1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <chrono>
16 #include <iomanip>
17 #include <iostream>
18 #include <sstream>
19 #include "dm_auth_attest_common.h"
20 #include "dm_auth_cert.h"
21 #include "dm_auth_context.h"
22 #include "dm_auth_manager_base.h"
23 #include "dm_auth_message_processor.h"
24 #include "dm_auth_state.h"
25 #include "dm_auth_state_machine.h"
26 #include "dm_constants.h"
27 #include "dm_log.h"
28 #include "deviceprofile_connector.h"
29 #include "ffrt.h"
30 #include "hichain_auth_connector.h"
31 #include "multiple_user_connector.h"
32
33 namespace OHOS {
34 namespace DistributedHardware {
35
36 namespace {
37
38 // tag in Lowercase, need by hichain tag
39 constexpr const char* TAG_LOWER_DEVICE_ID = "deviceId";
40 constexpr const char* TAG_LOWER_USER_ID = "userId";
41 constexpr const char* DM_AUTH_CREDENTIAL_OWNER = "DM";
42 const int32_t GENERATE_CERT_TIMEOUT = 100; // 100ms
43
44 // decrypt process
g_authCredentialTransmitDecryptProcess(std::shared_ptr<DmAuthContext> context,DmEventType event)45 int32_t g_authCredentialTransmitDecryptProcess(std::shared_ptr<DmAuthContext> context, DmEventType event)
46 {
47 if (context->transmitData.empty()) {
48 LOGE("DmAuthMessageProcessor::CreateMessageReqCredAuthStart failed, get onTransmitData failed.");
49 return ERR_DM_FAILED;
50 }
51
52 int32_t ret = context->hiChainAuthConnector->ProcessCredData(context->requestId, context->transmitData);
53 if (ret != DM_OK) {
54 LOGE("AuthCredentialTransmitDecryptProcess: ProcessCredData transmit data failed");
55 return ERR_DM_FAILED;
56 }
57
58 if (context->authStateMachine->WaitExpectEvent(event) != event) {
59 LOGE("AuthCredentialTransmitDecryptProcess: Hichain auth transmit data failed");
60 return ERR_DM_FAILED;
61 }
62 return DM_OK;
63 }
64
AuthCredentialTransmitSend(std::shared_ptr<DmAuthContext> context,DmMessageType msgType)65 int32_t AuthCredentialTransmitSend(std::shared_ptr<DmAuthContext> context, DmMessageType msgType)
66 {
67 if (context->transmitData.empty()) {
68 LOGE("AuthCredentialTransmitSend: Get onTransmitData failed.");
69 return ERR_DM_FAILED;
70 }
71
72 std::string message =
73 context->authMessageProcessor->CreateMessage(msgType, context);
74 if (message.empty()) {
75 LOGE("AuthCredentialTransmitSend: CreateMessage AuthCredential transmit data failed");
76 return ERR_DM_FAILED;
77 }
78
79 return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
80 }
81
SetAuthContext(int32_t skId,int64_t & appSkTimeStamp,int32_t & appSessionKeyId)82 void SetAuthContext(int32_t skId, int64_t &appSkTimeStamp, int32_t &appSessionKeyId)
83 {
84 appSkTimeStamp = static_cast<int64_t>(DmAuthState::GetSysTimeMs());
85 appSessionKeyId = skId;
86 return;
87 }
88
89 }
90
GetStateType()91 DmAuthStateType AuthSrcCredentialAuthNegotiateState::GetStateType()
92 {
93 return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE;
94 }
95
96 // Parse the ontransmit data, respond with 161 message
Action(std::shared_ptr<DmAuthContext> context)97 int32_t AuthSrcCredentialAuthNegotiateState::Action(std::shared_ptr<DmAuthContext> context)
98 {
99 // decrypt and transmit transmitData
100 int32_t ret = g_authCredentialTransmitDecryptProcess(context, ON_TRANSMIT);
101 if (ret != DM_OK) {
102 return ret;
103 }
104
105 // Send 161 message
106 return AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE);
107 }
108
GetStateType()109 DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType()
110 {
111 return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE;
112 }
113
Action(std::shared_ptr<DmAuthContext> context)114 int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr<DmAuthContext> context)
115 {
116 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
117 CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL);
118 if (GetSessionKey(context)) {
119 DerivativeSessionKey(context);
120 std::unique_lock<std::mutex> cvLock(context->certCVMtx_);
121 context->certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT),
122 [=] {return !context->accesser.cert.empty();});
123 context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_REQ_DATA_SYNC, context);
124 return DM_OK;
125 }
126 // decrypt and transmit transmitData
127 int32_t ret = g_authCredentialTransmitDecryptProcess(context, ON_SESSION_KEY_RETURNED);
128 if (ret != DM_OK) {
129 return ret;
130 }
131 // Authentication completion triggers the Onfinish callback event.
132 if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) {
133 LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed");
134 return ERR_DM_FAILED;
135 }
136 return HandleSrcCredentialAuthDone(context);
137 }
138
HandleSrcCredentialAuthDone(std::shared_ptr<DmAuthContext> context)139 int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ptr<DmAuthContext> context)
140 {
141 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
142 CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL);
143 DmMessageType msgType;
144 int32_t ret = DM_OK;
145 // first time joinLnn, auth lnnCredential
146 if (context->accesser.isGenerateLnnCredential == true && context->isAppCredentialVerified == false &&
147 context->accesser.bindLevel != static_cast<int32_t>(USER)) {
148 context->isAppCredentialVerified = true;
149 DerivativeSessionKey(context);
150 msgType = MSG_TYPE_REQ_CREDENTIAL_AUTH_START;
151 ret = context->hiChainAuthConnector->AuthCredential(context->accesser.userId, context->requestId,
152 context->accesser.lnnCredentialId, std::string(""));
153 if (ret != DM_OK) {
154 LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth credentail failed");
155 return ret;
156 }
157 // wait for onTransmit event
158 if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) {
159 LOGE("AuthSrcCredentialAuthDoneState::Action failed, ON_TRANSMIT event not arrived.");
160 return ERR_DM_FAILED;
161 }
162 // First-time authentication and Lnn credential process
163 } else if (context->accesser.isGenerateLnnCredential == true &&
164 context->accesser.bindLevel != static_cast<int32_t>(USER)) {
165 int32_t skId = 0;
166 int32_t ret = context->authMessageProcessor->SaveSessionKeyToDP(context->accesser.userId, skId);
167 if (ret != DM_OK) {
168 LOGE("DP save user session key failed %{public}d", ret);
169 return ret;
170 }
171 SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId);
172 std::unique_lock<std::mutex> cvLock(context->certCVMtx_);
173 context->certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT),
174 [=] {return !context->accesser.cert.empty();});
175 msgType = MSG_TYPE_REQ_DATA_SYNC;
176 } else { // Non-first-time authentication transport credential process
177 DerivativeSessionKey(context);
178 std::unique_lock<std::mutex> cvLock(context->certCVMtx_);
179 context->certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT),
180 [=] {return !context->accesser.cert.empty();});
181 msgType = MSG_TYPE_REQ_DATA_SYNC;
182 }
183 return SendCredentialAuthMessage(context, msgType);
184 }
185
SendCredentialAuthMessage(std::shared_ptr<DmAuthContext> context,DmMessageType & msgType)186 int32_t AuthSrcCredentialAuthDoneState::SendCredentialAuthMessage(std::shared_ptr<DmAuthContext> context,
187 DmMessageType &msgType)
188 {
189 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
190 CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL);
191 std::string message = context->authMessageProcessor->CreateMessage(msgType, context);
192 if (message.empty()) {
193 LOGE("AuthSrcCredentialAuthDoneState::Action CreateMessage failed");
194 return ERR_DM_FAILED;
195 }
196 return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
197 }
198
DerivativeSessionKey(std::shared_ptr<DmAuthContext> context)199 int32_t AuthSrcCredentialAuthDoneState::DerivativeSessionKey(std::shared_ptr<DmAuthContext> context)
200 {
201 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
202 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
203 int32_t skId = 0;
204 int32_t ret = context->authMessageProcessor->SaveSessionKeyToDP(context->accesser.userId, skId);
205 if (ret != DM_OK) {
206 LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed");
207 return ret;
208 }
209 SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId);
210 return DM_OK;
211 }
212 return DerivativeProxySessionKey(context);
213 }
214
DerivativeProxySessionKey(std::shared_ptr<DmAuthContext> context)215 int32_t AuthSrcCredentialAuthDoneState::DerivativeProxySessionKey(std::shared_ptr<DmAuthContext> context)
216 {
217 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
218 if (!context->reUseCreId.empty()) {
219 context->accesser.transmitCredentialId = context->reUseCreId;
220 }
221 if (context->IsCallingProxyAsSubject && !context->accesser.isAuthed) {
222 int32_t skId = 0;
223 int32_t ret = 0;
224 if (!context->reUseCreId.empty()) {
225 std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash +
226 context->accesser.tokenIdHash + context->accessee.tokenIdHash;
227 ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId);
228 context->accesser.transmitCredentialId = context->reUseCreId;
229 } else {
230 ret = context->authMessageProcessor->SaveSessionKeyToDP(context->accesser.userId, skId);
231 }
232 if (ret != DM_OK) {
233 LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed");
234 return ret;
235 }
236 SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId);
237 }
238 for (auto &app : context->subjectProxyOnes) {
239 if (app.proxyAccesser.isAuthed) {
240 continue;
241 }
242 int32_t skId = 0;
243 std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash +
244 app.proxyAccesser.tokenIdHash + app.proxyAccessee.tokenIdHash;
245 int32_t ret =
246 context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId);
247 if (ret != DM_OK) {
248 LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed");
249 return ret;
250 }
251 app.proxyAccesser.skTimeStamp = static_cast<int64_t>(DmAuthState::GetSysTimeMs());
252 app.proxyAccesser.transmitSessionKeyId = skId;
253 if (!context->reUseCreId.empty()) {
254 app.proxyAccesser.transmitCredentialId = context->reUseCreId;
255 continue;
256 }
257 app.proxyAccesser.transmitCredentialId = context->accesser.transmitCredentialId;
258 }
259 return DM_OK;
260 }
261
GetStateType()262 DmAuthStateType AuthSinkCredentialAuthStartState::GetStateType()
263 {
264 return DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE;
265 }
266
Action(std::shared_ptr<DmAuthContext> context)267 int32_t AuthSinkCredentialAuthStartState::Action(std::shared_ptr<DmAuthContext> context)
268 {
269 context->timer->DeleteTimer(std::string(WAIT_REQUEST_TIMEOUT_TASK));
270
271 int32_t ret = g_authCredentialTransmitDecryptProcess(context, ON_TRANSMIT);
272 if (ret != DM_OK) {
273 return ret;
274 }
275
276 return AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START);
277 }
278
GetStateType()279 DmAuthStateType AuthSinkCredentialAuthNegotiateState::GetStateType()
280 {
281 return DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE;
282 }
283
Action(std::shared_ptr<DmAuthContext> context)284 int32_t AuthSinkCredentialAuthNegotiateState::Action(std::shared_ptr<DmAuthContext> context)
285 {
286 int32_t ret = g_authCredentialTransmitDecryptProcess(context, ON_TRANSMIT);
287 if (ret != DM_OK) {
288 return ret;
289 }
290
291 // Construct and send 171 message
292 ret = AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE);
293 if (ret != DM_OK) {
294 return ret;
295 }
296
297 if (context->authStateMachine->WaitExpectEvent(ON_SESSION_KEY_RETURNED) != ON_SESSION_KEY_RETURNED) {
298 LOGE("AuthSinkCredentialAuthNegotiateState::Action Hichain auth SINK transmit data failed");
299 return ERR_DM_FAILED;
300 }
301
302 if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) {
303 LOGE("AuthSinkCredentialAuthNegotiateState::Action Hichain auth SINK transmit data failed");
304 return ERR_DM_FAILED;
305 }
306 int32_t skId;
307
308 // First lnn cred auth, second time receiving 161 message
309 if (context->accessee.isGenerateLnnCredential == true &&
310 context->accessee.bindLevel != static_cast<int32_t>(USER) &&
311 context->isAppCredentialVerified == true) {
312 ret = context->authMessageProcessor->SaveSessionKeyToDP(context->accessee.userId, skId);
313 if (ret != DM_OK) {
314 LOGE("AuthSinkCredentialAuthNegotiateState::Action DP save user session key failed");
315 return ret;
316 }
317 context->accessee.lnnSkTimeStamp = static_cast<int64_t>(GetSysTimeMs());
318 context->accessee.lnnSessionKeyId = skId;
319 } else { // Twice transport cred auth
320 context->isAppCredentialVerified = true;
321 if (!context->IsProxyBind || context->subjectProxyOnes.empty() ||
322 (context->IsCallingProxyAsSubject && !context->accessee.isAuthed)) {
323 ret = context->authMessageProcessor->SaveSessionKeyToDP(context->accessee.userId, skId);
324 if (ret != DM_OK) {
325 LOGE("DP save user session key failed %{public}d", ret);
326 return ret;
327 }
328 context->accessee.transmitSkTimeStamp = static_cast<int64_t>(GetSysTimeMs());
329 context->accessee.transmitSessionKeyId = skId;
330 }
331 DerivativeSessionKey(context);
332 }
333 return DM_OK;
334 }
335
DerivativeSessionKey(std::shared_ptr<DmAuthContext> context)336 int32_t AuthSinkCredentialAuthNegotiateState::DerivativeSessionKey(std::shared_ptr<DmAuthContext> context)
337 {
338 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
339 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
340 return DM_OK;
341 }
342 for (auto &app : context->subjectProxyOnes) {
343 if (app.proxyAccessee.isAuthed) {
344 continue;
345 }
346 int32_t skId = 0;
347 std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash +
348 app.proxyAccesser.tokenIdHash + app.proxyAccessee.tokenIdHash;
349 int32_t ret =
350 context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId);
351 if (ret != DM_OK) {
352 LOGE("AuthSinkCredentialAuthNegotiateState::Action DP save user session key failed %{public}d", ret);
353 return ret;
354 }
355 app.proxyAccessee.skTimeStamp = static_cast<int64_t>(DmAuthState::GetSysTimeMs());
356 app.proxyAccessee.transmitSessionKeyId = skId;
357 if (!context->reUseCreId.empty()) {
358 app.proxyAccessee.transmitCredentialId = context->reUseCreId;
359 continue;
360 }
361 app.proxyAccessee.transmitCredentialId = context->accessee.transmitCredentialId;
362 }
363 return DM_OK;
364 }
365
366 // Generate the json string of authParams in the credential negotiation state
CreateAuthParamsString(DmAuthScope authorizedScope,DmAuthCredentialAddMethod method,const std::shared_ptr<DmAuthContext> & authContext)367 std::string AuthCredentialAgreeState::CreateAuthParamsString(DmAuthScope authorizedScope,
368 DmAuthCredentialAddMethod method, const std::shared_ptr<DmAuthContext> &authContext)
369 {
370 LOGI("AuthCredentialAgreeState::CreateAuthParamsString start, authorizedScope: %{public}d.",
371 static_cast<int32_t>(authorizedScope));
372
373 if ((authorizedScope <= DM_AUTH_SCOPE_INVALID || authorizedScope >= DM_AUTH_SCOPE_MAX) ||
374 (method != DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE && method != DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT)) {
375 return std::string("");
376 }
377
378 JsonObject jsonObj;
379 if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) {
380 jsonObj[TAG_METHOD] = method;
381 }
382
383 jsonObj[TAG_LOWER_DEVICE_ID] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ?
384 authContext->GetDeviceId(DM_AUTH_LOCAL_SIDE) : authContext->GetDeviceId(DM_AUTH_REMOTE_SIDE);
385 if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT) {
386 jsonObj[TAG_PEER_USER_SPACE_ID] = std::to_string(authContext->GetUserId(DM_AUTH_REMOTE_SIDE));
387 }
388 jsonObj[TAG_LOWER_USER_ID] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ?
389 authContext->GetAccountId(DM_AUTH_LOCAL_SIDE) : authContext->GetAccountId(DM_AUTH_REMOTE_SIDE);
390 jsonObj[TAG_SUBJECT] = DM_AUTH_CREDENTIAL_SUBJECT_PRIMARY;
391 jsonObj[TAG_CRED_TYPE] = DM_AUTH_CREDENTIAL_ACCOUNT_UNRELATED;
392 jsonObj[TAG_KEY_FORMAT] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ?
393 DM_AUTH_KEY_FORMAT_ASYMM_GENERATE : DM_AUTH_KEY_FORMAT_ASYMM_IMPORT;
394 jsonObj[TAG_ALGORITHM_TYPE] = DM_AUTH_ALG_TYPE_ED25519;
395 jsonObj[TAG_PROOF_TYPE] = DM_AUTH_CREDENTIAL_PROOF_PSK;
396 if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT) {
397 jsonObj[TAG_KEY_VALUE] = authContext->GetPublicKey(DM_AUTH_REMOTE_SIDE, authorizedScope);
398 }
399 if (authorizedScope == DM_AUTH_SCOPE_LNN || authorizedScope == DM_AUTH_SCOPE_USER) {
400 jsonObj[TAG_AUTHORIZED_SCOPE] = DM_AUTH_SCOPE_USER;
401 } else {
402 jsonObj[TAG_AUTHORIZED_SCOPE] = authorizedScope;
403 }
404 if (authorizedScope == DM_AUTH_SCOPE_APP || authorizedScope == DM_AUTH_SCOPE_USER) {
405 GenerateTokenIds(authContext, jsonObj);
406 }
407 jsonObj[TAG_CREDENTIAL_OWNER] = DM_AUTH_CREDENTIAL_OWNER;
408
409 LOGI("AuthCredentialAgreeState::CreateAuthParamsString leave.");
410 return jsonObj.Dump();
411 }
412
GenerateTokenIds(const std::shared_ptr<DmAuthContext> & context,JsonObject & jsonObj)413 void AuthCredentialAgreeState::GenerateTokenIds(const std::shared_ptr<DmAuthContext> &context,
414 JsonObject &jsonObj)
415 {
416 CHECK_NULL_VOID(context);
417 std::vector<std::string> tokenIds;
418 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
419 tokenIds.push_back(std::to_string(context->accesser.tokenId));
420 tokenIds.push_back(std::to_string(context->accessee.tokenId));
421 jsonObj[TAG_AUTHORIZED_APP_LIST] = tokenIds;
422 return;
423 }
424 if (context->IsCallingProxyAsSubject) {
425 tokenIds.push_back(std::to_string(context->accesser.tokenId));
426 tokenIds.push_back(std::to_string(context->accessee.tokenId));
427 }
428 for (auto &app : context->subjectProxyOnes) {
429 tokenIds.push_back(std::to_string(app.proxyAccesser.tokenId));
430 tokenIds.push_back(std::to_string(app.proxyAccessee.tokenId));
431 }
432 if (tokenIds.empty()) {
433 LOGE("no tokenId.");
434 return;
435 }
436 jsonObj[TAG_AUTHORIZED_APP_LIST] = tokenIds;
437 }
438
439 // Generate credential ID and public key
GenerateCredIdAndPublicKey(DmAuthScope authorizedScope,std::shared_ptr<DmAuthContext> & authContext)440 int32_t AuthCredentialAgreeState::GenerateCredIdAndPublicKey(DmAuthScope authorizedScope,
441 std::shared_ptr<DmAuthContext> &authContext)
442 {
443 LOGI("authorizedScope %{public}d.", static_cast<int32_t>(authorizedScope));
444 if ((authorizedScope <= DM_AUTH_SCOPE_INVALID || authorizedScope >= DM_AUTH_SCOPE_MAX) ||
445 authContext == nullptr || authContext->hiChainAuthConnector == nullptr) {
446 return ERR_DM_FAILED;
447 }
448
449 std::string authParamsString = CreateAuthParamsString(authorizedScope,
450 DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE, authContext);
451 if (authParamsString == "") {
452 LOGE("AuthCredentialAgreeState::GenerateCredIdAndPublicKey() error, create authParamsString failed.");
453 return ERR_DM_FAILED;
454 }
455
456 int32_t osAccountId = (authContext->direction == DM_AUTH_SOURCE) ?
457 authContext->accesser.userId : authContext->accessee.userId;
458 std::string credId;
459 int32_t ret = authContext->hiChainAuthConnector->AddCredential(osAccountId, authParamsString, credId);
460 if (ret != DM_OK) {
461 LOGE("AuthCredentialAgreeState::GenerateCredIdAndPublicKey() error, add credential failed.");
462 return ret;
463 }
464
465 std::string publicKey;
466 ret = authContext->hiChainAuthConnector->ExportCredential(osAccountId, credId, publicKey);
467 if (ret != DM_OK) {
468 LOGE("AuthCredentialAgreeState::GenerateCredIdAndPublicKey(), export publicKey failed.");
469 authContext->hiChainAuthConnector->DeleteCredential(osAccountId, credId);
470 return ret;
471 }
472
473 (void)authContext->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, credId);
474 (void)authContext->SetPublicKey(DM_AUTH_LOCAL_SIDE, authorizedScope, publicKey);
475 LOGI("AuthCredentialAgreeState::GenerateCredIdAndPublicKey credId=%{public}s, publicKey=%{public}s.\n",
476 GetAnonyString(authContext->GetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope)).c_str(),
477 GetAnonyString(authContext->GetPublicKey(DM_AUTH_LOCAL_SIDE, authorizedScope)).c_str());
478 LOGI("AuthCredentialAgreeState::GenerateCredIdAndPublicKey leave.");
479 return DM_OK;
480 }
481
482 // Get the negotiation credential ID by agree credential
AgreeCredential(DmAuthScope authorizedScope,std::shared_ptr<DmAuthContext> & authContext)483 int32_t AuthCredentialAgreeState::AgreeCredential(DmAuthScope authorizedScope,
484 std::shared_ptr<DmAuthContext> &authContext)
485 {
486 LOGI("AuthCredentialAgreeState::AgreeCredential start, authorizedScope: %{public}d.",
487 static_cast<int32_t>(authorizedScope));
488 if ((authorizedScope <= DM_AUTH_SCOPE_INVALID || authorizedScope >= DM_AUTH_SCOPE_MAX) || authContext == nullptr) {
489 return ERR_DM_FAILED;
490 }
491
492 std::string authParamsString = CreateAuthParamsString(authorizedScope,
493 DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT, authContext);
494 if (authParamsString == "") {
495 LOGE("AuthCredentialAgreeState::AgreeCredential error, create authParamsString failed.");
496 return ERR_DM_FAILED;
497 }
498
499 int32_t osAccountId = authContext->direction == DM_AUTH_SOURCE ?
500 authContext->accesser.userId : authContext->accessee.userId;
501 std::string selfCredId = authContext->GetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope);
502 std::string credId;
503 LOGI("AuthCredentialAgreeState::AgreeCredential agree with accountId %{public}d and param %{public}s.",
504 osAccountId, GetAnonyJsonString(authParamsString).c_str());
505 int32_t ret = authContext->hiChainAuthConnector->AgreeCredential(osAccountId, selfCredId,
506 authParamsString, credId);
507 if (ret != DM_OK) {
508 LOGE("AuthCredentialAgreeState::AgreeCredential error, agree credential failed.");
509 return ret;
510 }
511
512 (void)authContext->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, credId);
513 LOGI("AuthCredentialAgreeState::AgreeCredential leave.");
514 return DM_OK;
515 }
516
GetStateType()517 DmAuthStateType AuthSrcCredentialExchangeState::GetStateType()
518 {
519 return DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE;
520 }
521
Action(std::shared_ptr<DmAuthContext> context)522 int32_t AuthSrcCredentialExchangeState::Action(std::shared_ptr<DmAuthContext> context)
523 {
524 LOGI("AuthSrcCredentialExchangeState::Action() start.");
525 int32_t ret = ERR_DM_FAILED;
526 context->isAppCredentialVerified = false;
527 if (!NeedAgreeAcl(context)) {
528 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcDataSyncState>());
529 return DM_OK;
530 }
531 if (GetSessionKey(context)) {
532 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcCredentialAuthDoneState>());
533 return DM_OK;
534 }
535
536 if (!IsNeedAgreeCredential(context)) {
537 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcCredentialAuthStartState>());
538 return DM_OK;
539 }
540 // First authentication, generate LNN credentials and public key
541 if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast<int32_t>(USER)) {
542 ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_LNN, context);
543 if (ret != DM_OK) {
544 LOGE("AuthSrcCredentialExchangeState::Action() error, generate user credId and publicKey failed.");
545 return ret;
546 }
547 }
548
549 DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID;
550 if (context->accesser.bindLevel == static_cast<int32_t>(APP) ||
551 context->accesser.bindLevel == static_cast<int32_t>(SERVICE)) {
552 authorizedScope = DM_AUTH_SCOPE_APP;
553 } else if (context->accesser.bindLevel == static_cast<int32_t>(USER)) {
554 authorizedScope = DM_AUTH_SCOPE_USER;
555 }
556
557 // Generate transmit credentials and public key
558 ret = GenerateCredIdAndPublicKey(authorizedScope, context);
559 if (ret != DM_OK) {
560 LOGE("AuthSrcCredentialExchangeState::Action() error, generate app credId and publicKey failed.");
561 return ret;
562 }
563
564 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, context);
565 LOGI("AuthSrcCredentialExchangeState::Action() leave.");
566 return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
567 }
568
GetStateType()569 DmAuthStateType AuthSinkCredentialExchangeState::GetStateType()
570 {
571 return DmAuthStateType::AUTH_SINK_CREDENTIAL_EXCHANGE_STATE;
572 }
573
Action(std::shared_ptr<DmAuthContext> context)574 int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr<DmAuthContext> context)
575 {
576 LOGI("AuthSinkCredentialExchangeState::Action start.");
577 int32_t ret = ERR_DM_FAILED;
578 std::string tmpCredId;
579 int32_t osAccountId = context->accessee.userId;
580 context->isAppCredentialVerified = false;
581 if (context == nullptr || context->hiChainAuthConnector == nullptr ||
582 context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) {
583 return ret;
584 }
585
586 // First authentication lnn cred
587 if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast<int32_t>(USER)) {
588 // Generate credentials and public key
589 ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_LNN, context);
590 if (ret != DM_OK) {
591 LOGE("AuthSinkCredentialExchangeState::Action failed, generate user cred and publicKey failed.");
592 return ret;
593 }
594
595 // Agree credentials
596 tmpCredId = context->accessee.lnnCredentialId;
597 ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context);
598 if (ret != DM_OK) {
599 context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);
600 context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, "");
601 LOGE("AuthSinkCredentialExchangeState::Action failed, agree user cred failed.");
602 return ret;
603 }
604 context->accessee.isGeneratedLnnCredThisBind = true;
605
606 // Delete temporary credentials sync
607 ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);});
608 }
609
610 DmAuthScope authorizedScope = GetAuthorizedScope(context->accessee.bindLevel);
611 // Generate transport credentials and public key
612 ret = GenerateCredIdAndPublicKey(authorizedScope, context);
613 if (ret != DM_OK) {
614 LOGE("AuthSinkCredentialExchangeState::Action failed, generate app cred and publicKey failed.");
615 return ret;
616 }
617
618 // Agree transport credentials and public key
619 tmpCredId = context->accessee.transmitCredentialId;
620 ret = AgreeCredential(authorizedScope, context);
621 if (ret != DM_OK) {
622 context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);
623 context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, "");
624 return ret;
625 }
626 context->accessee.isGeneratedTransmitThisBind = true;
627 // Delete temporary transport credentials sync
628 ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);});
629
630 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, context);
631 LOGI("AuthSinkCredentialExchangeState::Action leave.");
632 return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
633 }
634
GetStateType()635 DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType()
636 {
637 return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE;
638 }
639
AgreeAndDeleteCredential(std::shared_ptr<DmAuthContext> context)640 int32_t AuthSrcCredentialAuthStartState::AgreeAndDeleteCredential(std::shared_ptr<DmAuthContext> context)
641 {
642 if (context == nullptr || context->hiChainAuthConnector == nullptr) {
643 return ERR_DM_POINT_NULL;
644 }
645 int32_t ret = DM_OK;
646 std::string tmpCredId = "";
647 int32_t osAccountId = context->accesser.userId;
648 // First authentication
649 if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast<int32_t>(USER)) {
650 // Agree lnn credentials and public key
651 tmpCredId = context->accesser.lnnCredentialId;
652 ret = AgreeCredential(DM_AUTH_SCOPE_LNN, context);
653 if (ret != DM_OK) {
654 context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);
655 context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_LNN, "");
656 return ret;
657 }
658 context->accesser.isGeneratedLnnCredThisBind = true;
659 // Delete temporary lnn credentials sync
660 ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);});
661 }
662 DmAuthScope authorizedScope = DM_AUTH_SCOPE_INVALID;
663 if (context->accesser.bindLevel == static_cast<int32_t>(APP) ||
664 context->accesser.bindLevel == static_cast<int32_t>(SERVICE)) {
665 authorizedScope = DM_AUTH_SCOPE_APP;
666 }
667 if (context->accesser.bindLevel == static_cast<int32_t>(USER)) {
668 authorizedScope = DM_AUTH_SCOPE_USER;
669 }
670 // Agree transport credentials and public key
671 tmpCredId = context->accesser.transmitCredentialId;
672 ret = AgreeCredential(authorizedScope, context);
673 if (ret != DM_OK) {
674 context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);
675 context->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, "");
676 LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed.");
677 return ret;
678 }
679 context->accesser.isGeneratedTransmitThisBind = true;
680 // Delete temporary transport credentials sync
681 ffrt::submit([=]() { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId);});
682 return DM_OK;
683 }
684
Action(std::shared_ptr<DmAuthContext> context)685 int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr<DmAuthContext> context)
686 {
687 LOGI("AuthSrcCredentialAuthStartState::Action start.");
688 int32_t ret = ERR_DM_FAILED;
689 int32_t osAccountId = context->accesser.userId;
690 if (context == nullptr || context->hiChainAuthConnector == nullptr ||
691 context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) {
692 return ret;
693 }
694 if (IsNeedAgreeCredential(context)) {
695 ret = AgreeAndDeleteCredential(context);
696 if (ret != DM_OK) {
697 return ret;
698 }
699 }
700 // compareVersion send 141
701 std::string message = "";
702 if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_2)) {
703 message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_SK_DERIVE, context);
704 return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
705 }
706 // Transport credential authentication
707 ret = context->hiChainAuthConnector->AuthCredential(osAccountId, context->requestId,
708 context->accesser.transmitCredentialId, std::string(""));
709 if (ret != DM_OK) {
710 LOGE("AuthSrcCredentialAuthStartState::Action failed, auth app cred failed.");
711 return ret;
712 }
713 if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) {
714 return ERR_DM_FAILED;
715 }
716 message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context);
717 LOGI(" AuthSrcCredentialAuthStartState::Action leave.");
718 return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
719 }
720
GetStateType()721 DmAuthStateType AuthSrcSKDeriveState::GetStateType()
722 {
723 return DmAuthStateType::AUTH_SRC_SK_DERIVE_STATE;
724 }
725
Action(std::shared_ptr<DmAuthContext> context)726 int32_t AuthSrcSKDeriveState::Action(std::shared_ptr<DmAuthContext> context)
727 {
728 LOGI("AuthSrcSKDeriveState::Action start.");
729 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
730 CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL);
731 // First authentication lnn cred
732 if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast<int32_t>(USER)) {
733 int32_t skId = 0;
734 // derive lnn sk
735 std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId;
736 int32_t ret =
737 context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId);
738 if (ret != DM_OK) {
739 LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed");
740 return ret;
741 }
742 context->accesser.lnnSkTimeStamp = static_cast<int64_t>(GetSysTimeMs());
743 context->accesser.lnnSessionKeyId = skId;
744 SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId);
745 }
746 // derive transmit sk
747 DerivativeSessionKey(context);
748 // wait cert generate
749 std::unique_lock<std::mutex> cvLock(context->certCVMtx_);
750 context->certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT),
751 [=] {return !context->accesser.cert.empty();});
752 // send 180
753 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context);
754 LOGI("AuthSrcSKDeriveState::Action() leave.");
755 return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
756 }
757
DerivativeSessionKey(std::shared_ptr<DmAuthContext> context)758 int32_t AuthSrcSKDeriveState::DerivativeSessionKey(std::shared_ptr<DmAuthContext> context)
759 {
760 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
761 CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL);
762 // no proxy
763 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
764 int32_t skId = 0;
765 // derive transmit sk
766 std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId;
767 int32_t ret =
768 context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId);
769 if (ret != DM_OK) {
770 LOGE("AuthSrcSKDeriveState::Action DP save user session key failed");
771 return ret;
772 }
773 context->accesser.transmitSkTimeStamp = static_cast<int64_t>(GetSysTimeMs());
774 context->accesser.transmitSessionKeyId = skId;
775 SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId);
776 return DM_OK;
777 }
778 // proxy
779 return DerivativeProxySessionKey(context);
780 }
781
DerivativeProxySessionKey(std::shared_ptr<DmAuthContext> context)782 int32_t AuthSrcSKDeriveState::DerivativeProxySessionKey(std::shared_ptr<DmAuthContext> context)
783 {
784 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
785 CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL);
786 if (!context->reUseCreId.empty()) {
787 context->accesser.transmitCredentialId = context->reUseCreId;
788 }
789 if (context->IsCallingProxyAsSubject && !context->accesser.isAuthed) {
790 int32_t skId = 0;
791 int32_t ret = 0;
792 if (!context->reUseCreId.empty()) {
793 std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash +
794 context->accesser.tokenIdHash + context->accessee.tokenIdHash;
795 ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId);
796 context->accesser.transmitCredentialId = context->reUseCreId;
797 } else {
798 // derive transmit sk
799 std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId;
800 ret = context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId);
801 }
802 if (ret != DM_OK) {
803 LOGE("AuthSrcSKDeriveState::Action DP save user session key failed");
804 return ret;
805 }
806 SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId);
807 }
808 for (auto &app : context->subjectProxyOnes) {
809 if (app.proxyAccesser.isAuthed) {
810 continue;
811 }
812 int32_t skId = 0;
813 std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash +
814 app.proxyAccesser.tokenIdHash + app.proxyAccessee.tokenIdHash;
815 int32_t ret =
816 context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accesser.userId, suffix, skId);
817 if (ret != DM_OK) {
818 LOGE("AuthSrcSKDeriveState::Action DP save user session key failed");
819 return ret;
820 }
821 app.proxyAccesser.skTimeStamp = static_cast<int64_t>(DmAuthState::GetSysTimeMs());
822 app.proxyAccesser.transmitSessionKeyId = skId;
823 if (!context->reUseCreId.empty()) {
824 app.proxyAccesser.transmitCredentialId = context->reUseCreId;
825 continue;
826 }
827 app.proxyAccesser.transmitCredentialId = context->accesser.transmitCredentialId;
828 }
829 return DM_OK;
830 }
831
GetStateType()832 DmAuthStateType AuthSinkSKDeriveState::GetStateType()
833 {
834 return DmAuthStateType::AUTH_SINK_SK_DERIVE_STATE;
835 }
836
837 // receive 141 message
Action(std::shared_ptr<DmAuthContext> context)838 int32_t AuthSinkSKDeriveState::Action(std::shared_ptr<DmAuthContext> context)
839 {
840 LOGI("AuthSinkSKDeriveState::Action start.");
841 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
842 CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL);
843 // First authentication lnn cred
844 if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast<int32_t>(USER)) {
845 int32_t skId = 0;
846 // derive lnn sk
847 std::string suffix = context->accesser.lnnCredentialId + context->accessee.lnnCredentialId;
848 int32_t ret =
849 context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId);
850 if (ret != DM_OK) {
851 LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed");
852 return ret;
853 }
854 context->accessee.lnnSkTimeStamp = static_cast<int64_t>(GetSysTimeMs());
855 context->accessee.lnnSessionKeyId = skId;
856 SetAuthContext(skId, context->accessee.lnnSkTimeStamp, context->accessee.lnnSessionKeyId);
857 }
858 int32_t skId = 0;
859 // derive transmit sk
860 std::string suffix = context->accesser.transmitCredentialId + context->accessee.transmitCredentialId;
861 int32_t ret =
862 context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId);
863 if (ret != DM_OK) {
864 LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed");
865 return ret;
866 }
867 context->accessee.transmitSkTimeStamp = static_cast<int64_t>(GetSysTimeMs());
868 context->accessee.transmitSessionKeyId = skId;
869 SetAuthContext(skId, context->accessee.transmitSkTimeStamp, context->accessee.transmitSessionKeyId);
870 DerivativeSessionKey(context);
871 // send 151
872 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_SK_DERIVE, context);
873 LOGI("AuthSinkSKDeriveState::Action() leave.");
874 return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
875 }
876
DerivativeSessionKey(std::shared_ptr<DmAuthContext> context)877 int32_t AuthSinkSKDeriveState::DerivativeSessionKey(std::shared_ptr<DmAuthContext> context)
878 {
879 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
880 CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL);
881 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
882 return DM_OK;
883 }
884 for (auto &app : context->subjectProxyOnes) {
885 if (app.proxyAccessee.isAuthed) {
886 continue;
887 }
888 int32_t skId = 0;
889 std::string suffix = context->accesser.deviceIdHash + context->accessee.deviceIdHash +
890 app.proxyAccesser.tokenIdHash + app.proxyAccessee.tokenIdHash;
891 int32_t ret =
892 context->authMessageProcessor->SaveDerivativeSessionKeyToDP(context->accessee.userId, suffix, skId);
893 if (ret != DM_OK) {
894 LOGE("AuthSinkSKDeriveState::Action DP save user session key failed %{public}d", ret);
895 return ret;
896 }
897 app.proxyAccessee.skTimeStamp = static_cast<int64_t>(DmAuthState::GetSysTimeMs());
898 app.proxyAccessee.transmitSessionKeyId = skId;
899 if (!context->reUseCreId.empty()) {
900 app.proxyAccessee.transmitCredentialId = context->reUseCreId;
901 continue;
902 }
903 app.proxyAccessee.transmitCredentialId = context->accessee.transmitCredentialId;
904 }
905 return DM_OK;
906 }
907 } // namespace DistributedHardware
908 } // namespace OHOS
909