1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "pin_auth.h"
17 #include <map>
18 #include <sys/stat.h>
19 #include <vector>
20 #include <unistd.h>
21 #include "pthread.h"
22 #include "adaptor_memory.h"
23 #include "adaptor_log.h"
24 #include "pin_func.h"
25 #include "securec.h"
26 #include "sysparam_errno.h"
27 #include "parameter.h"
28
29 namespace OHOS {
30 namespace UserIam {
31 namespace PinAuth {
32 namespace {
33 constexpr uint32_t MAX_TEMPLATEID_LEN = 32;
34 std::map<int32_t, ResultCodeForCoAuth> g_convertResult = {
35 {RESULT_SUCCESS, ResultCodeForCoAuth::SUCCESS},
36 {RESULT_BAD_PARAM, ResultCodeForCoAuth::INVALID_PARAMETERS},
37 {RESULT_COMPARE_FAIL, ResultCodeForCoAuth::FAIL},
38 {RESULT_BUSY, ResultCodeForCoAuth::BUSY},
39 {RESULT_PIN_FREEZE, ResultCodeForCoAuth::LOCKED},
40 {RESULT_BAD_COPY, ResultCodeForCoAuth::GENERAL_ERROR},
41 {RESULT_GENERAL_ERROR, ResultCodeForCoAuth::GENERAL_ERROR},
42 };
43 }
44
45 /* This is for example only, Should be implemented in trusted environment. */
Init()46 int32_t PinAuth::Init()
47 {
48 LOG_INFO("start");
49 std::lock_guard<std::mutex> gurard(mutex_);
50 if (!LoadPinDb()) {
51 LOG_ERROR("LoadPinDb fail!");
52 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
53 }
54 if (GenerateKeyPair() != RESULT_SUCCESS) {
55 LOG_ERROR("GenerateKeyPair fail!");
56 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
57 }
58 LOG_INFO("InIt pinAuth succ");
59
60 return RESULT_SUCCESS;
61 }
62
63 /* This is for example only, Should be implemented in trusted environment. */
Close()64 int32_t PinAuth::Close()
65 {
66 LOG_INFO("start");
67 std::lock_guard<std::mutex> gurard(mutex_);
68 DestoryGlobalKeyPair();
69 DestroyPinDb();
70 LOG_INFO("Close pinAuth succ");
71
72 return RESULT_SUCCESS;
73 }
74
75 /* This is for example only, Should be implemented in trusted environment. */
PinResultToCoAuthResult(int resultCode)76 int32_t PinAuth::PinResultToCoAuthResult(int resultCode)
77 {
78 LOG_INFO("PinAuth::PinResultToCoAuthResult enter");
79 if (g_convertResult.count(resultCode) == 0) {
80 LOG_ERROR("PinResult and CoauthResult not match, convert GENERAL_ERROR");
81 return ResultCodeForCoAuth::GENERAL_ERROR;
82 } else {
83 return g_convertResult[resultCode];
84 }
85 }
86
87 /* This is for example only, Should be implemented in trusted environment. */
EnrollPin(uint64_t scheduleId,uint64_t subType,std::vector<uint8_t> & salt,const std::vector<uint8_t> & pinData,std::vector<uint8_t> & resultTlv)88 int32_t PinAuth::EnrollPin(uint64_t scheduleId, uint64_t subType, std::vector<uint8_t> &salt,
89 const std::vector<uint8_t> &pinData, std::vector<uint8_t> &resultTlv)
90 {
91 LOG_INFO("start");
92 std::lock_guard<std::mutex> gurard(mutex_);
93 if (salt.size() != CONST_SALT_LEN || pinData.size() != CONST_PIN_DATA_LEN) {
94 LOG_ERROR("get bad params!");
95 return PinResultToCoAuthResult(RESULT_BAD_PARAM);
96 }
97 PinEnrollParam pinEnrollParam = {};
98 pinEnrollParam.scheduleId = scheduleId;
99 pinEnrollParam.subType = subType;
100 if (memcpy_s(&(pinEnrollParam.salt[0]), CONST_SALT_LEN, salt.data(), CONST_SALT_LEN) != EOK) {
101 LOG_ERROR("copy salt to pinEnrollParam fail!");
102 return PinResultToCoAuthResult(RESULT_BAD_COPY);
103 }
104 if (memcpy_s(&(pinEnrollParam.pinData[0]), CONST_PIN_DATA_LEN, pinData.data(), CONST_PIN_DATA_LEN) != EOK) {
105 LOG_ERROR("copy pinData to pinEnrollParam fail!");
106 return PinResultToCoAuthResult(RESULT_BAD_COPY);
107 }
108 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
109 if (!IsBufferValid(retTlv)) {
110 LOG_ERROR("retTlv is unValid!");
111 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
112 }
113 ResultCode result = DoEnrollPin(&pinEnrollParam, retTlv);
114 if (result != RESULT_SUCCESS) {
115 LOG_ERROR("DoEnrollPin fail!");
116 goto ERROR;
117 }
118
119 resultTlv.resize(retTlv->contentSize);
120 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
121 LOG_ERROR("copy retTlv to resultTlv fail!");
122 result = RESULT_BAD_COPY;
123 goto ERROR;
124 }
125
126 ERROR:
127 DestoryBuffer(retTlv);
128 return PinResultToCoAuthResult(result);
129 }
130
131 /* This is for example only, Should be implemented in trusted environment. */
GenerateAlgoParameter(std::vector<uint8_t> & algoParameter,uint32_t & algoVersion)132 int32_t PinAuth::GenerateAlgoParameter(std::vector<uint8_t> &algoParameter, uint32_t &algoVersion)
133 {
134 LOG_INFO("start");
135 static constexpr uint32_t deviceUuidLength = 65;
136 char localDeviceId[deviceUuidLength] = {0};
137 if (GetDevUdid(localDeviceId, deviceUuidLength) != EC_SUCCESS) {
138 LOG_ERROR("GetDevUdid failed");
139 return GENERAL_ERROR;
140 }
141 uint32_t algoParameterLen = CONST_SALT_LEN;
142 algoParameter.resize(algoParameterLen);
143 int32_t result = DoGenerateAlgoParameter(algoParameter.data(), &algoParameterLen, &algoVersion,
144 (uint8_t *)&(localDeviceId[0]), deviceUuidLength);
145 if (result != RESULT_SUCCESS) {
146 LOG_ERROR("DoGenerateAlgoParameter fail!");
147 return PinResultToCoAuthResult(result);
148 }
149 if (algoParameterLen != CONST_SALT_LEN) {
150 LOG_ERROR("algoParameterLen is error!");
151 return PinResultToCoAuthResult(GENERAL_ERROR);
152 }
153
154 return SUCCESS;
155 }
156
157 /* This is for example only, Should be implemented in trusted environment. */
GetAlgoParameter(uint64_t templateId,std::vector<uint8_t> & algoParameter,uint32_t & algoVersion)158 int32_t PinAuth::GetAlgoParameter(uint64_t templateId, std::vector<uint8_t> &algoParameter, uint32_t &algoVersion)
159 {
160 LOG_INFO("start");
161 std::lock_guard<std::mutex> gurard(mutex_);
162 uint32_t algoParameterLen = CONST_SALT_LEN;
163 algoParameter.resize(algoParameterLen);
164 ResultCode result = DoGetAlgoParameter(templateId, &(algoParameter[0]), &algoParameterLen, &algoVersion);
165 if (result != RESULT_SUCCESS) {
166 LOG_ERROR("DoGetAlgoParameter fail!");
167 return PinResultToCoAuthResult(result);
168 }
169 if (algoParameterLen != CONST_SALT_LEN) {
170 LOG_ERROR("algoParameterLen is error!");
171 return PinResultToCoAuthResult(GENERAL_ERROR);
172 }
173
174 return RESULT_SUCCESS;
175 }
176
177 /* This is for example only, Should be implemented in trusted environment. */
AuthPin(uint64_t scheduleId,uint64_t templateId,const std::vector<uint8_t> & pinData,std::vector<uint8_t> & resultTlv)178 int32_t PinAuth::AuthPin(uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &pinData,
179 std::vector<uint8_t> &resultTlv)
180 {
181 LOG_INFO("start");
182 std::lock_guard<std::mutex> gurard(mutex_);
183 if (pinData.size() != CONST_PIN_DATA_LEN) {
184 LOG_ERROR("bad pinData len!");
185 return PinResultToCoAuthResult(RESULT_BAD_PARAM);
186 }
187
188 PinAuthParam pinAuthParam = {};
189 pinAuthParam.scheduleId = scheduleId;
190 pinAuthParam.templateId = templateId;
191 if (memcpy_s(&(pinAuthParam.pinData[0]), CONST_PIN_DATA_LEN, pinData.data(), pinData.size()) != EOK) {
192 LOG_ERROR("mem copy pinData to pinAuthParam fail!");
193 return PinResultToCoAuthResult(RESULT_BAD_COPY);
194 }
195 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
196 if (!IsBufferValid(retTlv)) {
197 LOG_ERROR("retTlv is unValid!");
198 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
199 }
200 ResultCode compareRet = RESULT_COMPARE_FAIL;
201 ResultCode result = DoAuthPin(&pinAuthParam, retTlv, &compareRet);
202 if (result != RESULT_SUCCESS) {
203 LOG_ERROR("DoAuthPin fail!");
204 goto ERROR;
205 }
206 resultTlv.resize(retTlv->contentSize);
207 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
208 LOG_ERROR("copy retTlv to resultTlv fail!");
209 result = RESULT_GENERAL_ERROR;
210 goto ERROR;
211 }
212 result = compareRet;
213
214 ERROR:
215 DestoryBuffer(retTlv);
216 return PinResultToCoAuthResult(result);
217 }
218
219 /* This is for example only, Should be implemented in trusted environment. */
QueryPinInfo(uint64_t templateId,PinCredentialInfo & pinCredentialInfoRet)220 int32_t PinAuth::QueryPinInfo(uint64_t templateId, PinCredentialInfo &pinCredentialInfoRet)
221 {
222 LOG_INFO("start");
223 std::lock_guard<std::mutex> gurard(mutex_);
224 PinCredentialInfos pinCredentialInfosRet = {};
225 ResultCode result = DoQueryPinInfo(templateId, &pinCredentialInfosRet);
226 if (result != RESULT_SUCCESS) {
227 LOG_ERROR("DoQueryPinInfo fail!");
228 return PinResultToCoAuthResult(result);
229 }
230 pinCredentialInfoRet.subType = pinCredentialInfosRet.subType;
231 pinCredentialInfoRet.remainTimes = pinCredentialInfosRet.remainTimes;
232 pinCredentialInfoRet.freezingTime = pinCredentialInfosRet.freezeTime;
233
234 return RESULT_SUCCESS;
235 }
236
237 /* This is for example only, Should be implemented in trusted environment. */
DeleteTemplate(uint64_t templateId)238 int32_t PinAuth::DeleteTemplate(uint64_t templateId)
239 {
240 LOG_INFO("start");
241 std::lock_guard<std::mutex> gurard(mutex_);
242 ResultCode result = DoDeleteTemplate(templateId);
243 if (result != RESULT_SUCCESS) {
244 LOG_ERROR("DoDeleteTemplate fail!");
245 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
246 }
247
248 return PinResultToCoAuthResult(result);
249 }
250
251 /* This is for example only, Should be implemented in trusted environment. */
GetExecutorInfo(std::vector<uint8_t> & pubKey,uint32_t & esl)252 int32_t PinAuth::GetExecutorInfo(std::vector<uint8_t> &pubKey, uint32_t &esl)
253 {
254 LOG_INFO("start");
255 std::lock_guard<std::mutex> gurard(mutex_);
256 PinExecutorInfo pinExecutorInfo = {};
257 ResultCode result = DoGetExecutorInfo(&pinExecutorInfo);
258 if (result != RESULT_SUCCESS) {
259 LOG_ERROR("DoGetExecutorInfo fail!");
260 goto ERROR;
261 }
262 esl = pinExecutorInfo.esl;
263 pubKey.resize(CONST_PUB_KEY_LEN);
264 if (memcpy_s(pubKey.data(), CONST_PUB_KEY_LEN, &(pinExecutorInfo.pubKey[0]), CONST_PUB_KEY_LEN) != EOK) {
265 LOG_ERROR("copy pinExecutorInfo to pubKey fail!");
266 result = RESULT_GENERAL_ERROR;
267 goto ERROR;
268 }
269
270 ERROR:
271 static_cast<void>(memset_s(&(pinExecutorInfo.pubKey[0]), CONST_PUB_KEY_LEN, 0, CONST_PUB_KEY_LEN));
272 return PinResultToCoAuthResult(result);
273 }
274
275 /* This is for example only, Should be implemented in trusted environment. */
VerifyTemplateData(std::vector<uint64_t> templateIdList)276 int32_t PinAuth::VerifyTemplateData(std::vector<uint64_t> templateIdList)
277 {
278 LOG_INFO("start");
279 std::lock_guard<std::mutex> gurard(mutex_);
280 uint32_t templateIdListLen = templateIdList.size();
281 if (templateIdListLen > MAX_TEMPLATEID_LEN) {
282 LOG_ERROR("DoVerifyTemplateData fail!");
283 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
284 }
285 ResultCode result = DoVerifyTemplateData(&templateIdList[0], templateIdListLen);
286 if (result != RESULT_SUCCESS) {
287 LOG_ERROR("DoVerifyTemplateData fail!");
288 }
289
290 return PinResultToCoAuthResult(result);
291 }
292
WriteAntiBrute(uint64_t templateId)293 void PinAuth::WriteAntiBrute(uint64_t templateId)
294 {
295 LOG_INFO("start");
296 std::lock_guard<std::mutex> gurard(mutex_);
297 if (DoWriteAntiBruteInfoToFile(templateId) != RESULT_SUCCESS) {
298 LOG_ERROR("DoWriteAntiBruteInfoToFile fail!");
299 }
300 }
301
302 } // namespace PinAuth
303 } // namespace UserIam
304 } // namespace OHOS
305