From 147def3faa1a0b739a118d9a606fcce977887e4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:09:58 +0800 Subject: [PATCH 01/18] bind optimize MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- common/include/dm_constants.h | 1 + common/src/dm_constants.cpp | 3 +- .../dm_auth_message_processor.h | 10 ++ .../include/authentication_v2/dm_auth_state.h | 18 +++ .../src/authentication_v2/auth_manager.cpp | 28 ++++ .../auth_stages/auth_credential.cpp | 123 ++++++++++++++++-- .../dm_auth_message_processor.cpp | 109 ++++++++++++++++ .../dm_auth_state_machine.cpp | 20 ++- 8 files changed, 285 insertions(+), 27 deletions(-) diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 901a30b7a..ab2bb0595 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -197,6 +197,7 @@ extern const char* DM_VERSION_5_0_5; extern const char* DM_VERSION_5_1_0; extern const char* DM_VERSION_5_1_1; extern const char* DM_VERSION_5_1_2; +extern const char* DM_VERSION_5_1_3; extern const char* DM_CURRENT_VERSION; extern const char* DM_ACL_AGING_VERSION; extern const char* DM_VERSION_5_0_OLD_MAX; // Estimated highest version number of the old version diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index 5a2632e9d..76947642e 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -185,7 +185,8 @@ const char* DM_VERSION_5_0_5 = "5.0.5"; const char* DM_VERSION_5_1_0 = "5.1.0"; const char* DM_VERSION_5_1_1 = "5.1.1"; const char* DM_VERSION_5_1_2 = "5.1.2"; -const char* DM_CURRENT_VERSION = DM_VERSION_5_1_2; +const char* DM_VERSION_5_1_2 = "5.1.3"; +const char* DM_CURRENT_VERSION = DM_VERSION_5_1_3; const char* DM_ACL_AGING_VERSION = DM_VERSION_5_1_0; const char* DM_VERSION_5_0_OLD_MAX = "5.0.99"; // Estimated highest version number of the old version const int32_t DM_HO_OSTYPE = -1; diff --git a/services/implementation/include/authentication_v2/dm_auth_message_processor.h b/services/implementation/include/authentication_v2/dm_auth_message_processor.h index 5192992bd..74486482d 100644 --- a/services/implementation/include/authentication_v2/dm_auth_message_processor.h +++ b/services/implementation/include/authentication_v2/dm_auth_message_processor.h @@ -115,6 +115,8 @@ enum DmMessageType { MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE = 131, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE = 140, MSG_TYPE_RESP_CREDENTIAL_EXCHANGE = 150, + MSG_TYPE_REQ_SK_DERIVE = 141, + MSG_TYPE_RESP_SK_DERIVE = 151, MSG_TYPE_REQ_CREDENTIAL_AUTH_START = 160, MSG_TYPE_RESP_CREDENTIAL_AUTH_START = 170, MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE = 161, @@ -257,6 +259,10 @@ private: // Parse the 150 message int32_t ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context); int32_t ParseProxyCredExchangeToSync(std::shared_ptr &context, JsonObject &jsonObject); + // Parse the 141 message + int32_t ParseMessageReqSKDerive(const JsonObject &jsonObject, std::shared_ptr context); + // Parse the 151 message + int32_t ParseMessageRspSKDerive(const JsonObject &jsonObject, std::shared_ptr context); // Parse the 161, 170, and 171 messages int32_t ParseMessageNegotiateTransmit(const JsonObject &jsonObject, std::shared_ptr context); // Parse the 180 message @@ -301,6 +307,10 @@ private: // Create the 150 message int32_t CreateMessageRspCredExchange(std::shared_ptr context, JsonObject &jsonObject); int32_t CreateProxyCredExchangeMessage(std::shared_ptr &context, JsonObject &jsonData); + // Create 141 message. + int32_t CreateMessageReqSKDerive(std::shared_ptr context, JsonObject &jsonObject); + // Create 151 message. + int32_t CreateMessageRspSKDerive(std::shared_ptr context, JsonObject &jsonObject); // Create the 160 message int32_t CreateMessageReqCredAuthStart(std::shared_ptr context, JsonObject &jsonObject); // Construct the 161, 170, and 171 credential authentication messages diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 8e948a666..1cee3385c 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -58,6 +58,7 @@ enum class DmAuthStateType { AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE = 16, // Received 170 credential authentication message, sent 161 message AUTH_SRC_DATA_SYNC_STATE = 17, // Received 190 message, sent 200 message AUTH_SRC_FINISH_STATE = 18, // Received 201 message + AUTH_SRC_SK_DERIVE_STATE = 19, // Received 151 message // sink end state AUTH_SINK_START_STATE = 50, // Bus trigger OnSessionOpened @@ -77,6 +78,7 @@ enum class DmAuthStateType { AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE = 64, // Received 161 credential negotiation message, AUTH_SINK_DATA_SYNC_STATE = 65, // Received 180 synchronization message, send 190 message AUTH_SINK_FINISH_STATE = 66, // Received 200 end message, send 201 message + AUTH_SINK_SK_DERIVE_STATE = 67, // Received 141 message }; // Credential Addition Method @@ -442,6 +444,20 @@ public: int32_t Action(std::shared_ptr context) override; }; +class AuthSrcSKDeriveState : public DmAuthState { +public: + virtual ~AuthSrcSKDeriveState() {}; + DmAuthStateType GetStateType() override; + int32_t Action(std::shared_ptr context) override; +}; + +class AuthSinkSKDeriveState : public DmAuthState { +public: + virtual ~AuthSinkSKDeriveState() {}; + DmAuthStateType GetStateType() override; + int32_t Action(std::shared_ptr context) override; +}; + class AuthSrcCredentialAuthStartState : public AuthCredentialAgreeState { public: virtual ~AuthSrcCredentialAuthStartState() {}; @@ -466,6 +482,8 @@ public: int32_t DerivativeProxySessionKey(std::shared_ptr context); private: std::string GenerateCertificate(std::shared_ptr context); + std::mutex certCVMtx_; + std::condition_variable certCV_; }; class AuthSinkCredentialAuthStartState : public DmAuthState { diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c6cf3ff0b..99e922168 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -26,6 +26,8 @@ #include "multiple_user_connector.h" #include "auth_manager.h" +#include "dm_auth_attest_common.h" +#include "dm_auth_cert.h" #include "dm_constants.h" #include "dm_crypto.h" #include "dm_random.h" @@ -38,6 +40,7 @@ #include "dm_auth_context.h" #include "dm_auth_message_processor.h" #include "dm_auth_state.h" +#include "ffrt.h" #include "json_object.h" namespace OHOS { @@ -623,6 +626,29 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } +std::string GenerateCertificate(std::shared_ptr context) +{ +#ifdef DEVICE_MANAGER_COMMON_FLAG + if (context == nullptr) { + LOGE("context_ is nullptr!"); + return ""; + } + context->accesser.isCommonFlag = true; + LOGI("open device do not generate cert!"); + return ""; +#else + DmCertChain dmCertChain; + int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); + if (certRet != DM_OK) { + LOGE("generate cert fail, certRet = %{public}d", certRet); + return ""; + } + std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); + return cert; +#endif +} + int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId &targetId, const std::map &bindParam, int sessionId, uint64_t logicalSessionId) { @@ -670,6 +696,8 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & context_->logicalSessionId = logicalSessionId; context_->requestId = static_cast(logicalSessionId); context_->authStateMachine->TransitionTo(std::make_shared()); + // generate cert sync + ffrt::submit([=]() { context_->accesser.cert = GenerateCertificate(context_);}); info = { .funcName = "BindTarget" }; info.channelId = sessionId; DmRadarHelper::GetInstance().ReportAuthSendRequest(info); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 4bada104f..4c37d6168 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -26,6 +26,7 @@ #include "dm_constants.h" #include "dm_log.h" #include "deviceprofile_connector.h" +#include "ffrt.h" #include "hichain_auth_connector.h" #include "multiple_user_connector.h" @@ -37,8 +38,8 @@ namespace { // tag in Lowercase, need by hichain tag constexpr const char* TAG_LOWER_DEVICE_ID = "deviceId"; constexpr const char* TAG_LOWER_USER_ID = "userId"; - constexpr const char* DM_AUTH_CREDENTIAL_OWNER = "DM"; +const int32_t GENERATE_CERT_TIMEOUT = 100; // 100ms // decrypt process int32_t g_authCredentialTransmitDecryptProcess(std::shared_ptr context, DmEventType event) @@ -138,7 +139,9 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); if (GetSessionKey(context)) { DerivativeSessionKey(context); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_REQ_DATA_SYNC, context); return DM_OK; } @@ -182,11 +185,15 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co return ret; } SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } else { // Non-first-time authentication transport credential process DerivativeSessionKey(context); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } return SendCredentialAuthMessage(context, msgType); @@ -609,8 +616,8 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // Delete temporary credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; @@ -636,14 +643,98 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // Delete temporary transport credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, context); LOGI("AuthSinkCredentialExchangeState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } +DmAuthStateType AuthSrcSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; +} + +// receive 151 message +int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSrcSKDeriveState::Action start."); + // First authentication lnn cred + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + // send 180 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); + LOGI("AuthSrcSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +DmAuthStateType AuthSinkSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; +} + +// receive 141 message +int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSinkSKDeriveState::Action start."); + // First authentication lnn cred + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); + // send 151 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); + LOGI("AuthSinkSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() { return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; @@ -673,8 +764,8 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } - // Delete temporary lnn credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary lnn credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; @@ -694,8 +785,8 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } - // Delete temporary transport credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } // Transport credential authentication @@ -710,8 +801,12 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGE("AuthSrcCredentialAuthStartState::Action failed, ON_TRANSMIT event not arrived."); return ERR_DM_FAILED; } - - std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); + std::string message = ""; + if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) { + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context); + } else { + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); + } LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 3ff2a9174..070111f84 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -470,6 +470,8 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() &DmAuthMessageProcessor::CreateMessageRespPinAuthNegotiate}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageReqCredExchange}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageReqSKDerive}, + {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageRspSKDerive}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::CreateMessageReqCredAuthStart}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::CreateCredentialNegotiateMessage}, @@ -493,6 +495,8 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() &DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageReqCredExchange}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageReqSKDerive}, + {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageRspSKDerive}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseAuthStartMessage}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, @@ -662,6 +666,7 @@ int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &js return DM_OK; } +// parse 150 int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context) { @@ -708,6 +713,68 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js return DM_OK; } +// parse 141 +int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + // First authentication, parse lnn public key + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast(USER)) { + if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accesser.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get(); + } + if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accesser.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// parse 151 +int32_t DmAuthMessageProcessor::ParseMessageRspSKDerive(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + // First authentication, parse lnn public key + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast(USER)) { + if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accessee.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get(); + } + if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accessee.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + int32_t DmAuthMessageProcessor::ParseProxyCredExchangeToSync(std::shared_ptr &context, JsonObject &jsonObject) { @@ -957,6 +1024,48 @@ int32_t DmAuthMessageProcessor::CreateProxyCredExchangeMessage(std::shared_ptr context, + JsonObject &jsonObject) +{ + JsonObject jsonData; + jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accesser.transmitCredentialId; + // First certification + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast(USER)) { + jsonData[TAG_LNN_CREDENTIAL_ID] = context->accesser.lnnCredentialId; + } + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[TAG_DATA] = cipherText; + return ret; +} + +// Create 151 message. +int32_t DmAuthMessageProcessor::CreateMessageRspSKDerive(std::shared_ptr context, + JsonObject &jsonObject) +{ + JsonObject jsonData; + jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accessee.transmitCredentialId; + // First certification + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast(USER)) { + jsonData[TAG_LNN_CREDENTIAL_ID] = context->accessee.lnnCredentialId; + } + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[TAG_DATA] = cipherText; + return ret; +} + // Create 160 message. int32_t DmAuthMessageProcessor::CreateMessageReqCredAuthStart(std::shared_ptr context, JsonObject &jsonObject) diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index 231bf6690..90e516e45 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -90,22 +90,18 @@ void DmAuthStateMachine::InsertSrcTransTable() DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, }}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE}}, - + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, + DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, + }}, + {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE}}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE,{DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE}}, {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, - {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} }); - InsertUltrasonicSrcTransTable(); - return; } @@ -177,7 +173,9 @@ void DmAuthStateMachine::InsertSinkTransTable() }}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_EXCHANGE_STATE, { DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, + DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, }}, + {DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE}}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, { DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, }}, @@ -186,9 +184,7 @@ void DmAuthStateMachine::InsertSinkTransTable() {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} }); - InsertUltrasonicSinkTransTable(); - return; } -- Gitee From e5ac2d8d8079e0e1468bfd23bb7f2365d8c3be9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:11:16 +0800 Subject: [PATCH 02/18] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/include/authentication_v2/dm_auth_state.h | 1 - 1 file changed, 1 deletion(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 1cee3385c..86662bad6 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -481,7 +481,6 @@ public: int32_t DerivativeSessionKey(std::shared_ptr context); int32_t DerivativeProxySessionKey(std::shared_ptr context); private: - std::string GenerateCertificate(std::shared_ptr context); std::mutex certCVMtx_; std::condition_variable certCV_; }; -- Gitee From 43f0cd540e317b6700592479234a07ac26effa3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:32:33 +0800 Subject: [PATCH 03/18] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../auth_stages/auth_credential.cpp | 44 +++---------------- 1 file changed, 7 insertions(+), 37 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 4c37d6168..820aa2a5e 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -111,29 +111,6 @@ DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE; } -std::string AuthSrcCredentialAuthDoneState::GenerateCertificate(std::shared_ptr context) -{ -#ifdef DEVICE_MANAGER_COMMON_FLAG - if (context == nullptr) { - LOGE("context_ is nullptr!"); - return ""; - } - context->accesser.isCommonFlag = true; - LOGI("open device do not generate cert!"); - return ""; -#else - DmCertChain dmCertChain; - int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); - if (certRet != DM_OK) { - LOGE("generate cert fail, certRet = %{public}d", certRet); - return ""; - } - std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); - AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); - return cert; -#endif -} - int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); @@ -746,12 +723,10 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c int32_t ret = ERR_DM_FAILED; std::string tmpCredId = ""; int32_t osAccountId = context->accesser.userId; - if (context == nullptr || context->hiChainAuthConnector == nullptr || context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { return ret; } - if (IsNeedAgreeCredential(context)) { // First authentication if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { @@ -763,18 +738,15 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); return ret; } - // Delete temporary lnn credentials sync ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } - DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { authorizedScope = DM_AUTH_SCOPE_APP; } else if (context->accesser.bindLevel == USER) { authorizedScope = DM_AUTH_SCOPE_USER; } - // Agree transport credentials and public key tmpCredId = context->accesser.transmitCredentialId; ret = AgreeCredential(authorizedScope, context); @@ -784,11 +756,15 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); return ret; } - // Delete temporary transport credentials sync ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } - + // compareVersion send 141 + std::string message = ""; + if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) { + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); + } // Transport credential authentication ret = context->hiChainAuthConnector->AuthCredential(osAccountId, context->requestId, context->accesser.transmitCredentialId, std::string("")); @@ -796,17 +772,11 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGE("AuthSrcCredentialAuthStartState::Action failed, auth app cred failed."); return ret; } - if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthStartState::Action failed, ON_TRANSMIT event not arrived."); return ERR_DM_FAILED; } - std::string message = ""; - if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) { - message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context); - } else { - message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); - } + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } -- Gitee From 218f3d57159bbd7acd781174df404460230fc585 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:41:05 +0800 Subject: [PATCH 04/18] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 99e922168..c9fa7051e 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -626,7 +626,7 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } -std::string GenerateCertificate(std::shared_ptr context) +void GenerateCertificate(std::shared_ptr context) { #ifdef DEVICE_MANAGER_COMMON_FLAG if (context == nullptr) { @@ -697,7 +697,7 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & context_->requestId = static_cast(logicalSessionId); context_->authStateMachine->TransitionTo(std::make_shared()); // generate cert sync - ffrt::submit([=]() { context_->accesser.cert = GenerateCertificate(context_);}); + ffrt::submit([=]() { GenerateCertificate(context_);}); info = { .funcName = "BindTarget" }; info.channelId = sessionId; DmRadarHelper::GetInstance().ReportAuthSendRequest(info); -- Gitee From e7c3b9aa3f2bc8e2c924abb4df14cd8f458b84cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:41:34 +0800 Subject: [PATCH 05/18] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c9fa7051e..087105349 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -635,7 +635,8 @@ void GenerateCertificate(std::shared_ptr context) } context->accesser.isCommonFlag = true; LOGI("open device do not generate cert!"); - return ""; + context_->accesser.cert = "common"; + return ; #else DmCertChain dmCertChain; int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); @@ -643,9 +644,9 @@ void GenerateCertificate(std::shared_ptr context) LOGE("generate cert fail, certRet = %{public}d", certRet); return ""; } - std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + context_->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); - return cert; + return ; #endif } -- Gitee From ea694e71904764298550ea0098b254e7514df971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:49:40 +0800 Subject: [PATCH 06/18] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../src/authentication_v2/dm_auth_message_processor.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 070111f84..b1cc17926 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -738,7 +738,7 @@ int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonOb if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); return ERR_DM_FAILED; - } + } context->accesser.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); context->authStateMachine->TransitionTo(std::make_shared()); return DM_OK; -- Gitee From 75f36e28385a912e2a4796f2dd4a91d0a5a8d760 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 11:31:51 +0800 Subject: [PATCH 07/18] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- common/src/dm_constants.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index 76947642e..491808f15 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -185,7 +185,7 @@ const char* DM_VERSION_5_0_5 = "5.0.5"; const char* DM_VERSION_5_1_0 = "5.1.0"; const char* DM_VERSION_5_1_1 = "5.1.1"; const char* DM_VERSION_5_1_2 = "5.1.2"; -const char* DM_VERSION_5_1_2 = "5.1.3"; +const char* DM_VERSION_5_1_3 = "5.1.3"; const char* DM_CURRENT_VERSION = DM_VERSION_5_1_3; const char* DM_ACL_AGING_VERSION = DM_VERSION_5_1_0; const char* DM_VERSION_5_0_OLD_MAX = "5.0.99"; // Estimated highest version number of the old version -- Gitee From 56913391096749c5ebefb96a8bc4da2fae465b18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 15:22:33 +0800 Subject: [PATCH 08/18] =?UTF-8?q?=E9=9D=99=E6=80=81=E6=A0=BC=E5=BC=8F?= =?UTF-8?q?=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/authentication_v2/dm_auth_state.h | 2 + .../authentication_v2/dm_auth_state_machine.h | 2 + .../auth_stages/auth_credential.cpp | 79 ++++++++++--------- .../dm_auth_message_processor.cpp | 16 +++- .../dm_auth_state_machine.cpp | 63 ++++++++++----- 5 files changed, 101 insertions(+), 61 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 86662bad6..a05978f77 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -463,6 +463,8 @@ public: virtual ~AuthSrcCredentialAuthStartState() {}; DmAuthStateType GetStateType() override; int32_t Action(std::shared_ptr context) override; +private: + void AgreeAndDeleteCredential(std::shared_ptr context); }; class AuthSrcCredentialAuthNegotiateState : public DmAuthState { diff --git a/services/implementation/include/authentication_v2/dm_auth_state_machine.h b/services/implementation/include/authentication_v2/dm_auth_state_machine.h index 03a0d83dd..48288a3a3 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state_machine.h +++ b/services/implementation/include/authentication_v2/dm_auth_state_machine.h @@ -81,6 +81,8 @@ private: void InsertSinkTransTable(); void InsertUltrasonicSrcTransTable(); void InsertUltrasonicSinkTransTable(); + void InsertCredentialAuthSrcTransTable(); + void InsertCredentialAuthSinkTransTable(); // Fetch the current state and execute it std::optional> FetchAndSetCurState(); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 820aa2a5e..2915a7089 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -127,14 +127,12 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co if (ret != DM_OK) { return ret; } - // Authentication completion triggers the Onfinish callback event. if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) { LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed"); return ERR_DM_FAILED; } DmMessageType msgType; - // first time joinLnn, auth lnnCredential if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false && context->accesser.bindLevel != USER) { @@ -147,7 +145,6 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth credentail failed"); return ret; } - // wait for onTransmit event if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthDoneState::Action failed, ON_TRANSMIT event not arrived."); @@ -645,7 +642,7 @@ int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); return ret; } context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); @@ -658,7 +655,7 @@ int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); return ret; } context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); @@ -687,7 +684,7 @@ int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); return ret; } context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); @@ -700,7 +697,7 @@ int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); return ret; } context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); @@ -717,6 +714,43 @@ DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; } +void AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr context) +{ + if (context == nullptr || context->hiChainAuthConnector == nullptr) { + return ; + } + // First authentication + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + // Agree lnn credentials and public key + tmpCredId = context->accesser.lnnCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); + return ret; + } + // Delete temporary lnn credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + } + DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; + if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { + authorizedScope = DM_AUTH_SCOPE_APP; + } else if (context->accesser.bindLevel == USER) { + authorizedScope = DM_AUTH_SCOPE_USER; + } + // Agree transport credentials and public key + tmpCredId = context->accesser.transmitCredentialId; + ret = AgreeCredential(authorizedScope, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, ""); + LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); + return ret; + } + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); +} + int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr context) { LOGI("AuthSrcCredentialAuthStartState::Action start."); @@ -728,36 +762,7 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } if (IsNeedAgreeCredential(context)) { - // First authentication - if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { - // Agree lnn credentials and public key - tmpCredId = context->accesser.lnnCredentialId; - ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context); - if (ret != DM_OK) { - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); - return ret; - } - // Delete temporary lnn credentials sync - ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); - } - DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; - if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { - authorizedScope = DM_AUTH_SCOPE_APP; - } else if (context->accesser.bindLevel == USER) { - authorizedScope = DM_AUTH_SCOPE_USER; - } - // Agree transport credentials and public key - tmpCredId = context->accesser.transmitCredentialId; - ret = AgreeCredential(authorizedScope, context); - if (ret != DM_OK) { - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, ""); - LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); - return ret; - } - // Delete temporary transport credentials sync - ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + AgreeAndDeleteCredential(context); } // compareVersion send 141 std::string message = ""; diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index b1cc17926..98f240a44 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -454,10 +454,8 @@ int32_t DmAuthMessageProcessor::PutProxyAccessControlList(std::shared_ptr(); createMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateNegotiateMessage}, {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateRespNegotiateMessage}, @@ -483,6 +481,10 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, }; +} + +void ConstructparaseMessageFuncMap() +{ paraseMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseNegotiateMessage}, {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageRespAclNegotiate}, @@ -507,6 +509,14 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::ParseMessageSinkFinish}, {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::ParseMessageSrcFinish}, }; +} + +DmAuthMessageProcessor::DmAuthMessageProcessor() +{ + LOGI("DmAuthMessageProcessor constructor"); + cryptoMgr_ = std::make_shared(); + ConstructCreateMessageFunMap(); + ConstructparaseMessageFuncMap(); DmAuthUltrasonicMessageProcessor(); } diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index 90e516e45..c45406d12 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -73,6 +73,22 @@ void DmAuthStateMachine::InsertSrcTransTable() {DmAuthStateType::AUTH_SRC_PIN_INPUT_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, + }}, + {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, + {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} + }); + InsertCredentialAuthSrcTransTable(); + InsertUltrasonicSrcTransTable(); + return; +} + +void DmAuthStateMachine::InsertCredentialAuthSrcTransTable() +{ + stateTransitionTable_.insert({ {DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_MSG_NEGOTIATE_STATE, DmAuthStateType::AUTH_SRC_PIN_NEGOTIATE_START_STATE, @@ -85,26 +101,23 @@ void DmAuthStateMachine::InsertSrcTransTable() DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, DmAuthStateType::AUTH_SRC_PIN_NEGOTIATE_START_STATE, }}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, { - DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, - DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, - DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, - }}, {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, { DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, }}, - {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE}}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE,{DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE}}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, - {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} + {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, { + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE}}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE + }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, { + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, + }}, }); - InsertUltrasonicSrcTransTable(); - return; } + void DmAuthStateMachine::InsertUltrasonicSrcTransTable() { stateTransitionTable_.insert({ @@ -131,7 +144,6 @@ void DmAuthStateMachine::InsertUltrasonicSrcTransTable() DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }} }); - return; } @@ -156,6 +168,17 @@ void DmAuthStateMachine::InsertSinkTransTable() {DmAuthStateType::AUTH_SINK_PIN_DISPLAY_STATE, { DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE, }}, + {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, + {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} + }); + InsertCredentialAuthSinkTransTable(); + InsertUltrasonicSinkTransTable(); + return; +} + +void DmAuthStateMachine::InsertCredentialAuthSinkTransTable() +{ + stateTransitionTable_.insert({ {DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE, { DmAuthStateType::AUTH_SINK_PIN_AUTH_MSG_NEGOTIATE_STATE, DmAuthStateType::AUTH_SINK_PIN_NEGOTIATE_START_STATE, @@ -177,15 +200,13 @@ void DmAuthStateMachine::InsertSinkTransTable() }}, {DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE}}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, { - DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, + DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE + }}, + {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, { + DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE }}, - {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, - {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE}}, - {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, - {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} }); - InsertUltrasonicSinkTransTable(); - return; } void DmAuthStateMachine::InsertUltrasonicSinkTransTable() -- Gitee From 609850d36f888d01c5a598bf615c601e3c26e0ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 15:48:08 +0800 Subject: [PATCH 09/18] =?UTF-8?q?=E9=9D=99=E6=80=81=E5=87=BD=E6=95=B0?= =?UTF-8?q?=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/authentication_v2/dm_auth_state.h | 1 + .../src/authentication_v2/auth_stages/auth_credential.cpp | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index a05978f77..1e2bbd0d9 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -482,6 +482,7 @@ public: int32_t SendCredentialAuthMessage(std::shared_ptr context, DmMessageType &msgType); int32_t DerivativeSessionKey(std::shared_ptr context); int32_t DerivativeProxySessionKey(std::shared_ptr context); + int32_t HandleSrcCredentialAuthDone(std::shared_ptr context); private: std::mutex certCVMtx_; std::condition_variable certCV_; diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 2915a7089..ec2821b20 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -114,6 +114,7 @@ DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType() int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); if (GetSessionKey(context)) { DerivativeSessionKey(context); std::unique_lock cvLock(certCVMtx_); @@ -132,6 +133,13 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed"); return ERR_DM_FAILED; } + return HandleSrcCredentialAuthDone(context); +} + +int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); DmMessageType msgType; // first time joinLnn, auth lnnCredential if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false && -- Gitee From b6dd342ee2fe08b9b9fedd540276c8201a14a821 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:12:32 +0800 Subject: [PATCH 10/18] =?UTF-8?q?=E9=9D=99=E6=80=81=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/authentication_v2/dm_auth_state.h | 2 +- .../auth_stages/auth_credential.cpp | 19 ++++++++++++++++--- .../dm_auth_message_processor.cpp | 8 ++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 1e2bbd0d9..a40cd8bbd 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -464,7 +464,7 @@ public: DmAuthStateType GetStateType() override; int32_t Action(std::shared_ptr context) override; private: - void AgreeAndDeleteCredential(std::shared_ptr context); + int32_t AgreeAndDeleteCredential(std::shared_ptr context); }; class AuthSrcCredentialAuthNegotiateState : public DmAuthState { diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index ec2821b20..e9bbe27f0 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -642,6 +642,11 @@ DmAuthStateType AuthSrcSKDeriveState::GetStateType() int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) { LOGI("AuthSrcSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSrcSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } // First authentication lnn cred if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { int32_t skId = 0; @@ -684,6 +689,11 @@ DmAuthStateType AuthSinkSKDeriveState::GetStateType() int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) { LOGI("AuthSinkSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSinkSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } // First authentication lnn cred if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { int32_t skId = 0; @@ -722,10 +732,10 @@ DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; } -void AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr context) +int32_t AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr context) { if (context == nullptr || context->hiChainAuthConnector == nullptr) { - return ; + return ERR_DM_POINT_NULL; } // First authentication if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { @@ -757,6 +767,7 @@ void AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptrhiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + return DM_OK; } int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr context) @@ -770,7 +781,9 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } if (IsNeedAgreeCredential(context)) { - AgreeAndDeleteCredential(context); + if (AgreeAndDeleteCredential(context) != DM_OK) { + return AgreeAndDeleteCredential(context); + } } // compareVersion send 141 std::string message = ""; diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 98f240a44..a2593b6a8 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -727,6 +727,8 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonObject, std::shared_ptr context) { + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { LOGE("DecodeRequestAuth jsonStr error"); return ERR_DM_FAILED; @@ -758,6 +760,8 @@ int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonOb int32_t DmAuthMessageProcessor::ParseMessageRspSKDerive(const JsonObject &jsonObject, std::shared_ptr context) { + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { LOGE("DecodeRequestAuth jsonStr error"); return ERR_DM_FAILED; @@ -1038,6 +1042,8 @@ int32_t DmAuthMessageProcessor::CreateProxyCredExchangeMessage(std::shared_ptr context, JsonObject &jsonObject) { + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); JsonObject jsonData; jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accesser.transmitCredentialId; // First certification @@ -1059,6 +1065,8 @@ int32_t DmAuthMessageProcessor::CreateMessageReqSKDerive(std::shared_ptr context, JsonObject &jsonObject) { + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); JsonObject jsonData; jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accessee.transmitCredentialId; // First certification -- Gitee From bed0985baac07f42b9009bbd04275d48e70cb701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:17:46 +0800 Subject: [PATCH 11/18] =?UTF-8?q?=E9=9D=99=E6=80=81=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 087105349..c48136889 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -628,15 +628,14 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth void GenerateCertificate(std::shared_ptr context) { -#ifdef DEVICE_MANAGER_COMMON_FLAG if (context == nullptr) { LOGE("context_ is nullptr!"); - return ""; + return; } +#ifdef DEVICE_MANAGER_COMMON_FLAG context->accesser.isCommonFlag = true; LOGI("open device do not generate cert!"); context_->accesser.cert = "common"; - return ; #else DmCertChain dmCertChain; int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); @@ -646,8 +645,8 @@ void GenerateCertificate(std::shared_ptr context) } context_->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); - return ; #endif + return; } int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId &targetId, -- Gitee From c8cf0f376fd2e0a96572f506efe56095a3a8ab64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:20:18 +0800 Subject: [PATCH 12/18] =?UTF-8?q?=E9=9D=99=E6=80=81=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- services/implementation/src/authentication_v2/auth_manager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c48136889..c43072e0f 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -641,7 +641,7 @@ void GenerateCertificate(std::shared_ptr context) int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); if (certRet != DM_OK) { LOGE("generate cert fail, certRet = %{public}d", certRet); - return ""; + return; } context_->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); -- Gitee From 112380f90b0b45688e3144c6a24c842159ac72ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:29:30 +0800 Subject: [PATCH 13/18] check1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../auth_stages/auth_credential.cpp | 94 ------------------- 1 file changed, 94 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index e9bbe27f0..b51183965 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -633,100 +633,6 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } -DmAuthStateType AuthSrcSKDeriveState::GetStateType() -{ - return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; -} - -// receive 151 message -int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) -{ - LOGI("AuthSrcSKDeriveState::Action start."); - if (context == nullptr || - context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { - LOGE("AuthSrcSKDeriveState::Action para is invalid."); - return ERR_DM_POINT_NULL; - } - // First authentication lnn cred - if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { - int32_t skId = 0; - // derive lnn sk - std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); - context->accesser.lnnSessionKeyId = skId; - SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); - } - int32_t skId = 0; - // derive transmit sk - std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); - context->accesser.transmitSessionKeyId = skId; - SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); - // send 180 - std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); - LOGI("AuthSrcSKDeriveState::Action() leave."); - return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); -} - -DmAuthStateType AuthSinkSKDeriveState::GetStateType() -{ - return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; -} - -// receive 141 message -int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) -{ - LOGI("AuthSinkSKDeriveState::Action start."); - if (context == nullptr || - context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { - LOGE("AuthSinkSKDeriveState::Action para is invalid."); - return ERR_DM_POINT_NULL; - } - // First authentication lnn cred - if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { - int32_t skId = 0; - // derive lnn sk - std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); - context->accessee.lnnSessionKeyId = skId; - SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId); - } - int32_t skId = 0; - // derive transmit sk - std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); - context->accessee.transmitSessionKeyId = skId; - SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); - // send 151 - std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); - LOGI("AuthSinkSKDeriveState::Action() leave."); - return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); -} - DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() { return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; -- Gitee From 646c0384a452a4154aac4c2c8c504324e3dfa9b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:31:42 +0800 Subject: [PATCH 14/18] check2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../auth_stages/auth_credential.cpp | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index b51183965..14c7ef63e 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -712,5 +712,99 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } + +DmAuthStateType AuthSrcSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; +} + +// receive 151 message +int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSrcSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSrcSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } + // First authentication lnn cred + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + // send 180 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); + LOGI("AuthSrcSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +DmAuthStateType AuthSinkSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; +} + +// receive 141 message +int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSinkSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSinkSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } + // First authentication lnn cred + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); + // send 151 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); + LOGI("AuthSinkSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} } // namespace DistributedHardware } // namespace OHOS -- Gitee From c93447cb09af54494f0c30e5e59cfb01ceb24b89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:38:44 +0800 Subject: [PATCH 15/18] check4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/authentication_v2/dm_auth_message_processor.h | 4 +++- .../src/authentication_v2/dm_auth_message_processor.cpp | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_message_processor.h b/services/implementation/include/authentication_v2/dm_auth_message_processor.h index 74486482d..6774ecd52 100644 --- a/services/implementation/include/authentication_v2/dm_auth_message_processor.h +++ b/services/implementation/include/authentication_v2/dm_auth_message_processor.h @@ -226,8 +226,10 @@ public: void DmAuthUltrasonicMessageProcessor(); private: + // construct function implementation + void ConstructCreateMessageFunMap(); + void ConstructParaseMessageFuncMap(); // Internal implementations for various message types - // Used to encrypt the synchronization message int32_t EncryptSyncMessage(std::shared_ptr &context, DmAccess &accessSide, std::string &encSyncMsg); int32_t CreateProxyAccessMessage(std::shared_ptr &context, JsonObject &syncMsgJson); diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index a2593b6a8..917aeb437 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -454,7 +454,7 @@ int32_t DmAuthMessageProcessor::PutProxyAccessControlList(std::shared_ptr(); ConstructCreateMessageFunMap(); - ConstructparaseMessageFuncMap(); + ConstructParaseMessageFuncMap(); DmAuthUltrasonicMessageProcessor(); } -- Gitee From a1586ac1c0d859dfd1b4d24769ffc45c288c03b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 17:03:07 +0800 Subject: [PATCH 16/18] check4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../src/authentication_v2/dm_auth_state_machine.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index c45406d12..1bfc7b02d 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -73,11 +73,6 @@ void DmAuthStateMachine::InsertSrcTransTable() {DmAuthStateType::AUTH_SRC_PIN_INPUT_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, { - DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, - DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, - DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, - }}, {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} }); @@ -101,6 +96,11 @@ void DmAuthStateMachine::InsertCredentialAuthSrcTransTable() DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, DmAuthStateType::AUTH_SRC_PIN_NEGOTIATE_START_STATE, }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, + }}, {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, { DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, -- Gitee From 502fd85865760167d42180d9cc99c714152e7bc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 17:33:51 +0800 Subject: [PATCH 17/18] check5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../src/authentication_v2/auth_stages/auth_credential.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 14c7ef63e..891f10b28 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -141,6 +141,7 @@ int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); DmMessageType msgType; + int32_t ret = DM_OK; // first time joinLnn, auth lnnCredential if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false && context->accesser.bindLevel != USER) { -- Gitee From 19d3152de5053ad9356b01e91b48557671d8a869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 18:21:15 +0800 Subject: [PATCH 18/18] check6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 6 +++--- .../src/authentication_v2/auth_stages/auth_credential.cpp | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c43072e0f..968a13ce7 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -629,13 +629,13 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth void GenerateCertificate(std::shared_ptr context) { if (context == nullptr) { - LOGE("context_ is nullptr!"); + LOGE("context is nullptr!"); return; } #ifdef DEVICE_MANAGER_COMMON_FLAG context->accesser.isCommonFlag = true; LOGI("open device do not generate cert!"); - context_->accesser.cert = "common"; + context->accesser.cert = "common"; #else DmCertChain dmCertChain; int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); @@ -643,7 +643,7 @@ void GenerateCertificate(std::shared_ptr context) LOGE("generate cert fail, certRet = %{public}d", certRet); return; } - context_->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + context->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); #endif return; diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 891f10b28..b30e8e9e0 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -644,6 +644,9 @@ int32_t AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_pt if (context == nullptr || context->hiChainAuthConnector == nullptr) { return ERR_DM_POINT_NULL; } + int32_t ret = DM_OK; + std::string tmpCredId = ""; + int32_t osAccountId = context->accesser.userId; // First authentication if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { // Agree lnn credentials and public key @@ -681,7 +684,6 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c { LOGI("AuthSrcCredentialAuthStartState::Action start."); int32_t ret = ERR_DM_FAILED; - std::string tmpCredId = ""; int32_t osAccountId = context->accesser.userId; if (context == nullptr || context->hiChainAuthConnector == nullptr || context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { -- Gitee