diff --git a/common/BUILD.gn b/common/BUILD.gn index 10b15b4648b5345a6a1c4b7a58535663415acd26..6a06b09f55f3fdef29ac9ab90052857f89898a99 100644 --- a/common/BUILD.gn +++ b/common/BUILD.gn @@ -30,6 +30,7 @@ ohos_shared_library("useriam_common_lib") { "coauth/src/coauth_funcs.c", "coauth/src/coauth_sign_centre.c", "coauth/src/executor_message.c", + "coauth/src/pool.c", "common/src/buffer.c", "common/src/linked_list.c", "common/src/tlv_base.c", @@ -43,8 +44,8 @@ ohos_shared_library("useriam_common_lib") { "hal_sdk/useridm_interface.cpp", "idm/src/idm_session.c", "idm/src/user_idm_funcs.c", + "key_mgr/src/token_key.c", "lock/src/lock.c", - "pool/src/pool.c", "user_auth/src/auth_level.c", "user_auth/src/context_manager.c", "user_auth/src/user_auth_funcs.c", @@ -59,7 +60,7 @@ ohos_shared_library("useriam_common_lib") { "common/inc", "interface", "idm/inc", - "pool/inc", + "key_mgr/inc", "user_auth/inc", "//third_party/openssl/include", ] diff --git a/common/pool/inc/pool.h b/common/coauth/inc/pool.h similarity index 100% rename from common/pool/inc/pool.h rename to common/coauth/inc/pool.h diff --git a/common/coauth/src/coauth_sign_centre.c b/common/coauth/src/coauth_sign_centre.c index 02fbac8e4ebeef963020a7730f5255fa3f797a92..c53e48f84381387f7c4451058288d3a3b52a804e 100644 --- a/common/coauth/src/coauth_sign_centre.c +++ b/common/coauth/src/coauth_sign_centre.c @@ -20,17 +20,10 @@ #include "adaptor_algorithm.h" #include "adaptor_log.h" #include "adaptor_time.h" +#include "token_key.h" #define TOKEN_VALIDITY_PERIOD (10 * 60 * 1000) -// Key used for coauth signature. -static uint8_t g_coAuthTokenKey[SHA256_KEY_LEN] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, -}; - static bool IsTimeValid(const ScheduleTokenHal *coAuthToken) { uint64_t currentTime = GetSystemTime(); @@ -52,7 +45,7 @@ ResultCode CoAuthTokenSign(ScheduleTokenHal *coAuthToken) coAuthToken->version = TOKEN_VERSION; ResultCode ret = RESULT_SUCCESS; Buffer *data = CreateBufferByData((uint8_t *)coAuthToken, COAUTH_TOKEN_DATA_LEN); - Buffer *key = CreateBufferByData(g_coAuthTokenKey, SHA256_KEY_LEN); + Buffer *key = GetTokenKey(); Buffer *sign = NULL; if (data == NULL || key == NULL) { LOG_ERROR("lack of member"); @@ -91,7 +84,7 @@ ResultCode CoAuthTokenVerify(const ScheduleTokenHal *coAuthToken) } ResultCode ret = RESULT_SUCCESS; Buffer *data = CreateBufferByData((uint8_t *)coAuthToken, COAUTH_TOKEN_DATA_LEN); - Buffer *key = CreateBufferByData(g_coAuthTokenKey, SHA256_KEY_LEN); + Buffer *key = GetTokenKey(); Buffer *sign = CreateBufferByData(coAuthToken->sign, SHA256_SIGN_LEN); Buffer *rightSign = NULL; if (data == NULL || key == NULL || sign == NULL) { diff --git a/common/pool/src/pool.c b/common/coauth/src/pool.c similarity index 100% rename from common/pool/src/pool.c rename to common/coauth/src/pool.c diff --git a/common/hal_sdk/useriam_common.cpp b/common/hal_sdk/useriam_common.cpp index c5f3775279f03409f4cab4ce784a1be764076d18..494b316cbb8d0ed70337e678504a1ee042bd0f24 100644 --- a/common/hal_sdk/useriam_common.cpp +++ b/common/hal_sdk/useriam_common.cpp @@ -25,6 +25,7 @@ extern "C" { #include "context_manager.h" #include "adaptor_log.h" #include "lock.h" +#include "token_key.h" } namespace OHOS { @@ -57,6 +58,10 @@ int32_t Init() LOG_ERROR("init user auth failed"); goto FAIL; } + if (InitTokenKey() != RESULT_SUCCESS) { + LOG_ERROR("init token key failed"); + goto FAIL; + } g_isInitUserIAM = true; GlobalUnLock(); return RESULT_SUCCESS; diff --git a/common/key_mgr/inc/token_key.h b/common/key_mgr/inc/token_key.h new file mode 100644 index 0000000000000000000000000000000000000000..d0e9069ade1f481a6bd2d7dbf0c71561e1c90856 --- /dev/null +++ b/common/key_mgr/inc/token_key.h @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef USER_IAM_TOKEN_KEY +#define USER_IAM_TOKEN_KEY + +#include "buffer.h" +#include "defines.h" + +Buffer *GetTokenKey(void); +ResultCode InitTokenKey(void); + +#endif \ No newline at end of file diff --git a/common/key_mgr/src/token_key.c b/common/key_mgr/src/token_key.c new file mode 100644 index 0000000000000000000000000000000000000000..65af0123719565da42e6c8c4d85ed1fc50ff5bc6 --- /dev/null +++ b/common/key_mgr/src/token_key.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "token_key.h" + +#include + +#include "adaptor_algorithm.h" +#include "adaptor_log.h" +#include "buffer.h" +#include "defines.h" + +#define SHA256_KEY_LEN 32 + +// This is for example only. Should be implemented in trusted environment. +static Buffer *g_tokenKey = NULL; + +Buffer *GetTokenKey(void) +{ + return CopyBuffer(g_tokenKey); +} + +ResultCode InitTokenKey(void) +{ + if (g_tokenKey != NULL) { + return RESULT_SUCCESS; + } + g_tokenKey = CreateBuffer(SHA256_KEY_LEN); + if (g_tokenKey == NULL) { + LOG_ERROR("g_tokenKey: create buffer failed"); + return RESULT_NO_MEMORY; + } + if (SecureRandom(g_tokenKey->buf, g_tokenKey->maxSize) != RESULT_SUCCESS) { + LOG_ERROR("get random failed"); + return RESULT_GENERAL_ERROR; + } + g_tokenKey->contentSize = g_tokenKey->maxSize; + return RESULT_SUCCESS; +} \ No newline at end of file diff --git a/common/user_auth/src/user_sign_centre.c b/common/user_auth/src/user_sign_centre.c index 95000a94bd65ce1c1cdcc9f1d3c7d0e96a34b31f..1ecd1f66d03e1ee1a19eb80ae4c6d21d0f022266 100644 --- a/common/user_auth/src/user_sign_centre.c +++ b/common/user_auth/src/user_sign_centre.c @@ -20,18 +20,10 @@ #include "adaptor_algorithm.h" #include "adaptor_log.h" #include "adaptor_time.h" +#include "token_key.h" #define TOKEN_VALIDITY_PERIOD (10 * 60 * 1000) -#define DEMO_KEY { \ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, \ - 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, \ - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, \ - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, \ -} - -static uint8_t g_userAuthTokenKey[SHA256_KEY_LEN] = DEMO_KEY; - static bool IsTimeValid(const UserAuthTokenHal *userAuthToken) { uint64_t currentTime = GetSystemTime(); @@ -53,7 +45,7 @@ ResultCode UserAuthTokenSign(UserAuthTokenHal *userAuthToken) userAuthToken->version = TOKEN_VERSION; ResultCode ret = RESULT_SUCCESS; Buffer *data = CreateBufferByData((uint8_t *)userAuthToken, AUTH_TOKEN_DATA_LEN); - Buffer *key = CreateBufferByData(g_userAuthTokenKey, SHA256_KEY_LEN); + Buffer *key = GetTokenKey(); Buffer *sign = NULL; if (data == NULL || key == NULL) { LOG_ERROR("lack of member"); @@ -92,7 +84,7 @@ ResultCode UserAuthTokenVerify(const UserAuthTokenHal *userAuthToken) } ResultCode ret = RESULT_SUCCESS; Buffer *data = CreateBufferByData((uint8_t *)userAuthToken, AUTH_TOKEN_DATA_LEN); - Buffer *key = CreateBufferByData(g_userAuthTokenKey, SHA256_KEY_LEN); + Buffer *key = GetTokenKey(); Buffer *sign = CreateBufferByData((uint8_t *)userAuthToken->sign, SHA256_SIGN_LEN); Buffer *rightSign = NULL; if (data == NULL || key == NULL || sign == NULL) {