1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "alg_defs.h"
17 #include "alg_loader.h"
18 #include "das_standard_token_manager.h"
19 #include "hc_dev_info.h"
20 #include "hc_log.h"
21 #include "identity_manager.h"
22 #include "os_account_adapter.h"
23
24 typedef struct {
25 int32_t osAccountId;
26 int32_t acquireType;
27 char *deviceId;
28 int32_t flag;
29 Uint8Buff *publicKey;
30 char *serviceType;
31 } CredentialRequestParamT;
32
CombineServiceId(const Uint8Buff * pkgName,const Uint8Buff * serviceType,Uint8Buff * serviceId)33 static int32_t CombineServiceId(const Uint8Buff *pkgName, const Uint8Buff *serviceType, Uint8Buff *serviceId)
34 {
35 int32_t res = HC_SUCCESS;
36 Uint8Buff serviceIdPlain = { NULL, 0 };
37 serviceIdPlain.length = pkgName->length + serviceType->length;
38 serviceIdPlain.val = (uint8_t *)HcMalloc(serviceIdPlain.length, 0);
39 if (serviceIdPlain.val == NULL) {
40 LOGE("malloc serviceIdPlain.val failed.");
41 res = HC_ERR_ALLOC_MEMORY;
42 goto ERR;
43 }
44 if (memcpy_s(serviceIdPlain.val, serviceIdPlain.length, pkgName->val, pkgName->length) != EOK) {
45 LOGE("Copy service id: pkgName failed.");
46 res = HC_ERR_MEMORY_COPY;
47 goto ERR;
48 }
49 if (memcpy_s(serviceIdPlain.val + pkgName->length, serviceIdPlain.length - pkgName->length, serviceType->val,
50 serviceType->length) != EOK) {
51 LOGE("Copy service id: serviceType failed.");
52 res = HC_ERR_MEMORY_COPY;
53 goto ERR;
54 }
55 res = GetLoaderInstance()->sha256(&serviceIdPlain, serviceId);
56 if (res != HC_SUCCESS) {
57 LOGE("Service id Sha256 failed.");
58 goto ERR;
59 }
60 ERR:
61 HcFree(serviceIdPlain.val);
62 return res;
63 }
64
CombineKeyAlias(const Uint8Buff * serviceId,const Uint8Buff * keyType,const Uint8Buff * authId,Uint8Buff * keyAliasHash)65 static int32_t CombineKeyAlias(
66 const Uint8Buff *serviceId, const Uint8Buff *keyType, const Uint8Buff *authId, Uint8Buff *keyAliasHash)
67 {
68 int32_t res = HC_SUCCESS;
69 Uint8Buff keyAliasBuff = { NULL, 0 };
70 keyAliasBuff.length = serviceId->length + authId->length + keyType->length;
71 keyAliasBuff.val = (uint8_t *)HcMalloc(keyAliasBuff.length, 0);
72 if (keyAliasBuff.val == NULL) {
73 LOGE("Malloc mem failed.");
74 return HC_ERR_ALLOC_MEMORY;
75 }
76 uint32_t totalLen = keyAliasBuff.length;
77 uint32_t usedLen = 0;
78 if (memcpy_s(keyAliasBuff.val, totalLen, serviceId->val, serviceId->length) != EOK) {
79 LOGE("Copy serviceId failed.");
80 res = HC_ERR_MEMORY_COPY;
81 goto ERR;
82 }
83 usedLen = usedLen + serviceId->length;
84 if (memcpy_s(keyAliasBuff.val + usedLen, totalLen - usedLen, keyType->val, keyType->length) != EOK) {
85 LOGE("Copy keyType failed.");
86 res = HC_ERR_MEMORY_COPY;
87 goto ERR;
88 }
89 usedLen = usedLen + keyType->length;
90 if (memcpy_s(keyAliasBuff.val + usedLen, totalLen - usedLen, authId->val, authId->length) != EOK) {
91 LOGE("Copy authId failed.");
92 res = HC_ERR_MEMORY_COPY;
93 goto ERR;
94 }
95 res = GetLoaderInstance()->sha256(&keyAliasBuff, keyAliasHash);
96 if (res != HC_SUCCESS) {
97 LOGE("Sha256 failed.");
98 goto ERR;
99 }
100 ERR:
101 HcFree(keyAliasBuff.val);
102 return res;
103 }
104
CombineKeyAliasForPake(const Uint8Buff * serviceId,const Uint8Buff * keyType,const Uint8Buff * authId,Uint8Buff * outKeyAlias)105 static int32_t CombineKeyAliasForPake(
106 const Uint8Buff *serviceId, const Uint8Buff *keyType, const Uint8Buff *authId, Uint8Buff *outKeyAlias)
107 {
108 int32_t res;
109 Uint8Buff keyAliasHash = { NULL, SHA256_LEN };
110 char *outKeyAliasHex = NULL;
111 if (outKeyAlias->length != SHA256_LEN * BYTE_TO_HEX_OPER_LENGTH) {
112 res = HC_ERR_INVALID_LEN;
113 goto ERR;
114 }
115 keyAliasHash.val = (uint8_t *)HcMalloc(keyAliasHash.length, 0);
116 if (keyAliasHash.val == NULL) {
117 LOGE("Malloc keyAliasHash failed");
118 res = HC_ERR_ALLOC_MEMORY;
119 goto ERR;
120 }
121 res = CombineKeyAlias(serviceId, keyType, authId, &keyAliasHash);
122 if (res != HC_SUCCESS) {
123 LOGE("CombineKeyAlias failed.");
124 goto ERR;
125 }
126 uint32_t outKeyAliasHexLen = keyAliasHash.length * BYTE_TO_HEX_OPER_LENGTH + 1;
127 outKeyAliasHex = (char *)HcMalloc(outKeyAliasHexLen, 0);
128 res = ByteToHexString(keyAliasHash.val, keyAliasHash.length, outKeyAliasHex, outKeyAliasHexLen);
129 if (res != HC_SUCCESS) {
130 LOGE("ByteToHexString failed");
131 goto ERR;
132 }
133 if (memcpy_s(outKeyAlias->val, outKeyAlias->length, outKeyAliasHex, strlen(outKeyAliasHex)) != EOK) {
134 LOGE("memcpy outkeyalias failed.");
135 res = HC_ERR_MEMORY_COPY;
136 goto ERR;
137 }
138 ERR:
139 HcFree(keyAliasHash.val);
140 HcFree(outKeyAliasHex);
141 return res;
142 }
143
GenerateKeyAliasInner(const char * pkgName,const char * serviceType,const char * authId,int keyAliasType,Uint8Buff * outKeyAlias)144 static int32_t GenerateKeyAliasInner(
145 const char *pkgName, const char *serviceType, const char *authId, int keyAliasType, Uint8Buff *outKeyAlias)
146 {
147 CHECK_PTR_RETURN_ERROR_CODE(pkgName, "pkgName");
148 CHECK_PTR_RETURN_ERROR_CODE(serviceType, "serviceType");
149 CHECK_PTR_RETURN_ERROR_CODE(authId, "authId");
150 CHECK_PTR_RETURN_ERROR_CODE(outKeyAlias, "outKeyAlias");
151 if (strlen(pkgName) == 0 || strlen(serviceType) == 0 || strlen(authId) == 0) {
152 LOGE("Invalid zero length params exist.");
153 return HC_ERR_INVALID_LEN;
154 }
155 Uint8Buff pkgNameBuff = { (uint8_t *)pkgName, strlen(pkgName) };
156 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, strlen(serviceType) };
157 Uint8Buff authIdBuff = { NULL, HcStrlen(authId) };
158 authIdBuff.val = (uint8_t *)HcMalloc(authIdBuff.length, 0);
159 if (authIdBuff.val == NULL) {
160 LOGE("Failed to allocate authIdBuff memory!");
161 return HC_ERR_ALLOC_MEMORY;
162 }
163 if (memcpy_s(authIdBuff.val, authIdBuff.length, authId, authIdBuff.length) != EOK) {
164 LOGE("Failed to copy authId!");
165 HcFree(authIdBuff.val);
166 return HC_ERR_MEMORY_COPY;
167 }
168 if (pkgNameBuff.length > PACKAGE_NAME_MAX_LEN || serviceTypeBuff.length > SERVICE_TYPE_MAX_LEN ||
169 authIdBuff.length > AUTH_ID_MAX_LEN || keyAliasType >= KEY_ALIAS_TYPE_END) {
170 LOGE("Out of length params exist.");
171 HcFree(authIdBuff.val);
172 return HC_ERR_INVALID_LEN;
173 }
174
175 uint8_t serviceId[SHA256_LEN] = { 0 };
176 Uint8Buff serviceIdBuff = { serviceId, SHA256_LEN };
177 int32_t res = CombineServiceId(&pkgNameBuff, &serviceTypeBuff, &serviceIdBuff);
178 if (res != HC_SUCCESS) {
179 LOGE("CombineServiceId failed, res: %x.", res);
180 HcFree(authIdBuff.val);
181 return res;
182 }
183
184 Uint8Buff keyTypeBuff = { GetKeyTypePair(keyAliasType), KEY_TYPE_PAIR_LEN };
185 res = CombineKeyAliasForPake(&serviceIdBuff, &keyTypeBuff, &authIdBuff, outKeyAlias);
186 HcFree(authIdBuff.val);
187 if (res != HC_SUCCESS) {
188 LOGE("CombineKeyAlias failed, keyType: %d, res: %d", keyAliasType, res);
189 }
190 return res;
191 }
192
FreeCredParam(CredentialRequestParamT * param)193 static void FreeCredParam(CredentialRequestParamT *param)
194 {
195 if (param) {
196 HcFree(param->deviceId);
197 param->deviceId = NULL;
198
199 HcFree(param->serviceType);
200 param->serviceType = NULL;
201
202 if (param->publicKey) {
203 if (param->publicKey->val) {
204 HcFree(param->publicKey->val);
205 }
206 HcFree(param->publicKey);
207 param->publicKey = NULL;
208 }
209
210 HcFree(param);
211 }
212 }
213
DecodeServiceTypeAndPublicKey(CredentialRequestParamT * param,CJson * reqJson)214 static int32_t DecodeServiceTypeAndPublicKey(CredentialRequestParamT *param, CJson *reqJson)
215 {
216 if (!param || !reqJson) {
217 LOGE("reqJson and param must not null ! ");
218 return HC_ERR_INVALID_PARAMS;
219 }
220
221 const char *serviceType = GetStringFromJson(reqJson, FIELD_SERVICE_TYPE);
222 if (serviceType == NULL) {
223 param->serviceType = strdup(DEFAULT_SERVICE_TYPE);
224 } else {
225 param->serviceType = strdup(serviceType);
226 }
227
228 const char *publicKeyStr = GetStringFromJson(reqJson, FIELD_PUBLIC_KEY);
229 if (publicKeyStr != NULL && HcStrlen(publicKeyStr) > 0) {
230 if (HcStrlen(publicKeyStr) > PAKE_ED25519_KEY_STR_LEN) {
231 LOGE("public key longer then %d.", PAKE_ED25519_KEY_STR_LEN);
232 return HC_ERR_INVALID_LEN;
233 }
234 param->publicKey = (Uint8Buff *)HcMalloc(sizeof(Uint8Buff), 0);
235 int32_t res = InitUint8Buff(param->publicKey, PAKE_ED25519_KEY_PAIR_LEN);
236 if (res != HC_SUCCESS) {
237 LOGE("allocate publicKey memory fail. res: %d", res);
238 return HC_ERR_ALLOC_MEMORY;
239 }
240 if (GetByteFromJson(reqJson, FIELD_PUBLIC_KEY, param->publicKey->val, param->publicKey->length) !=
241 HC_SUCCESS) {
242 LOGE("get authPkC from reqJson fail.");
243 return HC_ERR_JSON_GET;
244 } else {
245 LOGI("decode publicKey success.");
246 }
247 } else {
248 param->publicKey = NULL;
249 }
250
251 return HC_SUCCESS;
252 }
253
DecodeRequestParam(const char * reqJsonStr)254 static CredentialRequestParamT *DecodeRequestParam(const char *reqJsonStr)
255 {
256 if (!reqJsonStr) {
257 LOGE("reqJsonStr must not null ! ");
258 return NULL;
259 }
260 CredentialRequestParamT *param = (CredentialRequestParamT *)HcMalloc(sizeof(CredentialRequestParamT), 0);
261 if (param == NULL) {
262 LOGE("Failed to ALLOC!");
263 return NULL;
264 }
265 CJson *json = CreateJsonFromString(reqJsonStr);
266 if (json == NULL) {
267 LOGE("Failed to create json from string!");
268 FreeCredParam(param);
269 param = NULL;
270 goto ERR;
271 }
272 if (GetIntFromJson(json, FIELD_OS_ACCOUNT_ID, ¶m->osAccountId) != HC_SUCCESS) {
273 LOGE("Failed to get osAccountId from reqJsonStr!");
274 FreeCredParam(param);
275 param = NULL;
276 goto ERR;
277 }
278 if (GetIntFromJson(json, FIELD_ACQURIED_TYPE, ¶m->acquireType) != HC_SUCCESS) {
279 LOGE("Failed to get acquireType from reqJsonStr!");
280 FreeCredParam(param);
281 param = NULL;
282 goto ERR;
283 }
284 if (GetIntFromJson(json, FIELD_CRED_OP_FLAG, ¶m->flag) != HC_SUCCESS) {
285 LOGI("reqJsonStr not contains flag!");
286 }
287 const char *deviceId = GetStringFromJson(json, FIELD_DEVICE_ID);
288 if (deviceId == NULL) {
289 LOGE("Failed to get deviceId from reqJsonStr!");
290 FreeCredParam(param);
291 param = NULL;
292 goto ERR;
293 } else {
294 param->deviceId = strdup(deviceId);
295 }
296 if (DecodeServiceTypeAndPublicKey(param, json) != HC_SUCCESS) {
297 LOGE("Failed to DecodeServiceTypeAndPublicKey from reqJsonStr!");
298 goto ERR;
299 }
300 ERR:
301 FreeJson(json);
302 return param;
303 }
304
PackPublicKeyToJson(CJson * out,int32_t osAccountId,int32_t keyType,const char * authId,const char * serviceType)305 static int32_t PackPublicKeyToJson(
306 CJson *out, int32_t osAccountId, int32_t keyType, const char *authId, const char *serviceType)
307 {
308 osAccountId = DevAuthGetRealOsAccountLocalId(osAccountId);
309 if ((authId == NULL) || (osAccountId == INVALID_OS_ACCOUNT)) {
310 LOGE("Invalid input parameters!");
311 return HC_ERR_INVALID_PARAMS;
312 }
313 Uint8Buff authIdBuff = { (uint8_t *)authId, HcStrlen(authId) };
314 uint8_t returnPkBytes[PUBLIC_KEY_MAX_LENGTH] = { 0 };
315 Uint8Buff returnPkBuff = { returnPkBytes, PUBLIC_KEY_MAX_LENGTH };
316 int32_t res = GetStandardTokenManagerInstance()->getPublicKey(
317 DEFAULT_PACKAGE_NAME, serviceType, &authIdBuff, keyType, &returnPkBuff);
318 if (res != HC_SUCCESS) {
319 LOGE("Failed to getPublicKey!");
320 return HC_ERR_LOCAL_IDENTITY_NOT_EXIST;
321 }
322
323 char returnPkHexStr[SHA256_LEN * BYTE_TO_HEX_OPER_LENGTH + 1] = { 0 };
324 res = ByteToHexString(returnPkBuff.val, returnPkBuff.length, returnPkHexStr, sizeof(returnPkHexStr));
325 if (res != HC_SUCCESS) {
326 LOGE("Failed to get hex str for pk!");
327 return HC_ERR_HASH_FAIL;
328 }
329
330 if (AddStringToJson(out, FIELD_PUBLIC_KEY, (const char *)returnPkHexStr) != HC_SUCCESS) {
331 LOGE("Failed to ADD pubKey to returnData!");
332 return HC_ERR_JSON_ADD;
333 }
334 return HC_SUCCESS;
335 }
336
PackResultToJson(CJson * out,int32_t res)337 static char *PackResultToJson(CJson *out, int32_t res)
338 {
339 if (out == NULL) {
340 LOGE("param is null !");
341 return NULL;
342 }
343 if (AddIntToJson(out, FIELD_CRED_OP_RESULT, res) != HC_SUCCESS) {
344 LOGE("Failed to set result to json");
345 return NULL;
346 }
347
348 return PackJsonToString(out);
349 }
350
IsKeyExistReturnAliasIfNeeded(CredentialRequestParamT * param,Uint8Buff * outKeyAlias)351 static int32_t IsKeyExistReturnAliasIfNeeded(CredentialRequestParamT *param, Uint8Buff *outKeyAlias)
352 {
353 if (param->acquireType != P2P_BIND) {
354 LOGE("acquireType invalid! only P2P_BIND is allowed now!");
355 return HC_ERR_INVALID_PARAMS;
356 }
357 // Caution: Only acquireType is P2P_BIND, keyType can be set to KEY_ALIAS_P2P_AUTH
358 int32_t keyType = KEY_ALIAS_P2P_AUTH;
359 param->osAccountId = DevAuthGetRealOsAccountLocalId(param->osAccountId);
360 if ((param->deviceId == NULL) || (param->osAccountId == INVALID_OS_ACCOUNT)) {
361 LOGE("Invalid input parameters!");
362 return HC_ERR_INVALID_PARAMS;
363 }
364 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
365 Uint8Buff keyAliasBuff = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
366 int32_t res = GenerateKeyAliasInner(DEFAULT_PACKAGE_NAME, param->serviceType, param->deviceId,
367 keyType, &keyAliasBuff);
368 if (res != HC_SUCCESS) {
369 LOGE("Failed to generate identity keyPair alias!");
370 return res;
371 }
372 LOGI("KeyPair alias(HEX): %x%x%x%x****.", keyAliasVal[DEV_AUTH_ZERO], keyAliasVal[DEV_AUTH_ONE],
373 keyAliasVal[DEV_AUTH_TWO], keyAliasVal[DEV_AUTH_THREE]);
374
375 if ((outKeyAlias != NULL) &&
376 (memcpy_s(outKeyAlias->val, outKeyAlias->length, keyAliasBuff.val, keyAliasBuff.length) != EOK)) {
377 LOGE("memcpy outkeyalias failed.");
378 return HC_ERR_MEMORY_COPY;
379 }
380
381 res = GetLoaderInstance()->checkKeyExist(&keyAliasBuff);
382 if (res != HC_SUCCESS) {
383 return HC_ERR_LOCAL_IDENTITY_NOT_EXIST;
384 }
385 return HC_SUCCESS;
386 }
387
QueryCredential(const char * reqJsonStr,char ** returnData)388 static int32_t QueryCredential(const char *reqJsonStr, char **returnData)
389 {
390 int32_t res;
391 CJson *out = CreateJson();
392 if (out == NULL) {
393 LOGE("Failed to CreateJson!");
394 return HC_ERR_JSON_CREATE;
395 }
396 CredentialRequestParamT *param = DecodeRequestParam(reqJsonStr);
397 if (param == NULL) {
398 LOGE("Failed to DecodeCredParam from reqJsonStr!");
399 res = HC_ERR_JSON_GET;
400 goto ERR;
401 }
402 res = IsKeyExistReturnAliasIfNeeded(param, NULL);
403 if (res != HC_SUCCESS) {
404 LOGD("Key pair not exist.");
405 goto ERR;
406 }
407 if (param->acquireType != P2P_BIND) {
408 LOGE("acquireType invalid! only P2P_BIND is allowed now!");
409 res = HC_ERR_INVALID_PARAMS;
410 goto ERR;
411 }
412 // Caution: Only acquireType is P2P_BIND, keyType can be set to KEY_ALIAS_P2P_AUTH
413 int32_t keyType = KEY_ALIAS_P2P_AUTH;
414 if (RETURN_FLAG_PUBLIC_KEY == param->flag) {
415 res = PackPublicKeyToJson(out, param->osAccountId, keyType, param->deviceId, param->serviceType);
416 if (res != HC_SUCCESS) {
417 LOGD("PackPublicKeyToJson failed");
418 goto ERR;
419 }
420 }
421 ERR:
422 if (returnData) {
423 *returnData = PackResultToJson(out, res);
424 }
425 FreeJson(out);
426 FreeCredParam(param);
427 return res;
428 }
429
GenarateCredential(const char * reqJsonStr,char ** returnData)430 static int32_t GenarateCredential(const char *reqJsonStr, char **returnData)
431 {
432 int32_t res;
433 CJson *out = CreateJson();
434 if (out == NULL) {
435 LOGE("Failed to CreateJson!");
436 return HC_ERR_JSON_CREATE;
437 }
438 CredentialRequestParamT *param = DecodeRequestParam(reqJsonStr);
439 if (param == NULL) {
440 LOGE("Failed to DecodeCredParam from reqJsonStr!");
441 res = HC_ERR_INVALID_PARAMS;
442 goto ERR;
443 }
444 res = IsKeyExistReturnAliasIfNeeded(param, NULL);
445 if (res == HC_SUCCESS) {
446 LOGD("Key pair already exist.");
447 res = HC_ERR_IDENTITY_DUPLICATED;
448 goto ERR;
449 }
450 Uint8Buff authIdBuff = { (uint8_t *)param->deviceId, HcStrlen(param->deviceId) };
451 if (param->acquireType != P2P_BIND) {
452 LOGE("acquireType invalid! only P2P_BIND is allowed now!");
453 res = HC_ERR_INVALID_PARAMS;
454 goto ERR;
455 }
456 // Caution: Only acquireType is P2P_BIND, keyType can be set to KEY_ALIAS_P2P_AUTH
457 int32_t keyType = KEY_ALIAS_P2P_AUTH;
458 res = GetStandardTokenManagerInstance()->registerLocalIdentity(
459 DEFAULT_PACKAGE_NAME, param->serviceType, &authIdBuff, keyType);
460 if (res != HC_SUCCESS) {
461 LOGE("Failed to registerLocalIdentity!");
462 goto ERR;
463 }
464 if (RETURN_FLAG_PUBLIC_KEY == param->flag) {
465 res = PackPublicKeyToJson(out, param->osAccountId, keyType, param->deviceId, param->serviceType);
466 if (res != HC_SUCCESS) {
467 LOGE("PackPublicKeyToJson failed");
468 goto ERR;
469 }
470 }
471 ERR:
472 if (returnData) {
473 *returnData = PackResultToJson(out, res);
474 }
475 FreeJson(out);
476 FreeCredParam(param);
477 return res;
478 }
479
ComputeAndSavePsk(const char * peerServiceType,const char * peerAuthId,int keyType)480 static int32_t ComputeAndSavePsk(const char *peerServiceType, const char *peerAuthId, int keyType)
481 {
482 uint8_t selfKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
483 Uint8Buff selfKeyAlias = { selfKeyAliasVal, PAKE_KEY_ALIAS_LEN };
484 uint8_t peerKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
485 Uint8Buff peerKeyAlias = { peerKeyAliasVal, PAKE_KEY_ALIAS_LEN };
486
487 char selfAuthId[INPUT_UDID_LEN] = { 0 };
488 int32_t res = HcGetUdid((uint8_t *)selfAuthId, INPUT_UDID_LEN);
489 if (res != HC_SUCCESS) {
490 LOGE("Failed to get local udid! res: %d", res);
491 return HC_ERR_DB;
492 }
493
494 res = GenerateKeyAliasInner(DEFAULT_PACKAGE_NAME, DEFAULT_SERVICE_TYPE, selfAuthId, keyType, &selfKeyAlias);
495 if (res != HC_SUCCESS) {
496 LOGE("generateKeyAlias self failed");
497 return res;
498 }
499 LOGI("selfKeyAlias(HEX): %x%x%x%x****", selfKeyAliasVal[DEV_AUTH_ZERO], selfKeyAliasVal[DEV_AUTH_ONE],
500 selfKeyAliasVal[DEV_AUTH_TWO], selfKeyAliasVal[DEV_AUTH_THREE]);
501
502 res = GenerateKeyAliasInner(DEFAULT_PACKAGE_NAME, peerServiceType, peerAuthId, keyType, &peerKeyAlias);
503 if (res != HC_SUCCESS) {
504 LOGE("generateKeyAlias peer failed");
505 return res;
506 }
507 LOGI("peerKeyAlias(HEX): %x%x%x%x****", peerKeyAliasVal[DEV_AUTH_ZERO], peerKeyAliasVal[DEV_AUTH_ONE],
508 peerKeyAliasVal[DEV_AUTH_TWO], peerKeyAliasVal[DEV_AUTH_THREE]);
509 res = GetLoaderInstance()->checkKeyExist(&selfKeyAlias);
510 if (res != HC_SUCCESS) {
511 LOGE("self auth keyPair not exist .");
512 return res;
513 }
514 res = GetLoaderInstance()->checkKeyExist(&peerKeyAlias);
515 if (res != HC_SUCCESS) {
516 LOGE("peer auth pubKey not exist");
517 return res;
518 }
519
520 uint8_t sharedKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
521 Uint8Buff sharedKeyAlias = { sharedKeyAliasVal, PAKE_KEY_ALIAS_LEN };
522 res = GenerateKeyAliasInner(DEFAULT_PACKAGE_NAME, peerServiceType, peerAuthId, KEY_ALIAS_PSK, &sharedKeyAlias);
523 if (res != HC_SUCCESS) {
524 LOGE("generateKeyAlias psk failed");
525 return res;
526 }
527 LOGI("psk alias(HEX): %x%x%x%x****", sharedKeyAliasVal[DEV_AUTH_ZERO], sharedKeyAliasVal[DEV_AUTH_ONE],
528 sharedKeyAliasVal[DEV_AUTH_TWO], sharedKeyAliasVal[DEV_AUTH_THREE]);
529
530 KeyBuff selfKeyAliasBuff = { selfKeyAlias.val, selfKeyAlias.length, true };
531 KeyBuff peerKeyAliasBuff = { peerKeyAlias.val, peerKeyAlias.length, true };
532 return GetLoaderInstance()->agreeSharedSecretWithStorage(
533 &selfKeyAliasBuff, &peerKeyAliasBuff, ED25519, PAKE_PSK_LEN, &sharedKeyAlias);
534 }
535
IsSelfKeyPairExist(int keyType)536 static int32_t IsSelfKeyPairExist(int keyType)
537 {
538 if (keyType != KEY_ALIAS_P2P_AUTH) {
539 LOGE("keyType invalid! only KEY_ALIAS_P2P_AUTH is allowed now!");
540 return HC_ERR_INVALID_PARAMS;
541 }
542 uint8_t selfKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
543 Uint8Buff selfKeyAlias = { selfKeyAliasVal, PAKE_KEY_ALIAS_LEN };
544 char selfAuthId[INPUT_UDID_LEN] = { 0 };
545 int32_t res = HcGetUdid((uint8_t *)selfAuthId, INPUT_UDID_LEN);
546 if (res != HC_SUCCESS) {
547 LOGE("Failed to get local udid! res: %d", res);
548 return HC_ERR_DB;
549 }
550
551 res = GenerateKeyAliasInner(DEFAULT_PACKAGE_NAME, DEFAULT_SERVICE_TYPE, selfAuthId, keyType, &selfKeyAlias);
552 if (res != HC_SUCCESS) {
553 LOGE("generateKeyAlias self failed");
554 return res;
555 }
556 LOGI("selfKeyAlias(HEX): %x%x%x%x****", selfKeyAliasVal[DEV_AUTH_ZERO], selfKeyAliasVal[DEV_AUTH_ONE],
557 selfKeyAliasVal[DEV_AUTH_TWO], selfKeyAliasVal[DEV_AUTH_THREE]);
558
559 res = GetLoaderInstance()->checkKeyExist(&selfKeyAlias);
560 if (res != HC_SUCCESS) {
561 LOGE("self keypair not exist");
562 return res;
563 }
564
565 return HC_SUCCESS;
566 }
567
CheckImportConditions(CredentialRequestParamT * param,Uint8Buff * outKeyAlias)568 static int32_t CheckImportConditions(CredentialRequestParamT *param, Uint8Buff *outKeyAlias)
569 {
570 if (param == NULL || outKeyAlias == NULL) {
571 LOGE("invalid param!");
572 return HC_ERR_INVALID_PARAMS;
573 }
574 if (param->acquireType != P2P_BIND) {
575 LOGE("acquireType invalid! only P2P_BIND is allowed now!");
576 return HC_ERR_INVALID_PARAMS;
577 }
578 int32_t res = IsKeyExistReturnAliasIfNeeded(param, outKeyAlias);
579 if (res == HC_SUCCESS) {
580 LOGD("Key pair already exist.");
581 return HC_ERR_IDENTITY_DUPLICATED;
582 }
583
584 res = IsSelfKeyPairExist(KEY_ALIAS_P2P_AUTH);
585 if (res != HC_SUCCESS) {
586 LOGD("self Key pair not exist.");
587 return HC_ERR_LOCAL_IDENTITY_NOT_EXIST;
588 }
589
590 return HC_SUCCESS;
591 }
592
ImportCredential(const char * reqJsonStr,char ** returnData)593 static int32_t ImportCredential(const char *reqJsonStr, char **returnData)
594 {
595 int32_t res;
596 CJson *out = CreateJson();
597 if (out == NULL) {
598 LOGE("Failed to CreateJson!");
599 return HC_ERR_JSON_CREATE;
600 }
601 CredentialRequestParamT *param = DecodeRequestParam(reqJsonStr);
602 if (param == NULL || param->publicKey == NULL) {
603 LOGE("Failed to DecodeCredParam from reqJsonStr!");
604 res = HC_ERR_JSON_GET;
605 goto ERR;
606 }
607 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
608 Uint8Buff keyAliasBuff = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
609 res = CheckImportConditions(param, &keyAliasBuff);
610 if (res != HC_SUCCESS) {
611 LOGE("CheckImportConditions failed.");
612 goto ERR;
613 }
614 Uint8Buff authIdBuff = { (uint8_t *)param->deviceId, strlen(param->deviceId) };
615 // Caution: Only acquireType is P2P_BIND, keyType can be set to KEY_ALIAS_P2P_AUTH
616 int32_t keyType = KEY_ALIAS_P2P_AUTH;
617 ExtraInfo exInfo = { authIdBuff, keyType, PAIR_TYPE_BIND };
618 res = GetLoaderInstance()->importPublicKey(&keyAliasBuff, param->publicKey, ED25519, &exInfo);
619 if (res != HC_SUCCESS) {
620 LOGE("Failed to importPublicKey!");
621 goto ERR;
622 }
623 res = ComputeAndSavePsk(param->serviceType, param->deviceId, keyType);
624 if (res != HC_SUCCESS) {
625 LOGE("Failed to ComputeAndSavePsk, lets delete imported key!");
626 if (GetStandardTokenManagerInstance()->unregisterLocalIdentity(
627 DEFAULT_PACKAGE_NAME, param->serviceType, &authIdBuff, keyType) != HC_SUCCESS) {
628 LOGE("Failed to delete imported PublicKey!");
629 }
630 goto ERR;
631 }
632 ERR:
633 if (returnData) {
634 *returnData = PackResultToJson(out, res);
635 }
636 FreeJson(out);
637 FreeCredParam(param);
638 return res;
639 }
640
DeleteCredential(const char * reqJsonStr,char ** returnData)641 static int32_t DeleteCredential(const char *reqJsonStr, char **returnData)
642 {
643 int32_t res;
644 CJson *out = CreateJson();
645 if (out == NULL) {
646 LOGE("Failed to CreateJson!");
647 return HC_ERR_JSON_CREATE;
648 }
649 CredentialRequestParamT *param = DecodeRequestParam(reqJsonStr);
650 if (param == NULL) {
651 LOGE("Failed to DecodeCredParam from reqJsonStr!");
652 res = HC_ERR_JSON_GET;
653 goto ERR;
654 }
655 if (param->acquireType != P2P_BIND) {
656 LOGE("acquireType invalid! only P2P_BIND is allowed now!");
657 res = HC_ERR_INVALID_PARAMS;
658 goto ERR;
659 }
660 // Caution: Only acquireType is P2P_BIND, keyType can be set to KEY_ALIAS_P2P_AUTH
661 int32_t keyType = KEY_ALIAS_P2P_AUTH;
662 param->osAccountId = DevAuthGetRealOsAccountLocalId(param->osAccountId);
663 if ((param->deviceId == NULL) || (param->osAccountId == INVALID_OS_ACCOUNT)) {
664 LOGE("Invalid input parameters!");
665 res = HC_ERR_INVALID_PARAMS;
666 goto ERR;
667 }
668 Uint8Buff authIdBuff = { (uint8_t *)param->deviceId, strlen(param->deviceId) };
669 res = GetStandardTokenManagerInstance()->unregisterLocalIdentity(
670 DEFAULT_PACKAGE_NAME, param->serviceType, &authIdBuff, KEY_ALIAS_PSK);
671 if (res != HC_SUCCESS) {
672 LOGE("Failed to delete psk!");
673 goto ERR;
674 }
675 res = GetStandardTokenManagerInstance()->unregisterLocalIdentity(
676 DEFAULT_PACKAGE_NAME, param->serviceType, &authIdBuff, keyType);
677 if (res != HC_SUCCESS) {
678 LOGE("Failed to delete identity keyPair!");
679 goto ERR;
680 }
681 ERR:
682 if (returnData) {
683 *returnData = PackResultToJson(out, res);
684 }
685 FreeJson(out);
686 FreeCredParam(param);
687 return res;
688 }
689
690 static const CredentialOperator g_credentialOperator = {
691 .queryCredential = QueryCredential,
692 .genarateCredential = GenarateCredential,
693 .importCredential = ImportCredential,
694 .deleteCredential = DeleteCredential,
695 };
696
GetCredentialOperator(void)697 const CredentialOperator *GetCredentialOperator(void)
698 {
699 return &g_credentialOperator;
700 }