1 /*
2 * Copyright (c) 2020 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "securec.h"
17 #include "commonutil.h"
18 #include "distribution.h"
19 #include "log.h"
20 #include "parsedata.h"
21 #include "jsonutil.h"
22 #include "auth_info.h"
23 #include "add_auth_info.h"
24 #include "build_object.h"
25 #include "mem_stat.h"
26 #include "huks_adapter.h"
27 #include "sec_clone_server.h"
28
29 #define LIST_TRUST_PEER_DEF_COUNT 0
30
31 #define FREE_SEND_DATA_FUNC(name) \
32 { \
33 if (((name)->cipher.val != NULL) && ((name)->cipher.length > 0)) { \
34 FREE((name)->cipher.val); \
35 (name)->cipher.val = NULL; \
36 } \
37 break; \
38 }
39
40 #define FREE_SEC_SEND_DATA_FUNC(name) \
41 { \
42 if ((name)->val != NULL) { \
43 FREE((name)->val); \
44 (name)->val = NULL; \
45 } \
46 break; \
47 }
48
49 #ifdef DESC
50 #undef DESC
51 #endif
52 #define DESC(...) 1
53
54 static void encap_inform_message(int32_t error_code, struct message *send);
55 static int32_t deserialize_message(const struct uint8_buff *data, struct message *receive);
56 static int32_t deserialize_message_with_json_object(const void *json_object, struct message *receive);
57 static int32_t build_send_data_by_struct(const struct message *message, void **send_data, uint32_t *send_data_len);
58 static void destroy_receive_data_struct(const struct message *message);
59 static void destroy_send_data(struct message *message);
60 static void set_result(struct hichain *hichain, uint16_t rcv_msg_code, uint16_t snd_msg_code, int32_t error_code);
61 static int32_t check_identity(const struct session_identity *identity);
62 static int32_t check_call_back(const struct hc_call_back *call_back);
63 static int32_t check_auth_info(const struct hc_user_info *user_info);
64 static int32_t delete_base_key(struct service_id service_id, struct operation_parameter para);
65 static int32_t delete_public_key(hc_handle handle, struct service_id service_id, int32_t user_type);
66 #if !(defined(_CUT_STS_) || defined(_CUT_STS_SERVER_) || defined(_CUT_EXCHANGE_) || defined(_CUT_EXCHANGE_SERVER_))
67 static void build_self_lt_key_pair(const struct hichain *hichain);
68 #endif
69
70 #if DESC("api")
get_instance(const struct session_identity * identity,enum hc_type type,const struct hc_call_back * call_back)71 DLL_API_PUBLIC hc_handle get_instance(const struct session_identity *identity, enum hc_type type,
72 const struct hc_call_back *call_back)
73 {
74 LOGI("Begin get instance");
75 if (check_identity(identity) != HC_OK) {
76 LOGE("Identity error");
77 return NULL;
78 }
79 if (check_call_back(call_back) != HC_OK) {
80 LOGE("Call back error");
81 return NULL;
82 }
83
84 #if !(defined(_CUT_STS_) || defined(_CUT_STS_SERVER_) || defined(_CUT_EXCHANGE_) || defined(_CUT_EXCHANGE_SERVER_))
85 int32_t ret = key_info_init();
86 if (ret != HC_OK) {
87 LOGE("Call key info init failed, status=%d", ret);
88 return NULL;
89 }
90 #endif
91
92 struct hichain *hichain = (struct hichain *)MALLOC(sizeof(struct hichain));
93 if (hichain == NULL) {
94 LOGE("Alloc memory failed");
95 return NULL;
96 }
97 (void)memset_s(hichain, sizeof(*hichain), 0, sizeof(*hichain));
98 hichain->identity = *identity;
99 hichain->type = type;
100 hichain->state = INIT_STATE;
101 hichain->last_state = INIT_STATE;
102 hichain->cb = *call_back;
103
104 #if !(defined(_CUT_STS_) || defined(_CUT_STS_SERVER_) || defined(_CUT_EXCHANGE_) || defined(_CUT_EXCHANGE_SERVER_))
105 build_self_lt_key_pair(hichain);
106 #endif
107
108 LOGI("Get instance success");
109 return hichain;
110 }
111
destroy(hc_handle * handle)112 DLL_API_PUBLIC void destroy(hc_handle *handle)
113 {
114 LOGI("Begin destroy");
115 check_ptr_return(handle);
116 check_ptr_return(*handle);
117 struct hichain *hichain = (struct hichain *)*handle;
118
119 if (hichain->pake_server != NULL) {
120 destroy_pake_server(hichain->pake_server);
121 }
122 if (hichain->pake_client != NULL) {
123 destroy_pake_client(hichain->pake_client);
124 }
125 if (hichain->sts_server != NULL) {
126 destroy_sts_server(hichain->sts_server);
127 }
128 if (hichain->sts_client != NULL) {
129 destroy_sts_client(hichain->sts_client);
130 }
131 if (hichain->auth_info != NULL) {
132 destroy_auth_client(hichain->auth_info);
133 }
134 if (hichain->sec_clone_server != NULL) {
135 destroy_sec_clone_server(hichain->sec_clone_server);
136 }
137 FREE(hichain);
138 *handle = NULL;
139 LOGI("End destroy");
140 }
141
set_context(hc_handle handle,void * context)142 DLL_API_PUBLIC void set_context(hc_handle handle, void *context)
143 {
144 LOGI("Begin set context");
145 check_ptr_return(handle);
146 check_ptr_return(context);
147 struct hichain *hichain = (struct hichain *)handle;
148
149 hichain->identity.context = context;
150 LOGI("End set context");
151 }
152
receive_data(hc_handle handle,struct uint8_buff * data)153 DLL_API_PUBLIC int32_t receive_data(hc_handle handle, struct uint8_buff *data)
154 {
155 LOGI("Begin receive data");
156 check_ptr_return_val(handle, HC_INPUT_ERROR);
157 check_ptr_return_val(data, HC_INPUT_ERROR);
158 check_ptr_return_val(data->val, HC_INPUT_ERROR);
159
160 LOGI("Receive data from peer");
161 struct hichain *hichain = (struct hichain *)handle;
162 struct message receive = { 0, 0, 0 };
163 struct message send = { INFORM_MESSAGE, 0, 0 };
164 void *send_data = NULL;
165 uint32_t send_data_len = 0;
166 int32_t ret = deserialize_message(data, &receive);
167 if (ret != HC_OK) {
168 goto inform;
169 }
170 struct header_analysis nav = navigate_message(receive.msg_code);
171 ret = check_message_support(hichain, &nav, &receive);
172 if (ret != HC_OK) {
173 goto inform;
174 }
175 ret = build_object(hichain, nav.modular, !nav.is_request_msg, NULL);
176 if (ret != HC_OK) {
177 goto inform;
178 }
179 ret = proc_message(hichain, &nav, &receive, &send);
180 if (ret != HC_OK) {
181 goto inform;
182 }
183 ret = connect_message(hichain, &nav, &send);
184
185 inform:
186 encap_inform_message(ret, &send);
187
188 /* serialization */
189 ret = build_send_data_by_struct(&send, &send_data, &send_data_len);
190 if (ret == HC_OK) {
191 DBG_OUT("Send data to peer");
192 hichain->cb.transmit(&hichain->identity, send_data, send_data_len);
193 FREE(send_data);
194 } else if (ret == HC_NO_MESSAGE_TO_SEND) {
195 LOGI("Had no message to send");
196 ret = HC_OK;
197 } else {
198 LOGE("build send data failed, error code is %d", ret);
199 }
200 set_result(hichain, receive.msg_code, send.msg_code, ret);
201
202 destroy_receive_data_struct(&receive);
203 destroy_send_data(&send);
204 LOGI("End receive data");
205 return ret; /* hc_error */
206 }
207
init_center(const struct hc_package_name * package_name,const struct hc_service_type * service_type,const struct hc_auth_id * auth_id,struct hc_key_alias * dek)208 int32_t init_center(const struct hc_package_name *package_name, const struct hc_service_type *service_type,
209 const struct hc_auth_id *auth_id, struct hc_key_alias *dek)
210 #if (defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_))
211 {
212 LOGI("Begin init center");
213 check_ptr_return_val(package_name, HC_INPUT_ERROR);
214 check_ptr_return_val(service_type, HC_INPUT_ERROR);
215 check_ptr_return_val(auth_id, HC_INPUT_ERROR);
216 check_ptr_return_val(dek, HC_INPUT_ERROR);
217
218 struct session_identity identity;
219 identity.session_id = 0;
220 identity.package_name = *package_name;
221 identity.service_type = *service_type;
222 struct service_id service_id = generate_service_id(&identity);
223 struct hc_auth_id origin_id;
224 int32_t ret = hex_string_to_byte((char *)auth_id->auth_id, auth_id->length, origin_id.auth_id);
225 if (ret != HC_OK) {
226 LOGE("auth_id convert failed");
227 return ret;
228 }
229 origin_id.length = auth_id->length / BYTE_TO_HEX_OPER_LENGTH;
230
231 struct hc_key_alias kek_alias = generate_key_alias(&service_id, &origin_id, KEY_ALIAS_KEK);
232 struct hc_key_alias dek_alias = generate_key_alias(&service_id, &origin_id, KEY_ALIAS_DEK);
233 struct hc_key_alias base_alias = generate_key_alias(&service_id, &origin_id, KEY_ALIAS_LT_KEY_PAIR);
234
235 ret = gen_derived_key(&base_alias, &kek_alias);
236 if (ret != HC_OK) {
237 LOGE("Generate derived kek failed");
238 return ret;
239 }
240 ret = gen_derived_key(&base_alias, &dek_alias);
241 if (ret != HC_OK) {
242 LOGE("Generate derived dek failed");
243 return ret;
244 }
245 if (memcpy_s(dek, sizeof(struct hc_key_alias), &dek_alias, sizeof(struct hc_key_alias)) != EOK) {
246 return HC_INNER_ERROR;
247 }
248
249 LOGI("End init center");
250 return HC_OK;
251 }
252 #else
253 {
254 LOGE("Secclone has been cut, init center not support");
255 (void)package_name;
256 (void)service_type;
257 (void)auth_id;
258 (void)dek;
259 return HC_UNSUPPORT;
260 }
261 #endif
262
receive_data_with_json_object(hc_handle handle,const void * json_object)263 DLL_API_PUBLIC int32_t receive_data_with_json_object(hc_handle handle, const void *json_object)
264 {
265 LOGI("Begin receive data json object");
266 check_ptr_return_val(handle, HC_INPUT_ERROR);
267 check_ptr_return_val(json_object, HC_INPUT_ERROR);
268
269 LOGI("Receive data from peer");
270 struct hichain *hichain = (struct hichain *)handle;
271 struct message receive = { 0, 0, 0 };
272 struct message send = { INFORM_MESSAGE, 0, 0 };
273 void *send_data = NULL;
274 uint32_t send_data_len = 0;
275 int32_t ret = deserialize_message_with_json_object(json_object, &receive);
276 if (ret != HC_OK) {
277 goto inform;
278 }
279 struct header_analysis nav = navigate_message(receive.msg_code);
280 ret = check_message_support(hichain, &nav, &receive);
281 if (ret != HC_OK) {
282 goto inform;
283 }
284 ret = build_object(hichain, nav.modular, !nav.is_request_msg, NULL);
285 if (ret != HC_OK) {
286 goto inform;
287 }
288 ret = proc_message(hichain, &nav, &receive, &send);
289 if (ret != HC_OK) {
290 goto inform;
291 }
292 ret = connect_message(hichain, &nav, &send);
293
294 inform:
295 encap_inform_message(ret, &send);
296
297 /* serialization */
298 ret = build_send_data_by_struct(&send, &send_data, &send_data_len);
299 if (ret == HC_OK) {
300 DBG_OUT("Send data to peer");
301 hichain->cb.transmit(&hichain->identity, send_data, send_data_len);
302 FREE(send_data);
303 } else if (ret == HC_NO_MESSAGE_TO_SEND) {
304 LOGI("Had no message to send");
305 ret = HC_OK;
306 } else {
307 LOGE("build send data failed, error code is %d", ret);
308 }
309 set_result(hichain, receive.msg_code, send.msg_code, ret);
310
311 destroy_receive_data_struct(&receive);
312 destroy_send_data(&send);
313 LOGI("End receive data json object");
314 return ret; /* hc_error */
315 }
316
317 static int32_t triggered_sts_client(struct hichain *hichain, int32_t operation_code);
add_auth_info(hc_handle handle,const struct operation_parameter * params,const struct hc_auth_id * auth_id,int32_t user_type)318 int32_t add_auth_info(hc_handle handle, const struct operation_parameter *params,
319 const struct hc_auth_id *auth_id, int32_t user_type)
320 #if (defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_))
321 {
322 LOGI("Begin add auth info");
323 check_ptr_return_val(handle, HC_INPUT_ERROR);
324 check_ptr_return_val(params, HC_INPUT_ERROR);
325 check_ptr_return_val(auth_id, HC_INPUT_ERROR);
326 struct hichain *hichain = (struct hichain *)handle;
327
328 int32_t ret = build_object(hichain, STS_MODULAR, true, params);
329 if (ret != HC_OK) {
330 LOGE("Build sts client sub object failed, error code is %d", ret);
331 return ret;
332 }
333
334 struct auth_info_cache auth_info = {
335 .user_type = user_type,
336 .auth_id = *auth_id
337 };
338 ret = build_object(hichain, ADD_MODULAR, true, &auth_info);
339 if (ret != HC_OK) {
340 LOGE("Build sts client sub object failed, error code is %d", ret);
341 return ret;
342 }
343
344 ret = triggered_sts_client(hichain, ADD_AUTHINFO);
345 LOGI("Triggered sts client error code is %d", ret);
346 LOGI("End add auth info");
347 return ret;
348 }
349 #else
350 {
351 LOGE("Secclone has been cut, add auth info not support");
352 (void)handle;
353 (void)params;
354 (void)auth_id;
355 (void)user_type;
356 return HC_UNSUPPORT;
357 }
358 #endif
359
remove_auth_info(hc_handle handle,const struct operation_parameter * params,const struct hc_auth_id * auth_id,int32_t user_type)360 int32_t remove_auth_info(hc_handle handle, const struct operation_parameter *params,
361 const struct hc_auth_id *auth_id, int32_t user_type)
362 #if (defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_))
363 {
364 LOGI("Begin remove auth info");
365 check_ptr_return_val(handle, HC_INPUT_ERROR);
366 check_ptr_return_val(params, HC_INPUT_ERROR);
367 check_ptr_return_val(auth_id, HC_INPUT_ERROR);
368 struct hichain *hichain = (struct hichain *)handle;
369
370 int32_t ret = build_object(hichain, STS_MODULAR, true, params);
371 if (ret != HC_OK) {
372 LOGE("Build sts client sub object failed, error code is %d", ret);
373 return ret;
374 }
375
376 struct auth_info_cache auth_info = {
377 .user_type = user_type,
378 .auth_id = *auth_id
379 };
380 ret = build_object(hichain, REMOVE_MODULAR, true, &auth_info);
381 if (ret != HC_OK) {
382 LOGE("Build remove client sub object failed, error code is %d", ret);
383 return ret;
384 }
385
386 ret = triggered_sts_client(hichain, REMOVE_AUTHINFO);
387 LOGI("Triggered sts client error code is %d", ret);
388 LOGI("End remove auth info");
389 return ret;
390 }
391 #else
392 {
393 LOGE("Secclone has been cut, remove auth info not support");
394 (void)handle;
395 (void)params;
396 (void)auth_id;
397 (void)user_type;
398 return HC_UNSUPPORT;
399 }
400 #endif
401
set_self_auth_id(hc_handle handle,struct uint8_buff * data)402 DLL_API_PUBLIC void set_self_auth_id(hc_handle handle, struct uint8_buff *data)
403 {
404 LOGI("Begin set self auth id");
405 check_ptr_return(handle);
406 check_ptr_return(data);
407 check_ptr_return(data->val);
408 struct hichain *hichain = (struct hichain *)handle;
409
410 if ((hichain->pake_server != NULL) && (hichain->pake_server->self_id.length == 0)) {
411 if (data->length <= 0) {
412 return;
413 }
414 uint32_t copy_len = (data->length < HC_AUTH_ID_BUFF_LEN) ? data->length : HC_AUTH_ID_BUFF_LEN;
415 if (memcpy_s(hichain->pake_server->self_id.auth_id, HC_AUTH_ID_BUFF_LEN, data->val, copy_len) != EOK) {
416 LOGE("memory copy error");
417 return;
418 }
419 hichain->pake_server->self_id.length = copy_len;
420 }
421 LOGI("End set self auth id");
422 }
423
424 static int32_t triggered_pake_client(struct hichain *hichain, int32_t operation_code);
start_pake(hc_handle handle,const struct operation_parameter * params)425 DLL_API_PUBLIC int32_t start_pake(hc_handle handle, const struct operation_parameter *params)
426 {
427 LOGI("Begin start pake");
428 check_ptr_return_val(handle, HC_INPUT_ERROR);
429 check_ptr_return_val(params, HC_INPUT_ERROR);
430 struct hichain *hichain = (struct hichain *)handle;
431
432 int32_t ret = build_object(hichain, PAKE_MODULAR, true, params);
433 if (ret != HC_OK) {
434 LOGE("Build pake client sub object failed, error code is %d", ret);
435 return ret;
436 }
437
438 ret = triggered_pake_client(hichain, BIND);
439 LOGI("Triggered pake client error code is %d", ret);
440 LOGI("End start pake");
441 return ret;
442 }
443
444 #ifndef _CUT_API_
445
authenticate_peer(hc_handle handle,struct operation_parameter * params)446 DLL_API_PUBLIC int32_t authenticate_peer(hc_handle handle, struct operation_parameter *params)
447 {
448 LOGI("Begin authenticate peer");
449 check_ptr_return_val(handle, HC_INPUT_ERROR);
450 check_ptr_return_val(params, HC_INPUT_ERROR);
451 struct hichain *hichain = (struct hichain *)handle;
452
453 int32_t ret = build_object(hichain, STS_MODULAR, true, params);
454 if (ret != HC_OK) {
455 LOGE("Build sts client sub object failed, error code is %d", ret);
456 return ret;
457 }
458
459 ret = triggered_sts_client(hichain, AUTHENTICATE);
460 LOGI("Triggered sts client error code is %d", ret);
461 LOGI("End authenticate peer");
462 return ret;
463 }
464
delete_local_auth_info(hc_handle handle,struct hc_user_info * user_info)465 DLL_API_PUBLIC int32_t delete_local_auth_info(hc_handle handle, struct hc_user_info *user_info)
466 {
467 LOGI("Begin delete local auth info");
468 check_ptr_return_val(handle, HC_INPUT_ERROR);
469 if (check_auth_info(user_info) != HC_OK) {
470 LOGE("User info is error");
471 return HC_INPUT_ERROR;
472 }
473
474 struct hichain *hichain = (struct hichain *)handle;
475 struct service_id service_id = generate_service_id(&hichain->identity);
476 if (service_id.length == 0) {
477 LOGE("Generate service id failed");
478 return HC_GEN_SERVICE_ID_FAILED;
479 }
480
481 struct hc_pin pin = { 0, {0} };
482 struct operation_parameter para;
483 (void)memset_s(¶, sizeof(para), 0, sizeof(para));
484
485 hichain->cb.get_protocol_params(&hichain->identity, REMOVE_ALL_AUTHINFO, &pin, ¶);
486 if (para.self_auth_id.length > 0) {
487 if (memcmp(para.self_auth_id.auth_id, user_info->auth_id.auth_id, para.self_auth_id.length) == 0) {
488 int32_t ret_base = delete_base_key(service_id, para);
489 int32_t ret_accessor = delete_public_key(handle, service_id, KEY_ALIAS_ACCESSOR_PK);
490 int32_t ret_controller = delete_public_key(handle, service_id, KEY_ALIAS_CONTROLLER_PK);
491 if ((ret_base != HC_OK) || (ret_accessor != HC_OK) || (ret_controller != HC_OK)) {
492 LOGE("delete all key failed");
493 return ERROR_CODE_FAILED;
494 }
495 return HC_OK;
496 }
497 }
498
499 enum huks_key_alias_type alias_type = (user_info->user_type == HC_USER_TYPE_ACCESSORY ?
500 KEY_ALIAS_ACCESSOR_PK : KEY_ALIAS_CONTROLLER_PK);
501 struct hc_key_alias alias = generate_key_alias(&service_id, &(user_info->auth_id), alias_type);
502 if (alias.length == 0) {
503 LOGE("Generate key alias failed");
504 return HC_GEN_ALIAS_FAILED;
505 }
506 int32_t ret = check_lt_public_key_exist(&alias);
507 if (ret != HC_OK) {
508 LOGE("Check lt public key not exist!");
509 return HC_OK; /* ipc 65541 time out, temporarily return ok */
510 }
511 ret = delete_lt_public_key(&alias);
512 if (ret != HC_OK) {
513 LOGE("delete lt public key is %d", ret);
514 return ret;
515 }
516 LOGI("End delete local auth info");
517 return HC_OK;
518 }
519
is_trust_peer(hc_handle handle,struct hc_user_info * user_info)520 DLL_API_PUBLIC int32_t is_trust_peer(hc_handle handle, struct hc_user_info *user_info)
521 {
522 LOGI("Begin is trust peer");
523 check_ptr_return_val(handle, HC_NOT_TRUST_PEER);
524 if (check_auth_info(user_info) != HC_OK) {
525 LOGE("User info is error");
526 return HC_NOT_TRUST_PEER;
527 }
528
529 struct hichain *hichain = (struct hichain *)handle;
530 struct service_id service_id = generate_service_id(&hichain->identity);
531 if (service_id.length == 0) {
532 LOGE("Generate service id failed");
533 return HC_GEN_SERVICE_ID_FAILED;
534 }
535 enum huks_key_alias_type alias_type = (user_info->user_type == HC_USER_TYPE_ACCESSORY ?
536 KEY_ALIAS_ACCESSOR_PK : KEY_ALIAS_CONTROLLER_PK);
537 struct hc_key_alias alias = generate_key_alias(&service_id, &(user_info->auth_id), alias_type);
538 if (alias.length == 0) {
539 LOGE("Generate key alias failed");
540 return HC_GEN_ALIAS_FAILED;
541 }
542 int32_t ret = check_lt_public_key_exist(&alias);
543 if (ret != ERROR_CODE_SUCCESS) {
544 LOGE("Check lt public key exist is %d", ret);
545 return HC_NOT_TRUST_PEER;
546 }
547 struct huks_key_type key_type;
548 struct hc_auth_id auth_id;
549
550 (void)memset_s(&key_type, sizeof(key_type), 0, sizeof(key_type));
551 ret = get_lt_key_info(&alias, &key_type, &auth_id);
552 if (ret != ERROR_CODE_SUCCESS) {
553 LOGE("Check lt public key exist is %d", ret);
554 return HC_NOT_TRUST_PEER;
555 }
556 LOGI("End is trust peer");
557 if (key_type.user_type == (uint8_t)HC_USER_TYPE_ACCESSORY) {
558 return HC_ACCESSORY_TRUST_PEER;
559 }
560 if (key_type.pair_type == (uint8_t)HC_PAIR_TYPE_BIND) {
561 return HC_BINDED_TRUST_PEER;
562 } else {
563 return HC_AUTHED_TRUST_PEER;
564 }
565 }
566
list_trust_peers(hc_handle handle,int32_t trust_user_type,struct hc_auth_id * owner_auth_id,struct hc_auth_id ** auth_id_list)567 DLL_API_PUBLIC uint32_t list_trust_peers(hc_handle handle, int32_t trust_user_type,
568 struct hc_auth_id *owner_auth_id, struct hc_auth_id **auth_id_list)
569 {
570 LOGI("Begin list trust peers");
571 struct hichain *hichain = (struct hichain *)handle;
572
573 check_ptr_return_val(hichain, LIST_TRUST_PEER_DEF_COUNT);
574 check_ptr_return_val(auth_id_list, LIST_TRUST_PEER_DEF_COUNT);
575 check_ptr_return_val(*auth_id_list, LIST_TRUST_PEER_DEF_COUNT);
576 if ((trust_user_type != HC_USER_TYPE_ACCESSORY) && (trust_user_type != HC_USER_TYPE_CONTROLLER)) {
577 LOGE("user type is not support");
578 return LIST_TRUST_PEER_DEF_COUNT;
579 }
580
581 if (owner_auth_id != NULL) {
582 struct service_id srv_id = generate_service_id(&hichain->identity);
583 if (srv_id.length == 0) {
584 LOGE("Generate service id failed");
585 return 0;
586 }
587 enum huks_key_alias_type alias_type = (trust_user_type == HC_USER_TYPE_ACCESSORY ?
588 KEY_ALIAS_ACCESSOR_PK : KEY_ALIAS_CONTROLLER_PK);
589 struct hc_key_alias owner_alias = generate_key_alias(&srv_id, owner_auth_id, alias_type);
590 if (owner_alias.length == 0) {
591 LOGE("Generate key alias failed");
592 return 0;
593 }
594 if (check_lt_public_key_exist(&owner_alias) != ERROR_CODE_SUCCESS) {
595 LOGE("not found this owner");
596 return 0;
597 }
598 if (check_key_alias_is_owner(&owner_alias) != ERROR_CODE_SUCCESS) {
599 LOGE("hc_auth_id is not owner");
600 return 0;
601 }
602 }
603
604 uint32_t count = LIST_TRUST_PEER_DEF_COUNT;
605 int32_t ret = get_lt_public_key_list(owner_auth_id, trust_user_type, *auth_id_list, &count);
606 LOGI("End list trust peers");
607 if ((ret != ERROR_CODE_SUCCESS) || (count == LIST_TRUST_PEER_DEF_COUNT)) {
608 return LIST_TRUST_PEER_DEF_COUNT;
609 }
610 return count;
611 }
612
import_auth_info(hc_handle handle,struct hc_user_info * user_info,struct hc_auth_id * auth_id,enum hc_export_type auth_info_type,struct uint8_buff * auth_info)613 DLL_API_PUBLIC int32_t import_auth_info(hc_handle handle, struct hc_user_info *user_info, struct hc_auth_id *auth_id,
614 enum hc_export_type auth_info_type, struct uint8_buff *auth_info)
615 #if (defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_))
616 {
617 LOGI("Begin import auth info");
618 (void)user_info;
619 struct hichain *hichain = (struct hichain *)handle;
620
621 check_ptr_return_val(hichain, HC_INPUT_ERROR);
622 check_ptr_return_val(auth_id, HC_INPUT_ERROR);
623 check_ptr_return_val(auth_info, HC_INPUT_ERROR);
624 check_ptr_return_val(auth_info->val, HC_INPUT_ERROR);
625
626 struct hc_auth_id origin_id;
627 int32_t ret = hex_string_to_byte((char *)auth_id->auth_id, auth_id->length, origin_id.auth_id);
628 if (ret != HC_OK) {
629 LOGE("Auth id convert failed");
630 return ret;
631 }
632 origin_id.length = auth_id->length / BYTE_TO_HEX_OPER_LENGTH;
633 origin_id.auth_id[origin_id.length] = '\0';
634
635 if (auth_info_type == EXPORT_DATA_SIGNED_AUTH_INFO) {
636 return import_signed_auth_info(hichain, &origin_id, auth_info);
637 } else if (auth_info_type == EXPORT_DATA_LITE_AUTH_INFO) {
638 return import_lite_auth_info(hichain, &origin_id, auth_info);
639 }
640 LOGE("Auth info type is not support, type is %u", auth_info_type);
641 return HC_UNSUPPORT;
642 }
643 #else
644 {
645 LOGI("Begin hilink import auth info");
646 (void)user_info;
647 struct hichain *hichain = (struct hichain *)handle;
648
649 check_ptr_return_val(hichain, HC_INPUT_ERROR);
650 check_ptr_return_val(auth_id, HC_INPUT_ERROR);
651 check_ptr_return_val(auth_info, HC_INPUT_ERROR);
652 check_ptr_return_val(auth_info->val, HC_INPUT_ERROR);
653
654 if (auth_info_type == EXPORT_DATA_SIGNED_AUTH_INFO) {
655 return import_signed_auth_info_hilink(hichain, auth_id, auth_info);
656 }
657
658 LOGE("Auth info type is not support, type is %u", auth_info_type);
659 return HC_UNSUPPORT;
660 }
661 #endif
662
663 #endif /* _CUT_XXX_ */
664 #endif /* DESC */
665
666 struct msg_result_map {
667 enum message_code msg_code;
668 enum hc_result result;
669 enum hichain_state state;
670 };
671
set_result_by_map(struct hichain * hichain,const struct msg_result_map * map)672 static void set_result_by_map(struct hichain *hichain, const struct msg_result_map *map)
673 {
674 if (map == NULL) {
675 return;
676 }
677 if (map->state != OPERATION_STATE) {
678 goto out;
679 }
680 if ((hichain->operation_code != AUTHENTICATE) && (hichain->operation_code != AUTH_KEY_AGREEMENT)) {
681 goto out;
682 }
683 if (hichain->state != OVER_STATE) {
684 hichain->last_state = hichain->state;
685 hichain->state = OVER_STATE;
686 }
687 hichain->cb.set_service_result(&hichain->identity, END_SUCCESS);
688 return;
689 out:
690 if (hichain->state != map->state) {
691 hichain->last_state = hichain->state;
692 hichain->state = map->state;
693 }
694 hichain->cb.set_service_result(&hichain->identity, map->result);
695 }
696
select_result_map(uint16_t rcv_msg_code,const struct msg_result_map * map,uint32_t n)697 const struct msg_result_map *select_result_map(uint16_t rcv_msg_code, const struct msg_result_map *map, uint32_t n)
698 {
699 for (uint32_t i = 0; i < n; i++) {
700 if (rcv_msg_code == map[i].msg_code) {
701 return &map[i];
702 }
703 }
704 return NULL;
705 }
706
set_result(struct hichain * hichain,uint16_t rcv_msg_code,uint16_t snd_msg_code,int32_t error_code)707 static void set_result(struct hichain *hichain, uint16_t rcv_msg_code, uint16_t snd_msg_code, int32_t error_code)
708 {
709 if (error_code != HC_OK) {
710 LOGE("Error code is not ok, and set end failed");
711 goto error;
712 }
713 if (snd_msg_code == INFORM_MESSAGE) {
714 LOGE("Send an inform message, and set end failed");
715 goto error;
716 }
717 const struct msg_result_map map[] = { { PAKE_REQUEST, KEY_AGREEMENT_PROCESSING, KEY_AGREEMENT_STATE },
718 { PAKE_RESPONSE, KEY_AGREEMENT_PROCESSING, KEY_AGREEMENT_STATE },
719 { PAKE_CLIENT_CONFIRM, KEY_AGREEMENT_END, OPERATION_STATE },
720 { PAKE_SERVER_CONFIRM_RESPONSE, KEY_AGREEMENT_END, OPERATION_STATE },
721 { EXCHANGE_REQUEST, END_SUCCESS, OVER_STATE },
722 { EXCHANGE_RESPONSE, END_SUCCESS, OVER_STATE },
723 { AUTH_START_REQUEST, KEY_AGREEMENT_PROCESSING, KEY_AGREEMENT_STATE },
724 { AUTH_START_RESPONSE, KEY_AGREEMENT_PROCESSING, KEY_AGREEMENT_STATE },
725 { AUTH_ACK_REQUEST, KEY_AGREEMENT_END, OPERATION_STATE },
726 { AUTH_ACK_RESPONSE, KEY_AGREEMENT_END, OPERATION_STATE },
727 { ADD_AUTHINFO_REQUEST, END_SUCCESS, OVER_STATE },
728 { ADD_AUTHINFO_RESPONSE, END_SUCCESS, OVER_STATE },
729 { REMOVE_AUTHINFO_REQUEST, END_SUCCESS, OVER_STATE },
730 { REMOVE_AUTHINFO_RESPONSE, END_SUCCESS, OVER_STATE },
731 { SEC_CLONE_START_REQUEST, OPERATION_PROCESSING, OPERATION_STATE },
732 { SEC_CLONE_ACK_REQUEST, END_SUCCESS, OVER_STATE },
733 { INFORM_MESSAGE, END_FAILED, OVER_STATE },
734 { INVALID_MESSAGE, KEY_AGREEMENT_PROCESSING, KEY_AGREEMENT_STATE } };
735 const struct msg_result_map *map_ptr = select_result_map(rcv_msg_code, map,
736 sizeof(map) / sizeof(struct msg_result_map));
737
738 set_result_by_map(hichain, map_ptr);
739 return;
740 error:
741 hichain->last_state = hichain->state;
742 hichain->state = OVER_STATE;
743 hichain->cb.set_service_result(&hichain->identity, END_FAILED);
744 }
745
encap_inform_message(int32_t error_code,struct message * send)746 static void encap_inform_message(int32_t error_code, struct message *send)
747 {
748 if ((error_code == HC_OK) || (send->msg_code != INFORM_MESSAGE) || (send->payload != NULL)) {
749 return;
750 }
751
752 #if (defined(_CUT_EXCHANGE_) || defined(_CUT_EXCHANGE_SERVER_))
753 if (error_code == HC_UNSUPPORT) {
754 send->msg_code = INVALID_MESSAGE;
755 return;
756 }
757 #endif
758 int32_t *err = (int32_t *)MALLOC(sizeof(int32_t));
759 if (err == NULL) {
760 LOGE("Malloc for encape inform message failed");
761 return;
762 }
763
764 *err = error_code;
765 send->payload = err;
766 }
767
triggered_pake_client(struct hichain * hichain,int32_t operation_code)768 static int32_t triggered_pake_client(struct hichain *hichain, int32_t operation_code)
769 #if !(defined(_CUT_PAKE_) || defined(_CUT_PAKE_CLIENT_))
770 {
771 hichain->operation_code = operation_code;
772 hichain->pake_client->operation_code = operation_code;
773
774 struct message send = {
775 .msg_code = PAKE_REQUEST,
776 .rsv = 0,
777 .payload = NULL
778 };
779 int32_t ret = send_pake_start_request(hichain->pake_client, &send);
780 if (ret != HC_OK) {
781 LOGE("Object %u build sts start request failed, error code is %d", pake_client_sn(hichain->pake_client), ret);
782 return HC_BUILD_SEND_DATA_FAILED;
783 }
784
785 void *send_data = NULL;
786 uint32_t send_data_len = 0;
787
788 ret = build_send_data_by_struct(&send, &send_data, &send_data_len);
789 if (ret != HC_OK) {
790 LOGW("build send data failed, error code is %d", ret);
791 } else {
792 DBG_OUT("send_data:%s", (uint8_t *)send_data);
793 hichain->cb.transmit(&hichain->identity, send_data, send_data_len);
794 FREE(send_data);
795 }
796
797 set_result(hichain, INVALID_MESSAGE, PAKE_REQUEST, ret);
798 destroy_send_data(&send);
799 return ret;
800 }
801 #else
802 {
803 (void)hichain;
804 (void)operation_code;
805 LOGE("Pake client has been cut, triggered pake client not support");
806 return HC_UNSUPPORT;
807 }
808 #endif
809
triggered_sts_client(struct hichain * hichain,int32_t operation_code)810 static int32_t triggered_sts_client(struct hichain *hichain, int32_t operation_code)
811 #if !(defined(_CUT_STS_) || defined(_CUT_STS_CLIENT_))
812 {
813 hichain->operation_code = operation_code;
814 hichain->sts_client->operation_code = operation_code;
815
816 struct message send = {
817 .msg_code = AUTH_START_REQUEST,
818 .rsv = 0,
819 .payload = NULL
820 };
821 int32_t ret = send_sts_start_request(hichain->sts_client, &send);
822 if (ret != HC_OK) {
823 LOGE("Object %u build sts start request failed, error code is %d", sts_client_sn(hichain->sts_client), ret);
824 return HC_BUILD_SEND_DATA_FAILED;
825 }
826
827 void *send_data = NULL;
828 uint32_t send_data_len = 0;
829
830 ret = build_send_data_by_struct(&send, &send_data, &send_data_len);
831 if (ret != HC_OK) {
832 LOGW("build send data failed, error code is %d", ret);
833 } else {
834 DBG_OUT("send_data:%s", (uint8_t *)send_data);
835 hichain->cb.transmit(&hichain->identity, send_data, send_data_len);
836 FREE(send_data);
837 }
838
839 set_result(hichain, INVALID_MESSAGE, AUTH_START_REQUEST, ret);
840 destroy_send_data(&send);
841 return ret;
842 }
843 #else
844 {
845 (void)hichain;
846 (void)operation_code;
847 LOGE("stsclient has been cut, triggered_sts_client not support");
848 return HC_UNSUPPORT;
849 }
850 #endif
851
852 static int32_t build_struct_by_receive_data(uint32_t msg_code, const char *payload_data,
853 enum json_object_data_type type, struct message *message);
deserialize_message(const struct uint8_buff * data,struct message * receive)854 static int32_t deserialize_message(const struct uint8_buff *data, struct message *receive)
855 {
856 /* message head deserialization */
857 struct pass_through_data *pass_through_data = parse_data((const char *)data->val);
858 if (pass_through_data == NULL) {
859 LOGE("Parse data failed");
860 return HC_BUILD_OBJECT_FAILED;
861 }
862
863 #if (defined(_CUT_EXCHANGE_) || defined(_CUT_EXCHANGE_SERVER_))
864 if (pass_through_data->message_code == EXCHANGE_REQUEST) {
865 free_data(pass_through_data);
866 pass_through_data = NULL;
867 return HC_UNSUPPORT;
868 }
869 #endif
870
871 /* message payload deserialization */
872 int32_t ret = build_struct_by_receive_data(pass_through_data->message_code, pass_through_data->payload_data,
873 JSON_STRING_DATA, receive);
874 if (ret != HC_OK) {
875 LOGE("Build struct by receive data failed, error code is %d", ret);
876 }
877 free_data(pass_through_data);
878 pass_through_data = NULL;
879 return ret;
880 }
881
deserialize_message_with_json_object(const void * json_object,struct message * receive)882 static int32_t deserialize_message_with_json_object(const void *json_object, struct message *receive)
883 {
884 int32_t message_code = get_json_int((void *)json_object, FIELD_MESSAGE);
885 if ((message_code <= 0) || (message_code > (int32_t)INFORM_MESSAGE)) {
886 LOGE("Get message code failed, get message code is %d", message_code);
887 return HC_BUILD_OBJECT_FAILED;
888 }
889 json_pobject obj_value = get_json_obj((void *)json_object, FIELD_PAYLOAD);
890 if (obj_value == NULL) {
891 LOGE("Parse data failed");
892 return HC_BUILD_OBJECT_FAILED;
893 }
894 #if (defined(_CUT_EXCHANGE_) || defined(_CUT_EXCHANGE_SERVER_))
895 if (message_code == EXCHANGE_REQUEST) {
896 return HC_UNSUPPORT;
897 }
898 #endif
899 /* message payload deserialization */
900 int32_t ret = build_struct_by_receive_data(message_code, obj_value, JSON_OBJECT_DATA, receive);
901 if (ret != HC_OK) {
902 LOGE("Build struct by receive data failed, error code is %d", ret);
903 }
904 return ret;
905 }
906
907 typedef void *(*parse_message_func)(const char *pay_load, enum json_object_data_type type);
908 struct parse_message_map {
909 enum message_code msg_code;
910 parse_message_func parse_message;
911 };
912
build_struct_by_receive_data(uint32_t msg_code,const char * payload_data,enum json_object_data_type type,struct message * message)913 static int32_t build_struct_by_receive_data(uint32_t msg_code, const char *payload_data,
914 enum json_object_data_type type, struct message *message)
915 {
916 const struct parse_message_map map[] = { { PAKE_REQUEST, parse_pake_request },
917 { PAKE_RESPONSE, parse_pake_response },
918 { PAKE_CLIENT_CONFIRM, parse_pake_client_confirm },
919 { PAKE_SERVER_CONFIRM_RESPONSE, parse_pake_server_confirm },
920 { AUTH_START_REQUEST, parse_auth_start_request },
921 { AUTH_START_RESPONSE, parse_auth_start_response },
922 { AUTH_ACK_REQUEST, parse_auth_ack_request },
923 { AUTH_ACK_RESPONSE, parse_auth_ack_response },
924 { ADD_AUTHINFO_REQUEST, parse_add_auth_info_request },
925 { REMOVE_AUTHINFO_REQUEST, parse_rmv_auth_info_request },
926 { ADD_AUTHINFO_RESPONSE, parse_add_auth_info_response },
927 { REMOVE_AUTHINFO_RESPONSE, parse_rmv_auth_info_response },
928 { EXCHANGE_REQUEST, parse_exchange_request },
929 { EXCHANGE_RESPONSE, parse_exchange_response },
930 { SEC_CLONE_START_REQUEST, sec_clone_parse_client_request },
931 { SEC_CLONE_ACK_REQUEST, sec_clone_parse_client_ack } };
932
933 for (uint32_t i = 0; i < sizeof(map) / sizeof(struct parse_message_map); i++) {
934 if (map[i].msg_code != msg_code) {
935 continue;
936 }
937 void *payload = map[i].parse_message(payload_data, type);
938
939 if (payload == NULL) {
940 return HC_BUILD_OBJECT_FAILED;
941 }
942 message->msg_code = map[i].msg_code;
943 message->payload = payload;
944 return HC_OK;
945 }
946
947 LOGE("Unsupport parse 0x%04x message", message->msg_code);
948 return HC_UNKNOW_MESSAGE;
949 }
950
951 typedef void (*free_message_func)(void *obj);
952 struct free_message_map {
953 enum message_code msg_code;
954 free_message_func free_message;
955 };
956
destroy_receive_data_struct(const struct message * message)957 static void destroy_receive_data_struct(const struct message *message)
958 {
959 const struct free_message_map map[] = { { PAKE_REQUEST, free_pake_request },
960 { PAKE_RESPONSE, free_pake_response },
961 { PAKE_CLIENT_CONFIRM, free_pake_client_confirm },
962 { PAKE_SERVER_CONFIRM_RESPONSE, free_pake_server_confirm },
963 { AUTH_START_REQUEST, free_auth_start_request },
964 { AUTH_START_RESPONSE, free_auth_start_response },
965 { AUTH_ACK_REQUEST, free_auth_ack_request },
966 { AUTH_ACK_RESPONSE, free_auth_ack_response },
967 { ADD_AUTHINFO_REQUEST, free_add_auth_info_request },
968 { REMOVE_AUTHINFO_REQUEST, free_rmv_auth_info_request },
969 { ADD_AUTHINFO_RESPONSE, free_add_auth_info_response },
970 { REMOVE_AUTHINFO_RESPONSE, free_rmv_auth_info_response },
971 { EXCHANGE_REQUEST, free_exchange_request },
972 { EXCHANGE_RESPONSE, free_exchange_response },
973 { SEC_CLONE_START_REQUEST, sec_clone_free_client_request },
974 { SEC_CLONE_ACK_REQUEST, sec_clone_free_client_ack } };
975
976 for (uint32_t i = 0; i < sizeof(map) / sizeof(struct free_message_map); i++) {
977 if (map[i].msg_code == message->msg_code) {
978 map[i].free_message(message->payload);
979 }
980 }
981 }
982
983 typedef char *(*make_message_func)(void *data);
984 struct make_message_map {
985 enum message_code msg_code;
986 make_message_func make_message;
987 };
988
build_send_data_by_struct(const struct message * message,void ** send_data,uint32_t * send_data_len)989 static int32_t build_send_data_by_struct(const struct message *message, void **send_data, uint32_t *send_data_len)
990 {
991 const struct make_message_map map[] = { { PAKE_REQUEST, make_pake_request },
992 { PAKE_RESPONSE, make_pake_response },
993 { PAKE_CLIENT_CONFIRM, make_pake_client_confirm },
994 { PAKE_SERVER_CONFIRM_RESPONSE, make_pake_server_confirm },
995 { AUTH_START_REQUEST, make_auth_start_request },
996 { AUTH_START_RESPONSE, make_auth_start_response },
997 { AUTH_ACK_REQUEST, make_auth_ack_request },
998 { AUTH_ACK_RESPONSE, make_auth_ack_response },
999 { ADD_AUTHINFO_REQUEST, make_add_auth_info_request },
1000 { REMOVE_AUTHINFO_REQUEST, make_rmv_auth_info_request },
1001 { ADD_AUTHINFO_RESPONSE, make_add_auth_info_response },
1002 { REMOVE_AUTHINFO_RESPONSE, make_rmv_auth_info_response },
1003 { EXCHANGE_REQUEST, make_exchange_request },
1004 { EXCHANGE_RESPONSE, make_exchange_response },
1005 { SEC_CLONE_START_RESPONSE, sec_clone_make_srv_proof },
1006 { SEC_CLONE_ACK_RESPONSE, sec_clone_make_clone_ret },
1007 { INFORM_MESSAGE, make_inform_message } };
1008
1009 if (message->msg_code == INVALID_MESSAGE) {
1010 return HC_NO_MESSAGE_TO_SEND;
1011 }
1012
1013 if (message->payload == NULL) {
1014 LOGE("Message payload is null");
1015 return HC_BUILD_SEND_DATA_FAILED;
1016 }
1017
1018 for (uint32_t i = 0; i < sizeof(map) / sizeof(struct make_message_map); i++) {
1019 if (map[i].msg_code != message->msg_code) {
1020 continue;
1021 }
1022 *send_data = map[i].make_message(message->payload);
1023 if (*send_data == NULL) {
1024 return HC_BUILD_SEND_DATA_FAILED;
1025 }
1026 *send_data_len = strlen(*send_data);
1027 return HC_OK;
1028 }
1029
1030 LOGE("Unsupport encape 0x%04x message", message->msg_code);
1031 return HC_INNER_ERROR;
1032 }
1033
destroy_send_data(struct message * message)1034 static void destroy_send_data(struct message *message)
1035 {
1036 if (message->payload == NULL) {
1037 return;
1038 }
1039
1040 switch (message->msg_code) {
1041 case ADD_AUTHINFO_RESPONSE: {
1042 add_response_data *add_res_data = message->payload;
1043 FREE_SEND_DATA_FUNC(add_res_data); /* add_res_data */
1044 }
1045 case ADD_AUTHINFO_REQUEST: {
1046 add_request_data *add_req_data = message->payload;
1047 FREE_SEND_DATA_FUNC(add_req_data); /* add_req_data */
1048 }
1049 case REMOVE_AUTHINFO_RESPONSE: {
1050 remove_response_data *rmv_auth_info_res_data = message->payload;
1051 FREE_SEND_DATA_FUNC(rmv_auth_info_res_data); /* rmv_auth_info_res_data */
1052 }
1053 case REMOVE_AUTHINFO_REQUEST: {
1054 remove_request_data *rmv_auth_info_req_data = message->payload;
1055 FREE_SEND_DATA_FUNC(rmv_auth_info_req_data); /* rmv_auth_info_req_data */
1056 }
1057 case EXCHANGE_RESPONSE: {
1058 exchange_response_data *exchange_response = message->payload;
1059 FREE_SEND_DATA_FUNC(exchange_response); /* exchange_response */
1060 }
1061 case EXCHANGE_REQUEST: {
1062 exchange_request_data *exchange_requeset = message->payload;
1063 FREE_SEND_DATA_FUNC(exchange_requeset); /* exchange_requeset */
1064 }
1065 case SEC_CLONE_START_RESPONSE: {
1066 struct uint8_buff *data = message->payload;
1067 FREE_SEC_SEND_DATA_FUNC(data); /* data */
1068 }
1069 case SEC_CLONE_ACK_RESPONSE: {
1070 struct uint8_buff *data = message->payload;
1071 FREE_SEC_SEND_DATA_FUNC(data); /* data */
1072 }
1073 default:
1074 break;
1075 }
1076
1077 if (message->payload != NULL) {
1078 FREE(message->payload);
1079 message->payload = NULL;
1080 }
1081 }
1082
check_identity(const struct session_identity * identity)1083 static int32_t check_identity(const struct session_identity *identity)
1084 {
1085 check_ptr_return_val(identity, HC_INPUT_ERROR);
1086 if (identity->package_name.length > HC_PACKAGE_NAME_BUFF_LEN) {
1087 LOGE("Package name length error, %u > %u", identity->package_name.length, HC_PACKAGE_NAME_BUFF_LEN);
1088 return HC_INPUT_ERROR;
1089 }
1090 if (identity->service_type.length > HC_SERVICE_TYPE_BUFF_LEN) {
1091 LOGE("Service type length error, %u > %u", identity->service_type.length, HC_SERVICE_TYPE_BUFF_LEN);
1092 return HC_INPUT_ERROR;
1093 }
1094 return HC_OK;
1095 }
1096
check_call_back(const struct hc_call_back * call_back)1097 static int32_t check_call_back(const struct hc_call_back *call_back)
1098 {
1099 check_ptr_return_val(call_back, HC_INPUT_ERROR);
1100 check_ptr_return_val(call_back->transmit, HC_INPUT_ERROR);
1101 check_ptr_return_val(call_back->get_protocol_params, HC_INPUT_ERROR);
1102 check_ptr_return_val(call_back->set_session_key, HC_INPUT_ERROR);
1103 check_ptr_return_val(call_back->set_service_result, HC_INPUT_ERROR);
1104 check_ptr_return_val(call_back->confirm_receive_request, HC_INPUT_ERROR);
1105 return HC_OK;
1106 }
1107
check_auth_info(const struct hc_user_info * user_info)1108 static int32_t check_auth_info(const struct hc_user_info *user_info)
1109 {
1110 check_ptr_return_val(user_info, HC_INPUT_ERROR);
1111 if (user_info->auth_id.length > HC_AUTH_ID_BUFF_LEN) {
1112 LOGE("Auth id length is error, %u > %u", user_info->auth_id.length, HC_AUTH_ID_BUFF_LEN);
1113 return HC_INPUT_ERROR;
1114 }
1115 if ((user_info->user_type != HC_USER_TYPE_CONTROLLER) && (user_info->user_type != HC_USER_TYPE_ACCESSORY)) {
1116 LOGE("User type %d is not controller or accessory", user_info->user_type);
1117 return HC_INPUT_ERROR;
1118 }
1119 return HC_OK;
1120 }
1121
delete_base_key(struct service_id service_id,struct operation_parameter para)1122 static int32_t delete_base_key(struct service_id service_id, struct operation_parameter para)
1123 {
1124 LOGI("delete base key");
1125 struct hc_key_alias alias_list[HC_BASE_KEY_NUM];
1126 int32_t size = sizeof(struct hc_key_alias);
1127 int32_t length = HC_BASE_KEY_NUM * size;
1128 (void)memset_s(alias_list, length, 0, length);
1129
1130 int32_t pos = 0;
1131 struct hc_key_alias base_alias = generate_key_alias(&service_id, &(para.peer_auth_id), KEY_ALIAS_KEK);
1132 (void)memcpy_s(alias_list + pos, length - pos * size, &base_alias, size);
1133 pos++;
1134 base_alias = generate_key_alias(&service_id, &(para.peer_auth_id), KEY_ALIAS_DEK);
1135 (void)memcpy_s(alias_list + pos, length - pos * size, &base_alias, size);
1136 pos++;
1137 base_alias = generate_key_alias(&service_id, &(para.peer_auth_id), KEY_ALIAS_LT_KEY_PAIR);
1138 (void)memcpy_s(alias_list + pos, length - pos * size, &base_alias, size);
1139 pos++;
1140 base_alias = generate_key_alias(&service_id, &(para.self_auth_id), KEY_ALIAS_LT_KEY_PAIR);
1141 (void)memcpy_s(alias_list + pos, length - pos * size, &base_alias, size);
1142 pos++;
1143 base_alias = generate_key_alias(&service_id, &(para.self_auth_id), KEY_ALIAS_TMP);
1144 (void)memcpy_s(alias_list + pos, length - pos * size, &base_alias, size);
1145
1146 for (uint32_t loop = 0; loop < HC_BASE_KEY_NUM; loop++) {
1147 if (alias_list[loop].length == 0) {
1148 LOGE("Generate key alias failed");
1149 continue;
1150 }
1151 int32_t ret = check_lt_public_key_exist(&alias_list[loop]);
1152 if (ret != HC_OK) {
1153 LOGE("not found key alias %d", loop);
1154 continue;
1155 }
1156 ret = delete_lt_public_key(&alias_list[loop]);
1157 if (ret != HC_OK) {
1158 LOGE("delete auth_alias public key is %d", ret);
1159 return ret;
1160 }
1161 }
1162
1163 return HC_OK;
1164 }
1165
delete_public_key(hc_handle handle,struct service_id service_id,int32_t user_type)1166 static int32_t delete_public_key(hc_handle handle, struct service_id service_id, int32_t user_type)
1167 {
1168 LOGI("delete public key");
1169 uint32_t length = HC_PUB_KEY_ALIAS_MAX_NUM * sizeof(struct hc_auth_id);
1170 struct hc_auth_id *auth_id_list = (struct hc_auth_id *)MALLOC(length);
1171 if (auth_id_list == NULL) {
1172 LOGE("malloc auth id list failed");
1173 return HC_MALLOC_FAILED;
1174 }
1175 (void)memset_s(auth_id_list, length, 0, length);
1176
1177 uint32_t peers_num = list_trust_peers(handle, user_type, NULL, &auth_id_list);
1178 LOGI("peers_num %u", peers_num);
1179 for (uint32_t loop = 0; loop < peers_num; loop++) {
1180 struct hc_key_alias key_alias = generate_key_alias(&service_id, &auth_id_list[loop], user_type);
1181 if (key_alias.length == 0) {
1182 LOGE("Generate key alias failed");
1183 continue;
1184 }
1185 int32_t ret = check_lt_public_key_exist(&key_alias);
1186 if (ret != HC_OK) {
1187 continue;
1188 }
1189 ret = delete_lt_public_key(&key_alias);
1190 if (ret != HC_OK) {
1191 LOGE("delete key_alias public key is %d", ret);
1192 if (auth_id_list != NULL) {
1193 FREE(auth_id_list);
1194 auth_id_list = NULL;
1195 }
1196 return ret;
1197 }
1198 }
1199
1200 if (auth_id_list != NULL) {
1201 FREE(auth_id_list);
1202 auth_id_list = NULL;
1203 }
1204
1205 return HC_OK;
1206 }
1207
1208 #if !(defined(_CUT_STS_) || defined(_CUT_STS_SERVER_)|| defined(_CUT_EXCHANGE_)|| defined(_CUT_EXCHANGE_SERVER_))
build_self_lt_key_pair(const struct hichain * hichain)1209 static void build_self_lt_key_pair(const struct hichain *hichain)
1210 {
1211 struct hc_pin pin = { 0, {0} };
1212 struct operation_parameter para;
1213
1214 (void)memset_s(¶, sizeof(para), 0, sizeof(para));
1215 hichain->cb.get_protocol_params(&hichain->identity, GENERATE_KEY_PAIR, &pin, ¶);
1216
1217 if (para.self_auth_id.length > 0) {
1218 struct service_id service_id = generate_service_id(&hichain->identity);
1219 if (service_id.length == 0) {
1220 LOGE("Generate service id failed");
1221 return;
1222 }
1223 #if (defined(_SUPPORT_SEC_CLONE_) || defined(_SUPPORT_SEC_CLONE_SERVER_))
1224 struct hc_key_alias alias = generate_key_alias(&service_id, ¶.self_auth_id, KEY_ALIAS_LT_KEY_PAIR);
1225 #else
1226 struct hc_key_alias alias = generate_key_alias(&service_id, ¶.self_auth_id, KEY_ALIAS_ACCESSOR_PK);
1227 #endif
1228 if (alias.length == 0) {
1229 LOGE("Generate key alias failed");
1230 return;
1231 }
1232 int32_t ret = check_lt_public_key_exist(&alias);
1233 if (ret != HC_OK) {
1234 ret = generate_lt_key_pair(&alias, ¶.self_auth_id);
1235 if (ret != HC_OK) {
1236 LOGE("Generate self ltpk return value is %d", ret);
1237 return;
1238 }
1239 DBG_OUT("Generate self ltpk ok");
1240 }
1241 }
1242 }
1243 #endif
1244