mirror of
https://gitee.com/openharmony/security_huks
synced 2024-11-27 00:40:54 +00:00
fix review problem
Signed-off-by: zhangwenzhi <zhangwenzhi3@huawei.com>
This commit is contained in:
CheungVane
parent
84eee9a6cc
commit
e1001224d4
@ -44,7 +44,7 @@ declare_args() {
|
||||
huks_dependency_openssl_path = ""
|
||||
|
||||
# specify the uid white list for change key owner
|
||||
huks_uid_white_list_define = "{}"
|
||||
huks_uid_trust_list_define = "{}"
|
||||
|
||||
# whether enable key file auto-upgrade
|
||||
huks_enable_upgrade_key = true
|
||||
|
||||
@ -57,7 +57,7 @@ config("l1_small_common_config") {
|
||||
|
||||
defines = [
|
||||
"_HUKS_LOG_ENABLE_",
|
||||
"L1_SMALL",
|
||||
"HKS_L1_SMALL",
|
||||
]
|
||||
if (huks_enable_upgrade_key) {
|
||||
defines += [ "HKS_ENABLE_UPGRADE_KEY" ]
|
||||
|
||||
@ -77,7 +77,7 @@ if (os_level == "standard") {
|
||||
cflags = []
|
||||
|
||||
complete_static_lib = true
|
||||
cflags += [ "-DHUKS_UID_WHITE_LIST=${huks_uid_white_list_define}" ]
|
||||
cflags += [ "-DHUKS_UID_TRUST_LIST=${huks_uid_trust_list_define}" ]
|
||||
|
||||
deps = [ "//base/hiviewdfx/hilog_lite/frameworks/featured:hilog_shared" ]
|
||||
|
||||
@ -86,7 +86,7 @@ if (os_level == "standard") {
|
||||
]
|
||||
|
||||
if (huks_enable_upgrade_small_to_service) {
|
||||
sources += [ "src/hks_check_white_list.c" ]
|
||||
sources += [ "src/hks_check_trust_list.c" ]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -13,8 +13,8 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef HKS_CHECK_WHITE_LIST_H
|
||||
#define HKS_CHECK_WHITE_LIST_H
|
||||
#ifndef HKS_CHECK_TRUST_LIST_H
|
||||
#define HKS_CHECK_TRUST_LIST_H
|
||||
|
||||
#include "hks_type_inner.h"
|
||||
|
||||
@ -22,11 +22,11 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
int32_t HksCheckIsInWhiteList(uint32_t uid);
|
||||
int32_t HksCheckIsInTrustList(uint32_t uid);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HKS_CHECK_WHITE_LIST_H */
|
||||
#endif /* HKS_CHECK_TRUST_LIST_H */
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
#define HKS_CONFIG_H
|
||||
|
||||
#define HKS_SUPPORT_LITE_HEAP
|
||||
#define HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
|
||||
#define HKS_SUPPORT_POSIX
|
||||
|
||||
#define HKS_SUPPORT_SEC_LEVEL
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2021-2022 Huawei Device Co., Ltd.
|
||||
* Copyright (c) 2023-2023 Huawei Device Co., Ltd.
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
@ -13,19 +13,19 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "hks_check_white_list.h"
|
||||
#include "hks_check_trust_list.h"
|
||||
|
||||
#include "hks_log.h"
|
||||
|
||||
static const uint32_t g_whiteList[] = HUKS_UID_WHITE_LIST;
|
||||
static const uint32_t g_trustList[] = HUKS_UID_TRUST_LIST;
|
||||
|
||||
int32_t HksCheckIsInWhiteList(uint32_t uid)
|
||||
int32_t HksCheckIsInTrustList(uint32_t uid)
|
||||
{
|
||||
uint32_t listSize = HKS_ARRAY_SIZE(g_whiteList);
|
||||
uint32_t listSize = HKS_ARRAY_SIZE(g_trustList);
|
||||
int32_t ret = HKS_ERROR_NO_PERMISSION;
|
||||
uint32_t i = 0;
|
||||
for (; i < listSize; ++i) {
|
||||
if (uid == g_whiteList[i]) {
|
||||
if (uid == g_trustList[i]) {
|
||||
ret = HKS_SUCCESS;
|
||||
HKS_LOG_I("in white list");
|
||||
break;
|
||||
@ -445,15 +445,13 @@ HKS_API_EXPORT int32_t HksCheckIsTagAlreadyExist(const struct HksParam *params,
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
|
||||
HKS_API_EXPORT int32_t HksDeleteTagFormParamSet(const uint32_t *tag, uint32_t tagCount,
|
||||
HKS_API_EXPORT int32_t HksDeleteTagFromParamSet(const uint32_t *tag, uint32_t tagCount,
|
||||
const struct HksParamSet *paramSet, struct HksParamSet **outParamSet)
|
||||
{
|
||||
if (tag == NULL || paramSet == NULL || outParamSet == NULL) {
|
||||
return HKS_ERROR_NULL_POINTER;
|
||||
}
|
||||
int32_t ret = HksCheckParamSet(paramSet, paramSet->paramSetSize);
|
||||
HKS_IF_NOT_SUCC_RETURN(ret, ret)
|
||||
ret = HksFreshParamSet((struct HksParamSet *)paramSet, false);
|
||||
int32_t ret = HksFreshParamSet((struct HksParamSet *)paramSet, false);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "fresh paramset failed")
|
||||
|
||||
struct HksParamSet *newParamSet = NULL;
|
||||
@ -472,7 +470,7 @@ HKS_API_EXPORT int32_t HksDeleteTagFormParamSet(const uint32_t *tag, uint32_t ta
|
||||
ret = HksAddParams(newParamSet, ¶mSet->params[i], 1);
|
||||
if (ret != HKS_SUCCESS) {
|
||||
HKS_LOG_E("add in params failed");
|
||||
HKS_FREE_PTR(newParamSet);
|
||||
HksFreeParamSet(&newParamSet);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
@ -38,9 +38,29 @@
|
||||
#include "hks_type_inner.h"
|
||||
#include "securec.h"
|
||||
|
||||
#ifdef HKS_L1_SMALL
|
||||
#include "hks_samgr_client.h"
|
||||
#include <unistd.h>
|
||||
|
||||
#define HKS_MAX_RETRY_TIME 5
|
||||
#define HKS_SLEEP_TIME_FOR_RETRY 1
|
||||
#endif
|
||||
|
||||
int32_t HksClientInitialize(void)
|
||||
{
|
||||
#ifdef HKS_L1_SMALL
|
||||
for (uint32_t i = 0; i < HKS_MAX_RETRY_TIME; ++i) {
|
||||
IUnknown *iUnknown = SAMGR_GetInstance()->GetFeatureApi(HKS_SAMGR_SERVICE, HKS_SAMGR_FEATRURE);
|
||||
if (iUnknown != NULL) {
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
sleep(HKS_SLEEP_TIME_FOR_RETRY);
|
||||
}
|
||||
HKS_LOG_E("HUKS service is not ready!");
|
||||
return HKS_ERROR_BAD_STATE;
|
||||
#else
|
||||
return HKS_SUCCESS;
|
||||
#endif
|
||||
}
|
||||
|
||||
int32_t HksClientRefreshKeyInfo(void)
|
||||
|
||||
@ -57,7 +57,7 @@ HKS_API_EXPORT int32_t HksCheckIsTagAlreadyExist(const struct HksParam *params,
|
||||
|
||||
HKS_API_EXPORT enum HksTagType GetTagType(enum HksTag tag);
|
||||
|
||||
HKS_API_EXPORT int32_t HksDeleteTagFormParamSet(const uint32_t *tag, uint32_t tagCount,
|
||||
HKS_API_EXPORT int32_t HksDeleteTagFromParamSet(const uint32_t *tag, uint32_t tagCount,
|
||||
const struct HksParamSet *paramSet, struct HksParamSet **outParamSet);
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@ -162,13 +162,6 @@ int32_t HuksHdiCalcMacHeader(const struct HksParamSet *paramSet, const struct Hk
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
int32_t HuksHdiUpgradeKeyInfo(const struct HksBlob *keyAlias, const struct HksBlob *keyInfo, struct HksBlob *keyOut)
|
||||
{
|
||||
return HksCoreUpgradeKeyInfo(keyAlias, keyInfo, keyOut);
|
||||
}
|
||||
#endif
|
||||
|
||||
struct HuksHdi *HuksCreateHdiDevicePtr(void)
|
||||
{
|
||||
struct HuksHdi *hdiDevicePtr = (struct HuksHdi *)HksMalloc(sizeof(struct HuksHdi));
|
||||
@ -203,9 +196,6 @@ struct HuksHdi *HuksCreateHdiDevicePtr(void)
|
||||
hdiDevicePtr->HuksHdiCalcMacHeader = HuksHdiCalcMacHeader;
|
||||
#endif
|
||||
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
hdiDevicePtr->HuksHdiUpgradeKeyInfo = HuksHdiUpgradeKeyInfo;
|
||||
#endif
|
||||
#endif /* _CUT_AUTHENTICATE_ */
|
||||
|
||||
hdiDevicePtr->HuksHdiGenerateRandom = HksCoreGenerateRandom;
|
||||
|
||||
@ -1194,14 +1194,6 @@ int32_t HksCoreRefreshKeyInfo(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
int32_t HksCoreUpgradeKeyInfo(const struct HksBlob *keyAlias,
|
||||
const struct HksBlob *keyInfo, struct HksBlob *keyOut)
|
||||
{
|
||||
return HksUpgradeKeyInfo(keyAlias, keyInfo, keyOut);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef _STORAGE_LITE_
|
||||
static int32_t GetMacKey(const struct HksBlob *salt, struct HksBlob *macKey)
|
||||
{
|
||||
|
||||
@ -471,7 +471,7 @@ int32_t HksVerifyAuthTokenSign(const struct HksUserAuthToken *authToken)
|
||||
|
||||
uint32_t authTokenDataSize = sizeof(struct HksUserAuthToken) - SHA256_SIGN_LEN;
|
||||
struct HksBlob srcDataBlob = { authTokenDataSize, (uint8_t *)authToken };
|
||||
|
||||
|
||||
uint8_t computedMac[SHA256_SIGN_LEN] = {0};
|
||||
struct HksBlob macBlob = { SHA256_SIGN_LEN, computedMac };
|
||||
ret = HksCryptoHalHmac(&macKeyBlob, HKS_DIGEST_SHA256, &srcDataBlob, &macBlob);
|
||||
@ -486,8 +486,7 @@ int32_t HksVerifyAuthTokenSign(const struct HksUserAuthToken *authToken)
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
|
||||
static int32_t HksBuildKeyBlob2(struct HksParamSet *keyBlobParamSet, const struct HksParamSet *paramSet,
|
||||
struct HksBlob *keyOut)
|
||||
static int32_t HksBuildKeyBlob2(struct HksParamSet *keyBlobParamSet, struct HksBlob *keyOut)
|
||||
{
|
||||
struct HksParam *keyParam = NULL;
|
||||
int32_t ret = HksGetParam(keyBlobParamSet, HKS_TAG_KEY, &keyParam);
|
||||
@ -524,7 +523,7 @@ int32_t HksBuildKeyBlob(const struct HksBlob *keyAlias, uint8_t keyFlag, const s
|
||||
ret = BuildKeyBlobWithKeyParam(key, (enum HksKeyFlag)keyFlag, paramSet, &keyBlobParamSet);
|
||||
HKS_IF_NOT_SUCC_BREAK(ret)
|
||||
|
||||
ret = HksBuildKeyBlob2(keyBlobParamSet, paramSet, keyOut);
|
||||
ret = HksBuildKeyBlob2(keyBlobParamSet, keyOut);
|
||||
} while (0);
|
||||
HksFreeParamSet(&keyBlobParamSet);
|
||||
return ret;
|
||||
@ -547,7 +546,10 @@ int32_t HksBuildKeyBlobWithOutAdd(const struct HksParamSet *paramSet, struct Hks
|
||||
}
|
||||
keyOut->size = keyBlobParamSet->paramSetSize;
|
||||
|
||||
ret = HksBuildKeyBlob2(keyBlobParamSet, paramSet, keyOut);
|
||||
ret = HksBuildKeyBlob2(keyBlobParamSet, keyOut);
|
||||
if (ret != HKS_SUCCESS) {
|
||||
HKS_FREE_BLOB(*keyOut);
|
||||
}
|
||||
} while (0);
|
||||
|
||||
HksFreeParamSet(&keyBlobParamSet);
|
||||
|
||||
@ -514,7 +514,7 @@ static int32_t RkcCreateKsf(void)
|
||||
int32_t ret;
|
||||
do {
|
||||
/* Fill some fixed field. */
|
||||
newKsfData->version = g_hksRkcCfg.version; // 1 // 2
|
||||
newKsfData->version = g_hksRkcCfg.version;
|
||||
newKsfData->rmkIter = g_hksRkcCfg.rmkIter;
|
||||
newKsfData->rmkHashAlg = g_hksRkcCfg.rmkHashAlg;
|
||||
|
||||
|
||||
@ -1057,7 +1057,7 @@ static int32_t HksCheckCompareProcessName(const struct HksParamSet *blobParamSet
|
||||
int32_t HksProcessIdentityVerify(const struct HksParamSet *blobParamSet, const struct HksParamSet *runtimeParamSet)
|
||||
{
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
|
||||
|
||||
#ifndef _STORAGE_LITE_
|
||||
ret = HksCheckCompareAccessTokenId(blobParamSet, runtimeParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "access token compare failed")
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
#include "hks_type.h"
|
||||
|
||||
#ifdef HKS_ENABLE_SMALL_TO_SERVICE
|
||||
#include "hks_check_white_list.h"
|
||||
#include "hks_check_trust_list.h"
|
||||
#endif
|
||||
|
||||
#include "securec.h"
|
||||
@ -48,12 +48,11 @@ static const struct HksMandatoryParams* GetMandatoryParams(uint32_t keyVersion)
|
||||
|
||||
static bool IsTagInMandatoryArray(uint32_t tag, uint32_t keyVersion)
|
||||
{
|
||||
uint32_t i = 0;
|
||||
const struct HksMandatoryParams* mandatoryParams = GetMandatoryParams(keyVersion);
|
||||
const struct HksMandatoryParams *mandatoryParams = GetMandatoryParams(keyVersion);
|
||||
if (mandatoryParams == NULL) {
|
||||
return false;
|
||||
}
|
||||
for (;i < mandatoryParams->paramsLen; ++i) {
|
||||
for (uint32_t i = 0; i < mandatoryParams->paramsLen; ++i) {
|
||||
if (tag == mandatoryParams->params[i]) {
|
||||
return true;
|
||||
}
|
||||
@ -67,8 +66,7 @@ static int32_t AddParamsWithoutMandatory(uint32_t keyVersion, const struct HksPa
|
||||
(void)paramSet;
|
||||
int32_t ret = HKS_SUCCESS;
|
||||
|
||||
uint32_t i = 0;
|
||||
for (; i < srcParamSet->paramsCnt; ++i) {
|
||||
for (uint32_t i = 0; i < srcParamSet->paramsCnt; ++i) {
|
||||
if (!IsTagInMandatoryArray(srcParamSet->params[i].tag, keyVersion)) {
|
||||
ret = HksAddParams(targetParamSet, &(srcParamSet->params[i]), 1);
|
||||
if (ret != HKS_SUCCESS) {
|
||||
@ -101,10 +99,8 @@ static int32_t AddMandatoryParams(const struct HksParamSet *srcParamSet, const s
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t AddMandatoryeParamsInCore(const struct HksParamSet *keyBlobParamSet,
|
||||
const struct HksParamSet *srcParamSet, struct HksParamSet **targetParamSet)
|
||||
static int32_t AddMandatoryParamsInCore(const struct HksParamSet *srcParamSet, struct HksParamSet **targetParamSet)
|
||||
{
|
||||
(void)keyBlobParamSet;
|
||||
struct HksParamSet *outParamSet = NULL;
|
||||
int32_t ret;
|
||||
do {
|
||||
@ -147,15 +143,14 @@ static int32_t HksIsToSkipProcessVerify(const struct HksParamSet *paramSet)
|
||||
return HKS_ERROR_NO_PERMISSION;
|
||||
}
|
||||
|
||||
return HksCheckIsInWhiteList(uid);
|
||||
return HksCheckIsInTrustList(uid);
|
||||
}
|
||||
#endif
|
||||
|
||||
static int32_t AuthChangeProcessName(const struct HksParamSet *oldKeyBlobParamSet, const struct HksParamSet *paramSet)
|
||||
{
|
||||
int32_t ret;
|
||||
struct HksParam *oldProcessName;
|
||||
ret = HksGetParam(oldKeyBlobParamSet, HKS_TAG_PROCESS_NAME, &oldProcessName);
|
||||
int32_t ret = HksGetParam(oldKeyBlobParamSet, HKS_TAG_PROCESS_NAME, &oldProcessName);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "get process name from old key paramset failed!")
|
||||
|
||||
struct HksParam *newProcessName;
|
||||
@ -170,7 +165,7 @@ static int32_t AuthChangeProcessName(const struct HksParamSet *oldKeyBlobParamSe
|
||||
if (ret != EOK) {
|
||||
return HKS_ERROR_NO_PERMISSION;
|
||||
}
|
||||
ret = HksCheckIsInWhiteList(uid);
|
||||
ret = HksCheckIsInTrustList(uid);
|
||||
#else
|
||||
return HKS_FAILURE;
|
||||
#endif
|
||||
@ -203,7 +198,7 @@ int32_t HksUpgradeKey(const struct HksBlob *oldKey, const struct HksParamSet *pa
|
||||
struct HksParamSet *oldKeyBlobParamSet = NULL;
|
||||
struct HksParamSet *newKeyBlobParamSet = NULL;
|
||||
struct HksKeyNode *keyNode = NULL;
|
||||
struct HksParamSet *newParamSet = NULL;
|
||||
struct HksParamSet *newMandatoryeParamSet = NULL;
|
||||
do {
|
||||
keyNode = HksGenerateKeyNode(oldKey);
|
||||
if (keyNode == NULL) {
|
||||
@ -229,14 +224,15 @@ int32_t HksUpgradeKey(const struct HksBlob *oldKey, const struct HksParamSet *pa
|
||||
ret = HksGetParam(oldKeyBlobParamSet, HKS_TAG_KEY_VERSION, &keyVersion);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "get key version failed!")
|
||||
|
||||
ret = AddMandatoryeParamsInCore(oldKeyBlobParamSet, paramSet, &newParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddMandatoryeParamsInCore failed!")
|
||||
ret = AddMandatoryParamsInCore(paramSet, &newMandatoryeParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddMandatoryParamsInCore failed!")
|
||||
|
||||
// the key param must be the last one added
|
||||
ret = AddMandatoryParams(oldKeyBlobParamSet, newParamSet, newKeyBlobParamSet);
|
||||
ret = AddMandatoryParams(oldKeyBlobParamSet, newMandatoryeParamSet, newKeyBlobParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddMandatoryParams failed!")
|
||||
|
||||
ret = AddParamsWithoutMandatory(keyVersion->uint32Param, oldKeyBlobParamSet, newParamSet, newKeyBlobParamSet);
|
||||
ret = AddParamsWithoutMandatory(keyVersion->uint32Param, oldKeyBlobParamSet, newMandatoryeParamSet,
|
||||
newKeyBlobParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "AddParamsWithoutMandatory failed!")
|
||||
|
||||
ret = HksBuildParamSet(&newKeyBlobParamSet);
|
||||
@ -247,7 +243,7 @@ int32_t HksUpgradeKey(const struct HksBlob *oldKey, const struct HksParamSet *pa
|
||||
|
||||
HksFreeParamSet(&newKeyBlobParamSet);
|
||||
HksFreeParamSet(&oldKeyBlobParamSet);
|
||||
HksFreeParamSet(&newParamSet);
|
||||
HksFreeParamSet(&newMandatoryeParamSet);
|
||||
HksFreeKeyNode(&keyNode);
|
||||
|
||||
return ret;
|
||||
|
||||
@ -46,10 +46,6 @@
|
||||
|
||||
#include "securec.h"
|
||||
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
#include "hks_upgrade_storage_data.h"
|
||||
#endif
|
||||
|
||||
#ifdef HKS_SUPPORT_USER_AUTH_ACCESS_CONTROL
|
||||
|
||||
#include "hks_useridm_api_wrap.h"
|
||||
@ -123,13 +119,13 @@ static int32_t GetKeyData(const struct HksProcessInfo *processInfo, const struct
|
||||
if (keyVersion->uint32Param == HKS_KEY_VERSION) {
|
||||
return ret;
|
||||
}
|
||||
if (keyVersion->uint32Param == 0 || keyVersion->uint32Param > HKS_KEY_VERSION) {
|
||||
return HKS_ERROR_BAD_STATE;
|
||||
}
|
||||
|
||||
struct HksBlob newKey = { .size = 0, .data = NULL };
|
||||
|
||||
do {
|
||||
if (keyVersion->uint32Param == 0 || keyVersion->uint32Param > HKS_KEY_VERSION) {
|
||||
ret = HKS_ERROR_BAD_STATE;
|
||||
break;
|
||||
}
|
||||
|
||||
ret = HksDoUpgradeKeyAccess(key, paramSet, &newKey);
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "do upgrade access failed!")
|
||||
ret = HksStoreKeyBlob(processInfo, keyAlias, HKS_STORAGE_TYPE_KEY, &newKey);
|
||||
@ -140,6 +136,7 @@ static int32_t GetKeyData(const struct HksProcessInfo *processInfo, const struct
|
||||
key->size = newKey.size;
|
||||
return ret;
|
||||
} while (0);
|
||||
HKS_FREE_BLOB(*key);
|
||||
HKS_FREE_BLOB(newKey);
|
||||
#endif
|
||||
return ret;
|
||||
@ -1160,10 +1157,6 @@ int32_t HksServiceInitialize(void)
|
||||
{
|
||||
int32_t ret;
|
||||
do {
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
ret = HksUpgradeStorageData();
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks update storage data failed, ret = %" LOG_PUBLIC "d", ret)
|
||||
#endif
|
||||
ret = HuksAccessModuleInit();
|
||||
HKS_IF_NOT_SUCC_LOGE_BREAK(ret, "hks core service initialize failed! ret = %" LOG_PUBLIC "d", ret)
|
||||
|
||||
@ -1187,10 +1180,6 @@ int32_t HksServiceRefreshKeyInfo(const struct HksBlob *processName)
|
||||
int32_t ret = HksStoreDestroy(processName);
|
||||
HKS_LOG_I("destroy storage files ret = 0x%" LOG_PUBLIC "X", ret); /* only recode log */
|
||||
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
ret = HksDestroyOldVersionFiles();
|
||||
HKS_LOG_I("destroy old version files ret = 0x%" LOG_PUBLIC "X", ret); /* only recode log */
|
||||
#endif
|
||||
do {
|
||||
#ifndef _HARDWARE_ROOT_KEY_
|
||||
ret = HuksAccessRefresh();
|
||||
|
||||
@ -64,7 +64,7 @@ int32_t GetKeyParamSet(const struct HksBlob *key, struct HksParamSet *paramSet)
|
||||
|
||||
const struct HksParamSet *tmpParamSet = (const struct HksParamSet *)key->data;
|
||||
struct HksParamSet *outParamSet = NULL;
|
||||
int32_t ret = HksDeleteTagFormParamSet(SENSITIVE_DELETE_TAG,
|
||||
int32_t ret = HksDeleteTagFromParamSet(SENSITIVE_DELETE_TAG,
|
||||
sizeof(SENSITIVE_DELETE_TAG) / sizeof(SENSITIVE_DELETE_TAG[0]), tmpParamSet, &outParamSet);
|
||||
HKS_IF_NOT_SUCC_LOGE_RETURN(ret, ret, "delete tag from paramSet failed, ret = %" LOG_PUBLIC "d.", ret)
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
#include "hks_config.h"
|
||||
#endif
|
||||
|
||||
#include "hks_check_white_list.h"
|
||||
#include "hks_check_trust_list.h"
|
||||
#include "hks_client_service_util.h"
|
||||
#include "hks_get_process_info.h"
|
||||
#include "hks_log.h"
|
||||
@ -35,7 +35,7 @@
|
||||
#include "securec.h"
|
||||
|
||||
#ifdef HKS_ENABLE_SMALL_TO_SERVICE
|
||||
static int32_t HksIsProcessInfoInWhiteList(const struct HksProcessInfo *processInfo)
|
||||
static int32_t HksIsProcessInfoInTrustList(const struct HksProcessInfo *processInfo)
|
||||
{
|
||||
uint32_t uid = 0;
|
||||
if (processInfo->processName.size == sizeof(uid)) {
|
||||
@ -44,7 +44,7 @@ static int32_t HksIsProcessInfoInWhiteList(const struct HksProcessInfo *processI
|
||||
return HKS_ERROR_NO_PERMISSION;
|
||||
}
|
||||
|
||||
return HksCheckIsInWhiteList(uid);
|
||||
return HksCheckIsInTrustList(uid);
|
||||
}
|
||||
|
||||
#ifdef HKS_ENABLE_MARK_CLEARED_FOR_SMALL_TO_SERVICE
|
||||
@ -61,9 +61,9 @@ void HksMarkOldKeyClearedIfEmpty(void)
|
||||
}
|
||||
}
|
||||
|
||||
static int32_t HksIsOldKeyCleared(void)
|
||||
static bool HksIsOldKeyCleared(void)
|
||||
{
|
||||
return isOldKeyCleared ? HKS_SUCCESS : HKS_FAILURE;
|
||||
return isOldKeyCleared ? true : false;
|
||||
}
|
||||
#endif /** HKS_ENABLE_MARK_CLEARED_FOR_SMALL_TO_SERVICE */
|
||||
|
||||
@ -82,7 +82,7 @@ int32_t HksCheckNeedUpgradeForSmallToService(const struct HksProcessInfo *proces
|
||||
return HKS_FAILURE;
|
||||
}
|
||||
#endif
|
||||
return HksIsProcessInfoInWhiteList(processInfo);
|
||||
return HksIsProcessInfoInTrustList(processInfo);
|
||||
}
|
||||
|
||||
static int32_t HksConstructRootProcessInfo(struct HksProcessInfo *processInfo)
|
||||
|
||||
@ -271,19 +271,6 @@ ENABLE_CFI(int32_t HuksAccessCalcHeaderMac(const struct HksParamSet *paramSet, c
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
ENABLE_CFI(int32_t HuksAccessUpgradeKeyInfo(const struct HksBlob *keyAlias, const struct HksBlob *keyInfo,
|
||||
struct HksBlob *keyOut))
|
||||
{
|
||||
HKS_IF_NOT_SUCC_RETURN(HksCreateHuksHdiDevice(&g_hksHalDevicePtr), HKS_ERROR_NULL_POINTER)
|
||||
|
||||
HKS_IF_NULL_LOGE_RETURN(g_hksHalDevicePtr->HuksHdiUpgradeKeyInfo, HKS_ERROR_NULL_POINTER,
|
||||
"UpgradeKeyInfo function is null pointer")
|
||||
|
||||
return g_hksHalDevicePtr->HuksHdiUpgradeKeyInfo(keyAlias, keyInfo, keyOut);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HKS_SUPPORT_API_ATTEST_KEY
|
||||
ENABLE_CFI(int32_t HuksAccessAttestKey(const struct HksBlob *key, const struct HksParamSet *paramSet,
|
||||
struct HksBlob *certChain))
|
||||
|
||||
@ -40,7 +40,7 @@ ENABLE_CFI(int32_t HksCreateHuksHdiDevice(struct HuksHdi **halDevice))
|
||||
return HKS_SUCCESS;
|
||||
}
|
||||
|
||||
#ifdef L1_SMALL
|
||||
#ifdef HKS_L1_SMALL
|
||||
g_halDeviceHandle = dlopen("libhuks_engine_core_standard.so", RTLD_NOW);
|
||||
#else
|
||||
g_halDeviceHandle = dlopen("libhuks_engine_core_standard.z.so", RTLD_NOW);
|
||||
|
||||
@ -245,7 +245,7 @@ static int32_t TestDoServiceDecryptWithOtherUid(const struct HksBlob *keyAlias,
|
||||
|
||||
/**
|
||||
* @tc.name: HksCompatibilityModuleTest.HksCompatibilityModuleTest001
|
||||
* @tc.desc: and have key in old path, test to check key existance without whiteList, expect fail
|
||||
* @tc.desc: and have key in old path, test to check key existance without trust list, expect fail
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(HksCompatibilityModuleTest, HksCompatibilityModuleTest001, TestSize.Level0)
|
||||
@ -294,7 +294,7 @@ HWTEST_F(HksCompatibilityModuleTest, HksCompatibilityModuleTest001, TestSize.Lev
|
||||
|
||||
/**
|
||||
* @tc.name: HksCompatibilityModuleTest.HksCompatibilityModuleTest002
|
||||
* @tc.desc: test failed to get key to encrypt, and have key in old path without whiteList, then fail to enc or dec
|
||||
* @tc.desc: test failed to get key to encrypt, and have key in old path without trust list, then fail to enc or dec
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(HksCompatibilityModuleTest, HksCompatibilityModuleTest002, TestSize.Level0)
|
||||
@ -332,7 +332,7 @@ HWTEST_F(HksCompatibilityModuleTest, HksCompatibilityModuleTest002, TestSize.Lev
|
||||
|
||||
/**
|
||||
* @tc.name: HksCompatibilityModuleTest.HksCompatibilityModuleTest003
|
||||
* @tc.desc: test failed to get key to delete, and have key in old path without whiteList, then fail to delete
|
||||
* @tc.desc: test failed to get key to delete, and have key in old path without trust list, then fail to delete
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(HksCompatibilityModuleTest, HksCompatibilityModuleTest003, TestSize.Level0)
|
||||
@ -406,7 +406,7 @@ static int32_t BuildKeyInfoList(struct HksKeyInfo **outKeyInfoList, uint32_t lis
|
||||
|
||||
/**
|
||||
* @tc.name: HksCompatibilityModuleTest.HksCompatibilityModuleTest004
|
||||
* @tc.desc: test have key in old path without whiteList, then fail to get key info list
|
||||
* @tc.desc: test have key in old path without trust list, then fail to get key info list
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(HksCompatibilityModuleTest, HksCompatibilityModuleTest004, TestSize.Level0)
|
||||
@ -445,7 +445,7 @@ HWTEST_F(HksCompatibilityModuleTest, HksCompatibilityModuleTest004, TestSize.Lev
|
||||
|
||||
/**
|
||||
* @tc.name: HksCompatibilityModuleTest.HksCompatibilityModuleTest005
|
||||
* @tc.desc: test have key in old path and new path without whiteList, then only get key info list with new key
|
||||
* @tc.desc: test have key in old path and new path without trust list, then only get key info list with new key
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(HksCompatibilityModuleTest, HksCompatibilityModuleTest005, TestSize.Level0)
|
||||
|
||||
@ -559,34 +559,6 @@ HWTEST_F(HuksAccessTest, HuksAccessTest042, TestSize.Level0)
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
|
||||
/**
|
||||
* @tc.name: HuksAccessTest.HuksAccessTest043
|
||||
* @tc.desc: tdd HksCreateHuksHdiDevice, expect HKS_ERROR_NULL_POINTER
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(HuksAccessTest, HuksAccessTest043, TestSize.Level0)
|
||||
{
|
||||
HksEnableCreateOrDestroy(false);
|
||||
HksEnableSetHid(false);
|
||||
(void)HuksAccessUpgradeKeyInfo(nullptr, nullptr, nullptr);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: HuksAccessTest.HuksAccessTest044
|
||||
* @tc.desc: tdd HksCreateHuksHdiDevice, expect HKS_ERROR_NULL_POINTER
|
||||
* @tc.type: FUNC
|
||||
*/
|
||||
HWTEST_F(HuksAccessTest, HuksAccessTest044, TestSize.Level0)
|
||||
{
|
||||
HksEnableCreateOrDestroy(true);
|
||||
HksEnableSetHid(false);
|
||||
(void)HuksAccessUpgradeKeyInfo(nullptr, nullptr, nullptr);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @tc.name: HuksAccessTest.HuksAccessTest045
|
||||
* @tc.desc: tdd HksCreateHuksHdiDevice, expect HKS_ERROR_NULL_POINTER
|
||||
|
||||
@ -29,6 +29,9 @@ ohos_static_library("huks_modify_old_version_key_util") {
|
||||
|
||||
sources += [ "./hks_test_modify_old_key.c" ]
|
||||
|
||||
subsystem_name = "security"
|
||||
part_name = "huks"
|
||||
|
||||
include_dirs = [
|
||||
"../../../interfaces/inner_api/huks_standard/main/include",
|
||||
"../../../frameworks/huks_standard/main/common/include",
|
||||
|
||||
@ -126,7 +126,7 @@ void ChangeDirAndFiles(const char *path, uint32_t uid)
|
||||
}
|
||||
}
|
||||
if (ret != EOK) {
|
||||
printf("chmod dir and file failed! errno = 0x% x \n", errno);
|
||||
printf("chmod dir and file failed! errno = 0x%x \n", errno);
|
||||
}
|
||||
(void)closedir(dir);
|
||||
}
|
||||
|
||||
@ -110,6 +110,39 @@ static void MoveOldFileToNew(const char *srcPath, const char *tarPath)
|
||||
(void)remove(srcPath);
|
||||
}
|
||||
|
||||
static int ConstructSrcAndTargetPath(char *curPath, char *desPath, struct dirent *ptr,
|
||||
const char *srcPath, const char *tarPath)
|
||||
{
|
||||
int ret = strcpy_s(curPath, DEFAULT_PATH_LEN, srcPath);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
ret = strcat_s(curPath, DEFAULT_PATH_LEN, "/");
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = strcat_s(curPath, DEFAULT_PATH_LEN, ptr->d_name);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = strcpy_s(desPath, DEFAULT_PATH_LEN, tarPath);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
ret = strcat_s(desPath, DEFAULT_PATH_LEN, "/");
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = strcat_s(desPath, DEFAULT_PATH_LEN, ptr->d_name);
|
||||
if (ret != EOK) {
|
||||
return ret;
|
||||
}
|
||||
return EOK;
|
||||
}
|
||||
|
||||
static void MoveOldFolderToNew(const char *srcPath, const char *tarPath)
|
||||
{
|
||||
if (!opendir(tarPath)) {
|
||||
@ -118,44 +151,22 @@ static void MoveOldFolderToNew(const char *srcPath, const char *tarPath)
|
||||
return;
|
||||
}
|
||||
}
|
||||
struct dirent* ptr;
|
||||
DIR* dir = opendir(srcPath);
|
||||
struct dirent *ptr;
|
||||
DIR *dir = opendir(srcPath);
|
||||
int ret = EOK;
|
||||
while ((ptr = readdir(dir)) != NULL) {
|
||||
if (strcmp(ptr->d_name, ".") == 0 || strcmp(ptr->d_name, "..") == 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
char curPath[DEFAULT_PATH_LEN] = { 0 };
|
||||
ret = strcpy_s(curPath, DEFAULT_PATH_LEN, srcPath);
|
||||
if (ret != EOK) {
|
||||
break;
|
||||
}
|
||||
ret = strcat_s(curPath, DEFAULT_PATH_LEN, "/");
|
||||
if (ret != EOK) {
|
||||
break;
|
||||
}
|
||||
|
||||
ret = strcat_s(curPath, DEFAULT_PATH_LEN, ptr->d_name);
|
||||
if (ret != EOK) {
|
||||
break;
|
||||
}
|
||||
|
||||
char desPath[DEFAULT_PATH_LEN] = { 0 };
|
||||
ret = strcpy_s(desPath, DEFAULT_PATH_LEN, tarPath);
|
||||
if (ret != EOK) {
|
||||
break;
|
||||
}
|
||||
ret = strcat_s(desPath, DEFAULT_PATH_LEN, "/");
|
||||
if (ret != EOK) {
|
||||
break;
|
||||
}
|
||||
|
||||
ret = strcat_s(desPath, DEFAULT_PATH_LEN, ptr->d_name);
|
||||
ret = ConstructSrcAndTargetPath(curPath, desPath, ptr, srcPath, tarPath);
|
||||
if (ret != EOK) {
|
||||
printf("construct src and target path failed!");
|
||||
break;
|
||||
}
|
||||
if (ptr->d_type == DIR_TYPE) { // dir
|
||||
if (ptr->d_type == DIR_TYPE) {
|
||||
MoveOldFolderToNew(curPath, desPath);
|
||||
} else {
|
||||
MoveOldFileToNew(curPath, desPath);
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
#define HKS_KEY_STORE_PATH "/data/service/el1/public/huks_service/maindata"
|
||||
#define HKS_KEY_STORE_BAK_PATH "/data/service/el1/public/huks_service/bakdata"
|
||||
#else
|
||||
#ifdef L1_SMALL
|
||||
#ifdef HKS_L1_SMALL
|
||||
#define HKS_KEY_STORE_PATH "/data/service/el1/public/huks_service/maindata"
|
||||
#define HKS_KEY_STORE_BAK_PATH "/data/service/el1/public/huks_service/bakdata"
|
||||
#else
|
||||
|
||||
@ -454,35 +454,6 @@ int32_t HksFileRemove(const char *path, const char *fileName)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HKS_SUPPORT_UPGRADE_STORAGE_DATA
|
||||
/* return < 0 error; > 0 realFileSize; == 0 no data */
|
||||
int32_t HksOldVersionFileRead(const char *fileName, uint32_t offset, uint8_t *buf, uint32_t len)
|
||||
{
|
||||
HKS_LOG_D("piling");
|
||||
return HKS_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
int32_t HksOldVersionFileRemove(const char *fileName)
|
||||
{
|
||||
HKS_LOG_D("piling");
|
||||
return HKS_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/* return < 0 error; >= 0 realFileSize */
|
||||
int32_t HksOldVersionFileSize(const char *fileName)
|
||||
{
|
||||
HKS_LOG_D("piling");
|
||||
return HKS_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/* return true, exist; false not exist */
|
||||
bool HksOldVersionIsFileExist(const char *fileName)
|
||||
{
|
||||
HKS_LOG_D("piling");
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
int32_t HksGetFileName(const char *path, const char *fileName, char *fullFileName, uint32_t fullFileNameLen)
|
||||
{
|
||||
return GetFileName(path, fileName, fullFileName, fullFileNameLen);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user