hks_storage.c 代码及其头文件分析
由于本片代码篇幅过长,这里分多篇博客分析。该文件主要涉及内存中密钥的信息、状态、和一些算法的设置。
文件路径
头文件
头文件主要是一些函数的声明、变量的宏定义以及部分结构体的说明。设计密钥在内存中的存放和数据的缓冲区定义
#define HKS_KEY_INFO_RESERVE_NUMBER 2 //密钥信息保存的组数
#define HKS_LOCAL_STORAGE_KEY_MAX_NUM 20 //本地密钥保存的最大数量
#define HKS_BUF_BYTES 5120 //缓冲区的默认长度
//内存中密钥信息的结构
struct hks_storage_key_info {
struct hks_key_param *param; //存放参数
struct hks_blob *public_key; //公钥信息的存放
struct hks_blob *private_key; //私钥信息的存放
uint32_t reserve[HKS_KEY_INFO_RESERVE_NUMBER]; //存放密钥的数组
};
//内存缓冲区的结构体定义
struct hks_storage_buffer {
uint32_t offset; /* record current buf offset */ //偏置变量
uint8_t *buf; //缓冲区
uint16_t size; //缓冲区的长度size
};
部分源文件
#define HKS_SEALING_NONCE_SIZE 16
#define HKS_SEALING_TAG_SIZE 16
#define HKS_SEALING_ALG_MASK ((uint32_t)0xffff0000) //算法标记
#define HKS_SEALING_AES_GCM_128 ((uint32_t)0x01010000) //aes_gcm128位
#define HKS_SEALING_AES_GCM_256 ((uint32_t)0x01020000) //aes_gcm256位
#define HKS_SEALING_HKDF_MASK ((uint32_t)0x000000ff) //hkdf标记
#define HKS_SEALING_HKDF_SHA_256 ((uint32_t)0x00000001) //sha256算法
#define HKS_SEALING_HKDF_SHA_512 ((uint32_t)0x00000002) //sha512算法
#define HKS_HEADER_RESERVE_SIZE 7
#define BUF_SIZE 65536
#define HKS_SLOT_PUBLIC_KEY_IDLE ((uint8_t)0x00)
#define HKS_SLOT_PUBLIC_KEY_OCCUPY ((uint8_t)0x01)
#define HKS_SLOT_KEYPAIR_IDLE ((uint8_t)0x02)
#define HKS_SLOT_KEYPAIR_OCCUPY ((uint8_t)0x03)
hks_write_key_info_checkd等函数的定义
static int32_t hks_write_key_info_check(const struct hks_blob *key_alias,
const struct hks_storage_key_info *key_info);
static int32_t hks_get_key_info_init(const struct hks_blob *key_alias,
struct hks_key_param *key_param, uint8_t **key_pos);
static int32_t hks_refresh_header_hash(void);
static int32_t hks_sync_buf_to_file(void);
static int32_t hks_get_key_pos(const struct hks_blob *key_alias, uint8_t **pos);
获取
//计算获取header的长度
static uint16_t hks_get_header_len(void)
{
uint16_t header_len = (sizeof(uint16_t) + sizeof(uint8_t) +
sizeof(uint8_t) + sizeof(uint32_t) + HKS_SEALING_NONCE_SIZE +
HKS_HEADER_HASH_SIZE);
//计算方式header_len = version + key_count + slot_count + sealing_alg + sealing_nonce + hash
return header_len;
}
hks_get_key_slot_len函数
计算密钥插槽的长度,计算方式slotlen = falgs+ sealing_nonce + alias_size + alias + param + key_size + key
//计算密钥的slotlen
static uint16_t hks_get_key_slot_len(void)
{
//slotlen = falgs+ sealing_nonce + alias_size + alias + param + key_size + key
uint16_t slot_len = (sizeof(uint8_t) + HKS_SEALING_NONCE_SIZE +
sizeof(uint8_t) + HKS_ALIAS_MAX_SIZE + (sizeof(uint32_t) +
sizeof(uint16_t) + sizeof(uint32_t) +
sizeof(uint8_t) + sizeof(uint32_t) +
sizeof(uint32_t) + sizeof(uint16_t) +
sizeof(uint8_t) + sizeof(uint8_t) +
HKS_AUTH_ID_MAX_SIZE) +
sizeof(uint8_t) + HKS_KEY_PAIR_CIPHER_ED25519);
return slot_len;
}
hks_blob_write_uint32函数
函数实现将数据写进缓冲区buf
//将value的值写进缓冲区(32位)
static inline uint32_t hks_blob_write_uint32(uint8_t *buf, uint32_t value)
{
*((uint32_t *)buf) = value;
return sizeof(value);
}
hks_blob_read_uint32函数
实现将缓冲区的值读进一个变量中
//将buf中的值读进value变量。返回值uint32_t的字节数
/* Caution: only used in local machine, endian is not considerred */
static inline uint32_t hks_blob_read_uint32(uint32_t *value, const uint8_t *buf)
{
*value = *((uint32_t *)buf);
return sizeof(uint32_t);
}
这部分函数和上面的很类似,主要的区别在于操作对象数的位数,有32位,16位,8位等数据类型。
/* Caution: only used in local machine, endian is not considerred */
//将value的值写进缓冲区(16位)
static inline uint32_t hks_blob_write_uint16(uint8_t *buf, uint16_t value)
{
*((uint16_t *)buf) = value;
return sizeof(value);
}
/* Caution: only used in local machine, endian is not considerred */
///将buf中的值读进value变量。返回值uint16_t的字节数
static inline uint32_t hks_blob_read_uint16(uint16_t *value, const uint8_t *buf)
{
*value = *((uint16_t *)buf);
return sizeof(uint16_t);
}
/* Caution: only used in local machine, endian is not considerred */
static inline uint32_t hks_blob_write_uint8(uint8_t *buf, uint8_t value)
{
*((uint8_t *)buf) = value;
return sizeof(value);
}
/* Caution: only used in local machine, endian is not considerred */
static inline uint32_t hks_blob_read_uint8(uint8_t *value, const uint8_t *buf)
{
*value = *((uint8_t *)buf);
return sizeof(uint8_t);
}
对缓冲区的写操作函数
hks_blob_write_buf函数,将src中数据写进dest,写入长度为n。
//对缓冲区的write操作
static int32_t hks_blob_write_buf(uint8_t *dest, uint32_t dest_max,
const uint8_t *src, uint32_t n, uint32_t *ret_offset)
{
if ((dest == NULL) || (src == NULL) || (ret_offset == NULL))
return HKS_ERROR_NULL_POINTER;
//先对参数进行判断
if ((n == 0) || (dest_max < n))
/* in this case, it will return the length of blob, so return 0 */
return HKS_STATUS_OK;
//判断n是否为0或者dest_max(dest的最大长度)是否小于n。
if (memcpy_s(dest, dest_max, src, n) != EOK)
return HKS_ERROR_BAD_STATE;
//将src中数据写进dest,写入长度为n
*ret_offset += n;
return HKS_STATUS_OK;
}
缓冲区内存空间的申请
该函数实现缓冲区内存的申请,调用HKS_CALLOC函数申请内存。
tatic uint8_t *g_storage_image_buffer = NULL; //定义一个全局变量
//缓冲区的apply(申请)
static int32_t hks_apply_buffer(size_t count, size_t size)
{
if (g_storage_image_buffer != NULL)
return HKS_STATUS_OK;
if ((count == 0) || (count > BUF_SIZE) ||
(size == 0) || (size > BUF_SIZE))
return HKS_ERROR_MALLOC_FAIL;
//检查参数,如果不合法则不能申请相关空间
g_storage_image_buffer = (uint8_t *)HKS_CALLOC(count, size);
//定义缓冲区为长度为size,数量count的数组
if (g_storage_image_buffer == NULL)
//申请失败的检查
return HKS_ERROR_MALLOC_FAIL;
return HKS_STATUS_OK;
}
对缓冲区的其他操作
初始化函数
//缓冲区的初始化
static int32_t hks_init_buffer(void)
{
if (g_storage_image_buffer == NULL)
return HKS_ERROR_NULL_POINTER;
if (memset_s(g_storage_image_buffer, HKS_BUF_BYTES, 0, HKS_BUF_BYTES) != EOK)
return HKS_ERROR_BAD_STATE;
//将刚刚申请的数组进行初始化为0
/* Generate random nonce for sealing */
//即时数组,初始化为0
uint8_t nonce[HKS_SEALING_NONCE_SIZE] = {0};
/* Generate random nonce */
//生成随机数写进nonce数组
int32_t ret = hks_gen_random(nonce, HKS_SEALING_NONCE_SIZE);
if (ret != HKS_STATUS_OK)
return ret;
/* encode extra internal info */
uint32_t n = 0;
uint16_t version = 0;
uint8_t key_count = 0;
uint8_t slot_count = 0;
uint32_t sealing_alg = HKS_SEALING_DEFAULT;
//一些变量的初始化
n += hks_blob_write_uint16((g_storage_image_buffer + n), version); /* version */
n += hks_blob_write_uint8((g_storage_image_buffer + n), key_count); /* key_count */
n += hks_blob_write_uint8((g_storage_image_buffer + n), slot_count); /* slot_count */
n += hks_blob_write_uint32((g_storage_image_buffer + n), sealing_alg); /* sealing_alg */
//将四个变量写进全局变量,其中n不断增加写进的字节数,这样可以用来计算下一次写进的位置
/* sealing_nonce */
ret = hks_blob_write_buf((g__buffer + n), (hks_get_header_len() - n), nonce,
HKS_SEALING_NONCE_SIZE, &n);
//将nonce中数据写进全局的内存缓冲区
if (ret != HKS_STATUS_OK)
return ret;
return HKS_STATUS_OK;
}
缓冲区的获取
//获取缓冲区
static uint8_t *hks_get_buffer(void)
{
return g_storage_image_buffer;
}
//缓冲区数据的清除(初始化0)
static void hks_clean_buffer(void)
{
if (g_storage_image_buffer == NULL) {
log_info("g_storage_image_buffer is null");
return;
}
(void)memset_s(g_storage_image_buffer, HKS_BUF_BYTES, 0, HKS_BUF_BYTES);
}
//缓冲区内存的释放
static void hks_free_buffer(void)
{
hks_clean_buffer();
hks_free_ptr(g_storage_image_buffer);
}
以上为该文件的部分代码,后面会带来后续代码解释。感谢阅读和点赞!