• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "user_sign_centre.h"
17 
18 #include "securec.h"
19 
20 #include "adaptor_algorithm.h"
21 #include "adaptor_log.h"
22 #include "adaptor_time.h"
23 #include "token_key.h"
24 #include "idm_database.h"
25 
26 #define TOKEN_VALIDITY_PERIOD (10 * 60 * 1000)
27 
IsTimeValid(const UserAuthTokenHal * userAuthToken)28 static bool IsTimeValid(const UserAuthTokenHal *userAuthToken)
29 {
30     uint64_t currentTime = GetSystemTime();
31     if (currentTime < userAuthToken->time) {
32         return false;
33     }
34     if (currentTime - userAuthToken->time > TOKEN_VALIDITY_PERIOD) {
35         return false;
36     }
37     return true;
38 }
39 
UserAuthTokenSign(UserAuthTokenHal * userAuthToken)40 ResultCode UserAuthTokenSign(UserAuthTokenHal *userAuthToken)
41 {
42     if (userAuthToken == NULL) {
43         LOG_ERROR("userAuthToken is null");
44         return RESULT_BAD_PARAM;
45     }
46     userAuthToken->version = TOKEN_VERSION;
47     ResultCode ret = RESULT_SUCCESS;
48     Buffer *data = CreateBufferByData((uint8_t *)userAuthToken, AUTH_TOKEN_DATA_LEN);
49     Buffer *key = GetTokenKey();
50     Buffer *sign = NULL;
51     if (data == NULL || key == NULL) {
52         LOG_ERROR("lack of member");
53         ret = RESULT_NO_MEMORY;
54         goto EXIT;
55     }
56 
57     if (HmacSha256(key, data, &sign) != RESULT_SUCCESS || !IsBufferValid(sign)) {
58         ret = RESULT_GENERAL_ERROR;
59         goto EXIT;
60     }
61 
62     if (memcpy_s(userAuthToken->sign, SHA256_SIGN_LEN, sign->buf, sign->contentSize) != EOK) {
63         LOG_ERROR("sign copy failed");
64         ret = RESULT_BAD_COPY;
65         goto EXIT;
66     }
67 
68 EXIT:
69     DestoryBuffer(data);
70     DestoryBuffer(key);
71     DestoryBuffer(sign);
72     return ret;
73 }
74 
UserAuthTokenVerify(const UserAuthTokenHal * userAuthToken)75 ResultCode UserAuthTokenVerify(const UserAuthTokenHal *userAuthToken)
76 {
77     if (userAuthToken == NULL) {
78         LOG_ERROR("userAuthToken is null");
79         return RESULT_BAD_PARAM;
80     }
81 
82     if (!IsTimeValid(userAuthToken)) {
83         LOG_ERROR("token timeout");
84         return RESULT_TOKEN_TIMEOUT;
85     }
86     ResultCode ret = RESULT_SUCCESS;
87     Buffer *data = CreateBufferByData((uint8_t *)userAuthToken, AUTH_TOKEN_DATA_LEN);
88     Buffer *key = GetTokenKey();
89     Buffer *sign = CreateBufferByData((uint8_t *)userAuthToken->sign, SHA256_SIGN_LEN);
90     Buffer *rightSign = NULL;
91     if (data == NULL || key == NULL || sign == NULL) {
92         LOG_ERROR("lack of member");
93         ret = RESULT_NO_MEMORY;
94         goto EXIT;
95     }
96 
97     if (HmacSha256(key, data, &rightSign) != RESULT_SUCCESS || !IsBufferValid(rightSign)) {
98         ret = RESULT_GENERAL_ERROR;
99         goto EXIT;
100     }
101 
102     if (!CompareBuffer(rightSign, sign)) {
103         LOG_ERROR("sign compare failed");
104         ret = RESULT_BAD_SIGN;
105     }
106 
107 EXIT:
108     DestoryBuffer(data);
109     DestoryBuffer(key);
110     DestoryBuffer(sign);
111     DestoryBuffer(rightSign);
112     return ret;
113 }
114 
GetTokenDataAndSign(const UserAuthContext * context,uint64_t credentialId,uint32_t authMode,UserAuthTokenHal * authToken)115 ResultCode GetTokenDataAndSign(const UserAuthContext *context,
116     uint64_t credentialId, uint32_t authMode, UserAuthTokenHal *authToken)
117 {
118     if (context == NULL || authToken == NULL) {
119         LOG_ERROR("context or authToken is null");
120         return RESULT_BAD_PARAM;
121     }
122     EnrolledInfoHal enrolledInfo = {};
123     int32_t ret = GetEnrolledInfoAuthType(context->userId, context->authType, &enrolledInfo);
124     if (ret != RESULT_SUCCESS) {
125         LOG_ERROR("get enrolled info failed");
126         return ret;
127     }
128     uint64_t secureUid;
129     ret = GetSecureUid(context->userId, &secureUid);
130     if (ret != RESULT_SUCCESS) {
131         LOG_ERROR("get secure uid failed");
132         return ret;
133     }
134     if (memcpy_s(authToken->challenge, CHALLENGE_LEN, context->challenge, CHALLENGE_LEN) != EOK) {
135         LOG_ERROR("failed to copy challenge");
136         return RESULT_BAD_COPY;
137     }
138     authToken->authTrustLevel = context->authTrustLevel;
139     authToken->authType = context->authType;
140     authToken->authMode = authMode;
141     authToken->secureUid = secureUid;
142     authToken->credentialId = credentialId;
143     authToken->enrolledId = enrolledInfo.enrolledId;
144     authToken->time = GetSystemTime();
145     authToken->version = TOKEN_VERSION;
146     return UserAuthTokenSign(authToken);
147 }
148