1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "iso_auth_server_task.h"
17 #include "account_module_defines.h"
18 #include "clib_error.h"
19 #include "common_defs.h"
20 #include "device_auth.h"
21 #include "device_auth_defines.h"
22 #include "hc_log.h"
23 #include "hc_types.h"
24 #include "iso_auth_task_common.h"
25 #include "iso_protocol_common.h"
26 #include "protocol_common.h"
27
28 enum {
29 TASK_STATUS_SERVER_BEGIN_TOKEN = 0,
30 TASK_STATUS_SERVER_GEN_SESSION_KEY = 1,
31 TASK_STATUS_SERVER_END = 2,
32 };
33
GetIsoAuthServerType(void)34 static AccountTaskType GetIsoAuthServerType(void)
35 {
36 return TASK_TYPE_ISO_AUTH_SERVER;
37 }
38
ParseIsoAuthClientBeginMsg(IsoAuthParams * params,const CJson * in)39 static int32_t ParseIsoAuthClientBeginMsg(IsoAuthParams *params, const CJson *in)
40 {
41 const char *userIdPeer = GetStringFromJson(in, FIELD_USER_ID);
42 if (userIdPeer == NULL) {
43 LOGE("Failed to get userIdPeer from input data for server in sym auth.");
44 return HC_ERR_JSON_GET;
45 }
46 if (strcpy_s(params->userIdPeer, DEV_AUTH_USER_ID_SIZE, userIdPeer) != EOK) {
47 LOGE("Copy for userIdPeer failed for server in sym auth.");
48 return HC_ERR_MEMORY_COPY;
49 }
50 if (GetByteFromJson(in, FIELD_SEED, params->seed, sizeof(params->seed)) != CLIB_SUCCESS) {
51 LOGE("Get seed from json failed for server.");
52 return HC_ERR_JSON_GET;
53 }
54 if (GetByteFromJson(in, FIELD_SALT, params->isoBaseParams.randPeer.val,
55 params->isoBaseParams.randPeer.length) != CLIB_SUCCESS) {
56 LOGE("Get saltPeer from json failed for server.");
57 return HC_ERR_JSON_GET;
58 }
59 int32_t res = ExtractAndVerifyPayload(params, in);
60 if (res != HC_SUCCESS) {
61 LOGE("ExtractAndVerifyPayload failed for server, res: %d.", res);
62 }
63 return res;
64 }
65
AddGetTokenDataToJson(const IsoAuthParams * params,CJson * sendToPeer)66 static int32_t AddGetTokenDataToJson(const IsoAuthParams *params, CJson *sendToPeer)
67 {
68 CJson *data = CreateJson();
69 if (data == NULL) {
70 LOGE("Create data json failed.");
71 return HC_ERR_JSON_CREATE;
72 }
73 if (AddByteToJson(data, FIELD_PAYLOAD,
74 params->isoBaseParams.authIdSelf.val, params->isoBaseParams.authIdSelf.length) != CLIB_SUCCESS) {
75 LOGE("Add payloadSelf to json failed.");
76 goto CLEAN_UP;
77 }
78 if (AddByteToJson(data, FIELD_TOKEN, params->hmacToken, sizeof(params->hmacToken)) != CLIB_SUCCESS) {
79 LOGE("Add hmacToken to json failed.");
80 goto CLEAN_UP;
81 }
82 if (AddByteToJson(data, FIELD_SALT,
83 params->isoBaseParams.randSelf.val, params->isoBaseParams.randSelf.length) != CLIB_SUCCESS) {
84 LOGE("Add saltSelf to json failed.");
85 goto CLEAN_UP;
86 }
87 if (AddObjToJson(sendToPeer, FIELD_DATA, data) != CLIB_SUCCESS) {
88 LOGE("Add data json obj to json failed.");
89 goto CLEAN_UP;
90 }
91
92 FreeJson(data);
93 return HC_SUCCESS;
94 CLEAN_UP:
95 FreeJson(data);
96 return HC_ERR_JSON_ADD;
97 }
98
PackIsoAuthServerGetTokenMsg(const IsoAuthParams * params,CJson * out)99 static int32_t PackIsoAuthServerGetTokenMsg(const IsoAuthParams *params, CJson *out)
100 {
101 CJson *sendToPeer = CreateJson();
102 if (sendToPeer == NULL) {
103 LOGE("Create sendToPeer json is null in server.");
104 return HC_ERR_JSON_CREATE;
105 }
106
107 if (AddIntToJson(sendToPeer, FIELD_STEP, RET_ISO_AUTH_FOLLOWER_ONE) != CLIB_SUCCESS) {
108 LOGE("Add step code to json failed in server.");
109 goto CLEAN_UP;
110 }
111 if (AddIntToJson(sendToPeer, FIELD_AUTH_FORM, params->authForm) != CLIB_SUCCESS) {
112 LOGE("Add authForm to json failed in server.");
113 goto CLEAN_UP;
114 }
115 if (AddStringToJson(sendToPeer, FIELD_USER_ID, params->userIdSelf) != CLIB_SUCCESS) {
116 LOGE("Add userIdSelf to json failed in server.");
117 goto CLEAN_UP;
118 }
119 if (AddByteToJson(sendToPeer, FIELD_DEV_ID, params->devIdSelf.val, params->devIdSelf.length) != CLIB_SUCCESS) {
120 LOGE("Add devIdSelf to json failed in server.");
121 goto CLEAN_UP;
122 }
123 if (AddStringToJson(sendToPeer, FIELD_DEVICE_ID, params->deviceIdSelf) != CLIB_SUCCESS) {
124 LOGE("Add deviceIdSelf to json failed in server.");
125 goto CLEAN_UP;
126 }
127
128 int32_t res = AddGetTokenDataToJson(params, sendToPeer);
129 if (res != HC_SUCCESS) {
130 LOGE("AddGetTokenDataToJson failed, res: %d.", res);
131 FreeJson(sendToPeer);
132 return res;
133 }
134
135 if (AddObjToJson(out, FIELD_SEND_TO_PEER, sendToPeer) != CLIB_SUCCESS) {
136 LOGE("Add sendToPeer to json failed.");
137 goto CLEAN_UP;
138 }
139
140 FreeJson(sendToPeer);
141 return HC_SUCCESS;
142 CLEAN_UP:
143 FreeJson(sendToPeer);
144 return HC_ERR_JSON_ADD;
145 }
146
IsoAuthServerGetToken(TaskBase * task,const CJson * in,CJson * out,int32_t * status)147 static int32_t IsoAuthServerGetToken(TaskBase *task, const CJson *in, CJson *out, int32_t *status)
148 {
149 IsoAuthServerTask *innerTask = (IsoAuthServerTask *)task;
150 if (innerTask->taskBase.taskStatus < TASK_STATUS_SERVER_BEGIN_TOKEN) {
151 LOGE("Message code is not match with task status, taskStatus: %d", innerTask->taskBase.taskStatus);
152 return HC_ERR_BAD_MESSAGE;
153 }
154 if (innerTask->taskBase.taskStatus > TASK_STATUS_SERVER_BEGIN_TOKEN) {
155 LOGI("The message is repeated, ignore it, taskStatus: %d.", innerTask->taskBase.taskStatus);
156 *status = IGNORE_MSG;
157 return HC_SUCCESS;
158 }
159
160 // Receive params from client.
161 int32_t res = ParseIsoAuthClientBeginMsg(&innerTask->params, in);
162 if (res != HC_SUCCESS) {
163 LOGE("ParseIsoAuthClientBeginMsg failed, res: %d.", res);
164 return res;
165 }
166
167 // Get psk and process hmacToken.
168 res = AccountAuthGeneratePsk(&innerTask->params);
169 if (res != HC_SUCCESS) {
170 LOGE("AccountAuthGeneratePsk failed, res: %d.", res);
171 return res;
172 }
173 Uint8Buff selfTokenBuf = { innerTask->params.hmacToken, HMAC_TOKEN_SIZE };
174 res = IsoServerGenRandomAndToken(&innerTask->params.isoBaseParams, &selfTokenBuf);
175 if (res != HC_SUCCESS) {
176 LOGE("IsoServerGenRandomAndToken failed, res: %d.", res);
177 return res;
178 }
179
180 // Send params to client.
181 res = PackIsoAuthServerGetTokenMsg(&innerTask->params, out);
182 if (res != HC_SUCCESS) {
183 LOGE("PackIsoAuthServerGetTokenMsg failed, res: %d.", res);
184 return res;
185 }
186
187 innerTask->taskBase.taskStatus = TASK_STATUS_SERVER_GEN_SESSION_KEY;
188 *status = CONTINUE;
189 return HC_SUCCESS;
190 }
191
PackCalTokenAndSessionKeyMsg(const IsoAuthParams * params,CJson * out,const Uint8Buff * authResultMac)192 static int32_t PackCalTokenAndSessionKeyMsg(const IsoAuthParams *params, CJson *out, const Uint8Buff *authResultMac)
193 {
194 CJson *sendToPeer = CreateJson();
195 if (sendToPeer == NULL) {
196 LOGE("Create sendToPeer json failed.");
197 return HC_ERR_JSON_CREATE;
198 }
199 CJson *data = CreateJson();
200 if (data == NULL) {
201 LOGE("Create data json failed.");
202 FreeJson(sendToPeer);
203 return HC_ERR_JSON_CREATE;
204 }
205
206 if (AddIntToJson(sendToPeer, FIELD_STEP, RET_ISO_AUTH_FOLLOWER_TWO) != CLIB_SUCCESS) {
207 LOGE("Add step code to json failed.");
208 goto CLEAN_UP;
209 }
210 if (AddIntToJson(sendToPeer, FIELD_AUTH_FORM, params->authForm) != CLIB_SUCCESS) {
211 LOGE("Add authForm to json failed.");
212 goto CLEAN_UP;
213 }
214 if (AddByteToJson(data, FIELD_AUTH_RESULT_MAC, authResultMac->val, authResultMac->length) != CLIB_SUCCESS) {
215 LOGE("Add authResultMac to json failed.");
216 goto CLEAN_UP;
217 }
218 if (AddObjToJson(sendToPeer, FIELD_DATA, data) != CLIB_SUCCESS) {
219 LOGE("Add data json obj to json failed.");
220 goto CLEAN_UP;
221 }
222 if (AddObjToJson(out, FIELD_SEND_TO_PEER, sendToPeer) != CLIB_SUCCESS) {
223 LOGE("Add sendToPeer to json failed.");
224 goto CLEAN_UP;
225 }
226 FreeJson(sendToPeer);
227 FreeJson(data);
228 return HC_SUCCESS;
229 CLEAN_UP:
230 FreeJson(sendToPeer);
231 FreeJson(data);
232 return HC_ERR_JSON_ADD;
233 }
234
IsoAuthServerCalTokenAndSessionKey(TaskBase * task,const CJson * in,CJson * out,int32_t * status)235 static int32_t IsoAuthServerCalTokenAndSessionKey(TaskBase *task, const CJson *in, CJson *out, int32_t *status)
236 {
237 IsoAuthServerTask *innerTask = (IsoAuthServerTask *)task;
238 if (innerTask->taskBase.taskStatus < TASK_STATUS_SERVER_GEN_SESSION_KEY) {
239 LOGE("Message code is not match with task status, taskStatus: %d", innerTask->taskBase.taskStatus);
240 return HC_ERR_BAD_MESSAGE;
241 }
242 if (innerTask->taskBase.taskStatus > TASK_STATUS_SERVER_GEN_SESSION_KEY) {
243 LOGI("The message is repeated, ignore it, taskStatus: %d.", innerTask->taskBase.taskStatus);
244 *status = IGNORE_MSG;
245 return HC_SUCCESS;
246 }
247
248 // Receive params from client.
249 uint8_t peerToken[HMAC_TOKEN_SIZE] = { 0 };
250 Uint8Buff peerTokenBuf = { peerToken, HMAC_TOKEN_SIZE };
251 if (GetByteFromJson(in, FIELD_TOKEN, peerToken, sizeof(peerToken)) != CLIB_SUCCESS) {
252 LOGE("Get peerToken from json failed.");
253 return HC_ERR_JSON_GET;
254 }
255
256 // Process hmacToken and generate session key.
257 uint8_t authResultMac[AUTH_RESULT_MAC_SIZE] = { 0 };
258 Uint8Buff authResultMacBuf = { authResultMac, AUTH_RESULT_MAC_SIZE };
259 int32_t res = IsoServerGenSessionKeyAndCalToken(&(innerTask->params.isoBaseParams),
260 &peerTokenBuf, &authResultMacBuf);
261 if (res != HC_SUCCESS) {
262 LOGE("IsoServerGenSessionKeyAndCalToken failed, res: %d.", res);
263 return res;
264 }
265
266 // Return params to client.
267 res = PackCalTokenAndSessionKeyMsg(&innerTask->params, out, &authResultMacBuf);
268 if (res != HC_SUCCESS) {
269 LOGE("PackCalTokenAndSessionKeyMsg failed, res: %d.", res);
270 return res;
271 }
272
273 // Return params to server self.
274 res = AuthIsoSendFinalToOut(&innerTask->params, out);
275 if (res != HC_SUCCESS) {
276 LOGE("AuthIsoSendFinalToOut failed, res: %d.", res);
277 return res;
278 }
279
280 innerTask->taskBase.taskStatus = TASK_STATUS_SERVER_END;
281 *status = FINISH;
282 return HC_SUCCESS;
283 }
284
ProcessServerTask(TaskBase * task,const CJson * in,CJson * out,int32_t * status)285 static int32_t ProcessServerTask(TaskBase *task, const CJson *in, CJson *out, int32_t *status)
286 {
287 int32_t authStep;
288 if (GetIntFromJson(in, FIELD_STEP, &authStep) != CLIB_SUCCESS) {
289 LOGE("Get step code from json failed.");
290 return HC_ERR_JSON_GET;
291 }
292 int32_t res;
293 switch (authStep) {
294 case CMD_ISO_AUTH_MAIN_ONE:
295 res = IsoAuthServerGetToken(task, in, out, status);
296 break;
297 case CMD_ISO_AUTH_MAIN_TWO:
298 res = IsoAuthServerCalTokenAndSessionKey(task, in, out, status);
299 break;
300 default:
301 res = HC_ERR_BAD_MESSAGE;
302 }
303 if (res != HC_SUCCESS) {
304 LOGE("Process iso auth server failed, step: %d, res: %d.", authStep, res);
305 }
306 return res;
307 }
308
DestroyAuthServerAuthTask(TaskBase * task)309 static void DestroyAuthServerAuthTask(TaskBase *task)
310 {
311 if (task == NULL) {
312 return;
313 }
314 IsoAuthServerTask *innerTask = (IsoAuthServerTask *)task;
315 DestroyIsoAuthParams(&(innerTask->params));
316 HcFree(innerTask);
317 }
318
CreateIsoAuthServerTask(const CJson * in,CJson * out,const AccountVersionInfo * verInfo)319 TaskBase *CreateIsoAuthServerTask(const CJson *in, CJson *out, const AccountVersionInfo *verInfo)
320 {
321 if ((in == NULL) || (out == NULL) || (verInfo == NULL)) {
322 LOGE("Params is null for server sym auth.");
323 return NULL;
324 }
325 IsoAuthServerTask *task = (IsoAuthServerTask *)HcMalloc(sizeof(IsoAuthServerTask), 0);
326 if (task == NULL) {
327 LOGE("Malloc for IsoAuthServerTask failed.");
328 return NULL;
329 }
330 task->taskBase.getTaskType = GetIsoAuthServerType;
331 task->taskBase.process = ProcessServerTask;
332 task->taskBase.destroyTask = DestroyAuthServerAuthTask;
333
334 int32_t res = InitIsoAuthParams(in, &(task->params), verInfo);
335 if (res != HC_SUCCESS) {
336 LOGE("InitIsoAuthParams failed, res: %d.", res);
337 DestroyAuthServerAuthTask((TaskBase *)task);
338 return NULL;
339 }
340
341 task->taskBase.taskStatus = TASK_STATUS_SERVER_BEGIN_TOKEN;
342 return (TaskBase *)task;
343 }
344