1 /*
2 * Copyright (C) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "common_standard_bind_exchange.h"
17 #include "alg_defs.h"
18 #include "das_standard_token_manager.h"
19 #include "das_task_common.h"
20 #include "hc_log.h"
21 #include "hc_types.h"
22 #include "protocol_common.h"
23 #include "string_util.h"
24
InitStandardBindExchangeParams(StandardBindExchangeParams * params)25 int32_t InitStandardBindExchangeParams(StandardBindExchangeParams *params)
26 {
27 int32_t res;
28 if (params == NULL) {
29 return HC_ERR_INVALID_PARAMS;
30 }
31
32 params->pubKeyPeer.length = PAKE_ED25519_KEY_PAIR_LEN;
33 params->pubKeyPeer.val = (uint8_t *)HcMalloc(params->pubKeyPeer.length, 0);
34 if (params->pubKeyPeer.val == NULL) {
35 res = HC_ERR_ALLOC_MEMORY;
36 goto ERR;
37 }
38
39 params->pubKeySelf.length = PAKE_ED25519_KEY_PAIR_LEN;
40 params->pubKeySelf.val = (uint8_t *)HcMalloc(params->pubKeySelf.length, 0);
41 if (params->pubKeySelf.val == NULL) {
42 res = HC_ERR_ALLOC_MEMORY;
43 goto ERR;
44 }
45
46 params->nonce.length = STANDARD_BIND_EXCHANGE_NONCE_LEN;
47 params->nonce.val = (uint8_t *)HcMalloc(params->nonce.length, 0);
48 if (params->nonce.val == NULL) {
49 res = HC_ERR_ALLOC_MEMORY;
50 goto ERR;
51 }
52
53 params->authInfo.length = 0;
54 params->authInfo.val = NULL;
55 params->exInfoCipher.length = 0;
56 params->exInfoCipher.val = NULL;
57
58 return HC_SUCCESS;
59 ERR:
60 DestroyStandardBindExchangeParams(params);
61 return res;
62 }
63
DestroyStandardBindExchangeParams(StandardBindExchangeParams * params)64 void DestroyStandardBindExchangeParams(StandardBindExchangeParams *params)
65 {
66 if (params == NULL) {
67 return;
68 }
69 if (params->pubKeySelf.val != NULL) {
70 HcFree(params->pubKeySelf.val);
71 params->pubKeySelf.val = NULL;
72 }
73 if (params->pubKeyPeer.val != NULL) {
74 HcFree(params->pubKeyPeer.val);
75 params->pubKeyPeer.val = NULL;
76 }
77 if (params->authInfo.val != NULL) {
78 HcFree(params->authInfo.val);
79 params->authInfo.val = NULL;
80 }
81 if (params->exInfoCipher.val != NULL) {
82 HcFree(params->exInfoCipher.val);
83 params->exInfoCipher.val = NULL;
84 }
85 if (params->nonce.val != NULL) {
86 HcFree(params->nonce.val);
87 params->nonce.val = NULL;
88 }
89 }
90
GenerateKeyPairIfNotExist(const PakeParams * pakeParams,const Uint8Buff * keyAlias)91 static int32_t GenerateKeyPairIfNotExist(const PakeParams *pakeParams, const Uint8Buff *keyAlias)
92 {
93 int32_t res = pakeParams->baseParams.loader->checkKeyExist(keyAlias, pakeParams->isSelfFromUpgrade,
94 pakeParams->baseParams.osAccountId);
95 if (res != HC_SUCCESS) {
96 if (pakeParams->isSelfFromUpgrade) {
97 LOGE("Self data is from upgrade, self authInfo not exist!");
98 return res;
99 }
100 LOGI("The local identity key pair does not exist, generate it.");
101 Algorithm alg = (pakeParams->baseParams.curveType == CURVE_256) ? P256 : ED25519;
102 /* UserType and pairType are not required when generating key. */
103 ExtraInfo exInfo = { pakeParams->baseParams.idSelf, -1, -1 };
104 KeyParams keyParams = { { keyAlias->val, keyAlias->length, true }, false, pakeParams->baseParams.osAccountId };
105 res = pakeParams->baseParams.loader->generateKeyPairWithStorage(&keyParams, PAKE_ED25519_KEY_PAIR_LEN, alg,
106 KEY_PURPOSE_SIGN_VERIFY, &exInfo);
107 if (res != HC_SUCCESS) {
108 LOGE("generate self auth keyPair failed.");
109 }
110 return res;
111 } else {
112 return HC_SUCCESS;
113 }
114 }
115
PackageAuthInfo(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams,const Uint8Buff * keyAlias)116 static int32_t PackageAuthInfo(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams,
117 const Uint8Buff *keyAlias)
118 {
119 int32_t res = GenerateKeyPairIfNotExist(pakeParams, keyAlias);
120 if (res != HC_SUCCESS) {
121 return res;
122 }
123
124 KeyParams keyParams = {
125 { keyAlias->val, keyAlias->length, true },
126 pakeParams->isSelfFromUpgrade,
127 pakeParams->baseParams.osAccountId
128 };
129 res = pakeParams->baseParams.loader->exportPublicKey(&keyParams, &(exchangeParams->pubKeySelf));
130 if (res != HC_SUCCESS) {
131 LOGE("exportPublicKey failed");
132 return res;
133 }
134
135 CJson *authInfoJson = CreateJson();
136 char *authInfoStr = NULL;
137 GOTO_ERR_AND_SET_RET(AddByteToJson(authInfoJson, FIELD_AUTH_ID, pakeParams->baseParams.idSelf.val,
138 pakeParams->baseParams.idSelf.length), res);
139 GOTO_ERR_AND_SET_RET(AddByteToJson(authInfoJson, FIELD_AUTH_PK, exchangeParams->pubKeySelf.val,
140 exchangeParams->pubKeySelf.length), res);
141 authInfoStr = PackJsonToString(authInfoJson);
142 if (authInfoStr == NULL) {
143 LOGE("authInfoStr PackJsonToString failed");
144 res = HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
145 goto ERR;
146 }
147
148 res = InitSingleParam(&(exchangeParams->authInfo), HcStrlen(authInfoStr));
149 if (res != HC_SUCCESS) {
150 LOGE("InitSingleParam for authInfo failed.");
151 goto ERR;
152 }
153
154 if (memcpy_s(exchangeParams->authInfo.val, exchangeParams->authInfo.length,
155 authInfoStr, HcStrlen(authInfoStr)) != EOK) {
156 LOGE("Memcpy authInfo failed.");
157 res = HC_ERR_MEMORY_COPY;
158 goto ERR;
159 }
160 ERR:
161 FreeJson(authInfoJson);
162 FreeJsonString(authInfoStr);
163 return res;
164 }
165
GenerateSignInfo(const PakeParams * pakeParams,const StandardBindExchangeParams * exchangeParams,const Uint8Buff * keyAlias,Uint8Buff * signInfo)166 static int32_t GenerateSignInfo(const PakeParams *pakeParams, const StandardBindExchangeParams *exchangeParams,
167 const Uint8Buff *keyAlias, Uint8Buff *signInfo)
168 {
169 // add challenge
170 int32_t res = HC_SUCCESS;
171 uint32_t msgInfoLen = pakeParams->baseParams.challengeSelf.length + pakeParams->baseParams.challengePeer.length +
172 exchangeParams->authInfo.length;
173 uint8_t *msgInfoVal = (uint8_t *)HcMalloc(msgInfoLen, 0);
174 if (msgInfoVal == NULL) {
175 LOGE("Malloc msgInfoVal failed.");
176 return HC_ERR_ALLOC_MEMORY;
177 }
178 Uint8Buff msgInfo = { msgInfoVal, msgInfoLen };
179 if (memcpy_s(msgInfo.val, msgInfo.length, pakeParams->baseParams.challengeSelf.val,
180 pakeParams->baseParams.challengeSelf.length) != EOK) {
181 LOGE("Memcpy for challengeSelf failed.");
182 res = HC_ERR_MEMORY_COPY;
183 goto ERR;
184 }
185 uint32_t usedLen = pakeParams->baseParams.challengeSelf.length;
186
187 if (memcpy_s(msgInfo.val + usedLen, msgInfo.length - usedLen, pakeParams->baseParams.challengePeer.val,
188 pakeParams->baseParams.challengePeer.length) != EOK) {
189 LOGE("Memcpy for challengePeer failed.");
190 res = HC_ERR_MEMORY_COPY;
191 goto ERR;
192 }
193 usedLen += pakeParams->baseParams.challengePeer.length;
194
195 if (memcpy_s(msgInfo.val + usedLen, msgInfo.length - usedLen, exchangeParams->authInfo.val,
196 exchangeParams->authInfo.length) != EOK) {
197 LOGE("Memcpy for authInfo failed.");
198 res = HC_ERR_MEMORY_COPY;
199 goto ERR;
200 }
201
202 Algorithm alg = (pakeParams->baseParams.curveType == CURVE_256) ? P256 : ED25519;
203 KeyParams keyAliasParams = {
204 { keyAlias->val, keyAlias->length, true },
205 pakeParams->isSelfFromUpgrade,
206 pakeParams->baseParams.osAccountId
207 };
208 res = pakeParams->baseParams.loader->sign(&keyAliasParams, &msgInfo, alg, signInfo);
209 if (res != HC_SUCCESS) {
210 LOGE("sign failed");
211 goto ERR;
212 }
213 ERR:
214 HcFree(msgInfo.val);
215 return res;
216 }
217
EncryptAuthAndSignInfo(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams,const Uint8Buff * signInfo,const char * aad)218 static int32_t EncryptAuthAndSignInfo(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams,
219 const Uint8Buff *signInfo, const char *aad)
220 {
221 // contact auth and sign info
222 int32_t res = HC_SUCCESS;
223 uint32_t exchangeInfoLen = exchangeParams->authInfo.length + signInfo->length;
224 uint8_t *exchangeInfoVal = (uint8_t *)HcMalloc(exchangeInfoLen, 0);
225 if (exchangeInfoVal == NULL) {
226 LOGE("Malloc exchangeInfoVal failed.");
227 return HC_ERR_ALLOC_MEMORY;
228 }
229 Uint8Buff exchangeInfo = { exchangeInfoVal, exchangeInfoLen };
230 if (memcpy_s(exchangeInfo.val, exchangeInfo.length, exchangeParams->authInfo.val,
231 exchangeParams->authInfo.length) != EOK) {
232 res = HC_ERR_MEMORY_COPY;
233 goto ERR;
234 }
235 if (memcpy_s(exchangeInfo.val + exchangeParams->authInfo.length,
236 exchangeInfo.length - exchangeParams->authInfo.length, signInfo->val, signInfo->length) != EOK) {
237 res = HC_ERR_MEMORY_COPY;
238 goto ERR;
239 }
240
241 res = InitSingleParam(&(exchangeParams->exInfoCipher), exchangeInfo.length + AE_TAG_LEN);
242 if (res != HC_SUCCESS) {
243 LOGE("InitSingleParam for failed.");
244 goto ERR;
245 }
246
247 // encrypt
248 res = pakeParams->baseParams.loader->generateRandom(&(exchangeParams->nonce));
249 if (res != HC_SUCCESS) {
250 LOGE("generateRandom failed");
251 goto ERR;
252 }
253
254 GcmParam encryptInfo = {
255 .aad = (uint8_t *)aad,
256 .aadLen = HcStrlen(aad),
257 .nonce = exchangeParams->nonce.val,
258 .nonceLen = exchangeParams->nonce.length
259 };
260 KeyParams keyParams = {
261 { pakeParams->baseParams.sessionKey.val, pakeParams->baseParams.sessionKey.length, false },
262 false,
263 pakeParams->baseParams.osAccountId
264 };
265 res = pakeParams->baseParams.loader->aesGcmEncrypt(&keyParams, &exchangeInfo, &encryptInfo,
266 &(exchangeParams->exInfoCipher));
267 if (res != HC_SUCCESS) {
268 LOGE("aesGcmEncrypt failed");
269 goto ERR;
270 }
271
272 ERR:
273 HcFree(exchangeInfo.val);
274 return res;
275 }
276
DecryptAuthAndSignInfo(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams,Uint8Buff * signInfo,const char * aad)277 static int32_t DecryptAuthAndSignInfo(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams,
278 Uint8Buff *signInfo, const char *aad)
279 {
280 uint32_t exchangeInfoLen = exchangeParams->exInfoCipher.length - AE_TAG_LEN;
281 uint8_t *exchangeInfoVal = (uint8_t *)HcMalloc(exchangeInfoLen, 0);
282 if (exchangeInfoVal == NULL) {
283 LOGE("Malloc exchangeInfoVal failed.");
284 return HC_ERR_ALLOC_MEMORY;
285 }
286 Uint8Buff exchangeInfo = { exchangeInfoVal, exchangeInfoLen };
287
288 GcmParam decryptInfo = {
289 .aad = (uint8_t *)aad,
290 .aadLen = HcStrlen(aad),
291 .nonce = exchangeParams->nonce.val,
292 .nonceLen = exchangeParams->nonce.length
293 };
294 KeyParams keyParams = {
295 { pakeParams->baseParams.sessionKey.val, pakeParams->baseParams.sessionKey.length, false },
296 false,
297 pakeParams->baseParams.osAccountId
298 };
299 int32_t res = pakeParams->baseParams.loader->aesGcmDecrypt(&keyParams, &(exchangeParams->exInfoCipher),
300 &decryptInfo, &exchangeInfo);
301 if (res != HC_SUCCESS) {
302 LOGE("aesGcmDecrypt failed");
303 goto ERR;
304 }
305
306 // get authInfo
307 res = InitSingleParam(&(exchangeParams->authInfo), exchangeInfo.length - SIGNATURE_LEN);
308 if (res != HC_SUCCESS) {
309 LOGE("InitSingleParam for authInfo failed.");
310 goto ERR;
311 }
312
313 if (memcpy_s(exchangeParams->authInfo.val, exchangeParams->authInfo.length, exchangeInfo.val,
314 exchangeParams->authInfo.length) != EOK) {
315 LOGE("memcpy authInfo failed.");
316 res = HC_ERR_MEMORY_COPY;
317 goto ERR;
318 }
319 if (memcpy_s(signInfo->val, signInfo->length, exchangeInfo.val + exchangeParams->authInfo.length,
320 SIGNATURE_LEN) != EOK) {
321 LOGE("memcpy signInfo failed.");
322 res = HC_ERR_MEMORY_COPY;
323 goto ERR;
324 }
325 ERR:
326 HcFree(exchangeInfo.val);
327 return res;
328 }
329
ParseAuthInfo(PakeParams * pakeParams,const StandardBindExchangeParams * exchangeParams)330 static int32_t ParseAuthInfo(PakeParams *pakeParams, const StandardBindExchangeParams *exchangeParams)
331 {
332 int32_t res;
333 CJson *authInfoJson = CreateJsonFromString((char *)exchangeParams->authInfo.val);
334 if (authInfoJson == NULL) {
335 LOGE("Create authInfoJson failed.");
336 return HC_ERR_JSON_CREATE;
337 }
338
339 GOTO_ERR_AND_SET_RET(GetByteFromJson(authInfoJson, FIELD_AUTH_PK, exchangeParams->pubKeyPeer.val,
340 exchangeParams->pubKeyPeer.length), res);
341 res = GetIdPeer(authInfoJson, FIELD_AUTH_ID,
342 &pakeParams->baseParams.idSelf, &pakeParams->baseParams.idPeer);
343 if (res != HC_SUCCESS) {
344 LOGE("GetIdPeer failed, res: %d.", res);
345 goto ERR;
346 }
347 ERR:
348 FreeJson(authInfoJson);
349 return res;
350 }
351
VerifySignInfo(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams,Uint8Buff * signInfo)352 static int32_t VerifySignInfo(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams,
353 Uint8Buff *signInfo)
354 {
355 int32_t res = HC_SUCCESS;
356 uint32_t verifyMsgLen = exchangeParams->authInfo.length + pakeParams->baseParams.challengePeer.length +
357 pakeParams->baseParams.challengeSelf.length;
358 uint8_t *verifyMsgVal = (uint8_t *)HcMalloc(verifyMsgLen, 0);
359 if (verifyMsgVal == NULL) {
360 LOGE("Malloc verifyMsgVal failed.");
361 return HC_ERR_ALLOC_MEMORY;
362 }
363 Uint8Buff verifyMsg = { verifyMsgVal, verifyMsgLen };
364 if (memcpy_s(verifyMsg.val, verifyMsg.length, pakeParams->baseParams.challengePeer.val,
365 pakeParams->baseParams.challengePeer.length) != EOK) {
366 res = HC_ERR_MEMORY_COPY;
367 goto ERR;
368 }
369 uint32_t usedLen = pakeParams->baseParams.challengePeer.length;
370 if (memcpy_s(verifyMsg.val + usedLen, verifyMsg.length - usedLen, pakeParams->baseParams.challengeSelf.val,
371 pakeParams->baseParams.challengeSelf.length) != EOK) {
372 res = HC_ERR_MEMORY_COPY;
373 goto ERR;
374 }
375 usedLen += pakeParams->baseParams.challengeSelf.length;
376 if (memcpy_s(verifyMsg.val + usedLen, verifyMsg.length - usedLen, exchangeParams->authInfo.val,
377 exchangeParams->authInfo.length) != EOK) {
378 res = HC_ERR_MEMORY_COPY;
379 goto ERR;
380 }
381
382 Algorithm alg = (pakeParams->baseParams.curveType == CURVE_256) ? P256 : ED25519;
383 KeyParams keyParams = {
384 { exchangeParams->pubKeyPeer.val, exchangeParams->pubKeyPeer.length, false },
385 false,
386 pakeParams->baseParams.osAccountId
387 };
388 res = pakeParams->baseParams.loader->verify(&keyParams, &verifyMsg, alg, signInfo);
389 if (res != HC_SUCCESS) {
390 LOGE("verify failed");
391 goto ERR;
392 }
393 ERR:
394 HcFree(verifyMsg.val);
395 return res;
396 }
397
SaveAuthInfo(const PakeParams * pakeParams,const StandardBindExchangeParams * exchangeParams)398 static int32_t SaveAuthInfo(const PakeParams *pakeParams, const StandardBindExchangeParams *exchangeParams)
399 {
400 uint8_t keyAliasPeerVal[PAKE_KEY_ALIAS_LEN] = { 0 };
401 Uint8Buff keyAlias = { keyAliasPeerVal, PAKE_KEY_ALIAS_LEN };
402 #ifdef DEV_AUTH_FUNC_TEST
403 KeyAliasType keyType = KEY_ALIAS_LT_KEY_PAIR;
404 #else
405 KeyAliasType keyType = (KeyAliasType)pakeParams->userTypePeer;
406 #endif
407 Uint8Buff packageName = { (uint8_t *)pakeParams->packageName, HcStrlen(pakeParams->packageName) };
408 Uint8Buff serviceType = { (uint8_t *)pakeParams->serviceType, HcStrlen(pakeParams->serviceType) };
409 int32_t res = GenerateKeyAlias(&packageName, &serviceType, keyType, &(pakeParams->baseParams.idPeer),
410 &keyAlias);
411 if (res != HC_SUCCESS) {
412 LOGE("generateKeyAlias failed");
413 return res;
414 }
415 LOGI("PubKey alias(HEX): %x%x%x%x****.", keyAliasPeerVal[0], keyAliasPeerVal[1],
416 keyAliasPeerVal[2], keyAliasPeerVal[3]);
417 Algorithm alg = (pakeParams->baseParams.curveType == CURVE_256) ? P256 : ED25519;
418 ExtraInfo exInfo = { pakeParams->baseParams.idPeer, pakeParams->userType, PAIR_TYPE_BIND };
419 KeyParams keyParams = { { keyAlias.val, keyAlias.length, true }, false, pakeParams->baseParams.osAccountId };
420 res = pakeParams->baseParams.loader->importPublicKey(&keyParams, &(exchangeParams->pubKeyPeer), alg, &exInfo);
421 if (res != HC_SUCCESS) {
422 LOGE("importPublicKey failed");
423 return res;
424 }
425 res = GetStandardTokenManagerInstance()->computeAndSavePsk(pakeParams);
426 if (res != HC_SUCCESS) {
427 LOGE("ComputeAndSavePsk failed, res: %x.", res);
428 return res;
429 }
430 LOGI("Save pubKey and psk success.");
431 return HC_SUCCESS;
432 }
433
ClientRequestStandardBindExchange(const PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams)434 int32_t ClientRequestStandardBindExchange(const PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams)
435 {
436 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
437 Uint8Buff keyAlias = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
438 KeyAliasType keyType = (KeyAliasType)pakeParams->userType;
439 // if self data is from upgrade, key type should be key-pair.
440 if (pakeParams->isSelfFromUpgrade) {
441 keyType = KEY_ALIAS_LT_KEY_PAIR;
442 }
443 Uint8Buff packageName = { (uint8_t *)pakeParams->packageName, HcStrlen(pakeParams->packageName) };
444 Uint8Buff serviceType = { (uint8_t *)pakeParams->serviceType, HcStrlen(pakeParams->serviceType) };
445 int32_t res = GenerateKeyAlias(&packageName, &serviceType, keyType, &(pakeParams->baseParams.idSelf), &keyAlias);
446 if (res != HC_SUCCESS) {
447 LOGE("generateKeyAlias failed");
448 return res;
449 }
450 if (pakeParams->isSelfFromUpgrade) {
451 res = ToLowerCase(&keyAlias);
452 if (res != HC_SUCCESS) {
453 LOGE("Failed to convert self key alias to lower case!");
454 return res;
455 }
456 }
457
458 res = PackageAuthInfo(pakeParams, exchangeParams, &keyAlias);
459 if (res != HC_SUCCESS) {
460 LOGE("PackageAuthInfo failed");
461 return res;
462 }
463
464 uint8_t signInfoVal[SIGNATURE_LEN] = { 0 };
465 Uint8Buff signInfo = { signInfoVal, SIGNATURE_LEN };
466 res = GenerateSignInfo(pakeParams, exchangeParams, &keyAlias, &signInfo);
467 if (res != HC_SUCCESS) {
468 LOGE("GenerateSignInfo failed");
469 return res;
470 }
471
472 res = EncryptAuthAndSignInfo(pakeParams, exchangeParams, &signInfo, HICHAIN_EXCHANGE_REQUEST);
473 if (res != HC_SUCCESS) {
474 LOGE("EncryptAuthAndSignInfo failed");
475 return res;
476 }
477
478 return res;
479 }
480
GenerateSelfKeyAlias(const PakeParams * pakeParams,Uint8Buff * keyAlias)481 static int32_t GenerateSelfKeyAlias(const PakeParams *pakeParams, Uint8Buff *keyAlias)
482 {
483 KeyAliasType keyType = (KeyAliasType)pakeParams->userType;
484 // if self data is from upgrade, key type should be key-pair.
485 if (pakeParams->isSelfFromUpgrade) {
486 keyType = KEY_ALIAS_LT_KEY_PAIR;
487 }
488 Uint8Buff packageName = { (uint8_t *)pakeParams->packageName, HcStrlen(pakeParams->packageName) };
489 Uint8Buff serviceType = { (uint8_t *)pakeParams->serviceType, HcStrlen(pakeParams->serviceType) };
490 int32_t res = GenerateKeyAlias(&packageName, &serviceType, keyType, &(pakeParams->baseParams.idSelf), keyAlias);
491 if (res != HC_SUCCESS) {
492 LOGE("generateKeyAlias failed");
493 return res;
494 }
495 if (pakeParams->isSelfFromUpgrade) {
496 res = ToLowerCase(keyAlias);
497 if (res != HC_SUCCESS) {
498 LOGE("Failed to convert self key alias to lower case!");
499 return res;
500 }
501 }
502 return HC_SUCCESS;
503 }
504
ServerResponseStandardBindExchange(PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams)505 int32_t ServerResponseStandardBindExchange(PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams)
506 {
507 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
508 Uint8Buff keyAlias = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
509 int32_t res = GenerateSelfKeyAlias(pakeParams, &keyAlias);
510 if (res != HC_SUCCESS) {
511 return res;
512 }
513
514 uint8_t signInfoVal[SIGNATURE_LEN] = { 0 };
515 Uint8Buff signInfo = { signInfoVal, SIGNATURE_LEN };
516 res = DecryptAuthAndSignInfo(pakeParams, exchangeParams, &signInfo, HICHAIN_EXCHANGE_REQUEST);
517 if (res != HC_SUCCESS) {
518 LOGE("DecryptAuthAndSignInfo failed");
519 return res;
520 }
521
522 res = ParseAuthInfo(pakeParams, exchangeParams);
523 if (res != HC_SUCCESS) {
524 LOGE("ParseAuthInfo failed");
525 return res;
526 }
527
528 res = VerifySignInfo(pakeParams, exchangeParams, &signInfo);
529 if (res != HC_SUCCESS) {
530 LOGE("VerifySignInfo failed");
531 return res;
532 }
533
534 res = SaveAuthInfo(pakeParams, exchangeParams);
535 if (res != HC_SUCCESS) {
536 LOGE("SaveAuthInfo failed");
537 return res;
538 }
539
540 res = PackageAuthInfo(pakeParams, exchangeParams, &keyAlias);
541 if (res != HC_SUCCESS) {
542 LOGE("PackageAuthInfo failed");
543 return res;
544 }
545
546 res = GenerateSignInfo(pakeParams, exchangeParams, &keyAlias, &signInfo);
547 if (res != HC_SUCCESS) {
548 LOGE("GenerateSignInfo failed");
549 return res;
550 }
551
552 res = EncryptAuthAndSignInfo(pakeParams, exchangeParams, &signInfo, HICHAIN_EXCHANGE_RESPONSE);
553 if (res != HC_SUCCESS) {
554 LOGE("EncryptAuthAndSignInfo failed");
555 return res;
556 }
557
558 return HC_SUCCESS;
559 }
560
ClientConfirmStandardBindExchange(PakeParams * pakeParams,StandardBindExchangeParams * exchangeParams)561 int32_t ClientConfirmStandardBindExchange(PakeParams *pakeParams, StandardBindExchangeParams *exchangeParams)
562 {
563 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
564 Uint8Buff keyAlias = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
565 KeyAliasType keyType = (KeyAliasType)pakeParams->userType;
566 Uint8Buff packageName = { (uint8_t *)pakeParams->packageName, HcStrlen(pakeParams->packageName) };
567 Uint8Buff serviceType = { (uint8_t *)pakeParams->serviceType, HcStrlen(pakeParams->serviceType) };
568 int32_t res = GenerateKeyAlias(&packageName, &serviceType, keyType, &(pakeParams->baseParams.idSelf), &keyAlias);
569 if (res != HC_SUCCESS) {
570 LOGE("generateKeyAlias failed");
571 return res;
572 }
573
574 uint8_t signInfoVal[SIGNATURE_LEN] = { 0 };
575 Uint8Buff signInfo = { signInfoVal, SIGNATURE_LEN };
576 res = DecryptAuthAndSignInfo(pakeParams, exchangeParams, &signInfo, HICHAIN_EXCHANGE_RESPONSE);
577 if (res != HC_SUCCESS) {
578 LOGE("DecryptAuthAndSignInfo failed");
579 return res;
580 }
581
582 res = ParseAuthInfo(pakeParams, exchangeParams);
583 if (res != HC_SUCCESS) {
584 LOGE("ParseAuthInfo failed");
585 return res;
586 }
587
588 res = VerifySignInfo(pakeParams, exchangeParams, &signInfo);
589 if (res != HC_SUCCESS) {
590 LOGE("VerifySignInfo failed");
591 return res;
592 }
593
594 res = SaveAuthInfo(pakeParams, exchangeParams);
595 if (res != HC_SUCCESS) {
596 LOGE("SaveAuthInfo failed");
597 return res;
598 }
599
600 return HC_SUCCESS;
601 }
602