1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "remote_msg_util.h"
17
18 #include <iomanip>
19 #include <mutex>
20 #include <sstream>
21 #include <string>
22
23 #include "device_manager.h"
24 #include "device_manager_util.h"
25 #include "hdi_wrapper.h"
26 #include "iam_check.h"
27 #include "iam_logger.h"
28 #include "parameter.h"
29 #include "resource_node_pool.h"
30
31 #define LOG_TAG "USER_AUTH_SA"
32
33 namespace OHOS {
34 namespace UserIam {
35 namespace UserAuth {
36 namespace {
37 const uint32_t TRUCKED_NETWORK_ID_PRINT_LEN = 4;
38 const uint32_t TRUCKED_CONTEXT_ID_PRINT_LEN = 4;
39 } // namespace
GetConnectionName(uint64_t contextId,std::string & connectionName)40 bool RemoteMsgUtil::GetConnectionName(uint64_t contextId, std::string &connectionName)
41 {
42 std::string networkId;
43 bool getLocalNetworkIdRet = DeviceManagerUtil::GetInstance().GetLocalDeviceNetWorkId(networkId);
44 IF_FALSE_LOGE_AND_RETURN_VAL(getLocalNetworkIdRet, false);
45
46 std::ostringstream oss;
47 oss << networkId.substr(0, TRUCKED_NETWORK_ID_PRINT_LEN) << ":";
48 oss << std::setw(TRUCKED_CONTEXT_ID_PRINT_LEN) << std::setfill('0') << std::hex << static_cast<uint16_t>(contextId);
49 connectionName = oss.str();
50 return true;
51 }
52
EncodeQueryExecutorInfoReply(const std::vector<ExecutorInfo> & executorInfoArray,const std::vector<uint8_t> & signedRemoteExecutorInfo,Attributes & attr)53 bool RemoteMsgUtil::EncodeQueryExecutorInfoReply(const std::vector<ExecutorInfo> &executorInfoArray,
54 const std::vector<uint8_t> &signedRemoteExecutorInfo, Attributes &attr)
55 {
56 IF_FALSE_LOGE_AND_RETURN_VAL(executorInfoArray.size() != 0, false);
57
58 bool setRemoteExecutorInfoRet =
59 attr.SetUint8ArrayValue(Attributes::ATTR_REMOTE_EXECUTOR_INFO, signedRemoteExecutorInfo);
60 IF_FALSE_LOGE_AND_RETURN_VAL(setRemoteExecutorInfoRet, false);
61
62 return SetExecutorInfoArrayToAttributes(executorInfoArray, attr);
63 }
64
DecodeQueryExecutorInfoReply(const Attributes & attr,std::vector<ExecutorInfo> & executorInfoArray)65 bool RemoteMsgUtil::DecodeQueryExecutorInfoReply(const Attributes &attr, std::vector<ExecutorInfo> &executorInfoArray)
66 {
67 std::vector<uint8_t> signedRemoteExecutorInfo;
68 bool getRemoteExecutorInfoRet =
69 attr.GetUint8ArrayValue(Attributes::ATTR_REMOTE_EXECUTOR_INFO, signedRemoteExecutorInfo);
70 IF_FALSE_LOGE_AND_RETURN_VAL(getRemoteExecutorInfoRet, false);
71
72 return GetExecutorInfoArrayFromAttributes(attr, signedRemoteExecutorInfo, executorInfoArray);
73 }
74
SetExecutorInfoToAttributes(const ExecutorInfo & executorInfo,Attributes & attr)75 bool RemoteMsgUtil::SetExecutorInfoToAttributes(const ExecutorInfo &executorInfo, Attributes &attr)
76 {
77 bool setAuthTypeRet = attr.SetInt32Value(Attributes::ATTR_AUTH_TYPE, executorInfo.authType);
78 IF_FALSE_LOGE_AND_RETURN_VAL(setAuthTypeRet, false);
79
80 bool setExecutorRoleRet = attr.SetInt32Value(Attributes::ATTR_EXECUTOR_ROLE, executorInfo.executorRole);
81 IF_FALSE_LOGE_AND_RETURN_VAL(setExecutorRoleRet, false);
82
83 bool setExecutorSensorHintRet =
84 attr.SetUint32Value(Attributes::ATTR_EXECUTOR_SENSOR_HINT, executorInfo.executorSensorHint);
85 IF_FALSE_LOGE_AND_RETURN_VAL(setExecutorSensorHintRet, false);
86
87 bool setExecutorMatcherRet = attr.SetUint32Value(Attributes::ATTR_EXECUTOR_MATCHER, executorInfo.executorMatcher);
88 IF_FALSE_LOGE_AND_RETURN_VAL(setExecutorMatcherRet, false);
89
90 bool setEslRet = attr.SetInt32Value(Attributes::ATTR_ESL, executorInfo.esl);
91 IF_FALSE_LOGE_AND_RETURN_VAL(setEslRet, false);
92
93 bool setPublicKeyRet = attr.SetUint8ArrayValue(Attributes::ATTR_PUBLIC_KEY, executorInfo.publicKey);
94 IF_FALSE_LOGE_AND_RETURN_VAL(setPublicKeyRet, false);
95
96 bool setDeviceUdidRet = attr.SetStringValue(Attributes::ATTR_DEVICE_UDID, executorInfo.deviceUdid);
97 IF_FALSE_LOGE_AND_RETURN_VAL(setDeviceUdidRet, false);
98
99 return true;
100 }
101
GetExecutorInfoFromAttributes(const Attributes & Attr,std::vector<uint8_t> & signedRemoteExecutorInfo,ExecutorInfo & executorInfo)102 bool RemoteMsgUtil::GetExecutorInfoFromAttributes(const Attributes &Attr,
103 std::vector<uint8_t> &signedRemoteExecutorInfo, ExecutorInfo &executorInfo)
104 {
105 int32_t authType = 0;
106 bool getAuthTypeRet = Attr.GetInt32Value(Attributes::ATTR_AUTH_TYPE, authType);
107 IF_FALSE_LOGE_AND_RETURN_VAL(getAuthTypeRet, false);
108 executorInfo.authType = static_cast<AuthType>(authType);
109
110 int32_t executorRole = 0;
111 bool getExecutorRoleRet = Attr.GetInt32Value(Attributes::ATTR_EXECUTOR_ROLE, executorRole);
112 IF_FALSE_LOGE_AND_RETURN_VAL(getExecutorRoleRet, false);
113 executorInfo.executorRole = static_cast<ExecutorRole>(executorRole);
114
115 bool getExecutorSensorHintRet =
116 Attr.GetUint32Value(Attributes::ATTR_EXECUTOR_SENSOR_HINT, executorInfo.executorSensorHint);
117 IF_FALSE_LOGE_AND_RETURN_VAL(getExecutorSensorHintRet, false);
118
119 bool getExecutorMatcherRet = Attr.GetUint32Value(Attributes::ATTR_EXECUTOR_MATCHER, executorInfo.executorMatcher);
120 IF_FALSE_LOGE_AND_RETURN_VAL(getExecutorMatcherRet, false);
121
122 int32_t esl = 0;
123 bool getEslRet = Attr.GetInt32Value(Attributes::ATTR_ESL, esl);
124 IF_FALSE_LOGE_AND_RETURN_VAL(getEslRet, false);
125 executorInfo.esl = static_cast<ExecutorSecureLevel>(esl);
126
127 bool getPublicKeyRet = Attr.GetUint8ArrayValue(Attributes::ATTR_PUBLIC_KEY, executorInfo.publicKey);
128 IF_FALSE_LOGE_AND_RETURN_VAL(getPublicKeyRet, false);
129
130 bool getDeviceUdidRet = Attr.GetStringValue(Attributes::ATTR_DEVICE_UDID, executorInfo.deviceUdid);
131 IF_FALSE_LOGE_AND_RETURN_VAL(getDeviceUdidRet, false);
132
133 executorInfo.signedRemoteExecutorInfo = signedRemoteExecutorInfo;
134 return true;
135 }
136
SetExecutorInfoArrayToAttributes(const std::vector<ExecutorInfo> & executorInfoArray,Attributes & attr)137 bool RemoteMsgUtil::SetExecutorInfoArrayToAttributes(const std::vector<ExecutorInfo> &executorInfoArray,
138 Attributes &attr)
139 {
140 std::vector<Attributes> attributeArray;
141 for (auto &executorInfo : executorInfoArray) {
142 Attributes item;
143 if (!SetExecutorInfoToAttributes(executorInfo, item)) {
144 IAM_LOGE("SetExecutorInfoToAttributes failed");
145 return false;
146 }
147 attributeArray.push_back(Attributes(item.Serialize()));
148 }
149
150 bool setAttributeArrayRet =
151 attr.SetAttributesArrayValue(Attributes::ATTR_EXECUTOR_REGISTER_INFO_LIST, attributeArray);
152 IF_FALSE_LOGE_AND_RETURN_VAL(setAttributeArrayRet, false);
153
154 return true;
155 }
156
GetExecutorInfoArrayFromAttributes(const Attributes & attr,std::vector<uint8_t> & signedRemoteExecutorInfo,std::vector<ExecutorInfo> & executorInfoArray)157 bool RemoteMsgUtil::GetExecutorInfoArrayFromAttributes(const Attributes &attr,
158 std::vector<uint8_t> &signedRemoteExecutorInfo, std::vector<ExecutorInfo> &executorInfoArray)
159 {
160 std::vector<Attributes> attributeArray;
161 bool getExecutorInfoRet =
162 attr.GetAttributesArrayValue(Attributes::ATTR_EXECUTOR_REGISTER_INFO_LIST, attributeArray);
163 IF_FALSE_LOGE_AND_RETURN_VAL(getExecutorInfoRet, false);
164
165 for (auto &item : attributeArray) {
166 ExecutorInfo executorInfo;
167 if (!GetExecutorInfoFromAttributes(item, signedRemoteExecutorInfo, executorInfo)) {
168 IAM_LOGE("GetExecutorInfoFromAttributes failed");
169 return false;
170 }
171 executorInfoArray.push_back(executorInfo);
172 }
173
174 return true;
175 }
176
GetQueryExecutorInfoReply(const std::vector<int32_t> authTypes,int32_t executorRole,std::string remoteUdid,Attributes & attr)177 ResultCode RemoteMsgUtil::GetQueryExecutorInfoReply(const std::vector<int32_t> authTypes, int32_t executorRole,
178 std::string remoteUdid, Attributes &attr)
179 {
180 IF_FALSE_LOGE_AND_RETURN_VAL(authTypes.size() == 1, INVALID_PARAMETERS);
181
182 auto hdi = HdiWrapper::GetHdiInstance();
183 IF_FALSE_LOGE_AND_RETURN_VAL(hdi != nullptr, GENERAL_ERROR);
184
185 std::vector<uint8_t> signedExecutorInfo;
186 int32_t hdiRet = hdi->GetSignedExecutorInfo(authTypes, executorRole, remoteUdid, signedExecutorInfo);
187 if (hdiRet == DEVICE_CAPABILITY_NOT_SUPPORT || hdiRet == REMOTE_DEVICE_CONNECTION_FAIL) {
188 IAM_LOGE("get signed executor info failed, ret: %{public}d", hdiRet);
189 return (ResultCode)hdiRet;
190 }
191 IF_FALSE_LOGE_AND_RETURN_VAL(hdiRet == SUCCESS, GENERAL_ERROR);
192
193 std::string localUdid;
194 bool getLocalUdidRet = DeviceManagerUtil::GetInstance().GetLocalDeviceUdid(localUdid);
195 IF_FALSE_LOGE_AND_RETURN_VAL(getLocalUdidRet, GENERAL_ERROR);
196
197 std::vector<ExecutorInfo> executorInfoArray;
198 ResourceNodePool::Instance().Enumerate([&](const std::weak_ptr<ResourceNode> &weakNode) {
199 std::shared_ptr<ResourceNode> node = weakNode.lock();
200 IF_FALSE_LOGE_AND_RETURN(node != nullptr);
201
202 if (node->GetAuthType() != authTypes[0] || node->GetExecutorRole() != executorRole ||
203 localUdid != node->GetExecutorDeviceUdid()) {
204 return;
205 }
206
207 ExecutorInfo executorInfo;
208 executorInfo.authType = node->GetAuthType();
209 executorInfo.executorRole = node->GetExecutorRole();
210 executorInfo.executorSensorHint = node->GetExecutorSensorHint();
211 executorInfo.executorMatcher = node->GetExecutorMatcher();
212 executorInfo.esl = node->GetExecutorEsl();
213 executorInfo.publicKey = node->GetExecutorPublicKey();
214 executorInfo.deviceUdid = node->GetExecutorDeviceUdid();
215 executorInfoArray.push_back(executorInfo);
216 });
217
218 bool encodeQueryExecutorInfoReplyRet =
219 RemoteMsgUtil::EncodeQueryExecutorInfoReply(executorInfoArray, signedExecutorInfo, attr);
220 IF_FALSE_LOGE_AND_RETURN_VAL(encodeQueryExecutorInfoReplyRet, GENERAL_ERROR);
221
222 IAM_LOGI("success");
223 return SUCCESS;
224 }
225
EncodeAuthParam(const AuthParamInner & authParam,Attributes & attr)226 bool RemoteMsgUtil::EncodeAuthParam(const AuthParamInner &authParam, Attributes &attr)
227 {
228 bool setUserIdRet = attr.SetInt32Value(Attributes::ATTR_USER_ID, authParam.userId);
229 IF_FALSE_LOGE_AND_RETURN_VAL(setUserIdRet, false);
230
231 bool setChallengeRet = attr.SetUint8ArrayValue(Attributes::ATTR_CHALLENGE, authParam.challenge);
232 IF_FALSE_LOGE_AND_RETURN_VAL(setChallengeRet, false);
233
234 bool setAuthTypeRet = attr.SetInt32Value(Attributes::ATTR_AUTH_TYPE, authParam.authType);
235 IF_FALSE_LOGE_AND_RETURN_VAL(setAuthTypeRet, false);
236
237 bool setAuthTrustLevelRet = attr.SetInt32Value(Attributes::ATTR_AUTH_TRUST_LEVEL, authParam.authTrustLevel);
238 IF_FALSE_LOGE_AND_RETURN_VAL(setAuthTrustLevelRet, false);
239 return true;
240 }
241
DecodeAuthParam(const Attributes & attr,AuthParamInner & authParam)242 bool RemoteMsgUtil::DecodeAuthParam(const Attributes &attr, AuthParamInner &authParam)
243 {
244 bool getUserIdRet = attr.GetInt32Value(Attributes::ATTR_USER_ID, authParam.userId);
245 IF_FALSE_LOGE_AND_RETURN_VAL(getUserIdRet, false);
246
247 bool getChallengeRet = attr.GetUint8ArrayValue(Attributes::ATTR_CHALLENGE, authParam.challenge);
248 IF_FALSE_LOGE_AND_RETURN_VAL(getChallengeRet, false);
249
250 int32_t authType;
251 bool getAuthTypeRet = attr.GetInt32Value(Attributes::ATTR_AUTH_TYPE, authType);
252 IF_FALSE_LOGE_AND_RETURN_VAL(getAuthTypeRet, false);
253 authParam.authType = static_cast<AuthType>(authType);
254
255 int32_t authTrustLevel;
256 bool getAuthTrustLevelRet = attr.GetInt32Value(Attributes::ATTR_AUTH_TRUST_LEVEL, authTrustLevel);
257 IF_FALSE_LOGE_AND_RETURN_VAL(getAuthTrustLevelRet, false);
258 authParam.authTrustLevel = static_cast<AuthTrustLevel>(authTrustLevel);
259
260 return true;
261 }
262 } // namespace UserAuth
263 } // namespace UserIam
264 } // namespace OHOS