203 lines
7.0 KiB
Diff
203 lines
7.0 KiB
Diff
diff -uparN KMC/src/mip/linux/maskinfo_linux.c KMC_fix_keyring/src/mip/linux/maskinfo_linux.c
|
|
--- KMC/src/mip/linux/maskinfo_linux.c 2020-12-21 19:30:35.894928607 +0800
|
|
+++ KMC_fix_keyring/src/mip/linux/maskinfo_linux.c 2020-12-21 19:28:36.155934189 +0800
|
|
@@ -1,116 +1,41 @@
|
|
/*
|
|
* Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
|
|
- * Description: Linux使用Keyring保护内存敏感信息
|
|
+ * Description: Linux Keyring
|
|
* Author: z00316590
|
|
* Create: 2019-03-07
|
|
*/
|
|
#ifdef WSEC_COMPILE_MIP_LINUX
|
|
#include "kmcv3_maskinfo.h"
|
|
-#include <linux/keyctl.h>
|
|
-#include <sys/types.h>
|
|
-#include <unistd.h>
|
|
-#include <errno.h>
|
|
#include "securec.h"
|
|
#include "cacv2_pri.h"
|
|
-#include "kmcv3_keyring.h"
|
|
#include "wsecv2_errorcode.h"
|
|
#include "wsecv2_util.h"
|
|
#include "wsecv2_mem.h"
|
|
|
|
+static unsigned char g_maskCode[KMC_MASKCODE_KEY_LENGTH] = {0};
|
|
static unsigned char g_xorCheck[KMC_MASKCODE_LENGTH] = {0}; /* MIP is Memory Info Protection */
|
|
|
|
-#define KMC_MASKINFO_SET_KEY_NAME_RADIX 10
|
|
-static char g_keyName[48] = {0}; /* 固定字符串连数字, 长度定不超过48 */
|
|
-static WsecBool g_hasName = WSEC_FALSE;
|
|
-
|
|
-/* 初始化keyName */
|
|
-static void KeyringSetKeyName(void)
|
|
-{
|
|
- if (g_hasName == WSEC_FALSE) {
|
|
- unsigned long pid = (unsigned long)(long)getpid();
|
|
- const char num[KMC_MASKINFO_SET_KEY_NAME_RADIX] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' };
|
|
- size_t idx = strlen("kmcv3maskcode");
|
|
-
|
|
- (void)strcpy_s(g_keyName, sizeof(g_keyName), "kmcv3maskcode");
|
|
- /* 这里idx已计算不会越界 */
|
|
- while (pid > 0) {
|
|
- g_keyName[idx] = num[pid % KMC_MASKINFO_SET_KEY_NAME_RADIX];
|
|
- pid = pid / KMC_MASKINFO_SET_KEY_NAME_RADIX;
|
|
- idx++;
|
|
- }
|
|
- g_keyName[idx] = '\0';
|
|
- g_hasName = WSEC_TRUE;
|
|
- }
|
|
-}
|
|
-
|
|
-/* 移除内核密钥 */
|
|
-static void RemoveMaskCodeKey(void)
|
|
-{
|
|
- long key;
|
|
- long ret;
|
|
- unsigned char zeroBuff[KMC_MASKCODE_KEY_LENGTH] = {0};
|
|
-
|
|
- KeyringSetKeyName();
|
|
- key = KmcKeyringRequestKey("user", g_keyName, NULL, (long)KEY_SPEC_SESSION_KEYRING);
|
|
- if (key == -1) {
|
|
- WSEC_LOG_I1("Linux keyring request no key, errno=%d", errno);
|
|
- return;
|
|
- }
|
|
- ret = KmcKeyringUpdate(key, zeroBuff, sizeof(zeroBuff));
|
|
- if (ret == -1) {
|
|
- WSEC_LOG_I1("Linux keyring update key failed, errno=%d", errno);
|
|
- }
|
|
- ret = KmcKeyringRevoke(key);
|
|
- if (ret == -1) {
|
|
- WSEC_LOG_I1("Linux keyring revoke key failed, errno=%d", errno);
|
|
- }
|
|
- WSEC_LOG_I("Linux keyring remove key success\n");
|
|
- (void)memset_s(g_xorCheck, sizeof(g_xorCheck), 0, sizeof(g_xorCheck));
|
|
-}
|
|
-
|
|
-/* 初始化掩码机制 */
|
|
unsigned long InitMaskCode(void)
|
|
{
|
|
- unsigned char maskCode[KMC_MASKCODE_KEY_LENGTH];
|
|
- long key;
|
|
int i;
|
|
int j;
|
|
- long ret;
|
|
- KeyringSetKeyName();
|
|
- if (CacRandom(maskCode, (WsecUint32)sizeof(maskCode)) != WSEC_SUCCESS) {
|
|
- WSEC_LOG_E("Linux keyring get random number failed");
|
|
- return WSEC_FAILURE;
|
|
- }
|
|
- RemoveMaskCodeKey();
|
|
- key = KmcKeyringAddKey("user", g_keyName, maskCode, sizeof(maskCode), (long)KEY_SPEC_SESSION_KEYRING);
|
|
- if (key == -1) {
|
|
- WSEC_LOG_E1("Linux keyring add key failed, errno=%d", errno);
|
|
- (void)memset_s(maskCode, sizeof(maskCode), 0, sizeof(maskCode));
|
|
- return WSEC_FAILURE;
|
|
- }
|
|
- ret = KmcKeyringSetTimeOut(key, (long)0);
|
|
- if (ret == -1) {
|
|
- WSEC_LOG_E1("Linux keyring set time out failed, errno=%d", errno);
|
|
- (void)memset_s(maskCode, sizeof(maskCode), 0, sizeof(maskCode));
|
|
+ unsigned long ret;
|
|
+ ret = CacRandom(g_maskCode, (WsecUint32)sizeof(g_maskCode));
|
|
+ if (ret != WSEC_SUCCESS) {
|
|
+ WSEC_LOG_E("Other os get random number failed");
|
|
return WSEC_FAILURE;
|
|
}
|
|
for (i = 0, j = KMC_MASKCODE_LENGTH; i < KMC_MASKCODE_LENGTH; i++, j++) {
|
|
- g_xorCheck[i] = maskCode[j] ^ maskCode[i];
|
|
+ g_xorCheck[i] = g_maskCode[i] ^ g_maskCode[j];
|
|
}
|
|
- (void)memset_s(maskCode, sizeof(maskCode), 0, sizeof(maskCode));
|
|
- WSEC_LOG_I("Maskcode init successfully");
|
|
return WSEC_SUCCESS;
|
|
}
|
|
|
|
-/* Linux OS Keyring机制保护内存 */
|
|
static unsigned long LinuxXorData(const unsigned char *datain, unsigned int inlen,
|
|
unsigned char *dataout, unsigned int *outlen)
|
|
{
|
|
- long key;
|
|
- long ret;
|
|
unsigned int i;
|
|
unsigned int j;
|
|
- unsigned char maskCode[KMC_MASKCODE_KEY_LENGTH];
|
|
unsigned char xorCheck[KMC_MASKCODE_LENGTH];
|
|
if (datain == NULL || dataout == NULL || outlen == NULL) {
|
|
return WSEC_ERR_INVALID_ARG;
|
|
@@ -118,51 +43,33 @@ static unsigned long LinuxXorData(const
|
|
if (*outlen < inlen) {
|
|
return WSEC_ERR_INVALID_ARG;
|
|
}
|
|
- KeyringSetKeyName();
|
|
- key = KmcKeyringRequestKey("user", g_keyName, NULL, (long)KEY_SPEC_SESSION_KEYRING);
|
|
- if (key == -1) {
|
|
- WSEC_LOG_E1("Linux keyring request key failed, errno=%d", errno);
|
|
- return WSEC_FAILURE;
|
|
- }
|
|
- ret = KmcKeyringReadKey(key, maskCode, sizeof(maskCode));
|
|
- if (ret == -1) {
|
|
- WSEC_LOG_E1("Linux keyring read key failed , errno=%d", errno);
|
|
- (void)memset_s(maskCode, sizeof(maskCode), 0x00, sizeof(maskCode));
|
|
- return WSEC_FAILURE;
|
|
- }
|
|
for (i = 0, j = KMC_MASKCODE_LENGTH; i < KMC_MASKCODE_LENGTH; i++, j++) {
|
|
- xorCheck[i] = maskCode[j] ^ maskCode[i];
|
|
+ xorCheck[i] = g_maskCode[i] ^ g_maskCode[j];
|
|
}
|
|
if (WSEC_MEMCMP(xorCheck, g_xorCheck, KMC_MASKCODE_LENGTH) != 0) {
|
|
- WSEC_LOG_E("Linux keyring key is not right");
|
|
- (void)memset_s(maskCode, sizeof(maskCode), 0x00, sizeof(maskCode));
|
|
+ WSEC_LOG_E("xor check failed");
|
|
return WSEC_FAILURE;
|
|
}
|
|
*outlen = inlen;
|
|
for (i = 0; i < inlen; i++) {
|
|
j = i % KMC_MASKCODE_LENGTH;
|
|
- dataout[i] = (maskCode[j] ^ datain[i]);
|
|
+ dataout[i] = (g_maskCode[j] ^ datain[i]);
|
|
}
|
|
- (void)memset_s(maskCode, sizeof(maskCode), 0x00, sizeof(maskCode));
|
|
- (void)memset_s(xorCheck, sizeof(xorCheck), 0, sizeof(xorCheck));
|
|
return WSEC_SUCCESS;
|
|
}
|
|
|
|
-/* 保护内存数据 */
|
|
unsigned long ProtectData(const unsigned char *datain, unsigned int inlen,
|
|
unsigned char *dataout, unsigned int *outlen)
|
|
{
|
|
return LinuxXorData(datain, inlen, dataout, outlen);
|
|
}
|
|
|
|
-/* 解除保护内存数据 */
|
|
unsigned long UnprotectData(const unsigned char *datain, unsigned int inlen,
|
|
unsigned char *dataout, unsigned int *outlen)
|
|
{
|
|
return LinuxXorData(datain, inlen, dataout, outlen);
|
|
}
|
|
|
|
-/* 保护内存数据到同缓冲区 */
|
|
unsigned long ProtectDataSameBuf(unsigned char *data, unsigned int len)
|
|
{
|
|
unsigned int outLen = len;
|
|
@@ -172,7 +79,6 @@ unsigned long ProtectDataSameBuf(unsigne
|
|
return ret;
|
|
}
|
|
|
|
-/* 解除保护内存数据到同缓冲区 */
|
|
unsigned long UnprotectDataSameBuf(unsigned char *data, unsigned int len)
|
|
{
|
|
unsigned int outLen = len;
|
|
@@ -182,9 +88,9 @@ unsigned long UnprotectDataSameBuf(unsig
|
|
return ret;
|
|
}
|
|
|
|
-/* 去初始化掩码机制 */
|
|
void UninitMaskCode(void)
|
|
{
|
|
- RemoveMaskCodeKey();
|
|
+ (void)memset_s(g_maskCode, sizeof(g_maskCode), 0, sizeof(g_maskCode));
|
|
+ (void)memset_s(g_xorCheck, sizeof(g_xorCheck), 0, sizeof(g_xorCheck));
|
|
}
|
|
#endif
|