1 /*
2 * Copyright (C) 2021-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "das_task_common.h"
17 #include "alg_defs.h"
18 #include "alg_loader.h"
19 #include "hc_log.h"
20 #include "protocol_common.h"
21 #include "hc_dev_info.h"
22 #include "string_util.h"
23
24 #define MESSAGE_RETURN 0x8000
25 #define MESSAGE_PREFIX 0x0010
26
27 /* in order to expand to uint16_t */
28 static const uint8_t KEY_TYPE_PAIRS[KEY_ALIAS_TYPE_END][KEY_TYPE_PAIR_LEN] = {
29 { 0x00, 0x00 }, /* ACCESSOR_PK */
30 { 0x00, 0x01 }, /* CONTROLLER_PK */
31 { 0x00, 0x02 }, /* ed25519 KEYPAIR */
32 { 0x00, 0x03 }, /* KEK, key encryption key, used only by DeviceAuthService */
33 { 0x00, 0x04 }, /* DEK, data encryption key, used only by upper apps */
34 { 0x00, 0x05 }, /* key tmp */
35 { 0x00, 0x06 }, /* PSK, preshared key index */
36 { 0x00, 0x07 }, /* AUTHTOKEN */
37 { 0x00, 0x08 } /* P2P_AUTH */
38 };
39
GetKeyTypePair(KeyAliasType keyAliasType)40 static uint8_t *GetKeyTypePair(KeyAliasType keyAliasType)
41 {
42 return (uint8_t *)KEY_TYPE_PAIRS[keyAliasType];
43 }
44
DasSendErrorToOut(CJson * out,int errCode)45 void DasSendErrorToOut(CJson *out, int errCode)
46 {
47 CJson *sendToSelf = CreateJson();
48 if (sendToSelf == NULL) {
49 LOGE("Create sendToSelf json failed.");
50 return;
51 }
52 CJson *sendToPeer = CreateJson();
53 if (sendToPeer == NULL) {
54 LOGE("Create json failed.");
55 FreeJson(sendToSelf);
56 return;
57 }
58 CJson *payload = CreateJson();
59 if (payload == NULL) {
60 LOGE("Create payload json failed.");
61 goto ERR;
62 }
63 int res;
64 GOTO_ERR_AND_SET_RET(AddIntToJson(sendToSelf, FIELD_AUTH_FORM, AUTH_FORM_ACCOUNT_UNRELATED), res);
65 GOTO_ERR_AND_SET_RET(AddIntToJson(sendToSelf, FIELD_ERROR_CODE, errCode), res);
66
67 GOTO_ERR_AND_SET_RET(AddIntToJson(payload, FIELD_ERROR_CODE, errCode), res);
68 GOTO_ERR_AND_SET_RET(AddObjToJson(sendToPeer, FIELD_PAYLOAD, payload), res);
69 GOTO_ERR_AND_SET_RET(AddIntToJson(sendToPeer, FIELD_MESSAGE, ERR_MESSAGE), res);
70
71 GOTO_ERR_AND_SET_RET(AddObjToJson(out, FIELD_SEND_TO_PEER, sendToPeer), res);
72 GOTO_ERR_AND_SET_RET(AddObjToJson(out, FIELD_SEND_TO_SELF, sendToSelf), res);
73 ERR:
74 FreeJson(sendToPeer);
75 FreeJson(sendToSelf);
76 FreeJson(payload);
77 }
78
DasSendErrMsgToSelf(CJson * out,int errCode)79 void DasSendErrMsgToSelf(CJson *out, int errCode)
80 {
81 CJson *sendToSelf = CreateJson();
82 if (sendToSelf == NULL) {
83 LOGE("Create sendToSelf json failed.");
84 return;
85 }
86
87 if (AddIntToJson(sendToSelf, FIELD_AUTH_FORM, AUTH_FORM_ACCOUNT_UNRELATED) != 0) {
88 FreeJson(sendToSelf);
89 LOGE("Add authForm failed.");
90 return;
91 }
92 if (AddIntToJson(sendToSelf, FIELD_ERROR_CODE, errCode) != 0) {
93 FreeJson(sendToSelf);
94 LOGE("Add errCode failed.");
95 return;
96 }
97 if (AddObjToJson(out, FIELD_SEND_TO_SELF, sendToSelf) != 0) {
98 FreeJson(sendToSelf);
99 LOGE("Add sendToSelf failed.");
100 return;
101 }
102 FreeJson(sendToSelf);
103 }
104
ProtocolMessageIn(const CJson * in)105 uint32_t ProtocolMessageIn(const CJson *in)
106 {
107 int32_t message = 0;
108 if (GetIntFromJson(in, FIELD_MESSAGE, &message) != 0) {
109 return INVALID_MESSAGE;
110 }
111 if (message == ERR_MESSAGE) {
112 return ERR_MESSAGE;
113 }
114 return (uint32_t)message & 0x000F; /* get lower 8 bit */
115 }
116
ClientProtocolMessageOut(CJson * out,int opCode,uint32_t step)117 int ClientProtocolMessageOut(CJson *out, int opCode, uint32_t step)
118 {
119 CJson *sendToPeer = GetObjFromJson(out, FIELD_SEND_TO_PEER);
120 if (sendToPeer == NULL) {
121 LOGD("No need to send to peer");
122 return HC_SUCCESS;
123 }
124 int res;
125 switch (opCode) {
126 case OP_BIND:
127 case AUTH_KEY_AGREEMENT:
128 res = AddIntToJson(sendToPeer, FIELD_MESSAGE, step);
129 break;
130 case AUTHENTICATE:
131 case OP_UNBIND:
132 step = step | MESSAGE_PREFIX;
133 res = AddIntToJson(sendToPeer, FIELD_MESSAGE, step);
134 break;
135 default:
136 LOGE("Unsupported opCode: %" LOG_PUB "d.", opCode);
137 return HC_ERR_NOT_SUPPORT;
138 }
139 return (res == 0) ? HC_SUCCESS : HC_ERR_JSON_ADD;
140 }
141
ServerProtocolMessageOut(CJson * out,int opCode,uint32_t step)142 int ServerProtocolMessageOut(CJson *out, int opCode, uint32_t step)
143 {
144 int res;
145 CJson *sendToPeer = GetObjFromJson(out, FIELD_SEND_TO_PEER);
146 if (sendToPeer == NULL) {
147 LOGD("No need to send to peer");
148 return HC_SUCCESS;
149 }
150 switch (opCode) {
151 case OP_BIND:
152 case AUTH_KEY_AGREEMENT:
153 step = step | MESSAGE_RETURN;
154 res = AddIntToJson(sendToPeer, FIELD_MESSAGE, step);
155 break;
156 case AUTHENTICATE:
157 case OP_UNBIND:
158 step = step | MESSAGE_RETURN;
159 step = step | MESSAGE_PREFIX;
160 res = AddIntToJson(sendToPeer, FIELD_MESSAGE, step);
161 break;
162 default:
163 LOGE("Unsupported opCode: %" LOG_PUB "d.", opCode);
164 return HC_ERR_NOT_SUPPORT;
165 }
166 return (res == 0) ? HC_SUCCESS : HC_ERR_JSON_ADD;
167 }
168
CombineServiceId(const Uint8Buff * pkgName,const Uint8Buff * serviceType,Uint8Buff * serviceId)169 static int32_t CombineServiceId(const Uint8Buff *pkgName, const Uint8Buff *serviceType, Uint8Buff *serviceId)
170 {
171 Uint8Buff serviceIdPlain = { NULL, 0 };
172 serviceIdPlain.length = pkgName->length + serviceType->length;
173 serviceIdPlain.val = (uint8_t *)HcMalloc(serviceIdPlain.length, 0);
174 int32_t res = HC_SUCCESS;
175 if (serviceIdPlain.val == NULL) {
176 LOGE("Hcmalloc val memory failed.");
177 res = HC_ERR_ALLOC_MEMORY;
178 goto ERR;
179 }
180
181 if (memcpy_s(serviceIdPlain.val, serviceIdPlain.length, pkgName->val, pkgName->length) != EOK) {
182 LOGE("Copy service id: pkgName failed.");
183 res = HC_ERR_MEMORY_COPY;
184 goto ERR;
185 }
186 if (memcpy_s(serviceIdPlain.val + pkgName->length, serviceIdPlain.length - pkgName->length,
187 serviceType->val, serviceType->length) != EOK) {
188 LOGE("Copy serviceType to service id plain failed.");
189 res = HC_ERR_MEMORY_COPY;
190 goto ERR;
191 }
192
193 res = GetLoaderInstance()->sha256(&serviceIdPlain, serviceId);
194 if (res != HC_SUCCESS) {
195 LOGE("Sha256 service id to service id plain failed.");
196 goto ERR;
197 }
198 ERR:
199 HcFree(serviceIdPlain.val);
200 return res;
201 }
202
IsPeerDevice(const Uint8Buff * authId)203 static bool IsPeerDevice(const Uint8Buff *authId)
204 {
205 char selfUdid[INPUT_UDID_LEN] = { 0 };
206 int32_t res = HcGetUdid((uint8_t *)selfUdid, INPUT_UDID_LEN);
207 if (res != HC_SUCCESS) {
208 LOGE("Failed to get local udid! res: %" LOG_PUB "d.", res);
209 return false;
210 }
211 char *authIdStr = (char *)HcMalloc(authId->length + 1, 0);
212 if (authIdStr == NULL) {
213 LOGE("Failed to malloc memory for authIdStr!");
214 return false;
215 }
216 if (memcpy_s(authIdStr, authId->length + 1, authId->val, authId->length) != EOK) {
217 LOGE("Failed to copy authId to authIdStr!");
218 HcFree(authIdStr);
219 return false;
220 }
221 bool isPeerDevice = !IsStrEqual(selfUdid, authIdStr);
222 HcFree(authIdStr);
223 return isPeerDevice;
224 }
225
FillKeyAlias(const Uint8Buff * serviceId,const Uint8Buff * keyType,const TokenManagerParams * params,Uint8Buff * keyAliasBuff)226 static int32_t FillKeyAlias(const Uint8Buff *serviceId, const Uint8Buff *keyType,
227 const TokenManagerParams *params, Uint8Buff *keyAliasBuff)
228 {
229 uint32_t usedLen = 0;
230 uint32_t totalLen = keyAliasBuff->length;
231 if (memcpy_s(keyAliasBuff->val, totalLen, serviceId->val, serviceId->length) != EOK) {
232 LOGE("Copy serviceId to key alias failed.");
233 return HC_ERR_MEMORY_COPY;
234 }
235 usedLen = usedLen + serviceId->length;
236 if (memcpy_s(keyAliasBuff->val + usedLen, totalLen - usedLen, keyType->val, keyType->length) != EOK) {
237 LOGE("Copy keyType to key alias failed.");
238 return HC_ERR_MEMORY_COPY;
239 }
240 usedLen = usedLen + keyType->length;
241
242 Uint8Buff authId = { params->authId.val, params->authId.length };
243 if (memcpy_s(keyAliasBuff->val + usedLen, totalLen - usedLen, authId.val, authId.length) != EOK) {
244 LOGE("Copy authId failed.");
245 return HC_ERR_MEMORY_COPY;
246 }
247
248 if (params->isDirectAuthToken && IsPeerDevice(&authId)) {
249 usedLen = usedLen + authId.length;
250 Uint8Buff peerOsAccIdBuff = { (uint8_t *)¶ms->peerOsAccountId, sizeof(params->peerOsAccountId) };
251 if (memcpy_s(keyAliasBuff->val + usedLen, totalLen - usedLen, peerOsAccIdBuff.val,
252 peerOsAccIdBuff.length) != EOK) {
253 LOGE("Copy peerOsAccountId failed.");
254 return HC_ERR_MEMORY_COPY;
255 }
256 }
257 return HC_SUCCESS;
258 }
259
CombineKeyAlias(const Uint8Buff * serviceId,const Uint8Buff * keyType,const TokenManagerParams * params,Uint8Buff * keyAliasHash)260 static int32_t CombineKeyAlias(const Uint8Buff *serviceId, const Uint8Buff *keyType,
261 const TokenManagerParams *params, Uint8Buff *keyAliasHash)
262 {
263 Uint8Buff keyAliasBuff = { NULL, 0 };
264 Uint8Buff authId = { params->authId.val, params->authId.length };
265 if (params->isDirectAuthToken && IsPeerDevice(&authId)) {
266 keyAliasBuff.length = serviceId->length + authId.length + keyType->length + sizeof(params->peerOsAccountId);
267 } else {
268 keyAliasBuff.length = serviceId->length + authId.length + keyType->length;
269 }
270 keyAliasBuff.val = (uint8_t *)HcMalloc(keyAliasBuff.length, 0);
271 if (keyAliasBuff.val == NULL) {
272 LOGE("Malloc mem failed.");
273 return HC_ERR_ALLOC_MEMORY;
274 }
275
276 int32_t res = FillKeyAlias(serviceId, keyType, params, &keyAliasBuff);
277 if (res != HC_SUCCESS) {
278 LOGE("Failed to fill key alias!");
279 HcFree(keyAliasBuff.val);
280 return res;
281 }
282
283 res = GetLoaderInstance()->sha256(&keyAliasBuff, keyAliasHash);
284 HcFree(keyAliasBuff.val);
285 if (res != HC_SUCCESS) {
286 LOGE("Sha256 failed.");
287 }
288 return res;
289 }
290
CombineKeyAliasForPseudonymPsk(const Uint8Buff * serviceType,const Uint8Buff * peerAuthId,const Uint8Buff * keyType,Uint8Buff * keyAliasHash)291 static int32_t CombineKeyAliasForPseudonymPsk(const Uint8Buff *serviceType, const Uint8Buff *peerAuthId,
292 const Uint8Buff *keyType, Uint8Buff *keyAliasHash)
293 {
294 Uint8Buff keyAliasBuff = { NULL, 0 };
295 keyAliasBuff.length = serviceType->length + peerAuthId->length + keyType->length;
296 keyAliasBuff.val = (uint8_t *)HcMalloc(keyAliasBuff.length, 0);
297 if (keyAliasBuff.val == NULL) {
298 LOGE("Malloc mem failed.");
299 return HC_ERR_ALLOC_MEMORY;
300 }
301
302 uint32_t totalLen = keyAliasBuff.length;
303 uint32_t usedLen = 0;
304 int32_t res = HC_SUCCESS;
305 do {
306 if (memcpy_s(keyAliasBuff.val, totalLen, serviceType->val, serviceType->length) != EOK) {
307 LOGE("Copy serviceType failed.");
308 res = HC_ERR_MEMORY_COPY;
309 break;
310 }
311 usedLen = usedLen + serviceType->length;
312
313 if (memcpy_s(keyAliasBuff.val + usedLen, totalLen - usedLen, peerAuthId->val, peerAuthId->length) != EOK) {
314 LOGE("Copy peerAuthId failed.");
315 res = HC_ERR_MEMORY_COPY;
316 break;
317 }
318 usedLen = usedLen + peerAuthId->length;
319
320 if (memcpy_s(keyAliasBuff.val + usedLen, totalLen - usedLen, keyType->val, keyType->length) != EOK) {
321 LOGE("Copy keyType failed.");
322 res = HC_ERR_MEMORY_COPY;
323 break;
324 }
325
326 res = GetLoaderInstance()->sha256(&keyAliasBuff, keyAliasHash);
327 if (res != HC_SUCCESS) {
328 LOGE("Sha256 failed.");
329 }
330 } while (0);
331 HcFree(keyAliasBuff.val);
332 return res;
333 }
334
CombineKeyAliasForIso(const Uint8Buff * serviceId,const Uint8Buff * keyType,const TokenManagerParams * params,Uint8Buff * outKeyAlias)335 static int32_t CombineKeyAliasForIso(const Uint8Buff *serviceId, const Uint8Buff *keyType,
336 const TokenManagerParams *params, Uint8Buff *outKeyAlias)
337 {
338 if (outKeyAlias->length != SHA256_LEN) {
339 return HC_ERR_INVALID_LEN;
340 }
341 int32_t res = CombineKeyAlias(serviceId, keyType, params, outKeyAlias);
342 if (res != HC_SUCCESS) {
343 LOGE("CombineKeyAlias failed.");
344 return res;
345 }
346 return res;
347 }
348
CombineKeyAliasForPake(const Uint8Buff * serviceId,const Uint8Buff * keyType,const TokenManagerParams * params,Uint8Buff * outKeyAlias)349 static int32_t CombineKeyAliasForPake(const Uint8Buff *serviceId, const Uint8Buff *keyType,
350 const TokenManagerParams *params, Uint8Buff *outKeyAlias)
351 {
352 int32_t res;
353 Uint8Buff keyAliasHash = { NULL, SHA256_LEN };
354 char *outKeyAliasHex = NULL;
355 if (outKeyAlias->length != SHA256_LEN * BYTE_TO_HEX_OPER_LENGTH) {
356 res = HC_ERR_INVALID_LEN;
357 goto ERR;
358 }
359 keyAliasHash.val = (uint8_t *)HcMalloc(keyAliasHash.length, 0);
360 if (keyAliasHash.val == NULL) {
361 LOGE("Malloc keyAliasHash failed");
362 res = HC_ERR_ALLOC_MEMORY;
363 goto ERR;
364 }
365 res = CombineKeyAlias(serviceId, keyType, params, &keyAliasHash);
366 if (res != HC_SUCCESS) {
367 LOGE("CombineKeyAlias failed.");
368 goto ERR;
369 }
370 uint32_t outKeyAliasHexLen = keyAliasHash.length * BYTE_TO_HEX_OPER_LENGTH + 1;
371 outKeyAliasHex = (char *)HcMalloc(outKeyAliasHexLen, 0);
372 if (outKeyAliasHex == NULL) {
373 LOGE("Malloc outKeyAliasHex failed");
374 res = HC_ERR_ALLOC_MEMORY;
375 goto ERR;
376 }
377 res = ByteToHexString(keyAliasHash.val, keyAliasHash.length, outKeyAliasHex, outKeyAliasHexLen);
378 if (res != HC_SUCCESS) {
379 LOGE("ByteToHexString failed");
380 goto ERR;
381 }
382 if (memcpy_s(outKeyAlias->val, outKeyAlias->length, outKeyAliasHex, HcStrlen(outKeyAliasHex)) != EOK) {
383 LOGE("memcpy outkeyalias failed.");
384 res = HC_ERR_MEMORY_COPY;
385 goto ERR;
386 }
387 ERR:
388 HcFree(keyAliasHash.val);
389 HcFree(outKeyAliasHex);
390 return res;
391 }
392
GenerateKeyAlias(const TokenManagerParams * params,Uint8Buff * outKeyAlias)393 int32_t GenerateKeyAlias(const TokenManagerParams *params, Uint8Buff *outKeyAlias)
394 {
395 CHECK_PTR_RETURN_ERROR_CODE(params, "params");
396 Uint8Buff pkgName = { params->pkgName.val, params->pkgName.length };
397 Uint8Buff serviceType = { params->serviceType.val, params->serviceType.length };
398 CHECK_PTR_RETURN_ERROR_CODE(pkgName.val, "pkgName.val");
399 CHECK_PTR_RETURN_ERROR_CODE(serviceType.val, "serviceType.val");
400 CHECK_PTR_RETURN_ERROR_CODE(params->authId.val, "params->authId.val");
401 CHECK_PTR_RETURN_ERROR_CODE(outKeyAlias, "outKeyAlias");
402 CHECK_PTR_RETURN_ERROR_CODE(outKeyAlias->val, "outKeyAlias->val");
403 if (pkgName.length == 0 || serviceType.length == 0 || params->authId.length == 0 || outKeyAlias->length == 0) {
404 LOGE("Invalid zero length params exist.");
405 return HC_ERR_INVALID_LEN;
406 }
407 KeyAliasType keyType = (KeyAliasType)params->userType;
408 if (pkgName.length > PACKAGE_NAME_MAX_LEN || serviceType.length > SERVICE_TYPE_MAX_LEN ||
409 params->authId.length > AUTH_ID_MAX_LEN || keyType >= KEY_ALIAS_TYPE_END) {
410 LOGE("Out of length params exist.");
411 return HC_ERR_INVALID_LEN;
412 }
413
414 int32_t res;
415 Uint8Buff serviceId = { NULL, SHA256_LEN };
416 serviceId.val = (uint8_t *)HcMalloc(serviceId.length, 0);
417 if (serviceId.val == NULL) {
418 LOGE("Malloc for serviceId failed.");
419 res = HC_ERR_ALLOC_MEMORY;
420 goto ERR;
421 }
422 res = CombineServiceId(&pkgName, &serviceType, &serviceId);
423 if (res != HC_SUCCESS) {
424 LOGE("CombineServiceId failed, res: %" LOG_PUB "x.", res);
425 goto ERR;
426 }
427 Uint8Buff keyTypeBuff = { GetKeyTypePair(keyType), KEY_TYPE_PAIR_LEN };
428 if (keyType == KEY_ALIAS_AUTH_TOKEN) {
429 res = CombineKeyAliasForIso(&serviceId, &keyTypeBuff, params, outKeyAlias);
430 } else {
431 res = CombineKeyAliasForPake(&serviceId, &keyTypeBuff, params, outKeyAlias);
432 }
433 if (res != HC_SUCCESS) {
434 LOGE("CombineKeyAlias failed, keyType: %" LOG_PUB "d, res: %" LOG_PUB "d", keyType, res);
435 }
436 ERR:
437 HcFree(serviceId.val);
438 return res;
439 }
440
CheckGeneratePskParams(const Uint8Buff * serviceType,const Uint8Buff * peerAuthId,const Uint8Buff * outKeyAlias)441 static int32_t CheckGeneratePskParams(const Uint8Buff *serviceType, const Uint8Buff *peerAuthId,
442 const Uint8Buff *outKeyAlias)
443 {
444 CHECK_PTR_RETURN_ERROR_CODE(serviceType, "serviceType");
445 CHECK_PTR_RETURN_ERROR_CODE(serviceType->val, "serviceType->val");
446 CHECK_PTR_RETURN_ERROR_CODE(peerAuthId, "peerAuthId");
447 CHECK_PTR_RETURN_ERROR_CODE(peerAuthId->val, "peerAuthId->val");
448 CHECK_PTR_RETURN_ERROR_CODE(outKeyAlias, "outKeyAlias");
449 CHECK_PTR_RETURN_ERROR_CODE(outKeyAlias->val, "outKeyAlias->val");
450 if (serviceType->length == 0 || peerAuthId->length == 0 || outKeyAlias->length == 0) {
451 LOGE("Invalid param len!");
452 return HC_ERR_INVALID_LEN;
453 }
454 if (serviceType->length > SERVICE_TYPE_MAX_LEN || peerAuthId->length > AUTH_ID_MAX_LEN) {
455 LOGE("Param len exceed the limit!");
456 return HC_ERR_INVALID_LEN;
457 }
458 if (outKeyAlias->length != SHA256_LEN * BYTE_TO_HEX_OPER_LENGTH) {
459 LOGE("Invalid out key len!");
460 return HC_ERR_INVALID_LEN;
461 }
462 return HC_SUCCESS;
463 }
464
GeneratePseudonymPskAlias(const Uint8Buff * serviceType,const Uint8Buff * peerAuthId,Uint8Buff * outKeyAlias)465 int32_t GeneratePseudonymPskAlias(const Uint8Buff *serviceType, const Uint8Buff *peerAuthId, Uint8Buff *outKeyAlias)
466 {
467 int32_t res = CheckGeneratePskParams(serviceType, peerAuthId, outKeyAlias);
468 if (res != HC_SUCCESS) {
469 return res;
470 }
471
472 Uint8Buff keyAliasHash = { NULL, SHA256_LEN };
473 keyAliasHash.val = (uint8_t *)HcMalloc(keyAliasHash.length, 0);
474 if (keyAliasHash.val == NULL) {
475 LOGE("Malloc keyAliasHash failed");
476 return HC_ERR_ALLOC_MEMORY;
477 }
478 Uint8Buff keyTypeBuff = { GetKeyTypePair(KEY_ALIAS_AUTH_TOKEN), KEY_TYPE_PAIR_LEN };
479 res = CombineKeyAliasForPseudonymPsk(serviceType, peerAuthId, &keyTypeBuff, &keyAliasHash);
480 if (res != HC_SUCCESS) {
481 LOGE("CombineKeyAlias for pseudonym psk failed!");
482 HcFree(keyAliasHash.val);
483 return res;
484 }
485 uint32_t outKeyAliasHexLen = keyAliasHash.length * BYTE_TO_HEX_OPER_LENGTH + 1;
486 char *outKeyAliasHex = (char *)HcMalloc(outKeyAliasHexLen, 0);
487 if (outKeyAliasHex == NULL) {
488 LOGE("Failed to alloc memory for outKeyAliasHex!");
489 HcFree(keyAliasHash.val);
490 return HC_ERR_ALLOC_MEMORY;
491 }
492 res = ByteToHexString(keyAliasHash.val, keyAliasHash.length, outKeyAliasHex, outKeyAliasHexLen);
493 if (res != HC_SUCCESS) {
494 LOGE("Failed to convert key alias hash to byte string!");
495 HcFree(keyAliasHash.val);
496 HcFree(outKeyAliasHex);
497 return res;
498 }
499 HcFree(keyAliasHash.val);
500 if (memcpy_s(outKeyAlias->val, outKeyAlias->length, outKeyAliasHex, HcStrlen(outKeyAliasHex)) != EOK) {
501 LOGE("Failed to copy out key alias!");
502 HcFree(outKeyAliasHex);
503 return HC_ERR_MEMORY_COPY;
504 }
505 HcFree(outKeyAliasHex);
506 return HC_SUCCESS;
507 }
508
GetIdPeer(const CJson * in,const char * peerIdKey,const Uint8Buff * authIdSelf,Uint8Buff * authIdPeer)509 int32_t GetIdPeer(const CJson *in, const char *peerIdKey, const Uint8Buff *authIdSelf, Uint8Buff *authIdPeer)
510 {
511 const char *authIdStr = GetStringFromJson(in, peerIdKey);
512 if (authIdStr == NULL) {
513 LOGE("Get peer id key from input json failed.");
514 return HC_ERR_JSON_GET;
515 }
516 uint32_t authIdLen = HcStrlen(authIdStr) / BYTE_TO_HEX_OPER_LENGTH;
517 if (authIdLen == 0 || authIdLen > MAX_AUTH_ID_LEN) {
518 LOGE("AuthIdPeerLen is invalid, len: %" LOG_PUB "u.", authIdLen);
519 return HC_ERR_INVALID_LEN;
520 }
521 int32_t res = InitSingleParam(authIdPeer, authIdLen);
522 if (res != HC_SUCCESS) {
523 LOGE("Init single param for peer authId failed, res: %" LOG_PUB "d.", res);
524 return res;
525 }
526 if (HexStringToByte(authIdStr, authIdPeer->val, authIdPeer->length) != HC_SUCCESS) {
527 LOGE("Hex str to byte for authIdPeer failed.");
528 return HC_ERR_CONVERT_FAILED;
529 }
530 if ((authIdSelf->length == authIdPeer->length) &&
531 memcmp(authIdSelf->val, authIdPeer->val, authIdSelf->length) == 0) {
532 LOGE("Peer id can not be equal to self id.");
533 return HC_ERR_INVALID_PARAMS;
534 }
535 return HC_SUCCESS;
536 }
537
GetAndCheckAuthIdPeer(const CJson * in,const Uint8Buff * authIdSelf,const Uint8Buff * authIdPeer)538 int32_t GetAndCheckAuthIdPeer(const CJson *in, const Uint8Buff *authIdSelf, const Uint8Buff *authIdPeer)
539 {
540 if (in == NULL || authIdSelf == NULL || authIdPeer == NULL) {
541 LOGE("Params exist NULL.");
542 return HC_ERR_NULL_PTR;
543 }
544 const CJson *payload = GetObjFromJson(in, FIELD_PAYLOAD);
545 if (payload == NULL) {
546 LOGE("Get payload failed.");
547 return HC_ERR_JSON_GET;
548 }
549 const char *authIdStr = GetStringFromJson(payload, FIELD_PEER_AUTH_ID);
550 if (authIdStr == NULL) {
551 LOGE("Get peer authId from payload failed.");
552 return HC_ERR_JSON_GET;
553 }
554 uint32_t authIdPeerLen = HcStrlen(authIdStr) / BYTE_TO_HEX_OPER_LENGTH;
555 if (authIdPeerLen == 0 || authIdPeerLen > MAX_AUTH_ID_LEN) {
556 LOGE("Invalid peer authId length.");
557 return HC_ERR_INVALID_LEN;
558 }
559 uint8_t *authIdPeerTmp = (uint8_t *)HcMalloc(authIdPeerLen, 0);
560 if (authIdPeerTmp == NULL) {
561 LOGE("Malloc for authIdPeerTmp failed.");
562 return HC_ERR_ALLOC_MEMORY;
563 }
564 if (HexStringToByte(authIdStr, authIdPeerTmp, authIdPeerLen) != HC_SUCCESS) {
565 LOGE("Convert peer authId from hex string to byte failed.");
566 HcFree(authIdPeerTmp);
567 return HC_ERR_CONVERT_FAILED;
568 }
569 if ((authIdSelf->length == authIdPeer->length) &&
570 memcmp(authIdSelf->val, authIdPeer->val, authIdSelf->length) == EOK) {
571 LOGE("Peer id can not be equal to self id.");
572 HcFree(authIdPeerTmp);
573 return HC_ERR_INVALID_PARAMS;
574 }
575 if (memcmp(authIdPeer->val, authIdPeerTmp, authIdPeer->length) != EOK) {
576 LOGE("Peer authId does not match.");
577 HcFree(authIdPeerTmp);
578 return HC_ERR_INVALID_PARAMS;
579 }
580 HcFree(authIdPeerTmp);
581 return HC_SUCCESS;
582 }
583
GetAuthIdPeerFromPayload(const CJson * in,const Uint8Buff * authIdSelf,Uint8Buff * authIdPeer)584 int32_t GetAuthIdPeerFromPayload(const CJson *in, const Uint8Buff *authIdSelf, Uint8Buff *authIdPeer)
585 {
586 const CJson *payload = GetObjFromJson(in, FIELD_PAYLOAD);
587 if (payload == NULL) {
588 LOGE("Not have payload.");
589 return HC_ERR_JSON_GET;
590 }
591 int res = GetIdPeer(payload, FIELD_PEER_AUTH_ID, authIdSelf, authIdPeer);
592 if (res != HC_SUCCESS) {
593 LOGE("GetIdPeer failed, res: %" LOG_PUB "d.", res);
594 }
595 return res;
596 }
597
GetAndCheckKeyLenOnServer(const CJson * in,uint32_t keyLen)598 int32_t GetAndCheckKeyLenOnServer(const CJson *in, uint32_t keyLen)
599 {
600 const CJson *payload = GetObjFromJson(in, FIELD_PAYLOAD);
601 if (payload == NULL) {
602 LOGE("Get payload failed.");
603 return HC_ERR_JSON_GET;
604 }
605 uint32_t tmpKeyLen = 0;
606 if (GetIntFromJson(payload, FIELD_KEY_LENGTH, (int32_t *)&tmpKeyLen) != HC_SUCCESS) {
607 LOGE("Get tmpKeyLen from payload failed.");
608 return HC_ERR_JSON_GET;
609 }
610
611 if (keyLen != tmpKeyLen) {
612 LOGE("Key length is not equal.");
613 return HC_ERR_INVALID_PARAMS;
614 }
615 return HC_SUCCESS;
616 }
617