diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 901a30b7a175676d860b062641e2db95cb6cc5d4..ab2bb0595aa48e0ff76cb47337c97265b6f14ac2 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -197,6 +197,7 @@ extern const char* DM_VERSION_5_0_5; extern const char* DM_VERSION_5_1_0; extern const char* DM_VERSION_5_1_1; extern const char* DM_VERSION_5_1_2; +extern const char* DM_VERSION_5_1_3; extern const char* DM_CURRENT_VERSION; extern const char* DM_ACL_AGING_VERSION; extern const char* DM_VERSION_5_0_OLD_MAX; // Estimated highest version number of the old version diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index 5a2632e9dbc5bc6bd26f6ef8e506d5769b2e6c95..491808f155829cc63500c9ca16d5154d9b4fe99e 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -185,7 +185,8 @@ const char* DM_VERSION_5_0_5 = "5.0.5"; const char* DM_VERSION_5_1_0 = "5.1.0"; const char* DM_VERSION_5_1_1 = "5.1.1"; const char* DM_VERSION_5_1_2 = "5.1.2"; -const char* DM_CURRENT_VERSION = DM_VERSION_5_1_2; +const char* DM_VERSION_5_1_3 = "5.1.3"; +const char* DM_CURRENT_VERSION = DM_VERSION_5_1_3; const char* DM_ACL_AGING_VERSION = DM_VERSION_5_1_0; const char* DM_VERSION_5_0_OLD_MAX = "5.0.99"; // Estimated highest version number of the old version const int32_t DM_HO_OSTYPE = -1; diff --git a/services/implementation/include/authentication_v2/dm_auth_message_processor.h b/services/implementation/include/authentication_v2/dm_auth_message_processor.h index 5192992bde31ffe817560ce771a8f50b76e43029..6774ecd52891fe7ad6bf01afb496289de7346ad3 100644 --- a/services/implementation/include/authentication_v2/dm_auth_message_processor.h +++ b/services/implementation/include/authentication_v2/dm_auth_message_processor.h @@ -115,6 +115,8 @@ enum DmMessageType { MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE = 131, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE = 140, MSG_TYPE_RESP_CREDENTIAL_EXCHANGE = 150, + MSG_TYPE_REQ_SK_DERIVE = 141, + MSG_TYPE_RESP_SK_DERIVE = 151, MSG_TYPE_REQ_CREDENTIAL_AUTH_START = 160, MSG_TYPE_RESP_CREDENTIAL_AUTH_START = 170, MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE = 161, @@ -224,8 +226,10 @@ public: void DmAuthUltrasonicMessageProcessor(); private: + // construct function implementation + void ConstructCreateMessageFunMap(); + void ConstructParaseMessageFuncMap(); // Internal implementations for various message types - // Used to encrypt the synchronization message int32_t EncryptSyncMessage(std::shared_ptr &context, DmAccess &accessSide, std::string &encSyncMsg); int32_t CreateProxyAccessMessage(std::shared_ptr &context, JsonObject &syncMsgJson); @@ -257,6 +261,10 @@ private: // Parse the 150 message int32_t ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context); int32_t ParseProxyCredExchangeToSync(std::shared_ptr &context, JsonObject &jsonObject); + // Parse the 141 message + int32_t ParseMessageReqSKDerive(const JsonObject &jsonObject, std::shared_ptr context); + // Parse the 151 message + int32_t ParseMessageRspSKDerive(const JsonObject &jsonObject, std::shared_ptr context); // Parse the 161, 170, and 171 messages int32_t ParseMessageNegotiateTransmit(const JsonObject &jsonObject, std::shared_ptr context); // Parse the 180 message @@ -301,6 +309,10 @@ private: // Create the 150 message int32_t CreateMessageRspCredExchange(std::shared_ptr context, JsonObject &jsonObject); int32_t CreateProxyCredExchangeMessage(std::shared_ptr &context, JsonObject &jsonData); + // Create 141 message. + int32_t CreateMessageReqSKDerive(std::shared_ptr context, JsonObject &jsonObject); + // Create 151 message. + int32_t CreateMessageRspSKDerive(std::shared_ptr context, JsonObject &jsonObject); // Create the 160 message int32_t CreateMessageReqCredAuthStart(std::shared_ptr context, JsonObject &jsonObject); // Construct the 161, 170, and 171 credential authentication messages diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 8e948a6664f720607f6611b07713de1093c77010..a40cd8bbd51f38e2a3f7cd4b23c1bef71650c6c3 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -58,6 +58,7 @@ enum class DmAuthStateType { AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE = 16, // Received 170 credential authentication message, sent 161 message AUTH_SRC_DATA_SYNC_STATE = 17, // Received 190 message, sent 200 message AUTH_SRC_FINISH_STATE = 18, // Received 201 message + AUTH_SRC_SK_DERIVE_STATE = 19, // Received 151 message // sink end state AUTH_SINK_START_STATE = 50, // Bus trigger OnSessionOpened @@ -77,6 +78,7 @@ enum class DmAuthStateType { AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE = 64, // Received 161 credential negotiation message, AUTH_SINK_DATA_SYNC_STATE = 65, // Received 180 synchronization message, send 190 message AUTH_SINK_FINISH_STATE = 66, // Received 200 end message, send 201 message + AUTH_SINK_SK_DERIVE_STATE = 67, // Received 141 message }; // Credential Addition Method @@ -442,11 +444,27 @@ public: int32_t Action(std::shared_ptr context) override; }; +class AuthSrcSKDeriveState : public DmAuthState { +public: + virtual ~AuthSrcSKDeriveState() {}; + DmAuthStateType GetStateType() override; + int32_t Action(std::shared_ptr context) override; +}; + +class AuthSinkSKDeriveState : public DmAuthState { +public: + virtual ~AuthSinkSKDeriveState() {}; + DmAuthStateType GetStateType() override; + int32_t Action(std::shared_ptr context) override; +}; + class AuthSrcCredentialAuthStartState : public AuthCredentialAgreeState { public: virtual ~AuthSrcCredentialAuthStartState() {}; DmAuthStateType GetStateType() override; int32_t Action(std::shared_ptr context) override; +private: + int32_t AgreeAndDeleteCredential(std::shared_ptr context); }; class AuthSrcCredentialAuthNegotiateState : public DmAuthState { @@ -464,8 +482,10 @@ public: int32_t SendCredentialAuthMessage(std::shared_ptr context, DmMessageType &msgType); int32_t DerivativeSessionKey(std::shared_ptr context); int32_t DerivativeProxySessionKey(std::shared_ptr context); + int32_t HandleSrcCredentialAuthDone(std::shared_ptr context); private: - std::string GenerateCertificate(std::shared_ptr context); + std::mutex certCVMtx_; + std::condition_variable certCV_; }; class AuthSinkCredentialAuthStartState : public DmAuthState { diff --git a/services/implementation/include/authentication_v2/dm_auth_state_machine.h b/services/implementation/include/authentication_v2/dm_auth_state_machine.h index 03a0d83dd1b808e5f8878c60f3665d0225bcbd54..48288a3a39b1cdb3442c6eb14ed68855fab13262 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state_machine.h +++ b/services/implementation/include/authentication_v2/dm_auth_state_machine.h @@ -81,6 +81,8 @@ private: void InsertSinkTransTable(); void InsertUltrasonicSrcTransTable(); void InsertUltrasonicSinkTransTable(); + void InsertCredentialAuthSrcTransTable(); + void InsertCredentialAuthSinkTransTable(); // Fetch the current state and execute it std::optional> FetchAndSetCurState(); diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c6cf3ff0ba2f314da1cc349e1a1af81a39b4fd3a..968a13ce7acfd600e0f5517578aa174a9f353003 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -26,6 +26,8 @@ #include "multiple_user_connector.h" #include "auth_manager.h" +#include "dm_auth_attest_common.h" +#include "dm_auth_cert.h" #include "dm_constants.h" #include "dm_crypto.h" #include "dm_random.h" @@ -38,6 +40,7 @@ #include "dm_auth_context.h" #include "dm_auth_message_processor.h" #include "dm_auth_state.h" +#include "ffrt.h" #include "json_object.h" namespace OHOS { @@ -623,6 +626,29 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } +void GenerateCertificate(std::shared_ptr context) +{ + if (context == nullptr) { + LOGE("context is nullptr!"); + return; + } +#ifdef DEVICE_MANAGER_COMMON_FLAG + context->accesser.isCommonFlag = true; + LOGI("open device do not generate cert!"); + context->accesser.cert = "common"; +#else + DmCertChain dmCertChain; + int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); + if (certRet != DM_OK) { + LOGE("generate cert fail, certRet = %{public}d", certRet); + return; + } + context->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); +#endif + return; +} + int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId &targetId, const std::map &bindParam, int sessionId, uint64_t logicalSessionId) { @@ -670,6 +696,8 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & context_->logicalSessionId = logicalSessionId; context_->requestId = static_cast(logicalSessionId); context_->authStateMachine->TransitionTo(std::make_shared()); + // generate cert sync + ffrt::submit([=]() { GenerateCertificate(context_);}); info = { .funcName = "BindTarget" }; info.channelId = sessionId; DmRadarHelper::GetInstance().ReportAuthSendRequest(info); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 4bada104f53d5f96a04388633dd50e492d6e1abe..b30e8e9e03a4fecab7d992f6b3f2ea72b22499e1 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -26,6 +26,7 @@ #include "dm_constants.h" #include "dm_log.h" #include "deviceprofile_connector.h" +#include "ffrt.h" #include "hichain_auth_connector.h" #include "multiple_user_connector.h" @@ -37,8 +38,8 @@ namespace { // tag in Lowercase, need by hichain tag constexpr const char* TAG_LOWER_DEVICE_ID = "deviceId"; constexpr const char* TAG_LOWER_USER_ID = "userId"; - constexpr const char* DM_AUTH_CREDENTIAL_OWNER = "DM"; +const int32_t GENERATE_CERT_TIMEOUT = 100; // 100ms // decrypt process int32_t g_authCredentialTransmitDecryptProcess(std::shared_ptr context, DmEventType event) @@ -110,35 +111,15 @@ DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE; } -std::string AuthSrcCredentialAuthDoneState::GenerateCertificate(std::shared_ptr context) -{ -#ifdef DEVICE_MANAGER_COMMON_FLAG - if (context == nullptr) { - LOGE("context_ is nullptr!"); - return ""; - } - context->accesser.isCommonFlag = true; - LOGI("open device do not generate cert!"); - return ""; -#else - DmCertChain dmCertChain; - int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); - if (certRet != DM_OK) { - LOGE("generate cert fail, certRet = %{public}d", certRet); - return ""; - } - std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); - AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); - return cert; -#endif -} - int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); if (GetSessionKey(context)) { DerivativeSessionKey(context); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_REQ_DATA_SYNC, context); return DM_OK; } @@ -147,14 +128,20 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co if (ret != DM_OK) { return ret; } - // Authentication completion triggers the Onfinish callback event. if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) { LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed"); return ERR_DM_FAILED; } - DmMessageType msgType; + return HandleSrcCredentialAuthDone(context); +} +int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); + DmMessageType msgType; + int32_t ret = DM_OK; // first time joinLnn, auth lnnCredential if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false && context->accesser.bindLevel != USER) { @@ -167,7 +154,6 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth credentail failed"); return ret; } - // wait for onTransmit event if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthDoneState::Action failed, ON_TRANSMIT event not arrived."); @@ -182,11 +168,15 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co return ret; } SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } else { // Non-first-time authentication transport credential process DerivativeSessionKey(context); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } return SendCredentialAuthMessage(context, msgType); @@ -609,8 +599,8 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // Delete temporary credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; @@ -636,8 +626,8 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // Delete temporary transport credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, context); LOGI("AuthSinkCredentialExchangeState::Action leave."); @@ -649,55 +639,67 @@ DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; } +int32_t AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr context) +{ + if (context == nullptr || context->hiChainAuthConnector == nullptr) { + return ERR_DM_POINT_NULL; + } + int32_t ret = DM_OK; + std::string tmpCredId = ""; + int32_t osAccountId = context->accesser.userId; + // First authentication + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + // Agree lnn credentials and public key + tmpCredId = context->accesser.lnnCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); + return ret; + } + // Delete temporary lnn credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + } + DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; + if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { + authorizedScope = DM_AUTH_SCOPE_APP; + } else if (context->accesser.bindLevel == USER) { + authorizedScope = DM_AUTH_SCOPE_USER; + } + // Agree transport credentials and public key + tmpCredId = context->accesser.transmitCredentialId; + ret = AgreeCredential(authorizedScope, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, ""); + LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); + return ret; + } + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + return DM_OK; +} + int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr context) { LOGI("AuthSrcCredentialAuthStartState::Action start."); int32_t ret = ERR_DM_FAILED; - std::string tmpCredId = ""; int32_t osAccountId = context->accesser.userId; - if (context == nullptr || context->hiChainAuthConnector == nullptr || context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { return ret; } - if (IsNeedAgreeCredential(context)) { - // First authentication - if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { - // Agree lnn credentials and public key - tmpCredId = context->accesser.lnnCredentialId; - ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context); - if (ret != DM_OK) { - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); - return ret; - } - - // Delete temporary lnn credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - } - - DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; - if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { - authorizedScope = DM_AUTH_SCOPE_APP; - } else if (context->accesser.bindLevel == USER) { - authorizedScope = DM_AUTH_SCOPE_USER; - } - - // Agree transport credentials and public key - tmpCredId = context->accesser.transmitCredentialId; - ret = AgreeCredential(authorizedScope, context); - if (ret != DM_OK) { - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, ""); - LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); - return ret; + if (AgreeAndDeleteCredential(context) != DM_OK) { + return AgreeAndDeleteCredential(context); } - - // Delete temporary transport credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); } - + // compareVersion send 141 + std::string message = ""; + if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) { + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); + } // Transport credential authentication ret = context->hiChainAuthConnector->AuthCredential(osAccountId, context->requestId, context->accesser.transmitCredentialId, std::string("")); @@ -705,15 +707,107 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGE("AuthSrcCredentialAuthStartState::Action failed, auth app cred failed."); return ret; } - if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthStartState::Action failed, ON_TRANSMIT event not arrived."); return ERR_DM_FAILED; } - - std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } + +DmAuthStateType AuthSrcSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; +} + +// receive 151 message +int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSrcSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSrcSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } + // First authentication lnn cred + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + // send 180 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); + LOGI("AuthSrcSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +DmAuthStateType AuthSinkSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; +} + +// receive 141 message +int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSinkSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSinkSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } + // First authentication lnn cred + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); + // send 151 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); + LOGI("AuthSinkSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 3ff2a9174a405c2004b31873995be1922bb0852b..917aeb43784dfedd6db985f696396b393e6445c5 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -454,10 +454,8 @@ int32_t DmAuthMessageProcessor::PutProxyAccessControlList(std::shared_ptr(); createMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateNegotiateMessage}, {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateRespNegotiateMessage}, @@ -470,6 +468,8 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() &DmAuthMessageProcessor::CreateMessageRespPinAuthNegotiate}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageReqCredExchange}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageReqSKDerive}, + {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageRspSKDerive}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::CreateMessageReqCredAuthStart}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::CreateCredentialNegotiateMessage}, @@ -481,6 +481,10 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, }; +} + +void DmAuthMessageProcessor::ConstructParaseMessageFuncMap() +{ paraseMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseNegotiateMessage}, {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageRespAclNegotiate}, @@ -493,6 +497,8 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() &DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageReqCredExchange}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageReqSKDerive}, + {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageRspSKDerive}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseAuthStartMessage}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, @@ -503,6 +509,14 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::ParseMessageSinkFinish}, {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::ParseMessageSrcFinish}, }; +} + +DmAuthMessageProcessor::DmAuthMessageProcessor() +{ + LOGI("DmAuthMessageProcessor constructor"); + cryptoMgr_ = std::make_shared(); + ConstructCreateMessageFunMap(); + ConstructParaseMessageFuncMap(); DmAuthUltrasonicMessageProcessor(); } @@ -662,6 +676,7 @@ int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &js return DM_OK; } +// parse 150 int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context) { @@ -708,6 +723,72 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js return DM_OK; } +// parse 141 +int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonObject, + std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); + if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + // First authentication, parse lnn public key + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast(USER)) { + if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accesser.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get(); + } + if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accesser.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// parse 151 +int32_t DmAuthMessageProcessor::ParseMessageRspSKDerive(const JsonObject &jsonObject, + std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); + if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + // First authentication, parse lnn public key + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast(USER)) { + if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accessee.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get(); + } + if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accessee.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + int32_t DmAuthMessageProcessor::ParseProxyCredExchangeToSync(std::shared_ptr &context, JsonObject &jsonObject) { @@ -957,6 +1038,52 @@ int32_t DmAuthMessageProcessor::CreateProxyCredExchangeMessage(std::shared_ptr context, + JsonObject &jsonObject) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); + JsonObject jsonData; + jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accesser.transmitCredentialId; + // First certification + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast(USER)) { + jsonData[TAG_LNN_CREDENTIAL_ID] = context->accesser.lnnCredentialId; + } + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[TAG_DATA] = cipherText; + return ret; +} + +// Create 151 message. +int32_t DmAuthMessageProcessor::CreateMessageRspSKDerive(std::shared_ptr context, + JsonObject &jsonObject) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); + JsonObject jsonData; + jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accessee.transmitCredentialId; + // First certification + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast(USER)) { + jsonData[TAG_LNN_CREDENTIAL_ID] = context->accessee.lnnCredentialId; + } + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[TAG_DATA] = cipherText; + return ret; +} + // Create 160 message. int32_t DmAuthMessageProcessor::CreateMessageReqCredAuthStart(std::shared_ptr context, JsonObject &jsonObject) diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index 231bf6690088a532d790daa4121b6a5b888798ed..1bfc7b02dab1109cb3d64767c6bf8c9c3cc251e0 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -73,6 +73,17 @@ void DmAuthStateMachine::InsertSrcTransTable() {DmAuthStateType::AUTH_SRC_PIN_INPUT_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }}, + {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, + {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} + }); + InsertCredentialAuthSrcTransTable(); + InsertUltrasonicSrcTransTable(); + return; +} + +void DmAuthStateMachine::InsertCredentialAuthSrcTransTable() +{ + stateTransitionTable_.insert({ {DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_MSG_NEGOTIATE_STATE, DmAuthStateType::AUTH_SRC_PIN_NEGOTIATE_START_STATE, @@ -90,25 +101,23 @@ void DmAuthStateMachine::InsertSrcTransTable() DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, }}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE}}, - - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, - - {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, + DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, + }}, + {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, { + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE}}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE + }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, { + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, + }}, }); - - InsertUltrasonicSrcTransTable(); - - return; } + void DmAuthStateMachine::InsertUltrasonicSrcTransTable() { stateTransitionTable_.insert({ @@ -135,7 +144,6 @@ void DmAuthStateMachine::InsertUltrasonicSrcTransTable() DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }} }); - return; } @@ -160,6 +168,17 @@ void DmAuthStateMachine::InsertSinkTransTable() {DmAuthStateType::AUTH_SINK_PIN_DISPLAY_STATE, { DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE, }}, + {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, + {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} + }); + InsertCredentialAuthSinkTransTable(); + InsertUltrasonicSinkTransTable(); + return; +} + +void DmAuthStateMachine::InsertCredentialAuthSinkTransTable() +{ + stateTransitionTable_.insert({ {DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE, { DmAuthStateType::AUTH_SINK_PIN_AUTH_MSG_NEGOTIATE_STATE, DmAuthStateType::AUTH_SINK_PIN_NEGOTIATE_START_STATE, @@ -177,19 +196,17 @@ void DmAuthStateMachine::InsertSinkTransTable() }}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_EXCHANGE_STATE, { DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, + DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, }}, + {DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE}}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, { - DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, + DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE + }}, + {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, { + DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE }}, - {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, - {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE}}, - {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, - {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} }); - - InsertUltrasonicSinkTransTable(); - - return; } void DmAuthStateMachine::InsertUltrasonicSinkTransTable()