1094332d3Sopenharmony_ci/* 2094332d3Sopenharmony_ci * Copyright (c) 2022-2024 Huawei Device Co., Ltd. 3094332d3Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4094332d3Sopenharmony_ci * you may not use this file except in compliance with the License. 5094332d3Sopenharmony_ci * You may obtain a copy of the License at 6094332d3Sopenharmony_ci * 7094332d3Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8094332d3Sopenharmony_ci * 9094332d3Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10094332d3Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11094332d3Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12094332d3Sopenharmony_ci * See the License for the specific language governing permissions and 13094332d3Sopenharmony_ci * limitations under the License. 14094332d3Sopenharmony_ci */ 15094332d3Sopenharmony_ci 16094332d3Sopenharmony_ci#include "pin_auth.h" 17094332d3Sopenharmony_ci 18094332d3Sopenharmony_ci#include <map> 19094332d3Sopenharmony_ci#include <sys/stat.h> 20094332d3Sopenharmony_ci#include <vector> 21094332d3Sopenharmony_ci#include <unistd.h> 22094332d3Sopenharmony_ci#include <pthread.h> 23094332d3Sopenharmony_ci 24094332d3Sopenharmony_ci#include "parameter.h" 25094332d3Sopenharmony_ci#include "securec.h" 26094332d3Sopenharmony_ci#include "sysparam_errno.h" 27094332d3Sopenharmony_ci 28094332d3Sopenharmony_ci#include "adaptor_memory.h" 29094332d3Sopenharmony_ci#include "adaptor_log.h" 30094332d3Sopenharmony_ci#include "all_in_one_func.h" 31094332d3Sopenharmony_ci#include "collector_func.h" 32094332d3Sopenharmony_ci#include "executor_func_common.h" 33094332d3Sopenharmony_ci#include "pin_auth_hdi.h" 34094332d3Sopenharmony_ci#include "verifier_func.h" 35094332d3Sopenharmony_ci 36094332d3Sopenharmony_cinamespace OHOS { 37094332d3Sopenharmony_cinamespace UserIam { 38094332d3Sopenharmony_cinamespace PinAuth { 39094332d3Sopenharmony_cinamespace { 40094332d3Sopenharmony_ciconstexpr uint32_t MAX_TEMPLATEID_LEN = 32; 41094332d3Sopenharmony_cistd::map<int32_t, ResultCodeForCoAuth> g_convertResult = { 42094332d3Sopenharmony_ci {RESULT_SUCCESS, ResultCodeForCoAuth::SUCCESS}, 43094332d3Sopenharmony_ci {RESULT_BAD_PARAM, ResultCodeForCoAuth::INVALID_PARAMETERS}, 44094332d3Sopenharmony_ci {RESULT_COMPARE_FAIL, ResultCodeForCoAuth::FAIL}, 45094332d3Sopenharmony_ci {RESULT_BUSY, ResultCodeForCoAuth::BUSY}, 46094332d3Sopenharmony_ci {RESULT_PIN_FREEZE, ResultCodeForCoAuth::LOCKED}, 47094332d3Sopenharmony_ci {RESULT_BAD_COPY, ResultCodeForCoAuth::GENERAL_ERROR}, 48094332d3Sopenharmony_ci {RESULT_GENERAL_ERROR, ResultCodeForCoAuth::GENERAL_ERROR}, 49094332d3Sopenharmony_ci}; 50094332d3Sopenharmony_ci} 51094332d3Sopenharmony_ci 52094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 53094332d3Sopenharmony_ciint32_t PinAuth::Init() 54094332d3Sopenharmony_ci{ 55094332d3Sopenharmony_ci LOG_INFO("start"); 56094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 57094332d3Sopenharmony_ci if (!LoadPinDb()) { 58094332d3Sopenharmony_ci LOG_ERROR("LoadPinDb fail!"); 59094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_GENERAL_ERROR); 60094332d3Sopenharmony_ci } 61094332d3Sopenharmony_ci if (GenerateAllInOneKeyPair() != RESULT_SUCCESS) { 62094332d3Sopenharmony_ci LOG_ERROR("GenerateAllInOneKeyPair fail!"); 63094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_GENERAL_ERROR); 64094332d3Sopenharmony_ci } 65094332d3Sopenharmony_ci if (GenerateCollectorKeyPair() != RESULT_SUCCESS) { 66094332d3Sopenharmony_ci LOG_ERROR("GenerateCollectorKeyPair fail!"); 67094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_GENERAL_ERROR); 68094332d3Sopenharmony_ci } 69094332d3Sopenharmony_ci if (GenerateVerifierKeyPair() != RESULT_SUCCESS) { 70094332d3Sopenharmony_ci LOG_ERROR("GenerateVerifierKeyPair fail!"); 71094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_GENERAL_ERROR); 72094332d3Sopenharmony_ci } 73094332d3Sopenharmony_ci LOG_INFO("InIt pinAuth succ"); 74094332d3Sopenharmony_ci 75094332d3Sopenharmony_ci return RESULT_SUCCESS; 76094332d3Sopenharmony_ci} 77094332d3Sopenharmony_ci 78094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 79094332d3Sopenharmony_ciint32_t PinAuth::Close() 80094332d3Sopenharmony_ci{ 81094332d3Sopenharmony_ci LOG_INFO("start"); 82094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 83094332d3Sopenharmony_ci DestroyAllInOneKeyPair(); 84094332d3Sopenharmony_ci DestroyCollectorKeyPair(); 85094332d3Sopenharmony_ci DestroyVerifierKeyPair(); 86094332d3Sopenharmony_ci DestroyPinDb(); 87094332d3Sopenharmony_ci LOG_INFO("Close pinAuth succ"); 88094332d3Sopenharmony_ci 89094332d3Sopenharmony_ci return RESULT_SUCCESS; 90094332d3Sopenharmony_ci} 91094332d3Sopenharmony_ci 92094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 93094332d3Sopenharmony_ciint32_t PinAuth::PinResultToCoAuthResult(int32_t resultCode) 94094332d3Sopenharmony_ci{ 95094332d3Sopenharmony_ci LOG_INFO("PinAuth::PinResultToCoAuthResult enter"); 96094332d3Sopenharmony_ci if (g_convertResult.count(resultCode) == 0) { 97094332d3Sopenharmony_ci LOG_ERROR("PinResult and CoauthResult not match, convert GENERAL_ERROR"); 98094332d3Sopenharmony_ci return ResultCodeForCoAuth::GENERAL_ERROR; 99094332d3Sopenharmony_ci } else { 100094332d3Sopenharmony_ci return g_convertResult[resultCode]; 101094332d3Sopenharmony_ci } 102094332d3Sopenharmony_ci} 103094332d3Sopenharmony_ci 104094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 105094332d3Sopenharmony_ciint32_t PinAuth::EnrollPin(uint64_t scheduleId, uint64_t subType, std::vector<uint8_t> &salt, 106094332d3Sopenharmony_ci const std::vector<uint8_t> &pinData, std::vector<uint8_t> &resultTlv) 107094332d3Sopenharmony_ci{ 108094332d3Sopenharmony_ci LOG_INFO("start"); 109094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 110094332d3Sopenharmony_ci if (salt.size() != CONST_SALT_LEN || pinData.size() != CONST_PIN_DATA_LEN) { 111094332d3Sopenharmony_ci LOG_ERROR("get bad params!"); 112094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_BAD_PARAM); 113094332d3Sopenharmony_ci } 114094332d3Sopenharmony_ci PinEnrollParam pinEnrollParam = {}; 115094332d3Sopenharmony_ci pinEnrollParam.scheduleId = scheduleId; 116094332d3Sopenharmony_ci pinEnrollParam.subType = subType; 117094332d3Sopenharmony_ci if (memcpy_s(&(pinEnrollParam.salt[0]), CONST_SALT_LEN, salt.data(), CONST_SALT_LEN) != EOK) { 118094332d3Sopenharmony_ci LOG_ERROR("copy salt to pinEnrollParam fail!"); 119094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_BAD_COPY); 120094332d3Sopenharmony_ci } 121094332d3Sopenharmony_ci if (memcpy_s(&(pinEnrollParam.pinData[0]), CONST_PIN_DATA_LEN, pinData.data(), CONST_PIN_DATA_LEN) != EOK) { 122094332d3Sopenharmony_ci LOG_ERROR("copy pinData to pinEnrollParam fail!"); 123094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_BAD_COPY); 124094332d3Sopenharmony_ci } 125094332d3Sopenharmony_ci Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN); 126094332d3Sopenharmony_ci if (!IsBufferValid(retTlv)) { 127094332d3Sopenharmony_ci LOG_ERROR("retTlv is unValid!"); 128094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_GENERAL_ERROR); 129094332d3Sopenharmony_ci } 130094332d3Sopenharmony_ci ResultCode result = DoEnrollPin(&pinEnrollParam, retTlv); 131094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 132094332d3Sopenharmony_ci LOG_ERROR("DoEnrollPin fail!"); 133094332d3Sopenharmony_ci goto ERROR; 134094332d3Sopenharmony_ci } 135094332d3Sopenharmony_ci 136094332d3Sopenharmony_ci resultTlv.resize(retTlv->contentSize); 137094332d3Sopenharmony_ci if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) { 138094332d3Sopenharmony_ci LOG_ERROR("copy retTlv to resultTlv fail!"); 139094332d3Sopenharmony_ci result = RESULT_BAD_COPY; 140094332d3Sopenharmony_ci goto ERROR; 141094332d3Sopenharmony_ci } 142094332d3Sopenharmony_ci 143094332d3Sopenharmony_ciERROR: 144094332d3Sopenharmony_ci DestroyBuffer(retTlv); 145094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 146094332d3Sopenharmony_ci} 147094332d3Sopenharmony_ci 148094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 149094332d3Sopenharmony_ciint32_t PinAuth::GenerateAlgoParameter(std::vector<uint8_t> &algoParameter, uint32_t &algoVersion) 150094332d3Sopenharmony_ci{ 151094332d3Sopenharmony_ci LOG_INFO("start"); 152094332d3Sopenharmony_ci static constexpr uint32_t deviceUuidLength = 65; 153094332d3Sopenharmony_ci char localDeviceId[deviceUuidLength] = {0}; 154094332d3Sopenharmony_ci if (GetDevUdid(localDeviceId, deviceUuidLength) != EC_SUCCESS) { 155094332d3Sopenharmony_ci LOG_ERROR("GetDevUdid failed"); 156094332d3Sopenharmony_ci return GENERAL_ERROR; 157094332d3Sopenharmony_ci } 158094332d3Sopenharmony_ci uint32_t algoParameterLen = CONST_SALT_LEN; 159094332d3Sopenharmony_ci algoParameter.resize(algoParameterLen); 160094332d3Sopenharmony_ci int32_t result = DoGenerateAlgoParameter(algoParameter.data(), &algoParameterLen, &algoVersion, 161094332d3Sopenharmony_ci (uint8_t *)&(localDeviceId[0]), deviceUuidLength); 162094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 163094332d3Sopenharmony_ci LOG_ERROR("DoGenerateAlgoParameter fail!"); 164094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 165094332d3Sopenharmony_ci } 166094332d3Sopenharmony_ci if (algoParameterLen != CONST_SALT_LEN) { 167094332d3Sopenharmony_ci LOG_ERROR("algoParameterLen is error!"); 168094332d3Sopenharmony_ci return GENERAL_ERROR; 169094332d3Sopenharmony_ci } 170094332d3Sopenharmony_ci 171094332d3Sopenharmony_ci return SUCCESS; 172094332d3Sopenharmony_ci} 173094332d3Sopenharmony_ci 174094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 175094332d3Sopenharmony_ciint32_t PinAuth::AllInOneAuth( 176094332d3Sopenharmony_ci uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &extraInfo, PinAlgoParam &pinAlgoParam) 177094332d3Sopenharmony_ci{ 178094332d3Sopenharmony_ci LOG_INFO("start"); 179094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 180094332d3Sopenharmony_ci AlgoParamOut authAlgoParam = {}; 181094332d3Sopenharmony_ci ResultCode result = DoAllInOneAuth(scheduleId, templateId, extraInfo.data(), extraInfo.size(), &authAlgoParam); 182094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 183094332d3Sopenharmony_ci LOG_ERROR("DoAllInOneAuth fail!"); 184094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 185094332d3Sopenharmony_ci } 186094332d3Sopenharmony_ci pinAlgoParam.algoVersion = authAlgoParam.algoVersion; 187094332d3Sopenharmony_ci pinAlgoParam.subType = authAlgoParam.subType; 188094332d3Sopenharmony_ci int32_t transResult = SetVectorByBuffer( 189094332d3Sopenharmony_ci pinAlgoParam.algoParameter, authAlgoParam.algoParameter, sizeof(authAlgoParam.algoParameter)); 190094332d3Sopenharmony_ci if (transResult != RESULT_SUCCESS) { 191094332d3Sopenharmony_ci LOG_ERROR("set algoParameter fail!"); 192094332d3Sopenharmony_ci return PinResultToCoAuthResult(transResult); 193094332d3Sopenharmony_ci } 194094332d3Sopenharmony_ci transResult = SetVectorByBuffer(pinAlgoParam.challenge, authAlgoParam.challenge, sizeof(authAlgoParam.challenge)); 195094332d3Sopenharmony_ci if (transResult != RESULT_SUCCESS) { 196094332d3Sopenharmony_ci LOG_ERROR("set challenge fail!"); 197094332d3Sopenharmony_ci return PinResultToCoAuthResult(transResult); 198094332d3Sopenharmony_ci } 199094332d3Sopenharmony_ci 200094332d3Sopenharmony_ci return RESULT_SUCCESS; 201094332d3Sopenharmony_ci} 202094332d3Sopenharmony_ci 203094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 204094332d3Sopenharmony_ciint32_t PinAuth::AuthPin(uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &pinData, 205094332d3Sopenharmony_ci std::vector<uint8_t> &resultTlv) 206094332d3Sopenharmony_ci{ 207094332d3Sopenharmony_ci LOG_INFO("start"); 208094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 209094332d3Sopenharmony_ci if (pinData.size() != CONST_PIN_DATA_LEN) { 210094332d3Sopenharmony_ci LOG_ERROR("bad pinData len!"); 211094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_BAD_PARAM); 212094332d3Sopenharmony_ci } 213094332d3Sopenharmony_ci 214094332d3Sopenharmony_ci PinAuthParam pinAuthParam = {}; 215094332d3Sopenharmony_ci pinAuthParam.scheduleId = scheduleId; 216094332d3Sopenharmony_ci pinAuthParam.templateId = templateId; 217094332d3Sopenharmony_ci if (memcpy_s(&(pinAuthParam.pinData[0]), CONST_PIN_DATA_LEN, pinData.data(), pinData.size()) != EOK) { 218094332d3Sopenharmony_ci LOG_ERROR("mem copy pinData to pinAuthParam fail!"); 219094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_BAD_COPY); 220094332d3Sopenharmony_ci } 221094332d3Sopenharmony_ci Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN); 222094332d3Sopenharmony_ci if (!IsBufferValid(retTlv)) { 223094332d3Sopenharmony_ci LOG_ERROR("retTlv is unValid!"); 224094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_GENERAL_ERROR); 225094332d3Sopenharmony_ci } 226094332d3Sopenharmony_ci ResultCode compareRet = RESULT_COMPARE_FAIL; 227094332d3Sopenharmony_ci ResultCode result = DoAuthPin(&pinAuthParam, retTlv, &compareRet); 228094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 229094332d3Sopenharmony_ci LOG_ERROR("DoAuthPin fail!"); 230094332d3Sopenharmony_ci goto ERROR; 231094332d3Sopenharmony_ci } 232094332d3Sopenharmony_ci resultTlv.resize(retTlv->contentSize); 233094332d3Sopenharmony_ci if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) { 234094332d3Sopenharmony_ci LOG_ERROR("copy retTlv to resultTlv fail!"); 235094332d3Sopenharmony_ci result = RESULT_GENERAL_ERROR; 236094332d3Sopenharmony_ci goto ERROR; 237094332d3Sopenharmony_ci } 238094332d3Sopenharmony_ci result = compareRet; 239094332d3Sopenharmony_ci 240094332d3Sopenharmony_ciERROR: 241094332d3Sopenharmony_ci DestroyBuffer(retTlv); 242094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 243094332d3Sopenharmony_ci} 244094332d3Sopenharmony_ci 245094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 246094332d3Sopenharmony_ciint32_t PinAuth::QueryPinInfo(uint64_t templateId, PinCredentialInfo &pinCredentialInfoRet) 247094332d3Sopenharmony_ci{ 248094332d3Sopenharmony_ci LOG_INFO("start"); 249094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 250094332d3Sopenharmony_ci PinCredentialInfos pinCredentialInfosRet = {}; 251094332d3Sopenharmony_ci int32_t result = DoQueryPinInfo(templateId, &pinCredentialInfosRet); 252094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 253094332d3Sopenharmony_ci LOG_ERROR("DoQueryPinInfo fail!"); 254094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 255094332d3Sopenharmony_ci } 256094332d3Sopenharmony_ci pinCredentialInfoRet.subType = pinCredentialInfosRet.subType; 257094332d3Sopenharmony_ci pinCredentialInfoRet.remainTimes = pinCredentialInfosRet.remainTimes; 258094332d3Sopenharmony_ci pinCredentialInfoRet.freezingTime = pinCredentialInfosRet.freezeTime; 259094332d3Sopenharmony_ci pinCredentialInfoRet.nextFailLockoutDuration = pinCredentialInfosRet.nextFailLockoutDuration; 260094332d3Sopenharmony_ci 261094332d3Sopenharmony_ci return RESULT_SUCCESS; 262094332d3Sopenharmony_ci} 263094332d3Sopenharmony_ci 264094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 265094332d3Sopenharmony_ciint32_t PinAuth::DeleteTemplate(uint64_t templateId) 266094332d3Sopenharmony_ci{ 267094332d3Sopenharmony_ci LOG_INFO("start"); 268094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 269094332d3Sopenharmony_ci ResultCode result = DoDeleteTemplate(templateId); 270094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 271094332d3Sopenharmony_ci LOG_ERROR("DoDeleteTemplate fail!"); 272094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_GENERAL_ERROR); 273094332d3Sopenharmony_ci } 274094332d3Sopenharmony_ci 275094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 276094332d3Sopenharmony_ci} 277094332d3Sopenharmony_ci 278094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 279094332d3Sopenharmony_ciint32_t PinAuth::GetExecutorInfo(int32_t executorRole, std::vector<uint8_t> &pubKey, uint32_t &esl, 280094332d3Sopenharmony_ci uint32_t &maxTemplateAcl) 281094332d3Sopenharmony_ci{ 282094332d3Sopenharmony_ci LOG_INFO("start"); 283094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 284094332d3Sopenharmony_ci PinExecutorInfo pinExecutorInfo = {}; 285094332d3Sopenharmony_ci int32_t result = RESULT_GENERAL_ERROR; 286094332d3Sopenharmony_ci switch (executorRole) { 287094332d3Sopenharmony_ci case HDI::PinAuth::HdiExecutorRole::ALL_IN_ONE: 288094332d3Sopenharmony_ci result = DoGetAllInOneExecutorInfo(&pinExecutorInfo); 289094332d3Sopenharmony_ci break; 290094332d3Sopenharmony_ci case HDI::PinAuth::HdiExecutorRole::COLLECTOR: 291094332d3Sopenharmony_ci result = DoGetCollectorExecutorInfo(&pinExecutorInfo); 292094332d3Sopenharmony_ci break; 293094332d3Sopenharmony_ci case HDI::PinAuth::HdiExecutorRole::VERIFIER: 294094332d3Sopenharmony_ci result = DoGetVerifierExecutorInfo(&pinExecutorInfo); 295094332d3Sopenharmony_ci break; 296094332d3Sopenharmony_ci default: 297094332d3Sopenharmony_ci LOG_ERROR("unknown role"); 298094332d3Sopenharmony_ci break; 299094332d3Sopenharmony_ci } 300094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 301094332d3Sopenharmony_ci LOG_ERROR("DoGetExecutorInfo fail!"); 302094332d3Sopenharmony_ci goto ERROR; 303094332d3Sopenharmony_ci } 304094332d3Sopenharmony_ci esl = pinExecutorInfo.esl; 305094332d3Sopenharmony_ci maxTemplateAcl = pinExecutorInfo.maxTemplateAcl; 306094332d3Sopenharmony_ci pubKey.resize(ED25519_FIX_PUBKEY_BUFFER_SIZE); 307094332d3Sopenharmony_ci if (memcpy_s(pubKey.data(), ED25519_FIX_PUBKEY_BUFFER_SIZE, 308094332d3Sopenharmony_ci pinExecutorInfo.pubKey, ED25519_FIX_PUBKEY_BUFFER_SIZE) != EOK) { 309094332d3Sopenharmony_ci LOG_ERROR("copy pinExecutorInfo to pubKey fail!"); 310094332d3Sopenharmony_ci result = RESULT_GENERAL_ERROR; 311094332d3Sopenharmony_ci goto ERROR; 312094332d3Sopenharmony_ci } 313094332d3Sopenharmony_ci 314094332d3Sopenharmony_ciERROR: 315094332d3Sopenharmony_ci static_cast<void>(memset_s( 316094332d3Sopenharmony_ci pinExecutorInfo.pubKey, ED25519_FIX_PUBKEY_BUFFER_SIZE, 0, ED25519_FIX_PUBKEY_BUFFER_SIZE)); 317094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 318094332d3Sopenharmony_ci} 319094332d3Sopenharmony_ci 320094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 321094332d3Sopenharmony_ciint32_t PinAuth::SetAllInOneFwkParam( 322094332d3Sopenharmony_ci const std::vector<uint64_t> &templateIdList, const std::vector<uint8_t> &frameworkPublicKey) 323094332d3Sopenharmony_ci{ 324094332d3Sopenharmony_ci LOG_INFO("start"); 325094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 326094332d3Sopenharmony_ci uint32_t templateIdListLen = templateIdList.size(); 327094332d3Sopenharmony_ci if (templateIdListLen > MAX_TEMPLATEID_LEN) { 328094332d3Sopenharmony_ci LOG_ERROR("check templateIdListLen fail!"); 329094332d3Sopenharmony_ci return PinResultToCoAuthResult(RESULT_GENERAL_ERROR); 330094332d3Sopenharmony_ci } 331094332d3Sopenharmony_ci ResultCode result = DoSetAllInOneFwkParam( 332094332d3Sopenharmony_ci &templateIdList[0], templateIdListLen, frameworkPublicKey.data(), frameworkPublicKey.size()); 333094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 334094332d3Sopenharmony_ci LOG_ERROR("DoSetAllInOneFwkParam fail!"); 335094332d3Sopenharmony_ci } 336094332d3Sopenharmony_ci 337094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 338094332d3Sopenharmony_ci} 339094332d3Sopenharmony_ci 340094332d3Sopenharmony_civoid PinAuth::WriteAntiBrute(uint64_t templateId) 341094332d3Sopenharmony_ci{ 342094332d3Sopenharmony_ci LOG_INFO("start"); 343094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 344094332d3Sopenharmony_ci if (DoWriteAntiBruteInfoToFile(templateId) != RESULT_SUCCESS) { 345094332d3Sopenharmony_ci LOG_ERROR("DoWriteAntiBruteInfoToFile fail!"); 346094332d3Sopenharmony_ci } 347094332d3Sopenharmony_ci} 348094332d3Sopenharmony_ci 349094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 350094332d3Sopenharmony_ciint32_t PinAuth::SetCollectorFwkParam(const std::vector<uint8_t> &frameworkPublicKey) 351094332d3Sopenharmony_ci{ 352094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 353094332d3Sopenharmony_ci int32_t result = DoSetCollectorFwkParam(frameworkPublicKey.data(), frameworkPublicKey.size()); 354094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 355094332d3Sopenharmony_ci LOG_ERROR("DoSetCollectorFwkParam fail!"); 356094332d3Sopenharmony_ci } 357094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 358094332d3Sopenharmony_ci} 359094332d3Sopenharmony_ci 360094332d3Sopenharmony_ciint32_t PinAuth::SetVectorByBuffer(std::vector<uint8_t> &vec, const uint8_t *buf, uint32_t bufSize) 361094332d3Sopenharmony_ci{ 362094332d3Sopenharmony_ci if (bufSize == 0) { 363094332d3Sopenharmony_ci vec.clear(); 364094332d3Sopenharmony_ci return RESULT_SUCCESS; 365094332d3Sopenharmony_ci } 366094332d3Sopenharmony_ci vec.resize(bufSize); 367094332d3Sopenharmony_ci if (memcpy_s(vec.data(), vec.size(), buf, bufSize) != EOK) { 368094332d3Sopenharmony_ci LOG_ERROR("copy buf fail!"); 369094332d3Sopenharmony_ci return RESULT_BAD_COPY; 370094332d3Sopenharmony_ci } 371094332d3Sopenharmony_ci return RESULT_SUCCESS; 372094332d3Sopenharmony_ci} 373094332d3Sopenharmony_ci 374094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 375094332d3Sopenharmony_ciint32_t PinAuth::Collect(uint64_t scheduleId, const std::vector<uint8_t> &extraInfo, std::vector<uint8_t> &msg) 376094332d3Sopenharmony_ci{ 377094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 378094332d3Sopenharmony_ci uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN]; 379094332d3Sopenharmony_ci if (out == nullptr) { 380094332d3Sopenharmony_ci LOG_ERROR("malloc out fail!"); 381094332d3Sopenharmony_ci return GENERAL_ERROR; 382094332d3Sopenharmony_ci } 383094332d3Sopenharmony_ci uint32_t outSize = MAX_EXECUTOR_MSG_LEN; 384094332d3Sopenharmony_ci int32_t result = DoCollect(scheduleId, extraInfo.data(), extraInfo.size(), out, &outSize); 385094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 386094332d3Sopenharmony_ci LOG_ERROR("DoCollect fail!"); 387094332d3Sopenharmony_ci delete[] out; 388094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 389094332d3Sopenharmony_ci } 390094332d3Sopenharmony_ci result = SetVectorByBuffer(msg, out, outSize); 391094332d3Sopenharmony_ci delete[] out; 392094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 393094332d3Sopenharmony_ci LOG_ERROR("set msg fail!"); 394094332d3Sopenharmony_ci } 395094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 396094332d3Sopenharmony_ci} 397094332d3Sopenharmony_ci 398094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 399094332d3Sopenharmony_ciint32_t PinAuth::CancelCollect() 400094332d3Sopenharmony_ci{ 401094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 402094332d3Sopenharmony_ci int32_t result = DoCancelCollect(); 403094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 404094332d3Sopenharmony_ci LOG_ERROR("DoCancelCollect fail!"); 405094332d3Sopenharmony_ci } 406094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 407094332d3Sopenharmony_ci} 408094332d3Sopenharmony_ci 409094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 410094332d3Sopenharmony_ciint32_t PinAuth::SendMessageToCollector( 411094332d3Sopenharmony_ci uint64_t scheduleId, const std::vector<uint8_t> &msg, PinAlgoParam &pinAlgoParam) 412094332d3Sopenharmony_ci{ 413094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 414094332d3Sopenharmony_ci AlgoParamOut algoParam = {}; 415094332d3Sopenharmony_ci int32_t result = DoSendMessageToCollector(scheduleId, msg.data(), msg.size(), &algoParam); 416094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 417094332d3Sopenharmony_ci LOG_ERROR("DoSendMessageToCollector fail!"); 418094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 419094332d3Sopenharmony_ci } 420094332d3Sopenharmony_ci pinAlgoParam.algoVersion = algoParam.algoVersion; 421094332d3Sopenharmony_ci pinAlgoParam.subType = algoParam.subType; 422094332d3Sopenharmony_ci result = SetVectorByBuffer(pinAlgoParam.algoParameter, algoParam.algoParameter, sizeof(algoParam.algoParameter)); 423094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 424094332d3Sopenharmony_ci LOG_ERROR("set algoParameter fail!"); 425094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 426094332d3Sopenharmony_ci } 427094332d3Sopenharmony_ci result = SetVectorByBuffer(pinAlgoParam.challenge, algoParam.challenge, sizeof(algoParam.challenge)); 428094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 429094332d3Sopenharmony_ci LOG_ERROR("set challenge fail!"); 430094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 431094332d3Sopenharmony_ci } 432094332d3Sopenharmony_ci 433094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 434094332d3Sopenharmony_ci} 435094332d3Sopenharmony_ci 436094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 437094332d3Sopenharmony_ciint32_t PinAuth::SetDataToCollector(uint64_t scheduleId, const std::vector<uint8_t> &data, std::vector<uint8_t> &msg) 438094332d3Sopenharmony_ci{ 439094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 440094332d3Sopenharmony_ci int32_t result = RESULT_GENERAL_ERROR; 441094332d3Sopenharmony_ci uint8_t *pinData = const_cast<uint8_t *>(data.data()); 442094332d3Sopenharmony_ci uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN]; 443094332d3Sopenharmony_ci uint32_t outSize = MAX_EXECUTOR_MSG_LEN; 444094332d3Sopenharmony_ci if (out == nullptr) { 445094332d3Sopenharmony_ci LOG_ERROR("new out fail!"); 446094332d3Sopenharmony_ci goto EXIT; 447094332d3Sopenharmony_ci } 448094332d3Sopenharmony_ci result = DoSetDataToCollector(scheduleId, pinData, data.size(), out, &outSize); 449094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 450094332d3Sopenharmony_ci LOG_ERROR("DoSetDataToCollector fail!"); 451094332d3Sopenharmony_ci goto EXIT; 452094332d3Sopenharmony_ci } 453094332d3Sopenharmony_ci result = SetVectorByBuffer(msg, out, outSize); 454094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 455094332d3Sopenharmony_ci LOG_ERROR("set msg fail!"); 456094332d3Sopenharmony_ci } 457094332d3Sopenharmony_ci 458094332d3Sopenharmony_ciEXIT: 459094332d3Sopenharmony_ci if (data.size() != 0) { 460094332d3Sopenharmony_ci (void)memset_s(pinData, data.size(), 0, data.size()); 461094332d3Sopenharmony_ci } 462094332d3Sopenharmony_ci if (out != nullptr) { 463094332d3Sopenharmony_ci delete[] out; 464094332d3Sopenharmony_ci } 465094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 466094332d3Sopenharmony_ci} 467094332d3Sopenharmony_ci 468094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 469094332d3Sopenharmony_ciint32_t PinAuth::SetVerifierFwkParam(const std::vector<uint8_t> &frameworkPublicKey) 470094332d3Sopenharmony_ci{ 471094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 472094332d3Sopenharmony_ci int32_t result = DoSetVerifierFwkParam(frameworkPublicKey.data(), frameworkPublicKey.size()); 473094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 474094332d3Sopenharmony_ci LOG_ERROR("DoSetVerifierFwkParam fail!"); 475094332d3Sopenharmony_ci } 476094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 477094332d3Sopenharmony_ci} 478094332d3Sopenharmony_ci 479094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 480094332d3Sopenharmony_ciint32_t PinAuth::VerifierAuth( 481094332d3Sopenharmony_ci uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &extraInfo, std::vector<uint8_t> &msgOut) 482094332d3Sopenharmony_ci{ 483094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 484094332d3Sopenharmony_ci uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN]; 485094332d3Sopenharmony_ci if (out == nullptr) { 486094332d3Sopenharmony_ci LOG_ERROR("new out fail!"); 487094332d3Sopenharmony_ci return GENERAL_ERROR; 488094332d3Sopenharmony_ci } 489094332d3Sopenharmony_ci VerifierMsg verifierMsg = { 490094332d3Sopenharmony_ci .msgIn = const_cast<uint8_t *>(extraInfo.data()), 491094332d3Sopenharmony_ci .msgInSize = extraInfo.size(), 492094332d3Sopenharmony_ci .msgOut = out, 493094332d3Sopenharmony_ci .msgOutSize = MAX_EXECUTOR_MSG_LEN, 494094332d3Sopenharmony_ci .isAuthEnd = false, 495094332d3Sopenharmony_ci .authResult = RESULT_GENERAL_ERROR, 496094332d3Sopenharmony_ci }; 497094332d3Sopenharmony_ci int32_t result = DoVerifierAuth(scheduleId, templateId, &verifierMsg); 498094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 499094332d3Sopenharmony_ci LOG_ERROR("DoVerifierAuth fail!"); 500094332d3Sopenharmony_ci delete[] out; 501094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 502094332d3Sopenharmony_ci } 503094332d3Sopenharmony_ci if (verifierMsg.authResult == RESULT_SUCCESS) { 504094332d3Sopenharmony_ci delete[] out; 505094332d3Sopenharmony_ci return SUCCESS; 506094332d3Sopenharmony_ci } 507094332d3Sopenharmony_ci result = SetVectorByBuffer(msgOut, verifierMsg.msgOut, verifierMsg.msgOutSize); 508094332d3Sopenharmony_ci delete[] out; 509094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 510094332d3Sopenharmony_ci LOG_ERROR("set msg fail!"); 511094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 512094332d3Sopenharmony_ci } 513094332d3Sopenharmony_ci return PinResultToCoAuthResult(verifierMsg.authResult); 514094332d3Sopenharmony_ci} 515094332d3Sopenharmony_ci 516094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 517094332d3Sopenharmony_ciint32_t PinAuth::CancelVerifierAuth() 518094332d3Sopenharmony_ci{ 519094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 520094332d3Sopenharmony_ci int32_t result = DoCancelVerifierAuth(); 521094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 522094332d3Sopenharmony_ci LOG_ERROR("DoCancelVerifierAuth fail!"); 523094332d3Sopenharmony_ci } 524094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 525094332d3Sopenharmony_ci} 526094332d3Sopenharmony_ci 527094332d3Sopenharmony_ci/* This is for example only, Should be implemented in trusted environment. */ 528094332d3Sopenharmony_ciint32_t PinAuth::SendMessageToVerifier(uint64_t scheduleId, 529094332d3Sopenharmony_ci const std::vector<uint8_t> &msgIn, std::vector<uint8_t> &msgOut, bool &isAuthEnd, int32_t &compareResult) 530094332d3Sopenharmony_ci{ 531094332d3Sopenharmony_ci std::lock_guard<std::mutex> gurard(mutex_); 532094332d3Sopenharmony_ci uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN]; 533094332d3Sopenharmony_ci if (out == nullptr) { 534094332d3Sopenharmony_ci LOG_ERROR("new out fail!"); 535094332d3Sopenharmony_ci return GENERAL_ERROR; 536094332d3Sopenharmony_ci } 537094332d3Sopenharmony_ci VerifierMsg verifierMsg = { 538094332d3Sopenharmony_ci .msgIn = const_cast<uint8_t *>(msgIn.data()), 539094332d3Sopenharmony_ci .msgInSize = msgIn.size(), 540094332d3Sopenharmony_ci .msgOut = out, 541094332d3Sopenharmony_ci .msgOutSize = MAX_EXECUTOR_MSG_LEN, 542094332d3Sopenharmony_ci .isAuthEnd = false, 543094332d3Sopenharmony_ci .authResult = RESULT_GENERAL_ERROR, 544094332d3Sopenharmony_ci }; 545094332d3Sopenharmony_ci int32_t result = DoSendMessageToVerifier(scheduleId, &verifierMsg); 546094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 547094332d3Sopenharmony_ci LOG_ERROR("DoSendMessageToVerifier fail!"); 548094332d3Sopenharmony_ci delete[] out; 549094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 550094332d3Sopenharmony_ci } 551094332d3Sopenharmony_ci result = SetVectorByBuffer(msgOut, out, verifierMsg.msgOutSize); 552094332d3Sopenharmony_ci delete[] out; 553094332d3Sopenharmony_ci if (result != RESULT_SUCCESS) { 554094332d3Sopenharmony_ci LOG_ERROR("set msg fail!"); 555094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 556094332d3Sopenharmony_ci } 557094332d3Sopenharmony_ci isAuthEnd = verifierMsg.isAuthEnd; 558094332d3Sopenharmony_ci compareResult = PinResultToCoAuthResult(verifierMsg.authResult); 559094332d3Sopenharmony_ci return PinResultToCoAuthResult(result); 560094332d3Sopenharmony_ci} 561094332d3Sopenharmony_ci} // namespace PinAuth 562094332d3Sopenharmony_ci} // namespace UserIam 563094332d3Sopenharmony_ci} // namespace OHOS 564