密钥别名打印匿名化

Signed-off-by: tangboyi <tangboyi1@huawei.com> Change-Id: Iddb20fdc32934f943294eb2e6dc60a276daa72e3
2024-11-23 06:41:12 +00:00 · 2024-10-23 18:04:22 +08:00 · 2024-10-23 18:04:22 +08:00 · c6782e21ff
commit c6782e21ff
parent 4ffd1aee58
3 changed files with 35 additions and 19 deletions
--- a/services/huks_standard/huks_service/main/hks_storage/include/hks_storage_utils.h
+++ b/services/huks_standard/huks_service/main/hks_storage/include/hks_storage_utils.h
@ -114,6 +114,8 @@ int32_t HksGetFileInfo(const struct HksStoreMaterial *material, struct HksStoreF
 int32_t CheckSpecificUserIdAndStorageLevel(const struct HksProcessInfo *processInfo,
    const struct HksParamSet *paramSet);

+int32_t AnonymizeKeyAlias(const char *keyAlias, char **anonymousKeyAlias);
+
 #ifdef __cplusplus
 }
 #endif
--- a/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c
+++ b/services/huks_standard/huks_service/main/hks_storage/src/hks_storage_utils.c
@ -280,51 +280,60 @@ void FileInfoFree(struct HksStoreFileInfo *fileInfo)
 *                              |<- anonymous len ->||<- suffix len ->|
 *           |<----------------- keyAlias len ----------------------->|
 */
-int32_t RecordKeyOperation(uint32_t operation, const struct HksStoreMaterial *material, const char *keyAlias)
+int32_t AnonymizeKeyAlias(const char *keyAlias, char **anonymousKeyAlias)
 {
-    (void)material;
    uint32_t bufSize = strlen(keyAlias) + 1;
-    char *outKeyAlias = (char *)HksMalloc(bufSize);
-    HKS_IF_NULL_RETURN(outKeyAlias, HKS_ERROR_MALLOC_FAIL)
+    *anonymousKeyAlias = (char *)HksMalloc(bufSize);
+    HKS_IF_NULL_RETURN(*anonymousKeyAlias, HKS_ERROR_MALLOC_FAIL)

-    (void)memset_s(outKeyAlias, bufSize, 0, bufSize);
+    (void)memset_s(*anonymousKeyAlias, bufSize, 0, bufSize);

    uint32_t keyAliasLen = strlen(keyAlias);
    uint32_t anoyLen = (keyAliasLen + 1) / 2;
    uint32_t suffixLen = anoyLen / 2;
-    outKeyAlias[0] = keyAlias[0]; // keyAliasLen > 0;
+    (*anonymousKeyAlias)[0] = keyAlias[0]; // keyAliasLen > 0;
    for (uint32_t i = 1; i < keyAliasLen; ++i) {
        if ((keyAliasLen < (i + 1 + anoyLen + suffixLen)) &&
            ((i + 1 + suffixLen) <= keyAliasLen)) {
-            outKeyAlias[i] = '*';
+            (*anonymousKeyAlias)[i] = '*';
        } else {
-            outKeyAlias[i] = keyAlias[i];
+            (*anonymousKeyAlias)[i] = keyAlias[i];
        }
    }
-    outKeyAlias[keyAliasLen] = '\0';
+    (*anonymousKeyAlias)[keyAliasLen] = '\0';
+    return HKS_SUCCESS;
+}

+int32_t RecordKeyOperation(uint32_t operation, const struct HksStoreMaterial *material, const char *keyAlias)
+{
+    (void)material;
    int32_t ret = HKS_SUCCESS;
+
+    char *anonymousKeyAlias = NULL;
+    ret = AnonymizeKeyAlias(keyAlias, &anonymousKeyAlias);
+    HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get anonymous key alias failed");
+
    switch (operation) {
        case KEY_OPERATION_SAVE:
            HKS_LOG_I("generate key, storage userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s, "
                "storage level: %" LOG_PUBLIC "u, key alias: %" LOG_PUBLIC "s",
-                material->userIdPath, material->uidPath, material->pathType, outKeyAlias);
+                material->userIdPath, material->uidPath, material->pathType, anonymousKeyAlias);
            break;
        case KEY_OPERATION_GET:
            HKS_LOG_I("use key, storage userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s, "
                "storage level: %" LOG_PUBLIC "u, key alias: %" LOG_PUBLIC "s",
-                material->userIdPath, material->uidPath, material->pathType, outKeyAlias);
+                material->userIdPath, material->uidPath, material->pathType, anonymousKeyAlias);
            break;
        case KEY_OPERATION_DELETE:
            HKS_LOG_I("delete key, storage userid: %" LOG_PUBLIC "s, uid: %" LOG_PUBLIC "s, "
                "storage level: %" LOG_PUBLIC "u, key alias: %" LOG_PUBLIC "s",
-                material->userIdPath, material->uidPath, material->pathType, outKeyAlias);
+                material->userIdPath, material->uidPath, material->pathType, anonymousKeyAlias);
            break;
        default:
            ret = HKS_ERROR_INVALID_ARGUMENT;
    }

-    HKS_FREE(outKeyAlias);
+    HKS_FREE(anonymousKeyAlias);
    return ret;
 }

--- a/services/huks_standard/huks_service/main/upgrade/file_transfer/src/hks_file_transfer.c
+++ b/services/huks_standard/huks_service/main/upgrade/file_transfer/src/hks_file_transfer.c
@ -115,8 +115,8 @@ static int32_t ConstructNewFilePath(const char *alias, const struct HksUpgradeFi
    return ret;
 }

-static int32_t TransferFile(const char *alias, const char *oldPath, const struct HksBlob *fileContent,
-    const struct HksUpgradeFileTransferInfo *info)
+static int32_t TransferFile(const char *alias, const char *anonymousKeyAlias, const char *oldPath,
+    const struct HksBlob *fileContent, const struct HksUpgradeFileTransferInfo *info)
 {
    int32_t ret;
    char *newPath = NULL;
@ -153,7 +153,7 @@ static int32_t TransferFile(const char *alias, const char *oldPath, const struct

        // The result of the info record dose not need to take into consideration.
        HKS_LOG_I("transfer key, storage userid: %" LOG_PUBLIC "d, uid: %" LOG_PUBLIC "d, alias: %" LOG_PUBLIC "s",
-            info->userId, info->uid, alias);
+            info->userId, info->uid, anonymousKeyAlias);

        ret = HksFileWrite(newPath, alias, 0, fileContent->data, fileContent->size);
        if (ret != HKS_SUCCESS) {
@ -218,12 +218,16 @@ static int ProcessFileUpgrade(const char *filePath, const struct stat *st, int t
    }
    char *alias = NULL;
    char *path = NULL;
+    char *anonymousKeyAlias = NULL;
    struct HksBlob fileContent = { 0 };
    int32_t ret;
    do {
        ret = SplitPath(filePath, ftw, &path, &alias);
        HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "split filePath failed.")

+        ret = AnonymizeKeyAlias(alias, &anonymousKeyAlias);
+        HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get anonymous key alias failed.")
+
        ret = GetFileContent(path, alias, &fileContent);
        HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get file content failed.")

@ -231,18 +235,19 @@ static int ProcessFileUpgrade(const char *filePath, const struct stat *st, int t
        ret = HksParseConfig(alias, &fileContent, &info);
        if (ret != HKS_SUCCESS) {
            HKS_LOG_E("HksParseConfig failed, userid: %" LOG_PUBLIC "d, uid: %" LOG_PUBLIC "d, "
-                "alias: %" LOG_PUBLIC "s", info.userId, info.uid, alias);
+                "alias: %" LOG_PUBLIC "s", info.userId, info.uid, anonymousKeyAlias);
            break;
        }
        if (info.skipTransfer) {
            HKS_LOG_I("file should skip transfer, userid: %" LOG_PUBLIC "d, uid: %" LOG_PUBLIC "d, "
-                "alias: %" LOG_PUBLIC "s", info.userId, info.uid, alias);
+                "alias: %" LOG_PUBLIC "s", info.userId, info.uid, anonymousKeyAlias);
            break;
        }
-        HKS_IF_NOT_SUCC_LOGE(TransferFile(alias, path, &fileContent, &info), "TransferFile failed!")
+        HKS_IF_NOT_SUCC_LOGE(TransferFile(alias, anonymousKeyAlias, path, &fileContent, &info), "TransferFile failed!")
    } while (false);
    HKS_FREE(path);
    HKS_FREE(alias);
+    HKS_FREE(anonymousKeyAlias);
    HKS_FREE_BLOB(fileContent);

    // continue to traverse files