hks_auth.c代码分析
该文件主要涉及认证机制。
文件路径security_huks\services\huks_standard\huks_engine\main\core\src\hks_auth.c
代码注释
结构体元素介绍
//结构体的封装
struct HksAuthPolicy {
uint32_t authId; //标识id
uint32_t policyCnt; //数量
uint32_t *policyTag; //tag的数组
};
初始化
#ifndef _CUT_AUTHENTICATE_
static uint32_t g_symCipherPolicyTag[] = {
HKS_TAG_ALGORITHM, HKS_TAG_BLOCK_MODE, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_asymCipherPolicyTag[] = {
HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_signVerifyRsaPolicyTag[] = {
HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_signVerifyEccPolicyTag[] = {
HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_macPolicyTag[] = {
HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_derivePolicyTag[] = {
HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
struct HksAuthPolicy g_authPolicyList[] = {
{
HKS_AUTH_ID_SYM_CIPHER, HKS_ARRAY_SIZE(g_symCipherPolicyTag), g_symCipherPolicyTag },
{
HKS_AUTH_ID_ASYM_CIPHER, HKS_ARRAY_SIZE(g_asymCipherPolicyTag), g_asymCipherPolicyTag },
{
HKS_AUTH_ID_SIGN_VERIFY_RSA, HKS_ARRAY_SIZE(g_signVerifyRsaPolicyTag), g_signVerifyRsaPolicyTag },
{
HKS_AUTH_ID_SIGN_VERIFY_ECC, HKS_ARRAY_SIZE(g_signVerifyEccPolicyTag), g_signVerifyEccPolicyTag },
{
HKS_AUTH_ID_MAC, HKS_ARRAY_SIZE(g_macPolicyTag), g_macPolicyTag },
{
HKS_AUTH_ID_DERIVE, HKS_ARRAY_SIZE(g_derivePolicyTag), g_derivePolicyTag }
};
参数的检查
//检查一些参数
static int32_t CheckPurpose(const struct HksParam *authParam, const struct HksParam *requestParam)
{
if (requestParam->uint32Param == 0) {
return HKS_ERROR_INVALID_ARGUMENT;
}
if ((requestParam->uint32Param & authParam->uint32Param) != requestParam->uint32Param) {
return HKS_ERROR_INVALID_ARGUMENT;
}
return HKS_SUCCESS;
}
该函数主要实现认证
不断获取policy中的tag进行比对,满足条件就获取参数写进对应数组。
//认证机制实现
static int32_t AuthPolicy(const struct HksAuthPolicy *policy, const struct HksKeyNode *keyNode,
const struct HksParamSet *paramSet)
{
int32_t ret;
uint32_t authTag;
struct HksParam *authParam = NULL;
struct HksParam *requestParam = NULL;
for (uint32_t i = 0; i < policy->policyCnt; i++) {
authTag = policy->policyTag[i];
ret = HksGetParam(keyNode->paramSet, authTag, &authParam);
//将参数集keyNode->paramSet满足条件authtag的参数写进authParam
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get auth param[%x] failed!", authTag);
return ret;
}
ret = HksGetParam(paramSet, authTag, &requestParam);
//获取参数集paramSet中tag和authtag符合的参数写进requestParam
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get request param[%x] failed!", authTag);
return ret;
}
if (authTag != HKS_TAG_PURPOSE) {
ret = HksCheckParamMatch((const struct HksParam *)authParam, (const struct HksParam *)requestParam);
//tag不满足条件就检查参数并实现匹配
} else {
ret = CheckPurpose((const struct HksParam *)authParam, (const struct HksParam *)requestParam);
//tag状态正确的话就检查purpose
}
if (ret != HKS_SUCCESS) {
HKS_LOG_E("unmatch policy[%x], [%x] != [%x]!", authTag, requestParam->uint32Param, authParam->uint32Param);
return ret;
}
}
return HKS_SUCCESS;
}
主要是实现AuthPolicy的封装应用
对HKS_ARRAY_SIZE尺度内不断循环使用authpolicy实现认证
//auth的封装实现
int32_t HksAuth(uint32_t authId, const struct HksKeyNode *keyNode, const struct HksParamSet *paramSet)
{
for (uint32_t i = 0; i < HKS_ARRAY_SIZE(g_authPolicyList); i++) {
if (authId == g_authPolicyList[i].authId) {
return AuthPolicy(&g_authPolicyList[i], keyNode, paramSet);
}
}
return HKS_ERROR_BAD_STATE;
}