1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dslm_inner_process.h"
17
18 #include <stddef.h>
19 #include <stdint.h>
20
21 #include "device_security_defines.h"
22 #include "utils_datetime.h"
23 #include "utils_log.h"
24 #include "utils_state_machine.h"
25 #include "dslm_core_defines.h"
26 #include "dslm_credential.h"
27 #include "dslm_crypto.h"
28 #include "dslm_messenger_wrapper.h"
29 #include "dslm_msg_utils.h"
30 #include "dslm_cred.h"
31
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35
36 #define NONCE_ALIVE_TIME 60000
37
CheckAndGenerateChallenge(DslmDeviceInfo * device)38 int32_t CheckAndGenerateChallenge(DslmDeviceInfo *device)
39 {
40 if (device == NULL) {
41 return ERR_INVALID_PARA;
42 }
43
44 uint64_t curr = GetMillisecondSinceBoot();
45 if ((curr <= device->nonceTimeStamp) || (curr - device->nonceTimeStamp > NONCE_ALIVE_TIME) || device->nonce == 0) {
46 SECURITY_LOG_INFO("update nonce for device %{public}x", device->machine.machineId);
47 RandomValue rand = {0};
48 GenerateRandom(&rand, RANDOM_MAX_LEN);
49 device->nonce = *(uint64_t *)&rand.value[0];
50 device->nonceTimeStamp = curr;
51 }
52
53 return SUCCESS;
54 }
55
SendDeviceInfoRequest(DslmDeviceInfo * device)56 int32_t SendDeviceInfoRequest(DslmDeviceInfo *device)
57 {
58 if (device == NULL) {
59 return ERR_INVALID_PARA;
60 }
61
62 MessageBuff *buff = NULL;
63 int32_t ret = BuildDeviceSecInfoRequest(device->nonce, &buff);
64 if (ret != SUCCESS) {
65 return ERR_INVALID_PARA;
66 }
67 device->transNum++;
68 SendMsgToDevice(device->transNum, &device->identity, buff->buff, buff->length);
69
70 SECURITY_LOG_DEBUG("buff is %s", (char *)buff->buff);
71 SECURITY_LOG_INFO("challenge is %{public}x***, transNum is %{public}u",
72 (uint32_t)device->nonce, (uint32_t)device->transNum);
73 FreeMessageBuff(buff);
74 return SUCCESS;
75 }
76
VerifyDeviceInfoResponse(DslmDeviceInfo * device,const MessageBuff * buff)77 int32_t VerifyDeviceInfoResponse(DslmDeviceInfo *device, const MessageBuff *buff)
78 {
79 if (device == NULL || buff == NULL) {
80 return ERR_INVALID_PARA;
81 }
82
83 DslmCredBuff *cred = NULL;
84 uint64_t nonce = 0;
85 uint32_t version = 0;
86 int32_t ret;
87
88 do {
89 // Parse the msg
90 ret = ParseDeviceSecInfoResponse(buff, &nonce, &version, &cred);
91 if (ret != SUCCESS) {
92 SECURITY_LOG_ERROR("ParseDeviceSecInfoResponse failed, ret is %{public}d", ret);
93 break;
94 }
95 device->version = version;
96 if (nonce != device->nonce || nonce == 0) {
97 ret = ERR_CHALLENGE_ERR;
98 SECURITY_LOG_ERROR("nonce not equal");
99 DestroyDslmCred(cred);
100 break;
101 }
102 uint64_t curr = GetMillisecondSinceBoot();
103 if ((curr <= device->nonceTimeStamp) || (curr - device->nonceTimeStamp > NONCE_ALIVE_TIME)) {
104 ret = ERR_CHALLENGE_ERR;
105 SECURITY_LOG_ERROR("nonce expired");
106 DestroyDslmCred(cred);
107 break;
108 }
109 // process
110 ret = DefaultVerifyDslmCred(&device->identity, device->nonce, cred, &device->credInfo);
111 DestroyDslmCred(cred);
112 } while (0);
113
114 SECURITY_LOG_INFO("challenge is %{public}x***, ret is %{public}d", (uint32_t)nonce, ret);
115 return ret;
116 }
117
118 #ifdef __cplusplus
119 }
120 #endif
121