1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "pin_auth.h"
17
18 #include <map>
19 #include <sys/stat.h>
20 #include <vector>
21 #include <unistd.h>
22 #include <pthread.h>
23
24 #include "parameter.h"
25 #include "securec.h"
26 #include "sysparam_errno.h"
27
28 #include "adaptor_memory.h"
29 #include "adaptor_log.h"
30 #include "collector_func.h"
31 #include "executor_func_common.h"
32 #include "pin_auth_hdi.h"
33 #include "verifier_func.h"
34
35 namespace OHOS {
36 namespace UserIam {
37 namespace PinAuth {
38 namespace {
39 constexpr uint32_t MAX_TEMPLATEID_LEN = 32;
40 std::map<int32_t, ResultCodeForCoAuth> g_convertResult = {
41 {RESULT_SUCCESS, ResultCodeForCoAuth::SUCCESS},
42 {RESULT_BAD_PARAM, ResultCodeForCoAuth::INVALID_PARAMETERS},
43 {RESULT_COMPARE_FAIL, ResultCodeForCoAuth::FAIL},
44 {RESULT_BUSY, ResultCodeForCoAuth::BUSY},
45 {RESULT_PIN_FREEZE, ResultCodeForCoAuth::LOCKED},
46 {RESULT_BAD_COPY, ResultCodeForCoAuth::GENERAL_ERROR},
47 {RESULT_GENERAL_ERROR, ResultCodeForCoAuth::GENERAL_ERROR},
48 {RESULT_OPERATION_NOT_SUPPORT, ResultCodeForCoAuth::OPERATION_NOT_SUPPORT},
49 };
50 }
51
52 /* This is for example only, Should be implemented in trusted environment. */
Init()53 int32_t PinAuth::Init()
54 {
55 LOG_INFO("start");
56 std::lock_guard<std::mutex> gurard(mutex_);
57 if (!LoadPinDb()) {
58 LOG_ERROR("LoadPinDb fail!");
59 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
60 }
61 if (GenerateAllInOneKeyPair() != RESULT_SUCCESS) {
62 LOG_ERROR("GenerateAllInOneKeyPair fail!");
63 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
64 }
65 if (GenerateCollectorKeyPair() != RESULT_SUCCESS) {
66 LOG_ERROR("GenerateCollectorKeyPair fail!");
67 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
68 }
69 if (GenerateVerifierKeyPair() != RESULT_SUCCESS) {
70 LOG_ERROR("GenerateVerifierKeyPair fail!");
71 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
72 }
73 LOG_INFO("InIt pinAuth succ");
74
75 return RESULT_SUCCESS;
76 }
77
78 /* This is for example only, Should be implemented in trusted environment. */
Close()79 int32_t PinAuth::Close()
80 {
81 LOG_INFO("start");
82 std::lock_guard<std::mutex> gurard(mutex_);
83 DestroyAllInOneKeyPair();
84 DestroyCollectorKeyPair();
85 DestroyVerifierKeyPair();
86 DestroyPinDb();
87 LOG_INFO("Close pinAuth succ");
88
89 return RESULT_SUCCESS;
90 }
91
92 /* This is for example only, Should be implemented in trusted environment. */
PinResultToCoAuthResult(int32_t resultCode)93 int32_t PinAuth::PinResultToCoAuthResult(int32_t resultCode)
94 {
95 LOG_INFO("PinAuth::PinResultToCoAuthResult enter");
96 if (g_convertResult.count(resultCode) == 0) {
97 LOG_ERROR("PinResult and CoauthResult not match, convert GENERAL_ERROR");
98 return ResultCodeForCoAuth::GENERAL_ERROR;
99 } else {
100 return g_convertResult[resultCode];
101 }
102 }
103
104 /* This is for example only, Should be implemented in trusted environment. */
EnrollPin(PinEnrollParam & pinEnrollParam,std::vector<uint8_t> & resultTlv)105 int32_t PinAuth::EnrollPin(PinEnrollParam &pinEnrollParam, std::vector<uint8_t> &resultTlv)
106 {
107 LOG_INFO("start");
108 std::lock_guard<std::mutex> gurard(mutex_);
109 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
110 if (!IsBufferValid(retTlv)) {
111 LOG_ERROR("retTlv is unValid!");
112 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
113 }
114 ResultCode result = DoEnrollPin(&pinEnrollParam, retTlv);
115 if (result != RESULT_SUCCESS) {
116 LOG_ERROR("DoEnrollPin fail!");
117 goto ERROR;
118 }
119
120 resultTlv.resize(retTlv->contentSize);
121 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
122 LOG_ERROR("copy retTlv to resultTlv fail!");
123 result = RESULT_BAD_COPY;
124 goto ERROR;
125 }
126
127 ERROR:
128 DestroyBuffer(retTlv);
129 return PinResultToCoAuthResult(result);
130 }
131
132 /* This is for example only, Should be implemented in trusted environment. */
GenerateAlgoParameter(std::vector<uint8_t> & algoParameter,uint32_t & algoVersion)133 int32_t PinAuth::GenerateAlgoParameter(std::vector<uint8_t> &algoParameter, uint32_t &algoVersion)
134 {
135 LOG_INFO("start");
136 static constexpr uint32_t deviceUuidLength = 65;
137 char localDeviceId[deviceUuidLength] = {0};
138 if (GetDevUdid(localDeviceId, deviceUuidLength) != EC_SUCCESS) {
139 LOG_ERROR("GetDevUdid failed");
140 return GENERAL_ERROR;
141 }
142 uint32_t algoParameterLen = CONST_SALT_LEN;
143 algoParameter.resize(algoParameterLen);
144 int32_t result = DoGenerateAlgoParameter(algoParameter.data(), &algoParameterLen, &algoVersion,
145 (uint8_t *)&(localDeviceId[0]), deviceUuidLength);
146 if (result != RESULT_SUCCESS) {
147 LOG_ERROR("DoGenerateAlgoParameter fail!");
148 return PinResultToCoAuthResult(result);
149 }
150 if (algoParameterLen != CONST_SALT_LEN) {
151 LOG_ERROR("algoParameterLen is error!");
152 return GENERAL_ERROR;
153 }
154
155 return SUCCESS;
156 }
157
158 /* This is for example only, Should be implemented in trusted environment. */
AllInOneAuth(uint64_t scheduleId,uint64_t templateId,const std::vector<uint8_t> & extraInfo,PinAlgoParam & pinAlgoParam)159 int32_t PinAuth::AllInOneAuth(
160 uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &extraInfo, PinAlgoParam &pinAlgoParam)
161 {
162 LOG_INFO("start");
163 std::lock_guard<std::mutex> gurard(mutex_);
164 AlgoParamOut authAlgoParam = {};
165 ResultCode result = DoAllInOneAuth(scheduleId, templateId, extraInfo.data(), extraInfo.size(), &authAlgoParam);
166 if (result != RESULT_SUCCESS) {
167 LOG_ERROR("DoAllInOneAuth fail!");
168 return PinResultToCoAuthResult(result);
169 }
170 pinAlgoParam.algoVersion = authAlgoParam.algoVersion;
171 pinAlgoParam.subType = authAlgoParam.subType;
172 int32_t transResult = SetVectorByBuffer(
173 pinAlgoParam.algoParameter, authAlgoParam.algoParameter, sizeof(authAlgoParam.algoParameter));
174 if (transResult != RESULT_SUCCESS) {
175 LOG_ERROR("set algoParameter fail!");
176 return PinResultToCoAuthResult(transResult);
177 }
178 transResult = SetVectorByBuffer(pinAlgoParam.challenge, authAlgoParam.challenge, sizeof(authAlgoParam.challenge));
179 if (transResult != RESULT_SUCCESS) {
180 LOG_ERROR("set challenge fail!");
181 return PinResultToCoAuthResult(transResult);
182 }
183
184 return RESULT_SUCCESS;
185 }
186
187 /* This is for example only, Should be implemented in trusted environment. */
AuthPin(PinAuthParam & pinAuthParam,const std::vector<uint8_t> & extraInfo,std::vector<uint8_t> & resultTlv)188 int32_t PinAuth::AuthPin(PinAuthParam &pinAuthParam,
189 const std::vector<uint8_t> &extraInfo, std::vector<uint8_t> &resultTlv)
190 {
191 LOG_INFO("start");
192 std::lock_guard<std::mutex> gurard(mutex_);
193 Buffer *extra = CreateBufferByData(extraInfo.data(), extraInfo.size());
194 if (!IsBufferValid(extra)) {
195 LOG_ERROR("extraInfo is unValid!");
196 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
197 }
198 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
199 if (!IsBufferValid(retTlv)) {
200 LOG_ERROR("retTlv is unValid!");
201 DestroyBuffer(extra);
202 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
203 }
204 ResultCode compareRet = RESULT_COMPARE_FAIL;
205 ResultCode result = DoAuthPin(&pinAuthParam, extra, retTlv, &compareRet);
206 if (result != RESULT_SUCCESS) {
207 LOG_ERROR("DoAuthPin fail!");
208 goto ERROR;
209 }
210 resultTlv.resize(retTlv->contentSize);
211 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
212 LOG_ERROR("copy retTlv to resultTlv fail!");
213 result = RESULT_GENERAL_ERROR;
214 goto ERROR;
215 }
216 result = compareRet;
217
218 ERROR:
219 DestroyBuffer(extra);
220 DestroyBuffer(retTlv);
221 return PinResultToCoAuthResult(result);
222 }
223
224 /* This is for example only, Should be implemented in trusted environment. */
QueryPinInfo(uint64_t templateId,PinCredentialInfo & pinCredentialInfoRet)225 int32_t PinAuth::QueryPinInfo(uint64_t templateId, PinCredentialInfo &pinCredentialInfoRet)
226 {
227 LOG_INFO("start");
228 std::lock_guard<std::mutex> gurard(mutex_);
229 PinCredentialInfos pinCredentialInfosRet = {};
230 int32_t result = DoQueryPinInfo(templateId, &pinCredentialInfosRet);
231 if (result != RESULT_SUCCESS) {
232 LOG_ERROR("DoQueryPinInfo fail!");
233 return PinResultToCoAuthResult(result);
234 }
235 pinCredentialInfoRet.subType = pinCredentialInfosRet.subType;
236 pinCredentialInfoRet.remainTimes = pinCredentialInfosRet.remainTimes;
237 pinCredentialInfoRet.freezingTime = pinCredentialInfosRet.freezeTime;
238 pinCredentialInfoRet.nextFailLockoutDuration = pinCredentialInfosRet.nextFailLockoutDuration;
239 pinCredentialInfoRet.credentialLength = pinCredentialInfosRet.credentialLength;
240
241 return RESULT_SUCCESS;
242 }
243
244 /* This is for example only, Should be implemented in trusted environment. */
DeleteTemplate(uint64_t templateId)245 int32_t PinAuth::DeleteTemplate(uint64_t templateId)
246 {
247 LOG_INFO("start");
248 std::lock_guard<std::mutex> gurard(mutex_);
249 ResultCode result = DoDeleteTemplate(templateId);
250 if (result != RESULT_SUCCESS) {
251 LOG_ERROR("DoDeleteTemplate fail!");
252 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
253 }
254
255 return PinResultToCoAuthResult(result);
256 }
257
258 /* This is for example only, Should be implemented in trusted environment. */
GetExecutorInfo(int32_t executorRole,std::vector<uint8_t> & pubKey,uint32_t & esl,uint32_t & maxTemplateAcl)259 int32_t PinAuth::GetExecutorInfo(int32_t executorRole, std::vector<uint8_t> &pubKey, uint32_t &esl,
260 uint32_t &maxTemplateAcl)
261 {
262 LOG_INFO("start");
263 std::lock_guard<std::mutex> gurard(mutex_);
264 PinExecutorInfo pinExecutorInfo = {};
265 int32_t result = RESULT_GENERAL_ERROR;
266 switch (executorRole) {
267 case HDI::PinAuth::HdiExecutorRole::ALL_IN_ONE:
268 result = DoGetAllInOneExecutorInfo(&pinExecutorInfo);
269 break;
270 case HDI::PinAuth::HdiExecutorRole::COLLECTOR:
271 result = DoGetCollectorExecutorInfo(&pinExecutorInfo);
272 break;
273 case HDI::PinAuth::HdiExecutorRole::VERIFIER:
274 result = DoGetVerifierExecutorInfo(&pinExecutorInfo);
275 break;
276 default:
277 LOG_ERROR("unknown role");
278 break;
279 }
280 if (result != RESULT_SUCCESS) {
281 LOG_ERROR("DoGetExecutorInfo fail!");
282 goto ERROR;
283 }
284 esl = pinExecutorInfo.esl;
285 maxTemplateAcl = pinExecutorInfo.maxTemplateAcl;
286 pubKey.resize(ED25519_FIX_PUBKEY_BUFFER_SIZE);
287 if (memcpy_s(pubKey.data(), ED25519_FIX_PUBKEY_BUFFER_SIZE,
288 pinExecutorInfo.pubKey, ED25519_FIX_PUBKEY_BUFFER_SIZE) != EOK) {
289 LOG_ERROR("copy pinExecutorInfo to pubKey fail!");
290 result = RESULT_GENERAL_ERROR;
291 goto ERROR;
292 }
293
294 ERROR:
295 static_cast<void>(memset_s(
296 pinExecutorInfo.pubKey, ED25519_FIX_PUBKEY_BUFFER_SIZE, 0, ED25519_FIX_PUBKEY_BUFFER_SIZE));
297 return PinResultToCoAuthResult(result);
298 }
299
300 /* This is for example only, Should be implemented in trusted environment. */
SetAllInOneFwkParam(const std::vector<uint64_t> & templateIdList,const std::vector<uint8_t> & frameworkPublicKey)301 int32_t PinAuth::SetAllInOneFwkParam(
302 const std::vector<uint64_t> &templateIdList, const std::vector<uint8_t> &frameworkPublicKey)
303 {
304 LOG_INFO("start");
305 std::lock_guard<std::mutex> gurard(mutex_);
306 uint32_t templateIdListLen = templateIdList.size();
307 if (templateIdListLen > MAX_TEMPLATEID_LEN) {
308 LOG_ERROR("check templateIdListLen fail!");
309 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
310 }
311 ResultCode result = DoSetAllInOneFwkParam(
312 &templateIdList[0], templateIdListLen, frameworkPublicKey.data(), frameworkPublicKey.size());
313 if (result != RESULT_SUCCESS) {
314 LOG_ERROR("DoSetAllInOneFwkParam fail!");
315 }
316
317 return PinResultToCoAuthResult(result);
318 }
319
WriteAntiBrute(uint64_t templateId)320 void PinAuth::WriteAntiBrute(uint64_t templateId)
321 {
322 LOG_INFO("start");
323 std::lock_guard<std::mutex> gurard(mutex_);
324 if (DoWriteAntiBruteInfoToFile(templateId) != RESULT_SUCCESS) {
325 LOG_ERROR("DoWriteAntiBruteInfoToFile fail!");
326 }
327 }
328
329 /* This is for example only, Should be implemented in trusted environment. */
SetCollectorFwkParam(const std::vector<uint8_t> & frameworkPublicKey)330 int32_t PinAuth::SetCollectorFwkParam(const std::vector<uint8_t> &frameworkPublicKey)
331 {
332 std::lock_guard<std::mutex> gurard(mutex_);
333 int32_t result = DoSetCollectorFwkParam(frameworkPublicKey.data(), frameworkPublicKey.size());
334 if (result != RESULT_SUCCESS) {
335 LOG_ERROR("DoSetCollectorFwkParam fail!");
336 }
337 return PinResultToCoAuthResult(result);
338 }
339
SetVectorByBuffer(std::vector<uint8_t> & vec,const uint8_t * buf,uint32_t bufSize)340 int32_t PinAuth::SetVectorByBuffer(std::vector<uint8_t> &vec, const uint8_t *buf, uint32_t bufSize)
341 {
342 if (bufSize == 0) {
343 vec.clear();
344 return RESULT_SUCCESS;
345 }
346 vec.resize(bufSize);
347 if (memcpy_s(vec.data(), vec.size(), buf, bufSize) != EOK) {
348 LOG_ERROR("copy buf fail!");
349 return RESULT_BAD_COPY;
350 }
351 return RESULT_SUCCESS;
352 }
353
354 /* This is for example only, Should be implemented in trusted environment. */
Collect(uint64_t scheduleId,const std::vector<uint8_t> & extraInfo,std::vector<uint8_t> & msg)355 int32_t PinAuth::Collect(uint64_t scheduleId, const std::vector<uint8_t> &extraInfo, std::vector<uint8_t> &msg)
356 {
357 std::lock_guard<std::mutex> gurard(mutex_);
358 uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN];
359 if (out == nullptr) {
360 LOG_ERROR("malloc out fail!");
361 return GENERAL_ERROR;
362 }
363 uint32_t outSize = MAX_EXECUTOR_MSG_LEN;
364 int32_t result = DoCollect(scheduleId, extraInfo.data(), extraInfo.size(), out, &outSize);
365 if (result != RESULT_SUCCESS) {
366 LOG_ERROR("DoCollect fail!");
367 delete[] out;
368 return PinResultToCoAuthResult(result);
369 }
370 result = SetVectorByBuffer(msg, out, outSize);
371 delete[] out;
372 if (result != RESULT_SUCCESS) {
373 LOG_ERROR("set msg fail!");
374 }
375 return PinResultToCoAuthResult(result);
376 }
377
378 /* This is for example only, Should be implemented in trusted environment. */
CancelCollect()379 int32_t PinAuth::CancelCollect()
380 {
381 std::lock_guard<std::mutex> gurard(mutex_);
382 int32_t result = DoCancelCollect();
383 if (result != RESULT_SUCCESS) {
384 LOG_ERROR("DoCancelCollect fail!");
385 }
386 return PinResultToCoAuthResult(result);
387 }
388
389 /* This is for example only, Should be implemented in trusted environment. */
SendMessageToCollector(uint64_t scheduleId,const std::vector<uint8_t> & msg,PinAlgoParam & pinAlgoParam)390 int32_t PinAuth::SendMessageToCollector(
391 uint64_t scheduleId, const std::vector<uint8_t> &msg, PinAlgoParam &pinAlgoParam)
392 {
393 std::lock_guard<std::mutex> gurard(mutex_);
394 AlgoParamOut algoParam = {};
395 int32_t result = DoSendMessageToCollector(scheduleId, msg.data(), msg.size(), &algoParam);
396 if (result != RESULT_SUCCESS) {
397 LOG_ERROR("DoSendMessageToCollector fail!");
398 return PinResultToCoAuthResult(result);
399 }
400 pinAlgoParam.algoVersion = algoParam.algoVersion;
401 pinAlgoParam.subType = algoParam.subType;
402 result = SetVectorByBuffer(pinAlgoParam.algoParameter, algoParam.algoParameter, sizeof(algoParam.algoParameter));
403 if (result != RESULT_SUCCESS) {
404 LOG_ERROR("set algoParameter fail!");
405 return PinResultToCoAuthResult(result);
406 }
407 result = SetVectorByBuffer(pinAlgoParam.challenge, algoParam.challenge, sizeof(algoParam.challenge));
408 if (result != RESULT_SUCCESS) {
409 LOG_ERROR("set challenge fail!");
410 return PinResultToCoAuthResult(result);
411 }
412
413 return PinResultToCoAuthResult(result);
414 }
415
416 /* This is for example only, Should be implemented in trusted environment. */
SetDataToCollector(uint64_t scheduleId,const std::vector<uint8_t> & data,std::vector<uint8_t> & msg)417 int32_t PinAuth::SetDataToCollector(uint64_t scheduleId, const std::vector<uint8_t> &data, std::vector<uint8_t> &msg)
418 {
419 std::lock_guard<std::mutex> gurard(mutex_);
420 int32_t result = RESULT_GENERAL_ERROR;
421 uint8_t *pinData = const_cast<uint8_t *>(data.data());
422 uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN];
423 uint32_t outSize = MAX_EXECUTOR_MSG_LEN;
424 if (out == nullptr) {
425 LOG_ERROR("new out fail!");
426 goto EXIT;
427 }
428 result = DoSetDataToCollector(scheduleId, pinData, data.size(), out, &outSize);
429 if (result != RESULT_SUCCESS) {
430 LOG_ERROR("DoSetDataToCollector fail!");
431 goto EXIT;
432 }
433 result = SetVectorByBuffer(msg, out, outSize);
434 if (result != RESULT_SUCCESS) {
435 LOG_ERROR("set msg fail!");
436 }
437
438 EXIT:
439 if (data.size() != 0) {
440 (void)memset_s(pinData, data.size(), 0, data.size());
441 }
442 if (out != nullptr) {
443 delete[] out;
444 }
445 return PinResultToCoAuthResult(result);
446 }
447
448 /* This is for example only, Should be implemented in trusted environment. */
SetVerifierFwkParam(const std::vector<uint8_t> & frameworkPublicKey)449 int32_t PinAuth::SetVerifierFwkParam(const std::vector<uint8_t> &frameworkPublicKey)
450 {
451 std::lock_guard<std::mutex> gurard(mutex_);
452 int32_t result = DoSetVerifierFwkParam(frameworkPublicKey.data(), frameworkPublicKey.size());
453 if (result != RESULT_SUCCESS) {
454 LOG_ERROR("DoSetVerifierFwkParam fail!");
455 }
456 return PinResultToCoAuthResult(result);
457 }
458
459 /* This is for example only, Should be implemented in trusted environment. */
VerifierAuth(uint64_t scheduleId,uint64_t templateId,const std::vector<uint8_t> & extraInfo,std::vector<uint8_t> & msgOut)460 int32_t PinAuth::VerifierAuth(
461 uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &extraInfo, std::vector<uint8_t> &msgOut)
462 {
463 std::lock_guard<std::mutex> gurard(mutex_);
464 uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN];
465 if (out == nullptr) {
466 LOG_ERROR("new out fail!");
467 return GENERAL_ERROR;
468 }
469 VerifierMsg verifierMsg = {
470 .msgIn = const_cast<uint8_t *>(extraInfo.data()),
471 .msgInSize = extraInfo.size(),
472 .msgOut = out,
473 .msgOutSize = MAX_EXECUTOR_MSG_LEN,
474 .isAuthEnd = false,
475 .authResult = RESULT_GENERAL_ERROR,
476 };
477 int32_t result = DoVerifierAuth(scheduleId, templateId, &verifierMsg);
478 if (result != RESULT_SUCCESS) {
479 LOG_ERROR("DoVerifierAuth fail!");
480 delete[] out;
481 return PinResultToCoAuthResult(result);
482 }
483 if (verifierMsg.authResult == RESULT_SUCCESS) {
484 delete[] out;
485 return SUCCESS;
486 }
487 result = SetVectorByBuffer(msgOut, verifierMsg.msgOut, verifierMsg.msgOutSize);
488 delete[] out;
489 if (result != RESULT_SUCCESS) {
490 LOG_ERROR("set msg fail!");
491 return PinResultToCoAuthResult(result);
492 }
493 return PinResultToCoAuthResult(verifierMsg.authResult);
494 }
495
496 /* This is for example only, Should be implemented in trusted environment. */
CancelVerifierAuth()497 int32_t PinAuth::CancelVerifierAuth()
498 {
499 std::lock_guard<std::mutex> gurard(mutex_);
500 int32_t result = DoCancelVerifierAuth();
501 if (result != RESULT_SUCCESS) {
502 LOG_ERROR("DoCancelVerifierAuth fail!");
503 }
504 return PinResultToCoAuthResult(result);
505 }
506
507 /* This is for example only, Should be implemented in trusted environment. */
SendMessageToVerifier(uint64_t scheduleId,const std::vector<uint8_t> & msgIn,std::vector<uint8_t> & msgOut,bool & isAuthEnd,int32_t & compareResult)508 int32_t PinAuth::SendMessageToVerifier(uint64_t scheduleId,
509 const std::vector<uint8_t> &msgIn, std::vector<uint8_t> &msgOut, bool &isAuthEnd, int32_t &compareResult)
510 {
511 std::lock_guard<std::mutex> gurard(mutex_);
512 uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN];
513 if (out == nullptr) {
514 LOG_ERROR("new out fail!");
515 return GENERAL_ERROR;
516 }
517 VerifierMsg verifierMsg = {
518 .msgIn = const_cast<uint8_t *>(msgIn.data()),
519 .msgInSize = msgIn.size(),
520 .msgOut = out,
521 .msgOutSize = MAX_EXECUTOR_MSG_LEN,
522 .isAuthEnd = false,
523 .authResult = RESULT_GENERAL_ERROR,
524 };
525 int32_t result = DoSendMessageToVerifier(scheduleId, &verifierMsg);
526 if (result != RESULT_SUCCESS) {
527 LOG_ERROR("DoSendMessageToVerifier fail!");
528 delete[] out;
529 return PinResultToCoAuthResult(result);
530 }
531 result = SetVectorByBuffer(msgOut, out, verifierMsg.msgOutSize);
532 delete[] out;
533 if (result != RESULT_SUCCESS) {
534 LOG_ERROR("set msg fail!");
535 return PinResultToCoAuthResult(result);
536 }
537 isAuthEnd = verifierMsg.isAuthEnd;
538 compareResult = PinResultToCoAuthResult(verifierMsg.authResult);
539 return PinResultToCoAuthResult(result);
540 }
541
542 /* This is for example only, Should be implemented in trusted environment. */
Abandon(uint64_t scheduleId,uint64_t templateId,const std::vector<uint8_t> & extraInfo,std::vector<uint8_t> & resultTlv)543 int32_t PinAuth::Abandon(uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &extraInfo,
544 std::vector<uint8_t> &resultTlv)
545 {
546 LOG_INFO("start");
547 std::lock_guard<std::mutex> gurard(mutex_);
548 if (extraInfo.size() == 0) {
549 LOG_ERROR("get bad params!");
550 return PinResultToCoAuthResult(RESULT_BAD_PARAM);
551 }
552
553 PinAbandonParam pinAbandonParam = {};
554 pinAbandonParam.scheduleId = scheduleId;
555 pinAbandonParam.templateId = templateId;
556
557 Buffer *extra = CreateBufferByData(extraInfo.data(), extraInfo.size());
558 if (!IsBufferValid(extra)) {
559 LOG_ERROR("extra is unValid!");
560 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
561 }
562
563 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
564 if (!IsBufferValid(retTlv)) {
565 LOG_ERROR("retTlv is unValid!");
566 DestroyBuffer(extra);
567 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
568 }
569 ResultCode result = DoAbandonPin(&pinAbandonParam, extra, retTlv);
570 if (result != RESULT_SUCCESS) {
571 LOG_ERROR("DoEnrollPin fail!");
572 goto ERROR;
573 }
574
575 resultTlv.resize(retTlv->contentSize);
576 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
577 LOG_ERROR("copy retTlv to resultTlv fail!");
578 result = RESULT_BAD_COPY;
579 goto ERROR;
580 }
581
582 ERROR:
583 DestroyBuffer(extra);
584 DestroyBuffer(retTlv);
585 return PinResultToCoAuthResult(result);
586 }
587
588 /* This is for example only, Should be implemented in trusted environment. */
RestartLockoutDuration(const std::vector<uint8_t> & extraInfo)589 int32_t PinAuth::RestartLockoutDuration(const std::vector<uint8_t> &extraInfo)
590 {
591 int32_t userId = 0;
592 if (extraInfo.size() < sizeof(int32_t)) {
593 LOG_ERROR("extraInfo size too small!");
594 return RESULT_GENERAL_ERROR;
595 }
596 if (memcpy_s(&userId, sizeof(int32_t), extraInfo.data(), sizeof(int32_t)) != EOK) {
597 LOG_ERROR("copy userId fail!");
598 return RESULT_GENERAL_ERROR;
599 }
600 ResultCode result = DoRestartLockoutDuration(userId);
601 if (result != RESULT_SUCCESS) {
602 LOG_ERROR("DoRestartLockoutDuration fail!");
603 }
604 return PinResultToCoAuthResult(result);
605 }
606 } // namespace PinAuth
607 } // namespace UserIam
608 } // namespace OHOS
609