• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "v2_0/user_auth_interface_service.h"
17 
18 #include <cinttypes>
19 #include <mutex>
20 #include <hdf_base.h>
21 #include "securec.h"
22 #include <set>
23 #include <string>
24 
25 #include "iam_logger.h"
26 #include "iam_para2str.h"
27 #include "iam_ptr.h"
28 
29 #include "adaptor_time.h"
30 #include "useriam_common.h"
31 #include "auth_level.h"
32 #include "buffer.h"
33 #include "coauth_funcs.h"
34 #include "executor_message.h"
35 #include "hmac_key.h"
36 #include "identify_funcs.h"
37 #include "idm_database.h"
38 #include "idm_session.h"
39 #include "ed25519_key.h"
40 #include "udid_manager.h"
41 #include "user_auth_hdi.h"
42 #include "user_auth_funcs.h"
43 #include "user_idm_funcs.h"
44 #include "enroll_specification_check.h"
45 
46 #undef LOG_TAG
47 #define LOG_TAG "USER_AUTH_HDI"
48 
49 namespace OHOS {
50 namespace HDI {
51 namespace UserAuth {
52 namespace {
53 static std::mutex g_mutex;
54 static std::string g_localUdid;
55 constexpr uint32_t INVALID_CAPABILITY_LEVEL = 100;
56 const std::string SETTRINGS_NAME = "settings";
57 
58 enum UserAuthCallerType : int32_t {
59     TOKEN_INVALID = -1,
60     TOKEN_HAP = 0,
61     TOKEN_NATIVE,
62 };
63 const uint32_t PUBLIC_KEY_STR_LEN = 33;
FormatHexString(uint8_t * data,int32_t dataSize,char * outBuffer,int32_t outBufferSize)64 void FormatHexString(uint8_t* data, int32_t dataSize, char* outBuffer, int32_t outBufferSize)
65 {
66     int32_t writeIndex = 0;
67     do {
68         for (int i = 0; i < dataSize; i++) {
69             int ret = sprintf_s(outBuffer + writeIndex, outBufferSize - writeIndex, "%X", data[i]);
70             if (ret < 0) {
71                 writeIndex = 0;
72                 break;
73             }
74             writeIndex += ret;
75         }
76     } while (0);
77 
78     if (writeIndex == 0) {
79         memset_s(outBuffer, outBufferSize, 0, outBufferSize);
80     }
81 }
82 } // namespace
83 
84 using namespace std;
85 
UserAuthInterfaceImplGetInstance(void)86 extern "C" IUserAuthInterface *UserAuthInterfaceImplGetInstance(void)
87 {
88     auto userAuthInterfaceService = new (std::nothrow) UserAuthInterfaceService();
89     if (userAuthInterfaceService == nullptr) {
90         IAM_LOGE("userAuthInterfaceService is nullptr");
91         return nullptr;
92     }
93     std::lock_guard<std::mutex> lock(g_mutex);
94     OHOS::UserIam::Common::Init();
95     return userAuthInterfaceService;
96 }
97 
Init(const std::string & deviceUdid)98 int32_t UserAuthInterfaceService::Init(const std::string &deviceUdid)
99 {
100     IAM_LOGI("start");
101     std::lock_guard<std::mutex> lock(g_mutex);
102     g_localUdid = deviceUdid;
103     bool ret = SetLocalUdid(g_localUdid.c_str());
104     IF_TRUE_LOGE_AND_RETURN_VAL(!ret, HDF_FAILURE);
105     OHOS::UserIam::Common::Close();
106     return OHOS::UserIam::Common::Init();
107 }
108 
CopyScheduleInfo(const CoAuthSchedule * in,HdiScheduleInfo * out)109 static bool CopyScheduleInfo(const CoAuthSchedule *in, HdiScheduleInfo *out)
110 {
111     IAM_LOGI("start");
112     if (in->executorSize == 0 || (in->templateIds.data == NULL && in->templateIds.len != 0)) {
113         IAM_LOGE("executorSize is zero");
114         return false;
115     }
116     out->executorIndexes.clear();
117     out->templateIds.clear();
118     out->scheduleId = in->scheduleId;
119     out->authType = static_cast<AuthType>(in->authType);
120     for (uint32_t i = 0; i < in->templateIds.len; ++i) {
121         out->templateIds.push_back(in->templateIds.data[i]);
122     }
123     out->executorMatcher = static_cast<uint32_t>(in->executors[0].executorMatcher);
124     out->scheduleMode = static_cast<ScheduleMode>(in->scheduleMode);
125     for (uint32_t i = 0; i < in->executorSize; ++i) {
126         out->executorIndexes.push_back(in->executors[i].executorIndex);
127     }
128     out->executorMessages.clear();
129     return true;
130 }
131 
SetAttributeToCoAuthExecMsg(AuthParamHal paramHal,HdiScheduleInfo & info,Uint8Array publicKey,Attribute * attribute)132 static int32_t SetAttributeToCoAuthExecMsg(AuthParamHal paramHal, HdiScheduleInfo &info,
133     Uint8Array publicKey, Attribute *attribute)
134 {
135     IF_TRUE_LOGE_AND_RETURN_VAL(attribute == nullptr, RESULT_GENERAL_ERROR);
136 
137     if (SetAttributeUint64(attribute, ATTR_SCHEDULE_ID, info.scheduleId) != RESULT_SUCCESS) {
138         IAM_LOGE("SetAttributeUint64 scheduleId failed");
139         return RESULT_GENERAL_ERROR;
140     }
141 
142     Uint8Array localUdidIn = { paramHal.localUdid, sizeof(paramHal.localUdid) };
143     if (SetAttributeUint8Array(attribute, ATTR_VERIFIER_UDID, localUdidIn) != RESULT_SUCCESS) {
144         IAM_LOGE("SetAttributeUint8Array verifierUdid failed");
145         return RESULT_GENERAL_ERROR;
146     }
147     if (SetAttributeUint8Array(attribute, ATTR_LOCAL_UDID, localUdidIn) != RESULT_SUCCESS) {
148         IAM_LOGE("SetAttributeUint8Array localUdid failed");
149         return RESULT_GENERAL_ERROR;
150     }
151     Uint8Array peerUdidIn = { paramHal.collectorUdid, sizeof(paramHal.collectorUdid) };
152     if (SetAttributeUint8Array(attribute, ATTR_COLLECTOR_UDID, peerUdidIn) != RESULT_SUCCESS) {
153         IAM_LOGE("SetAttributeUint8Array collectorUdid failed");
154         return RESULT_GENERAL_ERROR;
155     }
156     if (SetAttributeUint8Array(attribute, ATTR_PEER_UDID, peerUdidIn) != RESULT_SUCCESS) {
157         IAM_LOGE("SetAttributeUint8Array peerUdid failed");
158         return RESULT_GENERAL_ERROR;
159     }
160     char publicKeyStrBuffer[PUBLIC_KEY_STR_LEN] = {0};
161     FormatHexString(&publicKey.data[0], publicKey.len, publicKeyStrBuffer, PUBLIC_KEY_STR_LEN);
162     IAM_LOGI("public key: %{public}s", publicKeyStrBuffer);
163     if (SetAttributeUint8Array(attribute, ATTR_PUBLIC_KEY, publicKey) != RESULT_SUCCESS) {
164         IAM_LOGE("SetAttributeUint8Array publicKey failed");
165         return RESULT_GENERAL_ERROR;
166     }
167     Uint8Array challenge = { paramHal.challenge, CHALLENGE_LEN };
168     if (SetAttributeUint8Array(attribute, ATTR_CHALLENGE, challenge) != RESULT_SUCCESS) {
169         IAM_LOGE("SetAttributeUint8Array challenge failed");
170         return RESULT_GENERAL_ERROR;
171     }
172 
173     return RESULT_SUCCESS;
174 }
175 
SetAttributeToCollectorExecMsg(AuthParamHal paramHal,HdiScheduleInfo & info,Uint8Array publicKey,Uint8Array * retExtraInfo)176 static int32_t SetAttributeToCollectorExecMsg(AuthParamHal paramHal, HdiScheduleInfo &info,
177     Uint8Array publicKey, Uint8Array *retExtraInfo)
178 {
179     Attribute *attribute = CreateEmptyAttribute();
180     IF_TRUE_LOGE_AND_RETURN_VAL(attribute == nullptr, RESULT_GENERAL_ERROR);
181 
182     ResultCode ret = RESULT_GENERAL_ERROR;
183     do {
184         if (SetAttributeUint32(attribute, ATTR_TYPE, paramHal.authType) != RESULT_SUCCESS) {
185             IAM_LOGE("SetAttributeUint32 authType failed");
186             break;
187         }
188         if (SetAttributeUint32(attribute, ATTR_EXECUTOR_MATCHER, info.executorMatcher) != RESULT_SUCCESS) {
189             IAM_LOGE("SetAttributeUint64 executorMatcher failed");
190             break;
191         }
192         if (SetAttributeInt32(attribute, ATTR_SCHEDULE_MODE, info.scheduleMode) != RESULT_SUCCESS) {
193             IAM_LOGE("SetAttributeUint64 scheduleMode failed");
194             break;
195         }
196         if (SetAttributeUint32(attribute, ATTR_EXECUTOR_ROLE, COLLECTOR) != RESULT_SUCCESS) {
197             IAM_LOGE("SetAttributeUint32 executorRole failed");
198             break;
199         }
200         if (SetAttributeToCoAuthExecMsg(paramHal, info, publicKey, attribute) != RESULT_SUCCESS) {
201             IAM_LOGE("SetAttributeToCoAuthExecMsg failed");
202             break;
203         }
204 
205         SignParam signParam = {
206             .needSignature = true,
207             .keyType = KEY_TYPE_CROSS_DEVICE,
208             .peerUdid = { paramHal.collectorUdid, sizeof(paramHal.collectorUdid) }
209         };
210         if (GetAttributeExecutorMsg(attribute, retExtraInfo, signParam) != RESULT_SUCCESS) {
211             IAM_LOGE("GetAttributeExecutorMsg failed");
212             break;
213         }
214         ret = RESULT_SUCCESS;
215     } while (0);
216 
217     FreeAttribute(&attribute);
218     return ret;
219 }
220 
GetCapabilityLevel(int32_t userId,HdiScheduleInfo & info,uint32_t & capabilityLevel)221 static int32_t GetCapabilityLevel(int32_t userId, HdiScheduleInfo &info, uint32_t &capabilityLevel)
222 {
223     capabilityLevel = INVALID_CAPABILITY_LEVEL;
224     LinkedList *credList = nullptr;
225     int32_t ret = QueryCredentialFunc(userId, info.authType, &credList);
226     if (ret != RESULT_SUCCESS) {
227         IAM_LOGE("query credential failed");
228         return ret;
229     }
230     LinkedListNode *temp = credList->head;
231     while (temp != nullptr) {
232         if (temp->data == nullptr) {
233             IAM_LOGE("list node is invalid");
234             DestroyLinkedList(credList);
235             return RESULT_UNKNOWN;
236         }
237         auto credentialHal = static_cast<CredentialInfoHal *>(temp->data);
238         // Only the lowest acl is returned
239         capabilityLevel = (capabilityLevel < credentialHal->capabilityLevel) ?
240             capabilityLevel : credentialHal->capabilityLevel;
241         temp = temp->next;
242     }
243 
244     DestroyLinkedList(credList);
245     return RESULT_SUCCESS;
246 }
247 
GetExpiredSysTime(AuthParamHal paramHal)248 static uint64_t GetExpiredSysTime(AuthParamHal paramHal)
249 {
250     UserAuthContext *context = GetContext(paramHal.contextId);
251     if (context == NULL) {
252         IAM_LOGE("context is null");
253         return NO_CHECK_PIN_EXPIRED_PERIOD;
254     }
255 
256     if (!context->isExpiredReturnSuccess) {
257         return context->authExpiredSysTime;
258     }
259 
260     return NO_CHECK_PIN_EXPIRED_PERIOD;
261 }
262 
SetAttributeToVerifierExecMsg(AuthParamHal paramHal,HdiScheduleInfo & info,Uint8Array publicKey,Uint8Array * retExtraInfo)263 static int32_t SetAttributeToVerifierExecMsg(AuthParamHal paramHal, HdiScheduleInfo &info,
264     Uint8Array publicKey, Uint8Array *retExtraInfo)
265 {
266     Attribute *attribute = CreateEmptyAttribute();
267     IF_TRUE_LOGE_AND_RETURN_VAL(attribute == nullptr, RESULT_GENERAL_ERROR);
268 
269     ResultCode ret = RESULT_GENERAL_ERROR;
270     do {
271         Uint64Array templateIdsIn = {info.templateIds.data(), info.templateIds.size()};
272         if (SetAttributeUint64Array(attribute, ATTR_TEMPLATE_ID_LIST, templateIdsIn) != RESULT_SUCCESS) {
273             IAM_LOGE("SetAttributeUint64Array templateIdsIn failed");
274             break;
275         }
276         uint32_t capabilityLevel = INVALID_CAPABILITY_LEVEL;
277         int32_t result = GetCapabilityLevel(paramHal.userId, info, capabilityLevel);
278         if (result != RESULT_SUCCESS) {
279             IAM_LOGE("GetCapabilityLevel fail");
280             return result;
281         }
282         if (capabilityLevel != INVALID_CAPABILITY_LEVEL &&
283             SetAttributeUint32(attribute, ATTR_CAPABILITY_LEVEL, capabilityLevel) != RESULT_SUCCESS) {
284             IAM_LOGE("SetAttributeUint32 capabilityLevel failed");
285             break;
286         }
287         if (SetAttributeUint64(attribute, ATTR_EXPIRED_SYS_TIME, GetExpiredSysTime(paramHal)) != RESULT_SUCCESS) {
288             IAM_LOGE("SetAttributeUint64 authExpiredSysTime failed");
289             break;
290         }
291         if (SetAttributeToCoAuthExecMsg(paramHal, info, publicKey, attribute) != RESULT_SUCCESS) {
292             IAM_LOGE("SetAttributeToCoAuthExecMsg failed");
293             break;
294         }
295 
296         SignParam signParam = { .needSignature = true, .keyType = KEY_TYPE_EXECUTOR };
297         if (GetAttributeExecutorMsg(attribute, retExtraInfo, signParam) != RESULT_SUCCESS) {
298             IAM_LOGE("GetAttributeExecutorMsg failed");
299             break;
300         }
301         ret = RESULT_SUCCESS;
302     } while (0);
303 
304     FreeAttribute(&attribute);
305     return ret;
306 }
307 
SetAttributeToExtraInfo(HdiScheduleInfo & info,uint32_t capabilityLevel,uint64_t scheduleId)308 static int32_t SetAttributeToExtraInfo(HdiScheduleInfo &info, uint32_t capabilityLevel, uint64_t scheduleId)
309 {
310     Attribute *attribute = CreateEmptyAttribute();
311     IF_TRUE_LOGE_AND_RETURN_VAL(attribute == nullptr, RESULT_GENERAL_ERROR);
312 
313     ResultCode ret = RESULT_GENERAL_ERROR;
314     do {
315         Uint64Array templateIdsIn = {info.templateIds.data(), info.templateIds.size()};
316         if (SetAttributeUint64Array(attribute, ATTR_TEMPLATE_ID_LIST, templateIdsIn) != RESULT_SUCCESS) {
317             IAM_LOGE("SetAttributeUint64Array templateIdsIn failed");
318             break;
319         }
320         if (capabilityLevel != INVALID_CAPABILITY_LEVEL &&
321             SetAttributeUint32(attribute, ATTR_CAPABILITY_LEVEL, capabilityLevel) != RESULT_SUCCESS) {
322             IAM_LOGE("SetAttributeUint32 capabilityLevel failed");
323             break;
324         }
325         if (SetAttributeUint64(attribute, ATTR_SCHEDULE_ID, scheduleId) != RESULT_SUCCESS) {
326             IAM_LOGE("SetAttributeUint64 scheduleId failed");
327             break;
328         }
329 
330         info.executorMessages.resize(1);
331         info.executorMessages[0].resize(MAX_EXECUTOR_MSG_LEN);
332         Uint8Array retExtraInfo = { info.executorMessages[0].data(), MAX_EXECUTOR_MSG_LEN };
333         SignParam signParam = { .needSignature = true, .keyType = KEY_TYPE_EXECUTOR };
334         if (GetAttributeExecutorMsg(attribute, &retExtraInfo, signParam) != RESULT_SUCCESS) {
335             IAM_LOGE("GetAttributeExecutorMsg failed");
336             info.executorMessages.clear();
337             break;
338         }
339         info.executorMessages[0].resize(retExtraInfo.len);
340         ret = RESULT_SUCCESS;
341     } while (0);
342 
343     FreeAttribute(&attribute);
344     return ret;
345 }
346 
SetAttributeToAllInOneExecMsg(AuthParamHal paramHal,HdiScheduleInfo & info,Uint8Array * retExtraInfo)347 static int32_t SetAttributeToAllInOneExecMsg(AuthParamHal paramHal, HdiScheduleInfo &info, Uint8Array *retExtraInfo)
348 {
349     uint32_t capabilityLevel = INVALID_CAPABILITY_LEVEL;
350     int32_t result = GetCapabilityLevel(paramHal.userId, info, capabilityLevel);
351     if (result != RESULT_SUCCESS) {
352         IAM_LOGE("GetCapabilityLevel fail");
353         return result;
354     }
355 
356     Attribute *attribute = CreateEmptyAttribute();
357     IF_TRUE_LOGE_AND_RETURN_VAL(attribute == nullptr, RESULT_GENERAL_ERROR);
358 
359     ResultCode ret = RESULT_GENERAL_ERROR;
360     do {
361         Uint64Array templateIdsIn = {info.templateIds.data(), info.templateIds.size()};
362         if (SetAttributeUint64Array(attribute, ATTR_TEMPLATE_ID_LIST, templateIdsIn) != RESULT_SUCCESS) {
363             IAM_LOGE("SetAttributeUint64Array templateIdsIn failed");
364             break;
365         }
366         if (capabilityLevel != INVALID_CAPABILITY_LEVEL &&
367             SetAttributeUint32(attribute, ATTR_CAPABILITY_LEVEL, capabilityLevel) != RESULT_SUCCESS) {
368             IAM_LOGE("SetAttributeUint32 capabilityLevel failed");
369             break;
370         }
371         if (SetAttributeUint64(attribute, ATTR_SCHEDULE_ID, info.scheduleId) != RESULT_SUCCESS) {
372             IAM_LOGE("SetAttributeUint64 scheduleId failed");
373             break;
374         }
375 
376         if (SetAttributeUint64(attribute, ATTR_EXPIRED_SYS_TIME, GetExpiredSysTime(paramHal)) != RESULT_SUCCESS) {
377             IAM_LOGE("SetAttributeUint64 authExpiredSysTime failed");
378             break;
379         }
380 
381         Uint8Array challenge = { paramHal.challenge, CHALLENGE_LEN };
382         if (SetAttributeUint8Array(attribute, ATTR_CHALLENGE, challenge) != RESULT_SUCCESS) {
383             IAM_LOGE("SetAttributeUint8Array challenge failed");
384             break;
385         }
386 
387         SignParam signParam = { .needSignature = true, .keyType = KEY_TYPE_EXECUTOR };
388         if (GetAttributeExecutorMsg(attribute, retExtraInfo, signParam) != RESULT_SUCCESS) {
389             IAM_LOGE("GetAttributeExecutorMsg failed");
390             break;
391         }
392         ret = RESULT_SUCCESS;
393     } while (0);
394 
395     FreeAttribute(&attribute);
396     return ret;
397 }
398 
GetAuthExecutorMsg(uint32_t executorRole,AuthParamHal paramHal,Uint8Array publicKey,HdiScheduleInfo & info,Uint8Array * retMsg)399 static int32_t GetAuthExecutorMsg(uint32_t executorRole, AuthParamHal paramHal,
400     Uint8Array publicKey, HdiScheduleInfo &info, Uint8Array *retMsg)
401 {
402     if (executorRole == COLLECTOR) {
403         if (SetAttributeToCollectorExecMsg(paramHal, info, publicKey, retMsg) != RESULT_SUCCESS) {
404             IAM_LOGE("SetAttributeToCollectorExecMsg failed");
405             return RESULT_GENERAL_ERROR;
406         }
407     } else if (executorRole == VERIFIER) {
408         if (SetAttributeToVerifierExecMsg(paramHal, info, publicKey, retMsg) != RESULT_SUCCESS) {
409             IAM_LOGE("SetAttributeToVerifierExecMsg failed");
410             return RESULT_GENERAL_ERROR;
411         }
412     } else if (executorRole == ALL_IN_ONE) {
413         if (SetAttributeToAllInOneExecMsg(paramHal, info, retMsg) != RESULT_SUCCESS) {
414             IAM_LOGE("SetAttributeToAllInOneExecMsg fail");
415             return RESULT_GENERAL_ERROR;
416         }
417     } else {
418         IAM_LOGE("Unsupported executorRole %{public}u", executorRole);
419         return RESULT_GENERAL_ERROR;
420     }
421     return RESULT_SUCCESS;
422 }
423 
CopyAuthScheduleInfo(AuthParamHal paramHal,const CoAuthSchedule * in,HdiScheduleInfo * out)424 static bool CopyAuthScheduleInfo(AuthParamHal paramHal, const CoAuthSchedule *in, HdiScheduleInfo *out)
425 {
426     IAM_LOGI("CopyAuthScheduleInfo start");
427     if (in->executorSize == 0 || (in->templateIds.data == NULL && in->templateIds.len != 0)) {
428         IAM_LOGE("executorSize is zero");
429         return false;
430     }
431     out->executorIndexes.clear();
432     out->templateIds.clear();
433     out->scheduleId = in->scheduleId;
434     out->authType = static_cast<AuthType>(in->authType);
435     for (uint32_t i = 0; i < in->templateIds.len; ++i) {
436         out->templateIds.push_back(in->templateIds.data[i]);
437     }
438     out->executorMatcher = static_cast<uint32_t>(in->executors[0].executorMatcher);
439     out->scheduleMode = static_cast<ScheduleMode>(in->scheduleMode);
440 
441     out->executorIndexes.resize(in->executorSize);
442     out->executorMessages.resize(in->executorSize);
443     for (uint32_t i = 0; i < in->executorSize; ++i) {
444         out->executorIndexes[i] = in->executors[i].executorIndex;
445         out->executorMessages[i].resize(MAX_EXECUTOR_MSG_LEN);
446         Uint8Array retExtraInfo = { out->executorMessages[i].data(), MAX_EXECUTOR_MSG_LEN };
447         uint32_t executorRoleTemp = static_cast<ExecutorRole>(in->executors[i].executorRole);
448         Uint8Array publicKeyInfo = { (uint8_t *)in->executors[1 - i].pubKey, PUBLIC_KEY_LEN };
449         if (GetAuthExecutorMsg(executorRoleTemp, paramHal, publicKeyInfo, *out, &retExtraInfo) != RESULT_SUCCESS) {
450             IAM_LOGE("GetAuthExecutorMsg failed");
451             out->executorIndexes.clear();
452             out->templateIds.clear();
453             out->executorMessages.clear();
454             return false;
455         }
456         out->executorMessages[i].resize(retExtraInfo.len);
457     }
458     return true;
459 }
460 
CopyAuthParamToHal(uint64_t contextId,const HdiAuthParam & param,AuthParamHal & paramHal)461 static int32_t CopyAuthParamToHal(uint64_t contextId, const HdiAuthParam &param,
462     AuthParamHal &paramHal)
463 {
464     paramHal.contextId = contextId;
465     paramHal.userId = param.baseParam.userId;
466     paramHal.authType = static_cast<int32_t>(param.authType);
467     paramHal.authTrustLevel = param.baseParam.authTrustLevel;
468     if (!param.baseParam.challenge.empty() && memcpy_s(paramHal.challenge, CHALLENGE_LEN,
469         param.baseParam.challenge.data(), param.baseParam.challenge.size()) != EOK) {
470         IAM_LOGE("challenge copy failed");
471         return RESULT_BAD_COPY;
472     }
473     paramHal.authIntent = param.authIntent;
474     paramHal.isExpiredReturnSuccess = false;
475     if (param.baseParam.callerType == TOKEN_HAP &&
476         (param.baseParam.callerName.find(SETTRINGS_NAME) != std::string::npos ||
477         param.authIntent == HdiAuthIntent::UNLOCK)) {
478         paramHal.isExpiredReturnSuccess = true;
479     }
480     if (!param.collectorUdid.empty()) {
481         if (memcpy_s(paramHal.collectorUdid, sizeof(paramHal.collectorUdid),
482             (uint8_t *)param.collectorUdid.c_str(), param.collectorUdid.length()) != EOK) {
483             IAM_LOGE("collectorUdid copy failed");
484             return RESULT_BAD_COPY;
485         }
486     } else {
487         Uint8Array collectorUdid = { paramHal.collectorUdid, sizeof(paramHal.collectorUdid) };
488         if (!GetLocalUdid(&collectorUdid)) {
489             IAM_LOGE("fill collector udid by local udid failed");
490             return RESULT_GENERAL_ERROR;
491         }
492     }
493     Uint8Array localUdid = { paramHal.localUdid, sizeof(paramHal.localUdid) };
494     if (!GetLocalUdid(&localUdid)) {
495         IAM_LOGE("GetLocalUdid failed");
496         return RESULT_GENERAL_ERROR;
497     }
498     return RESULT_SUCCESS;
499 }
500 
BeginAuthentication(uint64_t contextId,const HdiAuthParam & param,std::vector<HdiScheduleInfo> & infos)501 int32_t UserAuthInterfaceService::BeginAuthentication(uint64_t contextId, const HdiAuthParam &param,
502     std::vector<HdiScheduleInfo> &infos)
503 {
504     IAM_LOGI("start");
505     infos.clear();
506     AuthParamHal paramHal = {};
507     int32_t ret = CopyAuthParamToHal(contextId, param, paramHal);
508     if (ret != RESULT_SUCCESS) {
509         IAM_LOGE("copy CopyAuthParamToHal failed %{public}d", ret);
510         return ret;
511     }
512     std::lock_guard<std::mutex> lock(g_mutex);
513     LinkedList *schedulesGet = nullptr;
514     ret = GenerateSolutionFunc(paramHal, &schedulesGet);
515     if (ret != RESULT_SUCCESS) {
516         IAM_LOGE("generate solution failed %{public}d", ret);
517         return ret;
518     }
519     if (schedulesGet == nullptr) {
520         IAM_LOGE("get null schedule");
521         return RESULT_GENERAL_ERROR;
522     }
523     LinkedListNode *tempNode = schedulesGet->head;
524     while (tempNode != nullptr) {
525         if (tempNode->data == nullptr) {
526             IAM_LOGE("node data is invalid");
527             DestroyLinkedList(schedulesGet);
528             return RESULT_UNKNOWN;
529         }
530         HdiScheduleInfo temp = {};
531         auto coAuthSchedule = static_cast<CoAuthSchedule *>(tempNode->data);
532         if (!CopyAuthScheduleInfo(paramHal, coAuthSchedule, &temp)) {
533             infos.clear();
534             IAM_LOGE("copy schedule info failed");
535             DestroyLinkedList(schedulesGet);
536             return RESULT_GENERAL_ERROR;
537         }
538         infos.push_back(temp);
539         tempNode = tempNode->next;
540     }
541     DestroyLinkedList(schedulesGet);
542     return ret;
543 }
544 
GetAllUserInfo(std::vector<UserInfo> & userInfos)545 int32_t UserAuthInterfaceService::GetAllUserInfo(std::vector<UserInfo> &userInfos)
546 {
547     IAM_LOGI("GetAllUserInfo mock start");
548     static_cast<void>(userInfos);
549 
550     return RESULT_SUCCESS;
551 }
552 
CreateExecutorCommand(int32_t userId,HdiAuthResultInfo & info)553 static int32_t CreateExecutorCommand(int32_t userId, HdiAuthResultInfo &info)
554 {
555     LinkedList *executorSendMsg = nullptr;
556     AuthPropertyMode authPropMode;
557     if (info.result == RESULT_SUCCESS) {
558         authPropMode = PROPERTY_MODE_UNFREEZE;
559     } else if (info.remainAttempts == 0) {
560         authPropMode = PROPERTY_MODE_FREEZE;
561     } else {
562         return RESULT_SUCCESS;
563     }
564     ResultCode ret = GetExecutorMsgList(userId, authPropMode, &executorSendMsg);
565     if (ret != RESULT_SUCCESS) {
566         IAM_LOGE("get executor msg failed");
567         return ret;
568     }
569 
570     LinkedListNode *temp = executorSendMsg->head;
571     while (temp != nullptr) {
572         if (temp->data == nullptr) {
573             IAM_LOGE("list node is invalid");
574             DestroyLinkedList(executorSendMsg);
575             return RESULT_UNKNOWN;
576         }
577         auto nodeData = static_cast<ExecutorMsg *>(temp->data);
578         Buffer *nodeMsgBuffer = nodeData->msg;
579         if (!IsBufferValid(nodeMsgBuffer)) {
580             IAM_LOGE("node's buffer invalid");
581             DestroyLinkedList(executorSendMsg);
582             return RESULT_UNKNOWN;
583         }
584         HdiExecutorSendMsg msg = {};
585         msg.executorIndex = nodeData->executorIndex;
586         msg.commandId = static_cast<int32_t>(authPropMode);
587         msg.msg.resize(nodeMsgBuffer->contentSize);
588         if (memcpy_s(msg.msg.data(), msg.msg.size(), nodeMsgBuffer->buf, nodeMsgBuffer->contentSize) != EOK) {
589             IAM_LOGE("copy failed");
590             msg.msg.clear();
591             DestroyLinkedList(executorSendMsg);
592             return RESULT_BAD_COPY;
593         }
594         info.msgs.push_back(msg);
595         temp = temp->next;
596     }
597     DestroyLinkedList(executorSendMsg);
598     return RESULT_SUCCESS;
599 }
600 
CopyAuthResult(AuthResult & infoIn,UserAuthTokenHal & authTokenIn,HdiAuthResultInfo & infoOut,HdiEnrolledState & enrolledStateOut)601 static int32_t CopyAuthResult(AuthResult &infoIn, UserAuthTokenHal &authTokenIn, HdiAuthResultInfo &infoOut,
602     HdiEnrolledState &enrolledStateOut)
603 {
604     IAM_LOGI("start");
605     infoOut.result = infoIn.result;
606     infoOut.remainAttempts = infoIn.remainTimes;
607     infoOut.lockoutDuration = infoIn.freezingTime;
608     enrolledStateOut.credentialDigest = infoIn.credentialDigest;
609     enrolledStateOut.credentialCount = infoIn.credentialCount;
610     infoOut.pinExpiredInfo = infoIn.pinExpiredInfo;
611     if (infoOut.result == RESULT_SUCCESS) {
612         infoOut.userId = infoIn.userId;
613         infoOut.credentialId = infoIn.credentialId;
614         IAM_LOGI("matched userId: %{public}d, credentialId: %{public}s.",
615             infoOut.userId, GET_MASKED_STRING(infoOut.credentialId).c_str());
616         infoOut.token.resize(sizeof(UserAuthTokenHal));
617         if (memcpy_s(infoOut.token.data(), infoOut.token.size(), &authTokenIn, sizeof(UserAuthTokenHal)) != EOK) {
618                 IAM_LOGE("copy authToken failed");
619                 infoOut.token.clear();
620                 return RESULT_BAD_COPY;
621         }
622         if (infoIn.rootSecret != nullptr) {
623             infoOut.rootSecret.resize(infoIn.rootSecret->contentSize);
624             if (memcpy_s(infoOut.rootSecret.data(), infoOut.rootSecret.size(),
625                 infoIn.rootSecret->buf, infoIn.rootSecret->contentSize) != EOK) {
626                 IAM_LOGE("copy secret failed");
627                 infoOut.rootSecret.clear();
628                 infoOut.token.clear();
629                 return RESULT_BAD_COPY;
630             }
631         }
632     }
633     if (infoIn.remoteAuthResultMsg != nullptr) {
634         infoOut.remoteAuthResultMsg.resize(infoIn.remoteAuthResultMsg->contentSize);
635         if (memcpy_s(infoOut.remoteAuthResultMsg.data(), infoOut.remoteAuthResultMsg.size(),
636             infoIn.remoteAuthResultMsg->buf, infoIn.remoteAuthResultMsg->contentSize) != EOK) {
637             IAM_LOGE("copy remoteAuthResultMsg failed");
638             infoOut.remoteAuthResultMsg.clear();
639             infoOut.rootSecret.clear();
640             infoOut.token.clear();
641             return RESULT_BAD_COPY;
642         }
643     }
644     infoOut.userId = infoIn.userId;
645     IAM_LOGI("matched userId: %{public}d.", infoOut.userId);
646     return RESULT_SUCCESS;
647 }
648 
UpdateAuthenticationResultInner(uint64_t contextId,const std::vector<uint8_t> & scheduleResult,HdiAuthResultInfo & info,HdiEnrolledState & enrolledState)649 static int32_t UpdateAuthenticationResultInner(uint64_t contextId,
650     const std::vector<uint8_t> &scheduleResult, HdiAuthResultInfo &info, HdiEnrolledState &enrolledState)
651 {
652     IAM_LOGI("start");
653     if (scheduleResult.size() == 0) {
654         IAM_LOGE("param is invalid");
655         DestroyContextbyId(contextId);
656         return RESULT_BAD_PARAM;
657     }
658     Buffer *scheduleResultBuffer = CreateBufferByData(&scheduleResult[0], scheduleResult.size());
659     if (!IsBufferValid(scheduleResultBuffer)) {
660         IAM_LOGE("scheduleTokenBuffer is invalid");
661         DestroyContextbyId(contextId);
662         return RESULT_NO_MEMORY;
663     }
664     std::lock_guard<std::mutex> lock(g_mutex);
665     UserAuthTokenHal authTokenHal = {};
666     AuthResult authResult = {};
667     int32_t funcRet = RESULT_GENERAL_ERROR;
668     do {
669         int32_t ret = RequestAuthResultFunc(contextId, scheduleResultBuffer, &authTokenHal, &authResult);
670         DestoryBuffer(scheduleResultBuffer);
671         if (ret != RESULT_SUCCESS) {
672             IAM_LOGE("execute func failed");
673             break;
674         }
675         ret = CopyAuthResult(authResult, authTokenHal, info, enrolledState);
676         if (ret != RESULT_SUCCESS) {
677             IAM_LOGE("Copy auth result failed");
678             break;
679         }
680         if (authResult.authType != PIN_AUTH) {
681             IAM_LOGI("type not pin");
682         } else {
683             IAM_LOGI("type pin");
684             ret = CreateExecutorCommand(authResult.userId, info);
685             if (ret != RESULT_SUCCESS) {
686                 IAM_LOGE("create executor command failed");
687                 break;
688             }
689         }
690         funcRet = RESULT_SUCCESS;
691     } while (0);
692 
693     DestroyAuthResult(&authResult);
694     return funcRet;
695 }
696 
UpdateAuthenticationResult(uint64_t contextId,const std::vector<uint8_t> & scheduleResult,HdiAuthResultInfo & info,HdiEnrolledState & enrolledState)697 int32_t UserAuthInterfaceService::UpdateAuthenticationResult(uint64_t contextId,
698     const std::vector<uint8_t> &scheduleResult, HdiAuthResultInfo &info, HdiEnrolledState &enrolledState)
699 {
700     IAM_LOGI("start");
701     return UpdateAuthenticationResultInner(contextId, scheduleResult, info, enrolledState);
702 }
703 
CancelAuthentication(uint64_t contextId)704 int32_t UserAuthInterfaceService::CancelAuthentication(uint64_t contextId)
705 {
706     IAM_LOGI("start");
707     std::lock_guard<std::mutex> lock(g_mutex);
708     return DestroyContextbyId(contextId);
709 }
710 
BeginIdentification(uint64_t contextId,int32_t authType,const std::vector<uint8_t> & challenge,uint32_t executorSensorHint,HdiScheduleInfo & scheduleInfo)711 int32_t UserAuthInterfaceService::BeginIdentification(uint64_t contextId, int32_t authType,
712     const std::vector<uint8_t> &challenge, uint32_t executorSensorHint, HdiScheduleInfo &scheduleInfo)
713 {
714     IAM_LOGI("start");
715     if (authType == PIN) {
716         IAM_LOGE("param is invalid");
717         return RESULT_BAD_PARAM;
718     }
719     IdentifyParam param = {};
720     param.contextId = contextId;
721     param.authType = static_cast<uint32_t>(authType);
722     param.executorSensorHint = executorSensorHint;
723     if (!challenge.empty() && memcpy_s(param.challenge, CHALLENGE_LEN, challenge.data(), challenge.size()) != EOK) {
724         IAM_LOGE("challenge copy failed");
725         return RESULT_BAD_COPY;
726     }
727     std::lock_guard<std::mutex> lock(g_mutex);
728     LinkedList *scheduleGet = nullptr;
729     int32_t ret = DoIdentify(param, &scheduleGet);
730     if (ret != RESULT_SUCCESS) {
731         IAM_LOGE("generate solution failed");
732         return ret;
733     }
734     if (scheduleGet == nullptr) {
735         IAM_LOGE("get null schedule");
736         return RESULT_GENERAL_ERROR;
737     }
738     if (scheduleGet->head == nullptr || scheduleGet->head->data == nullptr) {
739         IAM_LOGE("scheduleGet is invalid");
740         DestroyLinkedList(scheduleGet);
741         return RESULT_UNKNOWN;
742     }
743     auto data = static_cast<CoAuthSchedule *>(scheduleGet->head->data);
744     if (!CopyScheduleInfo(data, &scheduleInfo)) {
745         IAM_LOGE("copy schedule failed");
746         ret = RESULT_BAD_COPY;
747     }
748     DestroyLinkedList(scheduleGet);
749     return ret;
750 }
751 
UpdateIdentificationResult(uint64_t contextId,const std::vector<uint8_t> & scheduleResult,IdentifyResultInfo & info)752 int32_t UserAuthInterfaceService::UpdateIdentificationResult(uint64_t contextId,
753     const std::vector<uint8_t> &scheduleResult, IdentifyResultInfo &info)
754 {
755     IAM_LOGI("start");
756     if (scheduleResult.size() == 0) {
757         IAM_LOGE("param is invalid");
758         return RESULT_BAD_PARAM;
759     }
760     Buffer *scheduleResultBuffer = CreateBufferByData(&scheduleResult[0], scheduleResult.size());
761     if (!IsBufferValid(scheduleResultBuffer)) {
762         IAM_LOGE("scheduleTokenBuffer is invalid");
763         return RESULT_NO_MEMORY;
764     }
765     std::lock_guard<std::mutex> lock(g_mutex);
766     UserAuthTokenHal token = {};
767     int32_t ret = DoUpdateIdentify(contextId, scheduleResultBuffer, &info.userId, &token, &info.result);
768     DestoryBuffer(scheduleResultBuffer);
769     if (ret != RESULT_SUCCESS) {
770         IAM_LOGE("DoUpdateIdentify failed");
771         return ret;
772     }
773     if (info.result == RESULT_SUCCESS) {
774         info.token.resize(sizeof(UserAuthTokenHal));
775         if (memcpy_s(info.token.data(), info.token.size(), &token, sizeof(token)) != EOK) {
776             IAM_LOGE("copy authToken failed");
777             info.token.clear();
778             return RESULT_BAD_COPY;
779         }
780     }
781     return RESULT_SUCCESS;
782 }
783 
CancelIdentification(uint64_t contextId)784 int32_t UserAuthInterfaceService::CancelIdentification(uint64_t contextId)
785 {
786     IAM_LOGI("start");
787     std::lock_guard<std::mutex> lock(g_mutex);
788     return DestroyContextbyId(contextId);
789 }
790 
GetAvailableStatus(int32_t userId,int32_t authType,uint32_t authTrustLevel,int32_t & checkResult)791 int32_t UserAuthInterfaceService::GetAvailableStatus(int32_t userId, int32_t authType, uint32_t authTrustLevel,
792     int32_t &checkResult)
793 {
794     IAM_LOGI("start");
795     std::lock_guard<std::mutex> lock(g_mutex);
796     GetAvailableStatusFunc(userId, authType, authTrustLevel, &checkResult);
797     if (checkResult != RESULT_SUCCESS) {
798         IAM_LOGE("GetAvailableStatusFunc failed");
799     }
800     return RESULT_SUCCESS;
801 }
802 
GetValidSolution(int32_t userId,const std::vector<int32_t> & authTypes,uint32_t authTrustLevel,std::vector<int32_t> & validTypes)803 int32_t UserAuthInterfaceService::GetValidSolution(int32_t userId, const std::vector<int32_t> &authTypes,
804     uint32_t authTrustLevel, std::vector<int32_t> &validTypes)
805 {
806     IAM_LOGI("start userId:%{public}d authTrustLevel:%{public}u", userId, authTrustLevel);
807     int32_t result = RESULT_TYPE_NOT_SUPPORT;
808     validTypes.clear();
809     std::lock_guard<std::mutex> lock(g_mutex);
810     for (auto &authType : authTypes) {
811         int32_t checkRet = RESULT_GENERAL_ERROR;
812         GetAvailableStatusFunc(userId, authType, authTrustLevel, &checkRet);
813         if (checkRet == RESULT_PIN_EXPIRED) {
814             LOG_ERROR("pin is expired");
815             return RESULT_PIN_EXPIRED;
816         }
817         if (checkRet == RESULT_TRUST_LEVEL_NOT_SUPPORT) {
818             IAM_LOGE("GetAvailableStatus checkRet: %{public}d", checkRet);
819             result = checkRet;
820             continue;
821         }
822         if (checkRet != RESULT_SUCCESS) {
823             IAM_LOGE("authType does not support, authType:%{public}d, ret:%{public}d", authType, checkRet);
824             result = RESULT_NOT_ENROLLED;
825             continue;
826         }
827         IAM_LOGI("get valid authType:%{public}d", authType);
828         validTypes.push_back(authType);
829     }
830     if (validTypes.empty()) {
831         IAM_LOGE("no auth type valid");
832         return result;
833     }
834     return RESULT_SUCCESS;
835 }
836 
OpenSession(int32_t userId,std::vector<uint8_t> & challenge)837 int32_t UserAuthInterfaceService::OpenSession(int32_t userId, std::vector<uint8_t> &challenge)
838 {
839     IAM_LOGI("start");
840     std::lock_guard<std::mutex> lock(g_mutex);
841     challenge.resize(CHALLENGE_LEN);
842     int32_t ret = OpenEditSession(userId, challenge.data(), challenge.size());
843     if (ret != RESULT_SUCCESS) {
844         IAM_LOGE("failed to open session");
845         challenge.clear();
846     }
847     return ret;
848 }
849 
CloseSession(int32_t userId)850 int32_t UserAuthInterfaceService::CloseSession(int32_t userId)
851 {
852     IAM_LOGI("start");
853     std::lock_guard<std::mutex> lock(g_mutex);
854     return CloseEditSession();
855 }
856 
BeginEnrollment(const std::vector<uint8_t> & authToken,const HdiEnrollParam & param,HdiScheduleInfo & info)857 int32_t UserAuthInterfaceService::BeginEnrollment(
858     const std::vector<uint8_t> &authToken, const HdiEnrollParam &param, HdiScheduleInfo &info)
859 {
860     IAM_LOGI("start");
861     if (authToken.size() != sizeof(UserAuthTokenHal) && authToken.size() != 0) {
862         IAM_LOGE("authToken len is invalid");
863         return RESULT_BAD_PARAM;
864     }
865     PermissionCheckParam checkParam = {};
866     if (authToken.size() == sizeof(UserAuthTokenHal) &&
867         memcpy_s(checkParam.token, AUTH_TOKEN_LEN, &authToken[0], authToken.size()) != EOK) {
868         return RESULT_BAD_COPY;
869     }
870     checkParam.authType = param.authType;
871     checkParam.userId = param.userId;
872     checkParam.executorSensorHint = param.executorSensorHint;
873     checkParam.userType = param.userType;
874     std::lock_guard<std::mutex> lock(g_mutex);
875     uint64_t scheduleId;
876     int32_t ret;
877     if (authToken.size() == sizeof(UserAuthTokenHal) && param.authType == PIN) {
878         ret = CheckUpdatePermission(checkParam, &scheduleId);
879         if (ret != RESULT_SUCCESS) {
880             IAM_LOGE("check update permission failed");
881             return ret;
882         }
883     } else {
884         ret = CheckEnrollPermission(checkParam, &scheduleId);
885         if (ret != RESULT_SUCCESS) {
886             IAM_LOGE("check enroll permission failed");
887             return ret;
888         }
889     }
890     const CoAuthSchedule *scheduleInfo = GetCoAuthSchedule(scheduleId);
891     if (scheduleInfo == nullptr) {
892         IAM_LOGE("get schedule info failed");
893         return RESULT_UNKNOWN;
894     }
895     if (!CopyScheduleInfo(scheduleInfo, &info)) {
896         IAM_LOGE("copy schedule info failed");
897         return RESULT_BAD_COPY;
898     }
899     ret = SetAttributeToExtraInfo(info, INVALID_CAPABILITY_LEVEL, scheduleId);
900     if (ret != RESULT_SUCCESS) {
901         IAM_LOGE("SetAttributeToExtraInfo failed");
902     }
903 
904     IAM_LOGI("end");
905     return ret;
906 }
907 
CancelEnrollment(int32_t userId)908 int32_t UserAuthInterfaceService::CancelEnrollment(int32_t userId)
909 {
910     IAM_LOGI("start");
911     std::lock_guard<std::mutex> lock(g_mutex);
912     BreakOffCoauthSchedule();
913     return RESULT_SUCCESS;
914 }
915 
CopyCredentialInfo(const CredentialInfoHal & in,HdiCredentialInfo & out)916 static void CopyCredentialInfo(const CredentialInfoHal &in, HdiCredentialInfo &out)
917 {
918     out.authType = static_cast<AuthType>(in.authType);
919     out.credentialId = in.credentialId;
920     out.templateId = in.templateId;
921     out.executorMatcher = in.executorMatcher;
922     out.executorSensorHint = in.executorSensorHint;
923     out.executorIndex = QueryCredentialExecutorIndex(in.authType, in.executorSensorHint);
924 }
925 
GetUpdateResult(int32_t userId,HdiEnrollResultInfo & info,Buffer * scheduleResultBuffer)926 static int32_t GetUpdateResult(int32_t userId, HdiEnrollResultInfo &info, Buffer *scheduleResultBuffer)
927 {
928     UpdateCredentialOutput output = {};
929     int32_t ret = UpdateCredentialFunc(userId, scheduleResultBuffer, &output);
930     if (ret == RESULT_SUCCESS) {
931         /* Only update pin have oldRootSecret and rootSecret */
932         info.rootSecret.resize(ROOT_SECRET_LEN);
933         if (memcpy_s(info.rootSecret.data(), ROOT_SECRET_LEN, output.rootSecret->buf, ROOT_SECRET_LEN) != EOK) {
934             IAM_LOGE("failed to copy rootSecret");
935             ret = RESULT_BAD_COPY;
936             goto ERROR;
937         }
938         info.oldRootSecret.resize(ROOT_SECRET_LEN);
939         if (memcpy_s(info.oldRootSecret.data(), ROOT_SECRET_LEN, output.oldRootSecret->buf, ROOT_SECRET_LEN) != EOK) {
940             IAM_LOGE("failed to copy oldRootSecret");
941             ret = RESULT_BAD_COPY;
942             goto ERROR;
943         }
944         info.authToken.resize(AUTH_TOKEN_LEN);
945         if (memcpy_s(info.authToken.data(), AUTH_TOKEN_LEN, output.authToken->buf, AUTH_TOKEN_LEN) != EOK) {
946             IAM_LOGE("failed to copy authToken");
947             ret = RESULT_BAD_COPY;
948             goto ERROR;
949         }
950         info.credentialId = output.credentialId;
951         CopyCredentialInfo(output.deletedCredential, info.oldInfo);
952         goto EXIT;
953     }
954 
955 ERROR:
956     (void)memset_s(info.rootSecret.data(), info.rootSecret.size(), 0, info.rootSecret.size());
957     info.rootSecret.clear();
958     (void)memset_s(info.oldRootSecret.data(), info.oldRootSecret.size(), 0, info.oldRootSecret.size());
959     info.oldRootSecret.clear();
960     (void)memset_s(info.authToken.data(), info.authToken.size(), 0, info.authToken.size());
961     info.authToken.clear();
962 
963 EXIT:
964     DestoryBuffer(output.rootSecret);
965     DestoryBuffer(output.oldRootSecret);
966     DestoryBuffer(output.authToken);
967     return ret;
968 }
969 
GetEnrollResult(int32_t userId,HdiEnrollResultInfo & info,Buffer * scheduleResultBuffer)970 static int32_t GetEnrollResult(int32_t userId, HdiEnrollResultInfo &info, Buffer *scheduleResultBuffer)
971 {
972     Buffer *authToken = nullptr;
973     Buffer *rootSecret = nullptr;
974     int32_t ret = AddCredentialFunc(userId, scheduleResultBuffer, &info.credentialId, &rootSecret, &authToken);
975     if (ret == RESULT_SUCCESS) {
976         /* Only enroll pin have authToken and rootSecret */
977         if (authToken != nullptr) {
978             info.authToken.resize(authToken->contentSize);
979             if (memcpy_s(info.authToken.data(), info.authToken.size(), authToken->buf, authToken->contentSize) != EOK) {
980                 IAM_LOGE("failed to copy authToken");
981                 info.authToken.clear();
982                 DestoryBuffer(authToken);
983                 DestoryBuffer(rootSecret);
984                 return RESULT_BAD_COPY;
985             }
986         }
987         if (rootSecret != nullptr) {
988             info.rootSecret.resize(rootSecret->contentSize);
989             if (memcpy_s(info.rootSecret.data(), info.rootSecret.size(), rootSecret->buf,
990                 rootSecret->contentSize) != EOK) {
991                 IAM_LOGE("failed to copy rootSecret");
992                 info.rootSecret.clear();
993                 ret = RESULT_BAD_COPY;
994             }
995         }
996     }
997     DestoryBuffer(authToken);
998     DestoryBuffer(rootSecret);
999     return ret;
1000 }
1001 
UpdateEnrollmentResult(int32_t userId,const std::vector<uint8_t> & scheduleResult,HdiEnrollResultInfo & info)1002 int32_t UserAuthInterfaceService::UpdateEnrollmentResult(int32_t userId, const std::vector<uint8_t> &scheduleResult,
1003     HdiEnrollResultInfo &info)
1004 {
1005     IAM_LOGI("start");
1006     if (scheduleResult.size() == 0) {
1007         IAM_LOGE("enrollToken is invalid");
1008         return RESULT_BAD_PARAM;
1009     }
1010     Buffer *scheduleResultBuffer = CreateBufferByData(&scheduleResult[0], scheduleResult.size());
1011     if (scheduleResultBuffer == nullptr) {
1012         IAM_LOGE("scheduleTokenBuffer is null");
1013         return RESULT_NO_MEMORY;
1014     }
1015     std::lock_guard<std::mutex> lock(g_mutex);
1016     bool isUpdate;
1017     int32_t ret = GetIsUpdate(&isUpdate);
1018     if (ret != RESULT_SUCCESS) {
1019         IAM_LOGE("get isUpdate failed");
1020         DestoryBuffer(scheduleResultBuffer);
1021         return ret;
1022     }
1023     if (isUpdate) {
1024         ret = GetUpdateResult(userId, info, scheduleResultBuffer);
1025         if (ret != RESULT_SUCCESS) {
1026             IAM_LOGE("GetUpdateResult failed");
1027         }
1028     } else {
1029         ret = GetEnrollResult(userId, info, scheduleResultBuffer);
1030         if (ret != RESULT_SUCCESS) {
1031             IAM_LOGE("GetEnrollResult failed");
1032         }
1033     }
1034 
1035     DestoryBuffer(scheduleResultBuffer);
1036     return ret;
1037 }
1038 
DeleteCredential(int32_t userId,uint64_t credentialId,const std::vector<uint8_t> & authToken,CredentialInfo & info)1039 int32_t UserAuthInterfaceService::DeleteCredential(int32_t userId, uint64_t credentialId,
1040     const std::vector<uint8_t> &authToken, CredentialInfo &info)
1041 {
1042     IAM_LOGI("start");
1043     if (authToken.size() != sizeof(UserAuthTokenHal)) {
1044         IAM_LOGE("authToken len is invalid");
1045         return RESULT_BAD_PARAM;
1046     }
1047     std::lock_guard<std::mutex> lock(g_mutex);
1048     CredentialDeleteParam param = {};
1049     if (memcpy_s(param.token, AUTH_TOKEN_LEN, &authToken[0], authToken.size()) != EOK) {
1050         IAM_LOGE("param token copy failed");
1051         return RESULT_BAD_COPY;
1052     }
1053     param.userId = userId;
1054     param.credentialId = credentialId;
1055     CredentialInfoHal credentialInfoHal = {};
1056     int32_t ret = DeleteCredentialFunc(param, &credentialInfoHal);
1057     if (ret != RESULT_SUCCESS) {
1058         IAM_LOGE("delete credential failed");
1059         return ret;
1060     }
1061     CopyCredentialInfo(credentialInfoHal, info);
1062     return RESULT_SUCCESS;
1063 }
1064 
GetCredential(int32_t userId,int32_t authType,std::vector<CredentialInfo> & infos)1065 int32_t UserAuthInterfaceService::GetCredential(int32_t userId, int32_t authType, std::vector<CredentialInfo> &infos)
1066 {
1067     IAM_LOGI("start");
1068     std::lock_guard<std::mutex> lock(g_mutex);
1069     LinkedList *credList = nullptr;
1070     int32_t ret = QueryCredentialFunc(userId, authType, &credList);
1071     if (ret != RESULT_SUCCESS) {
1072         IAM_LOGE("query credential failed");
1073         return ret;
1074     }
1075     infos.reserve(credList->getSize(credList));
1076     LinkedListNode *temp = credList->head;
1077     while (temp != nullptr) {
1078         if (temp->data == nullptr) {
1079             IAM_LOGE("list node is invalid");
1080             DestroyLinkedList(credList);
1081             return RESULT_UNKNOWN;
1082         }
1083         auto credentialHal = static_cast<CredentialInfoHal *>(temp->data);
1084         CredentialInfo credentialInfo = {};
1085         CopyCredentialInfo(*credentialHal, credentialInfo);
1086         infos.push_back(credentialInfo);
1087         temp = temp->next;
1088     }
1089     DestroyLinkedList(credList);
1090     return RESULT_SUCCESS;
1091 }
1092 
GetUserInfo(int32_t userId,uint64_t & secureUid,int32_t & pinSubType,std::vector<EnrolledInfo> & infos)1093 int32_t UserAuthInterfaceService::GetUserInfo(int32_t userId, uint64_t &secureUid, int32_t &pinSubType,
1094     std::vector<EnrolledInfo> &infos)
1095 {
1096     IAM_LOGI("start");
1097     std::lock_guard<std::mutex> lock(g_mutex);
1098     EnrolledInfoHal *enrolledInfoHals = nullptr;
1099     uint32_t num = 0;
1100     uint64_t pinSubTypeGet;
1101     int32_t ret = GetUserInfoFunc(userId, &secureUid, &pinSubTypeGet, &enrolledInfoHals, &num);
1102     if (ret != RESULT_SUCCESS) {
1103         IAM_LOGE("get user info failed");
1104         return ret;
1105     }
1106     pinSubType = static_cast<PinSubType>(pinSubTypeGet);
1107     for (uint32_t i = 0; i < num; ++i) {
1108         EnrolledInfo enrolledInfo = {};
1109         enrolledInfo.authType = static_cast<AuthType>(enrolledInfoHals[i].authType);
1110         enrolledInfo.enrolledId = enrolledInfoHals[i].enrolledId;
1111         infos.push_back(enrolledInfo);
1112     }
1113     free(enrolledInfoHals);
1114     return RESULT_SUCCESS;
1115 }
1116 
DeleteUser(int32_t userId,const std::vector<uint8_t> & authToken,std::vector<CredentialInfo> & deletedInfos,std::vector<uint8_t> & rootSecret)1117 int32_t UserAuthInterfaceService::DeleteUser(int32_t userId, const std::vector<uint8_t> &authToken,
1118     std::vector<CredentialInfo> &deletedInfos, std::vector<uint8_t> &rootSecret)
1119 {
1120     IAM_LOGI("start");
1121     if (authToken.size() != sizeof(UserAuthTokenHal)) {
1122         IAM_LOGE("authToken is invalid");
1123         return RESULT_BAD_PARAM;
1124     }
1125     UserAuthTokenHal authTokenStruct = {};
1126     if (memcpy_s(&authTokenStruct, sizeof(UserAuthTokenHal), &authToken[0], authToken.size()) != EOK) {
1127         IAM_LOGE("authTokenStruct copy failed");
1128         return RESULT_BAD_COPY;
1129     }
1130     int32_t ret = CheckIdmOperationToken(userId, &authTokenStruct);
1131     if (ret != RESULT_SUCCESS) {
1132         IAM_LOGE("failed to verify token");
1133         return RESULT_VERIFY_TOKEN_FAIL;
1134     }
1135     ret = EnforceDeleteUser(userId, deletedInfos);
1136     if (ret != RESULT_SUCCESS) {
1137         IAM_LOGE("oldRootSecret is invalid");
1138         return RESULT_GENERAL_ERROR;
1139     }
1140 
1141     rootSecret.resize(ROOT_SECRET_LEN);
1142     Buffer *oldRootSecret = GetCacheRootSecret(userId);
1143     if (!IsBufferValid(oldRootSecret)) {
1144         IAM_LOGE("get GetCacheRootSecret failed");
1145         return RESULT_SUCCESS;
1146     }
1147     if (memcpy_s(rootSecret.data(), rootSecret.size(), oldRootSecret->buf, oldRootSecret->contentSize) != EOK) {
1148         IAM_LOGE("rootSecret copy failed");
1149         ret = RESULT_BAD_COPY;
1150     }
1151 
1152     DestoryBuffer(oldRootSecret);
1153     return ret;
1154 }
1155 
EnforceDeleteUser(int32_t userId,std::vector<CredentialInfo> & deletedInfos)1156 int32_t UserAuthInterfaceService::EnforceDeleteUser(int32_t userId, std::vector<CredentialInfo> &deletedInfos)
1157 {
1158     IAM_LOGI("start");
1159     std::lock_guard<std::mutex> lock(g_mutex);
1160     LinkedList *credList = nullptr;
1161     int32_t ret = DeleteUserInfo(userId, &credList);
1162     if (ret != RESULT_SUCCESS) {
1163         IAM_LOGE("query credential failed");
1164         return ret;
1165     }
1166     RefreshValidTokenTime();
1167     LinkedListNode *temp = credList->head;
1168     while (temp != nullptr) {
1169         if (temp->data == nullptr) {
1170             IAM_LOGE("list node is invalid");
1171             DestroyLinkedList(credList);
1172             return RESULT_UNKNOWN;
1173         }
1174         auto credentialHal = static_cast<CredentialInfoHal *>(temp->data);
1175         CredentialInfo credentialInfo = {};
1176         CopyCredentialInfo(*credentialHal, credentialInfo);
1177         deletedInfos.push_back(credentialInfo);
1178         temp = temp->next;
1179     }
1180     DestroyLinkedList(credList);
1181     return RESULT_SUCCESS;
1182 }
1183 
verifyExecutorRegisterInfo(const HdiExecutorRegisterInfo & in,ExecutorInfoHal & out)1184 static bool verifyExecutorRegisterInfo(const HdiExecutorRegisterInfo &in, ExecutorInfoHal &out)
1185 {
1186     Buffer *execInfoMsg = CreateBufferByData(&in.signedRemoteExecutorInfo[0], in.signedRemoteExecutorInfo.size());
1187     if (!IsBufferValid(execInfoMsg)) {
1188         IAM_LOGE("execInfoMsg is invalid");
1189         return false;
1190     }
1191 
1192     bool isOk = CheckRemoteExecutorInfo(execInfoMsg, &out);
1193     DestoryBuffer(execInfoMsg);
1194     return isOk;
1195 }
1196 
CopyExecutorInfo(const HdiExecutorRegisterInfo & in,ExecutorInfoHal & out)1197 static bool CopyExecutorInfo(const HdiExecutorRegisterInfo &in, ExecutorInfoHal &out)
1198 {
1199     out.authType = in.authType;
1200     out.executorMatcher = in.executorMatcher;
1201     out.esl = in.esl;
1202     out.maxTemplateAcl = in.maxTemplateAcl;
1203     out.executorRole = in.executorRole;
1204     out.executorSensorHint = in.executorSensorHint;
1205     if (memcpy_s(out.pubKey, PUBLIC_KEY_LEN, &in.publicKey[0], in.publicKey.size()) != EOK) {
1206         IAM_LOGE("memcpy failed");
1207         return false;
1208     }
1209 
1210     std::string deviceUdid = in.deviceUdid;
1211     if (deviceUdid.empty()) {
1212         deviceUdid = g_localUdid;
1213     }
1214 
1215     if (memcpy_s(out.deviceUdid, sizeof(out.deviceUdid), deviceUdid.c_str(), deviceUdid.length()) != EOK) {
1216         IAM_LOGE("memcpy failed");
1217         return false;
1218     }
1219 
1220     if (g_localUdid != deviceUdid) {
1221         IAM_LOGI("verify remote executor register info");
1222         if (!verifyExecutorRegisterInfo(in, out)) {
1223             IAM_LOGE("verifyExecutorRegisterInfo failed");
1224             return false;
1225         }
1226         IAM_LOGI("add remote executor authType %{public}d executorRole %{public}d", in.authType, in.executorRole);
1227     } else {
1228         IAM_LOGI("add local executor authType %{public}d executorRole %{public}d", in.authType, in.executorRole);
1229     }
1230     return true;
1231 }
1232 
ObtainReconciliationData(uint32_t authType,uint32_t sensorHint,std::vector<uint64_t> & templateIds)1233 static int32_t ObtainReconciliationData(uint32_t authType, uint32_t sensorHint, std::vector<uint64_t> &templateIds)
1234 {
1235     CredentialCondition condition = {};
1236     SetCredentialConditionAuthType(&condition, authType);
1237     SetCredentialConditionExecutorSensorHint(&condition, sensorHint);
1238     SetCredentiaConditionNeedCachePin(&condition);
1239     LinkedList *credList = QueryCredentialLimit(&condition);
1240     if (credList == nullptr) {
1241         IAM_LOGE("query credential failed");
1242         return RESULT_NOT_FOUND;
1243     }
1244     LinkedListNode *temp = credList->head;
1245     while (temp != nullptr) {
1246         if (temp->data == nullptr) {
1247             IAM_LOGE("list node is invalid");
1248             DestroyLinkedList(credList);
1249             return RESULT_UNKNOWN;
1250         }
1251         auto credentialInfo = static_cast<CredentialInfoHal *>(temp->data);
1252         templateIds.push_back(credentialInfo->templateId);
1253         temp = temp->next;
1254     }
1255     DestroyLinkedList(credList);
1256     return RESULT_SUCCESS;
1257 }
1258 
AddExecutor(const HdiExecutorRegisterInfo & info,uint64_t & index,std::vector<uint8_t> & publicKey,std::vector<uint64_t> & templateIds)1259 int32_t UserAuthInterfaceService::AddExecutor(const HdiExecutorRegisterInfo &info, uint64_t &index,
1260     std::vector<uint8_t> &publicKey, std::vector<uint64_t> &templateIds)
1261 {
1262     IAM_LOGI("start");
1263     if (info.publicKey.size() != PUBLIC_KEY_LEN) {
1264         IAM_LOGE("invalid info");
1265         return RESULT_BAD_PARAM;
1266     }
1267     templateIds.clear();
1268     const Buffer *frameworkPubKey = GetPubKey();
1269     if (!IsBufferValid(frameworkPubKey)) {
1270         IAM_LOGE("get public key failed");
1271         return RESULT_UNKNOWN;
1272     }
1273     publicKey.resize(PUBLIC_KEY_LEN);
1274     if (memcpy_s(&publicKey[0], publicKey.size(), frameworkPubKey->buf, frameworkPubKey->contentSize) != EOK) {
1275         IAM_LOGE("copy public key failed");
1276         publicKey.clear();
1277         return RESULT_UNKNOWN;
1278     }
1279     std::lock_guard<std::mutex> lock(g_mutex);
1280     ExecutorInfoHal executorInfoHal = {};
1281     bool copyRet = CopyExecutorInfo(info, executorInfoHal);
1282     if (!copyRet) {
1283         IAM_LOGE("copy executor info failed");
1284         return RESULT_UNKNOWN;
1285     }
1286     int32_t ret = RegisterExecutor(&executorInfoHal, &index);
1287     if (ret != RESULT_SUCCESS) {
1288         IAM_LOGE("register executor failed");
1289         return ret;
1290     }
1291     if (info.executorRole == ALL_IN_ONE) {
1292         return ObtainReconciliationData(executorInfoHal.authType, executorInfoHal.executorSensorHint, templateIds);
1293     }
1294     return RESULT_SUCCESS;
1295 }
1296 
DeleteExecutor(uint64_t index)1297 int32_t UserAuthInterfaceService::DeleteExecutor(uint64_t index)
1298 {
1299     IAM_LOGI("start");
1300     std::lock_guard<std::mutex> lock(g_mutex);
1301     return UnRegisterExecutor(index);
1302 }
1303 
GetAllExtUserInfo(std::vector<ExtUserInfo> & userInfos)1304 int32_t UserAuthInterfaceService::GetAllExtUserInfo(std::vector<ExtUserInfo> &userInfos)
1305 {
1306     IAM_LOGI("start");
1307     UserInfoResult *userInfoResult = (UserInfoResult *)Malloc(sizeof(UserInfoResult) * MAX_USER);
1308     if (userInfoResult == NULL) {
1309         IAM_LOGE("malloc failed");
1310         return RESULT_GENERAL_ERROR;
1311     }
1312     uint32_t userInfoCount = 0;
1313     ResultCode ret = QueryAllExtUserInfoFunc(userInfoResult, MAX_USER, &userInfoCount);
1314     if (ret != RESULT_SUCCESS) {
1315         Free(userInfoResult);
1316         IAM_LOGE("QueryAllExtUserInfoFunc failed");
1317         return RESULT_GENERAL_ERROR;
1318     }
1319 
1320     for (uint32_t i = 0; i < userInfoCount; i++) {
1321         ExtUserInfo info = {};
1322         info.userId = userInfoResult[i].userId;
1323         info.userInfo.secureUid = userInfoResult[i].secUid;
1324         info.userInfo.pinSubType = static_cast<PinSubType>(userInfoResult[i].pinSubType);
1325         for (uint32_t j = 0; j < userInfoResult[i].enrollNum; j++) {
1326             EnrolledInfo enrolledInfo = {};
1327             enrolledInfo.authType = static_cast<AuthType>(userInfoResult[i].enrolledInfo[j].authType);
1328             enrolledInfo.enrolledId = userInfoResult[i].enrolledInfo[j].enrolledId;
1329             info.userInfo.enrolledInfos.push_back(enrolledInfo);
1330         }
1331         userInfos.push_back(info);
1332     }
1333 
1334     Free(userInfoResult);
1335     return RESULT_SUCCESS;
1336 }
1337 
GetEnrolledState(int32_t userId,int32_t authType,HdiEnrolledState & enrolledState)1338 int32_t UserAuthInterfaceService::GetEnrolledState(int32_t userId, int32_t authType, HdiEnrolledState &enrolledState)
1339 {
1340     IAM_LOGI("start");
1341     EnrolledStateHal *enrolledStateHal = (EnrolledStateHal *) Malloc(sizeof(EnrolledStateHal));
1342     if (enrolledStateHal == NULL) {
1343         IAM_LOGE("malloc failed");
1344         return RESULT_GENERAL_ERROR;
1345     }
1346     int32_t ret = GetEnrolledStateFunc(userId, authType, enrolledStateHal);
1347     if (ret != RESULT_SUCCESS) {
1348         Free(enrolledStateHal);
1349         IAM_LOGE("GetEnrolledState failed");
1350         return ret;
1351     }
1352     enrolledState.credentialDigest = enrolledStateHal->credentialDigest;
1353     enrolledState.credentialCount = enrolledStateHal->credentialCount;
1354 
1355     Free(enrolledStateHal);
1356     return RESULT_SUCCESS;
1357 }
1358 
CheckReuseUnlockResult(const ReuseUnlockParam & param,ReuseUnlockInfo & info)1359 int32_t UserAuthInterfaceService::CheckReuseUnlockResult(const ReuseUnlockParam& param,
1360     ReuseUnlockInfo& info)
1361 {
1362     IAM_LOGI("start reuseMode: %{public}u, reuseDuration: %{public}" PRIu64 ".", param.reuseUnlockResultMode,
1363         param.reuseUnlockResultDuration);
1364     if (param.authTypes.empty() || param.authTypes.size() > MAX_AUTH_TYPE_LEN ||
1365         param.reuseUnlockResultDuration == 0 || param.reuseUnlockResultDuration > REUSED_UNLOCK_TOKEN_PERIOD ||
1366         (param.reuseUnlockResultMode != AUTH_TYPE_RELEVANT && param.reuseUnlockResultMode != AUTH_TYPE_IRRELEVANT)) {
1367         IAM_LOGE("checkReuseUnlockResult bad param");
1368         return RESULT_BAD_PARAM;
1369     }
1370     ReuseUnlockParamHal paramHal = {};
1371     paramHal.userId = param.baseParam.userId;
1372     paramHal.authTrustLevel = param.baseParam.authTrustLevel;
1373     paramHal.reuseUnlockResultDuration = param.reuseUnlockResultDuration;
1374     paramHal.reuseUnlockResultMode = param.reuseUnlockResultMode;
1375     if (!param.baseParam.challenge.empty() &&
1376         memcpy_s(paramHal.challenge, CHALLENGE_LEN,
1377             param.baseParam.challenge.data(), param.baseParam.challenge.size()) != EOK) {
1378         IAM_LOGE("challenge copy failed");
1379         return RESULT_BAD_COPY;
1380     }
1381     paramHal.authTypeSize = param.authTypes.size();
1382     for (uint32_t i = 0; i < param.authTypes.size(); i++) {
1383         paramHal.authTypes[i] = static_cast<uint32_t>(param.authTypes[i]);
1384     }
1385     ReuseUnlockResult reuseResult = {};
1386     int32_t ret = CheckReuseUnlockResultFunc(&paramHal, &reuseResult);
1387     if (ret != RESULT_SUCCESS) {
1388         info.token.clear();
1389         IAM_LOGE("check reuse unlock result failed, ret:%{public}d", ret);
1390         return ret;
1391     }
1392     info.authType = reuseResult.authType;
1393     info.enrolledState.credentialDigest = reuseResult.enrolledState.credentialDigest;
1394     info.enrolledState.credentialCount = reuseResult.enrolledState.credentialCount;
1395     info.token.resize(AUTH_TOKEN_LEN);
1396     if (memcpy_s(info.token.data(), info.token.size(), reuseResult.token, AUTH_TOKEN_LEN) != EOK) {
1397         IAM_LOGE("copy authToken failed");
1398         info.token.clear();
1399         return RESULT_BAD_COPY;
1400     }
1401     IAM_LOGI("check reuse unlock result finish success");
1402     return RESULT_SUCCESS;
1403 }
1404 
SendMessage(uint64_t scheduleId,int32_t srcRole,const std::vector<uint8_t> & msg)1405 int32_t UserAuthInterfaceService::SendMessage(uint64_t scheduleId, int32_t srcRole, const std::vector<uint8_t>& msg)
1406 {
1407     static_cast<void>(scheduleId);
1408     static_cast<void>(srcRole);
1409     static_cast<void>(msg);
1410     return HDF_SUCCESS;
1411 }
1412 
RegisterMessageCallback(const sptr<IMessageCallback> & messageCallback)1413 int32_t UserAuthInterfaceService::RegisterMessageCallback(const sptr<IMessageCallback>& messageCallback)
1414 {
1415     static_cast<void>(messageCallback);
1416     return HDF_SUCCESS;
1417 }
1418 
PrepareRemoteAuth(const std::string & remoteUdid)1419 int32_t UserAuthInterfaceService::PrepareRemoteAuth(const std::string &remoteUdid)
1420 {
1421     IAM_LOGI("PrepareRemoteAuth");
1422     return RESULT_SUCCESS;
1423 }
1424 
CopyHdiScheduleInfo(const ScheduleInfoParam * in,HdiScheduleInfo * out)1425 static bool CopyHdiScheduleInfo(const ScheduleInfoParam *in, HdiScheduleInfo *out)
1426 {
1427     IAM_LOGI("CopyHdiScheduleInfo start");
1428     out->executorIndexes.clear();
1429     out->templateIds.clear();
1430     out->executorMessages.clear();
1431     out->scheduleId = in->scheduleId;
1432     out->authType = static_cast<AuthType>(in->authType);
1433     out->executorMatcher = static_cast<uint32_t>(in->executorMatcher);
1434     out->scheduleMode = static_cast<ScheduleMode>(in->scheduleMode);
1435     out->executorIndexes.push_back(in->executorIndex);
1436     out->executorMessages.resize(1);
1437     out->executorMessages[0].resize(in->executorMessages->contentSize);
1438     if (memcpy_s(out->executorMessages[0].data(), out->executorMessages[0].size(),
1439         in->executorMessages->buf, in->executorMessages->contentSize) != EOK) {
1440         IAM_LOGE("copy executorMessages failed");
1441         out->executorMessages.clear();
1442         out->executorIndexes.clear();
1443         return false;
1444     }
1445     return true;
1446 }
1447 
DestroyScheduleInfoParam(ScheduleInfoParam * result)1448 static void DestroyScheduleInfoParam(ScheduleInfoParam *result)
1449 {
1450     if (result == NULL) {
1451         return;
1452     }
1453     if (result->executorMessages != NULL) {
1454         DestoryBuffer(result->executorMessages);
1455     }
1456     Free(result);
1457 }
1458 
GetLocalScheduleFromMessage(const std::string & remoteUdid,const std::vector<uint8_t> & message,HdiScheduleInfo & scheduleInfo)1459 int32_t UserAuthInterfaceService::GetLocalScheduleFromMessage(const std::string &remoteUdid,
1460     const std::vector<uint8_t> &message, HdiScheduleInfo& scheduleInfo)
1461 {
1462     IAM_LOGI("GetLocalScheduleFromMessage start");
1463     if ((g_localUdid.empty()) || (remoteUdid.empty()) || (message.size() == 0)) {
1464         IAM_LOGE("param is invalid");
1465         return RESULT_BAD_PARAM;
1466     }
1467     Buffer *messageBuffer = CreateBufferByData(&message[0], message.size());
1468     if (!IsBufferValid(messageBuffer)) {
1469         IAM_LOGE("messageBuffer is invalid");
1470         return RESULT_NO_MEMORY;
1471     }
1472     std::lock_guard<std::mutex> lock(g_mutex);
1473     ScheduleInfoParam *scheduleParam = (ScheduleInfoParam *)Malloc(sizeof(ScheduleInfoParam));
1474     if (scheduleParam == NULL) {
1475         IAM_LOGE("schedule is null");
1476         DestoryBuffer(messageBuffer);
1477         return RESULT_GENERAL_ERROR;
1478     }
1479 
1480     int32_t funcRet = RESULT_GENERAL_ERROR;
1481     int32_t ret = RESULT_GENERAL_ERROR;
1482     Uint8Array remoteUdidArray = {};
1483     if (memcpy_s(scheduleParam->localUdid, sizeof(scheduleParam->localUdid), g_localUdid.c_str(),
1484         g_localUdid.length()) != EOK) {
1485         IAM_LOGE("localUdid copy failed");
1486         goto FAIL;
1487     }
1488 
1489     if (memcpy_s(scheduleParam->remoteUdid, sizeof(scheduleParam->remoteUdid), remoteUdid.c_str(),
1490         remoteUdid.length()) != EOK) {
1491         IAM_LOGE("remoteUdid copy failed");
1492         goto FAIL;
1493     }
1494 
1495     remoteUdidArray = { scheduleParam->remoteUdid, sizeof(scheduleParam->remoteUdid) };
1496 
1497     ret = GenerateScheduleFunc(messageBuffer, remoteUdidArray, scheduleParam);
1498     if (ret != RESULT_SUCCESS) {
1499         IAM_LOGE("GenerateScheduleFunc failed");
1500         goto FAIL;
1501     }
1502     if (!CopyHdiScheduleInfo(scheduleParam, &scheduleInfo)) {
1503         IAM_LOGE("copy schedule info failed");
1504         goto FAIL;
1505     }
1506 
1507     funcRet = RESULT_SUCCESS;
1508 FAIL:
1509     DestoryBuffer(messageBuffer);
1510     DestroyScheduleInfoParam(scheduleParam);
1511     return funcRet;
1512 }
1513 
DestroyExecutorInfo(void * data)1514 static void DestroyExecutorInfo(void *data)
1515 {
1516     if (data == nullptr) {
1517         IAM_LOGE("data is null");
1518         return;
1519     }
1520     Free(data);
1521 }
1522 
GetSignedExecutorInfo(const std::vector<int32_t> & authTypes,int32_t executorRole,const std::string & remoteUdid,std::vector<uint8_t> & signedExecutorInfo)1523 int32_t UserAuthInterfaceService::GetSignedExecutorInfo(const std::vector<int32_t>& authTypes, int32_t executorRole,
1524     const std::string& remoteUdid, std::vector<uint8_t>& signedExecutorInfo)
1525 {
1526     IAM_LOGI("GetSignedExecutorInfo start");
1527     if ((g_localUdid.empty()) || (remoteUdid.empty()) || (authTypes.size() == 0)) {
1528         IAM_LOGE("param is invalid");
1529         return RESULT_BAD_PARAM;
1530     }
1531     ResultCode result = RESULT_GENERAL_ERROR;
1532     LinkedList *linkedList = CreateLinkedList(DestroyExecutorInfo);
1533     if (linkedList == NULL) {
1534         IAM_LOGE("create linkedList failed");
1535         return result;
1536     }
1537     std::lock_guard<std::mutex> lock(g_mutex);
1538     for (uint32_t i = 0; i < authTypes.size(); i++) {
1539         result = GetExecutorInfoLinkedList(authTypes[i], executorRole, linkedList);
1540         if (result != RESULT_SUCCESS) {
1541             IAM_LOGE("GetExecutorInfo failed");
1542             DestroyLinkedList(linkedList);
1543             return result;
1544         }
1545     }
1546     uint8_t remoteUdidData[UDID_LEN] = {};
1547     if (memcpy_s(remoteUdidData, UDID_LEN, remoteUdid.c_str(), remoteUdid.length()) != EOK) {
1548         IAM_LOGE("remoteUdidData copy failed");
1549         DestroyLinkedList(linkedList);
1550         return RESULT_BAD_COPY;
1551     }
1552 
1553     Uint8Array remoteUdidArray = { remoteUdidData, sizeof(remoteUdidData) };
1554     Buffer *signInfo = GetSignExecutorInfoFunc(remoteUdidArray, linkedList);
1555     if (!IsBufferValid(signInfo)) {
1556         IAM_LOGE("signInfo is invalid");
1557         DestroyLinkedList(linkedList);
1558         return RESULT_NO_MEMORY;
1559     }
1560     signedExecutorInfo.resize(signInfo->contentSize);
1561     if (memcpy_s(&signedExecutorInfo[0], signedExecutorInfo.size(), signInfo->buf, signInfo->contentSize) != EOK) {
1562         IAM_LOGE("sign copy failed");
1563         result = RESULT_BAD_COPY;
1564     }
1565     DestoryBuffer(signInfo);
1566     DestroyLinkedList(linkedList);
1567     return result;
1568 }
1569 
CopyHdiAuthResultInfo(const AuthResultParam * in,HdiAuthResultInfo * out,const std::vector<uint8_t> & message)1570 static bool CopyHdiAuthResultInfo(const AuthResultParam *in, HdiAuthResultInfo *out,
1571     const std::vector<uint8_t>& message)
1572 {
1573     IAM_LOGI("CopyHdiAuthResultInfo start");
1574     out->token.clear();
1575     out->rootSecret.clear();
1576     out->remoteAuthResultMsg.clear();
1577     out->result = in->result;
1578     out->lockoutDuration = in->lockoutDuration;
1579     out->remainAttempts = in->remainAttempts;
1580     out->userId = in->userId;
1581 
1582     out->token.resize(in->token->contentSize);
1583     if (memcpy_s(out->token.data(), out->token.size(), in->token->buf, in->token->contentSize) != EOK) {
1584         IAM_LOGE("copy token failed");
1585         return false;
1586     }
1587 
1588     out->remoteAuthResultMsg.resize(message.size());
1589     if (memcpy_s(out->remoteAuthResultMsg.data(), out->remoteAuthResultMsg.size(),
1590         message.data(), message.size()) != EOK) {
1591         IAM_LOGE("copy remoteAuthResultMsg failed");
1592         return false;
1593     }
1594     return true;
1595 }
1596 
DestroyAuthResultParam(AuthResultParam * result)1597 static void DestroyAuthResultParam(AuthResultParam *result)
1598 {
1599     if (result == NULL) {
1600         return;
1601     }
1602     if (result->token != NULL) {
1603         DestoryBuffer(result->token);
1604     }
1605     if (result->remoteAuthResultMsg != NULL) {
1606         DestoryBuffer(result->remoteAuthResultMsg);
1607     }
1608     Free(result);
1609 }
1610 
GetAuthResultFromMessage(const std::string & remoteUdid,const std::vector<uint8_t> & message,HdiAuthResultInfo & authResultInfo)1611 int32_t UserAuthInterfaceService::GetAuthResultFromMessage(const std::string& remoteUdid,
1612     const std::vector<uint8_t>& message, HdiAuthResultInfo& authResultInfo)
1613 {
1614     IAM_LOGI("GetAuthResultFromMessage start");
1615     if ((g_localUdid.empty()) || (remoteUdid.empty()) || (message.size() == 0)) {
1616         IAM_LOGE("param is invalid");
1617         return RESULT_BAD_PARAM;
1618     }
1619     Buffer *messageBuffer = CreateBufferByData(&message[0], message.size());
1620     if (!IsBufferValid(messageBuffer)) {
1621         IAM_LOGE("messageBuffer is invalid");
1622         return RESULT_NO_MEMORY;
1623     }
1624     std::lock_guard<std::mutex> lock(g_mutex);
1625     AuthResultParam *authResultParam = (AuthResultParam *)Malloc(sizeof(AuthResultParam));
1626     if (authResultParam == NULL) {
1627         IAM_LOGE("authResultParam is null");
1628         DestoryBuffer(messageBuffer);
1629         return RESULT_GENERAL_ERROR;
1630     }
1631 
1632     int32_t funcRet = RESULT_GENERAL_ERROR;
1633     int32_t ret = RESULT_GENERAL_ERROR;
1634     if (memcpy_s(authResultParam->localUdid, sizeof(authResultParam->localUdid), g_localUdid.c_str(),
1635         g_localUdid.length()) != EOK) {
1636         IAM_LOGE("localUdid copy failed");
1637         goto FAIL;
1638     }
1639 
1640     if (memcpy_s(authResultParam->remoteUdid, sizeof(authResultParam->remoteUdid), remoteUdid.c_str(),
1641         remoteUdid.length()) != EOK) {
1642         IAM_LOGE("remoteUdid copy failed");
1643         goto FAIL;
1644     }
1645 
1646     ret = GenerateAuthResultFunc(messageBuffer, authResultParam);
1647     if (ret != RESULT_SUCCESS) {
1648         IAM_LOGE("GenerateAuthResultFunc failed");
1649         goto FAIL;
1650     }
1651     if (!CopyHdiAuthResultInfo(authResultParam, &authResultInfo, message)) {
1652         IAM_LOGE("copy authResult info failed");
1653         goto FAIL;
1654     }
1655     ret = CreateExecutorCommand(authResultInfo.userId, authResultInfo);
1656     if (ret != RESULT_SUCCESS) {
1657         IAM_LOGE("CreateExecutorCommand failed");
1658         goto FAIL;
1659     }
1660 
1661     funcRet = RESULT_SUCCESS;
1662 FAIL:
1663     DestoryBuffer(messageBuffer);
1664     DestroyAuthResultParam(authResultParam);
1665     return ret;
1666 }
1667 
SetGlobalConfigParam(const HdiGlobalConfigParam & param)1668 int32_t UserAuthInterfaceService::SetGlobalConfigParam(const HdiGlobalConfigParam &param)
1669 {
1670     IAM_LOGI("start");
1671     if (param.type != PIN_EXPIRED_PERIOD) {
1672         IAM_LOGE("bad global config type");
1673         return RESULT_BAD_PARAM;
1674     }
1675     GlobalConfigParamHal paramHal = {};
1676     paramHal.type = PIN_EXPIRED_PERIOD;
1677     paramHal.value.pinExpiredPeriod = NO_CHECK_PIN_EXPIRED_PERIOD;
1678     if (param.value.pinExpiredPeriod > 0) {
1679         paramHal.value.pinExpiredPeriod = param.value.pinExpiredPeriod;
1680     }
1681 
1682     uint32_t ret = SetGlobalConfigParamFunc(&paramHal);
1683     if (ret != RESULT_SUCCESS) {
1684         IAM_LOGE("SetGlobalConfigParamFunc failed");
1685     }
1686     return ret;
1687 }
1688 } // Userauth
1689 } // HDI
1690 } // OHOS