1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef PIN_DB_H 17 #define PIN_DB_H 18 19 #include "defines.h" 20 #include "buffer.h" 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif // __cplusplus 25 26 #define MAX_USER_NAME_LEN 32 27 #define INVALID_TEMPLATE_ID 0xFFFFFFFFFFFFFFFF 28 #define PIN_DB_TWO_PARAMS 2 29 #define MAX_RANDOM_TIME 10 30 #define DEFAULT_FILE_HEAD "/data/service/el1/public/pinauth/" 31 #define MAX_UINT_LEN 21 32 #define MAX_CRYPTO_INFO_SIZE 100 33 #define CURRENT_VERSION 0 34 #define PIN_INDEX_NAME "/data/service/el1/public/pinauth/PinIndexDb" 35 #define MAX_FILE_NAME_LEN 256 36 #define CRYPTO_SUFFIX "_CryptoInfo" 37 #define ANTI_BRUTE_SUFFIX "_BruteForceCount" 38 #define SALT_SUFFIX "_salt" 39 #define SECRET_SUFFIX "_secret" 40 #define SALT_PREFIX "hkdf_salt" 41 #define CREDENTIAL_PREFIX "template_encryption_key" 42 #define INIT_AUTH_ERROR_COUNT 0 43 #define INIT_START_FREEZE_TIMES 0 44 #define DEFAULT_VALUE 1 45 #define REMAINING_TIMES_FREEZE 1 46 #define FIRST_ANTI_BRUTE_COUNT 5 47 #define SECOND_ANTI_BRUTE_COUNT 8 48 #define THIRD_ANTI_BRUTE_COUNT 11 49 #define ANTI_BRUTE_COUNT_FREQUENCY 3 50 #define ANTI_BRUTE_INTERVAL_COUNT 2 51 #define ATTI_BRUTE_FIRST_STAGE 100 52 #define ATTI_BRUTE_SECOND_STAGE 140 53 #define ONE_MIN_TIME 60 54 #define TEN_MIN_TIME 600 55 #define THIRTY_MIN_TIME 1800 56 #define ONE_HOUR_TIME 3600 57 #define ONE_DAY_TIME 86400 58 #define FIRST_EXPONENTIAL_PARA 30 59 #define SECOND_EXPONENTIAL_PARA 2 60 #define THIRD_EXPONENTIAL_PARA 10 61 #define MS_OF_S 1000ull 62 #define CONST_PIN_DATA_LEN 64U 63 #define CONST_PIN_DATA_EXPAND_LEN 92U 64 #define CONST_SALT_LEN 32U 65 #define CONST_PUB_KEY_LEN 32U 66 #define CONST_CREDENTIAL_PREFIX_LEN 32U 67 #define CONST_EXPAND_DATA_LEN 128U 68 #define RESULT_TLV_LEN 240U 69 70 typedef struct { 71 uint64_t templateId; 72 uint64_t subType; 73 } __attribute__((__packed__)) PinIndex; 74 75 typedef struct { 76 uint32_t version; 77 uint32_t pinIndexLen; 78 PinIndex *pinIndex; 79 bool isLoaded; 80 } __attribute__((__packed__)) PinDb; 81 82 typedef struct { 83 uint32_t authErrorConut; 84 uint64_t startFreezeTime; 85 } __attribute__((__packed__)) AntiBruteInfo; 86 87 typedef struct { 88 uint64_t scheduleId; 89 uint64_t subType; 90 uint8_t salt[CONST_SALT_LEN]; 91 uint8_t pinData[CONST_PIN_DATA_LEN]; 92 } __attribute__((__packed__)) PinEnrollParam; 93 94 void InitPinDb(void); 95 void DestroyPinDb(void); 96 97 ResultCode AddPin(PinEnrollParam *pinEnrollParam, uint64_t *templateId, Buffer *outRootSecret); 98 ResultCode DoGetSalt(uint64_t templateId, uint8_t *salt, uint32_t *saltLen); 99 ResultCode DelPinById(uint64_t templateId); 100 ResultCode AuthPinById(const uint8_t *inputData, const uint32_t inputDataLen, uint64_t templateId, 101 Buffer *outRootSecret); 102 ResultCode ComputeFreezeTime(uint64_t templateId, uint32_t *remainingFT, uint32_t count, uint64_t startFreezeTime); 103 ResultCode GetRemainTimes(uint64_t templateId, uint32_t *remainingAuthTimes, uint32_t authErrorConut); 104 ResultCode GetSubType(uint64_t templateId, uint64_t *subType); 105 ResultCode GetAntiBruteInfo(uint64_t templateId, uint32_t *authErrorConut, uint64_t *startFreezeTime); 106 ResultCode VerifyTemplateDataPin(const uint64_t *templateIdList, uint32_t templateIdListLen); 107 108 #ifdef __cplusplus 109 } 110 #endif // __cplusplus 111 #endif // PIN_DB_H