From 8742b141e1a26a2babf043fc1d0945135eb950ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A9=E9=9C=87?= Date: Fri, 18 Mar 2022 18:52:59 +0800 Subject: [PATCH 1/4] fix token key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韩震 Change-Id: I234a83c4c99e4ff9754ed142ec2b3f9d04bf6cef --- common/BUILD.gn | 5 ++- common/{pool => coauth}/inc/pool.h | 0 common/coauth/src/coauth_sign_centre.c | 13 ++----- common/{pool => coauth}/src/pool.c | 0 common/hal_sdk/useriam_common.cpp | 5 +++ common/key_mgr/inc/token_key.h | 27 ++++++++++++++ common/key_mgr/src/token_key.c | 49 +++++++++++++++++++++++++ common/user_auth/src/user_sign_centre.c | 14 ++----- 8 files changed, 90 insertions(+), 23 deletions(-) rename common/{pool => coauth}/inc/pool.h (100%) rename common/{pool => coauth}/src/pool.c (100%) create mode 100644 common/key_mgr/inc/token_key.h create mode 100644 common/key_mgr/src/token_key.c diff --git a/common/BUILD.gn b/common/BUILD.gn index 10b15b4..d9e6cca 100644 --- a/common/BUILD.gn +++ b/common/BUILD.gn @@ -30,6 +30,7 @@ ohos_shared_library("useriam_common_lib") { "coauth/src/coauth_funcs.c", "coauth/src/coauth_sign_centre.c", "coauth/src/executor_message.c", + "coauth/src/pool.c", "common/src/buffer.c", "common/src/linked_list.c", "common/src/tlv_base.c", @@ -41,10 +42,10 @@ ohos_shared_library("useriam_common_lib") { "hal_sdk/userauth_interface.cpp", "hal_sdk/useriam_common.cpp", "hal_sdk/useridm_interface.cpp", + "key_mgr/src/token_key.c", "idm/src/idm_session.c", "idm/src/user_idm_funcs.c", "lock/src/lock.c", - "pool/src/pool.c", "user_auth/src/auth_level.c", "user_auth/src/context_manager.c", "user_auth/src/user_auth_funcs.c", @@ -58,8 +59,8 @@ ohos_shared_library("useriam_common_lib") { "database/inc", "common/inc", "interface", + "key_mgr/inc", "idm/inc", - "pool/inc", "user_auth/inc", "//third_party/openssl/include", ] diff --git a/common/pool/inc/pool.h b/common/coauth/inc/pool.h similarity index 100% rename from common/pool/inc/pool.h rename to common/coauth/inc/pool.h diff --git a/common/coauth/src/coauth_sign_centre.c b/common/coauth/src/coauth_sign_centre.c index 02fbac8..c53e48f 100644 --- a/common/coauth/src/coauth_sign_centre.c +++ b/common/coauth/src/coauth_sign_centre.c @@ -20,17 +20,10 @@ #include "adaptor_algorithm.h" #include "adaptor_log.h" #include "adaptor_time.h" +#include "token_key.h" #define TOKEN_VALIDITY_PERIOD (10 * 60 * 1000) -// Key used for coauth signature. -static uint8_t g_coAuthTokenKey[SHA256_KEY_LEN] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, -}; - static bool IsTimeValid(const ScheduleTokenHal *coAuthToken) { uint64_t currentTime = GetSystemTime(); @@ -52,7 +45,7 @@ ResultCode CoAuthTokenSign(ScheduleTokenHal *coAuthToken) coAuthToken->version = TOKEN_VERSION; ResultCode ret = RESULT_SUCCESS; Buffer *data = CreateBufferByData((uint8_t *)coAuthToken, COAUTH_TOKEN_DATA_LEN); - Buffer *key = CreateBufferByData(g_coAuthTokenKey, SHA256_KEY_LEN); + Buffer *key = GetTokenKey(); Buffer *sign = NULL; if (data == NULL || key == NULL) { LOG_ERROR("lack of member"); @@ -91,7 +84,7 @@ ResultCode CoAuthTokenVerify(const ScheduleTokenHal *coAuthToken) } ResultCode ret = RESULT_SUCCESS; Buffer *data = CreateBufferByData((uint8_t *)coAuthToken, COAUTH_TOKEN_DATA_LEN); - Buffer *key = CreateBufferByData(g_coAuthTokenKey, SHA256_KEY_LEN); + Buffer *key = GetTokenKey(); Buffer *sign = CreateBufferByData(coAuthToken->sign, SHA256_SIGN_LEN); Buffer *rightSign = NULL; if (data == NULL || key == NULL || sign == NULL) { diff --git a/common/pool/src/pool.c b/common/coauth/src/pool.c similarity index 100% rename from common/pool/src/pool.c rename to common/coauth/src/pool.c diff --git a/common/hal_sdk/useriam_common.cpp b/common/hal_sdk/useriam_common.cpp index c5f3775..494b316 100644 --- a/common/hal_sdk/useriam_common.cpp +++ b/common/hal_sdk/useriam_common.cpp @@ -25,6 +25,7 @@ extern "C" { #include "context_manager.h" #include "adaptor_log.h" #include "lock.h" +#include "token_key.h" } namespace OHOS { @@ -57,6 +58,10 @@ int32_t Init() LOG_ERROR("init user auth failed"); goto FAIL; } + if (InitTokenKey() != RESULT_SUCCESS) { + LOG_ERROR("init token key failed"); + goto FAIL; + } g_isInitUserIAM = true; GlobalUnLock(); return RESULT_SUCCESS; diff --git a/common/key_mgr/inc/token_key.h b/common/key_mgr/inc/token_key.h new file mode 100644 index 0000000..107773f --- /dev/null +++ b/common/key_mgr/inc/token_key.h @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef USER_IAM_TOKEN_KEY +#define USER_IAM_TOKEN_KEY + +#include "buffer.h" +#include "defines.h" + +#define SHA256_KEY_LEN 32 + +Buffer *GetTokenKey(void); +ResultCode InitTokenKey(void); + +#endif \ No newline at end of file diff --git a/common/key_mgr/src/token_key.c b/common/key_mgr/src/token_key.c new file mode 100644 index 0000000..ad71f0b --- /dev/null +++ b/common/key_mgr/src/token_key.c @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "token_key.h" + +#include + +#include "adaptor_algorithm.h" +#include "adaptor_log.h" +#include "buffer.h" +#include "defines.h" + +// This is for example only. Should be implemented in trusted environment. +static Buffer *g_tokenKey = NULL; + +Buffer *GetTokenKey(void) +{ + return CopyBuffer(g_tokenKey); +} + +ResultCode InitTokenKey(void) +{ + if (g_tokenKey != NULL) { + return RESULT_SUCCESS; + } + g_tokenKey = CreateBuffer(SHA256_KEY_LEN); + if (g_tokenKey == NULL) { + LOG_ERROR("g_tokenKey: create buffer failed"); + return RESULT_NO_MEMORY; + } + if (SecureRandom(g_tokenKey->buf, g_tokenKey->maxSize) != RESULT_SUCCESS) { + LOG_ERROR("get random failed"); + return RESULT_GENERAL_ERROR; + } + g_tokenKey->contentSize = g_tokenKey->maxSize; + return RESULT_SUCCESS; +} \ No newline at end of file diff --git a/common/user_auth/src/user_sign_centre.c b/common/user_auth/src/user_sign_centre.c index 95000a9..1ecd1f6 100644 --- a/common/user_auth/src/user_sign_centre.c +++ b/common/user_auth/src/user_sign_centre.c @@ -20,18 +20,10 @@ #include "adaptor_algorithm.h" #include "adaptor_log.h" #include "adaptor_time.h" +#include "token_key.h" #define TOKEN_VALIDITY_PERIOD (10 * 60 * 1000) -#define DEMO_KEY { \ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, \ - 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, \ - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, \ - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, \ -} - -static uint8_t g_userAuthTokenKey[SHA256_KEY_LEN] = DEMO_KEY; - static bool IsTimeValid(const UserAuthTokenHal *userAuthToken) { uint64_t currentTime = GetSystemTime(); @@ -53,7 +45,7 @@ ResultCode UserAuthTokenSign(UserAuthTokenHal *userAuthToken) userAuthToken->version = TOKEN_VERSION; ResultCode ret = RESULT_SUCCESS; Buffer *data = CreateBufferByData((uint8_t *)userAuthToken, AUTH_TOKEN_DATA_LEN); - Buffer *key = CreateBufferByData(g_userAuthTokenKey, SHA256_KEY_LEN); + Buffer *key = GetTokenKey(); Buffer *sign = NULL; if (data == NULL || key == NULL) { LOG_ERROR("lack of member"); @@ -92,7 +84,7 @@ ResultCode UserAuthTokenVerify(const UserAuthTokenHal *userAuthToken) } ResultCode ret = RESULT_SUCCESS; Buffer *data = CreateBufferByData((uint8_t *)userAuthToken, AUTH_TOKEN_DATA_LEN); - Buffer *key = CreateBufferByData(g_userAuthTokenKey, SHA256_KEY_LEN); + Buffer *key = GetTokenKey(); Buffer *sign = CreateBufferByData((uint8_t *)userAuthToken->sign, SHA256_SIGN_LEN); Buffer *rightSign = NULL; if (data == NULL || key == NULL || sign == NULL) { -- Gitee From 09314b4ba842533b608ddeaedabc6cfd9bd0d395 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A9=E9=9C=87?= Date: Fri, 18 Mar 2022 19:06:25 +0800 Subject: [PATCH 2/4] fix format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韩震 Change-Id: Ieeafaea3aa894fef9d0b1584634e9ccab3db09c1 --- common/BUILD.gn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/BUILD.gn b/common/BUILD.gn index d9e6cca..5d626e5 100644 --- a/common/BUILD.gn +++ b/common/BUILD.gn @@ -59,8 +59,8 @@ ohos_shared_library("useriam_common_lib") { "database/inc", "common/inc", "interface", - "key_mgr/inc", "idm/inc", + "key_mgr/inc", "user_auth/inc", "//third_party/openssl/include", ] -- Gitee From 84f51a55eb62f92b3504258aa028869068cd2d78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A9=E9=9C=87?= Date: Fri, 18 Mar 2022 19:18:12 +0800 Subject: [PATCH 3/4] fix codecheck MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韩震 Change-Id: I3b3391f362cc2f5770c60bb5695856b5583fefd7 --- common/key_mgr/src/token_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/key_mgr/src/token_key.c b/common/key_mgr/src/token_key.c index ad71f0b..9e3f51c 100644 --- a/common/key_mgr/src/token_key.c +++ b/common/key_mgr/src/token_key.c @@ -45,5 +45,5 @@ ResultCode InitTokenKey(void) return RESULT_GENERAL_ERROR; } g_tokenKey->contentSize = g_tokenKey->maxSize; - return RESULT_SUCCESS; + return RESULT_SUCCESS; } \ No newline at end of file -- Gitee From 1f07270c3a1d0ba78c18f13039b452807854dd29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A9=E9=9C=87?= Date: Fri, 18 Mar 2022 19:33:51 +0800 Subject: [PATCH 4/4] fix codecheck MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韩震 Change-Id: I8f91f6096e4869433dc63d415f37b054baea9e4b --- common/BUILD.gn | 2 +- common/key_mgr/inc/token_key.h | 2 -- common/key_mgr/src/token_key.c | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/common/BUILD.gn b/common/BUILD.gn index 5d626e5..6a06b09 100644 --- a/common/BUILD.gn +++ b/common/BUILD.gn @@ -42,9 +42,9 @@ ohos_shared_library("useriam_common_lib") { "hal_sdk/userauth_interface.cpp", "hal_sdk/useriam_common.cpp", "hal_sdk/useridm_interface.cpp", - "key_mgr/src/token_key.c", "idm/src/idm_session.c", "idm/src/user_idm_funcs.c", + "key_mgr/src/token_key.c", "lock/src/lock.c", "user_auth/src/auth_level.c", "user_auth/src/context_manager.c", diff --git a/common/key_mgr/inc/token_key.h b/common/key_mgr/inc/token_key.h index 107773f..d0e9069 100644 --- a/common/key_mgr/inc/token_key.h +++ b/common/key_mgr/inc/token_key.h @@ -19,8 +19,6 @@ #include "buffer.h" #include "defines.h" -#define SHA256_KEY_LEN 32 - Buffer *GetTokenKey(void); ResultCode InitTokenKey(void); diff --git a/common/key_mgr/src/token_key.c b/common/key_mgr/src/token_key.c index 9e3f51c..65af012 100644 --- a/common/key_mgr/src/token_key.c +++ b/common/key_mgr/src/token_key.c @@ -22,6 +22,8 @@ #include "buffer.h" #include "defines.h" +#define SHA256_KEY_LEN 32 + // This is for example only. Should be implemented in trusted environment. static Buffer *g_tokenKey = NULL; -- Gitee