1 /*
2 * Copyright (C) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "auth_token_signer.h"
17
18 #include "securec.h"
19
20 #include "adaptor_log.h"
21 #include "adaptor_time.h"
22 #include "idm_database.h"
23
24 #ifdef IAM_TEST_ENABLE
25 #define IAM_STATIC
26 #else
27 #define IAM_STATIC static
28 #endif
29
GetAuthTokenDataPlain(const UserAuthContext * context,uint32_t authMode,TokenDataPlain * dataPlain)30 IAM_STATIC ResultCode GetAuthTokenDataPlain(
31 const UserAuthContext *context, uint32_t authMode, TokenDataPlain *dataPlain)
32 {
33 if (memcpy_s(dataPlain->challenge, CHALLENGE_LEN, context->challenge, CHALLENGE_LEN) != EOK) {
34 LOG_ERROR("failed to copy challenge");
35 return RESULT_BAD_COPY;
36 }
37 dataPlain->time = GetSystemTime();
38 dataPlain->authTrustLevel = context->authTrustLevel;
39 dataPlain->authType = context->authType;
40 dataPlain->authMode = authMode;
41 if (memcmp(context->localUdid, context->collectorUdid, sizeof(context->localUdid)) == 0) {
42 dataPlain->tokenType = TOKEN_TYPE_LOCAL_AUTH;
43 } else {
44 dataPlain->tokenType = TOKEN_TYPE_COAUTH;
45 }
46 return RESULT_SUCCESS;
47 }
48
GetAuthTokenDataToEncrypt(const UserAuthContext * context,uint64_t credentialId,TokenDataToEncrypt * data)49 IAM_STATIC ResultCode GetAuthTokenDataToEncrypt(const UserAuthContext *context, uint64_t credentialId,
50 TokenDataToEncrypt *data)
51 {
52 EnrolledInfoHal enrolledInfo = {};
53 ResultCode ret = GetEnrolledInfoAuthType(context->userId, context->authType, &enrolledInfo);
54 if (ret != RESULT_SUCCESS) {
55 LOG_ERROR("get enrolled info failed");
56 return ret;
57 }
58 uint64_t secureUid;
59 ret = GetSecureUid(context->userId, &secureUid);
60 if (ret != RESULT_SUCCESS) {
61 LOG_ERROR("get secure uid failed");
62 return ret;
63 }
64 data->userId = context->userId;
65 data->secureUid = secureUid;
66 data->enrolledId = enrolledInfo.enrolledId;
67 data->credentialId = credentialId;
68 if (memcpy_s(data->collectorUdid, sizeof(data->collectorUdid),
69 context->collectorUdid, sizeof(context->collectorUdid)) != EOK) {
70 LOG_ERROR("copy collectorUdid failed");
71 return RESULT_GENERAL_ERROR;
72 }
73
74 if (memcpy_s(data->verifierUdid, sizeof(data->verifierUdid),
75 context->localUdid, sizeof(context->localUdid)) != EOK) {
76 LOG_ERROR("copy verifierUdid failed");
77 return RESULT_GENERAL_ERROR;
78 }
79 return RESULT_SUCCESS;
80 }
81
GetAuthTokenDataAndSign(const UserAuthContext * context,uint64_t credentialId,uint32_t authMode,UserAuthTokenHal * authToken)82 ResultCode GetAuthTokenDataAndSign(
83 const UserAuthContext *context, uint64_t credentialId, uint32_t authMode, UserAuthTokenHal *authToken)
84 {
85 if ((context == NULL) || (authToken == NULL)) {
86 LOG_ERROR("bad param");
87 return RESULT_BAD_PARAM;
88 }
89 (void)memset_s(authToken, sizeof(UserAuthTokenHal), 0, sizeof(UserAuthTokenHal));
90
91 UserAuthTokenPlain tokenPlain = {};
92 ResultCode ret = GetAuthTokenDataPlain(context, authMode, &(tokenPlain.tokenDataPlain));
93 if (ret != RESULT_SUCCESS) {
94 LOG_ERROR("GetAuthTokenDataPlain fail");
95 return ret;
96 }
97 ret = GetAuthTokenDataToEncrypt(context, credentialId, &(tokenPlain.tokenDataToEncrypt));
98 if (ret != RESULT_SUCCESS) {
99 LOG_ERROR("GetAuthTokenDataToEncrypt fail");
100 return ret;
101 }
102 ret = UserAuthTokenSign(&tokenPlain, authToken);
103 if (ret != RESULT_SUCCESS) {
104 LOG_ERROR("UserAuthTokenSign fail");
105 return ret;
106 }
107 return RESULT_SUCCESS;
108 }
109