一、概述
在设备认证过程中,pake协议用于认证会话密钥协商,基于该会话密钥,双方可以安全地交换各自的身份公钥。从本文开始,将对pake协议的详细过程进行介绍,本博客主要介绍客户端发起start请求的过程,协议状态从PROTOCOL_INIT转换为START_REQUEST。
二、源码分析
这一模块的源码位于:/base/security/deviceauth。
1. start_pake函数,启动pake模块。
/*
函数功能:启动pake模块
函数参数:
handle:hichain实例
params:操作参数
函数返回值:
成功:0
失败:error
*/
DLL_API_PUBLIC int32_t start_pake(hc_handle handle, const struct operation_parameter *params)
{
LOGI("Begin start pake");
check_ptr_return_val(handle, HC_INPUT_ERROR);//检查参数有效性
check_ptr_return_val(params, HC_INPUT_ERROR);
struct hichain *hichain = (struct hichain *)handle;//获取hichain实例
int32_t ret = build_object(hichain, PAKE_MODULAR, true, params);//构建PAKE_MODULAR client子对象
if (ret != HC_OK) {
LOGE("Build pake client sub object failed, error code is %d", ret);
return ret;
}
ret = triggered_pake_client(hichain, BIND);//触发pake client子对象,发起设备绑定
LOGI("Triggered pake client error code is %d", ret);
LOGI("End start pake");
return ret;
}
2. 首先调用build_object函数构建pake客户端对象。
/*
函数功能:构建HiChain子对象
函数参数:
hichain:HiChain实例
modular:消息模块类型
is_client:是否是client
params:构建参数
函数返回值:
成功:返回0 HC_OK
失败:返回错误码
详细:
*/
int32_t build_object(struct hichain *hichain, int32_t modular, bool is_client, const void *params)
{
//初始化HC对象表map
const struct object_map map[] = {
{
PAKE_MODULAR, true, (void **)&hichain->pake_client },//pake客户端
{
PAKE_MODULAR, false, (void **)&hichain->pake_server },//pake服务端
{
STS_MODULAR, true, (void **)&hichain->sts_client },//sts客户端
{
STS_MODULAR, false, (void **)&hichain->sts_server },//sts服务端
{
ADD_MODULAR, true, (void **)&hichain->auth_info },//认证信息
{
REMOVE_MODULAR, true, (void **)&hichain->auth_info },//认证信息
{
SEC_CLONE_MODULAR, false, (void **)&hichain->sec_clone_server } };//安全克隆服务端
void **object = get_object(map, sizeof(map) / sizeof(map[0]), modular, is_client);//根据消息模块类型获取HC对象
if ((object == NULL) || (*object != NULL)) {
//获取失败
DBG_OUT("No sub-objects need to be applied for");
return HC_OK;
}
if (check_mutex_object_is_null(map, sizeof(map) / sizeof(map[0]), modular, is_client) == false) {
//检查互斥对象是否为空
LOGE("The mutex sub-object have been created, create %d:%d sub-object failed", modular, is_client);
return HC_REPEATED_REFERENCE;
}
if (check_depend_object_is_not_null(map, sizeof(map) / sizeof(map[0]), modular, is_client) == false) {
//检查依赖对象是否为非空
LOGE("The depend sub-object is not created, create %d:%d sub-object failed", modular, is_client);
return HC_NEED_DEPEND;
}
*object = build_object_by_modular(hichain, modular, is_client, params);//根据消息模块协议类型构建子对象
if (*object == NULL) {
LOGE("Create %d:%d sub-object failed", modular, is_client);
return HC_BUILD_OBJECT_FAILED;//构建失败
}
DBG_OUT("Create %d:%d sub-object success", modular, is_client);
return HC_OK;
}
3. 实际上最终是执行build_pake_client_object函数构建客户端对象。
/*
函数功能:构建pake协议客户端对象
函数参数:
hichain:hichain实例
params:参数
函数返回值:
成功:子对象首地址
失败:NULL
*/
static void *build_pake_client_object(struct hic