1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "pin_auth.h"
17
18 #include <map>
19 #include <sys/stat.h>
20 #include <vector>
21 #include <unistd.h>
22 #include <pthread.h>
23
24 #include "parameter.h"
25 #include "securec.h"
26 #include "sysparam_errno.h"
27
28 #include "adaptor_memory.h"
29 #include "adaptor_log.h"
30 #include "all_in_one_func.h"
31 #include "collector_func.h"
32 #include "executor_func_common.h"
33 #include "pin_auth_hdi.h"
34 #include "verifier_func.h"
35
36 namespace OHOS {
37 namespace UserIam {
38 namespace PinAuth {
39 namespace {
40 constexpr uint32_t MAX_TEMPLATEID_LEN = 32;
41 std::map<int32_t, ResultCodeForCoAuth> g_convertResult = {
42 {RESULT_SUCCESS, ResultCodeForCoAuth::SUCCESS},
43 {RESULT_BAD_PARAM, ResultCodeForCoAuth::INVALID_PARAMETERS},
44 {RESULT_COMPARE_FAIL, ResultCodeForCoAuth::FAIL},
45 {RESULT_BUSY, ResultCodeForCoAuth::BUSY},
46 {RESULT_PIN_FREEZE, ResultCodeForCoAuth::LOCKED},
47 {RESULT_BAD_COPY, ResultCodeForCoAuth::GENERAL_ERROR},
48 {RESULT_GENERAL_ERROR, ResultCodeForCoAuth::GENERAL_ERROR},
49 };
50 }
51
52 /* This is for example only, Should be implemented in trusted environment. */
Init()53 int32_t PinAuth::Init()
54 {
55 LOG_INFO("start");
56 std::lock_guard<std::mutex> gurard(mutex_);
57 if (!LoadPinDb()) {
58 LOG_ERROR("LoadPinDb fail!");
59 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
60 }
61 if (GenerateAllInOneKeyPair() != RESULT_SUCCESS) {
62 LOG_ERROR("GenerateAllInOneKeyPair fail!");
63 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
64 }
65 if (GenerateCollectorKeyPair() != RESULT_SUCCESS) {
66 LOG_ERROR("GenerateCollectorKeyPair fail!");
67 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
68 }
69 if (GenerateVerifierKeyPair() != RESULT_SUCCESS) {
70 LOG_ERROR("GenerateVerifierKeyPair fail!");
71 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
72 }
73 LOG_INFO("InIt pinAuth succ");
74
75 return RESULT_SUCCESS;
76 }
77
78 /* This is for example only, Should be implemented in trusted environment. */
Close()79 int32_t PinAuth::Close()
80 {
81 LOG_INFO("start");
82 std::lock_guard<std::mutex> gurard(mutex_);
83 DestroyAllInOneKeyPair();
84 DestroyCollectorKeyPair();
85 DestroyVerifierKeyPair();
86 DestroyPinDb();
87 LOG_INFO("Close pinAuth succ");
88
89 return RESULT_SUCCESS;
90 }
91
92 /* This is for example only, Should be implemented in trusted environment. */
PinResultToCoAuthResult(int32_t resultCode)93 int32_t PinAuth::PinResultToCoAuthResult(int32_t resultCode)
94 {
95 LOG_INFO("PinAuth::PinResultToCoAuthResult enter");
96 if (g_convertResult.count(resultCode) == 0) {
97 LOG_ERROR("PinResult and CoauthResult not match, convert GENERAL_ERROR");
98 return ResultCodeForCoAuth::GENERAL_ERROR;
99 } else {
100 return g_convertResult[resultCode];
101 }
102 }
103
104 /* This is for example only, Should be implemented in trusted environment. */
EnrollPin(uint64_t scheduleId,uint64_t subType,std::vector<uint8_t> & salt,const std::vector<uint8_t> & pinData,std::vector<uint8_t> & resultTlv)105 int32_t PinAuth::EnrollPin(uint64_t scheduleId, uint64_t subType, std::vector<uint8_t> &salt,
106 const std::vector<uint8_t> &pinData, std::vector<uint8_t> &resultTlv)
107 {
108 LOG_INFO("start");
109 std::lock_guard<std::mutex> gurard(mutex_);
110 if (salt.size() != CONST_SALT_LEN || pinData.size() != CONST_PIN_DATA_LEN) {
111 LOG_ERROR("get bad params!");
112 return PinResultToCoAuthResult(RESULT_BAD_PARAM);
113 }
114 PinEnrollParam pinEnrollParam = {};
115 pinEnrollParam.scheduleId = scheduleId;
116 pinEnrollParam.subType = subType;
117 if (memcpy_s(&(pinEnrollParam.salt[0]), CONST_SALT_LEN, salt.data(), CONST_SALT_LEN) != EOK) {
118 LOG_ERROR("copy salt to pinEnrollParam fail!");
119 return PinResultToCoAuthResult(RESULT_BAD_COPY);
120 }
121 if (memcpy_s(&(pinEnrollParam.pinData[0]), CONST_PIN_DATA_LEN, pinData.data(), CONST_PIN_DATA_LEN) != EOK) {
122 LOG_ERROR("copy pinData to pinEnrollParam fail!");
123 return PinResultToCoAuthResult(RESULT_BAD_COPY);
124 }
125 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
126 if (!IsBufferValid(retTlv)) {
127 LOG_ERROR("retTlv is unValid!");
128 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
129 }
130 ResultCode result = DoEnrollPin(&pinEnrollParam, retTlv);
131 if (result != RESULT_SUCCESS) {
132 LOG_ERROR("DoEnrollPin fail!");
133 goto ERROR;
134 }
135
136 resultTlv.resize(retTlv->contentSize);
137 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
138 LOG_ERROR("copy retTlv to resultTlv fail!");
139 result = RESULT_BAD_COPY;
140 goto ERROR;
141 }
142
143 ERROR:
144 DestroyBuffer(retTlv);
145 return PinResultToCoAuthResult(result);
146 }
147
148 /* This is for example only, Should be implemented in trusted environment. */
GenerateAlgoParameter(std::vector<uint8_t> & algoParameter,uint32_t & algoVersion)149 int32_t PinAuth::GenerateAlgoParameter(std::vector<uint8_t> &algoParameter, uint32_t &algoVersion)
150 {
151 LOG_INFO("start");
152 static constexpr uint32_t deviceUuidLength = 65;
153 char localDeviceId[deviceUuidLength] = {0};
154 if (GetDevUdid(localDeviceId, deviceUuidLength) != EC_SUCCESS) {
155 LOG_ERROR("GetDevUdid failed");
156 return GENERAL_ERROR;
157 }
158 uint32_t algoParameterLen = CONST_SALT_LEN;
159 algoParameter.resize(algoParameterLen);
160 int32_t result = DoGenerateAlgoParameter(algoParameter.data(), &algoParameterLen, &algoVersion,
161 (uint8_t *)&(localDeviceId[0]), deviceUuidLength);
162 if (result != RESULT_SUCCESS) {
163 LOG_ERROR("DoGenerateAlgoParameter fail!");
164 return PinResultToCoAuthResult(result);
165 }
166 if (algoParameterLen != CONST_SALT_LEN) {
167 LOG_ERROR("algoParameterLen is error!");
168 return GENERAL_ERROR;
169 }
170
171 return SUCCESS;
172 }
173
174 /* This is for example only, Should be implemented in trusted environment. */
AllInOneAuth(uint64_t scheduleId,uint64_t templateId,const std::vector<uint8_t> & extraInfo,PinAlgoParam & pinAlgoParam)175 int32_t PinAuth::AllInOneAuth(
176 uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &extraInfo, PinAlgoParam &pinAlgoParam)
177 {
178 LOG_INFO("start");
179 std::lock_guard<std::mutex> gurard(mutex_);
180 AlgoParamOut authAlgoParam = {};
181 ResultCode result = DoAllInOneAuth(scheduleId, templateId, extraInfo.data(), extraInfo.size(), &authAlgoParam);
182 if (result != RESULT_SUCCESS) {
183 LOG_ERROR("DoAllInOneAuth fail!");
184 return PinResultToCoAuthResult(result);
185 }
186 pinAlgoParam.algoVersion = authAlgoParam.algoVersion;
187 pinAlgoParam.subType = authAlgoParam.subType;
188 int32_t transResult = SetVectorByBuffer(
189 pinAlgoParam.algoParameter, authAlgoParam.algoParameter, sizeof(authAlgoParam.algoParameter));
190 if (transResult != RESULT_SUCCESS) {
191 LOG_ERROR("set algoParameter fail!");
192 return PinResultToCoAuthResult(transResult);
193 }
194 transResult = SetVectorByBuffer(pinAlgoParam.challenge, authAlgoParam.challenge, sizeof(authAlgoParam.challenge));
195 if (transResult != RESULT_SUCCESS) {
196 LOG_ERROR("set challenge fail!");
197 return PinResultToCoAuthResult(transResult);
198 }
199
200 return RESULT_SUCCESS;
201 }
202
203 /* This is for example only, Should be implemented in trusted environment. */
AuthPin(uint64_t scheduleId,uint64_t templateId,const std::vector<uint8_t> & pinData,std::vector<uint8_t> & resultTlv)204 int32_t PinAuth::AuthPin(uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &pinData,
205 std::vector<uint8_t> &resultTlv)
206 {
207 LOG_INFO("start");
208 std::lock_guard<std::mutex> gurard(mutex_);
209 if (pinData.size() != CONST_PIN_DATA_LEN) {
210 LOG_ERROR("bad pinData len!");
211 return PinResultToCoAuthResult(RESULT_BAD_PARAM);
212 }
213
214 PinAuthParam pinAuthParam = {};
215 pinAuthParam.scheduleId = scheduleId;
216 pinAuthParam.templateId = templateId;
217 if (memcpy_s(&(pinAuthParam.pinData[0]), CONST_PIN_DATA_LEN, pinData.data(), pinData.size()) != EOK) {
218 LOG_ERROR("mem copy pinData to pinAuthParam fail!");
219 return PinResultToCoAuthResult(RESULT_BAD_COPY);
220 }
221 Buffer *retTlv = CreateBufferBySize(RESULT_TLV_LEN);
222 if (!IsBufferValid(retTlv)) {
223 LOG_ERROR("retTlv is unValid!");
224 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
225 }
226 ResultCode compareRet = RESULT_COMPARE_FAIL;
227 ResultCode result = DoAuthPin(&pinAuthParam, retTlv, &compareRet);
228 if (result != RESULT_SUCCESS) {
229 LOG_ERROR("DoAuthPin fail!");
230 goto ERROR;
231 }
232 resultTlv.resize(retTlv->contentSize);
233 if (memcpy_s(resultTlv.data(), retTlv->contentSize, retTlv->buf, retTlv->contentSize) != EOK) {
234 LOG_ERROR("copy retTlv to resultTlv fail!");
235 result = RESULT_GENERAL_ERROR;
236 goto ERROR;
237 }
238 result = compareRet;
239
240 ERROR:
241 DestroyBuffer(retTlv);
242 return PinResultToCoAuthResult(result);
243 }
244
245 /* This is for example only, Should be implemented in trusted environment. */
QueryPinInfo(uint64_t templateId,PinCredentialInfo & pinCredentialInfoRet)246 int32_t PinAuth::QueryPinInfo(uint64_t templateId, PinCredentialInfo &pinCredentialInfoRet)
247 {
248 LOG_INFO("start");
249 std::lock_guard<std::mutex> gurard(mutex_);
250 PinCredentialInfos pinCredentialInfosRet = {};
251 int32_t result = DoQueryPinInfo(templateId, &pinCredentialInfosRet);
252 if (result != RESULT_SUCCESS) {
253 LOG_ERROR("DoQueryPinInfo fail!");
254 return PinResultToCoAuthResult(result);
255 }
256 pinCredentialInfoRet.subType = pinCredentialInfosRet.subType;
257 pinCredentialInfoRet.remainTimes = pinCredentialInfosRet.remainTimes;
258 pinCredentialInfoRet.freezingTime = pinCredentialInfosRet.freezeTime;
259 pinCredentialInfoRet.nextFailLockoutDuration = pinCredentialInfosRet.nextFailLockoutDuration;
260
261 return RESULT_SUCCESS;
262 }
263
264 /* This is for example only, Should be implemented in trusted environment. */
DeleteTemplate(uint64_t templateId)265 int32_t PinAuth::DeleteTemplate(uint64_t templateId)
266 {
267 LOG_INFO("start");
268 std::lock_guard<std::mutex> gurard(mutex_);
269 ResultCode result = DoDeleteTemplate(templateId);
270 if (result != RESULT_SUCCESS) {
271 LOG_ERROR("DoDeleteTemplate fail!");
272 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
273 }
274
275 return PinResultToCoAuthResult(result);
276 }
277
278 /* This is for example only, Should be implemented in trusted environment. */
GetExecutorInfo(int32_t executorRole,std::vector<uint8_t> & pubKey,uint32_t & esl,uint32_t & maxTemplateAcl)279 int32_t PinAuth::GetExecutorInfo(int32_t executorRole, std::vector<uint8_t> &pubKey, uint32_t &esl,
280 uint32_t &maxTemplateAcl)
281 {
282 LOG_INFO("start");
283 std::lock_guard<std::mutex> gurard(mutex_);
284 PinExecutorInfo pinExecutorInfo = {};
285 int32_t result = RESULT_GENERAL_ERROR;
286 switch (executorRole) {
287 case HDI::PinAuth::HdiExecutorRole::ALL_IN_ONE:
288 result = DoGetAllInOneExecutorInfo(&pinExecutorInfo);
289 break;
290 case HDI::PinAuth::HdiExecutorRole::COLLECTOR:
291 result = DoGetCollectorExecutorInfo(&pinExecutorInfo);
292 break;
293 case HDI::PinAuth::HdiExecutorRole::VERIFIER:
294 result = DoGetVerifierExecutorInfo(&pinExecutorInfo);
295 break;
296 default:
297 LOG_ERROR("unknown role");
298 break;
299 }
300 if (result != RESULT_SUCCESS) {
301 LOG_ERROR("DoGetExecutorInfo fail!");
302 goto ERROR;
303 }
304 esl = pinExecutorInfo.esl;
305 maxTemplateAcl = pinExecutorInfo.maxTemplateAcl;
306 pubKey.resize(ED25519_FIX_PUBKEY_BUFFER_SIZE);
307 if (memcpy_s(pubKey.data(), ED25519_FIX_PUBKEY_BUFFER_SIZE,
308 pinExecutorInfo.pubKey, ED25519_FIX_PUBKEY_BUFFER_SIZE) != EOK) {
309 LOG_ERROR("copy pinExecutorInfo to pubKey fail!");
310 result = RESULT_GENERAL_ERROR;
311 goto ERROR;
312 }
313
314 ERROR:
315 static_cast<void>(memset_s(
316 pinExecutorInfo.pubKey, ED25519_FIX_PUBKEY_BUFFER_SIZE, 0, ED25519_FIX_PUBKEY_BUFFER_SIZE));
317 return PinResultToCoAuthResult(result);
318 }
319
320 /* This is for example only, Should be implemented in trusted environment. */
SetAllInOneFwkParam(const std::vector<uint64_t> & templateIdList,const std::vector<uint8_t> & frameworkPublicKey)321 int32_t PinAuth::SetAllInOneFwkParam(
322 const std::vector<uint64_t> &templateIdList, const std::vector<uint8_t> &frameworkPublicKey)
323 {
324 LOG_INFO("start");
325 std::lock_guard<std::mutex> gurard(mutex_);
326 uint32_t templateIdListLen = templateIdList.size();
327 if (templateIdListLen > MAX_TEMPLATEID_LEN) {
328 LOG_ERROR("check templateIdListLen fail!");
329 return PinResultToCoAuthResult(RESULT_GENERAL_ERROR);
330 }
331 ResultCode result = DoSetAllInOneFwkParam(
332 &templateIdList[0], templateIdListLen, frameworkPublicKey.data(), frameworkPublicKey.size());
333 if (result != RESULT_SUCCESS) {
334 LOG_ERROR("DoSetAllInOneFwkParam fail!");
335 }
336
337 return PinResultToCoAuthResult(result);
338 }
339
WriteAntiBrute(uint64_t templateId)340 void PinAuth::WriteAntiBrute(uint64_t templateId)
341 {
342 LOG_INFO("start");
343 std::lock_guard<std::mutex> gurard(mutex_);
344 if (DoWriteAntiBruteInfoToFile(templateId) != RESULT_SUCCESS) {
345 LOG_ERROR("DoWriteAntiBruteInfoToFile fail!");
346 }
347 }
348
349 /* This is for example only, Should be implemented in trusted environment. */
SetCollectorFwkParam(const std::vector<uint8_t> & frameworkPublicKey)350 int32_t PinAuth::SetCollectorFwkParam(const std::vector<uint8_t> &frameworkPublicKey)
351 {
352 std::lock_guard<std::mutex> gurard(mutex_);
353 int32_t result = DoSetCollectorFwkParam(frameworkPublicKey.data(), frameworkPublicKey.size());
354 if (result != RESULT_SUCCESS) {
355 LOG_ERROR("DoSetCollectorFwkParam fail!");
356 }
357 return PinResultToCoAuthResult(result);
358 }
359
SetVectorByBuffer(std::vector<uint8_t> & vec,const uint8_t * buf,uint32_t bufSize)360 int32_t PinAuth::SetVectorByBuffer(std::vector<uint8_t> &vec, const uint8_t *buf, uint32_t bufSize)
361 {
362 if (bufSize == 0) {
363 vec.clear();
364 return RESULT_SUCCESS;
365 }
366 vec.resize(bufSize);
367 if (memcpy_s(vec.data(), vec.size(), buf, bufSize) != EOK) {
368 LOG_ERROR("copy buf fail!");
369 return RESULT_BAD_COPY;
370 }
371 return RESULT_SUCCESS;
372 }
373
374 /* This is for example only, Should be implemented in trusted environment. */
Collect(uint64_t scheduleId,const std::vector<uint8_t> & extraInfo,std::vector<uint8_t> & msg)375 int32_t PinAuth::Collect(uint64_t scheduleId, const std::vector<uint8_t> &extraInfo, std::vector<uint8_t> &msg)
376 {
377 std::lock_guard<std::mutex> gurard(mutex_);
378 uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN];
379 if (out == nullptr) {
380 LOG_ERROR("malloc out fail!");
381 return GENERAL_ERROR;
382 }
383 uint32_t outSize = MAX_EXECUTOR_MSG_LEN;
384 int32_t result = DoCollect(scheduleId, extraInfo.data(), extraInfo.size(), out, &outSize);
385 if (result != RESULT_SUCCESS) {
386 LOG_ERROR("DoCollect fail!");
387 delete[] out;
388 return PinResultToCoAuthResult(result);
389 }
390 result = SetVectorByBuffer(msg, out, outSize);
391 delete[] out;
392 if (result != RESULT_SUCCESS) {
393 LOG_ERROR("set msg fail!");
394 }
395 return PinResultToCoAuthResult(result);
396 }
397
398 /* This is for example only, Should be implemented in trusted environment. */
CancelCollect()399 int32_t PinAuth::CancelCollect()
400 {
401 std::lock_guard<std::mutex> gurard(mutex_);
402 int32_t result = DoCancelCollect();
403 if (result != RESULT_SUCCESS) {
404 LOG_ERROR("DoCancelCollect fail!");
405 }
406 return PinResultToCoAuthResult(result);
407 }
408
409 /* This is for example only, Should be implemented in trusted environment. */
SendMessageToCollector(uint64_t scheduleId,const std::vector<uint8_t> & msg,PinAlgoParam & pinAlgoParam)410 int32_t PinAuth::SendMessageToCollector(
411 uint64_t scheduleId, const std::vector<uint8_t> &msg, PinAlgoParam &pinAlgoParam)
412 {
413 std::lock_guard<std::mutex> gurard(mutex_);
414 AlgoParamOut algoParam = {};
415 int32_t result = DoSendMessageToCollector(scheduleId, msg.data(), msg.size(), &algoParam);
416 if (result != RESULT_SUCCESS) {
417 LOG_ERROR("DoSendMessageToCollector fail!");
418 return PinResultToCoAuthResult(result);
419 }
420 pinAlgoParam.algoVersion = algoParam.algoVersion;
421 pinAlgoParam.subType = algoParam.subType;
422 result = SetVectorByBuffer(pinAlgoParam.algoParameter, algoParam.algoParameter, sizeof(algoParam.algoParameter));
423 if (result != RESULT_SUCCESS) {
424 LOG_ERROR("set algoParameter fail!");
425 return PinResultToCoAuthResult(result);
426 }
427 result = SetVectorByBuffer(pinAlgoParam.challenge, algoParam.challenge, sizeof(algoParam.challenge));
428 if (result != RESULT_SUCCESS) {
429 LOG_ERROR("set challenge fail!");
430 return PinResultToCoAuthResult(result);
431 }
432
433 return PinResultToCoAuthResult(result);
434 }
435
436 /* This is for example only, Should be implemented in trusted environment. */
SetDataToCollector(uint64_t scheduleId,const std::vector<uint8_t> & data,std::vector<uint8_t> & msg)437 int32_t PinAuth::SetDataToCollector(uint64_t scheduleId, const std::vector<uint8_t> &data, std::vector<uint8_t> &msg)
438 {
439 std::lock_guard<std::mutex> gurard(mutex_);
440 int32_t result = RESULT_GENERAL_ERROR;
441 uint8_t *pinData = const_cast<uint8_t *>(data.data());
442 uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN];
443 uint32_t outSize = MAX_EXECUTOR_MSG_LEN;
444 if (out == nullptr) {
445 LOG_ERROR("new out fail!");
446 goto EXIT;
447 }
448 result = DoSetDataToCollector(scheduleId, pinData, data.size(), out, &outSize);
449 if (result != RESULT_SUCCESS) {
450 LOG_ERROR("DoSetDataToCollector fail!");
451 goto EXIT;
452 }
453 result = SetVectorByBuffer(msg, out, outSize);
454 if (result != RESULT_SUCCESS) {
455 LOG_ERROR("set msg fail!");
456 }
457
458 EXIT:
459 if (data.size() != 0) {
460 (void)memset_s(pinData, data.size(), 0, data.size());
461 }
462 if (out != nullptr) {
463 delete[] out;
464 }
465 return PinResultToCoAuthResult(result);
466 }
467
468 /* This is for example only, Should be implemented in trusted environment. */
SetVerifierFwkParam(const std::vector<uint8_t> & frameworkPublicKey)469 int32_t PinAuth::SetVerifierFwkParam(const std::vector<uint8_t> &frameworkPublicKey)
470 {
471 std::lock_guard<std::mutex> gurard(mutex_);
472 int32_t result = DoSetVerifierFwkParam(frameworkPublicKey.data(), frameworkPublicKey.size());
473 if (result != RESULT_SUCCESS) {
474 LOG_ERROR("DoSetVerifierFwkParam fail!");
475 }
476 return PinResultToCoAuthResult(result);
477 }
478
479 /* This is for example only, Should be implemented in trusted environment. */
VerifierAuth(uint64_t scheduleId,uint64_t templateId,const std::vector<uint8_t> & extraInfo,std::vector<uint8_t> & msgOut)480 int32_t PinAuth::VerifierAuth(
481 uint64_t scheduleId, uint64_t templateId, const std::vector<uint8_t> &extraInfo, std::vector<uint8_t> &msgOut)
482 {
483 std::lock_guard<std::mutex> gurard(mutex_);
484 uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN];
485 if (out == nullptr) {
486 LOG_ERROR("new out fail!");
487 return GENERAL_ERROR;
488 }
489 VerifierMsg verifierMsg = {
490 .msgIn = const_cast<uint8_t *>(extraInfo.data()),
491 .msgInSize = extraInfo.size(),
492 .msgOut = out,
493 .msgOutSize = MAX_EXECUTOR_MSG_LEN,
494 .isAuthEnd = false,
495 .authResult = RESULT_GENERAL_ERROR,
496 };
497 int32_t result = DoVerifierAuth(scheduleId, templateId, &verifierMsg);
498 if (result != RESULT_SUCCESS) {
499 LOG_ERROR("DoVerifierAuth fail!");
500 delete[] out;
501 return PinResultToCoAuthResult(result);
502 }
503 if (verifierMsg.authResult == RESULT_SUCCESS) {
504 delete[] out;
505 return SUCCESS;
506 }
507 result = SetVectorByBuffer(msgOut, verifierMsg.msgOut, verifierMsg.msgOutSize);
508 delete[] out;
509 if (result != RESULT_SUCCESS) {
510 LOG_ERROR("set msg fail!");
511 return PinResultToCoAuthResult(result);
512 }
513 return PinResultToCoAuthResult(verifierMsg.authResult);
514 }
515
516 /* This is for example only, Should be implemented in trusted environment. */
CancelVerifierAuth()517 int32_t PinAuth::CancelVerifierAuth()
518 {
519 std::lock_guard<std::mutex> gurard(mutex_);
520 int32_t result = DoCancelVerifierAuth();
521 if (result != RESULT_SUCCESS) {
522 LOG_ERROR("DoCancelVerifierAuth fail!");
523 }
524 return PinResultToCoAuthResult(result);
525 }
526
527 /* This is for example only, Should be implemented in trusted environment. */
SendMessageToVerifier(uint64_t scheduleId,const std::vector<uint8_t> & msgIn,std::vector<uint8_t> & msgOut,bool & isAuthEnd,int32_t & compareResult)528 int32_t PinAuth::SendMessageToVerifier(uint64_t scheduleId,
529 const std::vector<uint8_t> &msgIn, std::vector<uint8_t> &msgOut, bool &isAuthEnd, int32_t &compareResult)
530 {
531 std::lock_guard<std::mutex> gurard(mutex_);
532 uint8_t *out = new (std::nothrow) uint8_t[MAX_EXECUTOR_MSG_LEN];
533 if (out == nullptr) {
534 LOG_ERROR("new out fail!");
535 return GENERAL_ERROR;
536 }
537 VerifierMsg verifierMsg = {
538 .msgIn = const_cast<uint8_t *>(msgIn.data()),
539 .msgInSize = msgIn.size(),
540 .msgOut = out,
541 .msgOutSize = MAX_EXECUTOR_MSG_LEN,
542 .isAuthEnd = false,
543 .authResult = RESULT_GENERAL_ERROR,
544 };
545 int32_t result = DoSendMessageToVerifier(scheduleId, &verifierMsg);
546 if (result != RESULT_SUCCESS) {
547 LOG_ERROR("DoSendMessageToVerifier fail!");
548 delete[] out;
549 return PinResultToCoAuthResult(result);
550 }
551 result = SetVectorByBuffer(msgOut, out, verifierMsg.msgOutSize);
552 delete[] out;
553 if (result != RESULT_SUCCESS) {
554 LOG_ERROR("set msg fail!");
555 return PinResultToCoAuthResult(result);
556 }
557 isAuthEnd = verifierMsg.isAuthEnd;
558 compareResult = PinResultToCoAuthResult(verifierMsg.authResult);
559 return PinResultToCoAuthResult(result);
560 }
561 } // namespace PinAuth
562 } // namespace UserIam
563 } // namespace OHOS
564