From 147def3faa1a0b739a118d9a606fcce977887e4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:09:58 +0800 Subject: [PATCH 01/23] bind optimize MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- common/include/dm_constants.h | 1 + common/src/dm_constants.cpp | 3 +- .../dm_auth_message_processor.h | 10 ++ .../include/authentication_v2/dm_auth_state.h | 18 +++ .../src/authentication_v2/auth_manager.cpp | 28 ++++ .../auth_stages/auth_credential.cpp | 123 ++++++++++++++++-- .../dm_auth_message_processor.cpp | 109 ++++++++++++++++ .../dm_auth_state_machine.cpp | 20 ++- 8 files changed, 285 insertions(+), 27 deletions(-) diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 901a30b7a..ab2bb0595 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -197,6 +197,7 @@ extern const char* DM_VERSION_5_0_5; extern const char* DM_VERSION_5_1_0; extern const char* DM_VERSION_5_1_1; extern const char* DM_VERSION_5_1_2; +extern const char* DM_VERSION_5_1_3; extern const char* DM_CURRENT_VERSION; extern const char* DM_ACL_AGING_VERSION; extern const char* DM_VERSION_5_0_OLD_MAX; // Estimated highest version number of the old version diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index 5a2632e9d..76947642e 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -185,7 +185,8 @@ const char* DM_VERSION_5_0_5 = "5.0.5"; const char* DM_VERSION_5_1_0 = "5.1.0"; const char* DM_VERSION_5_1_1 = "5.1.1"; const char* DM_VERSION_5_1_2 = "5.1.2"; -const char* DM_CURRENT_VERSION = DM_VERSION_5_1_2; +const char* DM_VERSION_5_1_2 = "5.1.3"; +const char* DM_CURRENT_VERSION = DM_VERSION_5_1_3; const char* DM_ACL_AGING_VERSION = DM_VERSION_5_1_0; const char* DM_VERSION_5_0_OLD_MAX = "5.0.99"; // Estimated highest version number of the old version const int32_t DM_HO_OSTYPE = -1; diff --git a/services/implementation/include/authentication_v2/dm_auth_message_processor.h b/services/implementation/include/authentication_v2/dm_auth_message_processor.h index 5192992bd..74486482d 100644 --- a/services/implementation/include/authentication_v2/dm_auth_message_processor.h +++ b/services/implementation/include/authentication_v2/dm_auth_message_processor.h @@ -115,6 +115,8 @@ enum DmMessageType { MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE = 131, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE = 140, MSG_TYPE_RESP_CREDENTIAL_EXCHANGE = 150, + MSG_TYPE_REQ_SK_DERIVE = 141, + MSG_TYPE_RESP_SK_DERIVE = 151, MSG_TYPE_REQ_CREDENTIAL_AUTH_START = 160, MSG_TYPE_RESP_CREDENTIAL_AUTH_START = 170, MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE = 161, @@ -257,6 +259,10 @@ private: // Parse the 150 message int32_t ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context); int32_t ParseProxyCredExchangeToSync(std::shared_ptr &context, JsonObject &jsonObject); + // Parse the 141 message + int32_t ParseMessageReqSKDerive(const JsonObject &jsonObject, std::shared_ptr context); + // Parse the 151 message + int32_t ParseMessageRspSKDerive(const JsonObject &jsonObject, std::shared_ptr context); // Parse the 161, 170, and 171 messages int32_t ParseMessageNegotiateTransmit(const JsonObject &jsonObject, std::shared_ptr context); // Parse the 180 message @@ -301,6 +307,10 @@ private: // Create the 150 message int32_t CreateMessageRspCredExchange(std::shared_ptr context, JsonObject &jsonObject); int32_t CreateProxyCredExchangeMessage(std::shared_ptr &context, JsonObject &jsonData); + // Create 141 message. + int32_t CreateMessageReqSKDerive(std::shared_ptr context, JsonObject &jsonObject); + // Create 151 message. + int32_t CreateMessageRspSKDerive(std::shared_ptr context, JsonObject &jsonObject); // Create the 160 message int32_t CreateMessageReqCredAuthStart(std::shared_ptr context, JsonObject &jsonObject); // Construct the 161, 170, and 171 credential authentication messages diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 8e948a666..1cee3385c 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -58,6 +58,7 @@ enum class DmAuthStateType { AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE = 16, // Received 170 credential authentication message, sent 161 message AUTH_SRC_DATA_SYNC_STATE = 17, // Received 190 message, sent 200 message AUTH_SRC_FINISH_STATE = 18, // Received 201 message + AUTH_SRC_SK_DERIVE_STATE = 19, // Received 151 message // sink end state AUTH_SINK_START_STATE = 50, // Bus trigger OnSessionOpened @@ -77,6 +78,7 @@ enum class DmAuthStateType { AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE = 64, // Received 161 credential negotiation message, AUTH_SINK_DATA_SYNC_STATE = 65, // Received 180 synchronization message, send 190 message AUTH_SINK_FINISH_STATE = 66, // Received 200 end message, send 201 message + AUTH_SINK_SK_DERIVE_STATE = 67, // Received 141 message }; // Credential Addition Method @@ -442,6 +444,20 @@ public: int32_t Action(std::shared_ptr context) override; }; +class AuthSrcSKDeriveState : public DmAuthState { +public: + virtual ~AuthSrcSKDeriveState() {}; + DmAuthStateType GetStateType() override; + int32_t Action(std::shared_ptr context) override; +}; + +class AuthSinkSKDeriveState : public DmAuthState { +public: + virtual ~AuthSinkSKDeriveState() {}; + DmAuthStateType GetStateType() override; + int32_t Action(std::shared_ptr context) override; +}; + class AuthSrcCredentialAuthStartState : public AuthCredentialAgreeState { public: virtual ~AuthSrcCredentialAuthStartState() {}; @@ -466,6 +482,8 @@ public: int32_t DerivativeProxySessionKey(std::shared_ptr context); private: std::string GenerateCertificate(std::shared_ptr context); + std::mutex certCVMtx_; + std::condition_variable certCV_; }; class AuthSinkCredentialAuthStartState : public DmAuthState { diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c6cf3ff0b..99e922168 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -26,6 +26,8 @@ #include "multiple_user_connector.h" #include "auth_manager.h" +#include "dm_auth_attest_common.h" +#include "dm_auth_cert.h" #include "dm_constants.h" #include "dm_crypto.h" #include "dm_random.h" @@ -38,6 +40,7 @@ #include "dm_auth_context.h" #include "dm_auth_message_processor.h" #include "dm_auth_state.h" +#include "ffrt.h" #include "json_object.h" namespace OHOS { @@ -623,6 +626,29 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } +std::string GenerateCertificate(std::shared_ptr context) +{ +#ifdef DEVICE_MANAGER_COMMON_FLAG + if (context == nullptr) { + LOGE("context_ is nullptr!"); + return ""; + } + context->accesser.isCommonFlag = true; + LOGI("open device do not generate cert!"); + return ""; +#else + DmCertChain dmCertChain; + int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); + if (certRet != DM_OK) { + LOGE("generate cert fail, certRet = %{public}d", certRet); + return ""; + } + std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); + return cert; +#endif +} + int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId &targetId, const std::map &bindParam, int sessionId, uint64_t logicalSessionId) { @@ -670,6 +696,8 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & context_->logicalSessionId = logicalSessionId; context_->requestId = static_cast(logicalSessionId); context_->authStateMachine->TransitionTo(std::make_shared()); + // generate cert sync + ffrt::submit([=]() { context_->accesser.cert = GenerateCertificate(context_);}); info = { .funcName = "BindTarget" }; info.channelId = sessionId; DmRadarHelper::GetInstance().ReportAuthSendRequest(info); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 4bada104f..4c37d6168 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -26,6 +26,7 @@ #include "dm_constants.h" #include "dm_log.h" #include "deviceprofile_connector.h" +#include "ffrt.h" #include "hichain_auth_connector.h" #include "multiple_user_connector.h" @@ -37,8 +38,8 @@ namespace { // tag in Lowercase, need by hichain tag constexpr const char* TAG_LOWER_DEVICE_ID = "deviceId"; constexpr const char* TAG_LOWER_USER_ID = "userId"; - constexpr const char* DM_AUTH_CREDENTIAL_OWNER = "DM"; +const int32_t GENERATE_CERT_TIMEOUT = 100; // 100ms // decrypt process int32_t g_authCredentialTransmitDecryptProcess(std::shared_ptr context, DmEventType event) @@ -138,7 +139,9 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); if (GetSessionKey(context)) { DerivativeSessionKey(context); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_REQ_DATA_SYNC, context); return DM_OK; } @@ -182,11 +185,15 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co return ret; } SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } else { // Non-first-time authentication transport credential process DerivativeSessionKey(context); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } return SendCredentialAuthMessage(context, msgType); @@ -609,8 +616,8 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // Delete temporary credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; @@ -636,14 +643,98 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // Delete temporary transport credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, context); LOGI("AuthSinkCredentialExchangeState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } +DmAuthStateType AuthSrcSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; +} + +// receive 151 message +int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSrcSKDeriveState::Action start."); + // First authentication lnn cred + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + // send 180 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); + LOGI("AuthSrcSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +DmAuthStateType AuthSinkSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; +} + +// receive 141 message +int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSinkSKDeriveState::Action start."); + // First authentication lnn cred + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); + // send 151 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); + LOGI("AuthSinkSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() { return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; @@ -673,8 +764,8 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } - // Delete temporary lnn credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary lnn credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; @@ -694,8 +785,8 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } - // Delete temporary transport credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } // Transport credential authentication @@ -710,8 +801,12 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGE("AuthSrcCredentialAuthStartState::Action failed, ON_TRANSMIT event not arrived."); return ERR_DM_FAILED; } - - std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); + std::string message = ""; + if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) { + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context); + } else { + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); + } LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 3ff2a9174..070111f84 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -470,6 +470,8 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() &DmAuthMessageProcessor::CreateMessageRespPinAuthNegotiate}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageReqCredExchange}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageReqSKDerive}, + {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageRspSKDerive}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::CreateMessageReqCredAuthStart}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::CreateCredentialNegotiateMessage}, @@ -493,6 +495,8 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() &DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageReqCredExchange}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageReqSKDerive}, + {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageRspSKDerive}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseAuthStartMessage}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, @@ -662,6 +666,7 @@ int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &js return DM_OK; } +// parse 150 int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context) { @@ -708,6 +713,68 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js return DM_OK; } +// parse 141 +int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + // First authentication, parse lnn public key + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast(USER)) { + if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accesser.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get(); + } + if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accesser.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// parse 151 +int32_t DmAuthMessageProcessor::ParseMessageRspSKDerive(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + // First authentication, parse lnn public key + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast(USER)) { + if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accessee.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get(); + } + if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accessee.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + int32_t DmAuthMessageProcessor::ParseProxyCredExchangeToSync(std::shared_ptr &context, JsonObject &jsonObject) { @@ -957,6 +1024,48 @@ int32_t DmAuthMessageProcessor::CreateProxyCredExchangeMessage(std::shared_ptr context, + JsonObject &jsonObject) +{ + JsonObject jsonData; + jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accesser.transmitCredentialId; + // First certification + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast(USER)) { + jsonData[TAG_LNN_CREDENTIAL_ID] = context->accesser.lnnCredentialId; + } + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[TAG_DATA] = cipherText; + return ret; +} + +// Create 151 message. +int32_t DmAuthMessageProcessor::CreateMessageRspSKDerive(std::shared_ptr context, + JsonObject &jsonObject) +{ + JsonObject jsonData; + jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accessee.transmitCredentialId; + // First certification + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast(USER)) { + jsonData[TAG_LNN_CREDENTIAL_ID] = context->accessee.lnnCredentialId; + } + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[TAG_DATA] = cipherText; + return ret; +} + // Create 160 message. int32_t DmAuthMessageProcessor::CreateMessageReqCredAuthStart(std::shared_ptr context, JsonObject &jsonObject) diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index 231bf6690..90e516e45 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -90,22 +90,18 @@ void DmAuthStateMachine::InsertSrcTransTable() DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, }}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE}}, - + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, + DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, + }}, + {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE}}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE,{DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE}}, {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, - {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} }); - InsertUltrasonicSrcTransTable(); - return; } @@ -177,7 +173,9 @@ void DmAuthStateMachine::InsertSinkTransTable() }}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_EXCHANGE_STATE, { DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, + DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, }}, + {DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE}}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, { DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, }}, @@ -186,9 +184,7 @@ void DmAuthStateMachine::InsertSinkTransTable() {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} }); - InsertUltrasonicSinkTransTable(); - return; } -- Gitee From e5ac2d8d8079e0e1468bfd23bb7f2365d8c3be9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:11:16 +0800 Subject: [PATCH 02/23] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/include/authentication_v2/dm_auth_state.h | 1 - 1 file changed, 1 deletion(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 1cee3385c..86662bad6 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -481,7 +481,6 @@ public: int32_t DerivativeSessionKey(std::shared_ptr context); int32_t DerivativeProxySessionKey(std::shared_ptr context); private: - std::string GenerateCertificate(std::shared_ptr context); std::mutex certCVMtx_; std::condition_variable certCV_; }; -- Gitee From 43f0cd540e317b6700592479234a07ac26effa3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:32:33 +0800 Subject: [PATCH 03/23] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../auth_stages/auth_credential.cpp | 44 +++---------------- 1 file changed, 7 insertions(+), 37 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 4c37d6168..820aa2a5e 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -111,29 +111,6 @@ DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE; } -std::string AuthSrcCredentialAuthDoneState::GenerateCertificate(std::shared_ptr context) -{ -#ifdef DEVICE_MANAGER_COMMON_FLAG - if (context == nullptr) { - LOGE("context_ is nullptr!"); - return ""; - } - context->accesser.isCommonFlag = true; - LOGI("open device do not generate cert!"); - return ""; -#else - DmCertChain dmCertChain; - int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); - if (certRet != DM_OK) { - LOGE("generate cert fail, certRet = %{public}d", certRet); - return ""; - } - std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); - AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); - return cert; -#endif -} - int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); @@ -746,12 +723,10 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c int32_t ret = ERR_DM_FAILED; std::string tmpCredId = ""; int32_t osAccountId = context->accesser.userId; - if (context == nullptr || context->hiChainAuthConnector == nullptr || context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { return ret; } - if (IsNeedAgreeCredential(context)) { // First authentication if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { @@ -763,18 +738,15 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); return ret; } - // Delete temporary lnn credentials sync ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } - DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { authorizedScope = DM_AUTH_SCOPE_APP; } else if (context->accesser.bindLevel == USER) { authorizedScope = DM_AUTH_SCOPE_USER; } - // Agree transport credentials and public key tmpCredId = context->accesser.transmitCredentialId; ret = AgreeCredential(authorizedScope, context); @@ -784,11 +756,15 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); return ret; } - // Delete temporary transport credentials sync ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } - + // compareVersion send 141 + std::string message = ""; + if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) { + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); + } // Transport credential authentication ret = context->hiChainAuthConnector->AuthCredential(osAccountId, context->requestId, context->accesser.transmitCredentialId, std::string("")); @@ -796,17 +772,11 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGE("AuthSrcCredentialAuthStartState::Action failed, auth app cred failed."); return ret; } - if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthStartState::Action failed, ON_TRANSMIT event not arrived."); return ERR_DM_FAILED; } - std::string message = ""; - if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) { - message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context); - } else { - message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); - } + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } -- Gitee From 218f3d57159bbd7acd781174df404460230fc585 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:41:05 +0800 Subject: [PATCH 04/23] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 99e922168..c9fa7051e 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -626,7 +626,7 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } -std::string GenerateCertificate(std::shared_ptr context) +void GenerateCertificate(std::shared_ptr context) { #ifdef DEVICE_MANAGER_COMMON_FLAG if (context == nullptr) { @@ -697,7 +697,7 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & context_->requestId = static_cast(logicalSessionId); context_->authStateMachine->TransitionTo(std::make_shared()); // generate cert sync - ffrt::submit([=]() { context_->accesser.cert = GenerateCertificate(context_);}); + ffrt::submit([=]() { GenerateCertificate(context_);}); info = { .funcName = "BindTarget" }; info.channelId = sessionId; DmRadarHelper::GetInstance().ReportAuthSendRequest(info); -- Gitee From e7c3b9aa3f2bc8e2c924abb4df14cd8f458b84cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:41:34 +0800 Subject: [PATCH 05/23] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c9fa7051e..087105349 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -635,7 +635,8 @@ void GenerateCertificate(std::shared_ptr context) } context->accesser.isCommonFlag = true; LOGI("open device do not generate cert!"); - return ""; + context_->accesser.cert = "common"; + return ; #else DmCertChain dmCertChain; int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); @@ -643,9 +644,9 @@ void GenerateCertificate(std::shared_ptr context) LOGE("generate cert fail, certRet = %{public}d", certRet); return ""; } - std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + context_->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); - return cert; + return ; #endif } -- Gitee From ea694e71904764298550ea0098b254e7514df971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sat, 12 Jul 2025 18:49:40 +0800 Subject: [PATCH 06/23] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../src/authentication_v2/dm_auth_message_processor.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 070111f84..b1cc17926 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -738,7 +738,7 @@ int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonOb if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); return ERR_DM_FAILED; - } + } context->accesser.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); context->authStateMachine->TransitionTo(std::make_shared()); return DM_OK; -- Gitee From 75f36e28385a912e2a4796f2dd4a91d0a5a8d760 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 11:31:51 +0800 Subject: [PATCH 07/23] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- common/src/dm_constants.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index 76947642e..491808f15 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -185,7 +185,7 @@ const char* DM_VERSION_5_0_5 = "5.0.5"; const char* DM_VERSION_5_1_0 = "5.1.0"; const char* DM_VERSION_5_1_1 = "5.1.1"; const char* DM_VERSION_5_1_2 = "5.1.2"; -const char* DM_VERSION_5_1_2 = "5.1.3"; +const char* DM_VERSION_5_1_3 = "5.1.3"; const char* DM_CURRENT_VERSION = DM_VERSION_5_1_3; const char* DM_ACL_AGING_VERSION = DM_VERSION_5_1_0; const char* DM_VERSION_5_0_OLD_MAX = "5.0.99"; // Estimated highest version number of the old version -- Gitee From 56913391096749c5ebefb96a8bc4da2fae465b18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 15:22:33 +0800 Subject: [PATCH 08/23] =?UTF-8?q?=E9=9D=99=E6=80=81=E6=A0=BC=E5=BC=8F?= =?UTF-8?q?=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/authentication_v2/dm_auth_state.h | 2 + .../authentication_v2/dm_auth_state_machine.h | 2 + .../auth_stages/auth_credential.cpp | 79 ++++++++++--------- .../dm_auth_message_processor.cpp | 16 +++- .../dm_auth_state_machine.cpp | 63 ++++++++++----- 5 files changed, 101 insertions(+), 61 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 86662bad6..a05978f77 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -463,6 +463,8 @@ public: virtual ~AuthSrcCredentialAuthStartState() {}; DmAuthStateType GetStateType() override; int32_t Action(std::shared_ptr context) override; +private: + void AgreeAndDeleteCredential(std::shared_ptr context); }; class AuthSrcCredentialAuthNegotiateState : public DmAuthState { diff --git a/services/implementation/include/authentication_v2/dm_auth_state_machine.h b/services/implementation/include/authentication_v2/dm_auth_state_machine.h index 03a0d83dd..48288a3a3 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state_machine.h +++ b/services/implementation/include/authentication_v2/dm_auth_state_machine.h @@ -81,6 +81,8 @@ private: void InsertSinkTransTable(); void InsertUltrasonicSrcTransTable(); void InsertUltrasonicSinkTransTable(); + void InsertCredentialAuthSrcTransTable(); + void InsertCredentialAuthSinkTransTable(); // Fetch the current state and execute it std::optional> FetchAndSetCurState(); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 820aa2a5e..2915a7089 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -127,14 +127,12 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co if (ret != DM_OK) { return ret; } - // Authentication completion triggers the Onfinish callback event. if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) { LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed"); return ERR_DM_FAILED; } DmMessageType msgType; - // first time joinLnn, auth lnnCredential if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false && context->accesser.bindLevel != USER) { @@ -147,7 +145,6 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth credentail failed"); return ret; } - // wait for onTransmit event if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthDoneState::Action failed, ON_TRANSMIT event not arrived."); @@ -645,7 +642,7 @@ int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); return ret; } context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); @@ -658,7 +655,7 @@ int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); return ret; } context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); @@ -687,7 +684,7 @@ int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); return ret; } context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); @@ -700,7 +697,7 @@ int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); return ret; } context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); @@ -717,6 +714,43 @@ DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; } +void AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr context) +{ + if (context == nullptr || context->hiChainAuthConnector == nullptr) { + return ; + } + // First authentication + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + // Agree lnn credentials and public key + tmpCredId = context->accesser.lnnCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); + return ret; + } + // Delete temporary lnn credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + } + DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; + if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { + authorizedScope = DM_AUTH_SCOPE_APP; + } else if (context->accesser.bindLevel == USER) { + authorizedScope = DM_AUTH_SCOPE_USER; + } + // Agree transport credentials and public key + tmpCredId = context->accesser.transmitCredentialId; + ret = AgreeCredential(authorizedScope, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, ""); + LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); + return ret; + } + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); +} + int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr context) { LOGI("AuthSrcCredentialAuthStartState::Action start."); @@ -728,36 +762,7 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } if (IsNeedAgreeCredential(context)) { - // First authentication - if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { - // Agree lnn credentials and public key - tmpCredId = context->accesser.lnnCredentialId; - ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context); - if (ret != DM_OK) { - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); - return ret; - } - // Delete temporary lnn credentials sync - ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); - } - DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; - if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { - authorizedScope = DM_AUTH_SCOPE_APP; - } else if (context->accesser.bindLevel == USER) { - authorizedScope = DM_AUTH_SCOPE_USER; - } - // Agree transport credentials and public key - tmpCredId = context->accesser.transmitCredentialId; - ret = AgreeCredential(authorizedScope, context); - if (ret != DM_OK) { - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, ""); - LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); - return ret; - } - // Delete temporary transport credentials sync - ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + AgreeAndDeleteCredential(context); } // compareVersion send 141 std::string message = ""; diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index b1cc17926..98f240a44 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -454,10 +454,8 @@ int32_t DmAuthMessageProcessor::PutProxyAccessControlList(std::shared_ptr(); createMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateNegotiateMessage}, {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateRespNegotiateMessage}, @@ -483,6 +481,10 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, }; +} + +void ConstructparaseMessageFuncMap() +{ paraseMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseNegotiateMessage}, {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageRespAclNegotiate}, @@ -507,6 +509,14 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::ParseMessageSinkFinish}, {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::ParseMessageSrcFinish}, }; +} + +DmAuthMessageProcessor::DmAuthMessageProcessor() +{ + LOGI("DmAuthMessageProcessor constructor"); + cryptoMgr_ = std::make_shared(); + ConstructCreateMessageFunMap(); + ConstructparaseMessageFuncMap(); DmAuthUltrasonicMessageProcessor(); } diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index 90e516e45..c45406d12 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -73,6 +73,22 @@ void DmAuthStateMachine::InsertSrcTransTable() {DmAuthStateType::AUTH_SRC_PIN_INPUT_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, + }}, + {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, + {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} + }); + InsertCredentialAuthSrcTransTable(); + InsertUltrasonicSrcTransTable(); + return; +} + +void DmAuthStateMachine::InsertCredentialAuthSrcTransTable() +{ + stateTransitionTable_.insert({ {DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_MSG_NEGOTIATE_STATE, DmAuthStateType::AUTH_SRC_PIN_NEGOTIATE_START_STATE, @@ -85,26 +101,23 @@ void DmAuthStateMachine::InsertSrcTransTable() DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, DmAuthStateType::AUTH_SRC_PIN_NEGOTIATE_START_STATE, }}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, { - DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, - DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, - DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, - }}, {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, { DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, }}, - {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE}}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE,{DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE}}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, - {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} + {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, { + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE}}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE + }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, { + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, + }}, }); - InsertUltrasonicSrcTransTable(); - return; } + void DmAuthStateMachine::InsertUltrasonicSrcTransTable() { stateTransitionTable_.insert({ @@ -131,7 +144,6 @@ void DmAuthStateMachine::InsertUltrasonicSrcTransTable() DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }} }); - return; } @@ -156,6 +168,17 @@ void DmAuthStateMachine::InsertSinkTransTable() {DmAuthStateType::AUTH_SINK_PIN_DISPLAY_STATE, { DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE, }}, + {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, + {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} + }); + InsertCredentialAuthSinkTransTable(); + InsertUltrasonicSinkTransTable(); + return; +} + +void DmAuthStateMachine::InsertCredentialAuthSinkTransTable() +{ + stateTransitionTable_.insert({ {DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE, { DmAuthStateType::AUTH_SINK_PIN_AUTH_MSG_NEGOTIATE_STATE, DmAuthStateType::AUTH_SINK_PIN_NEGOTIATE_START_STATE, @@ -177,15 +200,13 @@ void DmAuthStateMachine::InsertSinkTransTable() }}, {DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE}}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, { - DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, + DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE + }}, + {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, { + DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE }}, - {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, - {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE}}, - {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, - {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} }); - InsertUltrasonicSinkTransTable(); - return; } void DmAuthStateMachine::InsertUltrasonicSinkTransTable() -- Gitee From 609850d36f888d01c5a598bf615c601e3c26e0ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 15:48:08 +0800 Subject: [PATCH 09/23] =?UTF-8?q?=E9=9D=99=E6=80=81=E5=87=BD=E6=95=B0?= =?UTF-8?q?=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/authentication_v2/dm_auth_state.h | 1 + .../src/authentication_v2/auth_stages/auth_credential.cpp | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index a05978f77..1e2bbd0d9 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -482,6 +482,7 @@ public: int32_t SendCredentialAuthMessage(std::shared_ptr context, DmMessageType &msgType); int32_t DerivativeSessionKey(std::shared_ptr context); int32_t DerivativeProxySessionKey(std::shared_ptr context); + int32_t HandleSrcCredentialAuthDone(std::shared_ptr context); private: std::mutex certCVMtx_; std::condition_variable certCV_; diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 2915a7089..ec2821b20 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -114,6 +114,7 @@ DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType() int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); if (GetSessionKey(context)) { DerivativeSessionKey(context); std::unique_lock cvLock(certCVMtx_); @@ -132,6 +133,13 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed"); return ERR_DM_FAILED; } + return HandleSrcCredentialAuthDone(context); +} + +int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); DmMessageType msgType; // first time joinLnn, auth lnnCredential if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false && -- Gitee From b6dd342ee2fe08b9b9fedd540276c8201a14a821 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:12:32 +0800 Subject: [PATCH 10/23] =?UTF-8?q?=E9=9D=99=E6=80=81=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/authentication_v2/dm_auth_state.h | 2 +- .../auth_stages/auth_credential.cpp | 19 ++++++++++++++++--- .../dm_auth_message_processor.cpp | 8 ++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 1e2bbd0d9..a40cd8bbd 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -464,7 +464,7 @@ public: DmAuthStateType GetStateType() override; int32_t Action(std::shared_ptr context) override; private: - void AgreeAndDeleteCredential(std::shared_ptr context); + int32_t AgreeAndDeleteCredential(std::shared_ptr context); }; class AuthSrcCredentialAuthNegotiateState : public DmAuthState { diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index ec2821b20..e9bbe27f0 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -642,6 +642,11 @@ DmAuthStateType AuthSrcSKDeriveState::GetStateType() int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) { LOGI("AuthSrcSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSrcSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } // First authentication lnn cred if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { int32_t skId = 0; @@ -684,6 +689,11 @@ DmAuthStateType AuthSinkSKDeriveState::GetStateType() int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) { LOGI("AuthSinkSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSinkSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } // First authentication lnn cred if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { int32_t skId = 0; @@ -722,10 +732,10 @@ DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; } -void AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr context) +int32_t AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr context) { if (context == nullptr || context->hiChainAuthConnector == nullptr) { - return ; + return ERR_DM_POINT_NULL; } // First authentication if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { @@ -757,6 +767,7 @@ void AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptrhiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + return DM_OK; } int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr context) @@ -770,7 +781,9 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } if (IsNeedAgreeCredential(context)) { - AgreeAndDeleteCredential(context); + if (AgreeAndDeleteCredential(context) != DM_OK) { + return AgreeAndDeleteCredential(context); + } } // compareVersion send 141 std::string message = ""; diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 98f240a44..a2593b6a8 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -727,6 +727,8 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonObject, std::shared_ptr context) { + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { LOGE("DecodeRequestAuth jsonStr error"); return ERR_DM_FAILED; @@ -758,6 +760,8 @@ int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonOb int32_t DmAuthMessageProcessor::ParseMessageRspSKDerive(const JsonObject &jsonObject, std::shared_ptr context) { + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { LOGE("DecodeRequestAuth jsonStr error"); return ERR_DM_FAILED; @@ -1038,6 +1042,8 @@ int32_t DmAuthMessageProcessor::CreateProxyCredExchangeMessage(std::shared_ptr context, JsonObject &jsonObject) { + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); JsonObject jsonData; jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accesser.transmitCredentialId; // First certification @@ -1059,6 +1065,8 @@ int32_t DmAuthMessageProcessor::CreateMessageReqSKDerive(std::shared_ptr context, JsonObject &jsonObject) { + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); JsonObject jsonData; jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accessee.transmitCredentialId; // First certification -- Gitee From bed0985baac07f42b9009bbd04275d48e70cb701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:17:46 +0800 Subject: [PATCH 11/23] =?UTF-8?q?=E9=9D=99=E6=80=81=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 087105349..c48136889 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -628,15 +628,14 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth void GenerateCertificate(std::shared_ptr context) { -#ifdef DEVICE_MANAGER_COMMON_FLAG if (context == nullptr) { LOGE("context_ is nullptr!"); - return ""; + return; } +#ifdef DEVICE_MANAGER_COMMON_FLAG context->accesser.isCommonFlag = true; LOGI("open device do not generate cert!"); context_->accesser.cert = "common"; - return ; #else DmCertChain dmCertChain; int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); @@ -646,8 +645,8 @@ void GenerateCertificate(std::shared_ptr context) } context_->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); - return ; #endif + return; } int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId &targetId, -- Gitee From c8cf0f376fd2e0a96572f506efe56095a3a8ab64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:20:18 +0800 Subject: [PATCH 12/23] =?UTF-8?q?=E9=9D=99=E6=80=81=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- services/implementation/src/authentication_v2/auth_manager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c48136889..c43072e0f 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -641,7 +641,7 @@ void GenerateCertificate(std::shared_ptr context) int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); if (certRet != DM_OK) { LOGE("generate cert fail, certRet = %{public}d", certRet); - return ""; + return; } context_->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); -- Gitee From 112380f90b0b45688e3144c6a24c842159ac72ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:29:30 +0800 Subject: [PATCH 13/23] check1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../auth_stages/auth_credential.cpp | 94 ------------------- 1 file changed, 94 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index e9bbe27f0..b51183965 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -633,100 +633,6 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } -DmAuthStateType AuthSrcSKDeriveState::GetStateType() -{ - return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; -} - -// receive 151 message -int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) -{ - LOGI("AuthSrcSKDeriveState::Action start."); - if (context == nullptr || - context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { - LOGE("AuthSrcSKDeriveState::Action para is invalid."); - return ERR_DM_POINT_NULL; - } - // First authentication lnn cred - if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { - int32_t skId = 0; - // derive lnn sk - std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); - context->accesser.lnnSessionKeyId = skId; - SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); - } - int32_t skId = 0; - // derive transmit sk - std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); - context->accesser.transmitSessionKeyId = skId; - SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); - // send 180 - std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); - LOGI("AuthSrcSKDeriveState::Action() leave."); - return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); -} - -DmAuthStateType AuthSinkSKDeriveState::GetStateType() -{ - return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; -} - -// receive 141 message -int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) -{ - LOGI("AuthSinkSKDeriveState::Action start."); - if (context == nullptr || - context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { - LOGE("AuthSinkSKDeriveState::Action para is invalid."); - return ERR_DM_POINT_NULL; - } - // First authentication lnn cred - if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { - int32_t skId = 0; - // derive lnn sk - std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); - context->accessee.lnnSessionKeyId = skId; - SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId); - } - int32_t skId = 0; - // derive transmit sk - std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); - context->accessee.transmitSessionKeyId = skId; - SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); - // send 151 - std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); - LOGI("AuthSinkSKDeriveState::Action() leave."); - return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); -} - DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() { return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; -- Gitee From 646c0384a452a4154aac4c2c8c504324e3dfa9b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:31:42 +0800 Subject: [PATCH 14/23] check2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../auth_stages/auth_credential.cpp | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index b51183965..14c7ef63e 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -712,5 +712,99 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } + +DmAuthStateType AuthSrcSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; +} + +// receive 151 message +int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSrcSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSrcSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } + // First authentication lnn cred + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + // send 180 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); + LOGI("AuthSrcSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +DmAuthStateType AuthSinkSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; +} + +// receive 141 message +int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSinkSKDeriveState::Action start."); + if (context == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + LOGE("AuthSinkSKDeriveState::Action para is invalid."); + return ERR_DM_POINT_NULL; + } + // First authentication lnn cred + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); + // send 151 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); + LOGI("AuthSinkSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} } // namespace DistributedHardware } // namespace OHOS -- Gitee From c93447cb09af54494f0c30e5e59cfb01ceb24b89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 16:38:44 +0800 Subject: [PATCH 15/23] check4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../include/authentication_v2/dm_auth_message_processor.h | 4 +++- .../src/authentication_v2/dm_auth_message_processor.cpp | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_message_processor.h b/services/implementation/include/authentication_v2/dm_auth_message_processor.h index 74486482d..6774ecd52 100644 --- a/services/implementation/include/authentication_v2/dm_auth_message_processor.h +++ b/services/implementation/include/authentication_v2/dm_auth_message_processor.h @@ -226,8 +226,10 @@ public: void DmAuthUltrasonicMessageProcessor(); private: + // construct function implementation + void ConstructCreateMessageFunMap(); + void ConstructParaseMessageFuncMap(); // Internal implementations for various message types - // Used to encrypt the synchronization message int32_t EncryptSyncMessage(std::shared_ptr &context, DmAccess &accessSide, std::string &encSyncMsg); int32_t CreateProxyAccessMessage(std::shared_ptr &context, JsonObject &syncMsgJson); diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index a2593b6a8..917aeb437 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -454,7 +454,7 @@ int32_t DmAuthMessageProcessor::PutProxyAccessControlList(std::shared_ptr(); ConstructCreateMessageFunMap(); - ConstructparaseMessageFuncMap(); + ConstructParaseMessageFuncMap(); DmAuthUltrasonicMessageProcessor(); } -- Gitee From a1586ac1c0d859dfd1b4d24769ffc45c288c03b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 17:03:07 +0800 Subject: [PATCH 16/23] check4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../src/authentication_v2/dm_auth_state_machine.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index c45406d12..1bfc7b02d 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -73,11 +73,6 @@ void DmAuthStateMachine::InsertSrcTransTable() {DmAuthStateType::AUTH_SRC_PIN_INPUT_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, { - DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, - DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, - DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, - }}, {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} }); @@ -101,6 +96,11 @@ void DmAuthStateMachine::InsertCredentialAuthSrcTransTable() DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, DmAuthStateType::AUTH_SRC_PIN_NEGOTIATE_START_STATE, }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, + }}, {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, { DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, -- Gitee From 502fd85865760167d42180d9cc99c714152e7bc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 17:33:51 +0800 Subject: [PATCH 17/23] check5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../src/authentication_v2/auth_stages/auth_credential.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 14c7ef63e..891f10b28 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -141,6 +141,7 @@ int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); DmMessageType msgType; + int32_t ret = DM_OK; // first time joinLnn, auth lnnCredential if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false && context->accesser.bindLevel != USER) { -- Gitee From 19d3152de5053ad9356b01e91b48557671d8a869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Sun, 13 Jul 2025 18:21:15 +0800 Subject: [PATCH 18/23] check6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/src/authentication_v2/auth_manager.cpp | 6 +++--- .../src/authentication_v2/auth_stages/auth_credential.cpp | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index c43072e0f..968a13ce7 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -629,13 +629,13 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth void GenerateCertificate(std::shared_ptr context) { if (context == nullptr) { - LOGE("context_ is nullptr!"); + LOGE("context is nullptr!"); return; } #ifdef DEVICE_MANAGER_COMMON_FLAG context->accesser.isCommonFlag = true; LOGI("open device do not generate cert!"); - context_->accesser.cert = "common"; + context->accesser.cert = "common"; #else DmCertChain dmCertChain; int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); @@ -643,7 +643,7 @@ void GenerateCertificate(std::shared_ptr context) LOGE("generate cert fail, certRet = %{public}d", certRet); return; } - context_->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + context->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); #endif return; diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 891f10b28..b30e8e9e0 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -644,6 +644,9 @@ int32_t AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_pt if (context == nullptr || context->hiChainAuthConnector == nullptr) { return ERR_DM_POINT_NULL; } + int32_t ret = DM_OK; + std::string tmpCredId = ""; + int32_t osAccountId = context->accesser.userId; // First authentication if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { // Agree lnn credentials and public key @@ -681,7 +684,6 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c { LOGI("AuthSrcCredentialAuthStartState::Action start."); int32_t ret = ERR_DM_FAILED; - std::string tmpCredId = ""; int32_t osAccountId = context->accesser.userId; if (context == nullptr || context->hiChainAuthConnector == nullptr || context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { -- Gitee From 4ed3de201be8f6e42ff223993c294cc1e2b15449 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Mon, 14 Jul 2025 09:24:40 +0800 Subject: [PATCH 19/23] =?UTF-8?q?fuzz=E5=8E=BB=E6=8E=89=E6=97=A0=E7=94=A8?= =?UTF-8?q?=E5=87=BD=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../authcredential_fuzzer/auth_credential_fuzzer.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp index 9e258bf0b..2081f62b6 100644 --- a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp +++ b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp @@ -102,7 +102,6 @@ void AuthCredentialFuzzTest(const uint8_t* data, size_t size) context->accesser.isGenerateLnnCredential = false; authFirst->GetStateType(); authSecond->GetStateType(); - authSecond->GenerateCertificate(context); authThird->GetStateType(); authForth->GetStateType(); authFifth->GetStateType(); -- Gitee From e46576f5752b4aef5999a03f38b4c03852880ddc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Tue, 15 Jul 2025 19:49:42 +0800 Subject: [PATCH 20/23] =?UTF-8?q?=E5=85=BC=E5=AE=B9=E4=BB=A3=E7=90=86?= =?UTF-8?q?=E7=BB=91=E5=AE=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../dm_auth_message_processor.h | 2 +- .../include/authentication_v2/dm_auth_state.h | 6 + .../auth_stages/auth_credential.cpp | 140 ++++++++++++++---- .../dm_auth_message_processor.cpp | 4 +- 4 files changed, 123 insertions(+), 29 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_message_processor.h b/services/implementation/include/authentication_v2/dm_auth_message_processor.h index 6774ecd52..d3bddf4f1 100644 --- a/services/implementation/include/authentication_v2/dm_auth_message_processor.h +++ b/services/implementation/include/authentication_v2/dm_auth_message_processor.h @@ -227,7 +227,7 @@ public: private: // construct function implementation - void ConstructCreateMessageFunMap(); + void ConstructCreateMessageFuncMap(); void ConstructParaseMessageFuncMap(); // Internal implementations for various message types // Used to encrypt the synchronization message diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index a40cd8bbd..b2c49a865 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -449,6 +449,11 @@ public: virtual ~AuthSrcSKDeriveState() {}; DmAuthStateType GetStateType() override; int32_t Action(std::shared_ptr context) override; + int32_t DerivativeSessionKey(std::shared_ptr context); + int32_t DerivativeProxySessionKey(std::shared_ptr context); +private: + std::mutex certCVMtx_; + std::condition_variable certCV_; }; class AuthSinkSKDeriveState : public DmAuthState { @@ -456,6 +461,7 @@ public: virtual ~AuthSinkSKDeriveState() {}; DmAuthStateType GetStateType() override; int32_t Action(std::shared_ptr context) override; + int32_t DerivativeSessionKey(std::shared_ptr context); }; class AuthSrcCredentialAuthStartState : public AuthCredentialAgreeState { diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index b30e8e9e0..e929e2f01 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -182,7 +182,8 @@ int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ return SendCredentialAuthMessage(context, msgType); } -int32_t AuthSrcCredentialAuthDoneState::SendCredentialAuthMessage(std::shared_ptr context, +int32_t AuthSrcCredentialAuthDoneState:: +(std::shared_ptr context, DmMessageType &msgType) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); @@ -721,15 +722,9 @@ DmAuthStateType AuthSrcSKDeriveState::GetStateType() return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; } -// receive 151 message int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) { LOGI("AuthSrcSKDeriveState::Action start."); - if (context == nullptr || - context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { - LOGE("AuthSrcSKDeriveState::Action para is invalid."); - return ERR_DM_POINT_NULL; - } // First authentication lnn cred if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { int32_t skId = 0; @@ -738,31 +733,98 @@ int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); return ret; } context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); context->accesser.lnnSessionKeyId = skId; SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); } - int32_t skId = 0; // derive transmit sk - std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); - if (ret != DM_OK) { - LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); - return ret; - } - context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); - context->accesser.transmitSessionKeyId = skId; - SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + DerivativeSessionKey(context); + // wait cert generate + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(100), [=] {return !context->accesser.cert.empty();}); // send 180 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); LOGI("AuthSrcSKDeriveState::Action() leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } +int32_t AuthSrcSKDeriveState::DerivativeSessionKey(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + // no proxy + if (!context->IsProxyBind || context->subjectProxyOnes.empty()) { + // 派生应用的sk【临时SK+accesser.transmitCredentialId+accessee.transmitCredentialId】 saveTransmitSkToDp + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + return DM_OK; + } + // proxy + return DerivativeProxySessionKey(context); +} + +int32_t AuthSrcSKDeriveState::DerivativeProxySessionKey(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + if (!context->reUseCreId.empty()) { + context->accesser.transmitCredentialId = context->reUseCreId; + } + if (context->IsCallingProxyAsSubject && !context->accesser.isAuthed) { + int32_t skId = 0; + int32_t ret = 0; + if (!context->reUseCreId.empty()) { + std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash + + context->accesser.tokenIdHash + context->accessee.tokenIdHash; + ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + context->accesser.transmitCredentialId = context->reUseCreId; + } else { + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + } + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + } + for (auto &app : context->subjectProxyOnes) { + if (app.proxyAccesser.isAuthed) { + continue; + } + int32_t skId = 0; + std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash + + app.proxyAccesser.tokenIdHash + app.proxyAccessee.tokenIdHash; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + app.proxyAccesser.skTimeStamp = static_cast(DmAuthState::GetSysTimeMs()); + app.proxyAccesser.transmitSessionKeyId = skId; + if (!context->reUseCreId.empty()) { + app.proxyAccesser.transmitCredentialId = context->reUseCreId; + continue; + } + app.proxyAccesser.transmitCredentialId = context->accesser.transmitCredentialId; + } + return DM_OK; +} + DmAuthStateType AuthSinkSKDeriveState::GetStateType() { return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; @@ -772,11 +834,6 @@ DmAuthStateType AuthSinkSKDeriveState::GetStateType() int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) { LOGI("AuthSinkSKDeriveState::Action start."); - if (context == nullptr || - context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { - LOGE("AuthSinkSKDeriveState::Action para is invalid."); - return ERR_DM_POINT_NULL; - } // First authentication lnn cred if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { int32_t skId = 0; @@ -785,7 +842,7 @@ int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); return ret; } context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); @@ -798,16 +855,47 @@ int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) int32_t ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); if (ret != DM_OK) { - LOGE("AuthSinkSKDeriveState::Action DP save user session key failed"); + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); return ret; } context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); context->accessee.transmitSessionKeyId = skId; SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); + DerivativeSessionKey(context); // send 151 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); LOGI("AuthSinkSKDeriveState::Action() leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } + +int32_t AuthSinkSKDeriveState::DerivativeSessionKey(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + if (!context->IsProxyBind || context->subjectProxyOnes.empty()) { + return DM_OK; + } + for (auto &app : context->subjectProxyOnes) { + if (app.proxyAccessee.isAuthed) { + continue; + } + int32_t skId = 0; + std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash + + app.proxyAccesser.tokenIdHash + app.proxyAccessee.tokenIdHash; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed %{public}d", ret); + return ret; + } + app.proxyAccessee.skTimeStamp = static_cast(DmAuthState::GetSysTimeMs()); + app.proxyAccessee.transmitSessionKeyId = skId; + if (!context->reUseCreId.empty()) { + app.proxyAccessee.transmitCredentialId = context->reUseCreId; + continue; + } + app.proxyAccessee.transmitCredentialId = context->accessee.transmitCredentialId; + } + return DM_OK; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 917aeb437..4a6c211a2 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -454,7 +454,7 @@ int32_t DmAuthMessageProcessor::PutProxyAccessControlList(std::shared_ptr(); - ConstructCreateMessageFunMap(); + ConstructCreateMessageFuncMap(); ConstructParaseMessageFuncMap(); DmAuthUltrasonicMessageProcessor(); } -- Gitee From 3016403072da44396e5f8ea9160cb07bdb72ce26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Tue, 15 Jul 2025 20:14:33 +0800 Subject: [PATCH 21/23] =?UTF-8?q?=E5=8A=A0=E7=A9=BA=E5=88=A4=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../authentication_v2/auth_stages/auth_credential.cpp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index e929e2f01..6d35aafc6 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -182,8 +182,7 @@ int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ return SendCredentialAuthMessage(context, msgType); } -int32_t AuthSrcCredentialAuthDoneState:: -(std::shared_ptr context, +int32_t AuthSrcCredentialAuthDoneState::SendCredentialAuthMessage(std::shared_ptr context, DmMessageType &msgType) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); @@ -725,6 +724,8 @@ DmAuthStateType AuthSrcSKDeriveState::GetStateType() int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) { LOGI("AuthSrcSKDeriveState::Action start."); + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); // First authentication lnn cred if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { int32_t skId = 0; @@ -754,9 +755,9 @@ int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) int32_t AuthSrcSKDeriveState::DerivativeSessionKey(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); // no proxy if (!context->IsProxyBind || context->subjectProxyOnes.empty()) { - // 派生应用的sk【临时SK+accesser.transmitCredentialId+accessee.transmitCredentialId】 saveTransmitSkToDp int32_t skId = 0; // derive transmit sk std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; @@ -778,6 +779,7 @@ int32_t AuthSrcSKDeriveState::DerivativeSessionKey(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); if (!context->reUseCreId.empty()) { context->accesser.transmitCredentialId = context->reUseCreId; } @@ -834,6 +836,8 @@ DmAuthStateType AuthSinkSKDeriveState::GetStateType() int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) { LOGI("AuthSinkSKDeriveState::Action start."); + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); // First authentication lnn cred if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { int32_t skId = 0; @@ -871,6 +875,7 @@ int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) int32_t AuthSinkSKDeriveState::DerivativeSessionKey(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); if (!context->IsProxyBind || context->subjectProxyOnes.empty()) { return DM_OK; } -- Gitee From 8cd91125d4c67e8af019d94304a31c93e17be8cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Tue, 15 Jul 2025 20:26:44 +0800 Subject: [PATCH 22/23] =?UTF-8?q?=E9=AD=94=E9=AC=BC=E6=95=B0=E5=AD=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../implementation/include/authentication_v2/dm_auth_state.h | 1 - .../src/authentication_v2/auth_stages/auth_credential.cpp | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index b2c49a865..cd7de24cb 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -152,7 +152,6 @@ public: static int32_t GetTaskTimeout(std::shared_ptr context, const char* taskName, int32_t taskTimeOut); static void HandleAuthenticateTimeout(std::shared_ptr context, std::string name); static bool IsImportAuthCodeCompatibility(DmAuthType authType); - void SetAclExtraInfo(std::shared_ptr context); void SetAclInfo(std::shared_ptr context); void FilterProfilesByContext(std::vector &profiles, diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 6d35aafc6..b186ec5c9 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -745,7 +745,8 @@ int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) DerivativeSessionKey(context); // wait cert generate std::unique_lock cvLock(certCVMtx_); - certCV_.wait_for(cvLock, std::chrono::milliseconds(100), [=] {return !context->accesser.cert.empty();}); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); // send 180 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); LOGI("AuthSrcSKDeriveState::Action() leave."); -- Gitee From d300df167b24a952854513a4a5fc497c6c2d8d69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B7=8D?= Date: Thu, 17 Jul 2025 11:55:48 +0800 Subject: [PATCH 23/23] =?UTF-8?q?=E6=A3=80=E8=A7=86=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李巍 --- .../authentication_v2/dm_auth_message_processor.h | 2 +- .../src/authentication_v2/auth_manager.cpp | 6 +++++- .../authentication_v2/auth_stages/auth_credential.cpp | 3 +-- .../src/authentication_v2/dm_auth_message_processor.cpp | 4 ++-- .../src/authentication_v2/dm_auth_state_machine.cpp | 9 +++++++-- utils/include/appInfo/lite/app_manager.h | 3 +++ 6 files changed, 19 insertions(+), 8 deletions(-) diff --git a/services/implementation/include/authentication_v2/dm_auth_message_processor.h b/services/implementation/include/authentication_v2/dm_auth_message_processor.h index d3bddf4f1..98144d108 100644 --- a/services/implementation/include/authentication_v2/dm_auth_message_processor.h +++ b/services/implementation/include/authentication_v2/dm_auth_message_processor.h @@ -228,7 +228,7 @@ public: private: // construct function implementation void ConstructCreateMessageFuncMap(); - void ConstructParaseMessageFuncMap(); + void ConstructParseMessageFuncMap(); // Internal implementations for various message types // Used to encrypt the synchronization message int32_t EncryptSyncMessage(std::shared_ptr &context, DmAccess &accessSide, std::string &encSyncMsg); diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 968a13ce7..0b9e56ff2 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -643,7 +643,11 @@ void GenerateCertificate(std::shared_ptr context) LOGE("generate cert fail, certRet = %{public}d", certRet); return; } - context->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + std::lock_guard lock(certMtx_); + { + context->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + certCV_.notify_all(); + } AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); #endif return; diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index b186ec5c9..22e0ea88c 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -795,8 +795,7 @@ int32_t AuthSrcSKDeriveState::DerivativeProxySessionKey(std::shared_ptraccesser.transmitCredentialId + context->accessee.transmitCredentialId; - int32_t ret = - context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); } if (ret != DM_OK) { LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 4a6c211a2..8eb382827 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -483,7 +483,7 @@ void DmAuthMessageProcessor::ConstructCreateMessageFuncMap() }; } -void DmAuthMessageProcessor::ConstructParaseMessageFuncMap() +void DmAuthMessageProcessor::ConstructParseMessageFuncMap() { paraseMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseNegotiateMessage}, @@ -516,7 +516,7 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() LOGI("DmAuthMessageProcessor constructor"); cryptoMgr_ = std::make_shared(); ConstructCreateMessageFuncMap(); - ConstructParaseMessageFuncMap(); + ConstructParseMessageFuncMap(); DmAuthUltrasonicMessageProcessor(); } diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index 1bfc7b02d..5191485f5 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -106,7 +106,9 @@ void DmAuthStateMachine::InsertCredentialAuthSrcTransTable() DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, }}, {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, { - DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE}}, + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_FINISH_STATE, + }}, {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, { DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE }}, @@ -198,7 +200,10 @@ void DmAuthStateMachine::InsertCredentialAuthSinkTransTable() DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, }}, - {DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE}}, + {DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, { + DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SINK_FINISH_STATE, + }}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, { DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE }}, diff --git a/utils/include/appInfo/lite/app_manager.h b/utils/include/appInfo/lite/app_manager.h index ffc506b0a..eaea899ed 100644 --- a/utils/include/appInfo/lite/app_manager.h +++ b/utils/include/appInfo/lite/app_manager.h @@ -35,6 +35,9 @@ public: int32_t GetNativeTokenIdByName(std::string &processName, int64_t &tokenId); int32_t GetHapTokenIdByName(int32_t userId, std::string &bundleName, int32_t instIndex, int64_t &tokenId); int32_t GetBundleNameForSelf(std::string &bundleName); +private: + std::mutex certMtx_; + std::condition_variable certCV_; }; } // namespace DistributedHardware } // namespace OHOS -- Gitee