鸿蒙源码分析（五十一）

hks_storage.c 代码及其头文件分析

由于本片代码篇幅过长，这里分多篇博客分析。该文件主要涉及内存中密钥的信息、状态、和一些算法的设置。
文件路径

头文件

头文件主要是一些函数的声明、变量的宏定义以及部分结构体的说明。设计密钥在内存中的存放和数据的缓冲区定义

#define HKS_KEY_INFO_RESERVE_NUMBER 2  //密钥信息保存的组数
#define HKS_LOCAL_STORAGE_KEY_MAX_NUM            20 //本地密钥保存的最大数量
#define HKS_BUF_BYTES                            5120  //缓冲区的默认长度
//内存中密钥信息的结构
struct hks_storage_key_info {
    
    
    struct hks_key_param *param; //存放参数
    struct hks_blob *public_key; //公钥信息的存放
    struct hks_blob *private_key; //私钥信息的存放
    uint32_t reserve[HKS_KEY_INFO_RESERVE_NUMBER]; //存放密钥的数组
};
//内存缓冲区的结构体定义
struct hks_storage_buffer {
    
    
    uint32_t offset; /* record current buf offset */ //偏置变量
    uint8_t *buf; //缓冲区
    uint16_t size; //缓冲区的长度size
};

部分源文件

#define HKS_SEALING_NONCE_SIZE          16
#define HKS_SEALING_TAG_SIZE            16
#define HKS_SEALING_ALG_MASK            ((uint32_t)0xffff0000)  //算法标记
#define HKS_SEALING_AES_GCM_128         ((uint32_t)0x01010000)  //aes_gcm128位
#define HKS_SEALING_AES_GCM_256         ((uint32_t)0x01020000)  //aes_gcm256位
#define HKS_SEALING_HKDF_MASK           ((uint32_t)0x000000ff)  //hkdf标记
#define HKS_SEALING_HKDF_SHA_256        ((uint32_t)0x00000001)  //sha256算法
#define HKS_SEALING_HKDF_SHA_512        ((uint32_t)0x00000002)  //sha512算法


#define HKS_HEADER_RESERVE_SIZE  7
#define BUF_SIZE    65536
#define HKS_SLOT_PUBLIC_KEY_IDLE             ((uint8_t)0x00)
#define HKS_SLOT_PUBLIC_KEY_OCCUPY           ((uint8_t)0x01)
#define HKS_SLOT_KEYPAIR_IDLE                ((uint8_t)0x02)
#define HKS_SLOT_KEYPAIR_OCCUPY              ((uint8_t)0x03)

hks_write_key_info_checkd等函数的定义

static int32_t hks_write_key_info_check(const struct hks_blob *key_alias,
    const struct hks_storage_key_info *key_info);

static int32_t hks_get_key_info_init(const struct hks_blob *key_alias,
    struct hks_key_param *key_param, uint8_t **key_pos);

static int32_t hks_refresh_header_hash(void);

static int32_t hks_sync_buf_to_file(void);

static int32_t hks_get_key_pos(const struct hks_blob *key_alias, uint8_t **pos);

获取

//计算获取header的长度
static uint16_t hks_get_header_len(void)
{
    
    
    uint16_t header_len = (sizeof(uint16_t) + sizeof(uint8_t) +
        sizeof(uint8_t) + sizeof(uint32_t) + HKS_SEALING_NONCE_SIZE +
        HKS_HEADER_HASH_SIZE);
    //计算方式header_len = version + key_count + slot_count + sealing_alg + sealing_nonce + hash
    return header_len;
}

hks_get_key_slot_len函数
计算密钥插槽的长度，计算方式slotlen = falgs+ sealing_nonce + alias_size + alias + param + key_size + key

//计算密钥的slotlen
static uint16_t hks_get_key_slot_len(void)
{
    
    
    //slotlen = falgs+ sealing_nonce + alias_size + alias + param + key_size + key
    uint16_t slot_len = (sizeof(uint8_t) + HKS_SEALING_NONCE_SIZE +
            sizeof(uint8_t) + HKS_ALIAS_MAX_SIZE + (sizeof(uint32_t) +
            sizeof(uint16_t) + sizeof(uint32_t) +
            sizeof(uint8_t) + sizeof(uint32_t) +
            sizeof(uint32_t) + sizeof(uint16_t) +
            sizeof(uint8_t) + sizeof(uint8_t) +
            HKS_AUTH_ID_MAX_SIZE) +
            sizeof(uint8_t) + HKS_KEY_PAIR_CIPHER_ED25519);
    return slot_len;
}

hks_blob_write_uint32函数
函数实现将数据写进缓冲区buf

//将value的值写进缓冲区（32位）
static inline uint32_t hks_blob_write_uint32(uint8_t *buf, uint32_t value)
{
    
    
    *((uint32_t *)buf) = value;
    return sizeof(value);
}

hks_blob_read_uint32函数
实现将缓冲区的值读进一个变量中

//将buf中的值读进value变量。返回值uint32_t的字节数
/* Caution: only used in local machine, endian is not considerred */
static inline uint32_t hks_blob_read_uint32(uint32_t *value, const uint8_t *buf)
{
    
    
    *value = *((uint32_t *)buf);
    return sizeof(uint32_t);
}

这部分函数和上面的很类似，主要的区别在于操作对象数的位数，有32位，16位，8位等数据类型。

/* Caution: only used in local machine, endian is not considerred */
//将value的值写进缓冲区（16位）
static inline uint32_t hks_blob_write_uint16(uint8_t *buf, uint16_t value)
{
    
    
    *((uint16_t *)buf) = value;
    return sizeof(value);
}

/* Caution: only used in local machine, endian is not considerred */
///将buf中的值读进value变量。返回值uint16_t的字节数
static inline uint32_t hks_blob_read_uint16(uint16_t *value, const uint8_t *buf)
{
    
    
    *value = *((uint16_t *)buf);
    return sizeof(uint16_t);
}

/* Caution: only used in local machine, endian is not considerred */
static inline uint32_t hks_blob_write_uint8(uint8_t *buf, uint8_t value)
{
    
    
    *((uint8_t *)buf) = value;
    return sizeof(value);
}

/* Caution: only used in local machine, endian is not considerred */
static inline uint32_t hks_blob_read_uint8(uint8_t *value, const uint8_t *buf)
{
    
    
    *value = *((uint8_t *)buf);
    return sizeof(uint8_t);
}

对缓冲区的写操作函数
hks_blob_write_buf函数，将src中数据写进dest，写入长度为n。

//对缓冲区的write操作
static int32_t hks_blob_write_buf(uint8_t *dest, uint32_t dest_max,
    const uint8_t *src, uint32_t n, uint32_t *ret_offset)
{
    
    
    if ((dest == NULL) || (src == NULL) || (ret_offset == NULL))
        return HKS_ERROR_NULL_POINTER;
    //先对参数进行判断
    if ((n == 0) || (dest_max < n))
        /* in this case, it will return the length of blob, so return 0 */
        return HKS_STATUS_OK;
    //判断n是否为0或者dest_max（dest的最大长度）是否小于n。
    if (memcpy_s(dest, dest_max, src, n) != EOK)
        return HKS_ERROR_BAD_STATE;
    //将src中数据写进dest，写入长度为n
    *ret_offset += n;
    return HKS_STATUS_OK;
}

缓冲区内存空间的申请
该函数实现缓冲区内存的申请，调用HKS_CALLOC函数申请内存。

tatic uint8_t *g_storage_image_buffer = NULL; //定义一个全局变量
//缓冲区的apply（申请）
static int32_t hks_apply_buffer(size_t count, size_t size)
{
    
    
    if (g_storage_image_buffer != NULL)
        return HKS_STATUS_OK;
    if ((count == 0) || (count > BUF_SIZE) ||
        (size == 0) || (size > BUF_SIZE))
        return HKS_ERROR_MALLOC_FAIL;
        //检查参数，如果不合法则不能申请相关空间

    g_storage_image_buffer = (uint8_t *)HKS_CALLOC(count, size);
    //定义缓冲区为长度为size，数量count的数组
    if (g_storage_image_buffer == NULL)
    //申请失败的检查
        return HKS_ERROR_MALLOC_FAIL;
    return HKS_STATUS_OK;
}

对缓冲区的其他操作
初始化函数

//缓冲区的初始化
static int32_t hks_init_buffer(void)
{
    
    
    if (g_storage_image_buffer == NULL)
        return HKS_ERROR_NULL_POINTER;

    if (memset_s(g_storage_image_buffer, HKS_BUF_BYTES, 0, HKS_BUF_BYTES) != EOK)
        return HKS_ERROR_BAD_STATE;
    //将刚刚申请的数组进行初始化为0
    /* Generate random nonce for sealing */
    //即时数组，初始化为0
    uint8_t nonce[HKS_SEALING_NONCE_SIZE] = {
    
    0};
    /* Generate random nonce */
    //生成随机数写进nonce数组
    int32_t ret = hks_gen_random(nonce, HKS_SEALING_NONCE_SIZE);

    if (ret != HKS_STATUS_OK)
        return ret;

    /* encode extra internal info */
    uint32_t n = 0;
    uint16_t version = 0;
    uint8_t key_count = 0;
    uint8_t slot_count = 0;
    uint32_t sealing_alg = HKS_SEALING_DEFAULT;
    //一些变量的初始化
    n += hks_blob_write_uint16((g_storage_image_buffer + n), version); /* version */
    n += hks_blob_write_uint8((g_storage_image_buffer + n), key_count); /* key_count */
    n += hks_blob_write_uint8((g_storage_image_buffer + n), slot_count); /* slot_count */
    n += hks_blob_write_uint32((g_storage_image_buffer + n), sealing_alg); /* sealing_alg */
    //将四个变量写进全局变量，其中n不断增加写进的字节数，这样可以用来计算下一次写进的位置
    /* sealing_nonce */
    ret = hks_blob_write_buf((g__buffer + n), (hks_get_header_len() - n), nonce,
        HKS_SEALING_NONCE_SIZE, &n);
    //将nonce中数据写进全局的内存缓冲区
    if (ret != HKS_STATUS_OK)
        return ret;
    return HKS_STATUS_OK;
}

缓冲区的获取

//获取缓冲区
static uint8_t *hks_get_buffer(void)
{
    
    
    return g_storage_image_buffer;
}
//缓冲区数据的清除（初始化0）
static void hks_clean_buffer(void)
{
    
    
    if (g_storage_image_buffer == NULL) {
    
    
        log_info("g_storage_image_buffer is null");
        return;
    }

    (void)memset_s(g_storage_image_buffer, HKS_BUF_BYTES, 0, HKS_BUF_BYTES);
}
//缓冲区内存的释放
static void hks_free_buffer(void)
{
    
    
    hks_clean_buffer();
    hks_free_ptr(g_storage_image_buffer);
}

以上为该文件的部分代码，后面会带来后续代码解释。感谢阅读和点赞！