1 /*
2 * Copyright (C) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "common_standard_bind_exchange.h"
17 #include "alg_defs.h"
18 #include "das_standard_token_manager.h"
19 #include "das_task_common.h"
20 #include "hc_log.h"
21 #include "hc_types.h"
22 #include "protocol_common.h"
23 #include "string_util.h"
24
InitStandardBindExchangeParams(StandardBindExchangeParams * params)25 int32_t InitStandardBindExchangeParams(StandardBindExchangeParams *params)
26 {
27 int32_t res;
28 if (params == NULL) {
29 return HC_ERR_INVALID_PARAMS;
30 }
31
32 params->pubKeyPeer.length = PAKE_ED25519_KEY_PAIR_LEN;
33 params->pubKeyPeer.val = (uint8_t *)HcMalloc(params->pubKeyPeer.length, 0);
34 if (params->pubKeyPeer.val == NULL) {
35 res = HC_ERR_ALLOC_MEMORY;
36 goto ERR;
37 }
38
39 params->pubKeySelf.length = PAKE_ED25519_KEY_PAIR_LEN;
40 params->pubKeySelf.val = (uint8_t *)HcMalloc(params->pubKeySelf.length, 0);
41 if (params->pubKeySelf.val == NULL) {
42 res = HC_ERR_ALLOC_MEMORY;
43 goto ERR;
44 }
45
46 params->nonce.length = STANDARD_BIND_EXCHANGE_NONCE_LEN;
47 params->nonce.val = (uint8_t *)HcMalloc(params->nonce.length, 0);
48 if (params->nonce.val == NULL) {
49 res = HC_ERR_ALLOC_MEMORY;
50 goto ERR;
51 }
52
53 params->authInfo.length = 0;
54 params->authInfo.val = NULL;
55 params->exInfoCipher.length = 0;
56 params->exInfoCipher.val = NULL;
57
58 return HC_SUCCESS;
59 ERR:
60 DestroyStandardBindExchangeParams(params);
61 return res;
62 }
63
DestroyStandardBindExchangeParams(StandardBindExchangeParams * params)64 void DestroyStandardBindExchangeParams(StandardBindExchangeParams *params)
65 {
66 if (params == NULL) {
67 return;
68 }
69 if (params->pubKeySelf.val != NULL) {
70 HcFree(params->pubKeySelf.val);
71 params->pubKeySelf.val = NULL;
72 }
73 if (params->pubKeyPeer.val != NULL) {
74 HcFree(params->pubKeyPeer.val);
75 params->pubKeyPeer.val = NULL;
76 }
77 if (params->authInfo.val != NULL) {
78 HcFree(params->authInfo.val);
79 params->authInfo.val = NULL;
80 }
81 if (params->exInfoCipher.val != NULL) {
82 HcFree(params->exInfoCipher.val);
83 params->exInfoCipher.val = NULL;
84 }
85 if (params->nonce.val != NULL) {
86 HcFree(params->nonce.val);
87 params->nonce.val = NULL;
88 }
89 }
90
GenerateKeyPairIfNotExist(const PakeParams * pakeParams,const Uint8Buff * keyAlias)91 static int32_t GenerateKeyPairIfNotExist(const PakeParams *pakeParams, const Uint8Buff *keyAlias)
92 {
93 int32_t res = pakeParams->baseParams.loader->checkKeyExist(keyAlias, pakeParams->isSelfFromUpgrade,
94 pakeParams->baseParams.osAccountId);
95 if (res != HC_SUCCESS) {
96 if (pakeParams->isSelfFromUpgrade) {
97 LOGE("Self data is from upgrade, self authInfo not exist!");
98 return res;
99 }
100 LOGI("The local identity key pair does not exist, generate it.");
101 Algorithm alg = (pakeParams->baseParams.curveType == CURVE_256) ? P256 : ED25519;
102 /* UserType and pairType are not required when generating key. */
103 ExtraInfo exInfo = { pakeParams->baseParams.idSelf, -1, -1 };
104 KeyParams keyParams = { { keyAlias->val, keyAlias->length, true }, false, pakeParams->baseParams.osAccountId };
105 res = pakeParams->baseParams.loader->generateKeyPairWithStorage(&keyParams, PAKE_ED25519_KEY_PAIR_LEN, alg,
106 KEY_PURPOSE_SIGN_VERIFY, &exInfo);
107 if (res != HC_SUCCESS) {
108 LOGE("generate self auth keyPair failed.");
109 }
110 return res;
111 } else {
112 return HC_SUCCESS;
113 }
114 }
115
PackageAuthInfo(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams,const Uint8Buff * keyAlias)116 static int32_t PackageAuthInfo(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams,
117 const Uint8Buff *keyAlias)
118 {
119 int32_t res = GenerateKeyPairIfNotExist(pakeParams, keyAlias);
120 if (res != HC_SUCCESS) {
121 return res;
122 }
123
124 KeyParams keyParams = {
125 { keyAlias->val, keyAlias->length, true },
126 pakeParams->isSelfFromUpgrade,
127 pakeParams->baseParams.osAccountId
128 };
129 res = pakeParams->baseParams.loader->exportPublicKey(&keyParams, &(exchangeParams->pubKeySelf));
130 if (res != HC_SUCCESS) {
131 LOGE("exportPublicKey failed");
132 return res;
133 }
134
135 CJson *authInfoJson = CreateJson();
136 char *authInfoStr = NULL;
137 GOTO_ERR_AND_SET_RET(AddByteToJson(authInfoJson, FIELD_AUTH_ID, pakeParams->baseParams.idSelf.val,
138 pakeParams->baseParams.idSelf.length), res);
139 GOTO_ERR_AND_SET_RET(AddByteToJson(authInfoJson, FIELD_AUTH_PK, exchangeParams->pubKeySelf.val,
140 exchangeParams->pubKeySelf.length), res);
141 authInfoStr = PackJsonToString(authInfoJson);
142 if (authInfoStr == NULL) {
143 LOGE("authInfoStr PackJsonToString failed");
144 res = HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
145 goto ERR;
146 }
147
148 res = InitSingleParam(&(exchangeParams->authInfo), HcStrlen(authInfoStr));
149 if (res != HC_SUCCESS) {
150 LOGE("InitSingleParam for authInfo failed.");
151 goto ERR;
152 }
153
154 if (memcpy_s(exchangeParams->authInfo.val, exchangeParams->authInfo.length,
155 authInfoStr, HcStrlen(authInfoStr)) != EOK) {
156 LOGE("Memcpy authInfo failed.");
157 res = HC_ERR_MEMORY_COPY;
158 goto ERR;
159 }
160 ERR:
161 FreeJson(authInfoJson);
162 FreeJsonString(authInfoStr);
163 return res;
164 }
165
GenerateSignInfo(const PakeParams * pakeParams,const StandardBindExchangeParams * exchangeParams,const Uint8Buff * keyAlias,Uint8Buff * signInfo)166 static int32_t GenerateSignInfo(const PakeParams *pakeParams, const StandardBindExchangeParams *exchangeParams,
167 const Uint8Buff *keyAlias, Uint8Buff *signInfo)
168 {
169 // add challenge
170 int32_t res = HC_SUCCESS;
171 uint32_t msgInfoLen = pakeParams->baseParams.challengeSelf.length + pakeParams->baseParams.challengePeer.length +
172 exchangeParams->authInfo.length;
173 uint8_t *msgInfoVal = (uint8_t *)HcMalloc(msgInfoLen, 0);
174 if (msgInfoVal == NULL) {
175 LOGE("Malloc msgInfoVal failed.");
176 return HC_ERR_ALLOC_MEMORY;
177 }
178 Uint8Buff msgInfo = { msgInfoVal, msgInfoLen };
179 if (memcpy_s(msgInfo.val, msgInfo.length, pakeParams->baseParams.challengeSelf.val,
180 pakeParams->baseParams.challengeSelf.length) != EOK) {
181 LOGE("Memcpy for challengeSelf failed.");
182 res = HC_ERR_MEMORY_COPY;
183 goto ERR;
184 }
185 uint32_t usedLen = pakeParams->baseParams.challengeSelf.length;
186
187 if (memcpy_s(msgInfo.val + usedLen, msgInfo.length - usedLen, pakeParams->baseParams.challengePeer.val,
188 pakeParams->baseParams.challengePeer.length) != EOK) {
189 LOGE("Memcpy for challengePeer failed.");
190 res = HC_ERR_MEMORY_COPY;
191 goto ERR;
192 }
193 usedLen += pakeParams->baseParams.challengePeer.length;
194
195 if (memcpy_s(msgInfo.val + usedLen, msgInfo.length - usedLen, exchangeParams->authInfo.val,
196 exchangeParams->authInfo.length) != EOK) {
197 LOGE("Memcpy for authInfo failed.");
198 res = HC_ERR_MEMORY_COPY;
199 goto ERR;
200 }
201
202 Algorithm alg = (pakeParams->baseParams.curveType == CURVE_256) ? P256 : ED25519;
203 KeyParams keyAliasParams = {
204 { keyAlias->val, keyAlias->length, true },
205 pakeParams->isSelfFromUpgrade,
206 pakeParams->baseParams.osAccountId
207 };
208 res = pakeParams->baseParams.loader->sign(&keyAliasParams, &msgInfo, alg, signInfo);
209 if (res != HC_SUCCESS) {
210 LOGE("sign failed");
211 goto ERR;
212 }
213 ERR:
214 HcFree(msgInfo.val);
215 return res;
216 }
217
EncryptAuthAndSignInfo(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams,const Uint8Buff * signInfo,const char * aad)218 static int32_t EncryptAuthAndSignInfo(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams,
219 const Uint8Buff *signInfo, const char *aad)
220 {
221 // contact auth and sign info
222 int32_t res = HC_SUCCESS;
223 uint32_t exchangeInfoLen = exchangeParams->authInfo.length + signInfo->length;
224 uint8_t *exchangeInfoVal = (uint8_t *)HcMalloc(exchangeInfoLen, 0);
225 if (exchangeInfoVal == NULL) {
226 LOGE("Malloc exchangeInfoVal failed.");
227 return HC_ERR_ALLOC_MEMORY;
228 }
229 Uint8Buff exchangeInfo = { exchangeInfoVal, exchangeInfoLen };
230 if (memcpy_s(exchangeInfo.val, exchangeInfo.length, exchangeParams->authInfo.val,
231 exchangeParams->authInfo.length) != EOK) {
232 res = HC_ERR_MEMORY_COPY;
233 goto ERR;
234 }
235 if (memcpy_s(exchangeInfo.val + exchangeParams->authInfo.length,
236 exchangeInfo.length - exchangeParams->authInfo.length, signInfo->val, signInfo->length) != EOK) {
237 res = HC_ERR_MEMORY_COPY;
238 goto ERR;
239 }
240
241 res = InitSingleParam(&(exchangeParams->exInfoCipher), exchangeInfo.length + AE_TAG_LEN);
242 if (res != HC_SUCCESS) {
243 LOGE("InitSingleParam for failed.");
244 goto ERR;
245 }
246
247 // encrypt
248 res = pakeParams->baseParams.loader->generateRandom(&(exchangeParams->nonce));
249 if (res != HC_SUCCESS) {
250 LOGE("generateRandom failed");
251 goto ERR;
252 }
253
254 GcmParam encryptInfo = {
255 .aad = (uint8_t *)aad,
256 .aadLen = HcStrlen(aad),
257 .nonce = exchangeParams->nonce.val,
258 .nonceLen = exchangeParams->nonce.length
259 };
260 KeyParams keyParams = {
261 { pakeParams->baseParams.sessionKey.val, pakeParams->baseParams.sessionKey.length, false },
262 false,
263 pakeParams->baseParams.osAccountId
264 };
265 res = pakeParams->baseParams.loader->aesGcmEncrypt(&keyParams, &exchangeInfo, &encryptInfo,
266 &(exchangeParams->exInfoCipher));
267 if (res != HC_SUCCESS) {
268 LOGE("aesGcmEncrypt failed");
269 goto ERR;
270 }
271
272 ERR:
273 HcFree(exchangeInfo.val);
274 return res;
275 }
276
DecryptAuthAndSignInfo(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams,Uint8Buff * signInfo,const char * aad)277 static int32_t DecryptAuthAndSignInfo(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams,
278 Uint8Buff *signInfo, const char *aad)
279 {
280 uint32_t exchangeInfoLen = exchangeParams->exInfoCipher.length - AE_TAG_LEN;
281 uint8_t *exchangeInfoVal = (uint8_t *)HcMalloc(exchangeInfoLen, 0);
282 if (exchangeInfoVal == NULL) {
283 LOGE("Malloc exchangeInfoVal failed.");
284 return HC_ERR_ALLOC_MEMORY;
285 }
286 Uint8Buff exchangeInfo = { exchangeInfoVal, exchangeInfoLen };
287
288 GcmParam decryptInfo = {
289 .aad = (uint8_t *)aad,
290 .aadLen = HcStrlen(aad),
291 .nonce = exchangeParams->nonce.val,
292 .nonceLen = exchangeParams->nonce.length
293 };
294 KeyParams keyParams = {
295 { pakeParams->baseParams.sessionKey.val, pakeParams->baseParams.sessionKey.length, false },
296 false,
297 pakeParams->baseParams.osAccountId
298 };
299 int32_t res = pakeParams->baseParams.loader->aesGcmDecrypt(&keyParams, &(exchangeParams->exInfoCipher),
300 &decryptInfo, &exchangeInfo);
301 if (res != HC_SUCCESS) {
302 LOGE("aesGcmDecrypt failed");
303 goto ERR;
304 }
305
306 // get authInfo
307 res = InitSingleParam(&(exchangeParams->authInfo), exchangeInfo.length - SIGNATURE_LEN);
308 if (res != HC_SUCCESS) {
309 LOGE("InitSingleParam for authInfo failed.");
310 goto ERR;
311 }
312
313 if (memcpy_s(exchangeParams->authInfo.val, exchangeParams->authInfo.length, exchangeInfo.val,
314 exchangeParams->authInfo.length) != EOK) {
315 LOGE("memcpy authInfo failed.");
316 res = HC_ERR_MEMORY_COPY;
317 goto ERR;
318 }
319 if (memcpy_s(signInfo->val, signInfo->length, exchangeInfo.val + exchangeParams->authInfo.length,
320 SIGNATURE_LEN) != EOK) {
321 LOGE("memcpy signInfo failed.");
322 res = HC_ERR_MEMORY_COPY;
323 goto ERR;
324 }
325 ERR:
326 HcFree(exchangeInfo.val);
327 return res;
328 }
329
ParseAuthInfo(PakeParams * pakeParams,const StandardBindExchangeParams * exchangeParams)330 static int32_t ParseAuthInfo(PakeParams *pakeParams, const StandardBindExchangeParams *exchangeParams)
331 {
332 int32_t res;
333 CJson *authInfoJson = CreateJsonFromString((char *)exchangeParams->authInfo.val);
334 if (authInfoJson == NULL) {
335 LOGE("Create authInfoJson failed.");
336 return HC_ERR_JSON_CREATE;
337 }
338
339 GOTO_ERR_AND_SET_RET(GetByteFromJson(authInfoJson, FIELD_AUTH_PK, exchangeParams->pubKeyPeer.val,
340 exchangeParams->pubKeyPeer.length), res);
341 res = GetIdPeer(authInfoJson, FIELD_AUTH_ID,
342 &pakeParams->baseParams.idSelf, &pakeParams->baseParams.idPeer);
343 if (res != HC_SUCCESS) {
344 LOGE("GetIdPeer failed, res: %" LOG_PUB "d.", res);
345 goto ERR;
346 }
347 ERR:
348 FreeJson(authInfoJson);
349 return res;
350 }
351
VerifySignInfo(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams,Uint8Buff * signInfo)352 static int32_t VerifySignInfo(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams,
353 Uint8Buff *signInfo)
354 {
355 int32_t res = HC_SUCCESS;
356 uint32_t verifyMsgLen = exchangeParams->authInfo.length + pakeParams->baseParams.challengePeer.length +
357 pakeParams->baseParams.challengeSelf.length;
358 uint8_t *verifyMsgVal = (uint8_t *)HcMalloc(verifyMsgLen, 0);
359 if (verifyMsgVal == NULL) {
360 LOGE("Malloc verifyMsgVal failed.");
361 return HC_ERR_ALLOC_MEMORY;
362 }
363 Uint8Buff verifyMsg = { verifyMsgVal, verifyMsgLen };
364 if (memcpy_s(verifyMsg.val, verifyMsg.length, pakeParams->baseParams.challengePeer.val,
365 pakeParams->baseParams.challengePeer.length) != EOK) {
366 res = HC_ERR_MEMORY_COPY;
367 goto ERR;
368 }
369 uint32_t usedLen = pakeParams->baseParams.challengePeer.length;
370 if (memcpy_s(verifyMsg.val + usedLen, verifyMsg.length - usedLen, pakeParams->baseParams.challengeSelf.val,
371 pakeParams->baseParams.challengeSelf.length) != EOK) {
372 res = HC_ERR_MEMORY_COPY;
373 goto ERR;
374 }
375 usedLen += pakeParams->baseParams.challengeSelf.length;
376 if (memcpy_s(verifyMsg.val + usedLen, verifyMsg.length - usedLen, exchangeParams->authInfo.val,
377 exchangeParams->authInfo.length) != EOK) {
378 res = HC_ERR_MEMORY_COPY;
379 goto ERR;
380 }
381
382 Algorithm alg = (pakeParams->baseParams.curveType == CURVE_256) ? P256 : ED25519;
383 KeyParams keyParams = {
384 { exchangeParams->pubKeyPeer.val, exchangeParams->pubKeyPeer.length, false },
385 false,
386 pakeParams->baseParams.osAccountId
387 };
388 res = pakeParams->baseParams.loader->verify(&keyParams, &verifyMsg, alg, signInfo);
389 if (res != HC_SUCCESS) {
390 LOGE("verify failed");
391 goto ERR;
392 }
393 ERR:
394 HcFree(verifyMsg.val);
395 return res;
396 }
397
SaveAuthInfo(const PakeParams * pakeParams,const StandardBindExchangeParams * exchangeParams)398 static int32_t SaveAuthInfo(const PakeParams *pakeParams, const StandardBindExchangeParams *exchangeParams)
399 {
400 uint8_t keyAliasPeerVal[PAKE_KEY_ALIAS_LEN] = { 0 };
401 Uint8Buff keyAlias = { keyAliasPeerVal, PAKE_KEY_ALIAS_LEN };
402 TokenManagerParams tokenParams = { 0 };
403 tokenParams.pkgName.val = (uint8_t *)pakeParams->packageName;
404 tokenParams.pkgName.length = HcStrlen(pakeParams->packageName);
405 tokenParams.serviceType.val = (uint8_t *)pakeParams->serviceType;
406 tokenParams.serviceType.length = HcStrlen(pakeParams->serviceType);
407 #ifdef DEV_AUTH_FUNC_TEST
408 tokenParams.userType = KEY_ALIAS_LT_KEY_PAIR;
409 #else
410 tokenParams.userType = pakeParams->userTypePeer;
411 #endif
412 tokenParams.authId = pakeParams->baseParams.idPeer;
413 int32_t res = GenerateKeyAlias(&tokenParams, &keyAlias);
414 if (res != HC_SUCCESS) {
415 LOGE("generateKeyAlias failed");
416 return res;
417 }
418 LOGI("PubKey alias(HEX): %" LOG_PUB "x%" LOG_PUB "x%" LOG_PUB "x%" LOG_PUB "x****.", keyAliasPeerVal[0],
419 keyAliasPeerVal[1], keyAliasPeerVal[2], keyAliasPeerVal[3]);
420 Algorithm alg = (pakeParams->baseParams.curveType == CURVE_256) ? P256 : ED25519;
421 ExtraInfo exInfo = { pakeParams->baseParams.idPeer, pakeParams->userType, PAIR_TYPE_BIND };
422 KeyParams keyParams = { { keyAlias.val, keyAlias.length, true }, false, pakeParams->baseParams.osAccountId };
423 res = pakeParams->baseParams.loader->importPublicKey(&keyParams, &(exchangeParams->pubKeyPeer), alg, &exInfo);
424 if (res != HC_SUCCESS) {
425 LOGE("importPublicKey failed");
426 return res;
427 }
428 res = GetStandardTokenManagerInstance()->computeAndSavePsk(pakeParams);
429 if (res != HC_SUCCESS) {
430 LOGE("ComputeAndSavePsk failed, res: %" LOG_PUB "x.", res);
431 return res;
432 }
433 LOGI("Save pubKey and psk success.");
434 return HC_SUCCESS;
435 }
436
ClientRequestStandardBindExchange(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams)437 int32_t ClientRequestStandardBindExchange(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams)
438 {
439 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
440 Uint8Buff keyAlias = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
441 TokenManagerParams tokenParams = { 0 };
442 tokenParams.pkgName.val = (uint8_t *)pakeParams->packageName;
443 tokenParams.pkgName.length = HcStrlen(pakeParams->packageName);
444 tokenParams.serviceType.val = (uint8_t *)pakeParams->serviceType;
445 tokenParams.serviceType.length = HcStrlen(pakeParams->serviceType);
446 tokenParams.userType = pakeParams->userType;
447 if (pakeParams->isSelfFromUpgrade) {
448 tokenParams.userType = KEY_ALIAS_LT_KEY_PAIR;
449 }
450 tokenParams.authId = pakeParams->baseParams.idSelf;
451 int32_t res = GenerateKeyAlias(&tokenParams, &keyAlias);
452 if (res != HC_SUCCESS) {
453 LOGE("generateKeyAlias failed");
454 return res;
455 }
456 if (pakeParams->isSelfFromUpgrade) {
457 res = ToLowerCase(&keyAlias);
458 if (res != HC_SUCCESS) {
459 LOGE("Failed to convert self key alias to lower case!");
460 return res;
461 }
462 }
463
464 res = PackageAuthInfo(pakeParams, exchangeParams, &keyAlias);
465 if (res != HC_SUCCESS) {
466 LOGE("PackageAuthInfo failed");
467 return res;
468 }
469
470 uint8_t signInfoVal[SIGNATURE_LEN] = { 0 };
471 Uint8Buff signInfo = { signInfoVal, SIGNATURE_LEN };
472 res = GenerateSignInfo(pakeParams, exchangeParams, &keyAlias, &signInfo);
473 if (res != HC_SUCCESS) {
474 LOGE("GenerateSignInfo failed");
475 return res;
476 }
477
478 res = EncryptAuthAndSignInfo(pakeParams, exchangeParams, &signInfo, HICHAIN_EXCHANGE_REQUEST);
479 if (res != HC_SUCCESS) {
480 LOGE("EncryptAuthAndSignInfo failed");
481 return res;
482 }
483
484 return res;
485 }
486
GenerateSelfKeyAlias(const PakeParams * pakeParams,Uint8Buff * keyAlias)487 static int32_t GenerateSelfKeyAlias(const PakeParams *pakeParams, Uint8Buff *keyAlias)
488 {
489 TokenManagerParams tokenParams = { 0 };
490 tokenParams.pkgName.val = (uint8_t *)pakeParams->packageName;
491 tokenParams.pkgName.length = HcStrlen(pakeParams->packageName);
492 tokenParams.serviceType.val = (uint8_t *)pakeParams->serviceType;
493 tokenParams.serviceType.length = HcStrlen(pakeParams->serviceType);
494 tokenParams.userType = pakeParams->userType;
495 if (pakeParams->isSelfFromUpgrade) {
496 tokenParams.userType = KEY_ALIAS_LT_KEY_PAIR;
497 }
498 tokenParams.authId = pakeParams->baseParams.idSelf;
499 int32_t res = GenerateKeyAlias(&tokenParams, keyAlias);
500 if (res != HC_SUCCESS) {
501 LOGE("generateKeyAlias failed");
502 return res;
503 }
504 if (pakeParams->isSelfFromUpgrade) {
505 res = ToLowerCase(keyAlias);
506 if (res != HC_SUCCESS) {
507 LOGE("Failed to convert self key alias to lower case!");
508 return res;
509 }
510 }
511 return HC_SUCCESS;
512 }
513
ServerResponseStandardBindExchange(PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams)514 int32_t ServerResponseStandardBindExchange(PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams)
515 {
516 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
517 Uint8Buff keyAlias = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
518 int32_t res = GenerateSelfKeyAlias(pakeParams, &keyAlias);
519 if (res != HC_SUCCESS) {
520 return res;
521 }
522
523 uint8_t signInfoVal[SIGNATURE_LEN] = { 0 };
524 Uint8Buff signInfo = { signInfoVal, SIGNATURE_LEN };
525 res = DecryptAuthAndSignInfo(pakeParams, exchangeParams, &signInfo, HICHAIN_EXCHANGE_REQUEST);
526 if (res != HC_SUCCESS) {
527 LOGE("DecryptAuthAndSignInfo failed");
528 return res;
529 }
530
531 res = ParseAuthInfo(pakeParams, exchangeParams);
532 if (res != HC_SUCCESS) {
533 LOGE("ParseAuthInfo failed");
534 return res;
535 }
536
537 res = VerifySignInfo(pakeParams, exchangeParams, &signInfo);
538 if (res != HC_SUCCESS) {
539 LOGE("VerifySignInfo failed");
540 return res;
541 }
542
543 res = SaveAuthInfo(pakeParams, exchangeParams);
544 if (res != HC_SUCCESS) {
545 LOGE("SaveAuthInfo failed");
546 return res;
547 }
548
549 res = PackageAuthInfo(pakeParams, exchangeParams, &keyAlias);
550 if (res != HC_SUCCESS) {
551 LOGE("PackageAuthInfo failed");
552 return res;
553 }
554
555 res = GenerateSignInfo(pakeParams, exchangeParams, &keyAlias, &signInfo);
556 if (res != HC_SUCCESS) {
557 LOGE("GenerateSignInfo failed");
558 return res;
559 }
560
561 res = EncryptAuthAndSignInfo(pakeParams, exchangeParams, &signInfo, HICHAIN_EXCHANGE_RESPONSE);
562 if (res != HC_SUCCESS) {
563 LOGE("EncryptAuthAndSignInfo failed");
564 return res;
565 }
566
567 return HC_SUCCESS;
568 }
569
ClientConfirmStandardBindExchange(PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams)570 int32_t ClientConfirmStandardBindExchange(PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams)
571 {
572 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
573 Uint8Buff keyAlias = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
574 TokenManagerParams tokenParams = { 0 };
575 tokenParams.pkgName.val = (uint8_t *)pakeParams->packageName;
576 tokenParams.pkgName.length = HcStrlen(pakeParams->packageName);
577 tokenParams.serviceType.val = (uint8_t *)pakeParams->serviceType;
578 tokenParams.serviceType.length = HcStrlen(pakeParams->serviceType);
579 tokenParams.userType = pakeParams->userType;
580 tokenParams.authId = pakeParams->baseParams.idSelf;
581 int32_t res = GenerateKeyAlias(&tokenParams, &keyAlias);
582 if (res != HC_SUCCESS) {
583 LOGE("generateKeyAlias failed");
584 return res;
585 }
586
587 uint8_t signInfoVal[SIGNATURE_LEN] = { 0 };
588 Uint8Buff signInfo = { signInfoVal, SIGNATURE_LEN };
589 res = DecryptAuthAndSignInfo(pakeParams, exchangeParams, &signInfo, HICHAIN_EXCHANGE_RESPONSE);
590 if (res != HC_SUCCESS) {
591 LOGE("DecryptAuthAndSignInfo failed");
592 return res;
593 }
594
595 res = ParseAuthInfo(pakeParams, exchangeParams);
596 if (res != HC_SUCCESS) {
597 LOGE("ParseAuthInfo failed");
598 return res;
599 }
600
601 res = VerifySignInfo(pakeParams, exchangeParams, &signInfo);
602 if (res != HC_SUCCESS) {
603 LOGE("VerifySignInfo failed");
604 return res;
605 }
606
607 res = SaveAuthInfo(pakeParams, exchangeParams);
608 if (res != HC_SUCCESS) {
609 LOGE("SaveAuthInfo failed");
610 return res;
611 }
612
613 return HC_SUCCESS;
614 }
615