1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <securec.h>
17 #include <unistd.h>
18
19 #include "trans_uk_manager.h"
20
21 #include "bus_center_manager.h"
22 #include "lnn_distributed_net_ledger.h"
23 #include "lnn_ohos_account_adapter.h"
24 #include "softbus_access_token_adapter.h"
25 #include "softbus_adapter_crypto.h"
26 #include "softbus_adapter_mem.h"
27 #include "softbus_json_utils.h"
28 #include "softbus_utils.h"
29 #include "trans_log.h"
30 #include "trans_session_manager.h"
31
32 #define DEFAULT_ACCOUNT_UID "ohosAnonymousUid"
33 static SoftBusList *g_ukRequestManagerList = NULL;
34
TransUkRequestMgrInit(void)35 int32_t TransUkRequestMgrInit(void)
36 {
37 if (g_ukRequestManagerList != NULL) {
38 TRANS_LOGW(TRANS_INIT, "trans uk request manager list already inited.");
39 return SOFTBUS_OK;
40 }
41 g_ukRequestManagerList = CreateSoftBusList();
42 if (g_ukRequestManagerList == NULL) {
43 TRANS_LOGE(TRANS_INIT, "trans uk request manager init failed.");
44 return SOFTBUS_MALLOC_ERR;
45 }
46 return SOFTBUS_OK;
47 }
48
TransUkRequestMgrDeinit(void)49 void TransUkRequestMgrDeinit(void)
50 {
51 if (g_ukRequestManagerList == NULL) {
52 TRANS_LOGE(TRANS_INIT, "trans uk manager list not init.");
53 return;
54 }
55 if (SoftBusMutexLock(&g_ukRequestManagerList->lock) != SOFTBUS_OK) {
56 TRANS_LOGE(TRANS_INIT, "lock failed");
57 return;
58 }
59 UkRequestNode *requestNode = NULL;
60 UkRequestNode *nextRequestNode = NULL;
61 LIST_FOR_EACH_ENTRY_SAFE(requestNode, nextRequestNode, &g_ukRequestManagerList->list, UkRequestNode, node) {
62 ListDelete(&requestNode->node);
63 SoftBusFree(requestNode);
64 }
65 (void)SoftBusMutexUnlock(&g_ukRequestManagerList->lock);
66 DestroySoftBusList(g_ukRequestManagerList);
67 g_ukRequestManagerList = NULL;
68 return;
69 }
70
TransUkRequestAddItem(uint32_t requestId,int32_t channelId,int32_t channelType)71 int32_t TransUkRequestAddItem(uint32_t requestId, int32_t channelId, int32_t channelType)
72 {
73 TRANS_CHECK_AND_RETURN_RET_LOGE(
74 g_ukRequestManagerList != NULL, SOFTBUS_NO_INIT, TRANS_INIT, "uk request manager list not init.");
75 TRANS_CHECK_AND_RETURN_RET_LOGE(
76 SoftBusMutexLock(&g_ukRequestManagerList->lock) == SOFTBUS_OK, SOFTBUS_LOCK_ERR, TRANS_INIT, "lock failed");
77
78 UkRequestNode *ukRequest = NULL;
79 LIST_FOR_EACH_ENTRY(ukRequest, &(g_ukRequestManagerList->list), UkRequestNode, node) {
80 if (ukRequest->requestId == requestId) {
81 (void)SoftBusMutexUnlock(&g_ukRequestManagerList->lock);
82 return SOFTBUS_ALREADY_EXISTED;
83 }
84 }
85
86 UkRequestNode *newUkRequest = (UkRequestNode *)SoftBusCalloc(sizeof(UkRequestNode));
87 if (newUkRequest == NULL) {
88 TRANS_LOGE(TRANS_CTRL, "calloc failed");
89 (void)SoftBusMutexUnlock(&g_ukRequestManagerList->lock);
90 return SOFTBUS_MALLOC_ERR;
91 }
92 newUkRequest->channelId = channelId;
93 newUkRequest->channelType = channelType;
94 newUkRequest->requestId = requestId;
95 ListInit(&newUkRequest->node);
96 ListAdd(&g_ukRequestManagerList->list, &newUkRequest->node);
97 g_ukRequestManagerList->cnt++;
98 (void)SoftBusMutexUnlock(&g_ukRequestManagerList->lock);
99 return SOFTBUS_OK;
100 }
101
TransUkRequestGetRequestInfoByRequestId(uint32_t requestId,UkRequestNode * ukRequest)102 int32_t TransUkRequestGetRequestInfoByRequestId(uint32_t requestId, UkRequestNode *ukRequest)
103 {
104 TRANS_CHECK_AND_RETURN_RET_LOGE(
105 g_ukRequestManagerList != NULL, SOFTBUS_NO_INIT, TRANS_INIT, "uk request manager list not init.");
106 TRANS_CHECK_AND_RETURN_RET_LOGE(ukRequest != NULL, SOFTBUS_INVALID_PARAM, TRANS_CTRL, "invalid param.");
107 TRANS_CHECK_AND_RETURN_RET_LOGE(
108 SoftBusMutexLock(&g_ukRequestManagerList->lock) == SOFTBUS_OK, SOFTBUS_LOCK_ERR, TRANS_INIT, "lock failed");
109
110 UkRequestNode *ukRequestNode = NULL;
111 LIST_FOR_EACH_ENTRY(ukRequestNode, &(g_ukRequestManagerList->list), UkRequestNode, node) {
112 if (ukRequestNode->requestId == requestId) {
113 ukRequest->requestId = ukRequestNode->requestId;
114 ukRequest->channelId = ukRequestNode->channelId;
115 ukRequest->channelType = ukRequestNode->channelType;
116 (void)SoftBusMutexUnlock(&g_ukRequestManagerList->lock);
117 return SOFTBUS_OK;
118 }
119 }
120 (void)SoftBusMutexUnlock(&g_ukRequestManagerList->lock);
121 return SOFTBUS_NOT_FIND;
122 }
123
TransUkRequestDeleteItem(uint32_t requestId)124 int32_t TransUkRequestDeleteItem(uint32_t requestId)
125 {
126 if (g_ukRequestManagerList == NULL) {
127 TRANS_LOGE(TRANS_INIT, "trans uk manager list not init.");
128 return SOFTBUS_NO_INIT;
129 }
130 if (SoftBusMutexLock(&g_ukRequestManagerList->lock) != SOFTBUS_OK) {
131 TRANS_LOGE(TRANS_INIT, "lock failed");
132 return SOFTBUS_LOCK_ERR;
133 }
134 UkRequestNode *requestNode = NULL;
135 UkRequestNode *nextRequestNode = NULL;
136 LIST_FOR_EACH_ENTRY_SAFE(requestNode, nextRequestNode, &g_ukRequestManagerList->list, UkRequestNode, node) {
137 if (requestNode->requestId == requestId) {
138 ListDelete(&requestNode->node);
139 SoftBusFree(requestNode);
140 g_ukRequestManagerList->cnt--;
141 (void)SoftBusMutexUnlock(&g_ukRequestManagerList->lock);
142 return SOFTBUS_OK;
143 }
144 }
145 (void)SoftBusMutexUnlock(&g_ukRequestManagerList->lock);
146 return SOFTBUS_NOT_FIND;
147 }
148
GetUkPolicy(const AppInfo * appInfo)149 int32_t GetUkPolicy(const AppInfo *appInfo)
150 {
151 if (appInfo == NULL) {
152 TRANS_LOGE(TRANS_CTRL, "invalid param.");
153 return SOFTBUS_INVALID_PARAM;
154 }
155 #ifdef SOFTBUS_STANDARD_OS
156 NodeInfo nodeInfo;
157 (void)memset_s(&nodeInfo, sizeof(NodeInfo), 0, sizeof(NodeInfo));
158 int32_t peerRet = LnnGetRemoteNodeInfoById(appInfo->peerNetWorkId, CATEGORY_NETWORK_ID, &nodeInfo);
159 if (peerRet != SOFTBUS_OK || !IsSupportFeatureByCapaBit(nodeInfo.authCapacity, BIT_SUPPORT_USERKEY_NEGO)) {
160 TRANS_LOGE(TRANS_CTRL, "get peer node info failed or peer node not support uk nego.");
161 return NO_NEED_UK;
162 }
163 if (appInfo->myData.pid == getpid()) {
164 // inner session not use uk
165 return NO_NEED_UK;
166 }
167 if (appInfo->appType == APP_TYPE_AUTH || appInfo->appType == APP_TYPE_INNER) {
168 return NO_NEED_UK;
169 }
170 int32_t accessTokenType = SoftBusGetAccessTokenType(appInfo->callingTokenId);
171 if (accessTokenType == ACCESS_TOKEN_TYPE_NATIVE) {
172 if (appInfo->myData.userId == INVALID_USER_ID) {
173 return NO_NEED_UK;
174 }
175 return USE_NEGO_UK;
176 }
177 if (accessTokenType == ACCESS_TOKEN_TYPE_HAP) {
178 return USE_NEGO_UK;
179 }
180 if (accessTokenType == ACCESS_TOKEN_TYPE_SHELL) {
181 if (appInfo->myData.userId == INVALID_USER_ID) {
182 return NO_NEED_UK;
183 }
184 return USE_NEGO_UK;
185 }
186 return NO_NEED_UK;
187 #else
188 (void)appInfo;
189 return NO_NEED_UK;
190 #endif
191 }
192
IsValidUkInfo(const UkIdInfo * ukIdInfo)193 bool IsValidUkInfo(const UkIdInfo *ukIdInfo)
194 {
195 return (ukIdInfo != NULL && ukIdInfo->myId != 0 && ukIdInfo->peerId != 0);
196 }
197
GetLocalAccountUidByUserId(char * id,uint32_t idLen,uint32_t * len,int32_t userId)198 int32_t GetLocalAccountUidByUserId(char *id, uint32_t idLen, uint32_t *len, int32_t userId)
199 {
200 if (id == NULL || len == NULL) {
201 TRANS_LOGE(TRANS_CTRL, "invalid param.");
202 return SOFTBUS_INVALID_PARAM;
203 }
204 (void)userId;
205 int32_t ret = LnnGetLocalStrInfo(STRING_KEY_ACCOUNT_UID, id, idLen);
206 if (ret != SOFTBUS_OK) {
207 TRANS_LOGE(TRANS_CTRL, "get local account uid failed, ret=%{public}d", ret);
208 if (idLen < (strlen(DEFAULT_ACCOUNT_UID) + 1)) {
209 TRANS_LOGE(TRANS_CTRL, "idLen is not enough to hold DEFAULT_ACCOUNT_UID.");
210 return SOFTBUS_INVALID_PARAM;
211 }
212 if (strcpy_s(id, idLen, DEFAULT_ACCOUNT_UID) != EOK) {
213 TRANS_LOGE(TRANS_CTRL, "str copy id failed.");
214 return SOFTBUS_STRCPY_ERR;
215 }
216 *len = strlen(id);
217 if (id[*len] != '\0') {
218 TRANS_LOGE(TRANS_CTRL, "id buffer is not null-terminated.");
219 return SOFTBUS_INVALID_PARAM;
220 }
221 }
222 *len = strnlen(id, idLen);
223 return SOFTBUS_OK;
224 }
225
FillSinkAclInfoByAppInfo(const AppInfo * appInfo,AuthACLInfo * aclInfo)226 static int32_t FillSinkAclInfoByAppInfo(const AppInfo *appInfo, AuthACLInfo *aclInfo)
227 {
228 if (appInfo == NULL || aclInfo == NULL) {
229 TRANS_LOGE(TRANS_CTRL, "invalid param.");
230 return SOFTBUS_INVALID_PARAM;
231 }
232 aclInfo->isServer = true;
233 aclInfo->sourceTokenId = appInfo->peerData.tokenId;
234 aclInfo->sourceUserId = appInfo->peerData.userId;
235 aclInfo->sinkTokenId = appInfo->myData.tokenId;
236 aclInfo->sinkUserId = appInfo->myData.userId;
237 if (strcpy_s(aclInfo->sourceAccountId, ACCOUNT_UID_LEN_MAX, appInfo->peerData.accountId) != EOK ||
238 strcpy_s(aclInfo->sinkAccountId, ACCOUNT_UID_LEN_MAX, appInfo->myData.accountId) != EOK) {
239 TRANS_LOGE(TRANS_CTRL, "str copy accountid fail.");
240 return SOFTBUS_STRCPY_ERR;
241 }
242 char peerUdid[UDID_BUF_LEN] = { 0 };
243 int32_t ret = LnnGetRemoteStrInfo(appInfo->peerNetWorkId, STRING_KEY_DEV_UDID, peerUdid, UDID_BUF_LEN);
244 if (ret != SOFTBUS_OK) {
245 TRANS_LOGE(TRANS_CTRL, "get peer udid failed, ret=%{public}d", ret);
246 return ret;
247 }
248 if (strcpy_s(aclInfo->sourceUdid, UDID_BUF_LEN, peerUdid) != EOK) {
249 TRANS_LOGE(TRANS_CTRL, "str copy peer udid fail.");
250 return SOFTBUS_STRCPY_ERR;
251 }
252 ret = LnnGetLocalStrInfo(STRING_KEY_DEV_UDID, aclInfo->sinkUdid, UDID_BUF_LEN);
253 if (ret != SOFTBUS_OK) {
254 TRANS_LOGE(TRANS_CTRL, "get local udid failed, ret=%{public}d", ret);
255 return ret;
256 }
257 return SOFTBUS_OK;
258 }
259
FillSourceAclInfoByAppInfo(const AppInfo * appInfo,AuthACLInfo * aclInfo)260 static int32_t FillSourceAclInfoByAppInfo(const AppInfo *appInfo, AuthACLInfo *aclInfo)
261 {
262 if (appInfo == NULL || aclInfo == NULL) {
263 TRANS_LOGE(TRANS_CTRL, "invalid param.");
264 return SOFTBUS_INVALID_PARAM;
265 }
266 aclInfo->isServer = false;
267 aclInfo->sourceTokenId = appInfo->myData.tokenId;
268 aclInfo->sourceUserId = appInfo->myData.userId;
269 aclInfo->sinkTokenId = appInfo->peerData.tokenId;
270 aclInfo->sinkUserId = appInfo->peerData.userId;
271 if (strcpy_s(aclInfo->sourceAccountId, ACCOUNT_UID_LEN_MAX, appInfo->myData.accountId) != EOK ||
272 strcpy_s(aclInfo->sinkAccountId, ACCOUNT_UID_LEN_MAX, appInfo->peerData.accountId) != EOK) {
273 TRANS_LOGE(TRANS_CTRL, "str copy accountid failed.");
274 return SOFTBUS_STRCPY_ERR;
275 }
276 char peerUdid[UDID_BUF_LEN] = { 0 };
277 int32_t ret = LnnGetRemoteStrInfo(appInfo->peerNetWorkId, STRING_KEY_DEV_UDID, peerUdid, UDID_BUF_LEN);
278 if (ret != SOFTBUS_OK) {
279 TRANS_LOGE(TRANS_CTRL, "get peer udid failed, ret=%{public}d", ret);
280 return ret;
281 }
282 if (strcpy_s(aclInfo->sinkUdid, UDID_BUF_LEN, peerUdid) != EOK) {
283 TRANS_LOGE(TRANS_CTRL, "str copy peer udid failed.");
284 return SOFTBUS_STRCPY_ERR;
285 }
286 ret = LnnGetLocalStrInfo(STRING_KEY_DEV_UDID, aclInfo->sourceUdid, UDID_BUF_LEN);
287 if (ret != SOFTBUS_OK) {
288 TRANS_LOGE(TRANS_CTRL, "get local udid failed, ret=%{public}d", ret);
289 return ret;
290 }
291 return SOFTBUS_OK;
292 }
293
TransGenUserkey(int32_t channelId,int32_t channelType,const AuthACLInfo * acl,AuthGenUkCallback * callback)294 static int32_t TransGenUserkey(
295 int32_t channelId, int32_t channelType, const AuthACLInfo *acl, AuthGenUkCallback *callback)
296 {
297 uint32_t requestId = AuthGenRequestId();
298 int32_t ret = SOFTBUS_OK;
299 ret = TransUkRequestAddItem(requestId, channelId, channelType);
300 if (ret != SOFTBUS_OK) {
301 TRANS_LOGE(TRANS_CTRL, "add uk requset failed");
302 return ret;
303 }
304 ret = AuthGenUkIdByAclInfo(acl, requestId, callback);
305 if (ret != SOFTBUS_OK) {
306 TRANS_LOGE(TRANS_CTRL, "gen uk failed");
307 (void)TransUkRequestDeleteItem(requestId);
308 return ret;
309 }
310 return ret;
311 }
312
GetUserkeyIdByAClInfo(const AppInfo * appInfo,int32_t channelId,int32_t channelType,int32_t * userKeyId,AuthGenUkCallback * callback)313 int32_t GetUserkeyIdByAClInfo(
314 const AppInfo *appInfo, int32_t channelId, int32_t channelType, int32_t *userKeyId, AuthGenUkCallback *callback)
315 {
316 if (appInfo == NULL || userKeyId == NULL || callback == NULL) {
317 TRANS_LOGE(TRANS_CTRL, "invalid param.");
318 return SOFTBUS_INVALID_PARAM;
319 }
320 AuthACLInfo aclInfo = { 0 };
321 int32_t ret = FillSinkAclInfoByAppInfo(appInfo, &aclInfo);
322 if (ret != SOFTBUS_OK) {
323 TRANS_LOGE(TRANS_CTRL, "fill sink ack info failed, ret=%{public}d", ret);
324 return ret;
325 }
326 int32_t ukId = 0;
327 ret = AuthFindUkIdByAclInfo(&aclInfo, &ukId);
328 if (ret == SOFTBUS_AUTH_ACL_NOT_FOUND) {
329 TRANS_LOGE(TRANS_CTRL, "find uk failed no acl, ret=%{public}d", ret);
330 return ret;
331 }
332 if (ret != SOFTBUS_OK) {
333 ret = TransGenUserkey(channelId, channelType, &aclInfo, callback);
334 if (ret != SOFTBUS_OK) {
335 TRANS_LOGE(TRANS_CTRL, "gen uk failed, ret=%{public}d", ret);
336 return ret;
337 }
338 return SOFTBUS_TRANS_GEN_USER_KEY;
339 }
340 *userKeyId = ukId;
341 return SOFTBUS_OK;
342 }
343
FillHapSinkAclInfoToAppInfo(AppInfo * appInfo)344 void FillHapSinkAclInfoToAppInfo(AppInfo *appInfo)
345 {
346 if (appInfo == NULL) {
347 TRANS_LOGE(TRANS_CTRL, "invalid param.");
348 return;
349 }
350 if (appInfo->myData.tokenType == ACCESS_TOKEN_TYPE_HAP) {
351 (void)TransGetAclInfoBySessionName(
352 appInfo->myData.sessionName, &appInfo->myData.tokenId, NULL, &appInfo->myData.userId);
353 uint32_t size = 0;
354 int32_t ret =
355 GetLocalAccountUidByUserId(appInfo->myData.accountId, ACCOUNT_UID_LEN_MAX, &size, appInfo->myData.userId);
356 if (ret != SOFTBUS_OK) {
357 COMM_LOGE(COMM_SVC, "get current account failed. ret=%{public}d", ret);
358 }
359 }
360 }
361
EncryptAndAddSinkSessionKey(cJSON * msg,const AppInfo * appInfo)362 int32_t EncryptAndAddSinkSessionKey(cJSON *msg, const AppInfo *appInfo)
363 {
364 if (appInfo == NULL || msg == NULL) {
365 TRANS_LOGE(TRANS_CTRL, "invalid param.");
366 return SOFTBUS_INVALID_PARAM;
367 }
368 if (GetCapabilityBit(appInfo->channelCapability, TRANS_CHANNEL_SINK_GENERATE_KEY_OFFSET)) {
369 if (GetCapabilityBit(appInfo->channelCapability, TRANS_CHANNEL_SINK_KEY_ENCRYPT_OFFSET)) {
370 char encryptKey[ENCRYPT_KEY_LENGTH] = { 0 };
371 uint32_t encryptSessionKeyLen = ENCRYPT_KEY_LENGTH;
372 if (AuthEncryptByUkId(appInfo->myData.userKeyId, (uint8_t *)appInfo->sinkSessionKey, SESSION_KEY_LENGTH,
373 (uint8_t *)encryptKey, &encryptSessionKeyLen) != SOFTBUS_OK) {
374 TRANS_LOGE(TRANS_CTRL, "pack msg encrypt fail");
375 return SOFTBUS_ENCRYPT_ERR;
376 }
377 char base64Encode[BASE64_ENCRYPT_KEY_LENGTH] = { 0 };
378 size_t len = 0;
379 if (SoftBusBase64Encode((unsigned char *)base64Encode, BASE64_ENCRYPT_KEY_LENGTH, &len,
380 (unsigned char *)encryptKey, sizeof(encryptKey)) != SOFTBUS_OK) {
381 TRANS_LOGE(TRANS_CTRL, "Failed to encode sink session key");
382 return SOFTBUS_CREATE_JSON_ERR;
383 }
384 if (!AddStringToJsonObject(msg, "SESSION_KEY", base64Encode)) {
385 TRANS_LOGE(TRANS_CTRL, "Failed to add sink session key");
386 return SOFTBUS_CREATE_JSON_ERR;
387 }
388 return SOFTBUS_OK;
389 } else {
390 char base64Encode[BASE64_SESSION_KEY_LEN] = { 0 };
391 size_t len = 0;
392 if (SoftBusBase64Encode((unsigned char *)base64Encode, BASE64_SESSION_KEY_LEN, &len,
393 (unsigned char *)appInfo->sinkSessionKey, sizeof(appInfo->sinkSessionKey)) != SOFTBUS_OK) {
394 TRANS_LOGE(TRANS_CTRL, "Failed to encode sink session key");
395 return SOFTBUS_CREATE_JSON_ERR;
396 }
397 if (!AddStringToJsonObject(msg, "SESSION_KEY", base64Encode)) {
398 TRANS_LOGE(TRANS_CTRL, "Failed to add sink session key");
399 return SOFTBUS_CREATE_JSON_ERR;
400 }
401 return SOFTBUS_OK;
402 }
403 }
404 return SOFTBUS_OK;
405 }
406
OnGenUkSuccess(uint32_t requestId,int32_t ukId)407 static void OnGenUkSuccess(uint32_t requestId, int32_t ukId)
408 {
409 (void)requestId;
410 (void)ukId;
411 }
412
OnGenUkFailed(uint32_t requestId,int32_t reason)413 static void OnGenUkFailed(uint32_t requestId, int32_t reason)
414 {
415 (void)requestId;
416 (void)reason;
417 }
418
419 static AuthGenUkCallback authGenUkCallback = {
420 .onGenSuccess = OnGenUkSuccess,
421 .onGenFailed = OnGenUkFailed,
422 };
423
DecryptAndAddSinkSessionKey(const cJSON * msg,AppInfo * appInfo)424 int32_t DecryptAndAddSinkSessionKey(const cJSON *msg, AppInfo *appInfo)
425 {
426 if (appInfo == NULL || msg == NULL) {
427 TRANS_LOGE(TRANS_CTRL, "invalid param.");
428 return SOFTBUS_INVALID_PARAM;
429 }
430 if (GetCapabilityBit(appInfo->channelCapability, TRANS_CHANNEL_SINK_GENERATE_KEY_OFFSET)) {
431 if (GetCapabilityBit(appInfo->channelCapability, TRANS_CHANNEL_SINK_KEY_ENCRYPT_OFFSET)) {
432 char encodeEncryptKey[BASE64_ENCRYPT_KEY_LENGTH] = { 0 };
433 if (!GetJsonObjectStringItem(msg, "SESSION_KEY", encodeEncryptKey, BASE64_ENCRYPT_KEY_LENGTH)) {
434 TRANS_LOGE(TRANS_CTRL, "Failed to get sink session key");
435 return SOFTBUS_PARSE_JSON_ERR;
436 }
437 AuthACLInfo aclInfo = { 0 };
438 int32_t ret = FillSourceAclInfoByAppInfo(appInfo, &aclInfo);
439 if (ret != SOFTBUS_OK) {
440 TRANS_LOGE(TRANS_CTRL, "fill source acl info failed, ret=%{public}d", ret);
441 return ret;
442 }
443 ret = AuthFindUkIdByAclInfo(&aclInfo, &appInfo->myData.userKeyId);
444 if (ret == SOFTBUS_AUTH_ACL_NOT_FOUND) {
445 TRANS_LOGE(TRANS_CTRL, "find uk failed no acl, ret=%{public}d", ret);
446 return ret;
447 }
448 if (ret != SOFTBUS_OK) {
449 uint32_t requestId = AuthGenRequestId();
450 (void)AuthGenUkIdByAclInfo(&aclInfo, requestId, &authGenUkCallback);
451 TRANS_LOGE(TRANS_CTRL, "find uk failed and get uk, ret=%{public}d", ret);
452 return ret;
453 }
454 char decodeEncryptKey[ENCRYPT_KEY_LENGTH] = { 0 };
455 size_t len = 0;
456 if (SoftBusBase64Decode((unsigned char *)decodeEncryptKey, ENCRYPT_KEY_LENGTH, &len,
457 (unsigned char *)encodeEncryptKey, strlen(encodeEncryptKey)) != SOFTBUS_OK) {
458 TRANS_LOGE(TRANS_CTRL, "Failed to decode sink session key");
459 return SOFTBUS_PARSE_JSON_ERR;
460 }
461 uint32_t decDataLen = SESSION_KEY_LENGTH;
462 if (AuthDecryptByUkId(appInfo->myData.userKeyId, (uint8_t *)decodeEncryptKey, ENCRYPT_KEY_LENGTH,
463 (uint8_t *)appInfo->sinkSessionKey, &decDataLen) != SOFTBUS_OK) {
464 TRANS_LOGE(
465 TRANS_CTRL, "srv process recv data: decrypt failed. ukid=%{public}d", appInfo->myData.userKeyId);
466 return SOFTBUS_DECRYPT_ERR;
467 }
468 return SOFTBUS_OK;
469 } else {
470 char encodeEncryptKey[BASE64_SESSION_KEY_LEN] = { 0 };
471 (void)GetJsonObjectStringItem(msg, "SESSION_KEY", encodeEncryptKey, BASE64_SESSION_KEY_LEN);
472 size_t len = 0;
473 if (SoftBusBase64Decode((unsigned char *)appInfo->sinkSessionKey, sizeof(appInfo->sinkSessionKey), &len,
474 (unsigned char *)encodeEncryptKey, strlen(encodeEncryptKey)) != SOFTBUS_OK) {
475 TRANS_LOGE(TRANS_CTRL, "Failed to decode sink session key");
476 return SOFTBUS_PARSE_JSON_ERR;
477 }
478 return SOFTBUS_OK;
479 }
480 }
481 return SOFTBUS_OK;
482 }