1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "compatible_auth_sub_session.h"
17
18 #include "compatible_auth_sub_session_common.h"
19 #include "compatible_auth_sub_session_util.h"
20 #include "dev_auth_module_manager.h"
21 #include "hc_log.h"
22 #include "hc_types.h"
23 #include "hitrace_adapter.h"
24 #include "group_auth_data_operation.h"
25 #include "group_operation_common.h"
26
CheckInputAuthParams(const CJson * authParam)27 static int32_t CheckInputAuthParams(const CJson *authParam)
28 {
29 int32_t keyLen = DEFAULT_RETURN_KEY_LENGTH;
30 (void)GetIntFromJson(authParam, FIELD_KEY_LENGTH, &keyLen);
31 if ((keyLen < MIN_KEY_LENGTH) || (keyLen > MAX_KEY_LENGTH)) {
32 LOGE("The key length is invalid!");
33 return HC_ERR_INVALID_PARAMS;
34 }
35 if (GetStringFromJson(authParam, FIELD_SERVICE_PKG_NAME) == NULL) {
36 LOGE("Failed to get servicePkgName!");
37 return HC_ERR_JSON_GET;
38 }
39 return HC_SUCCESS;
40 }
41
CreateClientAuthSubSessionInner(int32_t osAccountId,CJson * jsonParams,const DeviceAuthCallback * callback,CompatibleBaseSubSession ** session)42 static int32_t CreateClientAuthSubSessionInner(int32_t osAccountId, CJson *jsonParams,
43 const DeviceAuthCallback *callback, CompatibleBaseSubSession **session)
44 {
45 ParamsVecForAuth authParamsVec;
46 CreateAuthParamsList(&authParamsVec);
47 int32_t res = GetAuthParamsVec(osAccountId, jsonParams, &authParamsVec);
48 if (res != HC_SUCCESS) {
49 LOGW("Failed to get auth param list!");
50 DestroyAuthParamsList(&authParamsVec);
51 return res;
52 }
53 if (authParamsVec.size(&authParamsVec) == 0) {
54 LOGE("Empty auth params list!");
55 DestroyAuthParamsList(&authParamsVec);
56 return HC_ERR_NO_CANDIDATE_GROUP;
57 }
58 CompatibleAuthSubSession *subSession = (CompatibleAuthSubSession *)HcMalloc(sizeof(CompatibleAuthSubSession), 0);
59 if (subSession == NULL) {
60 LOGE("Failed to allocate memory for session!");
61 DestroyAuthParamsList(&authParamsVec);
62 return HC_ERR_ALLOC_MEMORY;
63 }
64 subSession->base.type = TYPE_CLIENT_AUTH_SUB_SESSION;
65 subSession->base.callback = callback;
66 subSession->base.appId = GetDuplicatePkgName(jsonParams);
67 subSession->currentIndex = 0;
68 subSession->paramsList = authParamsVec;
69 subSession->base.status = STATUS_INITIAL;
70 *session = (CompatibleBaseSubSession *)subSession;
71
72 return HC_SUCCESS;
73 }
74
CheckAcceptRequest(const CJson * context)75 static int32_t CheckAcceptRequest(const CJson *context)
76 {
77 uint32_t confirmation = REQUEST_REJECTED;
78 (void)GetUnsignedIntFromJson(context, FIELD_CONFIRMATION, &confirmation);
79 if (confirmation != REQUEST_ACCEPTED) {
80 LOGE("The service rejects this request!");
81 return HC_ERR_REQ_REJECTED;
82 }
83 LOGI("The service accepts this request!");
84 return HC_SUCCESS;
85 }
86
GetAuthInfoForServer(CJson * dataFromClient,ParamsVecForAuth * authParamsVec)87 static int32_t GetAuthInfoForServer(CJson *dataFromClient, ParamsVecForAuth *authParamsVec)
88 {
89 int32_t res = CheckAcceptRequest(dataFromClient);
90 if (res != HC_SUCCESS) {
91 return res;
92 }
93 int32_t authForm = AUTH_FORM_INVALID_TYPE;
94 if (GetIntFromJson(dataFromClient, FIELD_AUTH_FORM, &authForm) != HC_SUCCESS) {
95 LOGE("Failed to get auth form!");
96 return HC_ERR_JSON_GET;
97 }
98 int32_t groupAuthType = GetAuthType(authForm);
99 BaseGroupAuth *groupAuthHandle = GetGroupAuth(groupAuthType);
100 if (groupAuthHandle == NULL) {
101 LOGE("Failed to get group auth handle!");
102 return HC_ERR_NOT_SUPPORT;
103 }
104 return groupAuthHandle->getAuthParamsVecForServer(dataFromClient, authParamsVec);
105 }
106
IsPeerGroupAuthError(const CJson * in)107 static bool IsPeerGroupAuthError(const CJson *in)
108 {
109 int32_t groupErrMsg = 0;
110 if (GetIntFromJson(in, FIELD_GROUP_ERROR_MSG, &groupErrMsg) != HC_SUCCESS) {
111 return false;
112 }
113 return true;
114 }
115
HandlePeerAuthError(CompatibleAuthSubSession * session)116 static int32_t HandlePeerAuthError(CompatibleAuthSubSession *session)
117 {
118 if (AuthOnNextGroupIfExist(session) != HC_SUCCESS) {
119 LOGE("Failed to auth on next group!");
120 return HC_ERR_PEER_ERROR;
121 }
122 return HC_SUCCESS;
123 }
124
DelTrustDeviceOnAuthErrorV1(const CJson * paramInSession,int32_t peerResultCode)125 static void DelTrustDeviceOnAuthErrorV1(const CJson *paramInSession, int32_t peerResultCode)
126 {
127 int32_t authForm = 0;
128 if (GetIntFromJson(paramInSession, FIELD_AUTH_FORM, &authForm) != HC_SUCCESS) {
129 LOGE("Get FIELD_AUTH_FORM from session failed!");
130 return;
131 }
132 if ((authForm != AUTH_FORM_IDENTICAL_ACCOUNT) ||
133 ((peerResultCode != PEER_ACCOUNT_NOT_MATCH) && (peerResultCode != PEER_ACCOUNT_NOT_LOGIN))) {
134 return;
135 }
136 int32_t osAccountId;
137 if (GetIntFromJson(paramInSession, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
138 LOGE("Get osAccountId from session failed!");
139 return;
140 }
141 const char *groupId = GetStringFromJson(paramInSession, FIELD_GROUP_ID);
142 if (groupId == NULL) {
143 LOGE("Get groupId from session failed!");
144 return;
145 }
146 const char *peerUdid = GetStringFromJson(paramInSession, FIELD_PEER_UDID);
147 if (peerUdid == NULL) {
148 LOGE("Get peer udid from session failed!");
149 return;
150 }
151 TrustedDeviceEntry *peerDevInfo = CreateDeviceEntry();
152 if (peerDevInfo == NULL) {
153 LOGE("Failed to create device entry!");
154 return;
155 }
156 if (GaGetTrustedDeviceEntryById(osAccountId, peerUdid, true, groupId, peerDevInfo) != HC_SUCCESS) {
157 LOGW("peer device not exist, no need to delete!");
158 DestroyDeviceEntry(peerDevInfo);
159 return;
160 }
161 if (peerDevInfo->source == IMPORTED_FROM_CLOUD) {
162 LOGW("peer device is imported, do not delete!");
163 DestroyDeviceEntry(peerDevInfo);
164 return;
165 }
166 if (DelDeviceFromDb(osAccountId, groupId, peerDevInfo) != HC_SUCCESS) {
167 LOGE("Failed to delete not trusted account related device!");
168 DestroyDeviceEntry(peerDevInfo);
169 return;
170 }
171 DestroyDeviceEntry(peerDevInfo);
172 LOGI("Success delete not trusted account related device!");
173 }
174
ProcessClientAuthTaskInner(CompatibleAuthSubSession * session,int32_t moduleType,CJson * in,CJson * out,int32_t * status)175 static int32_t ProcessClientAuthTaskInner(CompatibleAuthSubSession *session, int32_t moduleType, CJson *in,
176 CJson *out, int32_t *status)
177 {
178 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
179 if (paramInSession == NULL) {
180 LOGE("Failed to get param in session!");
181 return HC_ERR_NULL_PTR;
182 }
183 DEV_AUTH_START_TRACE(TRACE_TAG_PROCESS_AUTH_TASK);
184 int32_t res = ProcessTask(session->base.curTaskId, in, out, status, moduleType);
185 DEV_AUTH_FINISH_TRACE();
186 DeleteItemFromJson(in, FIELD_PAYLOAD);
187 if (res != HC_SUCCESS) {
188 LOGW("Failed to process client auth task, try to auth on next group!");
189 DestroyTask(session->base.curTaskId, moduleType);
190 int32_t peerResultCode = 0;
191 (void)GetIntFromJson(in, FIELD_RESULT_CODE, &peerResultCode);
192 DelTrustDeviceOnAuthErrorV1(paramInSession, peerResultCode);
193 return ProcessClientAuthError(session, out);
194 }
195 return HandleAuthTaskStatus(session, out, *status, false);
196 }
197
ProcessDeviceLevel(const CJson * receiveData,CJson * authParam)198 static void ProcessDeviceLevel(const CJson *receiveData, CJson *authParam)
199 {
200 bool receiveLevel = false;
201 bool authLevel = false;
202 (void)GetBoolFromJson(receiveData, FIELD_IS_DEVICE_LEVEL, &receiveLevel);
203 (void)GetBoolFromJson(authParam, FIELD_IS_DEVICE_LEVEL, &authLevel);
204 if (AddBoolToJson(authParam, FIELD_IS_DEVICE_LEVEL, receiveLevel && authLevel) != HC_SUCCESS) {
205 LOGE("Failed to add device level to auth param!");
206 }
207 }
208
ProcessClientAuthTask(CompatibleAuthSubSession * session,CJson * receivedData,int32_t * status)209 static int32_t ProcessClientAuthTask(CompatibleAuthSubSession *session, CJson *receivedData, int32_t *status)
210 {
211 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
212 if (paramInSession == NULL) {
213 LOGE("Failed to get param in session!");
214 return HC_ERR_NULL_PTR;
215 }
216 ProcessDeviceLevel(receivedData, paramInSession);
217
218 if (IsPeerGroupAuthError(receivedData)) {
219 return HandlePeerAuthError(session);
220 }
221
222 CJson *out = CreateJson();
223 if (out == NULL) {
224 LOGE("Failed to create json for out!");
225 NotifyPeerAuthError(paramInSession, session->base.callback);
226 return HC_ERR_JSON_CREATE;
227 }
228 int32_t res = ProcessClientAuthTaskInner(session, GetAuthModuleType(paramInSession), receivedData, out, status);
229 ClearSensitiveStringInJson(out, FIELD_SESSION_KEY);
230 FreeJson(out);
231 if (res == FINISH) {
232 LOGI("End process client authSession.");
233 }
234 return res;
235 }
236
GenerateClientFirstMsg(CompatibleAuthSubSession * session,CJson * out,CJson ** sendData)237 static int32_t GenerateClientFirstMsg(CompatibleAuthSubSession *session, CJson *out, CJson **sendData)
238 {
239 *sendData = DetachItemFromJson(out, FIELD_SEND_TO_PEER);
240 if (*sendData == NULL) {
241 LOGE("The transmit data to peer is null!");
242 return HC_ERR_JSON_GET;
243 }
244 int32_t res = AddGroupAuthTransmitData(session, true, *sendData);
245 if (res != HC_SUCCESS) {
246 FreeJson(*sendData);
247 *sendData = NULL;
248 }
249 return res;
250 }
251
CreateAndProcessClientAuthTask(CompatibleAuthSubSession * session,CJson ** sendData,int32_t * status)252 static int32_t CreateAndProcessClientAuthTask(CompatibleAuthSubSession *session, CJson **sendData, int32_t *status)
253 {
254 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
255 if (paramInSession == NULL) {
256 LOGE("Failed to get param in session!");
257 return HC_ERR_NULL_PTR;
258 }
259 CJson *out = CreateJson();
260 if (out == NULL) {
261 LOGE("Failed to create json!");
262 return HC_ERR_JSON_CREATE;
263 }
264 int32_t res = CreateAndProcessAuthTask(session, paramInSession, out, status);
265 if (res != HC_SUCCESS) {
266 LOGW("Failed to create and process client auth task, try to auth on next group!");
267 res = ProcessClientAuthError(session, out);
268 FreeJson(out);
269 return res;
270 }
271 res = GenerateClientFirstMsg(session, out, sendData);
272 FreeJson(out);
273 return res;
274 }
275
ProcessServerAuthTaskInner(CompatibleAuthSubSession * session,int32_t moduleType,CJson * in,CJson * out,int32_t * status)276 static int32_t ProcessServerAuthTaskInner(CompatibleAuthSubSession *session, int32_t moduleType,
277 CJson *in, CJson *out, int32_t *status)
278 {
279 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
280 if (paramInSession == NULL) {
281 LOGE("The json data in session is null!");
282 return HC_ERR_NULL_PTR;
283 }
284 DEV_AUTH_START_TRACE(TRACE_TAG_PROCESS_AUTH_TASK);
285 int32_t res = ProcessTask(session->base.curTaskId, in, out, status, moduleType);
286 DEV_AUTH_FINISH_TRACE();
287 DeleteItemFromJson(in, FIELD_PAYLOAD);
288 if (res != HC_SUCCESS) {
289 ProcessServerAuthError(session, out);
290 return res;
291 }
292 return HandleAuthTaskStatus(session, out, *status, false);
293 }
294
ProcessServerAuthTask(CompatibleAuthSubSession * session,CJson * receivedData,int32_t * status)295 static int32_t ProcessServerAuthTask(CompatibleAuthSubSession *session, CJson *receivedData, int32_t *status)
296 {
297 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
298 if (paramInSession == NULL) {
299 LOGE("Failed to get param in session!");
300 return HC_ERR_NULL_PTR;
301 }
302 if (IsPeerGroupAuthError(receivedData)) {
303 LOGE("Peer group auth error happened, stop the server auth session!");
304 return HC_ERR_PEER_ERROR;
305 }
306 CJson *out = CreateJson();
307 if (out == NULL) {
308 LOGE("Failed to create json for out!");
309 NotifyPeerAuthError(paramInSession, session->base.callback);
310 return HC_ERR_JSON_CREATE;
311 }
312 int32_t moduleType = GetAuthModuleType(paramInSession);
313 int32_t res = ProcessServerAuthTaskInner(session, moduleType, receivedData, out, status);
314 FreeJson(out);
315 if (res == FINISH) {
316 LOGI("finish process server authSession.");
317 }
318 return res;
319 }
320
CreateAndProcessServerAuthTask(CompatibleAuthSubSession * session,CJson * receivedData,int32_t * status)321 static int32_t CreateAndProcessServerAuthTask(CompatibleAuthSubSession *session, CJson *receivedData, int32_t *status)
322 {
323 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
324 if (paramInSession == NULL) {
325 LOGE("The json data in session is null!");
326 return HC_ERR_NULL_PTR;
327 }
328 ProcessDeviceLevel(receivedData, paramInSession);
329 CJson *out = CreateJson();
330 if (out == NULL) {
331 LOGE("Failed to create json!");
332 NotifyPeerAuthError(receivedData, session->base.callback);
333 return HC_ERR_JSON_CREATE;
334 }
335 int32_t res = CreateAndProcessAuthTask(session, paramInSession, out, status);
336 if (res != HC_SUCCESS) {
337 ProcessServerAuthError(session, out);
338 FreeJson(out);
339 return res;
340 }
341 res = HandleAuthTaskStatus(session, out, *status, false);
342 FreeJson(out);
343 return res;
344 }
345
CreateClientAuthSubSession(CJson * jsonParams,const DeviceAuthCallback * callback,CompatibleBaseSubSession ** session)346 int32_t CreateClientAuthSubSession(CJson *jsonParams, const DeviceAuthCallback *callback,
347 CompatibleBaseSubSession **session)
348 {
349 int32_t res = CheckInputAuthParams(jsonParams);
350 if (res != HC_SUCCESS) {
351 LOGE("Invalid input params!");
352 return res;
353 }
354 if (AddIntToJson(jsonParams, FIELD_OPERATION_CODE, AUTHENTICATE) != HC_SUCCESS) {
355 LOGE("Failed to add operation code to json!");
356 return HC_ERR_JSON_ADD;
357 }
358 int32_t osAccountId = INVALID_OS_ACCOUNT;
359 if (GetIntFromJson(jsonParams, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
360 LOGE("Failed to get osAccountId from params!");
361 return HC_ERR_JSON_GET;
362 }
363 return CreateClientAuthSubSessionInner(osAccountId, jsonParams, callback, session);
364 }
365
CreateServerAuthSubSession(CJson * jsonParams,const DeviceAuthCallback * callback,CompatibleBaseSubSession ** session)366 int32_t CreateServerAuthSubSession(CJson *jsonParams, const DeviceAuthCallback *callback,
367 CompatibleBaseSubSession **session)
368 {
369 ParamsVecForAuth authVec;
370 CreateAuthParamsList(&authVec);
371 int32_t res = GetAuthInfoForServer(jsonParams, &authVec);
372 ClearCachedData(jsonParams);
373 if (res != HC_SUCCESS) {
374 LOGE("Failed to add auth param for server!");
375 DestroyAuthParamsList(&authVec);
376 NotifyPeerAuthError(jsonParams, callback);
377 return res;
378 }
379 if (authVec.size(&authVec) == 0) {
380 LOGE("Empty auth params list!");
381 DestroyAuthParamsList(&authVec);
382 NotifyPeerAuthError(jsonParams, callback);
383 return HC_ERR_NO_CANDIDATE_GROUP;
384 }
385 CompatibleAuthSubSession *subSession = (CompatibleAuthSubSession *)HcMalloc(sizeof(CompatibleAuthSubSession), 0);
386 if (subSession == NULL) {
387 LOGE("Failed to malloc memory for session!");
388 DestroyAuthParamsList(&authVec);
389 NotifyPeerAuthError(jsonParams, callback);
390 return HC_ERR_ALLOC_MEMORY;
391 }
392
393 subSession->base.type = TYPE_SERVER_AUTH_SUB_SESSION;
394 subSession->base.callback = callback;
395 subSession->base.appId = GetDuplicatePkgName(jsonParams);
396 subSession->currentIndex = 0;
397 subSession->paramsList = authVec;
398 subSession->base.status = STATUS_INITIAL;
399 *session = (CompatibleBaseSubSession *)subSession;
400
401 return HC_SUCCESS;
402 }
403
ProcessClientAuthSubSession(CompatibleBaseSubSession * session,CJson * in,CJson ** out,int32_t * status)404 int32_t ProcessClientAuthSubSession(CompatibleBaseSubSession *session, CJson *in, CJson **out, int32_t *status)
405 {
406 CompatibleAuthSubSession *subSession = (CompatibleAuthSubSession *)session;
407 if (session->status == STATUS_PROCESSING) {
408 return ProcessClientAuthTask(subSession, in, status);
409 } else {
410 session->status = STATUS_PROCESSING;
411 return CreateAndProcessClientAuthTask(subSession, out, status);
412 }
413 }
414
ProcessServerAuthSubSession(CompatibleBaseSubSession * session,CJson * in,int32_t * status)415 int32_t ProcessServerAuthSubSession(CompatibleBaseSubSession *session, CJson *in, int32_t *status)
416 {
417 CompatibleAuthSubSession *subSession = (CompatibleAuthSubSession *)session;
418 if (session->status == STATUS_PROCESSING) {
419 return ProcessServerAuthTask(subSession, in, status);
420 } else {
421 session->status = STATUS_PROCESSING;
422 return CreateAndProcessServerAuthTask(subSession, in, status);
423 }
424 }
425
DestroyCompatibleAuthSubSession(CompatibleBaseSubSession * session)426 void DestroyCompatibleAuthSubSession(CompatibleBaseSubSession *session)
427 {
428 if (session == NULL) {
429 return;
430 }
431 CompatibleAuthSubSession *realSession = (CompatibleAuthSubSession *)session;
432 HcFree(realSession->base.appId);
433 realSession->base.appId = NULL;
434 CJson *paramInSession = (realSession->paramsList).get(&(realSession->paramsList), realSession->currentIndex);
435 if (paramInSession == NULL) {
436 LOGE("The json param in session is null!");
437 return;
438 }
439 DestroyTask(realSession->base.curTaskId, GetAuthModuleType(paramInSession));
440
441 uint32_t index;
442 void **paramsData = NULL;
443 FOR_EACH_HC_VECTOR(realSession->paramsList, index, paramsData) {
444 FreeJson((CJson *)*paramsData);
445 }
446 DestroyAuthParamsList(&(realSession->paramsList));
447 HcFree(realSession);
448 }