1 /*
2 * Copyright (C) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_auth_funcs.h"
17
18 #include <math.h>
19 #include "securec.h"
20
21 #include "auth_level.h"
22 #include "adaptor_algorithm.h"
23 #include "adaptor_log.h"
24 #include "adaptor_time.h"
25 #include "auth_token_signer.h"
26 #include "context_manager.h"
27 #include "executor_message.h"
28 #include "hmac_key.h"
29 #include "idm_database.h"
30 #include "idm_session.h"
31 #include "udid_manager.h"
32
33 #ifdef IAM_TEST_ENABLE
34 #define IAM_STATIC
35 #else
36 #define IAM_STATIC static
37 #endif
38
39 // Used to cache screenLock auth token plain.
40 IAM_STATIC UnlockAuthResultCache g_unlockAuthResult = {false, 0, {}};
41
GenerateSolutionFunc(AuthParamHal param,LinkedList ** schedules)42 ResultCode GenerateSolutionFunc(AuthParamHal param, LinkedList **schedules)
43 {
44 if (schedules == NULL) {
45 LOG_ERROR("schedules is null");
46 return RESULT_BAD_PARAM;
47 }
48 UserAuthContext *authContext = NULL;
49 ResultCode result = GenerateAuthContext(param, &authContext);
50 if (result != RESULT_SUCCESS) {
51 LOG_ERROR("GenerateAuthContext fail %{public}d", result);
52 return result;
53 }
54 if (authContext == NULL) {
55 LOG_ERROR("authContext is null");
56 return RESULT_GENERAL_ERROR;
57 }
58 if (!authContext->isExpiredReturnSuccess && authContext->authExpiredSysTime != NO_CHECK_PIN_EXPIRED_PERIOD) {
59 uint64_t nowTime = GetReeTime();
60 if (nowTime > authContext->authExpiredSysTime) {
61 LOG_ERROR("pin is expired");
62 return RESULT_PIN_EXPIRED;
63 }
64 }
65 ResultCode ret = CopySchedules(authContext, schedules);
66 if (ret != RESULT_SUCCESS) {
67 DestroyContext(authContext);
68 return ret;
69 }
70 return ret;
71 }
72
CacheUnlockAuthResult(int32_t userId,const UserAuthTokenHal * unlockToken)73 IAM_STATIC void CacheUnlockAuthResult(int32_t userId, const UserAuthTokenHal *unlockToken)
74 {
75 (void)memset_s(&g_unlockAuthResult, sizeof(UnlockAuthResultCache), 0, sizeof(UnlockAuthResultCache));
76 g_unlockAuthResult.isCached = true;
77 g_unlockAuthResult.userId = userId;
78 g_unlockAuthResult.authToken = *unlockToken;
79 }
80
SetAuthResult(uint64_t credentialId,const UserAuthContext * context,const ExecutorResultInfo * info,AuthResult * result)81 IAM_STATIC void SetAuthResult(uint64_t credentialId,
82 const UserAuthContext *context, const ExecutorResultInfo *info, AuthResult *result)
83 {
84 result->credentialId = credentialId;
85 result->userId = context->userId;
86 result->authType = context->authType;
87 result->freezingTime = info->freezingTime;
88 result->remainTimes = info->remainTimes;
89 result->result = info->result;
90 }
91
GetExpiredInfoForResult(const UserAuthContext * context,AuthResult * result)92 IAM_STATIC ResultCode GetExpiredInfoForResult(const UserAuthContext *context, AuthResult *result)
93 {
94 if (context == NULL || result == NULL) {
95 LOG_INFO("bad param");
96 return RESULT_BAD_PARAM;
97 }
98 if (context->authExpiredSysTime == NO_CHECK_PIN_EXPIRED_PERIOD) {
99 LOG_INFO("pinExpiredPeriod is not set");
100 result->pinExpiredInfo = NO_SET_PIN_EXPIRED_PERIOD;
101 return RESULT_SUCCESS;
102 }
103 uint64_t currentTime = GetReeTime();
104 if (currentTime < context->authExpiredSysTime) {
105 // MAX_JS_NUMBER_VALUE is 2^50.
106 const uint64_t MAX_JS_NUMBER_VALUE = 1125899906842624;
107 result->pinExpiredInfo = MAX_JS_NUMBER_VALUE;
108 if (context->authExpiredSysTime - currentTime < MAX_JS_NUMBER_VALUE) {
109 result->pinExpiredInfo = context->authExpiredSysTime - currentTime;
110 }
111 LOG_INFO("pin is not expired");
112 return RESULT_SUCCESS;
113 }
114 result->pinExpiredInfo = 0;
115 if (!context->isExpiredReturnSuccess) {
116 LOG_ERROR("pin is expired");
117 return RESULT_PIN_EXPIRED;
118 }
119 LOG_INFO("caller is screenLock or setting");
120 return RESULT_SUCCESS;
121 }
122
HandleAuthSuccessResult(const UserAuthContext * context,const ExecutorResultInfo * info,AuthResult * result,UserAuthTokenHal * authToken)123 IAM_STATIC ResultCode HandleAuthSuccessResult(const UserAuthContext *context, const ExecutorResultInfo *info,
124 AuthResult *result, UserAuthTokenHal *authToken)
125 {
126 EnrolledStateHal enrolledState = {};
127 if (GetEnrolledState(context->userId, context->authType, &enrolledState) == RESULT_SUCCESS) {
128 result->credentialDigest = enrolledState.credentialDigest;
129 result->credentialCount = enrolledState.credentialCount;
130 }
131 if (result->result == RESULT_SUCCESS && context->authType == PIN_AUTH &&
132 memcmp(context->localUdid, context->collectorUdid, sizeof(context->localUdid)) == 0) {
133 result->rootSecret = CopyBuffer(info->rootSecret);
134 if (!IsBufferValid(result->rootSecret)) {
135 LOG_ERROR("rootSecret is invalid");
136 return RESULT_NO_MEMORY;
137 }
138 CacheRootSecret(context->userId, result->rootSecret);
139 }
140 ResultCode ret = GetExpiredInfoForResult(context, result);
141 if (ret != RESULT_SUCCESS) {
142 LOG_ERROR("GetExpiredInfoForResult failed");
143 return ret;
144 }
145 if (context->authIntent == UNLOCK) {
146 LOG_INFO("cache unlock auth result");
147 CacheUnlockAuthResult(context->userId, authToken);
148 }
149 return RESULT_SUCCESS;
150 }
151
SetAuthResultMsgToAttribute(Attribute * attribute,AuthResult * result,uint64_t scheduleId,Uint8Array authToken)152 IAM_STATIC ResultCode SetAuthResultMsgToAttribute(Attribute *attribute, AuthResult *result,
153 uint64_t scheduleId, Uint8Array authToken)
154 {
155 ResultCode ret = SetAttributeUint64(attribute, ATTR_SCHEDULE_ID, scheduleId);
156 if (ret != RESULT_SUCCESS) {
157 LOG_ERROR("SetAttributeUint64 scheduleId failed");
158 return ret;
159 }
160 ret = SetAttributeInt32(attribute, ATTR_RESULT, result->result);
161 if (ret != RESULT_SUCCESS) {
162 LOG_ERROR("SetAttributeInt32 result failed");
163 return ret;
164 }
165 ret = SetAttributeInt32(attribute, ATTR_LOCKOUT_DURATION, result->freezingTime);
166 if (ret != RESULT_SUCCESS) {
167 LOG_ERROR("SetAttributeInt32 freezingTime failed");
168 return ret;
169 }
170 ret = SetAttributeInt32(attribute, ATTR_REMAIN_ATTEMPTS, result->remainTimes);
171 if (ret != RESULT_SUCCESS) {
172 LOG_ERROR("SetAttributeInt32 remainTimes failed");
173 return ret;
174 }
175 ret = SetAttributeInt32(attribute, ATTR_USER_ID, result->userId);
176 if (ret != RESULT_SUCCESS) {
177 LOG_ERROR("SetAttributeInt32 userId failed");
178 return ret;
179 }
180 ret = SetAttributeUint8Array(attribute, ATTR_TOKEN, authToken);
181 if (ret != RESULT_SUCCESS) {
182 LOG_ERROR("SetAttributeUint8Array for authToken fail");
183 }
184 return ret;
185 }
186
GenerateRemoteAuthResultMsg(AuthResult * result,uint64_t scheduleId,Uint8Array collectorUdid,UserAuthTokenHal * authToken)187 IAM_STATIC ResultCode GenerateRemoteAuthResultMsg(AuthResult *result, uint64_t scheduleId, Uint8Array collectorUdid,
188 UserAuthTokenHal *authToken)
189 {
190 Attribute *attribute = NULL;
191 Uint8Array retInfo = {};
192 ResultCode funcRet = RESULT_GENERAL_ERROR;
193 do {
194 attribute = CreateEmptyAttribute();
195 retInfo = (Uint8Array){ Malloc(MAX_EXECUTOR_MSG_LEN), MAX_EXECUTOR_MSG_LEN };
196 if (attribute == NULL || retInfo.data == NULL) {
197 LOG_ERROR("create attribute or malloc failed");
198 break;
199 }
200
201 Uint8Array authTokenIn = { (uint8_t *)(&authToken), sizeof(UserAuthTokenHal) };
202 if (SetAuthResultMsgToAttribute(attribute, result, scheduleId, authTokenIn) != RESULT_SUCCESS) {
203 LOG_ERROR("SetAuthResultMsgToAttribute failed");
204 break;
205 }
206
207 SignParam signParam = {
208 .needSignature = true,
209 .keyType = KEY_TYPE_CROSS_DEVICE,
210 .peerUdid = collectorUdid
211 };
212 if (GetAttributeExecutorMsg(attribute, &retInfo, signParam) != RESULT_SUCCESS) {
213 LOG_ERROR("GetAttributeExecutorMsg failed");
214 break;
215 }
216 result->remoteAuthResultMsg = CreateBufferByData(retInfo.data, retInfo.len);
217 funcRet = RESULT_SUCCESS;
218 } while (0);
219
220 FreeAttribute(&attribute);
221 Free(retInfo.data);
222 return funcRet;
223 }
224
RequestAuthResultFuncInner(UserAuthContext * userAuthContext,ExecutorResultInfo * executorResultInfo,UserAuthTokenHal * authToken,AuthResult * result)225 IAM_STATIC ResultCode RequestAuthResultFuncInner(UserAuthContext *userAuthContext,
226 ExecutorResultInfo *executorResultInfo, UserAuthTokenHal *authToken, AuthResult *result)
227 {
228 ResultCode ret = RESULT_SUCCESS;
229 Uint8Array collectorUdid = { userAuthContext->collectorUdid, sizeof(userAuthContext->collectorUdid) };
230 if (!IsLocalUdid(collectorUdid)) {
231 ret = GenerateRemoteAuthResultMsg(result, executorResultInfo->scheduleId, collectorUdid, authToken);
232 if (ret != RESULT_SUCCESS) {
233 LOG_ERROR("generate remote auth result failed");
234 return ret;
235 }
236 }
237
238 if (executorResultInfo->result == RESULT_SUCCESS) {
239 ret = HandleAuthSuccessResult(userAuthContext, executorResultInfo, result, authToken);
240 if (ret != RESULT_SUCCESS) {
241 LOG_ERROR("handle auth success result failed");
242 return ret;
243 }
244 }
245 return ret;
246 }
247
RequestAuthResultFunc(uint64_t contextId,const Buffer * scheduleResult,UserAuthTokenHal * authToken,AuthResult * result)248 ResultCode RequestAuthResultFunc(uint64_t contextId, const Buffer *scheduleResult, UserAuthTokenHal *authToken,
249 AuthResult *result)
250 {
251 if (!IsBufferValid(scheduleResult) || authToken == NULL || result == NULL || result->rootSecret != NULL) {
252 LOG_ERROR("param is invalid");
253 DestroyContextbyId(contextId);
254 return RESULT_BAD_PARAM;
255 }
256
257 UserAuthContext *userAuthContext = GetContext(contextId);
258 if (userAuthContext == NULL) {
259 LOG_ERROR("context is not found");
260 return RESULT_GENERAL_ERROR;
261 }
262
263 ExecutorResultInfo *executorResultInfo = CreateExecutorResultInfo(scheduleResult);
264 if (executorResultInfo == NULL) {
265 LOG_ERROR("CreateExecutorResultInfo fail");
266 DestroyContext(userAuthContext);
267 return RESULT_GENERAL_ERROR;
268 }
269
270 uint64_t credentialId;
271 ResultCode ret = FillInContext(userAuthContext, &credentialId, executorResultInfo, SCHEDULE_MODE_AUTH);
272 if (ret != RESULT_SUCCESS) {
273 LOG_ERROR("FillInContext fail");
274 goto EXIT;
275 }
276
277 if (executorResultInfo->result == RESULT_SUCCESS) {
278 ret = GetAuthTokenDataAndSign(userAuthContext, credentialId, SCHEDULE_MODE_AUTH, authToken);
279 if (ret != RESULT_SUCCESS) {
280 LOG_ERROR("sign token failed");
281 goto EXIT;
282 }
283 }
284 SetAuthResult(credentialId, userAuthContext, executorResultInfo, result);
285 if (RequestAuthResultFuncInner(userAuthContext, executorResultInfo, authToken, result) != RESULT_SUCCESS) {
286 LOG_ERROR("RequestAuthResultFuncInner failed");
287 goto EXIT;
288 }
289
290 EXIT:
291 DestroyExecutorResultInfo(executorResultInfo);
292 DestroyContext(userAuthContext);
293 return ret;
294 }
295
GetEnrolledStateFunc(int32_t userId,uint32_t authType,EnrolledStateHal * enrolledStateHal)296 ResultCode GetEnrolledStateFunc(int32_t userId, uint32_t authType, EnrolledStateHal *enrolledStateHal)
297 {
298 ResultCode ret = GetEnrolledState(userId, authType, enrolledStateHal);
299 if (ret != RESULT_SUCCESS) {
300 LOG_ERROR("GetEnrolledState failed");
301 return ret;
302 }
303
304 return RESULT_SUCCESS;
305 }
306
CheckReuseUnlockTokenValid(const ReuseUnlockParamHal * info)307 IAM_STATIC ResultCode CheckReuseUnlockTokenValid(const ReuseUnlockParamHal *info)
308 {
309 if (!g_unlockAuthResult.isCached) {
310 LOG_ERROR("invalid cached unlock token");
311 return RESULT_GENERAL_ERROR;
312 }
313 if ((g_unlockAuthResult.authToken.tokenDataPlain.authMode != SCHEDULE_MODE_AUTH)
314 || (g_unlockAuthResult.authToken.tokenDataPlain.tokenType != TOKEN_TYPE_LOCAL_AUTH)) {
315 LOG_ERROR("need local auth");
316 return RESULT_VERIFY_TOKEN_FAIL;
317 }
318 uint64_t time = GetSystemTime();
319 if (time < g_unlockAuthResult.authToken.tokenDataPlain.time) {
320 LOG_ERROR("bad system time");
321 return RESULT_GENERAL_ERROR;
322 }
323 if ((time - g_unlockAuthResult.authToken.tokenDataPlain.time) > REUSED_UNLOCK_TOKEN_PERIOD) {
324 (void)memset_s(&g_unlockAuthResult, sizeof(UnlockAuthResultCache), 0, sizeof(UnlockAuthResultCache));
325 g_unlockAuthResult.isCached = false;
326 LOG_ERROR("cached unlock token is time out");
327 return RESULT_TOKEN_TIMEOUT;
328 }
329 if ((time - g_unlockAuthResult.authToken.tokenDataPlain.time) > info->reuseUnlockResultDuration) {
330 LOG_ERROR("reuse unlock check reuseUnlockResultDuration fail");
331 return RESULT_TOKEN_TIMEOUT;
332 }
333 if (info->userId != g_unlockAuthResult.userId) {
334 LOG_ERROR("reuse unlock check userId fail");
335 return RESULT_GENERAL_ERROR;
336 }
337 if (info->authTrustLevel > g_unlockAuthResult.authToken.tokenDataPlain.authTrustLevel) {
338 LOG_ERROR("reuse unlock check authTrustLevel fail");
339 return RESULT_GENERAL_ERROR;
340 }
341 if (info->reuseUnlockResultMode == AUTH_TYPE_RELEVANT) {
342 for (uint32_t i = 0; i < info->authTypeSize; i++) {
343 if (info->authTypes[i] == g_unlockAuthResult.authToken.tokenDataPlain.authType) {
344 return RESULT_SUCCESS;
345 }
346 }
347 LOG_ERROR("reuse unlock check authType fail");
348 return RESULT_GENERAL_ERROR;
349 }
350 return RESULT_SUCCESS;
351 }
352
GetReuseUnlockResult(const ReuseUnlockParamHal * info,ReuseUnlockResult * reuseResult)353 IAM_STATIC ResultCode GetReuseUnlockResult(const ReuseUnlockParamHal *info, ReuseUnlockResult *reuseResult)
354 {
355 uint32_t ret = CheckReuseUnlockTokenValid(info);
356 if (ret != RESULT_SUCCESS) {
357 LOG_ERROR("check unlock token fail");
358 return ret;
359 }
360 *((UserAuthTokenHal *)reuseResult->token) = g_unlockAuthResult.authToken;
361 reuseResult->authType = g_unlockAuthResult.authToken.tokenDataPlain.authType;
362 ((UserAuthTokenHal *)reuseResult->token)->tokenDataPlain.authMode = SCHEDULE_MODE_REUSE_UNLOCK_AUTH_RESULT;
363 ((UserAuthTokenHal *)reuseResult->token)->tokenDataPlain.tokenType = TOKEN_TYPE_LOCAL_RESIGN;
364 if (memcpy_s(((UserAuthTokenHal *)reuseResult->token)->tokenDataPlain.challenge, CHALLENGE_LEN, info->challenge,
365 CHALLENGE_LEN) != EOK) {
366 LOG_ERROR("challenge copy failed");
367 return RESULT_BAD_COPY;
368 }
369 ret = GetEnrolledState(info->userId, reuseResult->authType, &reuseResult->enrolledState);
370 if (ret == RESULT_NOT_ENROLLED) {
371 LOG_ERROR("GetEnrolledState result not enrolled");
372 (void)memset_s(&reuseResult->enrolledState, sizeof(EnrolledStateHal), 0, sizeof(EnrolledStateHal));
373 ret = RESULT_SUCCESS;
374 }
375 return ret;
376 }
377
CheckReuseUnlockResultFunc(const ReuseUnlockParamHal * info,ReuseUnlockResult * reuseResult)378 ResultCode CheckReuseUnlockResultFunc(const ReuseUnlockParamHal *info, ReuseUnlockResult *reuseResult)
379 {
380 if (info == NULL || reuseResult == NULL || info->reuseUnlockResultDuration == 0 ||
381 info->reuseUnlockResultDuration > REUSED_UNLOCK_TOKEN_PERIOD ||
382 (info->reuseUnlockResultMode != AUTH_TYPE_RELEVANT && info->reuseUnlockResultMode != AUTH_TYPE_IRRELEVANT)) {
383 LOG_ERROR("CheckReuseUnlockResultFunc bad param");
384 return RESULT_BAD_PARAM;
385 }
386 ResultCode ret = GetReuseUnlockResult(info, reuseResult);
387 if (ret != RESULT_SUCCESS) {
388 LOG_ERROR("get reuse unlock result failed");
389 (void)memset_s(reuseResult, sizeof(ReuseUnlockResult), 0, sizeof(ReuseUnlockResult));
390 return ret;
391 }
392 ret = ReuseUnlockTokenSign((UserAuthTokenHal *)reuseResult->token);
393 if (ret != RESULT_SUCCESS) {
394 LOG_ERROR("reuse unlock token sign failed");
395 (void)memset_s(reuseResult, sizeof(ReuseUnlockResult), 0, sizeof(ReuseUnlockResult));
396 return ret;
397 }
398 return ret;
399 }
400
SetGlobalConfigParamFunc(GlobalConfigParamHal * param)401 ResultCode SetGlobalConfigParamFunc(GlobalConfigParamHal *param)
402 {
403 if (param == NULL) {
404 LOG_ERROR("bad param");
405 return RESULT_BAD_PARAM;
406 }
407 ResultCode ret = SaveGlobalConfigParam(param);
408 if (ret != RESULT_SUCCESS) {
409 LOG_ERROR("Save globalConfigParam failed");
410 }
411 return ret;
412 }
413
GetAvailableStatusFunc(int32_t userId,int32_t authType,uint32_t authTrustLevel,int32_t * checkResult)414 void GetAvailableStatusFunc(int32_t userId, int32_t authType, uint32_t authTrustLevel, int32_t *checkResult)
415 {
416 (*checkResult) = CheckAtlByExecutorAndCred(userId, authType, authTrustLevel);
417 if ((*checkResult) != RESULT_SUCCESS) {
418 LOG_ERROR("CheckAtlByExecutorAndCred failed");
419 return;
420 }
421
422 PinExpiredInfo expiredInfo = {};
423 (*checkResult) = GetPinExpiredInfo(userId, &expiredInfo);
424 if ((*checkResult) != RESULT_SUCCESS) {
425 LOG_ERROR("GetPinExpiredInfo failed");
426 return;
427 }
428 if (expiredInfo.pinExpiredPeriod == NO_CHECK_PIN_EXPIRED_PERIOD) {
429 LOG_ERROR("pinExpiredPeriod is not set");
430 (*checkResult) = RESULT_SUCCESS;
431 return;
432 }
433 uint64_t nowTime = GetReeTime();
434 if (nowTime > expiredInfo.pinExpiredPeriod + expiredInfo.pinEnrolledSysTime) {
435 LOG_ERROR("pin is expired");
436 (*checkResult) = RESULT_PIN_EXPIRED;
437 return;
438 }
439 (*checkResult) = RESULT_SUCCESS;
440 return;
441 }
442
GenerateScheduleFunc(const Buffer * tlv,Uint8Array remoteUdid,ScheduleInfoParam * scheduleInfo)443 ResultCode GenerateScheduleFunc(const Buffer *tlv, Uint8Array remoteUdid, ScheduleInfoParam *scheduleInfo)
444 {
445 if (!IsBufferValid(tlv) || IS_ARRAY_NULL(remoteUdid) || (scheduleInfo == NULL)) {
446 LOG_ERROR("param is invalid");
447 return RESULT_BAD_PARAM;
448 }
449 ResultCode result = CreateScheduleInfo(tlv, remoteUdid, scheduleInfo);
450 if (result != RESULT_SUCCESS) {
451 LOG_ERROR("CreateScheduleInfo failed");
452 }
453 return result;
454 }
455
GenerateAuthResultFunc(const Buffer * tlv,AuthResultParam * authResultInfo)456 ResultCode GenerateAuthResultFunc(const Buffer *tlv, AuthResultParam *authResultInfo)
457 {
458 if (!IsBufferValid(tlv) || (authResultInfo == NULL)) {
459 LOG_ERROR("param is invalid");
460 return RESULT_BAD_PARAM;
461 }
462 ResultCode result = CreateAuthResultInfo(tlv, authResultInfo);
463 if (result != RESULT_SUCCESS) {
464 LOG_ERROR("CreateAuthResultInfo failed");
465 }
466 return result;
467 }
468
GetExecutorInfoLinkedList(uint32_t authType,uint32_t executorRole,LinkedList * allExecutorInfoList)469 ResultCode GetExecutorInfoLinkedList(uint32_t authType, uint32_t executorRole, LinkedList *allExecutorInfoList)
470 {
471 IF_TRUE_LOGE_AND_RETURN_VAL(allExecutorInfoList == NULL, RESULT_BAD_PARAM);
472 uint8_t localUdidData[UDID_LEN] = { 0 };
473 Uint8Array localUdid = { localUdidData, UDID_LEN };
474 bool getLocalUdidRet = GetLocalUdid(&localUdid);
475 IF_TRUE_LOGE_AND_RETURN_VAL(!getLocalUdidRet, RESULT_GENERAL_ERROR);
476
477 ExecutorCondition condition = {};
478 SetExecutorConditionAuthType(&condition, authType);
479 SetExecutorConditionExecutorRole(&condition, executorRole);
480 SetExecutorConditionDeviceUdid(&condition, localUdid);
481
482 LinkedList *executorList = QueryExecutor(&condition);
483 if (executorList == NULL) {
484 LOG_ERROR("query executor failed");
485 return RESULT_UNKNOWN;
486 }
487 if (executorList->getSize(executorList) == 0) {
488 LOG_ERROR("executor is not found");
489 DestroyLinkedList(executorList);
490 return RESULT_TYPE_NOT_SUPPORT;
491 }
492 LinkedListNode *temp = executorList->head;
493 while (temp != NULL) {
494 ExecutorInfoHal *executorInfo = (ExecutorInfoHal *)temp->data;
495 if (executorInfo == NULL) {
496 LOG_ERROR("executorInfo is invalid");
497 DestroyLinkedList(executorList);
498 return RESULT_UNKNOWN;
499 }
500 ExecutorInfoHal *copiedExecutorInfo = CopyExecutorInfo(executorInfo);
501 if (executorInfo == NULL) {
502 LOG_ERROR("copiedExecutorInfo is invalid");
503 DestroyLinkedList(executorList);
504 return RESULT_UNKNOWN;
505 }
506 if (allExecutorInfoList->insert(allExecutorInfoList, copiedExecutorInfo) != RESULT_SUCCESS) {
507 LOG_ERROR("insert executor info failed");
508 DestroyLinkedList(executorList);
509 return RESULT_GENERAL_ERROR;
510 }
511 temp = temp->next;
512 }
513 DestroyLinkedList(executorList);
514 return RESULT_SUCCESS;
515 }
516
GetSignExecutorInfoFuncInner(Uint8Array peerUdid,LinkedList * executorList,Uint8Array executorInfoTlvMsg,Uint8Array * executorInfoArray,uint32_t executorInfoArraySize)517 static Buffer *GetSignExecutorInfoFuncInner(Uint8Array peerUdid, LinkedList *executorList,
518 Uint8Array executorInfoTlvMsg, Uint8Array *executorInfoArray, uint32_t executorInfoArraySize)
519 {
520 LinkedListNode *temp = executorList->head;
521 uint32_t index = 0;
522 while (temp != NULL) {
523 ExecutorInfoHal *executorInfo = (ExecutorInfoHal *)temp->data;
524 if (executorInfo == NULL) {
525 LOG_ERROR("executorInfo is invalid");
526 return NULL;
527 }
528 if (index >= executorInfoArraySize) {
529 LOG_ERROR("executor size is invalid");
530 return NULL;
531 }
532 ResultCode result = GetExecutorInfoMsg(executorInfo, &executorInfoArray[index]);
533 if (result != RESULT_SUCCESS) {
534 LOG_ERROR("get executor info msg fail");
535 return NULL;
536 }
537 index++;
538 temp = temp->next;
539 }
540 ResultCode result = GetMultiDataSerializedMsg(executorInfoArray, executorInfoArraySize, &executorInfoTlvMsg);
541 if (result != RESULT_SUCCESS) {
542 LOG_ERROR("GetMultiDataSerializedMsg failed");
543 return NULL;
544 }
545 return GetExecutorInfoTlv(executorInfoTlvMsg, peerUdid);
546 }
547
GetSignExecutorInfoFunc(Uint8Array peerUdid,LinkedList * executorList)548 Buffer *GetSignExecutorInfoFunc(Uint8Array peerUdid, LinkedList *executorList)
549 {
550 if (IS_ARRAY_NULL(peerUdid) || executorList == NULL) {
551 LOG_ERROR("params is null");
552 return NULL;
553 }
554 if (executorList->getSize(executorList) == 0) {
555 LOG_ERROR("executor is unregistered");
556 return NULL;
557 }
558 if (executorList->size > UINT32_MAX / sizeof(Uint8Array)) {
559 LOG_ERROR("invalid executorList size");
560 return NULL;
561 }
562
563 Uint8Array executorInfoTlvMsg = { Malloc(MAX_EXECUTOR_MSG_LEN), MAX_EXECUTOR_MSG_LEN };
564 IF_TRUE_LOGE_AND_RETURN_VAL(executorInfoTlvMsg.data == NULL, NULL);
565
566 Uint8Array executorInfoArray[executorList->size];
567 bool mallocOk = true;
568 for (uint32_t i = 0; i < executorList->size; i++) {
569 executorInfoArray[i] = (Uint8Array){ Malloc(MAX_EXECUTOR_MSG_LEN), MAX_EXECUTOR_MSG_LEN };
570 if (executorInfoArray[i].data == NULL) {
571 LOG_ERROR("malloc fail");
572 mallocOk = false;
573 continue;
574 }
575 }
576
577 Buffer *signedExecutorInfo = NULL;
578 if (mallocOk) {
579 signedExecutorInfo = GetSignExecutorInfoFuncInner(peerUdid, executorList,
580 executorInfoTlvMsg, executorInfoArray, executorList->size);
581 }
582
583 Free(executorInfoTlvMsg.data);
584 for (uint32_t i = 0; i < executorList->size; i++) {
585 Free(executorInfoArray[i].data);
586 }
587
588 return signedExecutorInfo;
589 }
590
DestroyAuthResult(AuthResult * authResult)591 void DestroyAuthResult(AuthResult *authResult)
592 {
593 if (authResult == NULL) {
594 return;
595 }
596 DestoryBuffer(authResult->rootSecret);
597 DestoryBuffer(authResult->remoteAuthResultMsg);
598 (void)memset_s(authResult, sizeof(AuthResult), 0, sizeof(AuthResult));
599 }