鸿蒙源码分析（四十五）

hks_auth.c代码分析

该文件主要涉及认证机制。
文件路径security_huks\services\huks_standard\huks_engine\main\core\src\hks_auth.c

代码注释

结构体元素介绍

//结构体的封装
struct HksAuthPolicy {
    
    
    uint32_t authId; //标识id
    uint32_t policyCnt; //数量
    uint32_t *policyTag; //tag的数组
};

初始化

#ifndef _CUT_AUTHENTICATE_
static uint32_t g_symCipherPolicyTag[] = {
    
     HKS_TAG_ALGORITHM, HKS_TAG_BLOCK_MODE, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_asymCipherPolicyTag[] = {
    
     HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_signVerifyRsaPolicyTag[] = {
    
     HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_signVerifyEccPolicyTag[] = {
    
     HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_macPolicyTag[] = {
    
     HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_derivePolicyTag[] = {
    
     HKS_TAG_DIGEST, HKS_TAG_PURPOSE };

struct HksAuthPolicy g_authPolicyList[] = {
    
    
    {
    
     HKS_AUTH_ID_SYM_CIPHER, HKS_ARRAY_SIZE(g_symCipherPolicyTag), g_symCipherPolicyTag },
    {
    
     HKS_AUTH_ID_ASYM_CIPHER, HKS_ARRAY_SIZE(g_asymCipherPolicyTag), g_asymCipherPolicyTag },
    {
    
     HKS_AUTH_ID_SIGN_VERIFY_RSA, HKS_ARRAY_SIZE(g_signVerifyRsaPolicyTag), g_signVerifyRsaPolicyTag },
    {
    
     HKS_AUTH_ID_SIGN_VERIFY_ECC, HKS_ARRAY_SIZE(g_signVerifyEccPolicyTag), g_signVerifyEccPolicyTag },
    {
    
     HKS_AUTH_ID_MAC, HKS_ARRAY_SIZE(g_macPolicyTag), g_macPolicyTag },
    {
    
     HKS_AUTH_ID_DERIVE, HKS_ARRAY_SIZE(g_derivePolicyTag), g_derivePolicyTag }
};

参数的检查

//检查一些参数
static int32_t CheckPurpose(const struct HksParam *authParam, const struct HksParam *requestParam)
{
    
    
    if (requestParam->uint32Param == 0) {
    
    
        return HKS_ERROR_INVALID_ARGUMENT;
    }
    if ((requestParam->uint32Param & authParam->uint32Param) != requestParam->uint32Param) {
    
    
        return HKS_ERROR_INVALID_ARGUMENT;
    }
    return HKS_SUCCESS;
}

该函数主要实现认证
不断获取policy中的tag进行比对，满足条件就获取参数写进对应数组。

//认证机制实现
static int32_t AuthPolicy(const struct HksAuthPolicy *policy, const struct HksKeyNode *keyNode,
    const struct HksParamSet *paramSet)
{
    
    
    int32_t ret;
    uint32_t authTag;
    struct HksParam *authParam = NULL;
    struct HksParam *requestParam = NULL;

    for (uint32_t i = 0; i < policy->policyCnt; i++) {
    
    
        authTag = policy->policyTag[i];
        ret = HksGetParam(keyNode->paramSet, authTag, &authParam);
        //将参数集keyNode->paramSet满足条件authtag的参数写进authParam
        if (ret != HKS_SUCCESS) {
    
    
            HKS_LOG_E("get auth param[%x] failed!", authTag);
            return ret;
        }
        ret = HksGetParam(paramSet, authTag, &requestParam);
        //获取参数集paramSet中tag和authtag符合的参数写进requestParam
        if (ret != HKS_SUCCESS) {
    
    
            HKS_LOG_E("get request param[%x] failed!", authTag);
            return ret;
        }
        if (authTag != HKS_TAG_PURPOSE) {
    
    
            ret = HksCheckParamMatch((const struct HksParam *)authParam, (const struct HksParam *)requestParam);
            //tag不满足条件就检查参数并实现匹配
        } else {
    
    
            ret = CheckPurpose((const struct HksParam *)authParam, (const struct HksParam *)requestParam);
            //tag状态正确的话就检查purpose
        }
        if (ret != HKS_SUCCESS) {
    
    
            HKS_LOG_E("unmatch policy[%x], [%x] != [%x]!", authTag, requestParam->uint32Param, authParam->uint32Param);
            return ret;
        }
    }
    return HKS_SUCCESS;
}

主要是实现AuthPolicy的封装应用
对HKS_ARRAY_SIZE尺度内不断循环使用authpolicy实现认证

//auth的封装实现
int32_t HksAuth(uint32_t authId, const struct HksKeyNode *keyNode, const struct HksParamSet *paramSet)
{
    
    
    for (uint32_t i = 0; i < HKS_ARRAY_SIZE(g_authPolicyList); i++) {
    
    
        if (authId == g_authPolicyList[i].authId) {
    
    
            return AuthPolicy(&g_authPolicyList[i], keyNode, paramSet);
        }
    }
    return HKS_ERROR_BAD_STATE;
}