diff --git a/BUILD.gn b/BUILD.gn index aaef20f8ff2fc1413ae26c3a753dd27470691eea..a8412e96df19f744be2ca125df98677729e338f6 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -408,6 +408,12 @@ ohos_executable("hdc") { defines += [ "HDC_SUPPORT_ENCRYPT_PRIVATE_KEY" ] defines += [ "HOST_OHOS" ] external_deps += [ "huks:libhukssdk" ] + if (product_name != "ohos-sdk") { + external_deps += [ + "os_account:account_iam_innerkits", + "os_account:os_account_innerkits", + ] + } } deps = [ ":hdc_hash_gen" ] diff --git a/credential/credential_base.cpp b/credential/credential_base.cpp index 7109c01423039ebf6bb41e30351ddd13a9875985..918441254537d84cf578866b7436c8f5cecedc73 100644 --- a/credential/credential_base.cpp +++ b/credential/credential_base.cpp @@ -16,7 +16,7 @@ using namespace Hdc; -char GetPathSep() +char HdcCredentialBase::GetPathSep() { #ifdef _WIN32 const char sep = '\\'; @@ -26,7 +26,7 @@ char GetPathSep() return sep; } -int RemoveDir(const std::string& dir) +int HdcCredentialBase::RemoveDir(const std::string& dir) { DIR *pdir = opendir(dir.c_str()); if (pdir == nullptr) { @@ -39,7 +39,7 @@ int RemoveDir(const std::string& dir) if (ent->d_name[0] == '.') { continue; } - std::string subpath = dir + GetPathSep() + ent->d_name; + std::string subpath = dir + HdcCredentialBase::GetPathSep() + ent->d_name; if (lstat(subpath.c_str(), &st) == -1) { WRITE_LOG(LOG_WARN, "lstat failed subpath:%s", subpath.c_str()); continue; @@ -66,7 +66,7 @@ int RemoveDir(const std::string& dir) return 0; } -int RemovePath(const std::string& path) +int HdcCredentialBase::RemovePath(const std::string& path) { struct stat st; if (lstat(path.c_str(), &st) == -1) { @@ -81,14 +81,14 @@ int RemovePath(const std::string& path) if (path == "." || path == "..") { return 0; } - int rc = RemoveDir(path); + int rc = HdcCredentialBase::RemoveDir(path); WRITE_LOG(LOG_INFO, "RemoveDir rc:%d path:%s", rc, path.c_str()); return rc; } return 0; } -const std::string StringFormat(const char* const formater, ...) +const std::string HdcCredentialBase::StringFormat(const char* const formater, ...) { va_list vaArgs; va_start(vaArgs, formater); @@ -97,7 +97,7 @@ const std::string StringFormat(const char* const formater, ...) return ret; } -const std::string StringFormat(const char* const formater, va_list& vaArgs) +const std::string HdcCredentialBase::StringFormat(const char* const formater, va_list& vaArgs) { std::vector args(MAX_SIZE_IOBUF_STABLE); const int retSize = vsnprintf_s( diff --git a/credential/credential_base.h b/credential/credential_base.h index 75ffb6ea74e6342058556fcbc907f67379c5ff27..8b4589fd13b4ded7751295a8485f5f57c77c7045 100644 --- a/credential/credential_base.h +++ b/credential/credential_base.h @@ -37,15 +37,16 @@ #define LOG_TAG "HDC_LOG" #endif // HDC_HILOG +namespace HdcCredentialBase { // 0x10000000 is 1.0.0a constexpr uint32_t CREDENTIAL_VERSION_NUMBER = 0x10000000; constexpr size_t SOCKET_CLIENT_NUMS = 1; -static const char* HDC_PRIVATE_KEY_FILE_PWD_KEY_ALIAS = "hdc_private_key_file_pwd_key_alias"; +const std::string HDC_PRIVATE_KEY_FILE_PWD_KEY_ALIAS = "hdc_private_key_file_pwd_key_alias"; constexpr size_t PASSWORD_LENGTH = 10; constexpr uint32_t MAX_SIZE_IOBUF_STABLE = 60 * 1024; // 60KB, compatible with previous version -static const char* HDC_CREDENTIAL_SOCKET_REAL_PATH = +const std::string HDC_CREDENTIAL_SOCKET_REAL_PATH = "/data/service/el1/public/hdc_server/hdc_common/hdc_credential.socket"; constexpr uint8_t CMD_ARG1_COUNT = 2; @@ -54,5 +55,6 @@ int RemovePath(const std::string& path); const std::string StringFormat(const char* const formater, ...); const std::string StringFormat(const char* const formater, va_list& vaArgs); char GetPathSep(); +} // namespace HdcCredentialBase #endif // HDC_CREDENTIAL_BASE_H \ No newline at end of file diff --git a/credential/hdc_subscriber.cpp b/credential/hdc_subscriber.cpp index 97cc54449e5415cedf2a316d8da9d724f9f06212..a06b51d1459eb1b76f06590ebaf4c29be1080e5a 100644 --- a/credential/hdc_subscriber.cpp +++ b/credential/hdc_subscriber.cpp @@ -39,7 +39,7 @@ void HdcSubscriber::OnStateChanged(const OHOS::AccountSA::OsAccountStateData& da WRITE_LOG(LOG_DEBUG, "Directory created successfully."); break; case OsAccountState::REMOVED: - if (RemovePath(path.c_str()) == 0) { + if (HdcCredentialBase::RemovePath(path.c_str()) == 0) { WRITE_LOG(LOG_DEBUG, "Directory removed successfully."); } else { WRITE_LOG(LOG_FATAL, "Failed to remove directory, error is:%s", strerror(errno)); diff --git a/credential/main.cpp b/credential/main.cpp index 11cc4bde1bef47f0e96dc29eb4e901c451d9be5f..b019e166c96987bb64cd430b9f414c1014372a22 100644 --- a/credential/main.cpp +++ b/credential/main.cpp @@ -20,6 +20,7 @@ #include "password.h" using namespace Hdc; +using namespace HdcCredentialBase; Hdc::HdcHuks hdcHuks(HDC_PRIVATE_KEY_FILE_PWD_KEY_ALIAS); Hdc::HdcPassword pwd(HDC_PRIVATE_KEY_FILE_PWD_KEY_ALIAS); @@ -228,7 +229,7 @@ int main(int argc, const char *argv[]) WRITE_LOG(LOG_FATAL, "HdcAccountSubscriberMonitor failed"); return 0; } - int sockfd = CreateAndBindSocket(HDC_CREDENTIAL_SOCKET_REAL_PATH); + int sockfd = CreateAndBindSocket(HDC_CREDENTIAL_SOCKET_REAL_PATH.c_str()); if (sockfd < 0) { WRITE_LOG(LOG_FATAL, "Failed to create and bind socket."); return -1; @@ -238,7 +239,7 @@ int main(int argc, const char *argv[]) close(sockfd); return -1; } - WRITE_LOG(LOG_INFO, "Listening on socket: %s", HDC_CREDENTIAL_SOCKET_REAL_PATH); + WRITE_LOG(LOG_INFO, "Listening on socket: %s", HDC_CREDENTIAL_SOCKET_REAL_PATH.c_str()); bool running = true; while (running) { int connfd = accept(sockfd, nullptr, nullptr); @@ -272,6 +273,6 @@ int main(int argc, const char *argv[]) } // Keep the server running indefinitely WRITE_LOG(LOG_FATAL, "hdc_credential stopped."); close(sockfd); - unlink(HDC_CREDENTIAL_SOCKET_REAL_PATH); + unlink(HDC_CREDENTIAL_SOCKET_REAL_PATH.c_str()); return 0; } \ No newline at end of file diff --git a/src/common/auth.cpp b/src/common/auth.cpp index cecb725d36fad6353ac5a23e2660d7ae477ef745..7f0a450d2ca192a2254393e40cea5b3ab68abfa9 100644 --- a/src/common/auth.cpp +++ b/src/common/auth.cpp @@ -583,10 +583,6 @@ static bool WritePrivateFile(const std::string& fileName, EVP_PKEY *evp) #ifdef HDC_SUPPORT_ENCRYPT_PRIVATE_KEY Hdc::HdcPassword pwd(HDC_PRIVATE_KEY_FILE_PWD_KEY_ALIAS); pwd.GeneratePassword(); - if (!pwd.ResetPwdKey()) { - WRITE_LOG(LOG_FATAL, "reset pwd key failed"); - return false; - } if (!pwd.EncryptPwd()) { WRITE_LOG(LOG_FATAL, "encrypt pwd failed"); return false; diff --git a/src/common/auth.h b/src/common/auth.h index 02fe478a9afefeb927c2600dbe73a23835d92b78..15e4082be14e3eb02333bd107d4c3ffd881f3591 100644 --- a/src/common/auth.h +++ b/src/common/auth.h @@ -40,9 +40,10 @@ int GetPublicKeyFileBuf(unsigned char *data, size_t len); // daemon bool AuthVerify(uint8_t *token, uint8_t *sig, int siglen); bool PostUIConfirm(string publicKey); -} + #ifdef HDC_SUPPORT_ENCRYPT_PRIVATE_KEY #define HDC_PRIVATE_KEY_FILE_PWD_KEY_ALIAS "hdc_private_key_file_pwd_key_alias" #endif +} #endif \ No newline at end of file diff --git a/src/common/credential_message.cpp b/src/common/credential_message.cpp index b0db652212cc39e2afca04487c52aace25cbcb24..fd25a06219deed856a71e262143a55501af85eee 100644 --- a/src/common/credential_message.cpp +++ b/src/common/credential_message.cpp @@ -41,14 +41,14 @@ void CredentialMessage::Init(const std::string& messageStr) std::string messageLengthStr = messageStr.substr(MESSAGE_LENGTH_POS, MESSAGE_LENGTH_LEN); char* end = nullptr; - size_t bodyLength = strtol(messageLengthStr.c_str(), &end, 10); + size_t bodyLength = static_cast(strtol(messageLengthStr.c_str(), &end, 10)); if (end == nullptr || *end != '\0' || bodyLength > MESSAGE_STR_MAX_LEN) { WRITE_LOG(LOG_FATAL, "Invalid message body length %s.", messageLengthStr.c_str()); return; } if (messageStr.length() < MESSAGE_BODY_POS + bodyLength) { - WRITE_LOG(LOG_FATAL, "messageStr is too short: %s", messageStr.c_str()); + WRITE_LOG(LOG_FATAL, "messageStr is too short."); return; } @@ -163,5 +163,5 @@ std::string IntToStringWithPadding(int length, int maxLen) if (str.length() > static_cast(maxLen)) { return ""; } - return std::string(maxLen - str.length(), '0') + str; + return std::string(static_cast(maxLen) - str.length(), '0') + str; } \ No newline at end of file diff --git a/src/common/hdc_huks.cpp b/src/common/hdc_huks.cpp index effa14c312e0d0d51f0999ba8e038ef41a9f638d..3040f197640c977da99ebe439ee05989c43f102c 100644 --- a/src/common/hdc_huks.cpp +++ b/src/common/hdc_huks.cpp @@ -16,6 +16,9 @@ #include "hks_param.h" #include "hks_api.h" #include "log.h" +#ifndef HDC_HOST +#include "os_account_manager.h" +#endif namespace Hdc { static const int AES_GCM_NONCE_BYTE_LEN = 12; static const int AES_GCM_TAG_BYTE_LEN = 16; @@ -28,10 +31,6 @@ namespace Hdc { { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = HKS_AUTH_STORAGE_LEVEL_DE }, }; - struct HksParam genAesKeyPara[] = { - { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT } - }; - HdcHuks::HdcHuks(const std::string& keyAlias) { this->keyAlias = keyAlias; @@ -39,6 +38,23 @@ namespace Hdc { reinterpret_cast(const_cast(this->keyAlias.c_str())) }; } +#ifndef HDC_HOST + static int32_t GetUserId(void) + { + std::vector ids; + + OHOS::ErrCode err = OHOS::AccountSA::OsAccountManager::QueryActiveOsAccountIds(ids); + if (err != 0) { + WRITE_LOG(LOG_FATAL, "QueryActiveOsAccountIds failed, err %d", err); + return 0; + } + if (ids.empty()) { + WRITE_LOG(LOG_FATAL, "QueryActiveOsAccountIds is empty."); + return 0; + } + return ids[0]; + } +#endif bool HdcHuks::DeleteAesKey(HksParamSet *paramSet) { if (!KeyExist(paramSet)) { @@ -58,6 +74,21 @@ namespace Hdc { bool genSuccess = false; struct HksParamSet *paramSet = nullptr; +#ifndef HDC_HOST + int32_t currentUserId = GetUserId(); + if (currentUserId == 0) { + WRITE_LOG(LOG_FATAL, "current user id is 0, reset key failed."); + return false; + } + WRITE_LOG(LOG_INFO, "current user id %d", currentUserId); +#endif + struct HksParam genAesKeyPara[] = { + { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT }, +#ifndef HDC_HOST + { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = currentUserId }, +#endif + }; + if (!MakeHuksParamSet(¶mSet, aesBasePara, sizeof(aesBasePara) / sizeof(HksParam), genAesKeyPara, sizeof(genAesKeyPara) / sizeof(HksParam))) { return false; @@ -107,9 +138,20 @@ namespace Hdc { { GenerateNonce(nonce, length); struct HksParamSet *paramSet = nullptr; +#ifndef HDC_HOST + int32_t currentUserId = GetUserId(); + if (currentUserId == 0) { + WRITE_LOG(LOG_FATAL, "current user id is 0,failed."); + return nullptr; + } + WRITE_LOG(LOG_INFO, "current user id %d", currentUserId); +#endif struct HksParam aesEncryptPara[] = { { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_ENCRYPT }, - { .tag = HKS_TAG_NONCE, .blob = { length, nonce} } + { .tag = HKS_TAG_NONCE, .blob = { length, nonce} }, +#ifndef HDC_HOST + { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = currentUserId }, +#endif }; if (!MakeHuksParamSet(¶mSet, aesBasePara, sizeof(aesBasePara) / sizeof(HksParam), aesEncryptPara, sizeof(aesEncryptPara) / sizeof(HksParam))) { @@ -151,9 +193,21 @@ namespace Hdc { { struct HksParamSet *paramSet = nullptr; +#ifndef HDC_HOST + int32_t currentUserId = GetUserId(); + if (currentUserId == 0) { + WRITE_LOG(LOG_FATAL, "current user id is 0,failed."); + return nullptr; + } + WRITE_LOG(LOG_INFO, "current user id %d", currentUserId); +#endif struct HksParam aesDecryptPara[] = { { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_DECRYPT }, - { .tag = HKS_TAG_NONCE, .blob = { nonce.size(), nonce.data()} } + { .tag = HKS_TAG_NONCE, .blob = { nonce.size(), nonce.data()} }, +#ifndef HDC_HOST + { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = currentUserId }, +#endif + }; if (!MakeHuksParamSet(¶mSet, aesBasePara, sizeof(aesBasePara) / sizeof(HksParam), aesDecryptPara, sizeof(aesDecryptPara) / sizeof(HksParam))) { diff --git a/src/common/password.cpp b/src/common/password.cpp index ad5ea3327d4bd7f62d4081a7e3e32a88527821e5..e9c5457e02a885d5dd345ff68f7469f05cd33024 100644 --- a/src/common/password.cpp +++ b/src/common/password.cpp @@ -116,7 +116,7 @@ std::vector HdcPassword::EncryptGetPwdValue(uint8_t *pwd, int pwdLen) WRITE_LOG(LOG_FATAL, "sendStr is empty."); return std::vector(); } - std::string recvStr = SendToUnixSocketAndRecvStr(HDC_CREDENTIAL_SOCKET_SANDBOX_PATH, sendStr.c_str()); + std::string recvStr = SendToUnixSocketAndRecvStr(HDC_CREDENTIAL_SOCKET_SANDBOX_PATH.c_str(), sendStr.c_str()); memset_s(sendStr.data(), sendStr.size(), 0, sendStr.size()); if (recvStr.empty()) { WRITE_LOG(LOG_FATAL, "recvStr is empty."); @@ -145,7 +145,7 @@ std::pair HdcPassword::DecryptGetPwdValue(const std::string &encr WRITE_LOG(LOG_FATAL, "sendStr is empty."); return std::make_pair(nullptr, 0); } - std::string recvStr = SendToUnixSocketAndRecvStr(HDC_CREDENTIAL_SOCKET_SANDBOX_PATH, sendStr.c_str()); + std::string recvStr = SendToUnixSocketAndRecvStr(HDC_CREDENTIAL_SOCKET_SANDBOX_PATH.c_str(), sendStr.c_str()); memset_s(sendStr.data(), sendStr.size(), 0, sendStr.size()); if (recvStr.empty()) { WRITE_LOG(LOG_FATAL, "recvStr is empty."); diff --git a/src/common/password.h b/src/common/password.h index 4bea3dc397b22a99e1b65b21d368b8968f45709a..d28791d43319e4311d2e9d8d2c340251ddb7968a 100644 --- a/src/common/password.h +++ b/src/common/password.h @@ -25,7 +25,7 @@ namespace Hdc { #define PASSWORD_LENGTH 10 -static const char* HDC_CREDENTIAL_SOCKET_SANDBOX_PATH = "/data/hdc/hdc_huks/hdc_credential.socket"; +const std::string HDC_CREDENTIAL_SOCKET_SANDBOX_PATH = "/data/hdc/hdc_huks/hdc_credential.socket"; class HdcPassword { public: