diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 1edd72def1799d16cc6410e4f1d0254e34dd4122..2505b96bac5f6c191af11fed2a6d269e5e0666b7 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -199,6 +199,7 @@ extern const char* DM_VERSION_5_0_5; extern const char* DM_VERSION_5_1_0; extern const char* DM_VERSION_5_1_1; extern const char* DM_VERSION_5_1_2; +extern const char* DM_VERSION_5_1_3; extern const char* DM_CURRENT_VERSION; extern const char* DM_ACL_AGING_VERSION; extern const char* DM_VERSION_5_0_OLD_MAX; // Estimated highest version number of the old version diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index f8bfb729bda7982b7ec510d1a5037845d8194cdc..2a268e59e14a6f5992ac4833ed6016fe80e01eb4 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -187,7 +187,8 @@ const char* DM_VERSION_5_0_5 = "5.0.5"; const char* DM_VERSION_5_1_0 = "5.1.0"; const char* DM_VERSION_5_1_1 = "5.1.1"; const char* DM_VERSION_5_1_2 = "5.1.2"; -const char* DM_CURRENT_VERSION = DM_VERSION_5_1_2; +const char* DM_VERSION_5_1_3 = "5.1.3"; +const char* DM_CURRENT_VERSION = DM_VERSION_5_1_3; const char* DM_ACL_AGING_VERSION = DM_VERSION_5_1_0; const char* DM_VERSION_5_0_OLD_MAX = "5.0.99"; // Estimated highest version number of the old version const int32_t DM_HO_OSTYPE = -1; diff --git a/services/implementation/include/authentication_v2/auth_manager.h b/services/implementation/include/authentication_v2/auth_manager.h index 02deef3fe7ca1f8f8b1fec0005eccb180e1578b2..9b087c1e02db9b856bbce7fc1ec646147f88f66a 100644 --- a/services/implementation/include/authentication_v2/auth_manager.h +++ b/services/implementation/include/authentication_v2/auth_manager.h @@ -154,6 +154,8 @@ private: void GetBindCallerInfo(); int32_t GetBindLevel(int32_t bindLevel); void GetIsNeedJoinLnnParam(const std::map &bindParam); + std::mutex certMtx_; + std::condition_variable certCV_; }; class AuthSrcManager : public AuthManager { diff --git a/services/implementation/include/authentication_v2/dm_auth_message_processor.h b/services/implementation/include/authentication_v2/dm_auth_message_processor.h index 5192992bde31ffe817560ce771a8f50b76e43029..98144d108a6ab5aea249a730f24eec27cc4d7a19 100644 --- a/services/implementation/include/authentication_v2/dm_auth_message_processor.h +++ b/services/implementation/include/authentication_v2/dm_auth_message_processor.h @@ -115,6 +115,8 @@ enum DmMessageType { MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE = 131, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE = 140, MSG_TYPE_RESP_CREDENTIAL_EXCHANGE = 150, + MSG_TYPE_REQ_SK_DERIVE = 141, + MSG_TYPE_RESP_SK_DERIVE = 151, MSG_TYPE_REQ_CREDENTIAL_AUTH_START = 160, MSG_TYPE_RESP_CREDENTIAL_AUTH_START = 170, MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE = 161, @@ -224,8 +226,10 @@ public: void DmAuthUltrasonicMessageProcessor(); private: + // construct function implementation + void ConstructCreateMessageFuncMap(); + void ConstructParseMessageFuncMap(); // Internal implementations for various message types - // Used to encrypt the synchronization message int32_t EncryptSyncMessage(std::shared_ptr &context, DmAccess &accessSide, std::string &encSyncMsg); int32_t CreateProxyAccessMessage(std::shared_ptr &context, JsonObject &syncMsgJson); @@ -257,6 +261,10 @@ private: // Parse the 150 message int32_t ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context); int32_t ParseProxyCredExchangeToSync(std::shared_ptr &context, JsonObject &jsonObject); + // Parse the 141 message + int32_t ParseMessageReqSKDerive(const JsonObject &jsonObject, std::shared_ptr context); + // Parse the 151 message + int32_t ParseMessageRspSKDerive(const JsonObject &jsonObject, std::shared_ptr context); // Parse the 161, 170, and 171 messages int32_t ParseMessageNegotiateTransmit(const JsonObject &jsonObject, std::shared_ptr context); // Parse the 180 message @@ -301,6 +309,10 @@ private: // Create the 150 message int32_t CreateMessageRspCredExchange(std::shared_ptr context, JsonObject &jsonObject); int32_t CreateProxyCredExchangeMessage(std::shared_ptr &context, JsonObject &jsonData); + // Create 141 message. + int32_t CreateMessageReqSKDerive(std::shared_ptr context, JsonObject &jsonObject); + // Create 151 message. + int32_t CreateMessageRspSKDerive(std::shared_ptr context, JsonObject &jsonObject); // Create the 160 message int32_t CreateMessageReqCredAuthStart(std::shared_ptr context, JsonObject &jsonObject); // Construct the 161, 170, and 171 credential authentication messages diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index 8e948a6664f720607f6611b07713de1093c77010..cd7de24cb3ce05450732ad4291392c48378aeafa 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -58,6 +58,7 @@ enum class DmAuthStateType { AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE = 16, // Received 170 credential authentication message, sent 161 message AUTH_SRC_DATA_SYNC_STATE = 17, // Received 190 message, sent 200 message AUTH_SRC_FINISH_STATE = 18, // Received 201 message + AUTH_SRC_SK_DERIVE_STATE = 19, // Received 151 message // sink end state AUTH_SINK_START_STATE = 50, // Bus trigger OnSessionOpened @@ -77,6 +78,7 @@ enum class DmAuthStateType { AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE = 64, // Received 161 credential negotiation message, AUTH_SINK_DATA_SYNC_STATE = 65, // Received 180 synchronization message, send 190 message AUTH_SINK_FINISH_STATE = 66, // Received 200 end message, send 201 message + AUTH_SINK_SK_DERIVE_STATE = 67, // Received 141 message }; // Credential Addition Method @@ -150,7 +152,6 @@ public: static int32_t GetTaskTimeout(std::shared_ptr context, const char* taskName, int32_t taskTimeOut); static void HandleAuthenticateTimeout(std::shared_ptr context, std::string name); static bool IsImportAuthCodeCompatibility(DmAuthType authType); - void SetAclExtraInfo(std::shared_ptr context); void SetAclInfo(std::shared_ptr context); void FilterProfilesByContext(std::vector &profiles, @@ -442,11 +443,33 @@ public: int32_t Action(std::shared_ptr context) override; }; +class AuthSrcSKDeriveState : public DmAuthState { +public: + virtual ~AuthSrcSKDeriveState() {}; + DmAuthStateType GetStateType() override; + int32_t Action(std::shared_ptr context) override; + int32_t DerivativeSessionKey(std::shared_ptr context); + int32_t DerivativeProxySessionKey(std::shared_ptr context); +private: + std::mutex certCVMtx_; + std::condition_variable certCV_; +}; + +class AuthSinkSKDeriveState : public DmAuthState { +public: + virtual ~AuthSinkSKDeriveState() {}; + DmAuthStateType GetStateType() override; + int32_t Action(std::shared_ptr context) override; + int32_t DerivativeSessionKey(std::shared_ptr context); +}; + class AuthSrcCredentialAuthStartState : public AuthCredentialAgreeState { public: virtual ~AuthSrcCredentialAuthStartState() {}; DmAuthStateType GetStateType() override; int32_t Action(std::shared_ptr context) override; +private: + int32_t AgreeAndDeleteCredential(std::shared_ptr context); }; class AuthSrcCredentialAuthNegotiateState : public DmAuthState { @@ -464,8 +487,10 @@ public: int32_t SendCredentialAuthMessage(std::shared_ptr context, DmMessageType &msgType); int32_t DerivativeSessionKey(std::shared_ptr context); int32_t DerivativeProxySessionKey(std::shared_ptr context); + int32_t HandleSrcCredentialAuthDone(std::shared_ptr context); private: - std::string GenerateCertificate(std::shared_ptr context); + std::mutex certCVMtx_; + std::condition_variable certCV_; }; class AuthSinkCredentialAuthStartState : public DmAuthState { diff --git a/services/implementation/include/authentication_v2/dm_auth_state_machine.h b/services/implementation/include/authentication_v2/dm_auth_state_machine.h index 03a0d83dd1b808e5f8878c60f3665d0225bcbd54..48288a3a39b1cdb3442c6eb14ed68855fab13262 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state_machine.h +++ b/services/implementation/include/authentication_v2/dm_auth_state_machine.h @@ -81,6 +81,8 @@ private: void InsertSinkTransTable(); void InsertUltrasonicSrcTransTable(); void InsertUltrasonicSinkTransTable(); + void InsertCredentialAuthSrcTransTable(); + void InsertCredentialAuthSinkTransTable(); // Fetch the current state and execute it std::optional> FetchAndSetCurState(); diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index a8991a50b8bf44e903aab6b94280ce47439fe2d6..4a33f36c83a7d27375fab2f8638d1056fb2e7f31 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -26,6 +26,8 @@ #include "multiple_user_connector.h" #include "auth_manager.h" +#include "dm_auth_attest_common.h" +#include "dm_auth_cert.h" #include "dm_constants.h" #include "dm_crypto.h" #include "dm_random.h" @@ -38,6 +40,7 @@ #include "dm_auth_context.h" #include "dm_auth_message_processor.h" #include "dm_auth_state.h" +#include "ffrt.h" #include "json_object.h" namespace OHOS { @@ -625,6 +628,33 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } +void GenerateCertificate(std::shared_ptr context) +{ + if (context == nullptr) { + LOGE("context is nullptr!"); + return; + } +#ifdef DEVICE_MANAGER_COMMON_FLAG + context->accesser.isCommonFlag = true; + LOGI("open device do not generate cert!"); + context->accesser.cert = "common"; +#else + DmCertChain dmCertChain; + int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); + if (certRet != DM_OK) { + LOGE("generate cert fail, certRet = %{public}d", certRet); + return; + } + { + std::lock_guard lock(certMtx_); + context->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + } + certCV_.notify_all(); + AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); +#endif + return; +} + int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId &targetId, const std::map &bindParam, int sessionId, uint64_t logicalSessionId) { @@ -669,6 +699,8 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & context_->logicalSessionId = logicalSessionId; context_->requestId = static_cast(logicalSessionId); context_->authStateMachine->TransitionTo(std::make_shared()); + // generate cert sync + ffrt::submit([=]() { GenerateCertificate(context_);}); info = { .funcName = "BindTarget" }; info.channelId = sessionId; DmRadarHelper::GetInstance().ReportAuthSendRequest(info); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 4bada104f53d5f96a04388633dd50e492d6e1abe..5cd699d25d7abbefceceb350f8b534d8538c4895 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -26,6 +26,7 @@ #include "dm_constants.h" #include "dm_log.h" #include "deviceprofile_connector.h" +#include "ffrt.h" #include "hichain_auth_connector.h" #include "multiple_user_connector.h" @@ -37,8 +38,8 @@ namespace { // tag in Lowercase, need by hichain tag constexpr const char* TAG_LOWER_DEVICE_ID = "deviceId"; constexpr const char* TAG_LOWER_USER_ID = "userId"; - constexpr const char* DM_AUTH_CREDENTIAL_OWNER = "DM"; +const int32_t GENERATE_CERT_TIMEOUT = 100; // 100ms // decrypt process int32_t g_authCredentialTransmitDecryptProcess(std::shared_ptr context, DmEventType event) @@ -110,35 +111,15 @@ DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE; } -std::string AuthSrcCredentialAuthDoneState::GenerateCertificate(std::shared_ptr context) -{ -#ifdef DEVICE_MANAGER_COMMON_FLAG - if (context == nullptr) { - LOGE("context_ is nullptr!"); - return ""; - } - context->accesser.isCommonFlag = true; - LOGI("open device do not generate cert!"); - return ""; -#else - DmCertChain dmCertChain; - int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); - if (certRet != DM_OK) { - LOGE("generate cert fail, certRet = %{public}d", certRet); - return ""; - } - std::string cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); - AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); - return cert; -#endif -} - int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr context) { CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); if (GetSessionKey(context)) { DerivativeSessionKey(context); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_REQ_DATA_SYNC, context); return DM_OK; } @@ -147,14 +128,20 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co if (ret != DM_OK) { return ret; } - // Authentication completion triggers the Onfinish callback event. if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) { LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed"); return ERR_DM_FAILED; } - DmMessageType msgType; + return HandleSrcCredentialAuthDone(context); +} +int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); + DmMessageType msgType; + int32_t ret = DM_OK; // first time joinLnn, auth lnnCredential if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false && context->accesser.bindLevel != USER) { @@ -167,7 +154,6 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth credentail failed"); return ret; } - // wait for onTransmit event if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthDoneState::Action failed, ON_TRANSMIT event not arrived."); @@ -182,11 +168,15 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co return ret; } SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } else { // Non-first-time authentication transport credential process DerivativeSessionKey(context); - context->accesser.cert = GenerateCertificate(context); + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } return SendCredentialAuthMessage(context, msgType); @@ -609,8 +599,8 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // Delete temporary credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); } DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; @@ -636,8 +626,8 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // Delete temporary transport credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, context); LOGI("AuthSinkCredentialExchangeState::Action leave."); @@ -649,55 +639,69 @@ DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; } +int32_t AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr context) +{ + if (context == nullptr || context->hiChainAuthConnector == nullptr) { + return ERR_DM_POINT_NULL; + } + int32_t ret = DM_OK; + std::string tmpCredId = ""; + int32_t osAccountId = context->accesser.userId; + // First authentication + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + // Agree lnn credentials and public key + tmpCredId = context->accesser.lnnCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); + return ret; + } + // Delete temporary lnn credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + } + DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; + if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { + authorizedScope = DM_AUTH_SCOPE_APP; + } + if (context->accesser.bindLevel == USER) { + authorizedScope = DM_AUTH_SCOPE_USER; + } + // Agree transport credentials and public key + tmpCredId = context->accesser.transmitCredentialId; + ret = AgreeCredential(authorizedScope, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, ""); + LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); + return ret; + } + // Delete temporary transport credentials sync + ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);}); + return DM_OK; +} + int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr context) { LOGI("AuthSrcCredentialAuthStartState::Action start."); int32_t ret = ERR_DM_FAILED; - std::string tmpCredId = ""; int32_t osAccountId = context->accesser.userId; - if (context == nullptr || context->hiChainAuthConnector == nullptr || context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { return ret; } - if (IsNeedAgreeCredential(context)) { - // First authentication - if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { - // Agree lnn credentials and public key - tmpCredId = context->accesser.lnnCredentialId; - ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context); - if (ret != DM_OK) { - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, ""); - return ret; - } - - // Delete temporary lnn credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - } - - DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID; - if (context->accesser.bindLevel == APP || context->accesser.bindLevel == SERVICE) { - authorizedScope = DM_AUTH_SCOPE_APP; - } else if (context->accesser.bindLevel == USER) { - authorizedScope = DM_AUTH_SCOPE_USER; - } - - // Agree transport credentials and public key - tmpCredId = context->accesser.transmitCredentialId; - ret = AgreeCredential(authorizedScope, context); + ret = AgreeAndDeleteCredential(context); if (ret != DM_OK) { - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, ""); - LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); return ret; } - - // Delete temporary transport credentials - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); } - + // compareVersion send 141 + std::string message = ""; + if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) { + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); + } // Transport credential authentication ret = context->hiChainAuthConnector->AuthCredential(osAccountId, context->requestId, context->accesser.transmitCredentialId, std::string("")); @@ -705,15 +709,200 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c LOGE("AuthSrcCredentialAuthStartState::Action failed, auth app cred failed."); return ret; } - if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthStartState::Action failed, ON_TRANSMIT event not arrived."); return ERR_DM_FAILED; } - - std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); + message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } + +DmAuthStateType AuthSrcSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE; +} + +int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSrcSKDeriveState::Action start."); + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); + // First authentication lnn cred + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accesser.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); + } + // derive transmit sk + DerivativeSessionKey(context); + // wait cert generate + std::unique_lock cvLock(certCVMtx_); + certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + [=] {return !context->accesser.cert.empty();}); + // send 180 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); + LOGI("AuthSrcSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +int32_t AuthSrcSKDeriveState::DerivativeSessionKey(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); + // no proxy + if (!context->IsProxyBind || context->subjectProxyOnes.empty()) { + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + context->accesser.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accesser.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + return DM_OK; + } + // proxy + return DerivativeProxySessionKey(context); +} + +int32_t AuthSrcSKDeriveState::DerivativeProxySessionKey(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); + if (!context->reUseCreId.empty()) { + context->accesser.transmitCredentialId = context->reUseCreId; + } + if (context->IsCallingProxyAsSubject && !context->accesser.isAuthed) { + int32_t skId = 0; + int32_t ret = 0; + if (!context->reUseCreId.empty()) { + std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash + + context->accesser.tokenIdHash + context->accessee.tokenIdHash; + ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + context->accesser.transmitCredentialId = context->reUseCreId; + } else { + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + } + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + } + for (auto &app : context->subjectProxyOnes) { + if (app.proxyAccesser.isAuthed) { + continue; + } + int32_t skId = 0; + std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash + + app.proxyAccesser.tokenIdHash + app.proxyAccessee.tokenIdHash; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcSKDeriveState::Action DP save user session key failed"); + return ret; + } + app.proxyAccesser.skTimeStamp = static_cast(DmAuthState::GetSysTimeMs()); + app.proxyAccesser.transmitSessionKeyId = skId; + if (!context->reUseCreId.empty()) { + app.proxyAccesser.transmitCredentialId = context->reUseCreId; + continue; + } + app.proxyAccesser.transmitCredentialId = context->accesser.transmitCredentialId; + } + return DM_OK; +} + +DmAuthStateType AuthSinkSKDeriveState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE; +} + +// receive 141 message +int32_t AuthSinkSKDeriveState::Action(std::shared_ptr context) +{ + LOGI("AuthSinkSKDeriveState::Action start."); + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); + // First authentication lnn cred + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != USER) { + int32_t skId = 0; + // derive lnn sk + std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accessee.lnnSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.lnnSessionKeyId = skId; + SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId); + } + int32_t skId = 0; + // derive transmit sk + std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + context->accessee.transmitSkTimeStamp = static_cast(GetSysTimeMs()); + context->accessee.transmitSessionKeyId = skId; + SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId); + DerivativeSessionKey(context); + // send 151 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context); + LOGI("AuthSinkSKDeriveState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +int32_t AuthSinkSKDeriveState::DerivativeSessionKey(std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); + if (!context->IsProxyBind || context->subjectProxyOnes.empty()) { + return DM_OK; + } + for (auto &app : context->subjectProxyOnes) { + if (app.proxyAccessee.isAuthed) { + continue; + } + int32_t skId = 0; + std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash + + app.proxyAccesser.tokenIdHash + app.proxyAccessee.tokenIdHash; + int32_t ret = + context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId); + if (ret != DM_OK) { + LOGE("AuthSinkSKDeriveState::Action DP save user session key failed %{public}d", ret); + return ret; + } + app.proxyAccessee.skTimeStamp = static_cast(DmAuthState::GetSysTimeMs()); + app.proxyAccessee.transmitSessionKeyId = skId; + if (!context->reUseCreId.empty()) { + app.proxyAccessee.transmitCredentialId = context->reUseCreId; + continue; + } + app.proxyAccessee.transmitCredentialId = context->accessee.transmitCredentialId; + } + return DM_OK; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 3ff2a9174a405c2004b31873995be1922bb0852b..8eb3828277b4da1824e45c0c9dbe28958411c730 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -454,10 +454,8 @@ int32_t DmAuthMessageProcessor::PutProxyAccessControlList(std::shared_ptr(); createMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateNegotiateMessage}, {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateRespNegotiateMessage}, @@ -470,6 +468,8 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() &DmAuthMessageProcessor::CreateMessageRespPinAuthNegotiate}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageReqCredExchange}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageReqSKDerive}, + {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageRspSKDerive}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::CreateMessageReqCredAuthStart}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::CreateCredentialNegotiateMessage}, @@ -481,6 +481,10 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, }; +} + +void DmAuthMessageProcessor::ConstructParseMessageFuncMap() +{ paraseMessageFuncMap_ = { {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseNegotiateMessage}, {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageRespAclNegotiate}, @@ -493,6 +497,8 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() &DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageReqCredExchange}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageReqSKDerive}, + {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageRspSKDerive}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseAuthStartMessage}, {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, @@ -503,6 +509,14 @@ DmAuthMessageProcessor::DmAuthMessageProcessor() {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::ParseMessageSinkFinish}, {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::ParseMessageSrcFinish}, }; +} + +DmAuthMessageProcessor::DmAuthMessageProcessor() +{ + LOGI("DmAuthMessageProcessor constructor"); + cryptoMgr_ = std::make_shared(); + ConstructCreateMessageFuncMap(); + ConstructParseMessageFuncMap(); DmAuthUltrasonicMessageProcessor(); } @@ -662,6 +676,7 @@ int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &js return DM_OK; } +// parse 150 int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context) { @@ -708,6 +723,72 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js return DM_OK; } +// parse 141 +int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonObject, + std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); + if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + // First authentication, parse lnn public key + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast(USER)) { + if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accesser.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get(); + } + if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accesser.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// parse 151 +int32_t DmAuthMessageProcessor::ParseMessageRspSKDerive(const JsonObject &jsonObject, + std::shared_ptr context) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); + if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + // First authentication, parse lnn public key + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast(USER)) { + if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accessee.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get(); + } + if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accessee.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + int32_t DmAuthMessageProcessor::ParseProxyCredExchangeToSync(std::shared_ptr &context, JsonObject &jsonObject) { @@ -957,6 +1038,52 @@ int32_t DmAuthMessageProcessor::CreateProxyCredExchangeMessage(std::shared_ptr context, + JsonObject &jsonObject) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); + JsonObject jsonData; + jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accesser.transmitCredentialId; + // First certification + if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast(USER)) { + jsonData[TAG_LNN_CREDENTIAL_ID] = context->accesser.lnnCredentialId; + } + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[TAG_DATA] = cipherText; + return ret; +} + +// Create 151 message. +int32_t DmAuthMessageProcessor::CreateMessageRspSKDerive(std::shared_ptr context, + JsonObject &jsonObject) +{ + CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL); + CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL); + JsonObject jsonData; + jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accessee.transmitCredentialId; + // First certification + if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast(USER)) { + jsonData[TAG_LNN_CREDENTIAL_ID] = context->accessee.lnnCredentialId; + } + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[TAG_DATA] = cipherText; + return ret; +} + // Create 160 message. int32_t DmAuthMessageProcessor::CreateMessageReqCredAuthStart(std::shared_ptr context, JsonObject &jsonObject) diff --git a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp index 231bf6690088a532d790daa4121b6a5b888798ed..106a7f8c279b79bfaef4bbcefdac0fc2382524cf 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state_machine.cpp @@ -73,6 +73,17 @@ void DmAuthStateMachine::InsertSrcTransTable() {DmAuthStateType::AUTH_SRC_PIN_INPUT_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }}, + {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, + {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} + }); + InsertCredentialAuthSrcTransTable(); + InsertUltrasonicSrcTransTable(); + return; +} + +void DmAuthStateMachine::InsertCredentialAuthSrcTransTable() +{ + stateTransitionTable_.insert({ {DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, { DmAuthStateType::AUTH_SRC_PIN_AUTH_MSG_NEGOTIATE_STATE, DmAuthStateType::AUTH_SRC_PIN_NEGOTIATE_START_STATE, @@ -90,23 +101,22 @@ void DmAuthStateMachine::InsertSrcTransTable() DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, }}, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE}}, - - {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE}}, - - {DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SRC_FINISH_STATE}}, - - {DmAuthStateType::AUTH_SRC_FINISH_STATE, {}} + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, + DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, + }}, + {DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE, { + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_FINISH_STATE, + }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, { + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE + }}, + {DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE, { + DmAuthStateType::AUTH_SRC_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE, + }}, }); - - InsertUltrasonicSrcTransTable(); - - return; } void DmAuthStateMachine::InsertUltrasonicSrcTransTable() @@ -135,7 +145,6 @@ void DmAuthStateMachine::InsertUltrasonicSrcTransTable() DmAuthStateType::AUTH_SRC_PIN_AUTH_START_STATE, }} }); - return; } @@ -160,6 +169,17 @@ void DmAuthStateMachine::InsertSinkTransTable() {DmAuthStateType::AUTH_SINK_PIN_DISPLAY_STATE, { DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE, }}, + {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, + {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} + }); + InsertCredentialAuthSinkTransTable(); + InsertUltrasonicSinkTransTable(); + return; +} + +void DmAuthStateMachine::InsertCredentialAuthSinkTransTable() +{ + stateTransitionTable_.insert({ {DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE, { DmAuthStateType::AUTH_SINK_PIN_AUTH_MSG_NEGOTIATE_STATE, DmAuthStateType::AUTH_SINK_PIN_NEGOTIATE_START_STATE, @@ -177,19 +197,20 @@ void DmAuthStateMachine::InsertSinkTransTable() }}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_EXCHANGE_STATE, { DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, + DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, + }}, + {DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE, { + DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SINK_FINISH_STATE, }}, {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE, { - DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, + DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE + }}, + {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, { + DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, + DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE }}, - {DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE, - {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE}}, - {DmAuthStateType::AUTH_SINK_DATA_SYNC_STATE, {DmAuthStateType::AUTH_SINK_FINISH_STATE}}, - {DmAuthStateType::AUTH_SINK_FINISH_STATE, {}} }); - - InsertUltrasonicSinkTransTable(); - - return; } void DmAuthStateMachine::InsertUltrasonicSinkTransTable() diff --git a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp index 9e258bf0bbd2253d90c1821d1300e387351623f1..2081f62b6fa95111e69bdb86c04017305540d743 100644 --- a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp +++ b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp @@ -102,7 +102,6 @@ void AuthCredentialFuzzTest(const uint8_t* data, size_t size) context->accesser.isGenerateLnnCredential = false; authFirst->GetStateType(); authSecond->GetStateType(); - authSecond->GenerateCertificate(context); authThird->GetStateType(); authForth->GetStateType(); authFifth->GetStateType();