1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "pin_auth.h"
17 #include <map>
18 #include <sys/stat.h>
19 #include <vector>
20 #include <unistd.h>
21 #include "pthread.h"
22 #include "adaptor_memory.h"
23 #include "adaptor_log.h"
24 #include "pin_func.h"
25 #include "securec.h"
26
27 namespace OHOS {
28 namespace UserIam {
29 namespace PinAuth {
30 namespace {
31 constexpr uint32_t MAX_TEMPLATEID_LEN = 32;
32 std::map<int32_t, ResultCodeForCoAuth> g_convertResult = {
33 {RESULT_SUCCESS, ResultCodeForCoAuth::SUCCESS},
34 {RESULT_BAD_PARAM, ResultCodeForCoAuth::INVALID_PARAMETERS},
35 {RESULT_COMPARE_FAIL, ResultCodeForCoAuth::FAIL},
36 {RESULT_BUSY, ResultCodeForCoAuth::BUSY},
37 {RESULT_PIN_FREEZE, ResultCodeForCoAuth::LOCKED},
38 {RESULT_BAD_COPY, ResultCodeForCoAuth::GENERAL_ERROR},
39 {RESULT_GENERAL_ERROR, ResultCodeForCoAuth::GENERAL_ERROR},
40 };
41 }
42
43 /* This is for example only, Should be implemented in trusted environment. */
Init()44 int32_t PinAuth::Init()
45 {
46 LOG_INFO("start");
47 std::lock_guard<std::mutex> gurard(mutex_);
48 InitPinDb();
49 if (GenerateKeyPair() != RESULT_SUCCESS) {
50 LOG_ERROR("GenerateKeyPair fail!");
51 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
52 }
53 LOG_INFO("InIt pinAuth succ");
54
55 return RESULT_SUCCESS;
56 }
57
58 /* This is for example only, Should be implemented in trusted environment. */
Close()59 int32_t PinAuth::Close()
60 {
61 LOG_INFO("start");
62 std::lock_guard<std::mutex> gurard(mutex_);
63 DestoryGlobalKeyPair();
64 DestroyPinDb();
65 LOG_INFO("Close pinAuth succ");
66
67 return RESULT_SUCCESS;
68 }
69
70 /* This is for example only, Should be implemented in trusted environment. */
PinResultToCoAuthResult(int resultCode)71 int32_t PinAuth::PinResultToCoAuthResult(int resultCode)
72 {
73 LOG_INFO("PinAuth::PinResultToCoAuthResult enter");
74 if (g_convertResult.count(resultCode) == 0) {
75 LOG_ERROR("PinResult and CoauthResult not match, convert GENERAL_ERROR");
76 return ResultCodeForCoAuth::GENERAL_ERROR;
77 } else {
78 return g_convertResult[resultCode];
79 }
80 }
81
82 /* This is for example only, Should be implemented in trusted environment. */
EnrollPin(uint64_t scheduleId,uint64_t subType,std::vector<uint8_t> & salt,const std::vector<uint8_t> & pinData,std::vector<uint8_t> & resultTlv)83 int32_t PinAuth::EnrollPin(uint64_t scheduleId, uint64_t subType, std::vector<uint8_t> &salt,
84 const std::vector<uint8_t> &pinData, std::vector<uint8_t> &resultTlv)
85 {
86 LOG_INFO("start");
87 std::lock_guard<std::mutex> gurard(mutex_);
88 if (salt.size() != CONST_SALT_LEN || pinData.size() != CONST_PIN_DATA_LEN) {
89 LOG_ERROR("get bad params!");
90 return PinResultToCoAuthResult(RESULT_BAD_PARAM);
91 }
92 PinEnrollParam pinEnrollParam = {};
93 pinEnrollParam.scheduleId = scheduleId;
94 pinEnrollParam.subType = subType;
95 if (memcpy_s(&(pinEnrollParam.salt[0]), CONST_SALT_LEN, salt.data(), CONST_SALT_LEN) != EOK) {
96 LOG_ERROR("copy salt to pinEnrollParam fail!");
97 return PinResultToCoAuthResult(RESULT_BAD_COPY);
98 }
99 if (memcpy_s(&(pinEnrollParam.pinData[0]), CONST_PIN_DATA_LEN, pinData.data(), CONST_PIN_DATA_LEN) != EOK) {
100 LOG_ERROR("copy pinData to pinEnrollParam fail!");
101 return PinResultToCoAuthResult(RESULT_BAD_COPY);
102 }
103 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
104 if (!IsBufferValid(retTlv)) {
105 LOG_ERROR("retTlv is unValid!");
106 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
107 }
108 ResultCode result = DoEnrollPin(&pinEnrollParam, retTlv);
109 if (result != RESULT_SUCCESS) {
110 LOG_ERROR("DoEnrollPin fail!");
111 goto ERROR;
112 }
113
114 resultTlv.resize(retTlv->contentSize);
115 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
116 LOG_ERROR("copy retTlv to resultTlv fail!");
117 result = RESULT_BAD_COPY;
118 goto ERROR;
119 }
120
121 ERROR:
122 DestoryBuffer(retTlv);
123 return PinResultToCoAuthResult(result);
124 }
125
126 /* This is for example only, Should be implemented in trusted environment. */
GetSalt(uint64_t templateId,std::vector<uint8_t> & salt)127 int32_t PinAuth::GetSalt(uint64_t templateId, std::vector<uint8_t> &salt)
128 {
129 LOG_INFO("start");
130 std::lock_guard<std::mutex> gurard(mutex_);
131 salt.resize(CONST_SALT_LEN);
132 uint32_t satLen = CONST_SALT_LEN;
133 ResultCode result = DoGetSalt(templateId, &salt[0], &satLen);
134 if (result != RESULT_SUCCESS) {
135 LOG_ERROR("DoGetSalt fail!");
136 return PinResultToCoAuthResult(result);
137 }
138
139 return RESULT_SUCCESS;
140 }
141
142 /* This is for example only, Should be implemented in trusted environment. */
AuthPin(uint64_t scheduleId,uint64_t templateId,const std::vector<uint8_t> & pinData,std::vector<uint8_t> & resultTlv)143 int32_t PinAuth::AuthPin(uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &pinData,
144 std::vector<uint8_t> &resultTlv)
145 {
146 LOG_INFO("start");
147 std::lock_guard<std::mutex> gurard(mutex_);
148 if (pinData.size() != CONST_PIN_DATA_LEN) {
149 LOG_ERROR("bad pinData len!");
150 return PinResultToCoAuthResult(RESULT_BAD_PARAM);
151 }
152
153 PinAuthParam pinAuthParam = {};
154 pinAuthParam.scheduleId = scheduleId;
155 pinAuthParam.templateId = templateId;
156 if (memcpy_s(&(pinAuthParam.pinData[0]), CONST_PIN_DATA_LEN, pinData.data(), pinData.size()) != EOK) {
157 LOG_ERROR("mem copy pinData to pinAuthParam fail!");
158 return PinResultToCoAuthResult(RESULT_BAD_COPY);
159 }
160 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
161 if (!IsBufferValid(retTlv)) {
162 LOG_ERROR("retTlv is unValid!");
163 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
164 }
165 ResultCode compareRet = RESULT_COMPARE_FAIL;
166 ResultCode result = DoAuthPin(&pinAuthParam, retTlv, &compareRet);
167 if (result != RESULT_SUCCESS) {
168 LOG_ERROR("DoAuthPin fail!");
169 goto ERROR;
170 }
171 resultTlv.resize(retTlv->contentSize);
172 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
173 LOG_ERROR("copy retTlv to resultTlv fail!");
174 result = RESULT_GENERAL_ERROR;
175 goto ERROR;
176 }
177 result = compareRet;
178
179 ERROR:
180 DestoryBuffer(retTlv);
181 return PinResultToCoAuthResult(result);
182 }
183
184 /* This is for example only, Should be implemented in trusted environment. */
QueryPinInfo(uint64_t templateId,PinCredentialInfo & pinCredentialInfoRet)185 int32_t PinAuth::QueryPinInfo(uint64_t templateId, PinCredentialInfo &pinCredentialInfoRet)
186 {
187 LOG_INFO("start");
188 std::lock_guard<std::mutex> gurard(mutex_);
189 PinCredentialInfos pinCredentialInfosRet = {};
190 ResultCode result = DoQueryPinInfo(templateId, &pinCredentialInfosRet);
191 if (result != RESULT_SUCCESS) {
192 LOG_ERROR("DoQueryPinInfo fail!");
193 return PinResultToCoAuthResult(result);
194 }
195 pinCredentialInfoRet.subType = pinCredentialInfosRet.subType;
196 pinCredentialInfoRet.remainTimes = pinCredentialInfosRet.remainTimes;
197 pinCredentialInfoRet.freezingTime = pinCredentialInfosRet.freezeTime;
198
199 return RESULT_SUCCESS;
200 }
201
202 /* This is for example only, Should be implemented in trusted environment. */
DeleteTemplate(uint64_t templateId)203 int32_t PinAuth::DeleteTemplate(uint64_t templateId)
204 {
205 LOG_INFO("start");
206 std::lock_guard<std::mutex> gurard(mutex_);
207 ResultCode result = DoDeleteTemplate(templateId);
208 if (result != RESULT_SUCCESS) {
209 LOG_ERROR("DoDeleteTemplate fail!");
210 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
211 }
212
213 return PinResultToCoAuthResult(result);
214 }
215
216 /* This is for example only, Should be implemented in trusted environment. */
GetExecutorInfo(std::vector<uint8_t> & pubKey,uint32_t & esl)217 int32_t PinAuth::GetExecutorInfo(std::vector<uint8_t> &pubKey, uint32_t &esl)
218 {
219 LOG_INFO("start");
220 std::lock_guard<std::mutex> gurard(mutex_);
221 PinExecutorInfo pinExecutorInfo = {};
222 ResultCode result = DoGetExecutorInfo(&pinExecutorInfo);
223 if (result != RESULT_SUCCESS) {
224 LOG_ERROR("DoGetExecutorInfo fail!");
225 goto ERROR;
226 }
227 esl = pinExecutorInfo.esl;
228 pubKey.resize(CONST_PUB_KEY_LEN);
229 if (memcpy_s(pubKey.data(), CONST_PUB_KEY_LEN, &(pinExecutorInfo.pubKey[0]), CONST_PUB_KEY_LEN) != EOK) {
230 LOG_ERROR("copy pinExecutorInfo to pubKey fail!");
231 result = RESULT_GENERAL_ERROR;
232 goto ERROR;
233 }
234
235 ERROR:
236 static_cast<void>(memset_s(&(pinExecutorInfo.pubKey[0]), CONST_PUB_KEY_LEN, 0, CONST_PUB_KEY_LEN));
237 return PinResultToCoAuthResult(result);
238 }
239
240 /* This is for example only, Should be implemented in trusted environment. */
VerifyTemplateData(std::vector<uint64_t> templateIdList)241 int32_t PinAuth::VerifyTemplateData(std::vector<uint64_t> templateIdList)
242 {
243 LOG_INFO("start");
244 std::lock_guard<std::mutex> gurard(mutex_);
245 uint32_t templateIdListLen = templateIdList.size();
246 if (templateIdListLen > MAX_TEMPLATEID_LEN) {
247 LOG_ERROR("DoVerifyTemplateData fail!");
248 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
249 }
250 ResultCode result = DoVerifyTemplateData(&templateIdList[0], templateIdListLen);
251 if (result != RESULT_SUCCESS) {
252 LOG_ERROR("DoVerifyTemplateData fail!");
253 }
254
255 return PinResultToCoAuthResult(result);
256 }
257
WriteAntiBrute(uint64_t templateId)258 void PinAuth::WriteAntiBrute(uint64_t templateId)
259 {
260 LOG_INFO("start");
261 std::lock_guard<std::mutex> gurard(mutex_);
262 if (DoWriteAntiBruteInfoToFile(templateId) != RESULT_SUCCESS) {
263 LOG_ERROR("DoWriteAntiBruteInfoToFile fail!");
264 }
265 }
266 } // namespace PinAuth
267 } // namespace UserIam
268 } // namespace OHOS
269