From 7bcbf6e5fd6b49283f6c01a388848872fc6eff8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Mon, 19 May 2025 20:04:11 +0800 Subject: [PATCH 1/7] =?UTF-8?q?=E8=AE=BE=E5=A4=87=E8=AF=81=E4=B9=A6?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- bundle.json | 2 + common/include/dm_constants.h | 1 + common/src/dm_constants.cpp | 3 +- sa_profile/device_manager.cfg | 8 +- services/implementation/BUILD.gn | 11 ++ .../include/attest/dm_auth_attest_common.h | 57 +++++++ .../include/attest/dm_auth_generate_attest.h | 40 +++++ .../include/attest/dm_auth_validate_attest.h | 41 +++++ .../include/authentication_v2/auth_manager.h | 4 + .../authentication_v2/dm_auth_context.h | 2 + .../authentication_v2/dm_auth_manager_base.h | 4 + .../src/attest/dm_auth_attest_common.cpp | 147 ++++++++++++++++++ .../src/attest/dm_auth_generate_attest.cpp | 98 ++++++++++++ .../src/attest/dm_auth_validate_attest.cpp | 126 +++++++++++++++ .../src/authentication_v2/auth_manager.cpp | 56 ++++++- .../auth_stages/auth_negotiate.cpp | 35 +++++ .../dm_auth_manager_base.cpp | 4 + .../dm_auth_message_processor.cpp | 11 ++ .../BUILD.gn | 2 + .../dmauthmanagerv2_fuzzer/BUILD.gn | 2 + .../ondatareceivedv2_fuzzer/BUILD.gn | 2 + test/unittest/BUILD.gn | 16 ++ 22 files changed, 667 insertions(+), 5 deletions(-) create mode 100644 services/implementation/include/attest/dm_auth_attest_common.h create mode 100644 services/implementation/include/attest/dm_auth_generate_attest.h create mode 100644 services/implementation/include/attest/dm_auth_validate_attest.h create mode 100644 services/implementation/src/attest/dm_auth_attest_common.cpp create mode 100644 services/implementation/src/attest/dm_auth_generate_attest.cpp create mode 100644 services/implementation/src/attest/dm_auth_validate_attest.cpp diff --git a/bundle.json b/bundle.json index aee20468f..d3739da58 100644 --- a/bundle.json +++ b/bundle.json @@ -37,6 +37,7 @@ "common_event_service", "data_share", "device_auth", + "device_certificate_manager", "device_info_manager", "dsoftbus", "eventhandler", @@ -45,6 +46,7 @@ "hisysevent", "hitrace", "hilog", + "huks", "init", "ipc", "json", diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 9de251c63..f9525bf8c 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -182,6 +182,7 @@ extern const char* DM_VERSION_5_0_3; extern const char* DM_VERSION_5_0_4; extern const char* DM_VERSION_5_0_5; extern const char* DM_VERSION_5_1_0; +extern const char* DM_VERSION_5_1_1; extern const char* DM_CURRENT_VERSION; extern const char* DM_VERSION_5_0_OLD_MAX; // Estimated highest version number of the old version } // namespace DistributedHardware diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index feb239eed..33867b48b 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -170,7 +170,8 @@ const char* DM_VERSION_5_0_3 = "5.0.3"; const char* DM_VERSION_5_0_4 = "5.0.4"; const char* DM_VERSION_5_0_5 = "5.0.5"; const char* DM_VERSION_5_1_0 = "5.1.0"; -const char* DM_CURRENT_VERSION = DM_VERSION_5_1_0; +const char* DM_VERSION_5_1_1 = "5.1.1"; +const char* DM_CURRENT_VERSION = DM_VERSION_5_1_1; // 看改变后的影响 const char* DM_VERSION_5_0_OLD_MAX = "5.0.99"; // Estimated highest version number of the old version } // namespace DistributedHardware } // namespace OHOS \ No newline at end of file diff --git a/sa_profile/device_manager.cfg b/sa_profile/device_manager.cfg index 35104cf5a..7a1fa625b 100644 --- a/sa_profile/device_manager.cfg +++ b/sa_profile/device_manager.cfg @@ -40,11 +40,15 @@ "ohos.permission.ALLOW_CONNECT_CAR", "ohos.permission.ACCESS_SERVICE_DP", "ohos.permission.ACCESS_SENSING_WITH_ULTRASOUND", - "ohos.permission.ACCESS_DEVAUTH_CRED_PRIVILEGE" + "ohos.permission.ACCESS_DEVAUTH_CRED_PRIVILEGE", + "ohos.permission.ACCESS_IDS", + "ohos.permission.sec.ACCESS_UDID" ], "permission_acls" : [ "ohos.permission.MANAGE_SOFTBUS_NETWORK", - "ohos.permission.ACCESS_DEVAUTH_CRED_PRIVILEGE" + "ohos.permission.ACCESS_DEVAUTH_CRED_PRIVILEGE", + "ohos.permission.ACCESS_IDS", + "ohos.permission.sec.ACCESS_UDID" ], "jobs" : { "on-start" : "service:device_manager" diff --git a/services/implementation/BUILD.gn b/services/implementation/BUILD.gn index d3ec32d92..506217b00 100644 --- a/services/implementation/BUILD.gn +++ b/services/implementation/BUILD.gn @@ -114,6 +114,7 @@ if (defined(ohos_lite)) { "include", "include/config", "include/adapter", + "include/attest", "include/authentication", "include/authentication_v2", "include/ability", @@ -236,12 +237,14 @@ if (defined(ohos_lite)) { "c_utils:utils", "common_event_service:cesfwk_innerkits", "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", "eventhandler:libeventhandler", "ffrt:libffrt", "hilog:libhilog", + "huks:libhukssdk", "init:libbegetutil", "ipc:ipc_core", "mbedtls:mbedtls_shared", @@ -269,6 +272,14 @@ if (defined(ohos_lite)) { external_deps += [ "spatial_awareness:spatial_awareness_client" ] } + if (!device_manager_common) { + sources += [ + "src/attest/dm_auth_attest_common.cpp", + "src/attest/dm_auth_generate_attest.cpp", + "src/attest/dm_auth_validate_attest.cpp", + ] + } + subsystem_name = "distributedhardware" part_name = "device_manager" diff --git a/services/implementation/include/attest/dm_auth_attest_common.h b/services/implementation/include/attest/dm_auth_attest_common.h new file mode 100644 index 000000000..4568b7d05 --- /dev/null +++ b/services/implementation/include/attest/dm_auth_attest_common.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_DM_AUTH_ATTEST_COMMON_H +#define OHOS_DM_AUTH_ATTEST_COMMON_H + +#define DM_CERTS_COUNT 4 +#define UDID_BUF_LEN 65 +#define DM_CERTIFICATE_SIZE 8192 + +#include +#include + +#include "dm_auth_manager_base.h" +#include "dm_crypto.h" +#include "dm_random.h" +#include "json_object.h" + +namespace OHOS { +namespace DistributedHardware { + +typedef struct DmBlob { + uint32_t size; + uint8_t *data; +} DmBlob; + +typedef struct DmCertChain { + DmBlob *cert; + uint32_t certCount; +} DmCertChain; + +class AuthAttestCommon { +public: + static AuthAttestCommon &GetInstance(void) + { + static AuthAttestCommon instance; + return instance; + } + + std::string SerializeDmCertChain(const DmCertChain* chain); + bool DeserializeDmCertChain(const std::string& data, DmCertChain* outChain); +}; +} // namespace DistributedHardware +} // namespace OHOS +#endif // OHOS_DM_AUTH_ATTEST_COMMON_H \ No newline at end of file diff --git a/services/implementation/include/attest/dm_auth_generate_attest.h b/services/implementation/include/attest/dm_auth_generate_attest.h new file mode 100644 index 000000000..2e4f02e69 --- /dev/null +++ b/services/implementation/include/attest/dm_auth_generate_attest.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_DM_AUTH_GENERATE_ATTEST_H +#define OHOS_DM_AUTH_GENERATE_ATTEST_H + +#include "dm_auth_attest_common.h" + +#include "dcm_api.h" +#include "dcm_type.h" + +namespace OHOS { +namespace DistributedHardware { +class AuthGenerateAttest { +public: + static AuthGenerateAttest &GetInstance(void) + { + static AuthGenerateAttest instance; + return instance; + } + + int32_t GenerateCertificate(DmCertChain &dmCertChain); + int32_t ConvertDcmCertChainToDmCertChain(DcmCertChain &dcmCertChain, DmCertChain &dmCertChain); + int32_t InitCertChain(DcmCertChain *certChain); +}; +} // namespace DistributedHardware +} // namespace OHOS +#endif // OHOS_DM_AUTH_GENERATE_ATTEST_H \ No newline at end of file diff --git a/services/implementation/include/attest/dm_auth_validate_attest.h b/services/implementation/include/attest/dm_auth_validate_attest.h new file mode 100644 index 000000000..4712d2317 --- /dev/null +++ b/services/implementation/include/attest/dm_auth_validate_attest.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_DM_AUTH_VALIDATE_ATTEST_H +#define OHOS_DM_AUTH_VALIDATE_ATTEST_H + +#include "dm_auth_attest_common.h" + +#include "hks_api.h" +#include "hks_param.h" +#include "hks_type.h" + +namespace OHOS { +namespace DistributedHardware { +class AuthValidateAttest { +public: + static AuthValidateAttest &GetInstance(void) + { + static AuthValidateAttest instance; + return instance; + } + + int32_t VerifyCertificate(DmCertChain &dmCertChain, const char* deviceUdid); + int32_t ConvertDmCertChainToHksCertChain(DmCertChain &dmCertChain, HksCertChain &hksCertChain); + int32_t FillHksParamSet(struct HksParamSet **paramSet, struct HksParam *param, int32_t paramNums); +}; +} // namespace DistributedHardware +} // namespace OHOS +#endif // OHOS_DM_AUTH_VALIDATE_ATTEST_H \ No newline at end of file diff --git a/services/implementation/include/authentication_v2/auth_manager.h b/services/implementation/include/authentication_v2/auth_manager.h index 2767c79b4..c68b7c883 100644 --- a/services/implementation/include/authentication_v2/auth_manager.h +++ b/services/implementation/include/authentication_v2/auth_manager.h @@ -25,6 +25,10 @@ #include "json_object.h" #include "softbus_connector.h" #include "softbus_session.h" +#if !defined(DEVICE_MANAGER_COMMON_FLAG) +#include "dm_auth_generate_attest.h" +#include "dm_auth_validate_attest.h" +#endif namespace OHOS { namespace DistributedHardware { diff --git a/services/implementation/include/authentication_v2/dm_auth_context.h b/services/implementation/include/authentication_v2/dm_auth_context.h index 71e5d3f45..694a26c86 100644 --- a/services/implementation/include/authentication_v2/dm_auth_context.h +++ b/services/implementation/include/authentication_v2/dm_auth_context.h @@ -217,6 +217,8 @@ struct DmAuthContext { DmAccess accesser; DmAccess accessee; std::multimap proxy; // Multimap where the key is the accessor and the value is the accesssee + std::string cert; + bool isBlueFlag{false}; std::shared_ptr authStateMachine; std::shared_ptr authUiStateMgr; diff --git a/services/implementation/include/authentication_v2/dm_auth_manager_base.h b/services/implementation/include/authentication_v2/dm_auth_manager_base.h index e19793aa6..91e759b48 100644 --- a/services/implementation/include/authentication_v2/dm_auth_manager_base.h +++ b/services/implementation/include/authentication_v2/dm_auth_manager_base.h @@ -75,6 +75,10 @@ extern const char* WAIT_NEGOTIATE_TIMEOUT_TASK; extern const char* ADD_TIMEOUT_TASK; extern const char* WAIT_SESSION_CLOSE_TIMEOUT_TASK; extern const char* CLOSE_SESSION_TASK_SEPARATOR; +extern const char* TAG_DM_CERT_CHAIN; +extern const char* TAG_CERT_COUNT; +extern const char* TAG_CERT; +extern const char* TAG_IS_BLUE_FLAG; extern const int32_t AUTHENTICATE_TIMEOUT; extern const int32_t CONFIRM_TIMEOUT; diff --git a/services/implementation/src/attest/dm_auth_attest_common.cpp b/services/implementation/src/attest/dm_auth_attest_common.cpp new file mode 100644 index 000000000..5480912cd --- /dev/null +++ b/services/implementation/src/attest/dm_auth_attest_common.cpp @@ -0,0 +1,147 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#include "dm_auth_attest_common.h" + +#include "dm_error_type.h" +#include "dm_log.h" + +namespace OHOS { +namespace DistributedHardware { + +const int32_t MAX_CERT_COUNT = 1024; +constexpr int32_t HEX_TO_UINT8 = 2; + +std::string AuthAttestCommon::SerializeDmCertChain(const DmCertChain* chain) +{ + if (!chain || !chain->cert || chain->certCount == 0) { + return "{}"; + } + JsonObject jsonObject; + jsonObject[TAG_CERT_COUNT] = chain->certCount; + std::vector certStrings; + JsonObject jsonArrayObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY); + for (uint32_t i = 0; i < chain->certCount; ++i) { + const DmBlob& blob = chain->cert[i]; + if (!blob.data || blob.size == 0) { + return "{}"; + } + const uint32_t hexLen = blob.size * HEX_TO_UINT8 + 1; // 2*blob.size + 1 + char* hexBuffer = new char[hexLen]; + if (!hexBuffer) { + return "{}"; + } + int32_t ret = Crypto::ConvertBytesToHexString(hexBuffer, hexLen, blob.data, blob.size); + if (ret != DM_OK) { + delete[] hexBuffer; + return "{}"; + } + hexBuffer[blob.size * HEX_TO_UINT8] = '\0'; + certStrings.emplace_back(hexBuffer, hexLen); + jsonArrayObj.PushBack(std::string(hexBuffer)); + delete[] hexBuffer; + } + jsonObject.Insert(TAG_CERT, jsonArrayObj); + return jsonObject.Dump(); +} + +bool ValidateInputJson(const std::string& data) +{ + JsonObject jsonObject; + jsonObject.Parse(data); + if (!jsonObject.Contains(TAG_CERT_COUNT) || !jsonObject.Contains(TAG_CERT)) { + LOGE("DeserializeDmCertChain: Missing required fields 'certCount' or 'cert'"); + return false; + } + const uint32_t certCount = jsonObject[TAG_CERT_COUNT].Get(); + if (certCount == 0 || certCount > MAX_CERT_COUNT) { + LOGE("DeserializeDmCertChain: Invalid certCount value %{public}u", certCount); + return false; + } + return true; +} + + bool ProcessCertItem(const JsonItemObject& item, DmBlob& cert, uint32_t processedIndex) + { + std::string hexStr = item.Get(); + LOGI("DeserializeDmCertChain hexStr=%{public}s.", hexStr.c_str()); + const size_t hexLen = hexStr.length(); + if (hexLen == 0 || hexLen % HEX_TO_UINT8 != 0) { + LOGE("DeserializeDmCertChain: Invalid HEX length %{public}zu at index %{public}u", hexLen, processedIndex); + return false; + } + const uint32_t binSize = hexLen / HEX_TO_UINT8; + cert.data = new uint8_t[binSize]; + if (cert.data == nullptr) { + LOGE("DeserializeDmCertChain: Data allocation failed at index %{public}u", processedIndex); + return false; + } + int32_t ret = Crypto::ConvertHexStringToBytes(cert.data, binSize, hexStr.c_str(), hexLen); + if (ret != DM_OK) { + LOGE("DeserializeDmCertChain: HEX conversion failed at index %{public}u, ret = %{public}d", + processedIndex, ret); + delete[] cert.data; + cert.data = nullptr; + return false; + } + cert.size = binSize; + return true; +} + +bool AuthAttestCommon::DeserializeDmCertChain(const std::string& data, DmCertChain* outChain) +{ + if (!outChain || data.empty() || !ValidateInputJson(data)) { + LOGE("Invalid input"); + return false; + } + JsonObject jsonObject; + jsonObject.Parse(data); + const uint32_t certCount = jsonObject[TAG_CERT_COUNT].Get(); + JsonObject jsonArrayObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY); + jsonArrayObj.Parse(jsonObject[TAG_CERT].Dump()); + DmBlob* certs = new DmBlob[certCount]; + if (certs == nullptr) { + LOGE("DeserializeDmCertChain: Memory allocation failed for certs array"); + return false; + } + memset_s(certs, sizeof(DmBlob) * certCount, 0, sizeof(DmBlob) * certCount); + bool success = true; + uint32_t processedIndex = 0; + for (const auto& item : jsonArrayObj.Items()) { + if (!ProcessCertItem(item, certs[processedIndex], processedIndex)) { + success = false; + break; + } + processedIndex++; + } + if (!success) { + for (uint32_t i = 0; i < processedIndex; ++i) { + delete[] certs[i].data; + } + delete[] certs; + return false; + } + if (outChain->cert != nullptr) { + for (uint32_t i = 0; i < outChain->certCount; ++i) { + delete[] outChain->cert[i].data; + } + delete[] outChain->cert; + } + outChain->cert = certs; + outChain->certCount = certCount; + return true; +} +} // namespace DistributedHardware +} // namespace OHOS \ No newline at end of file diff --git a/services/implementation/src/attest/dm_auth_generate_attest.cpp b/services/implementation/src/attest/dm_auth_generate_attest.cpp new file mode 100644 index 000000000..7f9ab86dd --- /dev/null +++ b/services/implementation/src/attest/dm_auth_generate_attest.cpp @@ -0,0 +1,98 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#include "dm_auth_generate_attest.h" + +#include "dm_error_type.h" +#include "dm_log.h" + +namespace OHOS { +namespace DistributedHardware { + +constexpr uint64_t MIN_DCM_RANDOM = 0; +constexpr uint64_t MAX_DCM_RANDOM = 9999999999; + +int32_t AuthGenerateAttest::GenerateCertificate(DmCertChain &dmCertChain) +{ + LOGI("GenerateCertificate Start"); + DcmIdType ids[] = { DCM_ID_TYPE_UDID }; + uint64_t randomNum = GenRandLongLong(MIN_DCM_RANDOM, MAX_DCM_RANDOM); + LOGI("GenerateCertificate randomNum=%{public}lu", randomNum); + DcmBlob challengeBlob = {sizeof(randomNum), (uint8_t *)& randomNum}; + DcmCertChain* dcmCertChain = new DcmCertChain(); + InitCertChain(dcmCertChain); + int32_t ret = DcmAttestIdsEx(ids, sizeof(ids)/sizeof(ids[0]), &challengeBlob, DCM_CERT_TYPE_ROOT_V2, dcmCertChain); + if (ret != DCM_SUCCESS) { + LOGE("DcmAttestIdsEx fail, ret=%{public}d", ret); + return ret; + } + LOGI("DcmCertChain certCount=%{public}d, blob.size=%{public}d, blod.data=%{public}s", dcmCertChain -> certCount, + (*dcmCertChain -> cert).size, (*dcmCertChain->cert).data); + ret = ConvertDcmCertChainToDmCertChain(*dcmCertChain, dmCertChain); + if (ret != DM_OK) { + LOGE("covertToSoftbusCertChain fail. ret=%{public}d", ret); + return ret; + } + return 0; +} + +int32_t AuthGenerateAttest::InitCertChain(DcmCertChain *certChain) +{ + certChain->certCount = DM_CERTS_COUNT; + certChain->cert = new DcmBlob[certChain->certCount]; + for (uint32_t i = 0; i < certChain->certCount; ++i) { + certChain->cert[i].size = DM_CERTIFICATE_SIZE; + certChain->cert[i].data = new uint8_t[DM_CERTIFICATE_SIZE]; + } + return DM_OK; +} + +void FreeCertChain(DcmCertChain* chain) +{ + if (!chain) { + return; + } + for (uint32_t i = 0; i < chain->certCount; ++i) { + delete[] chain->cert[i].data; + chain->cert[i].data = nullptr; + } + delete[] chain->cert; + chain->cert = nullptr; + delete chain; +} + +int32_t AuthGenerateAttest::ConvertDcmCertChainToDmCertChain(DcmCertChain &dcmCertChain, DmCertChain &dmCertChain) +{ + LOGI("ConvertDcmCertChainToDmCertChain start!"); + dmCertChain.certCount = dcmCertChain.certCount; + if (dcmCertChain.certCount > 0) { + dmCertChain.cert = new DmBlob[dcmCertChain.certCount]; + for (uint32_t i = 0; i < dcmCertChain.certCount; ++i) { + dmCertChain.cert[i].size = dcmCertChain.cert[i].size; + if (dcmCertChain.cert[i].size > 0 && dcmCertChain.cert[i].data != nullptr) { + dmCertChain.cert[i].data = new uint8_t[dcmCertChain.cert[i].size]; + memcpy_s(dmCertChain.cert[i].data, dmCertChain.cert[i].size, + dcmCertChain.cert[i].data, dcmCertChain.cert[i].size); + } else { + dmCertChain.cert[i].data = nullptr; + } + } + } else { + dmCertChain.cert = nullptr; + } + return DM_OK; +} +} // namespace DistributedHardware +} // namespace OHOS \ No newline at end of file diff --git a/services/implementation/src/attest/dm_auth_validate_attest.cpp b/services/implementation/src/attest/dm_auth_validate_attest.cpp new file mode 100644 index 000000000..4824468e5 --- /dev/null +++ b/services/implementation/src/attest/dm_auth_validate_attest.cpp @@ -0,0 +1,126 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dm_auth_validate_attest.h" + +#include "dm_error_type.h" +#include "dm_log.h" + +namespace OHOS { +namespace DistributedHardware { + +int32_t AuthValidateAttest::VerifyCertificate(DmCertChain &dmCertChain, const char* deviceIdHash) +{ + LOGI("VerifyCertificate start!"); + char udidStr[UDID_BUF_LEN] = {0}; + uint64_t randNum = 0; + HksCertChain hksCertChain; + int32_t ret = ConvertDmCertChainToHksCertChain(dmCertChain, hksCertChain); + if (ret != DM_OK) { + LOGE("ConvertDmCertChainToHksCertChain fail, ret=%{public}d", ret); + return ret; + } + HksParamSet *outputParam = NULL; + HksParam outputData[] = { + {.tag = HKS_TAG_ATTESTATION_CHALLENGE, .blob = {sizeof(uint64_t), (uint8_t *)&randNum}}, + {.tag = HKS_TAG_ATTESTATION_ID_UDID, .blob = {UDID_BUF_LEN, (uint8_t *)udidStr}}, + }; + ret = FillHksParamSet(&outputParam, outputData, sizeof(outputData) / sizeof(outputData[0])); + if (ret != DM_OK) { + LOGE("FillHksParamSet failed, ret=%{public}d", ret); + return ERR_DM_FAILED; + } + ret = HksValidateCertChain(&hksCertChain, outputParam); + if (ret != HKS_SUCCESS) { + LOGE("HksValidateCertChain fail, ret=%{public}d", ret); + return ret; + } + uint32_t cnt = 0; + HksBlob *blob = &outputParam->params[cnt].blob; + if (memcpy_s(&randNum, sizeof(uint64_t), blob->data, blob->size) != EOK) { + LOGE("memcpy randNum failed"); + return ERR_DM_FAILED; + } + LOGI("randNum = %{public}lu", randNum); + blob = &outputParam->params[++cnt].blob; + if (memcpy_s(udidStr, UDID_BUF_LEN, blob->data, blob->size) != EOK) { + LOGE("memcpy udidStr failed"); + return ERR_DM_FAILED; + } + LOGI("zhengshu de udid Str = %{public}s", udidStr); + std::string certDeviceIdHash = Crypto::GetUdidHash(std::string(udidStr)); + LOGI("zhengshu de certDeviceIdHash = %{public}s", certDeviceIdHash.c_str()); + LOGI("baowen chuanguolai deviceIdHash = %{public}s", deviceIdHash); + if (strcmp(deviceIdHash, certDeviceIdHash.c_str()) != 0) { + LOGE("verifyCertificate fail"); + return ERR_DM_FAILED; + } + return DM_OK; +} + +int32_t AuthValidateAttest::FillHksParamSet(HksParamSet **paramSet, HksParam *param, int32_t paramNums) +{ + if (param == NULL) { + LOGE("param is null"); + return ERR_DM_INPUT_PARA_INVALID; + } + int32_t ret = HksInitParamSet(paramSet); + if (ret != HKS_SUCCESS) { + LOGE("HksInitParamSet failed, hks ret = %{public}d", ret); + return ERR_DM_FAILED; + } + ret = HksAddParams(*paramSet, param, paramNums); + if (ret != HKS_SUCCESS) { + LOGE("HksAddParams failed, hks ret = %{public}d", ret); + HksFreeParamSet(paramSet); + return ERR_DM_FAILED; + } + ret = HksBuildParamSet(paramSet); + if (ret != HKS_SUCCESS) { + LOGE("HksBuildParamSet failed, hks ret = %{public}d", ret); + HksFreeParamSet(paramSet); + return ERR_DM_FAILED; + } + return DM_OK; +} + +int32_t AuthValidateAttest::ConvertDmCertChainToHksCertChain(DmCertChain &dmCertChain, HksCertChain &hksCertChain) +{ + if (dmCertChain.certCount == 0 || dmCertChain.cert == nullptr) { + return ERR_DM_INPUT_PARA_INVALID; + } + hksCertChain.certsCount = dmCertChain.certCount; + hksCertChain.certs = new HksBlob[hksCertChain.certsCount]; + const size_t totalSize = sizeof(HksBlob) * hksCertChain.certsCount; + memset_s(hksCertChain.certs, totalSize, 0, totalSize); + for (uint32_t i = 0; i < hksCertChain.certsCount; ++i) { + if (dmCertChain.cert[i].data == nullptr || dmCertChain.cert[i].size == 0) { + return ERR_DM_FAILED; + } + hksCertChain.certs[i].size = dmCertChain.cert[i].size; + hksCertChain.certs[i].data = new uint8_t[hksCertChain.certs[i].size]; + if (hksCertChain.certs[i].data == nullptr) { + return ERR_DM_MALLOC_FAILED; + } + if (memcpy_s(hksCertChain.certs[i].data, hksCertChain.certs[i].size, + dmCertChain.cert[i].data, dmCertChain.cert[i].size) != 0) { + LOGE("memcpy cert data failed"); + return ERR_DM_FAILED; + } + } + return DM_OK; +} +} // namespace DistributedHardware +} // namespace OHOS \ No newline at end of file diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 97f29240d..a05bbbb65 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -130,8 +130,8 @@ AuthManager::AuthManager(std::shared_ptr softbusConnector, context_->authenticationMap[AUTH_TYPE_PIN_ULTRASONIC] = nullptr; context_->authenticationMap[AUTH_TYPE_NFC] = nullptr; context_->authenticationMap[AUTH_TYPE_CRE] = nullptr; - context_->accesser.dmVersion = DM_VERSION_5_1_0; - context_->accessee.dmVersion = DM_VERSION_5_1_0; + context_->accesser.dmVersion = DM_VERSION_5_1_1; + context_->accessee.dmVersion = DM_VERSION_5_1_1; context_->timer = std::make_shared(); context_->authMessageProcessor = std::make_shared(); } @@ -619,6 +619,57 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } +std::string GenerateCertificate() +{ +#ifdef DEVICE_MANAGER_COMMON_FLAG + context_->isBlueFlag = true; + LOGI("Blue device do not generate cert!"); + return ""; +#else + DmCertChain dmCertChain; + LOGI("generate cert start"); + int32_t certRet = AuthGenerateAttest::GetInstance().GenerateCertificate(dmCertChain); + LOGI("generate cert end"); + if (certRet != DM_OK) { + LOGE("generate cert fail, certRet = %{public}d", certRet); + return ""; + } + LOGI("dmCertChain certCount=%{public}d, blob.size=%{public}d, blod.data=%{public}s", dmCertChain.certCount, + (*dmCertChain.cert).size, (*dmCertChain.cert).data); + // 序列化 + std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + LOGI("SerializeDmCertChain cert = %{public}s", cert.c_str()); + // 反序列化 + DmCertChain dmCertChainDeserialize{nullptr, 0}; + AuthAttestCommon::GetInstance().DeserializeDmCertChain(cert, &dmCertChainDeserialize); + LOGI("dmCertChainDeserialize certCount=%{public}d, blob.size=%{public}d, blod.data=%{public}s", + dmCertChainDeserialize.certCount, (*dmCertChainDeserialize.cert).size, (*dmCertChainDeserialize.cert).data); + // 校验数据 + bool valid = true; + if (dmCertChainDeserialize.certCount != dmCertChain.certCount) { + LOGI("verify error 1!"); + valid = false; + } else { + for (uint32_t i = 0; i < dmCertChainDeserialize.certCount; ++i) { + if (dmCertChainDeserialize.cert[i].size != dmCertChain.cert[i].size) { + LOGI("verify error 2!"); + valid = false; + } else { + for (uint32_t j = 0; j < dmCertChainDeserialize.cert[i].size; ++j) { + if (dmCertChainDeserialize.cert[i].data[j] != dmCertChain.cert[i].data[j]) { + LOGI("verify error 3!"); + valid = false; + break; + } + } + } + } + } + LOGI("valid = %{public}d", valid); + return cert; +#endif +} + int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId &targetId, const std::map &bindParam, int sessionId, uint64_t logicalSessionId) { @@ -660,6 +711,7 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & return ERR_DM_INPUT_PARA_INVALID; } + context_->cert = GenerateCertificate(); // 证书生成 context_->sessionId = sessionId; context_->logicalSessionId = logicalSessionId; context_->requestId = static_cast(logicalSessionId); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp index 3da6b139d..f0b99df27 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp @@ -178,6 +178,35 @@ int32_t AuthSinkNegotiateStateMachine::ProcRespNegotiate5_1_0(std::shared_ptr context) +{ +#ifdef DEVICE_MANAGER_COMMON_FLAG + LOGI("Blue device do not verify cert!"); + return DM_OK; +#else + // verify cert, 任何一端低于5.1.1都不校验证书 + if (!CompareVersion(context->accesser.dmVersion, DM_VERSION_5_1_0) + || !CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_0) || context->isBlueFlag) { + LOGI("cert verify is not supported"); + return DM_OK; + } + LOGI("AuthSinkNegotiateStateMachine::Action cert = %{public}s", context->cert.c_str()); + DmCertChain dmCertChain{nullptr, 0}; + AuthAttestCommon::GetInstance().DeserializeDmCertChain(context->cert, &dmCertChain); + LOGI("validate cert start"); + char localDeviceId[DEVICE_UUID_LENGTH] = {0}; + GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH); + // context->accesser.deviceIdHash 对端udidHash + int32_t certRet = AuthValidateAttest::GetInstance() + .VerifyCertificate(dmCertChain, context->accesser.deviceIdHash.c_str()); + LOGI("validate cert end"); + if (certRet != DM_OK) { + LOGE("validate cert fail, certRet = %{public}d", certRet); + } + return certRet; +#endif +} + int32_t AuthSinkNegotiateStateMachine::Action(std::shared_ptr context) { LOGI("AuthSinkNegotiateStateMachine::Action sessionid %{public}d", context->sessionId); @@ -207,6 +236,12 @@ int32_t AuthSinkNegotiateStateMachine::Action(std::shared_ptr con context->reason = ret; return ret; } + ret = VerifyCertificate(context); // 证书校验,失败则返回 + if (ret != DM_OK) { + LOGE("AuthSinkNegotiateStateMachine::Action cert verify fail!"); + context->reason = ret; + return ret; + } context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_RESP_ACL_NEGOTIATE, context); context->timer->StartTimer(std::string(WAIT_REQUEST_TIMEOUT_TASK), DmAuthState::GetTaskTimeout(context, WAIT_REQUEST_TIMEOUT_TASK, WAIT_REQUEST_TIMEOUT), diff --git a/services/implementation/src/authentication_v2/dm_auth_manager_base.cpp b/services/implementation/src/authentication_v2/dm_auth_manager_base.cpp index dab0d68fb..3519ded5b 100644 --- a/services/implementation/src/authentication_v2/dm_auth_manager_base.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_manager_base.cpp @@ -77,6 +77,10 @@ const char* GET_ULTRASONIC_PIN_TIMEOUT_TASK = "deviceManagerTimer:getUltrasonicP const char* ADD_TIMEOUT_TASK = "deviceManagerTimer:add"; const char* WAIT_SESSION_CLOSE_TIMEOUT_TASK = "deviceManagerTimer:waitSessionClose"; const char* CLOSE_SESSION_TASK_SEPARATOR = "#"; +const char* TAG_DM_CERT_CHAIN = "dmCertChain"; +const char* TAG_CERT_COUNT = "certCount"; +const char* TAG_CERT = "cert"; +const char* TAG_IS_BLUE_FLAG = "isBlueFlag"; const int32_t AUTHENTICATE_TIMEOUT = 120; const int32_t CONFIRM_TIMEOUT = 60; diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 38427822c..d6d58a2ea 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -653,6 +653,9 @@ int32_t DmAuthMessageProcessor::CreateNegotiateMessage(std::shared_ptraccessee.displayId; jsonObject[TAG_PEER_PKG_NAME] = context->accessee.pkgName; jsonObject[TAG_HOST_PKGLABEL] = context->pkgLabel; + LOGI("DmAuthMessageProcessor::CreateNegotiateMessage cert = %{public}s", context->cert.c_str()); + jsonObject[TAG_DM_CERT_CHAIN] = context->cert; + jsonObject[TAG_IS_BLUE_FLAG] = context->isBlueFlag; return DM_OK; } @@ -1038,6 +1041,14 @@ void DmAuthMessageProcessor::ParseUltrasonicSide( } else { context->ultrasonicInfo = DmUltrasonicInfo::DM_Ultrasonic_Invalid; } + LOGI("ParseNegotiateMessage TAG_DM_CERT_CHAIN START!"); + if (IsString(jsonObject, TAG_DM_CERT_CHAIN)) { + context->cert = jsonObject[TAG_DM_CERT_CHAIN].Get(); + LOGI("ParseNegotiateMessage context->cert = %{public}s", context->cert.c_str()); + } + if (jsonObject[TAG_IS_BLUE_FLAG].IsBoolean()) { + context->isBlueFlag = jsonObject[TAG_IS_BLUE_FLAG].Get(); + } } int32_t DmAuthMessageProcessor::ParseMessageRespAclNegotiate(const JsonObject &jsonObject, diff --git a/test/commonfuzztest/authenticatedeviceserviceimpl_fuzzer/BUILD.gn b/test/commonfuzztest/authenticatedeviceserviceimpl_fuzzer/BUILD.gn index 6a4dccbc0..22815d122 100644 --- a/test/commonfuzztest/authenticatedeviceserviceimpl_fuzzer/BUILD.gn +++ b/test/commonfuzztest/authenticatedeviceserviceimpl_fuzzer/BUILD.gn @@ -75,11 +75,13 @@ ohos_fuzztest("AuthenticateDeviceServiceImplFuzzTest") { "access_token:libtoken_setproc", "cJSON:cjson", "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", "ffrt:libffrt", "hilog:libhilog", + "huks:libhukssdk", "init:libbegetutil", "ipc:ipc_single", "safwk:system_ability_fwk", diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn b/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn index fb2de39ca..3b1b9ca3c 100644 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn +++ b/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn @@ -54,11 +54,13 @@ ohos_fuzztest("DmAuthManagerV2FuzzTest") { external_deps = [ "cJSON:cjson", "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", "ffrt:libffrt", "hilog:libhilog", + "huks:libhukssdk", "init:libbegetutil", "ipc:ipc_single", "safwk:system_ability_fwk", diff --git a/test/commonfuzztest/ondatareceivedv2_fuzzer/BUILD.gn b/test/commonfuzztest/ondatareceivedv2_fuzzer/BUILD.gn index b81e1b472..9bcbb88f4 100644 --- a/test/commonfuzztest/ondatareceivedv2_fuzzer/BUILD.gn +++ b/test/commonfuzztest/ondatareceivedv2_fuzzer/BUILD.gn @@ -53,11 +53,13 @@ ohos_fuzztest("OnDataReceivedV2FuzzTest") { external_deps = [ "cJSON:cjson", "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", "ffrt:libffrt", "hilog:libhilog", + "huks:libhukssdk", "init:libbegetutil", "ipc:ipc_single", "safwk:system_ability_fwk", diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index f0af8d78f..eb89e82b3 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -390,6 +390,7 @@ ohos_unittest("UTTest_device_manager_service") { "access_token:libtoken_setproc", "cJSON:cjson", "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -398,6 +399,7 @@ ohos_unittest("UTTest_device_manager_service") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", "selinux_adapter:librestorecon", ] } @@ -418,6 +420,7 @@ ohos_unittest("UTTest_dm_softbus_cache") { "access_token:libtoken_setproc", "cJSON:cjson", "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -425,6 +428,7 @@ ohos_unittest("UTTest_dm_softbus_cache") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", "selinux_adapter:librestorecon", ] } @@ -451,6 +455,7 @@ ohos_unittest("UTTest_device_manager_service_three") { "access_token:libtoken_setproc", "cJSON:cjson", "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -458,6 +463,7 @@ ohos_unittest("UTTest_device_manager_service_three") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", "selinux_adapter:librestorecon", ] } @@ -1239,6 +1245,7 @@ ohos_unittest("UTTest_device_manager_service_impl") { external_deps = [ "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -1247,6 +1254,7 @@ ohos_unittest("UTTest_device_manager_service_impl") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", "os_account:libaccountkits", "os_account:os_account_innerkits", ] @@ -1269,6 +1277,7 @@ ohos_unittest("UTTest_device_manager_service_impl_first") { external_deps = [ "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -1277,6 +1286,7 @@ ohos_unittest("UTTest_device_manager_service_impl_first") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", "os_account:libaccountkits", "os_account:os_account_innerkits", ] @@ -2028,6 +2038,7 @@ ohos_unittest("UTTest_auth_pin_auth_state") { deps = [ ":device_manager_test_common" ] external_deps = [ + "device_auth:deviceauth_sdk", "device_auth:deviceauth_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", @@ -2036,6 +2047,7 @@ ohos_unittest("UTTest_auth_pin_auth_state") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", ] } @@ -2087,6 +2099,7 @@ ohos_unittest("UTTest_auth_credential_state") { external_deps = [ "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -2094,6 +2107,7 @@ ohos_unittest("UTTest_auth_credential_state") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", ] } @@ -2118,6 +2132,7 @@ ohos_unittest("UTTest_auth_acl") { external_deps = [ "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -2125,6 +2140,7 @@ ohos_unittest("UTTest_auth_acl") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", ] } -- Gitee From 383b943058b8564bb2837f595e86eaac56719770 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Mon, 19 May 2025 20:16:36 +0800 Subject: [PATCH 2/7] =?UTF-8?q?UT=E4=BE=9D=E8=B5=96=E8=A1=A5=E5=85=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- test/unittest/BUILD.gn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index eb89e82b3..431eed6aa 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -2167,6 +2167,7 @@ ohos_unittest("UTTest_auth_negotiate") { "access_token:libnativetoken", "access_token:libtoken_setproc", "device_auth:deviceauth_sdk", + "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -2174,6 +2175,7 @@ ohos_unittest("UTTest_auth_negotiate") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", + "huks:libhukssdk", ] } -- Gitee From 2d6aedb05affe3dd5dedbd0119f7038cc113a3ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Mon, 19 May 2025 21:56:56 +0800 Subject: [PATCH 3/7] =?UTF-8?q?=E5=8E=BB=E9=99=A4=E8=B0=83=E8=AF=95?= =?UTF-8?q?=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- common/include/dm_error_type.h | 3 ++ .../src/attest/dm_auth_generate_attest.cpp | 5 +-- .../src/attest/dm_auth_validate_attest.cpp | 10 ++---- .../src/authentication_v2/auth_manager.cpp | 35 +------------------ .../auth_stages/auth_negotiate.cpp | 17 ++++----- 5 files changed, 15 insertions(+), 55 deletions(-) diff --git a/common/include/dm_error_type.h b/common/include/dm_error_type.h index fd1873e55..d427c4c94 100644 --- a/common/include/dm_error_type.h +++ b/common/include/dm_error_type.h @@ -136,6 +136,9 @@ enum { ERR_DM_PARSE_MESSAGE_FAILED = 969298348, ERR_DM_GET_BMS_FAILED = 969298349, ERR_DM_GET_BUNDLE_NAME_FAILED = 969298349, + ERR_DM_DESERIAL_CERT_FAILED = 969298350, + ERR_DM_VERIFY_CERT_FAILED = 969298351, + ERR_DM_GET_PARAM_FAILED = 969298352, }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/attest/dm_auth_generate_attest.cpp b/services/implementation/src/attest/dm_auth_generate_attest.cpp index 7f9ab86dd..92236df85 100644 --- a/services/implementation/src/attest/dm_auth_generate_attest.cpp +++ b/services/implementation/src/attest/dm_auth_generate_attest.cpp @@ -29,7 +29,6 @@ int32_t AuthGenerateAttest::GenerateCertificate(DmCertChain &dmCertChain) LOGI("GenerateCertificate Start"); DcmIdType ids[] = { DCM_ID_TYPE_UDID }; uint64_t randomNum = GenRandLongLong(MIN_DCM_RANDOM, MAX_DCM_RANDOM); - LOGI("GenerateCertificate randomNum=%{public}lu", randomNum); DcmBlob challengeBlob = {sizeof(randomNum), (uint8_t *)& randomNum}; DcmCertChain* dcmCertChain = new DcmCertChain(); InitCertChain(dcmCertChain); @@ -38,14 +37,12 @@ int32_t AuthGenerateAttest::GenerateCertificate(DmCertChain &dmCertChain) LOGE("DcmAttestIdsEx fail, ret=%{public}d", ret); return ret; } - LOGI("DcmCertChain certCount=%{public}d, blob.size=%{public}d, blod.data=%{public}s", dcmCertChain -> certCount, - (*dcmCertChain -> cert).size, (*dcmCertChain->cert).data); ret = ConvertDcmCertChainToDmCertChain(*dcmCertChain, dmCertChain); if (ret != DM_OK) { LOGE("covertToSoftbusCertChain fail. ret=%{public}d", ret); return ret; } - return 0; + return DM_OK; } int32_t AuthGenerateAttest::InitCertChain(DcmCertChain *certChain) diff --git a/services/implementation/src/attest/dm_auth_validate_attest.cpp b/services/implementation/src/attest/dm_auth_validate_attest.cpp index 4824468e5..7e69e269a 100644 --- a/services/implementation/src/attest/dm_auth_validate_attest.cpp +++ b/services/implementation/src/attest/dm_auth_validate_attest.cpp @@ -51,21 +51,17 @@ int32_t AuthValidateAttest::VerifyCertificate(DmCertChain &dmCertChain, const ch HksBlob *blob = &outputParam->params[cnt].blob; if (memcpy_s(&randNum, sizeof(uint64_t), blob->data, blob->size) != EOK) { LOGE("memcpy randNum failed"); - return ERR_DM_FAILED; + return ERR_DM_GET_PARAM_FAILED; } - LOGI("randNum = %{public}lu", randNum); blob = &outputParam->params[++cnt].blob; if (memcpy_s(udidStr, UDID_BUF_LEN, blob->data, blob->size) != EOK) { LOGE("memcpy udidStr failed"); - return ERR_DM_FAILED; + return ERR_DM_GET_PARAM_FAILED; } - LOGI("zhengshu de udid Str = %{public}s", udidStr); std::string certDeviceIdHash = Crypto::GetUdidHash(std::string(udidStr)); - LOGI("zhengshu de certDeviceIdHash = %{public}s", certDeviceIdHash.c_str()); - LOGI("baowen chuanguolai deviceIdHash = %{public}s", deviceIdHash); if (strcmp(deviceIdHash, certDeviceIdHash.c_str()) != 0) { LOGE("verifyCertificate fail"); - return ERR_DM_FAILED; + return ERR_DM_VERIFY_CERT_FAILED; } return DM_OK; } diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index a05bbbb65..9950b717b 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -627,45 +627,12 @@ std::string GenerateCertificate() return ""; #else DmCertChain dmCertChain; - LOGI("generate cert start"); int32_t certRet = AuthGenerateAttest::GetInstance().GenerateCertificate(dmCertChain); - LOGI("generate cert end"); if (certRet != DM_OK) { LOGE("generate cert fail, certRet = %{public}d", certRet); return ""; } - LOGI("dmCertChain certCount=%{public}d, blob.size=%{public}d, blod.data=%{public}s", dmCertChain.certCount, - (*dmCertChain.cert).size, (*dmCertChain.cert).data); - // 序列化 std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); - LOGI("SerializeDmCertChain cert = %{public}s", cert.c_str()); - // 反序列化 - DmCertChain dmCertChainDeserialize{nullptr, 0}; - AuthAttestCommon::GetInstance().DeserializeDmCertChain(cert, &dmCertChainDeserialize); - LOGI("dmCertChainDeserialize certCount=%{public}d, blob.size=%{public}d, blod.data=%{public}s", - dmCertChainDeserialize.certCount, (*dmCertChainDeserialize.cert).size, (*dmCertChainDeserialize.cert).data); - // 校验数据 - bool valid = true; - if (dmCertChainDeserialize.certCount != dmCertChain.certCount) { - LOGI("verify error 1!"); - valid = false; - } else { - for (uint32_t i = 0; i < dmCertChainDeserialize.certCount; ++i) { - if (dmCertChainDeserialize.cert[i].size != dmCertChain.cert[i].size) { - LOGI("verify error 2!"); - valid = false; - } else { - for (uint32_t j = 0; j < dmCertChainDeserialize.cert[i].size; ++j) { - if (dmCertChainDeserialize.cert[i].data[j] != dmCertChain.cert[i].data[j]) { - LOGI("verify error 3!"); - valid = false; - break; - } - } - } - } - } - LOGI("valid = %{public}d", valid); return cert; #endif } @@ -711,7 +678,7 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & return ERR_DM_INPUT_PARA_INVALID; } - context_->cert = GenerateCertificate(); // 证书生成 + context_->cert = GenerateCertificate(); context_->sessionId = sessionId; context_->logicalSessionId = logicalSessionId; context_->requestId = static_cast(logicalSessionId); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp index f0b99df27..1ed71161d 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp @@ -184,26 +184,23 @@ int32_t VerifyCertificate(std::shared_ptr context) LOGI("Blue device do not verify cert!"); return DM_OK; #else - // verify cert, 任何一端低于5.1.1都不校验证书 if (!CompareVersion(context->accesser.dmVersion, DM_VERSION_5_1_0) || !CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_0) || context->isBlueFlag) { LOGI("cert verify is not supported"); return DM_OK; } - LOGI("AuthSinkNegotiateStateMachine::Action cert = %{public}s", context->cert.c_str()); DmCertChain dmCertChain{nullptr, 0}; - AuthAttestCommon::GetInstance().DeserializeDmCertChain(context->cert, &dmCertChain); - LOGI("validate cert start"); - char localDeviceId[DEVICE_UUID_LENGTH] = {0}; - GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH); - // context->accesser.deviceIdHash 对端udidHash + if (!AuthAttestCommon::GetInstance().DeserializeDmCertChain(context->cert, &dmCertChain)) { + LOGE("cert deserialize fail!"); + return ERR_DM_DESERIAL_CERT_FAILED; + } int32_t certRet = AuthValidateAttest::GetInstance() .VerifyCertificate(dmCertChain, context->accesser.deviceIdHash.c_str()); - LOGI("validate cert end"); if (certRet != DM_OK) { LOGE("validate cert fail, certRet = %{public}d", certRet); + return ERR_DM_VERIFY_CERT_FAILED; } - return certRet; + return DM_OK; #endif } @@ -236,7 +233,7 @@ int32_t AuthSinkNegotiateStateMachine::Action(std::shared_ptr con context->reason = ret; return ret; } - ret = VerifyCertificate(context); // 证书校验,失败则返回 + ret = VerifyCertificate(context); if (ret != DM_OK) { LOGE("AuthSinkNegotiateStateMachine::Action cert verify fail!"); context->reason = ret; -- Gitee From aa3f1c46ee94396169921c327047fba854830eb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Mon, 19 May 2025 22:37:17 +0800 Subject: [PATCH 4/7] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=86=85=E5=AD=98?= =?UTF-8?q?=E7=AE=A1=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/include/attest/dm_auth_generate_attest.h | 1 + .../implementation/src/attest/dm_auth_generate_attest.cpp | 5 ++++- .../src/authentication_v2/dm_auth_message_processor.cpp | 3 --- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/services/implementation/include/attest/dm_auth_generate_attest.h b/services/implementation/include/attest/dm_auth_generate_attest.h index 2e4f02e69..fec04c29f 100644 --- a/services/implementation/include/attest/dm_auth_generate_attest.h +++ b/services/implementation/include/attest/dm_auth_generate_attest.h @@ -34,6 +34,7 @@ public: int32_t GenerateCertificate(DmCertChain &dmCertChain); int32_t ConvertDcmCertChainToDmCertChain(DcmCertChain &dcmCertChain, DmCertChain &dmCertChain); int32_t InitCertChain(DcmCertChain *certChain); + void FreeCertChain(DcmCertChain* chain); }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/attest/dm_auth_generate_attest.cpp b/services/implementation/src/attest/dm_auth_generate_attest.cpp index 92236df85..fa7a5682a 100644 --- a/services/implementation/src/attest/dm_auth_generate_attest.cpp +++ b/services/implementation/src/attest/dm_auth_generate_attest.cpp @@ -35,13 +35,16 @@ int32_t AuthGenerateAttest::GenerateCertificate(DmCertChain &dmCertChain) int32_t ret = DcmAttestIdsEx(ids, sizeof(ids)/sizeof(ids[0]), &challengeBlob, DCM_CERT_TYPE_ROOT_V2, dcmCertChain); if (ret != DCM_SUCCESS) { LOGE("DcmAttestIdsEx fail, ret=%{public}d", ret); + FreeCertChain(dcmCertChain); return ret; } ret = ConvertDcmCertChainToDmCertChain(*dcmCertChain, dmCertChain); if (ret != DM_OK) { LOGE("covertToSoftbusCertChain fail. ret=%{public}d", ret); + FreeCertChain(dcmCertChain); return ret; } + FreeCertChain(dcmCertChain); return DM_OK; } @@ -56,7 +59,7 @@ int32_t AuthGenerateAttest::InitCertChain(DcmCertChain *certChain) return DM_OK; } -void FreeCertChain(DcmCertChain* chain) +void AuthGenerateAttest::FreeCertChain(DcmCertChain* chain) { if (!chain) { return; diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index d6d58a2ea..82d7a1312 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -653,7 +653,6 @@ int32_t DmAuthMessageProcessor::CreateNegotiateMessage(std::shared_ptraccessee.displayId; jsonObject[TAG_PEER_PKG_NAME] = context->accessee.pkgName; jsonObject[TAG_HOST_PKGLABEL] = context->pkgLabel; - LOGI("DmAuthMessageProcessor::CreateNegotiateMessage cert = %{public}s", context->cert.c_str()); jsonObject[TAG_DM_CERT_CHAIN] = context->cert; jsonObject[TAG_IS_BLUE_FLAG] = context->isBlueFlag; return DM_OK; @@ -1041,10 +1040,8 @@ void DmAuthMessageProcessor::ParseUltrasonicSide( } else { context->ultrasonicInfo = DmUltrasonicInfo::DM_Ultrasonic_Invalid; } - LOGI("ParseNegotiateMessage TAG_DM_CERT_CHAIN START!"); if (IsString(jsonObject, TAG_DM_CERT_CHAIN)) { context->cert = jsonObject[TAG_DM_CERT_CHAIN].Get(); - LOGI("ParseNegotiateMessage context->cert = %{public}s", context->cert.c_str()); } if (jsonObject[TAG_IS_BLUE_FLAG].IsBoolean()) { context->isBlueFlag = jsonObject[TAG_IS_BLUE_FLAG].Get(); -- Gitee From ff77c3b4136d06a1ccf2763bcba2e5ee78a25e31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Tue, 20 May 2025 09:20:23 +0800 Subject: [PATCH 5/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9build.gn=E7=9A=84?= =?UTF-8?q?=E4=BE=9D=E8=B5=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- services/implementation/BUILD.gn | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/services/implementation/BUILD.gn b/services/implementation/BUILD.gn index 506217b00..0efccf066 100644 --- a/services/implementation/BUILD.gn +++ b/services/implementation/BUILD.gn @@ -237,14 +237,12 @@ if (defined(ohos_lite)) { "c_utils:utils", "common_event_service:cesfwk_innerkits", "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", "eventhandler:libeventhandler", "ffrt:libffrt", "hilog:libhilog", - "huks:libhukssdk", "init:libbegetutil", "ipc:ipc_core", "mbedtls:mbedtls_shared", @@ -278,6 +276,10 @@ if (defined(ohos_lite)) { "src/attest/dm_auth_generate_attest.cpp", "src/attest/dm_auth_validate_attest.cpp", ] + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] } subsystem_name = "distributedhardware" -- Gitee From 81bc6e5946da0c0e21c6879871d02aab98d13feb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Tue, 20 May 2025 10:28:19 +0800 Subject: [PATCH 6/7] =?UTF-8?q?gn=E4=BE=9D=E8=B5=96=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../BUILD.gn | 9 ++- .../dmauthmanagerv2_fuzzer/BUILD.gn | 9 ++- .../ondatareceivedv2_fuzzer/BUILD.gn | 9 ++- test/unittest/BUILD.gn | 81 ++++++++++++++----- 4 files changed, 84 insertions(+), 24 deletions(-) diff --git a/test/commonfuzztest/authenticatedeviceserviceimpl_fuzzer/BUILD.gn b/test/commonfuzztest/authenticatedeviceserviceimpl_fuzzer/BUILD.gn index 22815d122..f79c6dfe0 100644 --- a/test/commonfuzztest/authenticatedeviceserviceimpl_fuzzer/BUILD.gn +++ b/test/commonfuzztest/authenticatedeviceserviceimpl_fuzzer/BUILD.gn @@ -75,18 +75,23 @@ ohos_fuzztest("AuthenticateDeviceServiceImplFuzzTest") { "access_token:libtoken_setproc", "cJSON:cjson", "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", "ffrt:libffrt", "hilog:libhilog", - "huks:libhukssdk", "init:libbegetutil", "ipc:ipc_single", "safwk:system_ability_fwk", "selinux_adapter:librestorecon", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ############################################################################### diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn b/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn index 3b1b9ca3c..93e9b15d9 100644 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn +++ b/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn @@ -54,13 +54,11 @@ ohos_fuzztest("DmAuthManagerV2FuzzTest") { external_deps = [ "cJSON:cjson", "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", "ffrt:libffrt", "hilog:libhilog", - "huks:libhukssdk", "init:libbegetutil", "ipc:ipc_single", "safwk:system_ability_fwk", @@ -71,6 +69,13 @@ ohos_fuzztest("DmAuthManagerV2FuzzTest") { "DH_LOG_TAG=\"DmAuthManagerV2FuzzTest\"", "LOG_DOMAIN=0xD004110", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ############################################################################### diff --git a/test/commonfuzztest/ondatareceivedv2_fuzzer/BUILD.gn b/test/commonfuzztest/ondatareceivedv2_fuzzer/BUILD.gn index 9bcbb88f4..c6f9f7df8 100644 --- a/test/commonfuzztest/ondatareceivedv2_fuzzer/BUILD.gn +++ b/test/commonfuzztest/ondatareceivedv2_fuzzer/BUILD.gn @@ -53,13 +53,11 @@ ohos_fuzztest("OnDataReceivedV2FuzzTest") { external_deps = [ "cJSON:cjson", "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", "ffrt:libffrt", "hilog:libhilog", - "huks:libhukssdk", "init:libbegetutil", "ipc:ipc_single", "safwk:system_ability_fwk", @@ -70,6 +68,13 @@ ohos_fuzztest("OnDataReceivedV2FuzzTest") { "DH_LOG_TAG=\"OnDataReceivedV2FuzzTest\"", "LOG_DOMAIN=0xD004110", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ############################################################################### diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 431eed6aa..a82f0cd59 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -390,7 +390,6 @@ ohos_unittest("UTTest_device_manager_service") { "access_token:libtoken_setproc", "cJSON:cjson", "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -399,9 +398,15 @@ ohos_unittest("UTTest_device_manager_service") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", "selinux_adapter:librestorecon", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_device_manager_service }}} @@ -420,7 +425,6 @@ ohos_unittest("UTTest_dm_softbus_cache") { "access_token:libtoken_setproc", "cJSON:cjson", "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -428,9 +432,15 @@ ohos_unittest("UTTest_dm_softbus_cache") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", "selinux_adapter:librestorecon", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_dm_softbus_cache }}} @@ -455,7 +465,6 @@ ohos_unittest("UTTest_device_manager_service_three") { "access_token:libtoken_setproc", "cJSON:cjson", "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -463,9 +472,15 @@ ohos_unittest("UTTest_device_manager_service_three") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", "selinux_adapter:librestorecon", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_device_manager_service_three }}} @@ -1245,7 +1260,6 @@ ohos_unittest("UTTest_device_manager_service_impl") { external_deps = [ "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -1254,10 +1268,16 @@ ohos_unittest("UTTest_device_manager_service_impl") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", "os_account:libaccountkits", "os_account:os_account_innerkits", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_device_manager_service_impl }}} @@ -1277,7 +1297,6 @@ ohos_unittest("UTTest_device_manager_service_impl_first") { external_deps = [ "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -1286,10 +1305,16 @@ ohos_unittest("UTTest_device_manager_service_impl_first") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", "os_account:libaccountkits", "os_account:os_account_innerkits", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_device_manager_service_impl_first }}} @@ -2038,7 +2063,6 @@ ohos_unittest("UTTest_auth_pin_auth_state") { deps = [ ":device_manager_test_common" ] external_deps = [ - "device_auth:deviceauth_sdk", "device_auth:deviceauth_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", @@ -2047,8 +2071,14 @@ ohos_unittest("UTTest_auth_pin_auth_state") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_auth_pin_auth_state }}} @@ -2099,7 +2129,6 @@ ohos_unittest("UTTest_auth_credential_state") { external_deps = [ "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -2107,8 +2136,14 @@ ohos_unittest("UTTest_auth_credential_state") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_auth_credential_state }}} @@ -2132,7 +2167,6 @@ ohos_unittest("UTTest_auth_acl") { external_deps = [ "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -2140,8 +2174,14 @@ ohos_unittest("UTTest_auth_acl") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_auth_acl }}} @@ -2167,7 +2207,6 @@ ohos_unittest("UTTest_auth_negotiate") { "access_token:libnativetoken", "access_token:libtoken_setproc", "device_auth:deviceauth_sdk", - "device_certificate_manager:device_cert_mgr_sdk", "device_info_manager:distributed_device_profile_common", "device_info_manager:distributed_device_profile_sdk", "dsoftbus:softbus_client", @@ -2175,8 +2214,14 @@ ohos_unittest("UTTest_auth_negotiate") { "googletest:gmock", "googletest:gmock_main", "hilog:libhilog", - "huks:libhukssdk", ] + + if (!device_manager_common) { + external_deps += [ + "device_certificate_manager:device_cert_mgr_sdk", + "huks:libhukssdk", + ] + } } ## UnitTest UTTest_auth_negotiate }}} -- Gitee From dd9d8237d6a826a51534738db7275c9ece085e70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Tue, 20 May 2025 11:02:50 +0800 Subject: [PATCH 7/7] =?UTF-8?q?=E7=BC=96=E8=AF=91=E5=A4=B1=E8=B4=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 9950b717b..fd281b279 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -619,7 +619,7 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } -std::string GenerateCertificate() +std::string GenerateCertificate(std::shared_ptr context_) { #ifdef DEVICE_MANAGER_COMMON_FLAG context_->isBlueFlag = true; @@ -678,7 +678,7 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & return ERR_DM_INPUT_PARA_INVALID; } - context_->cert = GenerateCertificate(); + context_->cert = GenerateCertificate(context_); context_->sessionId = sessionId; context_->logicalSessionId = logicalSessionId; context_->requestId = static_cast(logicalSessionId); -- Gitee