diff --git a/device_attest/build/BUILD.gn b/device_attest/build/BUILD.gn index 0ffb7d99edec53e46c4da06a3d287c81c70f1f0b..4db2f69a6564783bc3b2c114b3ac64650b0857a5 100644 --- a/device_attest/build/BUILD.gn +++ b/device_attest/build/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,13 +18,13 @@ group("attest_standard_packages") { deps = [] if (is_standard_system) { deps += [ + "${devattest_path}/interfaces/innerkits/native_cpp:devattest_sdk", + "${devattest_path}/services/devattest_ability:devattest_service", "${devattest_path}/services/etc/init:devattest_etc", "${devattest_path}/services/sa_profile:devattest_sa_profile", - "${devattest_path}/services/devattest_ability:devattest_service", - "${devattest_path}/interfaces/innerkits/native_cpp:devattest_sdk", ] if (enable_attest_test_sample) { - deps += ["${devattest_path}/sample/client:attesttestclient"] + deps += [ "${devattest_path}/sample/client:attesttestclient" ] } } } diff --git a/device_attest/build/devattestconfig.gni b/device_attest/build/devattestconfig.gni index e848c92f0cfec47ef12a09900ac0d41cb70fce51..f9553cfe18ee7b0f29211f9422575e56c164a2e3 100644 --- a/device_attest/build/devattestconfig.gni +++ b/device_attest/build/devattestconfig.gni @@ -1,3 +1,16 @@ +# Copyright (C) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + devattest_path = "//test/xts/device_attest" devattest_innerkit_path = "${devattest_path}/interfaces/innerkits/" diff --git a/device_attest/bundle.json b/device_attest/bundle.json index 94e636fb1b4e3dcacc54e228437ffbdabf2746de..5088b52565c32bcfb1f326e807f27f78247d9bcb 100644 --- a/device_attest/bundle.json +++ b/device_attest/bundle.json @@ -53,7 +53,6 @@ } ], "test": [ - "//test/xts/device_attest/test/unittest:unittest" ] } } diff --git a/device_attest/interfaces/innerkits/native_cpp/BUILD.gn b/device_attest/interfaces/innerkits/native_cpp/BUILD.gn index 1224679543403064dea47287a1b5b0be0af0118e..e7ce2a480b5a55e7764000c29cdd9cb49369f497 100644 --- a/device_attest/interfaces/innerkits/native_cpp/BUILD.gn +++ b/device_attest/interfaces/innerkits/native_cpp/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,29 +16,25 @@ import("//test/xts/device_attest/build/devattestconfig.gni") config("devattest_sdk_config") { visibility = [ ":*" ] - cflags = [ - "-Wall", - ] + cflags = [ "-Wall" ] include_dirs = [ "include", "${devattest_path}/common", "${devattest_path}/common/log", + "${devattest_path}/services/devattest_ability/include", "//utils/native/base/include", "//utils/system/safwk/native/include", - "${devattest_path}/services/devattest_ability/include", ] } ohos_shared_library("devattest_sdk") { sources = [ - "src/devattest_service_proxy.cpp", - "src/devattest_client.cpp", "${devattest_path}/services/devattest_ability/src/attest_result_info.cpp", + "src/devattest_client.cpp", + "src/devattest_service_proxy.cpp", ] - configs = [ - ":devattest_sdk_config", - ] + configs = [ ":devattest_sdk_config" ] deps = [] diff --git a/device_attest/sample/client/BUILD.gn b/device_attest/sample/client/BUILD.gn index d2218b27332a898ea329a88305d45bfad533aa75..1606c7425e97663db804c9633d8f4d0e48f16571 100644 --- a/device_attest/sample/client/BUILD.gn +++ b/device_attest/sample/client/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,22 +15,20 @@ import("//build/ohos.gni") import("//test/xts/device_attest/build/devattestconfig.gni") ohos_executable("attesttestclient") { - sources = [ - "devattest_main_client.cpp", + sources = [ "${devattest_path}/services/devattest_ability/src/attest_result_info.cpp", + "devattest_main_client.cpp", ] include_dirs = [ "${devattest_path}/common", "${devattest_path}/common/log", "${devattest_innerkit_path}/native_cpp/include", - "//utils/native/base/include", "${devattest_path}/services/devattest_ability/include", + "//utils/native/base/include", ] - deps = [ - "${devattest_path}/interfaces/innerkits/native_cpp:devattest_sdk", - ] + deps = [ "${devattest_path}/interfaces/innerkits/native_cpp:devattest_sdk" ] external_deps = [ "c_utils:utils", diff --git a/device_attest/services/core/BUILD.gn b/device_attest/services/core/BUILD.gn index d89e708a663a91b813676ae02a78a3b630de3d44..5069a6a0578b7c9f1b0b737843c4297dae7352c8 100644 --- a/device_attest/services/core/BUILD.gn +++ b/device_attest/services/core/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,46 +15,40 @@ import("//build/ohos.gni") import("//test/xts/device_attest/build/devattestconfig.gni") sources_common = [ - "attest_entry.c", - "adapter/attest_adapter.c", - "adapter/attest_adapter_os.c", - "adapter/attest_adapter_oem.c", - "adapter/attest_adapter_mock.c", - "attest/attest_service.c", - "attest/attest_service_auth.c", - "attest/attest_service_active.c", - "attest/attest_service_challenge.c", - "attest/attest_service_reset.c", - "attest/attest_service_device.c", - "network/attest_network.c", - "security/attest_security.c", - "security/attest_security_token.c", - "security/attest_security_ticket.c", - "utils/attest_utils_file.c", - "utils/attest_utils_json.c", - "utils/attest_utils_log.c", - "utils/attest_utils_timer.c", - "utils/attest_utils_list.c", - "utils/attest_utils.c", + "attest_entry.c", + "adapter/attest_adapter.c", + "adapter/attest_adapter_os.c", + "adapter/attest_adapter_oem.c", + "adapter/attest_adapter_mock.c", + "attest/attest_service.c", + "attest/attest_service_auth.c", + "attest/attest_service_active.c", + "attest/attest_service_challenge.c", + "attest/attest_service_reset.c", + "attest/attest_service_device.c", + "network/attest_network.c", + "security/attest_security.c", + "security/attest_security_token.c", + "security/attest_security_ticket.c", + "utils/attest_utils_file.c", + "utils/attest_utils_json.c", + "utils/attest_utils_log.c", + "utils/attest_utils_timer.c", + "utils/attest_utils_list.c", + "utils/attest_utils.c", ] if (enable_attest_debug_memory_leak) { - sources_common += [ - "utils/attest_utils_memleak.c", - ] + sources_common += [ "utils/attest_utils_memleak.c" ] } if (enable_attest_debug_dfx) { - sources_common += [ - "dfx/attest_dfx.c", - ] + sources_common += [ "dfx/attest_dfx.c" ] } config("devattest_core_config") { visibility = [ ":*" ] - cflags = [ - "-Wall", - ] + cflags = [ "-Wall" ] include_dirs = [ "include", "${devattest_path}/services/core/include/adapter", @@ -66,9 +60,8 @@ config("devattest_core_config") { "//base/startup/syspara_lite/adapter/native/syspara/include", ] - include_dirs += [ - "//base/startup/init/interfaces/innerkits/include/syspara", - ] + include_dirs += [ "//base/startup/init/interfaces/innerkits/include/syspara" ] + include_dirs += [ "//developtools/syscap_codec/interfaces/inner_api" ] defines = [ "ATTEST_HILOG_LEVEL = 1" ] if (enable_attest_network_host_debug) { @@ -77,56 +70,43 @@ config("devattest_core_config") { "HTTPS_NETWORK_HOST = \"wisedevice-saas-mirrorcn.hwcloudtest.cn\"", ] } else { - defines += [ - "HTTPS_NETWORK_HOST = \"wisedevice-drcn.openharmony.cn\"", - ] + defines += [ "HTTPS_NETWORK_HOST = \"wisedevice-drcn.openharmony.cn\"" ] } if (enable_attest_test_mock_network) { - defines += [ - "__ATTEST_MOCK_NETWORK_STUB__", - ] + defines += [ "__ATTEST_MOCK_NETWORK_STUB__" ] } if (enable_attest_test_mock_device) { - defines += [ - "__ATTEST_MOCK_DEVICE_STUB__", - ] + defines += [ "__ATTEST_MOCK_DEVICE_STUB__" ] } if (enable_attest_debug_memory_leak) { - defines += [ - "__ATTEST_DEBUG_MEMORY_LEAK__", - ] + defines += [ "__ATTEST_DEBUG_MEMORY_LEAK__" ] } if (enable_attest_network_debug_log) { - defines += [ - "__ATTEST_NETWORK_DEBUG_LOG__", - ] + defines += [ "__ATTEST_NETWORK_DEBUG_LOG__" ] } - defines += [ - "MBEDTLS_ALLOW_PRIVATE_ACCESS", - ] + defines += [ "MBEDTLS_ALLOW_PRIVATE_ACCESS" ] } ohos_shared_library("devattest_core") { sources = sources_common - configs = [ - ":devattest_core_config", - ] - + configs = [ ":devattest_core_config" ] + deps = [ "//third_party/cJSON:cjson_static", "//third_party/mbedtls:mbedtls_shared", - #"//third_party/openssl:libssl_static", - "//third_party/openssl:ssl_source", "//third_party/openssl:libcrypto_static", + "//third_party/openssl:ssl_source", "//drivers/peripheral/devicetoken/hdi_service:devicetoken_driver", ] - + + deps += [ "//developtools/syscap_codec:syscap_interface_shared" ] + external_deps = [ - "hiviewdfx_hilog_native:libhilog", "c_utils:utils", + "hiviewdfx_hilog_native:libhilog", "init:libbegetutil", ] diff --git a/device_attest/services/core/attest/attest_service.c b/device_attest/services/core/attest/attest_service.c index 896e5d1aa6949e08ff25edfd27d07d27e7f6b023..6eae8e346fc7d551779d787e265d39d444b2db97 100644 --- a/device_attest/services/core/attest/attest_service.c +++ b/device_attest/services/core/attest/attest_service.c @@ -30,7 +30,6 @@ #include "attest_service_challenge.h" #include "attest_network.h" #include "attest_service.h" -#include "attest_service_device.h" pthread_mutex_t g_mtxAttest = PTHREAD_MUTEX_INITIALIZER; @@ -302,11 +301,14 @@ static int32_t QueryAttestStatusImpl(int32_t* authResult, int32_t* softwareResul // 获取token char* decryptedTicket = (char *)ATTEST_MEM_MALLOC(MAX_TICKET_LEN); if (decryptedTicket == NULL) { + DestroyAuthStatus(&authStatus); ATTEST_LOG_ERROR("[QueryAttestStatusImpl] buff malloc memory failed"); return ATTEST_ERR; } int32_t retCode = ReadTicketFromDevice(decryptedTicket, MAX_TICKET_LEN); if (retCode != ATTEST_OK) { + DestroyAuthStatus(&authStatus); + ATTEST_MEM_FREE(decryptedTicket); ATTEST_LOG_ERROR("[QueryAttestStatusImpl] read ticket from device failed"); return ATTEST_ERR; } diff --git a/device_attest/services/core/attest/attest_service_active.c b/device_attest/services/core/attest/attest_service_active.c index c5d7f4b366ececc1c967aa05c190b7ffd181db84..c96f0e44624a492392c511901550e7c2ab4160cd 100644 --- a/device_attest/services/core/attest/attest_service_active.c +++ b/device_attest/services/core/attest/attest_service_active.c @@ -20,10 +20,10 @@ #include "attest_dfx.h" #include "attest_security.h" #include "attest_service_device.h" +#include "attest_security_token.h" #include "attest_network.h" #include "attest_adapter_mock.h" #include "attest_service_active.h" -#include "attest_security_token.h" int32_t GenActiveMsg(AuthResult* authResult, const ChallengeResult* challengeResult, DevicePacket** devPacket) { @@ -99,14 +99,14 @@ int32_t ParseActiveResult(const char* jsonStr) ATTEST_LOG_ERROR("[ParseActiveResult] Invalid parameter"); return ATTEST_ERR; } - uint64_t errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); + double errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); if (isnan(errorCode)) { ATTEST_LOG_ERROR("[ParseActiveResult] errorCode is nan."); return ATTEST_ERR; } if (errorCode != ATTEST_OK) { - ATTEST_LOG_ERROR("[ParseActiveResult] -errorCode = %d.", -errorCode); - return -(errorCode); + ATTEST_LOG_ERROR("[ParseActiveResult] -errorCode = %d.", -(int32_t)(errorCode)); + return -(int32_t)((errorCode)); } return ATTEST_OK; } diff --git a/device_attest/services/core/attest/attest_service_auth.c b/device_attest/services/core/attest/attest_service_auth.c index ea8fd14aee658778ccfdeb983e1c301e4d13caa0..a666983da2e85c730bd77f6d58bf93d766e76ce4 100644 --- a/device_attest/services/core/attest/attest_service_auth.c +++ b/device_attest/services/core/attest/attest_service_auth.c @@ -133,6 +133,109 @@ static int32_t ParseSoftwareResult(const cJSON* root, AuthStatus* authStatus) return ATTEST_OK; } +static int32_t ParseVersionIdResult(const cJSON* json, SoftwareResultDetail* softwareResultDetail) +{ + if ((json == NULL) || (softwareResultDetail == NULL)) { + ATTEST_LOG_ERROR("[ParseVersionIdResult] Invalid parameter"); + return ATTEST_ERR; + } + cJSON* item = cJSON_GetObjectItem(json, "versionIdResult"); + if ((item == NULL) || !cJSON_IsNumber(item)) { + ATTEST_LOG_ERROR("[ParseVersionIdResult] GetObjectItem versionIdResult failed"); + return ATTEST_ERR; + } + softwareResultDetail->versionIdResult = item->valueint; + return ATTEST_OK; +} + +static int32_t ParsePatchLevelResult(const cJSON* json, SoftwareResultDetail* softwareResultDetail) +{ + if ((json == NULL) || (softwareResultDetail == NULL)) { + ATTEST_LOG_ERROR("[ParsePatchLevelResult] Invalid parameter"); + return ATTEST_ERR; + } + cJSON* item = cJSON_GetObjectItem(json, "patchLevelResult"); + if ((item == NULL) || !cJSON_IsNumber(item)) { + ATTEST_LOG_ERROR("[ParsePatchLevelResult] GetObjectItem patchLevelResult failed"); + return ATTEST_ERR; + } + softwareResultDetail->patchLevelResult = item->valueint; + return ATTEST_OK; +} + +static int32_t ParseRootHashResult(const cJSON* json, SoftwareResultDetail* softwareResultDetail) +{ + if ((json == NULL) || (softwareResultDetail == NULL)) { + ATTEST_LOG_ERROR("[ParseRootHashResult] Invalid parameter"); + return ATTEST_ERR; + } + cJSON* item = cJSON_GetObjectItem(json, "rootHashResult"); + if ((item == NULL) || !cJSON_IsNumber(item)) { + ATTEST_LOG_ERROR("[ParseRootHashResult] GetObjectItem rootHashResult failed"); + return ATTEST_ERR; + } + softwareResultDetail->rootHashResult = item->valueint; + return ATTEST_OK; +} + +static int32_t ParsePcidResult(const cJSON* json, SoftwareResultDetail* softwareResultDetail) +{ + if ((json == NULL) || (softwareResultDetail == NULL)) { + ATTEST_LOG_ERROR("[ParsePcidResult] Invalid parameter"); + return ATTEST_ERR; + } + cJSON* item = cJSON_GetObjectItem(json, "pcidResult"); + if ((item == NULL) || !cJSON_IsNumber(item)) { + ATTEST_LOG_ERROR("[ParsePcidResult] GetObjectItem pcidResult failed"); + return ATTEST_OK; // Special handling, compatible with pcid + } + softwareResultDetail->pcidResult = item->valueint; + return ATTEST_OK; +} + +static int32_t ParseSoftwareResultDetail(const cJSON* root, AuthStatus* authStatus) +{ + if (root == NULL || authStatus == NULL) { + ATTEST_LOG_ERROR("[ParseSoftwareResultDetail] Invalid parameter"); + return ATTEST_ERR; + } + + cJSON* json = cJSON_GetObjectItem(root, "softwareResultDetail"); + if (json == NULL || !cJSON_IsObject(json)) { + ATTEST_LOG_ERROR("[ParseSoftwareResultDetail] cJSON GetObjectItem softwareResultDetail fail"); + return ATTEST_ERR; + } + + size_t len = sizeof(SoftwareResultDetail); + authStatus->softwareResultDetail = (char *)ATTEST_MEM_MALLOC(len); + if (authStatus->softwareResultDetail == NULL) { + ATTEST_LOG_ERROR("[ParseSoftwareResultDetail] Failed to malloc."); + return ATTEST_ERR; + } + (void)memset_s(authStatus->softwareResultDetail, len, 0, len); + int32_t ret = ATTEST_ERR; + do { + if (ParseVersionIdResult(json, (SoftwareResultDetail *)authStatus->softwareResultDetail) != ATTEST_OK) { + ATTEST_LOG_ERROR("[ParseSoftwareResultDetail] Failed to parse versionIdResult."); + break; + } + if (ParsePatchLevelResult(json, (SoftwareResultDetail *)authStatus->softwareResultDetail) != ATTEST_OK) { + ATTEST_LOG_ERROR("[ParseSoftwareResultDetail] Failed to parse patchLevelResult."); + break; + } + if (ParseRootHashResult(json, (SoftwareResultDetail *)authStatus->softwareResultDetail) != ATTEST_OK) { + ATTEST_LOG_ERROR("[ParseSoftwareResultDetail] Failed to parse rootHashResult."); + break; + } + if (ParsePcidResult(json, (SoftwareResultDetail *)authStatus->softwareResultDetail) != ATTEST_OK) { + ATTEST_LOG_ERROR("[ParseSoftwareResultDetail] Failed to parse pcidResult."); + break; + } + ret = ATTEST_OK; + } while (0); + return ret; +} + static int32_t ParseExpireTime(const cJSON* root, AuthStatus* authStatus) { if (root == NULL || authStatus == NULL) { @@ -217,6 +320,7 @@ static bool IsAuthStatusValid(const cJSON* root) if (cJSON_HasObjectItem(root, "authResult") && cJSON_HasObjectItem(root, "authType") && cJSON_HasObjectItem(root, "softwareResult") && + cJSON_HasObjectItem(root, "softwareResultDetail") && cJSON_HasObjectItem(root, "versionId") && cJSON_HasObjectItem(root, "expireTime")) { return true; @@ -253,6 +357,10 @@ static int32_t UnpackAuthStatusResp(const char* decodedAuthStatus, AuthStatus* a ATTEST_LOG_ERROR("[UnpackAuthStatusResp] Parse software status failed"); break; } + if ((ret = ParseSoftwareResultDetail(root, authStatus)) != 0) { + ATTEST_LOG_ERROR("[UnpackAuthStatusResp] Parse software status failed"); + break; + } if ((ret = ParseAuthType(root, authStatus)) != 0) { ATTEST_LOG_ERROR("[UnpackAuthStatusResp] Parse auth type failed"); break; @@ -439,9 +547,10 @@ AuthStatus* CreateAuthStatus(void) return NULL; } authStatus->versionId = NULL; + authStatus->authType = NULL; + authStatus->softwareResultDetail = NULL; authStatus->softwareResult = DEVICE_ATTEST_INIT; authStatus->hardwareResult = DEVICE_ATTEST_INIT; - authStatus->authType = NULL; authStatus->expireTime = 0; return authStatus; } @@ -455,6 +564,7 @@ void DestroyAuthStatus(AuthStatus** authStat) AuthStatus* authStatus = *authStat; ATTEST_MEM_FREE(authStatus->versionId); ATTEST_MEM_FREE(authStatus->authType); + ATTEST_MEM_FREE(authStatus->softwareResultDetail); ATTEST_MEM_FREE(authStatus); *authStat = NULL; } @@ -680,6 +790,7 @@ int32_t GenAuthMsg(ChallengeResult* challengeResult, DevicePacket** devPacket) devicePacket->udid = StrdupDevInfo(UDID); devicePacket->tokenInfo.uuid = AttestStrdup((char*)tokenId); devicePacket->tokenInfo.token = AttestStrdup((char*)tokenValueHmac); + devicePacket->pcid = StrdupDevInfo(PCID_ID); int32_t ret = PackProductInfo(&devicePacket->productInfo); if (ret != ATTEST_OK) { ATTEST_LOG_ERROR("[GenAuthMsg] Pack ProductInfo failed."); @@ -733,32 +844,32 @@ int32_t ParseAuthResultResp(const char* msg, AuthResult* authResult) int32_t ret = -1; do { // 解析错误码为4999或140001时,重试一次 - if ((ret = ParseErrcode(json, authResult)) != 0) { + if ((ret = ParseErrcode(json, authResult)) != ATTEST_OK) { ATTEST_LOG_ERROR("[ParseAuthResultResp] Invalid error code or get it failed, ret = %d", ret); break; } - if ((ret = ParseAuthStats(json, authResult)) != 0) { + if ((ret = ParseAuthStats(json, authResult)) != ATTEST_OK) { ATTEST_LOG_ERROR( "[ParseAuthResultResp] Parse auth status from symbol authentication response failed, ret = %d", ret); break; } - if ((ret = DecodeAuthStatus(authResult->authStatus, authStatus)) != 0) { + if ((ret = DecodeAuthStatus(authResult->authStatus, authStatus)) != ATTEST_OK) { ATTEST_LOG_ERROR("[ParseAuthResultResp] Decode authentication status data damaged, ret = %d", ret); break; } - if ((authStatus != NULL) && (authStatus->hardwareResult != 0)) { + if ((authStatus != NULL) && (authStatus->hardwareResult != ATTEST_OK)) { ATTEST_LOG_ERROR("[ParseAuthResultResp] Hardware result is [%d]", authStatus->hardwareResult); break; } - if (ParseTicket(json, authResult) != 0) { + if (ParseTicket(json, authResult) != ATTEST_OK) { ATTEST_LOG_ERROR("[ParseAuthResultResp] Parse ticket from symbol authentication response failed"); break; } - if (ParseTokenValue(json, authResult) != 0) { + if (ParseTokenValue(json, authResult) != ATTEST_OK) { ATTEST_LOG_ERROR("[ParseAuthResultResp] Parse token value from symbol authentication response failed"); break; } - if (ParseTokenId(json, authResult) != 0) { + if (ParseTokenId(json, authResult) != ATTEST_OK) { ATTEST_LOG_ERROR("[ParseAuthResultResp] Parse token id from symbol authentication response failed"); break; } diff --git a/device_attest/services/core/attest/attest_service_challenge.c b/device_attest/services/core/attest/attest_service_challenge.c index 87db0f65d8a7894ca4e6f53a4ea07ef642266404..4028a403e1d37c6f3dbf388bf165b7f8e33df368 100644 --- a/device_attest/services/core/attest/attest_service_challenge.c +++ b/device_attest/services/core/attest/attest_service_challenge.c @@ -73,7 +73,7 @@ static int32_t SendChallMsg(DevicePacket* devicePacket, char** respMsg, ATTEST_A uint32_t ret = SendAttestMsg(devicePacket, ATTEST_ACTION_CHALLENGE, &recvMsg); if (ret != ATTEST_OK) { ATTEST_LOG_ERROR("[SendChallMsg] Send AttestMsg failed"); - return ATTEST_ERR; + return ret; } *respMsg = recvMsg; return ret; @@ -85,19 +85,19 @@ static int32_t ParseChallengeResult(const char* jsonStr, ChallengeResult *challe ATTEST_LOG_ERROR("[ParseChallengeResult] Invalid parameter"); return ATTEST_ERR; } - uint64_t errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); + double errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); if (isnan(errorCode)) { ATTEST_LOG_WARN("[ParseChallengeResult] errorCode is nan."); ATTEST_LOG_ERROR("[ParseChallengeResult] Parse msg failed."); return ATTEST_ERR; } if (errorCode != ATTEST_OK) { - ATTEST_LOG_ERROR("[ParseChallengeResult] -errorCode = %d.", -errorCode); - return -(errorCode); + ATTEST_LOG_ERROR("[ParseChallengeResult] -errorCode = %d.", -(int32_t)(errorCode)); + return -(int32_t)(errorCode); } challenge->currentTime = GetObjectItemValueNumber(jsonStr, "currentTime"); - if (isnan(challenge->currentTime)) { + if (isnan((double)challenge->currentTime)) { ATTEST_LOG_WARN("[ParseChallengeResult] currentTime is nan."); ATTEST_LOG_ERROR("[ParseChallengeResult] GetObjectItem currentTime failed."); return ATTEST_ERR; diff --git a/device_attest/services/core/attest/attest_service_device.c b/device_attest/services/core/attest/attest_service_device.c index 14b71554847669c4371ba46940d5b9bdab36e37d..8c5436970283840cc594591936bac80ed94b01ca 100644 --- a/device_attest/services/core/attest/attest_service_device.c +++ b/device_attest/services/core/attest/attest_service_device.c @@ -13,12 +13,14 @@ * limitations under the License. */ +#include "syscap_interface.h" #include "attest_type.h" #include "attest_utils.h" #include "attest_utils_log.h" #include "attest_adapter.h" #include "attest_service_device.h" -#include "parameter.h" + +#define PCID_STRING_LEN 64 char* g_devSysInfos[SYS_DEV_MAX] = {NULL}; const char* g_devSysInfosStr[] = { @@ -33,6 +35,7 @@ const char* g_devSysInfosStr[] = { "RANDOM_UUID", "APP_ID", "TENANT_ID", + "PCID", }; SetDataFunc g_setDataFunc[] = { @@ -47,6 +50,7 @@ SetDataFunc g_setDataFunc[] = { &GetRandomUuid, &GetAppId, &GetTenantId, + &GetPcid, }; static int32_t SetSysData(SYS_DEV_TYPE_E type) @@ -83,7 +87,7 @@ static void PrintDevSysInfo(void) return; } for (int32_t i = 0; i < SYS_DEV_MAX; i++) { - if (i == UDID || i == APP_ID) { + if (i == UDID || i == APP_ID || i == PCID_ID) { continue; } if (g_devSysInfos[i] == NULL) { @@ -104,9 +108,8 @@ int32_t InitSysData(void) return ATTEST_OK; } - int32_t ret; for (int32_t i = 0; i < SYS_DEV_MAX; i++) { - ret = SetSysData((SYS_DEV_TYPE_E)i); + int32_t ret = SetSysData((SYS_DEV_TYPE_E)i); if (ret != ATTEST_OK) { ATTEST_LOG_ERROR("[InitSysData] SetSysData failed."); return ATTEST_ERR; @@ -155,7 +158,7 @@ char* GetRandomUuid(void) ATTEST_LOG_ERROR("[GetRandomUuid] malloc memory failed."); return NULL; } - + char* index = buff; uint32_t tempLen = 4; int32_t MaxRandomLen = 65536; @@ -182,3 +185,83 @@ char* GetRandomUuid(void) return buff; } +static int32_t MergePcid(char *pcidOs, int32_t pcidOsLen, char *pcidPrivate, int32_t pcidPrivateLen, char **output) +{ + if (output == NULL || pcidOs == NULL || pcidOsLen == 0) { + ATTEST_LOG_ERROR("[MergePcid] Invalid parameter."); + return ATTEST_ERR; + } + + int32_t size = pcidOsLen + pcidPrivateLen; + char *pcidBuf = (char *)ATTEST_MEM_MALLOC(size); + if (pcidBuf == NULL) { + ATTEST_LOG_ERROR("[MergePcid] Failed to malloc."); + return ATTEST_ERR; + } + if (memcpy_s(pcidBuf, size, pcidOs, pcidOsLen) != 0) { + ATTEST_LOG_ERROR("[MergePcid] Failed to memcpy osSyscaps."); + ATTEST_MEM_FREE(pcidBuf); + return ATTEST_ERR; + } + if ((pcidPrivateLen > 0 && pcidPrivate != NULL) && + (memcpy_s(pcidBuf, size, pcidPrivate, pcidPrivateLen) != 0)) { + ATTEST_LOG_ERROR("[MergePcid] Failed to memcpy privateSyscaps."); + ATTEST_MEM_FREE(pcidBuf); + return ATTEST_ERR; + } + *output = pcidBuf; + return ATTEST_OK; +} + +static int32_t EncodePcid(char *buf, int32_t bufLen, char **output) +{ + if (output == NULL || buf == NULL || bufLen == 0) { + ATTEST_LOG_ERROR("[EncodePcid] Invalid parameter."); + return ATTEST_ERR; + } + + char *pcidSha256 = (char *)ATTEST_MEM_MALLOC(PCID_STRING_LEN + 1); + if (pcidSha256 == NULL) { + ATTEST_LOG_ERROR("[EncodePcid] Failed to malloc."); + return ATTEST_ERR; + } + int32_t ret = Sha256Value((const unsigned char *)buf, bufLen, pcidSha256, PCID_STRING_LEN + 1); + if (ret != ATTEST_OK) { + ATTEST_LOG_ERROR("[EncodePcid] Failed to encode."); + ATTEST_MEM_FREE(pcidSha256); + return ATTEST_ERR; + } + *output = pcidSha256; + return ATTEST_OK; +} + +char* GetPcid(void) +{ + // get osSyscap + char osSyscaps[PCID_MAIN_BYTES] = {0}; + EncodeOsSyscap(osSyscaps, PCID_MAIN_BYTES); + + // get privateSyscap + char *privateSyscaps = NULL; + int32_t pcidPrivateLen = 0; + EncodePrivateSyscap(&privateSyscaps, &pcidPrivateLen); + + // merge OsSyscap and PrivateSyscap + char *pcidBuf = NULL; + int32_t ret = MergePcid(osSyscaps, PCID_MAIN_BYTES, privateSyscaps, pcidPrivateLen, &pcidBuf); + if (ret != ATTEST_OK || pcidBuf == NULL) { + ATTEST_LOG_ERROR("[GetPcid] Failed to Merge Pcid."); + return NULL; + } + + // SHA256转换 + char *pcidSha256 = NULL; + ret = EncodePcid(pcidBuf, PCID_MAIN_BYTES + pcidPrivateLen, &pcidSha256); + if (ret != ATTEST_OK || pcidSha256 == NULL) { + ATTEST_LOG_ERROR("[GetPcid] Failed to SHA256."); + ATTEST_MEM_FREE(pcidBuf); + return NULL; + } + ATTEST_MEM_FREE(pcidBuf); + return pcidSha256; +} diff --git a/device_attest/services/core/attest/attest_service_reset.c b/device_attest/services/core/attest/attest_service_reset.c index f2b3191e985fc9e87a510d4515d0698a87e56267..8df9020d7a7d162f6375f67269ad9ac0c26cee2b 100644 --- a/device_attest/services/core/attest/attest_service_reset.c +++ b/device_attest/services/core/attest/attest_service_reset.c @@ -86,14 +86,14 @@ int32_t ParseResetResult(const char* jsonStr) ATTEST_LOG_ERROR("[ParseResetResult] Invalid parameter"); return ATTEST_ERR; } - uint64_t errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); + double errorCode = GetObjectItemValueNumber(jsonStr, "errcode"); if (isnan(errorCode)) { ATTEST_LOG_ERROR("[ParseResetResult] errorCode is nan."); return ATTEST_ERR; } if (errorCode != ATTEST_OK) { - ATTEST_LOG_ERROR("[ParseResetResult] -errorCode = %d.", -errorCode); - return -(errorCode); + ATTEST_LOG_ERROR("[ParseResetResult] -errorCode = %d.", -(int32_t)errorCode); + return -(int32_t)(errorCode); } return ATTEST_OK; } diff --git a/device_attest/services/core/dfx/attest_dfx.c b/device_attest/services/core/dfx/attest_dfx.c index 655419ce3db94de88d4acd450198a765057170e7..ebab6fefe15c8e79d93bf416b3c4567a7f0f8b61 100644 --- a/device_attest/services/core/dfx/attest_dfx.c +++ b/device_attest/services/core/dfx/attest_dfx.c @@ -14,9 +14,9 @@ */ #include "attest_type.h" +#include "attest_utils.h" #include "attest_utils_log.h" #include "attest_dfx.h" -#include "attest_utils.h" // 写到buffer,统一输出。 void PrintChallengeResult(ChallengeResult* challengeResult) diff --git a/device_attest/services/core/include/adapter/attest_adapter_mock.h b/device_attest/services/core/include/adapter/attest_adapter_mock.h index ec3af2fc636423af6a8bea9a90dda14df1fef429..7c51bb60d04b82b4507c0401facf1f9af187d85a 100644 --- a/device_attest/services/core/include/adapter/attest_adapter_mock.h +++ b/device_attest/services/core/include/adapter/attest_adapter_mock.h @@ -16,6 +16,8 @@ #ifndef ATTEST_ADAPTER_MOCK_H #define ATTEST_ADAPTER_MOCK_H +#include "attest_type.h" + #ifdef __cplusplus #if __cplusplus extern "C" { @@ -34,9 +36,10 @@ extern "C" { #define ATTEST_MOCK_DEVICE_STUB_FLAG false #endif -#define ATTEST_MOCK_STUB_PATH "/data/data" +#define ATTEST_MOCK_STUB_PATH "/data/device_attest" #define ATTEST_MOCK_STUB_NETWORK_NAME "attest_mock_network_para" #define ATTEST_MOCK_STUB_DEVICE_NAME "attest_mock_device_para" +#define ATTEST_MOCK_TOKEN_FILE_NAME "token" #define ATTEST_MOCK_STUB_MAX_LEN 512 // 定义打桩数据Json的节点名称 diff --git a/device_attest/services/core/include/adapter/attest_adapter_oem.h b/device_attest/services/core/include/adapter/attest_adapter_oem.h index 5121d5b73100cc7bbdc3b414fe72a1e530be65d7..16727d59822b1add935185730996a882a702fc9c 100644 --- a/device_attest/services/core/include/adapter/attest_adapter_oem.h +++ b/device_attest/services/core/include/adapter/attest_adapter_oem.h @@ -22,8 +22,7 @@ extern "C" { #endif #endif /* __cplusplus */ - -#define AUTH_RESULT_PATH "/data/data" // 具体读写路径待和浩哥讨论 +#define AUTH_RESULT_PATH "/data/device_attest" // 具体读写路径待和浩哥讨论 #define AUTH_STATUS_FILE_NAME "auth_status" #define TICKET_FILE_NAME "ticket" #define RESET_FLAG_FILE_NAME "reset_flag" diff --git a/device_attest/services/core/include/attest/attest_service_device.h b/device_attest/services/core/include/attest/attest_service_device.h index 6ddb3c0aa501f0e9d6e450b9bbc8c91f59b566ee..ebe9a626eb32f55682a65b5e977fc62315f690a5 100644 --- a/device_attest/services/core/include/attest/attest_service_device.h +++ b/device_attest/services/core/include/attest/attest_service_device.h @@ -36,6 +36,7 @@ typedef enum { RANDOM_UUID, APP_ID, TENANT_ID, + PCID_ID, SYS_DEV_MAX, // 注意: 添加枚举值需要同步修改 g_devSysInfos 和 g_devSysInfosStr } SYS_DEV_TYPE_E; @@ -60,6 +61,8 @@ char* GetAppId(void); char* GetTenantId(void); +char* GetPcid(void); + #ifdef __cplusplus #if __cplusplus } diff --git a/device_attest/services/core/include/attest_type.h b/device_attest/services/core/include/attest_type.h index 3121168067030d13c7b228ab40e204799614e56a..bb111843cf1bb21a6685bc882416973984f97d10 100644 --- a/device_attest/services/core/include/attest_type.h +++ b/device_attest/services/core/include/attest_type.h @@ -89,11 +89,20 @@ typedef struct { typedef struct { char* versionId; char* authType; + char* softwareResultDetail; int32_t softwareResult; int32_t hardwareResult; uint64_t expireTime; // 项目新增字段,参考接口文档 } AuthStatus; +// 认证返回结果中的softwareResultDetail结构 +typedef struct { + int32_t versionIdResult; + int32_t patchLevelResult; + int32_t rootHashResult; + int32_t pcidResult; +} SoftwareResultDetail; + // 获取挑战值返回结果 typedef struct { char *challenge; @@ -144,9 +153,10 @@ typedef struct DevicePacket { char *udid; char *ticket; char *randomUuid; // uuid的长度 + char *kitinfo; /* 可以重新定义一个新结构,然后做成链表 */ + char *pcid; DeviceTokenInfo tokenInfo; DeviceProductInfo productInfo; - char *kitinfo; /* 可以重新定义一个新结构,然后做成链表 */ } DevicePacket; typedef enum { @@ -157,6 +167,16 @@ typedef enum { ATTEST_ACTION_MAX, } ATTEST_ACTION_TYPE; +typedef enum { + ATTEST_RESULT_AUTH = 0, + ATTEST_RESULT_SOFTWARE, + ATTEST_RESULT_VERSIONID, + ATTEST_RESULT_PATCHLEVEL, + ATTEST_RESULT_ROOTHASH, + ATTEST_RESULT_PCID, + ATTEST_RESULT_MAX, +} ATTEST_RESULT_TYPE; + #ifdef __cplusplus #if __cplusplus } diff --git a/device_attest/services/core/include/utils/attest_utils.h b/device_attest/services/core/include/utils/attest_utils.h index 50bd73096bf76e52a3e74dbeb10f6822b745b56f..e57de59cfe5e6926af9690def9eb27cc5b281145 100644 --- a/device_attest/services/core/include/utils/attest_utils.h +++ b/device_attest/services/core/include/utils/attest_utils.h @@ -47,8 +47,6 @@ void PrintCurrentTime(void); int32_t ToLowerStr(char* str, int len); -int32_t StrToHex(char *pbDest, char *pbSrc, int nLen); - int Sha256Value(const unsigned char *src, int srcLen, char *dest, int destLen); int32_t AnonymiseStr(char* str); diff --git a/device_attest/services/core/include/utils/attest_utils_file.h b/device_attest/services/core/include/utils/attest_utils_file.h index e002e4427deb30faa6ccce38511fd5e2b5e51105..40d25fa6c91445a4cd87a749219d1a192eb87b43 100644 --- a/device_attest/services/core/include/utils/attest_utils_file.h +++ b/device_attest/services/core/include/utils/attest_utils_file.h @@ -16,6 +16,8 @@ #ifndef __ATTEST_UTILS_FILE_H__ #define __ATTEST_UTILS_FILE_H__ +#include + #ifdef __cplusplus #if __cplusplus extern "C" { @@ -33,6 +35,7 @@ int32_t ReadFile(const char* path, const char* fileName, char* buffer, uint32_t int32_t CreateFile(const char* path, const char* fileName); bool IsFileExist(const char* path, const char* fileName); + int32_t ReadFileBuffer(const char* path, const char* fileName, char** jsonStr); #ifdef __cplusplus diff --git a/device_attest/services/core/include/utils/attest_utils_json.h b/device_attest/services/core/include/utils/attest_utils_json.h index ec910b696ca4c4386cb59fad7e99564d1d1b89b8..b8cb1b228c455658e83066274881501abaea8898 100644 --- a/device_attest/services/core/include/utils/attest_utils_json.h +++ b/device_attest/services/core/include/utils/attest_utils_json.h @@ -26,7 +26,7 @@ int32_t GetObjectItemValueObject(const char* rootStr, const char* key, char** va int32_t GetObjectItemValueStr(const char* rootStr, const char* key, char** value); -uint64_t GetObjectItemValueNumber(const char* rootStr, char* key); +double GetObjectItemValueNumber(const char* rootStr, char* key); #ifdef __cplusplus #if __cplusplus diff --git a/device_attest/services/core/network/attest_network.c b/device_attest/services/core/network/attest_network.c index c17da0d38562dc446e8f9124ffcd42081dfbf778..7992c9eaeec1e0bd2e4fd43b6b10cb76d0b080de 100644 --- a/device_attest/services/core/network/attest_network.c +++ b/device_attest/services/core/network/attest_network.c @@ -88,6 +88,7 @@ DevicePacket* CreateDevicePacket(void) devicePacket->productInfo.rootHash = NULL; devicePacket->productInfo.patchTag = NULL; devicePacket->kitinfo = NULL; + devicePacket->pcid = NULL; return devicePacket; } @@ -113,6 +114,8 @@ void DestroyDevicePacket(DevicePacket** devPacket) ATTEST_MEM_FREE(devicePacket->productInfo.displayVersion); ATTEST_MEM_FREE(devicePacket->productInfo.rootHash); ATTEST_MEM_FREE(devicePacket->productInfo.patchTag); + ATTEST_MEM_FREE(devicePacket->kitinfo); + ATTEST_MEM_FREE(devicePacket->pcid); ATTEST_MEM_FREE(*devPacket); } @@ -122,7 +125,7 @@ static int32_t Sha256Udid(char *udid, char *outStr) SHA256_CTX sha256; if (udid == NULL || outStr == NULL) { ATTEST_LOG_ERROR("[Sha256Udid] Invalid parameter"); - return -1; + return ATTEST_ERR; } SHA256_Init(&sha256); @@ -133,7 +136,7 @@ static int32_t Sha256Udid(char *udid, char *outStr) for (int32_t i = 0; i < strlen((char *)hash); i++) { if (curLen > (HTTPS_NETWORK_SHA256_LEN - 1)) { ATTEST_LOG_ERROR("[Sha256Udid] CurLen(%d) is more than maxLen(%d).", curLen, HTTPS_NETWORK_SHA256_LEN); - return ATTEST_OK; + return ATTEST_ERR; } curLen += snprintf_s((char *)&outStr[i << 1], (uint32_t)(HTTPS_NETWORK_SHA256_LEN - curLen), (uint32_t)(HTTPS_NETWORK_SHA256_LEN - curLen) - 1, "%02x", hash[i]); @@ -151,7 +154,7 @@ static int32_t SetSocketCliented(char* udid, char **outClientId) return ATTEST_ERR; } - // Harmonyos设备是大写Udid,云端计算clientId是用小写Udid,适配下 + // OpenHarmony设备是大写Udid,云端计算clientId是用小写Udid,适配下 int32_t retCode = ToLowerStr(udid, UDID_STRING_LEN); if (retCode != ATTEST_OK) { return ATTEST_ERR; @@ -255,7 +258,7 @@ static int32_t InitReqHost(HttpPacket *msgHttpPack) static int32_t InitSocketClient(int32_t *socketFd) { - int32_t retCode; + int32_t retCode = ATTEST_ERR; int32_t sockfd = 0; int32_t bufLen = HTTPS_NETWORK_BUFFER_LEN; struct timeval timeout = {60, 0}; @@ -289,7 +292,7 @@ static int32_t InitSocketClient(int32_t *socketFd) retCode = getaddrinfo(msgHttpPack.reqHost, msgHttpPack.reqPort, &hints, &resAddr); if (retCode != 0) { - ATTEST_LOG_ERROR("[InitSocketClient] InitSocket getaddr %s fail, error:%d", msgHttpPack.reqHost, h_errno); + ATTEST_LOG_ERROR("[InitSocketClient] InitSocket getaddr fail, error:%d", h_errno); return ATTEST_ERR; } @@ -304,7 +307,7 @@ static int32_t InitSocketClient(int32_t *socketFd) retCode = ATTEST_OK; break; } - + close(sockfd); retCode = ATTEST_ERR; } @@ -312,7 +315,7 @@ static int32_t InitSocketClient(int32_t *socketFd) if (retCode != ATTEST_OK) { ATTEST_LOG_ERROR("[InitSocketClient] InitSocket connect fail"); - return ATTEST_ERR; + return retCode; } /* 设置socket连接的一些属性,超时时间,发送缓冲区Buffer等 */ @@ -338,14 +341,13 @@ static int32_t InitSocketClient(int32_t *socketFd) static int32_t InitSSLSocket(int32_t socketFd, SSL **socketSSL) { int32_t retCode; - SSL_CTX *socketCTX = NULL; char *caFile = "/etc/ssl/certs/cacert.pem"; SSL_library_init(); OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); - socketCTX = SSL_CTX_new(SSLv23_client_method()); + SSL_CTX *socketCTX = SSL_CTX_new(SSLv23_client_method()); if (socketCTX == NULL) { ATTEST_LOG_ERROR("[InitSSLSocket] SSL CTX create failed"); return ATTEST_ERR; @@ -376,7 +378,7 @@ static int32_t InitSSLSocket(int32_t socketFd, SSL **socketSSL) } retCode = SSL_connect(*socketSSL); - if (retCode != SSL_OK) { + if (retCode != SSL_OK) { ATTEST_LOG_ERROR("[InitSSLSocket] InitSSL SSL_connect fail, retCode=%d \n", retCode); return ATTEST_ERR; } @@ -386,13 +388,11 @@ static int32_t InitSSLSocket(int32_t socketFd, SSL **socketSSL) static int32_t SendSSL(SSL *socketSSL, char *postData, int32_t postDataLen) { - int32_t retCode; - int32_t writeCnt; int32_t sendCnt = 0; while (sendCnt < postDataLen) { - writeCnt = SSL_write(socketSSL, postData + sendCnt, postDataLen - sendCnt); - retCode = SSL_get_error(socketSSL, writeCnt); + int32_t writeCnt = SSL_write(socketSSL, postData + sendCnt, postDataLen - sendCnt); + int32_t retCode = SSL_get_error(socketSSL, writeCnt); if (retCode == SSL_ERROR_NONE) { if (writeCnt > 0) { sendCnt += writeCnt; @@ -527,32 +527,32 @@ char* BuildHttpsResetBody(DevicePacket *postValue) ATTEST_LOG_ERROR("[BuildHttpsResetBody] postData CreateObject fail"); return NULL; } - int32_t ret = 0; + int32_t ret = ATTEST_OK; do { if (cJSON_AddStringToObject(postData, "udid", postValue->udid) == NULL) { - ret = -1; + ret = ATTEST_ERR; break; } cJSON *postObj = cJSON_CreateObject(); if (postObj == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsResetBody] postObj Create Object fail"); break; } if (!cJSON_AddItemToObject(postData, "tokenInfo", postObj)) { cJSON_Delete(postObj); - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsResetBody] postData add Item To Object fail"); break; } if (cJSON_AddStringToObject(postObj, "uuid", postValue->tokenInfo.uuid) == NULL || cJSON_AddStringToObject(postObj, "token", postValue->tokenInfo.token) == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsResetBody] postObj add uuid or token fail"); break; } } while (0); - if (ret == -1) { + if (ret == ATTEST_ERR) { cJSON_Delete(postData); ATTEST_LOG_ERROR("[BuildHttpsResetBody] postObj add value fail"); return NULL; @@ -578,42 +578,42 @@ char* BuildHttpsAuthBody(DevicePacket *postValue) ATTEST_LOG_ERROR("[BuildHttpsAuthBody] postData CreateObject fail"); return NULL; } - int32_t ret = 0; + int32_t ret = ATTEST_OK; do { if (cJSON_AddStringToObject(postData, "udid", postValue->udid) == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsAuthBody] udid Add String To Object fail"); break; } cJSON *tokenInfo = cJSON_CreateObject(); if (tokenInfo == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsAuthBody] tokenInfo Create Object fail"); break; } if (!cJSON_AddItemToObject(postData, "tokenInfo", tokenInfo)) { cJSON_Delete(tokenInfo); - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsAuthBody] tokenInfo Add Item To Object fail"); break; } if (cJSON_AddStringToObject(tokenInfo, "uuid", postValue->tokenInfo.uuid) == NULL || cJSON_AddStringToObject(tokenInfo, "token", postValue->tokenInfo.token) == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsAuthBody] tokenInfo Add uuid or token fail"); break; } cJSON *software = cJSON_CreateObject(); if (software == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsAuthBody] software Create Object fail"); break; } if (!cJSON_AddItemToObject(postData, "software", software)) { cJSON_Delete(software); - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsAuthBody] postData Add Item To Object fail"); break; } @@ -623,13 +623,14 @@ char* BuildHttpsAuthBody(DevicePacket *postValue) cJSON_AddStringToObject(software, "brand", postValue->productInfo.brand) == NULL || cJSON_AddStringToObject(software, "rootHash", postValue->productInfo.rootHash) == NULL || cJSON_AddStringToObject(software, "version", postValue->productInfo.displayVersion) == NULL || - cJSON_AddStringToObject(software, "patchLevel", postValue->productInfo.patchTag) == NULL) { - ret = -1; + cJSON_AddStringToObject(software, "patchLevel", postValue->productInfo.patchTag) == NULL || + cJSON_AddStringToObject(software, "pcid", postValue->pcid) == NULL) { + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsAuthBody] software Add productInfo values fail"); break; } } while (0); - if (ret == -1) { + if (ret == ATTEST_ERR) { cJSON_Delete(postData); ATTEST_LOG_ERROR("[BuildHttpsAuthBody] postData extract values fail"); return NULL; @@ -655,35 +656,35 @@ char* BuildHttpsActiveBody(DevicePacket *postValue) ATTEST_LOG_ERROR("[BuildHttpsActiveBody] postData CreateObject fail"); return NULL; } - int32_t ret = 0; + int32_t ret = ATTEST_OK; do { if (cJSON_AddStringToObject(postData, "ticket", postValue->ticket) == NULL || cJSON_AddStringToObject(postData, "udid", postValue->udid) == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsActiveBody] postData Add ticket or udid fail"); break; } cJSON *postObj = cJSON_CreateObject(); if (postObj == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsActiveBody] postObj CreateObject fail"); break; } if (!cJSON_AddItemToObject(postData, "tokenInfo", postObj)) { cJSON_Delete(postObj); - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsActiveBody] postObj AddItemToObject fail"); break; } if (cJSON_AddStringToObject(postObj, "uuid", postValue->tokenInfo.uuid) == NULL || cJSON_AddStringToObject(postObj, "token", postValue->tokenInfo.token) == NULL) { - ret = -1; + ret = ATTEST_ERR; ATTEST_LOG_ERROR("[BuildHttpsActiveBody] postObj add uuid or token fail"); break; } } while (0); - if (ret == -1) { + if (ret == ATTEST_ERR) { cJSON_Delete(postData); ATTEST_LOG_ERROR("[BuildHttpsActiveBody] postData extract values by postValue fail"); return NULL; @@ -802,7 +803,7 @@ static int32_t SendHttpsMsg(char *postData, char **respData) ATTEST_LOG_ERROR("[SendHttpsMsg] Invalid parameter."); return ATTEST_ERR; } - int32_t ret; + int32_t ret = ATTEST_ERR; int32_t socketFd = -1; SSL *postSSL = NULL; do { @@ -811,7 +812,6 @@ static int32_t SendHttpsMsg(char *postData, char **respData) ATTEST_LOG_ERROR("[SendHttpsMsg] Init Socket Client is fail, ret = %d.", ret); break; } - ret = InitSSLSocket(socketFd, &postSSL); if (ret != ATTEST_OK) { ATTEST_LOG_ERROR("[SendHttpsMsg] Init SSL Socket is fail, ret = %d.", ret); @@ -828,6 +828,7 @@ static int32_t SendHttpsMsg(char *postData, char **respData) int32_t writeCnt = SendSSL(postSSL, postData, postDataLen); if (writeCnt != postDataLen) { ATTEST_LOG_ERROR("[SendHttpsMsg] Send SSL failed, needLen = %d, realLen = %d\n", postDataLen, writeCnt); + ret = ATTEST_ERR; break; } /* 返回请求结果 */ diff --git a/device_attest/services/core/utils/attest_utils.c b/device_attest/services/core/utils/attest_utils.c index 6c3e9d897ecd676a95727b9edf3d64ca91df10f1..2ff9ec3365bf681866c41bd80cfd2603af8b560a 100644 --- a/device_attest/services/core/utils/attest_utils.c +++ b/device_attest/services/core/utils/attest_utils.c @@ -179,40 +179,6 @@ int32_t ToLowerStr(char* str, int len) return ATTEST_OK; } -/* -// 将字符串转化为16进制数 -// parameter(s): [OUT] pbDest - 输出缓冲区 -// [IN] pbSrc - 字符串 -// [IN] nLen - 16进制数的字节数(字符串的长度/2) -*/ -int32_t StrToHex(char *pbDest, char *pbSrc, int nLen) -{ - if (pbDest == NULL || pbSrc == NULL) { - ATTEST_LOG_ERROR("[StrToHex] Str to Hex failed"); - return ATTEST_ERR; - } - - char h1, h2; - unsigned char s1, s2; - int i; - - for (i = 0; i < nLen; i++) { - h1 = pbSrc[2 * i]; // (2*i)即偶数列 - h2 = pbSrc[2 * i + 1]; // (2*i+1)即奇数列 - - s1 = toupper(h1) - 0x30; - if (s1 > 9) { // 大于9 (即为字符A~F) - s1 -= 7; // ASCII码表中字符A与数字9中间隔为7,减去后就是正常的16进制中该字符对应的十进制数 - } - s2 = toupper(h2) - 0x30; - if (s2 > 9) { // 大于9 (即为字符A~F) - s2 -= 7; // ASCII码表中字符A与数字9中间隔为7 - } - pbDest[i] = s1 * 16 + s2; // 16即让s1进一位,组成十六进制数((s1)(s2))对应的十进制数 - } - return ATTEST_OK; -} - int Sha256Value(const unsigned char *src, int srcLen, char *dest, int destLen) { if (src == NULL) { diff --git a/device_attest/services/core/utils/attest_utils_file.c b/device_attest/services/core/utils/attest_utils_file.c index 940ad9dec3fb036fd3a6bdc0c568236f7e33e8aa..49c80fae2f6227ea7fff9d2f70a7e653a3a63a7c 100644 --- a/device_attest/services/core/utils/attest_utils_file.c +++ b/device_attest/services/core/utils/attest_utils_file.c @@ -13,6 +13,10 @@ * limitations under the License. */ +#include +#include +#include +#include #include "attest_utils_log.h" #include "attest_utils.h" #include "attest_utils_file.h" @@ -102,15 +106,26 @@ int32_t WriteFile(const char* path, const char* fileName, const char* data, uint free(formatPath); return ATTEST_ERR; } - if (fwrite(data, dataLen, 1, fp) != 1) { - ATTEST_LOG_ERROR("[WriteFile] write file %s failed", formatPath); - free(formatPath); - (void)fclose(fp); - return ATTEST_ERR; - } + int32_t ret = ATTEST_OK; + do { + if (fwrite(data, dataLen, 1, fp) != 1) { + ATTEST_LOG_ERROR("[WriteFile] write file %s failed", formatPath); + ret = ATTEST_ERR; + break; + } + if (fflush(fp) != ATTEST_OK) { + ret = ATTEST_ERR; + break; + } + int fd = fileno(fp); + if (fsync(fd) != ATTEST_OK) { + ret = ATTEST_ERR; + break; + } + } while (0); free(formatPath); (void)fclose(fp); - return ATTEST_OK; + return ret; } int32_t ReadFile(const char* path, const char* fileName, char* buffer, uint32_t bufferLen) @@ -189,8 +204,20 @@ int32_t CreateFile(const char* path, const char* fileName) return ATTEST_ERR; } ATTEST_MEM_FREE(realPath); + int32_t ret = ATTEST_OK; + do { + if (fflush(fp) != ATTEST_OK) { + ret = ATTEST_ERR; + break; + } + int fd = fileno(fp); + if (fsync(fd) != ATTEST_OK) { + ret = ATTEST_ERR; + break; + } + } while (0); (void)fclose(fp); - return ATTEST_OK; + return ret; } bool IsFileExist(const char* path, const char* fileName) diff --git a/device_attest/services/core/utils/attest_utils_json.c b/device_attest/services/core/utils/attest_utils_json.c index d391f19fa8d05298ced93694fe2f78a1e378b5a2..903687b3d688c20b453e66f34cd04970b7681993 100644 --- a/device_attest/services/core/utils/attest_utils_json.c +++ b/device_attest/services/core/utils/attest_utils_json.c @@ -74,16 +74,16 @@ int32_t GetObjectItemValueStr(const char* rootStr, const char* key, char** dest) } // 返回值需要使用isnan判断是否合法 -uint64_t GetObjectItemValueNumber(const char* rootStr, char* key) +double GetObjectItemValueNumber(const char* rootStr, char* key) { if (rootStr == NULL || key == NULL) { - return (uint64_t)NAN; + return (double)NAN; } cJSON* root = cJSON_Parse(rootStr); if (root == NULL) { - return (uint64_t)NAN; + return (double)NAN; } - uint64_t valueDouble = cJSON_GetNumberValue(cJSON_GetObjectItem(root, key)); + double valueDouble = cJSON_GetNumberValue(cJSON_GetObjectItem(root, key)); cJSON_Delete(root); return valueDouble; } \ No newline at end of file diff --git a/device_attest/services/core/utils/attest_utils_memleak.c b/device_attest/services/core/utils/attest_utils_memleak.c index 6f595d85da6898f7f0110f8c649c57cce6108e0a..4520c080f5eb6e2b1168cf642df8d461b55b8e69 100644 --- a/device_attest/services/core/utils/attest_utils_memleak.c +++ b/device_attest/services/core/utils/attest_utils_memleak.c @@ -133,7 +133,7 @@ static char* StrdupMemInfo(const char* input) return NULL; } size_t len = strlen(input) + 1; - if (len <= 0) { + if (len == 0) { return NULL; } char* out = malloc(len); diff --git a/device_attest/services/core/utils/attest_utils_timer.c b/device_attest/services/core/utils/attest_utils_timer.c index cc66cccb5b4ff430e8b09aaf4ab33a0a42e7def2..3d60775c218f41f9c5c572781440c9818c635419 100644 --- a/device_attest/services/core/utils/attest_utils_timer.c +++ b/device_attest/services/core/utils/attest_utils_timer.c @@ -54,7 +54,8 @@ static int32_t TimerCreate(TimerCallbackFunc userCallBack, TimerInfo* timerInfo) static int32_t TimerStart(TimerInfo* timerInfo, AttestTimerType type, uint32_t milliseconds) { - struct itimerspec ts = {0}; + struct itimerspec ts; + (void)memset_s(&ts, sizeof(ts), 0, sizeof(ts)); Ms2TimeSpec(&ts.it_value, milliseconds); if (type == ATTEST_TIMER_TYPE_PERIOD) { Ms2TimeSpec(&ts.it_interval, milliseconds); diff --git a/device_attest/services/devattest_ability/BUILD.gn b/device_attest/services/devattest_ability/BUILD.gn index bf6ae35c915dbcbcff1ddb463c565dfd15b6c89a..e623cd15c24131772c4c4c19f882c016f3a132b4 100644 --- a/device_attest/services/devattest_ability/BUILD.gn +++ b/device_attest/services/devattest_ability/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,13 +16,10 @@ import("//test/xts/device_attest/build/devattestconfig.gni") config("devattest_service_config") { visibility = [ ":*" ] - cflags = [ - "-Wall", - ] + cflags = [ "-Wall" ] include_dirs = [ "include", "${devattest_path}/services/core", - #"${devattest_path}/services/core/include/cer_mgr", "${devattest_path}/common", "${devattest_path}/common/log", "${devattest_innerkit_path}/native_cpp/include", @@ -34,29 +31,25 @@ config("devattest_service_config") { ohos_shared_library("devattest_service") { sources = [ + "src/attest_result_info.cpp", + "src/devattest_network_callback.cpp", "src/devattest_service.cpp", "src/devattest_service_stub.cpp", - "src/devattest_network_callback.cpp", "src/devattest_system_ability_listener.cpp", - "src/attest_result_info.cpp", ] - configs = [ - ":devattest_service_config", - ] + configs = [ ":devattest_service_config" ] - deps = [ - "${devattest_path}/services/core:devattest_core", - ] + deps = [ "${devattest_path}/services/core:devattest_core" ] external_deps = [ "c_utils:utils", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", + "netmanager_base:net_conn_manager_if", "safwk:system_ability_fwk", "samgr:samgr_common", "samgr:samgr_proxy", - "netmanager_base:net_conn_manager_if", ] subsystem_name = "xts" diff --git a/device_attest/services/devattest_ability/include/attest_result_info.h b/device_attest/services/devattest_ability/include/attest_result_info.h index 9c24e3ee8c04c3184f3f3f2fc131a2f638953f5d..f14b0cbd954796eb0d8d260553b945b9cd33af3a 100644 --- a/device_attest/services/devattest_ability/include/attest_result_info.h +++ b/device_attest/services/devattest_ability/include/attest_result_info.h @@ -1,3 +1,17 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #ifndef ATTEST_RESULT_INFO_H #define ATTEST_RESULT_INFO_H diff --git a/device_attest/services/devattest_ability/src/attest_result_info.cpp b/device_attest/services/devattest_ability/src/attest_result_info.cpp index baf4fa30b20d3ab35113911feaea51bd8f41ef0b..39b12fb75cb22f4121d22487919ef39e1c4cff89 100644 --- a/device_attest/services/devattest_ability/src/attest_result_info.cpp +++ b/device_attest/services/devattest_ability/src/attest_result_info.cpp @@ -1,3 +1,17 @@ +/* + * Copyright (C) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ #include "attest_result_info.h" namespace OHOS { diff --git a/device_attest/services/etc/init/BUILD.gn b/device_attest/services/etc/init/BUILD.gn index c46596b7fccd8fe1d8ab26a21615c1f664b3c6c1..f60bd82ac5bbdedd651b30134214272d8fa54b22 100644 --- a/device_attest/services/etc/init/BUILD.gn +++ b/device_attest/services/etc/init/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,16 +15,14 @@ import("//build/ohos.gni") import("//test/xts/device_attest/build/devattestconfig.gni") group("devattest_etc") { - deps = [ - ":devattest_service.cfg", - ] + deps = [ ":devattest_service.cfg" ] } ohos_prebuilt_etc("devattest_service.cfg") { if (use_musl) { - source = "devattest_service.cfg" + source = "devattest_service.cfg" } else { - source = "devattest_service.rc" + source = "devattest_service.rc" } relative_install_dir = "init" subsystem_name = "xts" diff --git a/device_attest/services/etc/init/devattest_service.cfg b/device_attest/services/etc/init/devattest_service.cfg index 9f1fbdd0dbe99d269d2b6bb72b1579a9af6c03bc..d15a0c39f5e461f1a2f63ecf75880871833726b9 100644 --- a/device_attest/services/etc/init/devattest_service.cfg +++ b/device_attest/services/etc/init/devattest_service.cfg @@ -2,6 +2,7 @@ "jobs" : [{ "name" : "post-fs-data", "cmds" : [ + "mkdir /data/device_attest 761 device_attest device_attest", "start devattest_service" ] } @@ -9,8 +10,8 @@ "services" : [{ "name" : "devattest_service", "path" : ["/system/bin/sa_main", "/system/profile/devattest_service.xml"], - "uid" : "root", - "gid" : ["system", "shell", "uhid", "root"], + "uid" : "device_attest", + "gid" : ["device_attest", "system", "shell"], "secon" : "u:r:devattest_service:s0" } ] diff --git a/device_attest/services/etc/init/devattest_service.rc b/device_attest/services/etc/init/devattest_service.rc index eec0b91bdfcfa670c74d4319de6eabbe551a1008..0b94b86746dfc4ab3df21cabb718295ea7043fa8 100644 --- a/device_attest/services/etc/init/devattest_service.rc +++ b/device_attest/services/etc/init/devattest_service.rc @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Huawei Device Co., Ltd. +# Copyright (C) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,7 +11,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +on post-fs-data + mkdir /data/device_attest + chown device_attest device_attest /data/device_attest + start devattest_service + service devattest_service /system/bin/sa_main /system/profile/devattest_service.xml class z_core - user root - group system shell + user device_attest + group device_attest system shell diff --git a/device_attest/services/sa_profile/7100.xml b/device_attest/services/sa_profile/5501.xml similarity index 32% rename from device_attest/services/sa_profile/7100.xml rename to device_attest/services/sa_profile/5501.xml index 9311214c700b203c32705552fd056bf76ed1365e..5278589979a664679bea9d1d49c0451ac715da7a 100644 --- a/device_attest/services/sa_profile/7100.xml +++ b/device_attest/services/sa_profile/5501.xml @@ -1,8 +1,22 @@ + + devattest_service - 7100 + 5501 libdevattest_service.z.so true false diff --git a/device_attest/services/sa_profile/BUILD.gn b/device_attest/services/sa_profile/BUILD.gn index e42fbbbbfdbbacff21443f4cb7750f8adafc3f9f..4aed120e2e327c1cb8c43f09ca68595916b3bf4e 100644 --- a/device_attest/services/sa_profile/BUILD.gn +++ b/device_attest/services/sa_profile/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -14,7 +14,7 @@ import("//build/ohos/sa_profile/sa_profile.gni") ohos_sa_profile("devattest_sa_profile") { - sources = [ "7100.xml" ] + sources = [ "5501.xml" ] part_name = "device_attest" } diff --git a/devicetoken/hal/include/hal_token.h b/devicetoken/hal/include/hal_token.h index e4f6def0878fc33be484d269d18e45fea281f8cc..a29f743b9d4f8725236219d4e6689d265d4bdd9f 100644 --- a/devicetoken/hal/include/hal_token.h +++ b/devicetoken/hal/include/hal_token.h @@ -28,7 +28,7 @@ extern "C" { #define TOKEN_SIZE 151 #define TOKEN_FLAG_SIZE 4 #define TOKEN_WITH_FLAG_SIZE (TOKEN_SIZE + TOKEN_FLAG_SIZE) -#define TOKEN_ADDR "/data/data" +#define TOKEN_ADDR "/data/device_attest" #define TOKEN_A_ADDR "tokenA" #define TOKEN_B_ADDR "tokenB" #define BITS_PER_BYTE 8