1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "das_standard_token_manager.h"
17 #include "alg_loader.h"
18 #include "das_task_common.h"
19 #include "hc_log.h"
20
RegisterLocalIdentityStd(const TokenManagerParams * params)21 static int32_t RegisterLocalIdentityStd(const TokenManagerParams *params)
22 {
23 Uint8Buff pkgNameBuff = { params->pkgName.val, params->pkgName.length };
24 Uint8Buff serviceTypeBuff = { params->serviceType.val, params->serviceType.length };
25 KeyAliasType keyType = (KeyAliasType)params->userType;
26 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
27 Uint8Buff keyAliasBuff = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
28 Uint8Buff authIdBuff = { params->authId.val, params->authId.length };
29 int32_t res = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, &authIdBuff, &keyAliasBuff);
30 if (res != HC_SUCCESS) {
31 LOGE("Failed to generate identity keyPair alias!");
32 return res;
33 }
34
35 const AlgLoader *loader = GetLoaderInstance();
36 res = loader->checkKeyExist(&keyAliasBuff, false, params->osAccountId);
37 if (res == HC_SUCCESS) {
38 LOGD("Key pair is exist.");
39 return HC_SUCCESS;
40 }
41
42 ExtraInfo exInfo = { authIdBuff, -1, -1 }; /* UserType and pairType are not required when generating key. */
43 KeyParams keyParams = { { keyAliasBuff.val, keyAliasBuff.length, true }, false, params->osAccountId };
44 res = loader->generateKeyPairWithStorage(&keyParams, PAKE_ED25519_KEY_PAIR_LEN, ED25519,
45 KEY_PURPOSE_SIGN_VERIFY, &exInfo);
46 if (res != HC_SUCCESS) {
47 LOGE("Failed to generate key pair!");
48 return res;
49 }
50 LOGI("Key pair generated successfully!");
51 return HC_SUCCESS;
52 }
53
UnregisterLocalIdentityStd(const TokenManagerParams * params)54 static int32_t UnregisterLocalIdentityStd(const TokenManagerParams *params)
55 {
56 Uint8Buff pkgNameBuff = { params->pkgName.val, params->pkgName.length };
57 Uint8Buff serviceTypeBuff = { params->serviceType.val, params->serviceType.length };
58 KeyAliasType keyType = (KeyAliasType)params->userType;
59 uint8_t pakeKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
60 Uint8Buff pakeKeyAliasBuff = { pakeKeyAliasVal, PAKE_KEY_ALIAS_LEN };
61 Uint8Buff authIdBuff = { params->authId.val, params->authId.length };
62 int32_t res = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, &authIdBuff, &pakeKeyAliasBuff);
63 if (res != HC_SUCCESS) {
64 LOGE("Failed to generate identity keyPair alias!");
65 return res;
66 }
67 LOGI("KeyPair alias(HEX): %x%x%x%x****.", pakeKeyAliasVal[DEV_AUTH_ZERO], pakeKeyAliasVal[DEV_AUTH_ONE],
68 pakeKeyAliasVal[DEV_AUTH_TWO], pakeKeyAliasVal[DEV_AUTH_THREE]);
69
70 const AlgLoader *loader = GetLoaderInstance();
71 res = loader->deleteKey(&pakeKeyAliasBuff, false, params->osAccountId);
72 if (res != HC_SUCCESS) {
73 LOGE("Failed to delete key pair!");
74 return res;
75 }
76 LOGI("Key pair deleted successfully!");
77
78 // try to delete upgrade keypair if exist.
79 if (memcmp(params->pkgName.val, GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME)) == 0) {
80 LOGI("Try to delete upgrade key pair.");
81 res = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, KEY_ALIAS_LT_KEY_PAIR, &authIdBuff, &pakeKeyAliasBuff);
82 if (res != HC_SUCCESS) {
83 LOGE("Failed to generate upgrade key pair alias!");
84 return res;
85 }
86 res = ToLowerCase(&pakeKeyAliasBuff);
87 if (res != HC_SUCCESS) {
88 LOGE("Failed to convert self key alias to lower case!");
89 return res;
90 }
91 LOGI("Upgrade key pair alias(HEX): %x%x%x%x****.", pakeKeyAliasVal[DEV_AUTH_ZERO],
92 pakeKeyAliasVal[DEV_AUTH_ONE], pakeKeyAliasVal[DEV_AUTH_TWO], pakeKeyAliasVal[DEV_AUTH_THREE]);
93 res = loader->deleteKey(&pakeKeyAliasBuff, true, params->osAccountId);
94 if (res != HC_SUCCESS) {
95 LOGE("Failed to delete upgrade key pair!");
96 return res;
97 }
98 LOGI("Upgrade key pair deleted successfully!");
99 }
100
101 return HC_SUCCESS;
102 }
103
DeletePeerPubKey(int32_t osAccountId,const Uint8Buff * pkgNameBuff,const Uint8Buff * serviceTypeBuff,KeyAliasType keyType,const Uint8Buff * authIdPeer)104 static int32_t DeletePeerPubKey(int32_t osAccountId, const Uint8Buff *pkgNameBuff, const Uint8Buff *serviceTypeBuff,
105 KeyAliasType keyType, const Uint8Buff *authIdPeer)
106 {
107 uint8_t pakeKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
108 Uint8Buff pakeKeyAliasBuff = { pakeKeyAliasVal, PAKE_KEY_ALIAS_LEN };
109 int32_t res = GenerateKeyAlias(pkgNameBuff, serviceTypeBuff, keyType, authIdPeer, &pakeKeyAliasBuff);
110 if (res != HC_SUCCESS) {
111 LOGE("Failed to generate peer pub key alias!");
112 return res;
113 }
114 LOGI("PubKey alias(HEX): %x%x%x%x****.", pakeKeyAliasVal[DEV_AUTH_ZERO], pakeKeyAliasVal[DEV_AUTH_ONE],
115 pakeKeyAliasVal[DEV_AUTH_TWO], pakeKeyAliasVal[DEV_AUTH_THREE]);
116 const AlgLoader *loader = GetLoaderInstance();
117 res = loader->deleteKey(&pakeKeyAliasBuff, false, osAccountId);
118 if (res != HC_SUCCESS) {
119 LOGE("Failed to delete peer public key!");
120 return res;
121 }
122 LOGI("PubKey deleted successfully!");
123
124 res = ToLowerCase(&pakeKeyAliasBuff);
125 if (res != HC_SUCCESS) {
126 LOGE("Failed to convert peer key alias to lower case!");
127 return res;
128 }
129 res = loader->deleteKey(&pakeKeyAliasBuff, true, osAccountId);
130 if (res != HC_SUCCESS) {
131 LOGE("Failed to delete peer public key by lower case alias!");
132 }
133 return res;
134 }
135
DeleteAuthPsk(int32_t osAccountId,const Uint8Buff * pkgNameBuff,const Uint8Buff * serviceTypeBuff,const Uint8Buff * authIdPeer)136 static int32_t DeleteAuthPsk(int32_t osAccountId, const Uint8Buff *pkgNameBuff, const Uint8Buff *serviceTypeBuff,
137 const Uint8Buff *authIdPeer)
138 {
139 uint8_t pakeKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
140 Uint8Buff pakeKeyAliasBuff = { pakeKeyAliasVal, PAKE_KEY_ALIAS_LEN };
141 int32_t res = GenerateKeyAlias(pkgNameBuff, serviceTypeBuff, KEY_ALIAS_PSK, authIdPeer, &pakeKeyAliasBuff);
142 if (res != HC_SUCCESS) {
143 LOGE("Failed to generate psk alias!");
144 return res;
145 }
146 LOGI("Psk alias(HEX): %x%x%x%x****.", pakeKeyAliasVal[DEV_AUTH_ZERO], pakeKeyAliasVal[DEV_AUTH_ONE],
147 pakeKeyAliasVal[DEV_AUTH_TWO], pakeKeyAliasVal[DEV_AUTH_THREE]);
148 const AlgLoader *loader = GetLoaderInstance();
149 res = loader->deleteKey(&pakeKeyAliasBuff, false, osAccountId);
150 if (res != HC_SUCCESS) {
151 LOGE("Failed to delete psk!");
152 return res;
153 }
154 res = loader->deleteKey(&pakeKeyAliasBuff, true, osAccountId);
155 if (res != HC_SUCCESS) {
156 LOGE("Failed to delete psk!");
157 return res;
158 }
159 LOGI("Psk deleted successfully!");
160
161 res = ToLowerCase(&pakeKeyAliasBuff);
162 if (res != HC_SUCCESS) {
163 LOGE("Failed to convert psk alias to lower case!");
164 return res;
165 }
166 res = loader->deleteKey(&pakeKeyAliasBuff, true, osAccountId);
167 if (res != HC_SUCCESS) {
168 LOGE("Failed to delete psk by lower case alias!");
169 }
170 return res;
171 }
172
DeletePseudonymPskStd(int32_t osAccountId,const Uint8Buff * serviceTypeBuff,const Uint8Buff * authIdPeer)173 static int32_t DeletePseudonymPskStd(int32_t osAccountId, const Uint8Buff *serviceTypeBuff,
174 const Uint8Buff *authIdPeer)
175 {
176 uint8_t pakeKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
177 Uint8Buff pakeKeyAliasBuff = { pakeKeyAliasVal, PAKE_KEY_ALIAS_LEN };
178 int32_t res = GeneratePseudonymPskAlias(serviceTypeBuff, authIdPeer, &pakeKeyAliasBuff);
179 if (res != HC_SUCCESS) {
180 LOGE("Failed to generate pseudonym psk alias!");
181 return res;
182 }
183 res = ToLowerCase(&pakeKeyAliasBuff);
184 if (res != HC_SUCCESS) {
185 LOGE("Failed to convert pseudonym psk alias to lower case!");
186 return res;
187 }
188 res = GetLoaderInstance()->deleteKey(&pakeKeyAliasBuff, true, osAccountId);
189 if (res != HC_SUCCESS) {
190 LOGE("Failed to delete pseudonym psk!");
191 return res;
192 }
193 LOGI("Delete pseudonym psk successfully!");
194 return HC_SUCCESS;
195 }
196
DeletePeerAuthInfoStd(const TokenManagerParams * params)197 static int32_t DeletePeerAuthInfoStd(const TokenManagerParams *params)
198 {
199 Uint8Buff pkgNameBuff = { params->pkgName.val, params->pkgName.length };
200 Uint8Buff serviceTypeBuff = { params->serviceType.val, params->serviceType.length };
201 #ifdef DEV_AUTH_FUNC_TEST
202 KeyAliasType keyType = KEY_ALIAS_LT_KEY_PAIR;
203 #else
204 KeyAliasType keyType = (KeyAliasType)params->userType;
205 #endif
206 Uint8Buff authIdBuff = { params->authId.val, params->authId.length };
207 int32_t res = DeletePeerPubKey(params->osAccountId, &pkgNameBuff, &serviceTypeBuff, keyType, &authIdBuff);
208 if (res != HC_SUCCESS) {
209 return res;
210 }
211
212 res = DeleteAuthPsk(params->osAccountId, &pkgNameBuff, &serviceTypeBuff, &authIdBuff);
213 if (res != HC_SUCCESS) {
214 return res;
215 }
216
217 // try to delete pseudonym psk if exist.
218 return DeletePseudonymPskStd(params->osAccountId, &serviceTypeBuff, &authIdBuff);
219 }
220
GenerateSelfKeyAlias(const PakeParams * params,Uint8Buff * selfKeyAlias)221 static int32_t GenerateSelfKeyAlias(const PakeParams *params, Uint8Buff *selfKeyAlias)
222 {
223 KeyAliasType keyType = (KeyAliasType)params->userType;
224 // if self data is from upgrade, key type should be key-pair.
225 if (params->isSelfFromUpgrade) {
226 keyType = KEY_ALIAS_LT_KEY_PAIR;
227 }
228 Uint8Buff packageName = { (uint8_t *)params->packageName, HcStrlen(params->packageName) };
229 Uint8Buff serviceType = { (uint8_t *)params->serviceType, HcStrlen(params->serviceType) };
230 int32_t res = GenerateKeyAlias(&packageName, &serviceType, keyType, &(params->baseParams.idSelf), selfKeyAlias);
231 if (res != HC_SUCCESS) {
232 LOGE("generate self key alias failed");
233 return res;
234 }
235 if (params->isSelfFromUpgrade) {
236 res = ToLowerCase(selfKeyAlias);
237 if (res != HC_SUCCESS) {
238 LOGE("Failed to convert self key alias to lower case!");
239 return res;
240 }
241 }
242 return HC_SUCCESS;
243 }
244
GeneratePeerKeyAlias(const PakeParams * params,Uint8Buff * peerKeyAlias)245 static int32_t GeneratePeerKeyAlias(const PakeParams *params, Uint8Buff *peerKeyAlias)
246 {
247 Uint8Buff packageName = { (uint8_t *)params->packageName, HcStrlen(params->packageName) };
248 Uint8Buff serviceType = { (uint8_t *)params->serviceType, HcStrlen(params->serviceType) };
249 #ifdef DEV_AUTH_FUNC_TEST
250 KeyAliasType keyTypePeer = KEY_ALIAS_LT_KEY_PAIR;
251 #else
252 KeyAliasType keyTypePeer = (KeyAliasType)params->userTypePeer;
253 #endif
254 int32_t res = GenerateKeyAlias(&packageName, &serviceType, keyTypePeer, &(params->baseParams.idPeer), peerKeyAlias);
255 if (res != HC_SUCCESS) {
256 LOGE("generate peer key alias failed");
257 return res;
258 }
259 if (params->isPeerFromUpgrade) {
260 res = ToLowerCase(peerKeyAlias);
261 if (res != HC_SUCCESS) {
262 LOGE("Failed to convert peer key alias to lower case!");
263 return res;
264 }
265 }
266 return HC_SUCCESS;
267 }
268
GenerateSharedKeyAlias(const PakeParams * params,Uint8Buff * sharedKeyAlias)269 static int32_t GenerateSharedKeyAlias(const PakeParams *params, Uint8Buff *sharedKeyAlias)
270 {
271 Uint8Buff packageName = { (uint8_t *)params->packageName, HcStrlen(params->packageName) };
272 Uint8Buff serviceType = { (uint8_t *)params->serviceType, HcStrlen(params->serviceType) };
273 int32_t res = GenerateKeyAlias(&packageName, &serviceType, KEY_ALIAS_PSK, &(params->baseParams.idPeer),
274 sharedKeyAlias);
275 if (res != HC_SUCCESS) {
276 LOGE("generate psk alias failed");
277 return res;
278 }
279 if (params->isPeerFromUpgrade) {
280 res = ToLowerCase(sharedKeyAlias);
281 if (res != HC_SUCCESS) {
282 LOGE("Failed to convert psk alias to lower case!");
283 return res;
284 }
285 }
286 return HC_SUCCESS;
287 }
288
ComputeAndSavePskInner(const PakeParams * params,const Uint8Buff * selfKeyAlias,const Uint8Buff * peerKeyAlias,Uint8Buff * sharedKeyAlias)289 static int32_t ComputeAndSavePskInner(const PakeParams *params, const Uint8Buff *selfKeyAlias,
290 const Uint8Buff *peerKeyAlias, Uint8Buff *sharedKeyAlias)
291 {
292 KeyParams selfKeyParams = {
293 { selfKeyAlias->val, selfKeyAlias->length, true },
294 params->isSelfFromUpgrade,
295 params->baseParams.osAccountId
296 };
297 KeyBuff peerKeyBuff = { peerKeyAlias->val, peerKeyAlias->length, true };
298 int32_t res;
299 Algorithm alg = (params->baseParams.curveType == CURVE_256) ? P256 : ED25519;
300 if (alg == ED25519) {
301 uint8_t peerPubKeyVal[PAKE_ED25519_KEY_PAIR_LEN] = { 0 };
302 Uint8Buff peerPubKeyBuff = { peerPubKeyVal, PAKE_ED25519_KEY_PAIR_LEN };
303 KeyParams peerKeyParams = {
304 .keyBuff = { peerKeyAlias->val, peerKeyAlias->length, true },
305 .isDeStorage = params->isPeerFromUpgrade,
306 .osAccountId = params->baseParams.osAccountId
307 };
308 res = params->baseParams.loader->exportPublicKey(&peerKeyParams, &peerPubKeyBuff);
309 if (res != HC_SUCCESS) {
310 LOGE("Failed to export peer public key!");
311 return res;
312 }
313 peerKeyBuff.key = peerPubKeyBuff.val;
314 peerKeyBuff.keyLen = peerPubKeyBuff.length;
315 peerKeyBuff.isAlias = false;
316 }
317 res = params->baseParams.loader->agreeSharedSecretWithStorage(&selfKeyParams, &peerKeyBuff, alg,
318 PAKE_PSK_LEN, sharedKeyAlias);
319 if (res != HC_SUCCESS) {
320 LOGE("Failed to agree psk!");
321 }
322 return res;
323 }
324
ComputeAndSavePskStd(const PakeParams * params)325 static int32_t ComputeAndSavePskStd(const PakeParams *params)
326 {
327 uint8_t selfKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
328 Uint8Buff selfKeyAlias = { selfKeyAliasVal, PAKE_KEY_ALIAS_LEN };
329 uint8_t peerKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
330 Uint8Buff peerKeyAlias = { peerKeyAliasVal, PAKE_KEY_ALIAS_LEN };
331 int32_t res = GenerateSelfKeyAlias(params, &selfKeyAlias);
332 if (res != HC_SUCCESS) {
333 return res;
334 }
335
336 res = GeneratePeerKeyAlias(params, &peerKeyAlias);
337 if (res != HC_SUCCESS) {
338 return res;
339 }
340
341 res = params->baseParams.loader->checkKeyExist(&selfKeyAlias, params->isSelfFromUpgrade,
342 params->baseParams.osAccountId);
343 if (res != HC_SUCCESS) {
344 LOGE("self auth keyPair not exist");
345 return res;
346 }
347 res = params->baseParams.loader->checkKeyExist(&peerKeyAlias, params->isPeerFromUpgrade,
348 params->baseParams.osAccountId);
349 if (res != HC_SUCCESS) {
350 LOGE("peer auth pubKey not exist");
351 return res;
352 }
353
354 uint8_t sharedKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
355 Uint8Buff sharedKeyAlias = { sharedKeyAliasVal, PAKE_KEY_ALIAS_LEN };
356 res = GenerateSharedKeyAlias(params, &sharedKeyAlias);
357 if (res != HC_SUCCESS) {
358 return res;
359 }
360
361 LOGI("PubKey alias(HEX): %x%x%x%x****, priKey alias(HEX): %x%x%x%x****, psk alias(HEX): %x%x%x%x****.",
362 peerKeyAliasVal[DEV_AUTH_ZERO], peerKeyAliasVal[DEV_AUTH_ONE],
363 peerKeyAliasVal[DEV_AUTH_TWO], peerKeyAliasVal[DEV_AUTH_THREE],
364 selfKeyAliasVal[DEV_AUTH_ZERO], selfKeyAliasVal[DEV_AUTH_ONE],
365 selfKeyAliasVal[DEV_AUTH_TWO], selfKeyAliasVal[DEV_AUTH_THREE],
366 sharedKeyAliasVal[DEV_AUTH_ZERO], sharedKeyAliasVal[DEV_AUTH_ONE],
367 sharedKeyAliasVal[DEV_AUTH_TWO], sharedKeyAliasVal[DEV_AUTH_THREE]);
368 return ComputeAndSavePskInner(params, &selfKeyAlias, &peerKeyAlias, &sharedKeyAlias);
369 }
370
GetPublicKeyStd(const TokenManagerParams * params,Uint8Buff * returnPk)371 static int32_t GetPublicKeyStd(const TokenManagerParams *params, Uint8Buff *returnPk)
372 {
373 Uint8Buff pkgNameBuff = { params->pkgName.val, params->pkgName.length };
374 Uint8Buff serviceTypeBuff = { params->serviceType.val, params->serviceType.length };
375 KeyAliasType keyType = (KeyAliasType)params->userType;
376 uint8_t keyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
377 Uint8Buff keyAliasBuff = { keyAliasVal, PAKE_KEY_ALIAS_LEN };
378 Uint8Buff authIdBuff = { params->authId.val, params->authId.length };
379 int32_t res = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, &authIdBuff, &keyAliasBuff);
380 if (res != HC_SUCCESS) {
381 LOGE("Failed to generate keyPair alias!");
382 return res;
383 }
384
385 bool isDeStorage = false;
386 const AlgLoader *loader = GetLoaderInstance();
387 res = loader->checkKeyExist(&keyAliasBuff, false, params->osAccountId);
388 if (res != HC_SUCCESS) {
389 isDeStorage = true;
390 res = loader->checkKeyExist(&keyAliasBuff, true, params->osAccountId);
391 if (res != HC_SUCCESS) {
392 res = ToLowerCase(&keyAliasBuff);
393 if (res != HC_SUCCESS) {
394 LOGE("Failed to convert key alias to lower case!");
395 return res;
396 }
397 res = loader->checkKeyExist(&keyAliasBuff, true, params->osAccountId);
398 if (res != HC_SUCCESS) {
399 LOGE("Key not exist!");
400 return res;
401 }
402 }
403 }
404
405 KeyParams keyParams = { { keyAliasBuff.val, keyAliasBuff.length, true }, isDeStorage, params->osAccountId };
406 res = loader->exportPublicKey(&keyParams, returnPk);
407 if (res != HC_SUCCESS) {
408 LOGE("Failed to export public key!");
409 return res;
410 }
411 LOGI("Get public key successfully!");
412 return HC_SUCCESS;
413 }
414
415 TokenManager g_asyTokenManagerInstance = {
416 .registerLocalIdentity = RegisterLocalIdentityStd,
417 .unregisterLocalIdentity = UnregisterLocalIdentityStd,
418 .deletePeerAuthInfo = DeletePeerAuthInfoStd,
419 .computeAndSavePsk = ComputeAndSavePskStd,
420 .getPublicKey = GetPublicKeyStd,
421 };
422
GetStandardTokenManagerInstance(void)423 const TokenManager *GetStandardTokenManagerInstance(void)
424 {
425 return &g_asyTokenManagerInstance;
426 }