consenlabs · xiaoguang1010 · Apr 7, 2025 · Apr 7, 2025 · Apr 9, 2025
diff --git a/imkey-core/ikc-device/src/auth_code_storage.rs b/imkey-core/ikc-device/src/auth_code_storage.rs
@@ -9,6 +9,7 @@ use serde::{Deserialize, Serialize};
 pub struct AuthCodeStorageRequest {
     pub seid: String,
     pub auth_code: String,
+    pub bind_status: String,
     pub step_key: String,
     pub status_word: Option<String>,
     #[serde(rename = "commandID")]
@@ -37,10 +38,11 @@ impl TsmService for AuthCodeStorageRequest {
 }
 
 impl AuthCodeStorageRequest {
-    pub fn build_request_data(seid: String, auth_code: String) -> Self {
+    pub fn build_request_data(seid: String, auth_code: String, bind_status: String) -> Self {
         AuthCodeStorageRequest {
             seid,
             auth_code,
+            bind_status,
             step_key: String::from("01"),
             status_word: None,
             command_id: String::from(constants::TSM_ACTION_AUTHCODE_STORAGE),
@@ -61,8 +63,10 @@ mod test {
         assert!(hid_connect("imKey Pro").is_ok());
         let seid = get_se_id().unwrap();
         let auth_code: String = "33FE1AEAEB429C2C3798EBE67B709DBB7140FFD6FA9E8D5FF5476919B618904F88C3B52D8D05FAE7F88E9FAEC576A1EAFAF4D48B7B6670CBB368A34D6FD67F93F6BC008746BDB349A020FE88FBF566CC6ADE322E6B17325DD9AEF310495BECCE4634B61621FE776F4D217B8764CAC0FFD276FD4917CEA3EBECCF19D2EB7237DB395B9B68BA40FC6B040C257658E8D6D0DE9A67E49DF86D065BE1831B02751BBA00F8EDE4242859221C1D7DEF7547D1ADB43188D2A074AAA0C980A822B8B5363D8CCE81E829F83DA6E8D7530AD6F2785F07E417AE59AD2A414D5A203D3052F0106AC801C054374E6F4ADD024C9026E3D4DA9F947B0097F4E10B20E1B684AA6006".to_string();
-        assert!(AuthCodeStorageRequest::build_request_data(seid, auth_code)
-            .send_message()
-            .is_ok());
+        assert!(
+            AuthCodeStorageRequest::build_request_data(seid, auth_code, "unbound".to_string())
+                .send_message()
+                .is_ok()
+        );
     }
 }
diff --git a/imkey-core/ikc-device/src/device_binding.rs b/imkey-core/ikc-device/src/device_binding.rs
@@ -1,6 +1,7 @@
 use super::key_manager::KeyManager;
 use crate::auth_code_storage::AuthCodeStorageRequest;
 use crate::device_cert_check::DeviceCertCheckRequest;
+use crate::device_manager::bind_check;
 use crate::error::{BindError, ImkeyError};
 use crate::Result;
 use crate::{device_manager, TsmService};
@@ -21,6 +22,7 @@ use rsa::{BigUint, PaddingScheme, PublicKey as RSAPublic, RsaPublicKey};
 use secp256k1::{ecdh, PublicKey, SecretKey};
 use sha1::Sha1;
 use std::collections::HashMap;
+use std::string;
 
 lazy_static! {
     pub static ref KEY_MANAGER: Mutex<KeyManager> = Mutex::new(KeyManager::new());
@@ -31,6 +33,7 @@ lazy_static! {
         bind_status_mapping.insert(BIND_STATUS_BOUND_OTHER, "bound_other");
         bind_status_mapping.insert(BIND_RESULT_SUCCESS, "success");
         bind_status_mapping.insert(BIND_RESULT_ERROR, "authcode_error");
+        bind_status_mapping.insert(BIND_RESULT_ERROR, "activation");
         bind_status_mapping
     };
 }
@@ -98,7 +101,7 @@ impl DeviceManage {
         Ok(BIND_STATUS_MAP.get(status.as_str()).unwrap().to_string())
     }
 
-    pub fn bind_acquire(binding_code: &String) -> Result<String> {
+    pub fn bind_acquire(binding_code: &str, binding_status: &str) -> Result<String> {
         let temp_binding_code = binding_code.to_uppercase();
         let binding_code_bytes = temp_binding_code.as_bytes();
         //check auth code
@@ -109,9 +112,19 @@ impl DeviceManage {
         //encryption auth code
         let auth_code_ciphertext = auth_code_encrypt(&temp_binding_code)?;
 
+        //check binding status
+        if !BIND_STATUS_MAP.values().any(|v| v == &binding_status) {
+            return Err(BindError::ImkeyInvalidBindStatus.into());
+        }
+
         //save auth Code cipher
         let seid = device_manager::get_se_id()?;
-        AuthCodeStorageRequest::build_request_data(seid, auth_code_ciphertext).send_message()?;
+        AuthCodeStorageRequest::build_request_data(
+            seid,
+            auth_code_ciphertext,
+            binding_status.to_string(),
+        )
+        .send_message()?;
 
         let key_manager_obj = KEY_MANAGER.lock();
         //select IMK applet
@@ -222,7 +235,7 @@ pub fn bind_test() {
     let check_result = DeviceManage::bind_check(&path).unwrap_or_default();
     if !"bound_this".eq(check_result.as_str()) {
         //If it is not bound to this device, then perform the binding operation
-        let bind_result = DeviceManage::bind_acquire(&bind_code).unwrap_or_default();
+        let bind_result = DeviceManage::bind_acquire(&bind_code, &check_result).unwrap_or_default();
         if "success".eq(bind_result.as_str()) {
             println!("{:?}", "binding success");
         } else {
@@ -237,7 +250,7 @@ pub fn bind_test() {
 // pub const TEST_KEY_PATH: &str = "/tmp/";
 // pub const TEST_BIND_CODE: &str = "MCYNK5AH";
 pub const TEST_KEY_PATH: &str = "/tmp/";
-pub const TEST_BIND_CODE: &str = "CM3SH5QE";
+pub const TEST_BIND_CODE: &str = "K3AUVVAH";
 
 #[cfg(test)]
 mod test {
@@ -246,6 +259,7 @@ mod test {
     };
     use crate::device_manager::bind_display_code;
     use ikc_transport::hid_api::hid_connect;
+    use std::collections::HashMap;
     use std::fs::OpenOptions;
     use std::io::Read;
     use std::path::Path;
@@ -271,9 +285,9 @@ mod test {
                 .open(Path::new("bind_code.txt"))
                 .expect("imkey_keyfile_opertion_error");
             file.read_to_string(&mut bind_code_temp);
-            bind_result = DeviceManage::bind_acquire(&bind_code_temp).unwrap();
+            bind_result = DeviceManage::bind_acquire(&bind_code_temp, "unbound").unwrap();
         } else if check_result.as_str().eq("bound_other") {
-            bind_result = DeviceManage::bind_acquire(&bind_code).unwrap();
+            bind_result = DeviceManage::bind_acquire(&bind_code, "unbound").unwrap();
         } else {
             ();
         }
@@ -307,4 +321,14 @@ mod test {
         let auth_code = "PVU3FY64".to_string();
         assert!(auth_code_encrypt(&auth_code).is_ok());
     }
+
+    #[test]
+    fn test_invalid_bind_status() {
+        assert!(hid_connect("imKey Pro").is_ok());
+        let bind_result = DeviceManage::bind_acquire(&TEST_BIND_CODE, "invalid_bind_status");
+        assert_eq!(
+            bind_result.err().unwrap().to_string(),
+            "imkey_invalid_bind_status"
+        );
+    }
 }
diff --git a/imkey-core/ikc-device/src/device_manager.rs b/imkey-core/ikc-device/src/device_manager.rs
@@ -199,8 +199,8 @@ pub fn bind_display_code() -> Result<()> {
     DeviceManage::display_bind_code()
 }
 
-pub fn bind_acquire(bind_code: &str) -> Result<String> {
-    DeviceManage::bind_acquire(&bind_code.to_string())
+pub fn bind_acquire(bind_code: &str, bind_status: &str) -> Result<String> {
+    DeviceManage::bind_acquire(&bind_code.to_string(), bind_status)
 }
 
 #[cfg(any(target_os = "macos", target_os = "windows", target_os = "linux"))]

diff --git a/imkey-core/ikc-device/src/deviceapi.rs b/imkey-core/ikc-device/src/deviceapi.rs
@@ -70,6 +70,8 @@ pub struct BindCheckRes {
 pub struct BindAcquireReq {
     #[prost(string, tag = "1")]
     pub bind_code: ::prost::alloc::string::String,
+    #[prost(string, tag = "2")]
+    pub bind_status: ::prost::alloc::string::String,
 }
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]

diff --git a/imkey-core/ikc-device/src/error.rs b/imkey-core/ikc-device/src/error.rs
@@ -62,4 +62,6 @@ pub enum BindError {
     ImkeySaveKeyFileFail,
     #[error("imkey_authcode_error")]
     ImkeyAuthcodeError,
+    #[error("imkey_invalid_bind_status")]
+    ImkeyInvalidBindStatus,
 }
diff --git a/imkey-core/ikc-proto/src/device.proto b/imkey-core/ikc-proto/src/device.proto
@@ -45,6 +45,7 @@ message BindCheckRes {
 
 message BindAcquireReq {
     string bind_code = 1;
+    string bind_status = 2;
 }
 
 message BindAcquireRes {

diff --git a/imkey-core/ikc/src/device_manager.rs b/imkey-core/ikc/src/device_manager.rs
@@ -169,7 +169,8 @@ pub fn bind_display_code() -> Result<Vec<u8>> {
 
 pub fn bind_acquire(data: &[u8]) -> Result<Vec<u8>> {
     let bind_acquire: BindAcquireReq = BindAcquireReq::decode(data).expect("imkey_illegal_param");
-    let bind_result = device_manager::bind_acquire(&bind_acquire.bind_code)?;
+    let bind_result =
+        device_manager::bind_acquire(&bind_acquire.bind_code, &bind_acquire.bind_status)?;
     let response_msg = BindAcquireRes { bind_result };
     encode_message(response_msg)
 }