hks_auth.c代碼分析
該檔案主要涉及認證機制。
檔案路徑security_huks\services\huks_standard\huks_engine\main\core\src\hks_auth.c
代碼注釋
結構體元素介紹
//結構體的封裝
struct HksAuthPolicy {
uint32_t authId; //辨別id
uint32_t policyCnt; //數量
uint32_t *policyTag; //tag的數組
};
初始化
#ifndef _CUT_AUTHENTICATE_
static uint32_t g_symCipherPolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_BLOCK_MODE, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_asymCipherPolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_signVerifyRsaPolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PADDING, HKS_TAG_PURPOSE };
static uint32_t g_signVerifyEccPolicyTag[] = { HKS_TAG_ALGORITHM, HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_macPolicyTag[] = { HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
static uint32_t g_derivePolicyTag[] = { HKS_TAG_DIGEST, HKS_TAG_PURPOSE };
struct HksAuthPolicy g_authPolicyList[] = {
{ HKS_AUTH_ID_SYM_CIPHER, HKS_ARRAY_SIZE(g_symCipherPolicyTag), g_symCipherPolicyTag },
{ HKS_AUTH_ID_ASYM_CIPHER, HKS_ARRAY_SIZE(g_asymCipherPolicyTag), g_asymCipherPolicyTag },
{ HKS_AUTH_ID_SIGN_VERIFY_RSA, HKS_ARRAY_SIZE(g_signVerifyRsaPolicyTag), g_signVerifyRsaPolicyTag },
{ HKS_AUTH_ID_SIGN_VERIFY_ECC, HKS_ARRAY_SIZE(g_signVerifyEccPolicyTag), g_signVerifyEccPolicyTag },
{ HKS_AUTH_ID_MAC, HKS_ARRAY_SIZE(g_macPolicyTag), g_macPolicyTag },
{ HKS_AUTH_ID_DERIVE, HKS_ARRAY_SIZE(g_derivePolicyTag), g_derivePolicyTag }
};
參數的檢查
//檢查一些參數
static int32_t CheckPurpose(const struct HksParam *authParam, const struct HksParam *requestParam)
{
if (requestParam->uint32Param == 0) {
return HKS_ERROR_INVALID_ARGUMENT;
}
if ((requestParam->uint32Param & authParam->uint32Param) != requestParam->uint32Param) {
return HKS_ERROR_INVALID_ARGUMENT;
}
return HKS_SUCCESS;
}
該函數主要實作認證
不斷擷取policy中的tag進行比對,滿足條件就擷取參數寫進對應數組。
//認證機制實作
static int32_t AuthPolicy(const struct HksAuthPolicy *policy, const struct HksKeyNode *keyNode,
const struct HksParamSet *paramSet)
{
int32_t ret;
uint32_t authTag;
struct HksParam *authParam = NULL;
struct HksParam *requestParam = NULL;
for (uint32_t i = 0; i < policy->policyCnt; i++) {
authTag = policy->policyTag[i];
ret = HksGetParam(keyNode->paramSet, authTag, &authParam);
//将參數集keyNode->paramSet滿足條件authtag的參數寫進authParam
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get auth param[%x] failed!", authTag);
return ret;
}
ret = HksGetParam(paramSet, authTag, &requestParam);
//擷取參數集paramSet中tag和authtag符合的參數寫進requestParam
if (ret != HKS_SUCCESS) {
HKS_LOG_E("get request param[%x] failed!", authTag);
return ret;
}
if (authTag != HKS_TAG_PURPOSE) {
ret = HksCheckParamMatch((const struct HksParam *)authParam, (const struct HksParam *)requestParam);
//tag不滿足條件就檢查參數并實作比對
} else {
ret = CheckPurpose((const struct HksParam *)authParam, (const struct HksParam *)requestParam);
//tag狀态正确的話就檢查purpose
}
if (ret != HKS_SUCCESS) {
HKS_LOG_E("unmatch policy[%x], [%x] != [%x]!", authTag, requestParam->uint32Param, authParam->uint32Param);
return ret;
}
}
return HKS_SUCCESS;
}
主要是實作AuthPolicy的封裝應用
對HKS_ARRAY_SIZE尺度内不斷循環使用authpolicy實作認證
//auth的封裝實作
int32_t HksAuth(uint32_t authId, const struct HksKeyNode *keyNode, const struct HksParamSet *paramSet)
{
for (uint32_t i = 0; i < HKS_ARRAY_SIZE(g_authPolicyList); i++) {
if (authId == g_authPolicyList[i].authId) {
return AuthPolicy(&g_authPolicyList[i], keyNode, paramSet);
}
}
return HKS_ERROR_BAD_STATE;
}