopyKeyBlobFromSrc(fileInfo->mainPath.path, fileInfo->mainPath.fileName,
fileInfo->bakPath.path, fileInfo->bakPath.fileName);
}
return ret;
}
#endif
static int32_t GetKeyBlobFromFile(const char *path, const char *fileName, struct HksBlob *keyBlob)
{
uint32_t size = HksFileSize(path, fileName);
@ -238,94 +175,47 @@ static int32_t GetKeyBlobFromFile(const char *path, const char *fileName, struct
static int32_t DeleteKeyBlob(const struct HksStoreFileInfo *fileInfo)
{
int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
#ifndef SUPPORT_STORAGE_BACKUP
HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST)
int32_t ret = HksStorageRemoveFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove file failed, ret = %" LOG_PUBLIC "d.", ret)
#else
int32_t ret = HKS_SUCCESS;
#ifdef SUPPORT_STORAGE_BACKUP
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
return HKS_ERROR_NOT_EXIST;
}
int32_t ret = HKS_SUCCESS;
if (isMainFileExist == HKS_SUCCESS) {
ret = HksStorageRemoveFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove file failed, ret = %" LOG_PUBLIC "d.", ret)
}
if (isBakFileExist == HKS_SUCCESS) {
ret = HksStorageRemoveFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove bakfile failed, ret = %" LOG_PUBLIC "d.", ret)
}
#endif
if (isMainFileExist == HKS_SUCCESS) {
ret = HksStorageRemoveFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete key remove file failed, ret = %" LOG_PUBLIC "d.", ret)
} else {
return HKS_ERROR_NOT_EXIST;
}
return ret;
}
static int32_t GetKeyBlob(const struct HksStoreFileInfo *fileInfo, struct HksBlob *keyBlob)
static int32_t GetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob)
{
int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
#ifndef SUPPORT_STORAGE_BACKUP
HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST)
int32_t ret = GetKeyBlobFromFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, keyBlob);
#else
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
return HKS_ERROR_NOT_EXIST;
}
int32_t ret = HKS_SUCCESS;
if (isMainFileExist == HKS_SUCCESS) {
ret = GetKeyBlobFromFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, keyBlob);
} else if (isBakFileExist == HKS_SUCCESS) {
ret = GetKeyBlobFromFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName, keyBlob);
}
if (CopyKeyBlob(fileInfo, isMainFileExist, isBakFileExist) != HKS_SUCCESS) {
HKS_LOG_W("CopyKeyBlob failed");
}
#endif
int32_t isFileExist = HksIsFileExist(fileInfoPath->path, fileInfoPath->fileName);
HKS_IF_NOT_SUCC_RETURN(isFileExist, HKS_ERROR_NOT_EXIST)
int32_t ret = GetKeyBlobFromFile(fileInfoPath->path, fileInfoPath->fileName, keyBlob);
return ret;
}
static int32_t GetKeyBlobSize(const struct HksStoreFileInfo *fileInfo, uint32_t *keyBlobSize)
static int32_t GetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize)
{
int32_t isMainFileExist = HksIsFileExist(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
#ifndef SUPPORT_STORAGE_BACKUP
HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST)
int32_t isFileExist = HksIsFileExist(fileInfoPath->path, fileInfoPath->fileName);
HKS_IF_NOT_SUCC_RETURN(isFileExist, HKS_ERROR_NOT_EXIST)
uint32_t size = HksFileSize(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
uint32_t size = HksFileSize(fileInfoPath->path, fileInfoPath->fileName);
if (size == 0) {
return HKS_ERROR_FILE_SIZE_FAIL;
}
*keyBlobSize = size;
#else
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
return HKS_ERROR_NOT_EXIST;
}
uint32_t size = 0;
if (isMainFileExist == HKS_SUCCESS) {
size = HksFileSize(fileInfo->mainPath.path, fileInfo->mainPath.fileName);
} else if (isBakFileExist == HKS_SUCCESS) {
size = HksFileSize(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
}
if (size == 0) {
return HKS_ERROR_FILE_SIZE_FAIL;
}
*keyBlobSize = size;
if (CopyKeyBlob(fileInfo, isMainFileExist, isBakFileExist) != HKS_SUCCESS) {
HKS_LOG_W("CopyKeyBlob failed");
}
#endif
return HKS_SUCCESS;
}
@ -335,16 +225,11 @@ static int32_t IsKeyBlobExist(const struct HksStoreFileInfo *fileInfo)
#ifndef SUPPORT_STORAGE_BACKUP
HKS_IF_NOT_SUCC_RETURN(isMainFileExist, HKS_ERROR_NOT_EXIST)
#else
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
if ((isMainFileExist != HKS_SUCCESS) && (isBakFileExist != HKS_SUCCESS)) {
return HKS_ERROR_NOT_EXIST;
}
if (CopyKeyBlob(fileInfo, isMainFileExist, isBakFileExist) != HKS_SUCCESS) {
HKS_LOG_W("CopyKeyBlob failed");
if (isMainFileExist != HKS_SUCCESS) {
int32_t isBakFileExist = HksIsFileExist(fileInfo->bakPath.path, fileInfo->bakPath.fileName);
HKS_IF_NOT_SUCC_LOGE_RETURN(isBakFileExist, HKS_ERROR_NOT_EXIST, "hks mainkey and backupkey not exist")
}
#endif
return HKS_SUCCESS;
}
@ -357,12 +242,13 @@ int32_t HksStoreKeyBlob(const struct HksStoreFileInfo *fileInfo, const struct Hk
ret = HksStorageWriteFile(fileInfo->mainPath.path, fileInfo->mainPath.fileName, 0,
keyBlob->data, keyBlob->size);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks save key blob failed, ret = %" LOG_PUBLIC "d.", ret)
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks save main key blob failed, ret = %" LOG_PUBLIC "d.", ret)
#ifdef SUPPORT_STORAGE_BACKUP
ret = HksStorageWriteFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName, 0,
keyBlob->data, keyBlob->size);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks save key blob failed, ret = %" LOG_PUBLIC "d.", ret)
if (HksStorageWriteFile(fileInfo->bakPath.path, fileInfo->bakPath.fileName, 0,
keyBlob->data, keyBlob->size) != HKS_SUCCESS) {
HKS_LOG_E("hks save backup key blob failed");
}
#endif
} while (0);
@ -393,25 +279,25 @@ int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo)
return ret;
}
int32_t HksStoreGetKeyBlob(const struct HksStoreFileInfo *fileInfo, struct HksBlob *keyBlob)
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath, struct HksBlob *keyBlob)
{
int32_t ret;
do {
ret = RecordKeyOperation(KEY_OPERATION_GET, fileInfo->mainPath.path, fileInfo->mainPath.fileName);
ret = RecordKeyOperation(KEY_OPERATION_GET, fileInfoPath->path, fileInfoPath->fileName);
HKS_IF_NOT_SUCC_BREAK(ret)
ret = GetKeyBlob(fileInfo, keyBlob);
ret = GetKeyBlob(fileInfoPath, keyBlob);
HKS_IF_NOT_SUCC_LOGE(ret, "hks get keyblob failed, ret = %" LOG_PUBLIC "d.", ret)
} while (0);
return ret;
}
int32_t HksStoreGetKeyBlobSize(const struct HksStoreFileInfo *fileInfo, uint32_t *keyBlobSize)
int32_t HksStoreGetKeyBlobSize(const struct HksStoreInfo *fileInfoPath, uint32_t *keyBlobSize)
{
int32_t ret;
do {
ret = GetKeyBlobSize(fileInfo, keyBlobSize);
ret = GetKeyBlobSize(fileInfoPath, keyBlobSize);
HKS_IF_NOT_SUCC_LOGE(ret, "hks get keyblob size failed, ret = %" LOG_PUBLIC "d.", ret)
} while (0);
@ -644,70 +530,104 @@ int32_t HksIsOldKeyPathCleared(uint32_t *keyCount)
#ifdef HKS_ENABLE_EVENT_DELETE
#ifdef L2_STANDARD
static int32_t DeleteServiceEceOrCeUserIdPath(const struct HksBlob *userId, const char *rootPath)
static void DeleteUserIdMainPathAndBakPath(const char *userData, const char *deDataPath, const char *ceOrEceDataPath)
{
char *userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
HKS_IF_NULL_LOGE_RETURN(userData, HKS_ERROR_MALLOC_FAIL, "malloc user data failed")
char dePath[HKS_MAX_DIRENT_FILE_LEN] = "";
int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s",
deDataPath, userData);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath);
(void)HksDeleteDir(dePath);
} else {
HKS_LOG_E("get de path failed");
}
char cePath[HKS_MAX_DIRENT_FILE_LEN] = "";
offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
HKS_CE_ROOT_PATH, userData, ceOrEceDataPath);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath);
(void)HksDeleteDir(cePath);
} else {
HKS_LOG_E("get ce path failed");
}
char ecePath[HKS_MAX_DIRENT_FILE_LEN] = "";
offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath);
(void)HksDeleteDir(ecePath);
} else {
HKS_LOG_E("get ece path failed");
}
}
static void DeleteUserIdPath(const struct HksBlob *userId)
{
int32_t ret;
char *userData = NULL;
do {
userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed")
ret = ConstructPlainName(userId, userData, HKS_MAX_FILE_NAME_LEN);
HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret)
char userProcess[HKS_MAX_DIRENT_FILE_LEN] = "";
int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
rootPath, userData, HKS_STORE_SERVICE_PATH);
if (offset <= 0) {
HKS_LOG_E("get user process path failed");
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
break;
}
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", userProcess);
ret = HksDeleteDir(userProcess);
(void)DeleteUserIdMainPathAndBakPath(userData, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH);
#ifdef SUPPORT_STORAGE_BACKUP
(void)DeleteUserIdMainPathAndBakPath(userData, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH);
#endif
} while (0);
HKS_FREE(userData);
return ret;
return;
}
static int32_t DeleteServiceDeUserIdPath(const struct HksBlob *userId)
static void DeleteUidMainPathAndBakPath(const char *userData, const char *uidData,
const char *deDataPath, const char *ceOrEceDataPath)
{
char *userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
HKS_IF_NULL_LOGE_RETURN(userData, HKS_ERROR_MALLOC_FAIL, "malloc user data failed")
char dePath[HKS_MAX_DIRENT_FILE_LEN] = "";
int32_t offset = sprintf_s(dePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
deDataPath, userData, uidData);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", dePath);
(void)HksDeleteDir(dePath);
} else {
HKS_LOG_E("get de path failed");
}
int32_t ret;
do {
ret = ConstructPlainName(userId, userData, HKS_MAX_FILE_NAME_LEN);
HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret)
char cePath[HKS_MAX_DIRENT_FILE_LEN] = "";
offset = sprintf_s(cePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
HKS_CE_ROOT_PATH, userData, ceOrEceDataPath, uidData);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", cePath);
(void)HksDeleteDir(cePath);
} else {
HKS_LOG_E("get ce path failed");
}
char userProcess[HKS_MAX_DIRENT_FILE_LEN] = "";
int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s",
HKS_KEY_STORE_PATH, userData);
if (offset <= 0) {
HKS_LOG_E("get user process path failed");
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
break;
}
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", userProcess);
ret = HksDeleteDir(userProcess);
} while (0);
HKS_FREE(userData);
return ret;
char ecePath[HKS_MAX_DIRENT_FILE_LEN] = "";
offset = sprintf_s(ecePath, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
HKS_ECE_ROOT_PATH, userData, ceOrEceDataPath, uidData);
if (offset > 0) {
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", ecePath);
(void)HksDeleteDir(ecePath);
} else {
HKS_LOG_E("get ece path failed");
}
}
static int32_t DeleteServiceEceOrCeUidPath(const struct HksProcessInfo *processInfo, const char *rootPath)
static void DeleteUidPath(const struct HksProcessInfo *processInfo)
{
char *userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
HKS_IF_NULL_LOGE_RETURN(userData, HKS_ERROR_MALLOC_FAIL, "malloc user data failed")
int32_t ret;
char *userData = NULL;
char *uidData = NULL;
do {
userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
HKS_IF_NULL_LOGE_BREAK(userData, "malloc user data failed")
uidData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
if (uidData == NULL) {
HKS_LOG_E("malloc uid data failed");
ret = HKS_ERROR_MALLOC_FAIL;
break;
}
HKS_IF_NULL_LOGE_BREAK(uidData, "malloc uid data failed")
ret = ConstructPlainName(&processInfo->userId, userData, HKS_MAX_FILE_NAME_LEN);
HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret)
@ -715,57 +635,14 @@ static int32_t DeleteServiceEceOrCeUidPath(const struct HksProcessInfo *processI
ret = ConstructPlainName(&processInfo->processName, uidData, HKS_MAX_FILE_NAME_LEN);
HKS_IF_NOT_SUCC_BREAK(ret, "construct uid name failed, ret = %" LOG_PUBLIC "d", ret)
char userProcess[HKS_MAX_DIRENT_FILE_LEN] = "";
int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
rootPath, userData, HKS_STORE_SERVICE_PATH, uidData);
if (offset <= 0) {
HKS_LOG_E("get user process path failed");
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
break;
}
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", userProcess);
ret = HksDeleteDir(userProcess);
(void)DeleteUidMainPathAndBakPath(userData, uidData, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH);
#ifdef SUPPORT_STORAGE_BACKUP
(void)DeleteUidMainPathAndBakPath(userData, uidData, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH);
#endif
} while (0);
HKS_FREE(userData);
HKS_FREE(uidData);
return ret;
}
static int32_t DeleteServiceDeUidPath(const struct HksProcessInfo *processInfo)
{
char *userData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
HKS_IF_NULL_LOGE_RETURN(userData, HKS_ERROR_MALLOC_FAIL, "malloc user data failed")
int32_t ret;
char *uidData = NULL;
do {
uidData = (char *)HksMalloc(HKS_MAX_FILE_NAME_LEN);
if (uidData == NULL) {
HKS_LOG_E("malloc uid data failed");
ret = HKS_ERROR_MALLOC_FAIL;
break;
}
ret = ConstructPlainName(&processInfo->userId, userData, HKS_MAX_FILE_NAME_LEN);
HKS_IF_NOT_SUCC_BREAK(ret, "construct user id name failed, ret = %" LOG_PUBLIC "d", ret)
ret = ConstructPlainName(&processInfo->processName, uidData, HKS_MAX_FILE_NAME_LEN);
HKS_IF_NOT_SUCC_BREAK(ret, "construct uid name failed, ret = %" LOG_PUBLIC "d", ret)
char userProcess[HKS_MAX_DIRENT_FILE_LEN] = "";
int32_t offset = sprintf_s(userProcess, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
HKS_KEY_STORE_PATH, userData, uidData);
if (offset <= 0) {
HKS_LOG_E("get user process path failed");
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
break;
}
HKS_LOG_I("delete path: %" LOG_PUBLIC "s", userProcess);
ret = HksDeleteDir(userProcess);
} while (0);
HKS_FREE(userData);
HKS_FREE(uidData);
return ret;
return;
}
#endif
@ -793,14 +670,7 @@ void HksServiceDeleteUserIDKeyAliasFile(const struct HksBlob *userId)
ret = HksDeleteDir(userProcess);
HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret)
#ifdef L2_STANDARD
ret = DeleteServiceEceOrCeUserIdPath(userId, HKS_ECE_ROOT_PATH);
HKS_IF_NOT_SUCC_LOGE(ret, "delete ece path failed, ret = %" LOG_PUBLIC "d", ret)
ret = DeleteServiceEceOrCeUserIdPath(userId, HKS_CE_ROOT_PATH);
HKS_IF_NOT_SUCC_LOGE(ret, "delete ce path failed, ret = %" LOG_PUBLIC "d", ret)
ret = DeleteServiceDeUserIdPath(userId);
HKS_IF_NOT_SUCC_LOGE(ret, "delete new de path failed, ret = %" LOG_PUBLIC "d", ret)
(void)DeleteUserIdPath(userId);
#endif
} while (0);
HKS_FREE(userData);
@ -846,14 +716,7 @@ void HksServiceDeleteUIDKeyAliasFile(const struct HksProcessInfo *processInfo)
ret = HksDeleteDir(userProcess);
HKS_IF_NOT_SUCC_LOGE(ret, "delete de path: %" LOG_PUBLIC "s failed, ret = %" LOG_PUBLIC "d", userProcess, ret)
#ifdef L2_STANDARD
ret = DeleteServiceEceOrCeUidPath(processInfo, HKS_ECE_ROOT_PATH);
HKS_IF_NOT_SUCC_LOGE(ret, "delete ece path failed, ret = %" LOG_PUBLIC "d", ret)
ret = DeleteServiceEceOrCeUidPath(processInfo, HKS_CE_ROOT_PATH);
HKS_IF_NOT_SUCC_LOGE(ret, "delete ce path failed, ret = %" LOG_PUBLIC "d", ret)
ret = DeleteServiceDeUidPath(processInfo);
HKS_IF_NOT_SUCC_LOGE(ret, "delete new de path failed, ret = %" LOG_PUBLIC "d", ret)
(void)DeleteUidPath(processInfo);
#endif
} while (0);
HKS_FREE(userData);

4
services/huks_standard/huks_service/main/core/src/hks_storage_lite.c
View File

@ -672,10 +672,10 @@ int32_t HksStoreIsKeyBlobExist(const struct HksStoreFileInfo *fileInfo,
return GetKeyOffsetByKeyAlias(keyAlias, &offset);
}
int32_t HksStoreGetKeyBlob(const struct HksStoreFileInfo *fileInfo,
int32_t HksStoreGetKeyBlob(const struct HksStoreInfo *fileInfoPath,
const struct HksBlob *keyAlias, uint32_t storageType, struct HksBlob *keyBlob)
{
(void)fileInfo;
(void)fileInfoPath;
if (storageType == HKS_STORAGE_TYPE_ROOT_KEY) {
return GetRootMaterial(keyAlias, keyBlob);
}

25
services/huks_standard/huks_service/main/core/src/hks_storage_manager.c
View File

@ -130,6 +130,7 @@ static int32_t GetStorageTypePath(uint32_t storageType, struct HksStoreMaterial
{
switch (storageType) {
case HKS_STORAGE_TYPE_KEY:
case HKS_STORAGE_TYPE_BAK_KEY:
outMaterial->storageTypePath = (char *)HksMalloc(sizeof(HKS_KEY_STORE_KEY_PATH) + 1);
if (outMaterial->storageTypePath == NULL) {
return HKS_ERROR_MALLOC_FAIL;
@ -375,7 +376,20 @@ int32_t HksManageStoreGetKeyBlob(const struct HksProcessInfo *processInfo, const
ret = HksConstructStoreFileInfo(processInfo, paramSet, &material, &fileInfo);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks construct store file info failed, ret = %" LOG_PUBLIC "d.", ret)
ret = HksStoreGetKeyBlob(&fileInfo, keyBlob);
if (storageType != HKS_STORAGE_TYPE_BAK_KEY) {
ret = HksStoreGetKeyBlob(&fileInfo.mainPath, keyBlob);
}
#ifdef SUPPORT_STORAGE_BACKUP
else {
ret = HksStoreGetKeyBlob(&fileInfo.bakPath, keyBlob);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks get key blob failed, ret = %" LOG_PUBLIC "d.", ret)
if (HksStorageWriteFile(fileInfo.mainPath.path, fileInfo.mainPath.fileName, 0,
keyBlob->data, keyBlob->size) != HKS_SUCCESS) {
HKS_LOG_E("hks copy bak key to main key failed");
}
}
#endif
#endif
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks get key blob failed, ret = %" LOG_PUBLIC "d.", ret)
} while (0);
@ -403,7 +417,14 @@ int32_t HksManageStoreGetKeyBlobSize(const struct HksProcessInfo *processInfo, c
ret = HksConstructStoreFileInfo(processInfo, paramSet, &material, &fileInfo);
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks construct store file info failed, ret = %" LOG_PUBLIC "d.", ret)
ret = HksStoreGetKeyBlobSize(&fileInfo, keyBlobSize);
if (storageType != HKS_STORAGE_TYPE_BAK_KEY) {
ret = HksStoreGetKeyBlobSize(&fileInfo.mainPath, keyBlobSize);
}
#ifdef SUPPORT_STORAGE_BACKUP
else {
ret = HksStoreGetKeyBlobSize(&fileInfo.bakPath, keyBlobSize);
}
#endif
#endif
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks get key blob failed, ret = %" LOG_PUBLIC "d.", ret)
} while (0);

56
services/huks_standard/huks_service/main/core/src/hks_storage_utils.c
View File

@ -480,59 +480,62 @@ static int32_t CheckUserPathExist(enum HksPathType pathType, const char *userIdP
}
#endif
static int32_t ConstructPath(const struct HksStoreMaterial *material, struct HksStoreFileInfo *fileInfo)
static int32_t ConstructPath(const struct HksStoreMaterial *material, const char *deDataPath,
const char *ceOrEceDataPath, struct HksStoreInfo *fileInfoPath)
{
(void)ceOrEceDataPath;
int32_t ret = HKS_SUCCESS;
int32_t offset = 0;
switch (material->pathType) {
case DE_PATH:
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
HKS_KEY_STORE_PATH, material->userIdPath, material->uidPath, material->storageTypePath);
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
deDataPath, material->userIdPath, material->uidPath, material->storageTypePath);
break;
#ifdef L2_STANDARD
case CE_PATH:
ret = CheckUserPathExist(CE_PATH, material->userIdPath);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check user path exist failed.")
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s/%s",
HKS_CE_ROOT_PATH, material->userIdPath, HKS_STORE_SERVICE_PATH, material->uidPath,
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s/%s",
HKS_CE_ROOT_PATH, material->userIdPath, ceOrEceDataPath, material->uidPath,
material->storageTypePath);
break;
case ECE_PATH:
ret = CheckUserPathExist(ECE_PATH, material->userIdPath);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "check user path exist failed.")
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s/%s",
HKS_ECE_ROOT_PATH, material->userIdPath, HKS_STORE_SERVICE_PATH, material->uidPath,
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s/%s",
HKS_ECE_ROOT_PATH, material->userIdPath, ceOrEceDataPath, material->uidPath,
material->storageTypePath);
break;
#ifdef HUKS_ENABLE_SKIP_UPGRADE_KEY_STORAGE_SECURE_LEVEL
case TMP_PATH:
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
HKS_KEY_STORE_TMP_PATH, material->userIdPath, material->uidPath, material->storageTypePath);
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
HKS_KEY_STORE_TMP_PATH, material->userIdPath, material->uidPath, material->storageTypePath);
break;
#endif
#ifdef HKS_USE_RKC_IN_STANDARD
case RKC_IN_STANDARD_PATH:
// there is no user id path in rkc of standard
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
HKS_KEY_RKC_PATH, material->uidPath, material->storageTypePath);
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s",
HKS_KEY_RKC_PATH, material->uidPath, material->storageTypePath);
break;
#endif
#endif
#ifdef HKS_ENABLE_LITE_HAP
case LITE_HAP_PATH:
offset = sprintf_s(fileInfo->mainPath.path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
offset = sprintf_s(fileInfoPath->path, HKS_MAX_DIRENT_FILE_LEN, "%s/%s/%s/%s",
HKS_KEY_STORE_LITE_HAP, material->userIdPath, material->uidPath, material->storageTypePath);
break;
#endif
}
if (offset <= 0) {
HKS_LOG_E("get main path failed, path type is %" LOG_PUBLIC "d.", material->pathType);
HKS_LOG_E("get path failed, path type is %" LOG_PUBLIC "d.", material->pathType);
return HKS_ERROR_INSUFFICIENT_MEMORY;
}
return ret;
}
static int32_t GetMainPath(const struct HksStoreMaterial *material, struct HksStoreFileInfo *fileInfo)
static int32_t GetPathInfo(const struct HksStoreMaterial *material, const char *deDataPath,
const char *ceOrEceDataPath, struct HksStoreInfo *fileInfoPath)
{
int32_t ret = HKS_SUCCESS;
#ifdef L2_STANDARD
@ -541,18 +544,18 @@ static int32_t GetMainPath(const struct HksStoreMaterial *material, struct HksSt
bool isUserPath = false;
#endif
ret = ConstructPath(material, fileInfo);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "construct path failed")
ret = ConstructPath(material, deDataPath, ceOrEceDataPath, fileInfoPath);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "construct main path failed")
StandardizePath(fileInfo->mainPath.path);
ret = HksMakeFullDir(fileInfo->mainPath.path);
StandardizePath(fileInfoPath->path);
ret = HksMakeFullDir(fileInfoPath->path);
if (isUserPath) {
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, HKS_ERROR_NO_PERMISSION, "make full dir failed.")
} else {
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "make full dir failed.")
}
if (material->keyAliasPath != NULL) {
if (memcpy_s(fileInfo->mainPath.fileName, HKS_MAX_FILE_NAME_LEN,
if (memcpy_s(fileInfoPath->fileName, HKS_MAX_FILE_NAME_LEN,
material->keyAliasPath, strlen(material->keyAliasPath)) != EOK) {
ret = HKS_ERROR_INSUFFICIENT_MEMORY;
}
@ -560,12 +563,23 @@ static int32_t GetMainPath(const struct HksStoreMaterial *material, struct HksSt
return ret;
}
// for now only construct for mainPath, bakPath is not on the table
int32_t HksGetFileInfo(const struct HksStoreMaterial *material, struct HksStoreFileInfo *fileInfo)
{
int32_t ret = FileInfoInit(fileInfo);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hks file info init failed, ret = %" LOG_PUBLIC "d.", ret)
return GetMainPath(material, fileInfo);
#ifdef L2_STANDARD
ret = GetPathInfo(material, HKS_KEY_STORE_PATH, HKS_STORE_SERVICE_PATH, &fileInfo->mainPath);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hks get main path info failed, ret = %" LOG_PUBLIC "d.", ret)
#else
ret = GetPathInfo(material, HKS_KEY_STORE_PATH, NULL, &fileInfo->mainPath);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hks get main path info failed, ret = %" LOG_PUBLIC "d.", ret)
#endif
#ifdef SUPPORT_STORAGE_BACKUP
ret = GetPathInfo(material, HKS_KEY_STORE_BAK_PATH, HKS_STORE_SERVICE_BAK_PATH, &fileInfo->bakPath);
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "hks get bak path info failed, ret = %" LOG_PUBLIC "d.", ret)
#endif
return HKS_SUCCESS;
}
#endif /* _CUT_AUTHENTICATE_ */

1
utils/file_operator/hks_file_operator.h
View File

@ -35,6 +35,7 @@
#define HKS_CE_ROOT_PATH "/data/service/el2"
#define HKS_ECE_ROOT_PATH "/data/service/el4"
#define HKS_STORE_SERVICE_PATH "huks_service/maindata"
#define HKS_STORE_SERVICE_BAK_PATH "huks_service/bakdata"
#ifdef HKS_USE_RKC_IN_STANDARD
#define HKS_KEY_RKC_PATH HKS_CONFIG_RKC_STORE_PATH "/maindata"
#endif