1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "auth_user_common_key.h"
17
18 #include <securec.h>
19 #include <stdlib.h>
20
21 #include "anonymizer.h"
22 #include "auth_interface.h"
23 #include "auth_log.h"
24 #include "lnn_distributed_net_ledger.h"
25 #include "lnn_map.h"
26 #include "softbus_adapter_crypto.h"
27 #include "softbus_adapter_mem.h"
28 #include "softbus_adapter_thread.h"
29 #include "softbus_error_code.h"
30 #include "softbus_json_utils.h"
31 #include "softbus_utils.h"
32
33 #ifndef UDID_SHORT_HASH_HEX_STR
34 #define UDID_SHORT_HASH_HEX_STR 17
35 #endif
36
37 #define UDID_SHORT_HASH 8
38 #define MAP_KEY_LEN 21
39 #define USER_KEY_INFO_MAX 100
40
41 #define USER_KEY_MAX_INSTANCE_CNT 0x2000000
42
43 typedef struct {
44 bool isUserBindLevel;
45 ListNode node;
46 AuthACLInfo aclInfo;
47 AuthUserKeyInfo ukInfo;
48 } UserKeyInfo;
49
50 static SoftBusList *g_userKeyList = NULL;
51
AuthUserKeyInit(void)52 int32_t AuthUserKeyInit(void)
53 {
54 if (g_userKeyList != NULL) {
55 AUTH_LOGI(AUTH_KEY, "g_userKeyList already init");
56 return SOFTBUS_OK;
57 }
58 g_userKeyList = CreateSoftBusList();
59 if (g_userKeyList == NULL) {
60 AUTH_LOGE(AUTH_KEY, "create user key list fail");
61 return SOFTBUS_CREATE_LIST_ERR;
62 }
63 g_userKeyList->cnt = 0;
64 return SOFTBUS_OK;
65 }
66
DeinitUserKeyList(void)67 void DeinitUserKeyList(void)
68 {
69 UserKeyInfo *item = NULL;
70 UserKeyInfo *nextItem = NULL;
71
72 if (g_userKeyList == NULL) {
73 AUTH_LOGE(AUTH_KEY, "g_userKeyList is empty");
74 return;
75 }
76 if (SoftBusMutexLock(&g_userKeyList->lock) != SOFTBUS_OK) {
77 AUTH_LOGE(AUTH_KEY, "deinit key list lock fail");
78 return;
79 }
80 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_userKeyList->list, UserKeyInfo, node) {
81 ListDelete(&item->node);
82 (void)memset_s(item->ukInfo.deviceKey, sizeof(item->ukInfo.deviceKey), 0, sizeof(item->ukInfo.deviceKey));
83 SoftBusFree(item);
84 }
85 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
86 DestroySoftBusList(g_userKeyList);
87 g_userKeyList = NULL;
88 }
89
UpdateUserKeyListByAcl(const AuthACLInfo * aclInfo,const AuthUserKeyInfo * userKeyInfo)90 static int32_t UpdateUserKeyListByAcl(const AuthACLInfo *aclInfo, const AuthUserKeyInfo *userKeyInfo)
91 {
92 UserKeyInfo *item = NULL;
93 LIST_FOR_EACH_ENTRY(item, &g_userKeyList->list, UserKeyInfo, node) {
94 if (!CompareByAllAcl(aclInfo, &item->aclInfo, aclInfo->isServer == item->aclInfo.isServer)) {
95 continue;
96 }
97 if (memcpy_s(&item->ukInfo, sizeof(AuthUserKeyInfo), (AuthUserKeyInfo *)userKeyInfo, sizeof(AuthUserKeyInfo)) !=
98 EOK) {
99 AUTH_LOGE(AUTH_KEY, "memcpy_s user key info fail.");
100 return SOFTBUS_MEM_ERR;
101 }
102 AUTH_LOGI(AUTH_KEY, "get user key item, no need insert, index=%{public}d", item->ukInfo.keyIndex);
103 return SOFTBUS_OK;
104 }
105 AUTH_LOGE(AUTH_KEY, "not find uk instance from list.");
106 return SOFTBUS_AUTH_UK_CACHE_INSTANCE_NOT_FIND;
107 }
108
UpdateUserKeyListByUkId(const AuthACLInfo * aclInfo,const AuthUserKeyInfo * userKeyInfo)109 static int32_t UpdateUserKeyListByUkId(const AuthACLInfo *aclInfo, const AuthUserKeyInfo *userKeyInfo)
110 {
111 UserKeyInfo *item = NULL;
112 LIST_FOR_EACH_ENTRY(item, &g_userKeyList->list, UserKeyInfo, node) {
113 if ((strlen(item->aclInfo.sourceUdid) != 0) || (item->ukInfo.keyIndex != userKeyInfo->keyIndex)) {
114 continue;
115 }
116 if (memcpy_s(&item->aclInfo, sizeof(AuthACLInfo), (AuthACLInfo *)aclInfo, sizeof(AuthACLInfo)) != EOK) {
117 AUTH_LOGE(AUTH_KEY, "memcpy_s acl info fail.");
118 return SOFTBUS_MEM_ERR;
119 }
120 AUTH_LOGI(AUTH_KEY, "get user key item, no need insert, index=%{public}d", item->ukInfo.keyIndex);
121 return SOFTBUS_OK;
122 }
123 AUTH_LOGE(AUTH_KEY, "not find uk instance from list.");
124 return SOFTBUS_AUTH_UK_CACHE_INSTANCE_NOT_FIND;
125 }
126
ClearInValidAclFromUserKeyList(void)127 static void ClearInValidAclFromUserKeyList(void)
128 {
129 UserKeyInfo *item = NULL;
130 UserKeyInfo *nextItem = NULL;
131 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_userKeyList->list, UserKeyInfo, node) {
132 if (strlen(item->aclInfo.sourceUdid) != 0) {
133 continue;
134 }
135 ListDelete(&item->node);
136 (void)memset_s(item->ukInfo.deviceKey, sizeof(item->ukInfo.deviceKey), 0, sizeof(item->ukInfo.deviceKey));
137 SoftBusFree(item);
138 g_userKeyList->cnt--;
139 }
140 }
141
AuthInsertUserKey(const AuthACLInfo * aclInfo,const AuthUserKeyInfo * userKeyInfo,bool isUserBindLevel)142 int32_t AuthInsertUserKey(const AuthACLInfo *aclInfo, const AuthUserKeyInfo *userKeyInfo, bool isUserBindLevel)
143 {
144 if (aclInfo == NULL || userKeyInfo == NULL) {
145 AUTH_LOGE(AUTH_KEY, "param error");
146 return SOFTBUS_INVALID_PARAM;
147 }
148 if (g_userKeyList == NULL) {
149 AUTH_LOGE(AUTH_KEY, "g_userKeyList is empty");
150 return SOFTBUS_NO_INIT;
151 }
152
153 PrintfAuthAclInfo(0, 0, aclInfo);
154 if (SoftBusMutexLock(&g_userKeyList->lock) != SOFTBUS_OK) {
155 AUTH_LOGE(AUTH_KEY, "add key lock fail");
156 return SOFTBUS_LOCK_ERR;
157 }
158 if (UpdateUserKeyListByAcl(aclInfo, userKeyInfo) == SOFTBUS_OK ||
159 UpdateUserKeyListByUkId(aclInfo, userKeyInfo) == SOFTBUS_OK) {
160 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
161 return SOFTBUS_OK;
162 }
163 if (g_userKeyList->cnt > USER_KEY_MAX_INSTANCE_CNT) {
164 AUTH_LOGE(AUTH_KEY, "user key instance count over max limit");
165 ClearInValidAclFromUserKeyList();
166 if (g_userKeyList->cnt > USER_KEY_MAX_INSTANCE_CNT) {
167 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
168 return SOFTBUS_AUTH_UK_CACHE_INSTANCE_FULL;
169 }
170 }
171 UserKeyInfo *keyInfo = NULL;
172 keyInfo = (UserKeyInfo *)SoftBusCalloc(sizeof(UserKeyInfo));
173 if (keyInfo == NULL) {
174 AUTH_LOGE(AUTH_KEY, "user key info calloc err");
175 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
176 return SOFTBUS_MALLOC_ERR;
177 }
178 keyInfo->isUserBindLevel = isUserBindLevel;
179 keyInfo->aclInfo = *aclInfo;
180 keyInfo->ukInfo = *userKeyInfo;
181 ListInit(&keyInfo->node);
182 ListAdd(&g_userKeyList->list, &keyInfo->node);
183 g_userKeyList->cnt++;
184 AUTH_LOGI(AUTH_KEY, "add userkey succ, index=%{public}d, bindlevel=%{public}d", keyInfo->ukInfo.keyIndex,
185 keyInfo->isUserBindLevel);
186 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
187 return SOFTBUS_OK;
188 }
189
DelUserKeyByNetworkId(const char * networkId)190 void DelUserKeyByNetworkId(const char *networkId)
191 {
192 if (g_userKeyList == NULL || networkId == NULL) {
193 AUTH_LOGE(AUTH_KEY, "invalid param");
194 return;
195 }
196 NodeInfo info;
197 (void)memset_s(&info, sizeof(NodeInfo), 0, sizeof(NodeInfo));
198 if (LnnGetRemoteNodeInfoById(networkId, CATEGORY_NETWORK_ID, &info) != SOFTBUS_OK) {
199 AUTH_LOGE(AUTH_KEY, "get remote node info fail");
200 return;
201 }
202 char *peerUdid = info.deviceInfo.deviceUdid;
203 UserKeyInfo *item = NULL;
204 UserKeyInfo *nextItem = NULL;
205 char *anonyUdid = NULL;
206 Anonymize(peerUdid, &anonyUdid);
207 if (SoftBusMutexLock(&g_userKeyList->lock) != SOFTBUS_OK) {
208 AUTH_LOGE(AUTH_KEY, "user key lock fail, anonyUdid=%{public}s", AnonymizeWrapper(anonyUdid));
209 AnonymizeFree(anonyUdid);
210 return;
211 }
212 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_userKeyList->list, UserKeyInfo, node) {
213 if ((item->aclInfo.isServer && strcmp(item->aclInfo.sinkUdid, peerUdid) != 0) ||
214 (!item->aclInfo.isServer && strcmp(item->aclInfo.sourceUdid, peerUdid) != 0)) {
215 continue;
216 }
217 AUTH_LOGI(AUTH_KEY, "clear acl info by udid, index=%{public}d, anonyUdid=%{public}s", item->ukInfo.keyIndex,
218 AnonymizeWrapper(anonyUdid));
219 (void)memset_s(&item->aclInfo, sizeof(item->aclInfo), 0, sizeof(item->aclInfo));
220 }
221 AnonymizeFree(anonyUdid);
222 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
223 }
224
GetUserKeyInfoDiffAccountWithUserLevel(const AuthACLInfo * aclInfo,AuthUserKeyInfo * userKeyInfo)225 int32_t GetUserKeyInfoDiffAccountWithUserLevel(const AuthACLInfo *aclInfo, AuthUserKeyInfo *userKeyInfo)
226 {
227 if (aclInfo == NULL || userKeyInfo == NULL) {
228 AUTH_LOGE(AUTH_KEY, "param error");
229 return SOFTBUS_INVALID_PARAM;
230 }
231 if (g_userKeyList == NULL) {
232 AUTH_LOGE(AUTH_KEY, "g_userKeyList is empty");
233 return SOFTBUS_NO_INIT;
234 }
235 const UserKeyInfo *item = NULL;
236
237 if (SoftBusMutexLock(&g_userKeyList->lock) != SOFTBUS_OK) {
238 AUTH_LOGE(AUTH_KEY, "get user key lock fail");
239 return SOFTBUS_LOCK_ERR;
240 }
241 LIST_FOR_EACH_ENTRY(item, &g_userKeyList->list, UserKeyInfo, node) {
242 if (!item->isUserBindLevel ||
243 !CompareByAclDiffAccountWithUserLevel(
244 aclInfo, &item->aclInfo, aclInfo->isServer == item->aclInfo.isServer)) {
245 continue;
246 }
247 if (memcpy_s(userKeyInfo, sizeof(AuthUserKeyInfo), &item->ukInfo, sizeof(AuthUserKeyInfo)) != EOK) {
248 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
249 AUTH_LOGE(AUTH_KEY, "memcpy_s user key info fail.");
250 return SOFTBUS_MEM_ERR;
251 }
252 AUTH_LOGI(AUTH_KEY, "get user key item, no need insert, index=%{public}d", item->ukInfo.keyIndex);
253 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
254 return SOFTBUS_OK;
255 }
256 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
257 AUTH_LOGE(AUTH_KEY, "user key not found.");
258 return SOFTBUS_CHANNEL_AUTH_KEY_NOT_FOUND;
259 }
260
GetUserKeyInfoDiffAccount(const AuthACLInfo * aclInfo,AuthUserKeyInfo * userKeyInfo)261 int32_t GetUserKeyInfoDiffAccount(const AuthACLInfo *aclInfo, AuthUserKeyInfo *userKeyInfo)
262 {
263 if (aclInfo == NULL || userKeyInfo == NULL) {
264 AUTH_LOGE(AUTH_KEY, "param error");
265 return SOFTBUS_INVALID_PARAM;
266 }
267 if (g_userKeyList == NULL) {
268 AUTH_LOGE(AUTH_KEY, "g_userKeyList is empty");
269 return SOFTBUS_NO_INIT;
270 }
271 const UserKeyInfo *item = NULL;
272
273 if (SoftBusMutexLock(&g_userKeyList->lock) != SOFTBUS_OK) {
274 AUTH_LOGE(AUTH_KEY, "get user key lock fail");
275 return SOFTBUS_LOCK_ERR;
276 }
277 LIST_FOR_EACH_ENTRY(item, &g_userKeyList->list, UserKeyInfo, node) {
278 if (!CompareByAclDiffAccount(aclInfo, &item->aclInfo, aclInfo->isServer == item->aclInfo.isServer)) {
279 continue;
280 }
281 if (memcpy_s(userKeyInfo, sizeof(AuthUserKeyInfo), &item->ukInfo, sizeof(AuthUserKeyInfo)) != EOK) {
282 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
283 AUTH_LOGE(AUTH_KEY, "memcpy_s user key info fail.");
284 return SOFTBUS_MEM_ERR;
285 }
286 AUTH_LOGI(AUTH_KEY, "get user key item, no need insert, index=%{public}d", item->ukInfo.keyIndex);
287 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
288 return SOFTBUS_OK;
289 }
290 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
291 AUTH_LOGE(AUTH_KEY, "user key not found.");
292 return SOFTBUS_CHANNEL_AUTH_KEY_NOT_FOUND;
293 }
294
GetUserKeyInfoSameAccount(const AuthACLInfo * aclInfo,AuthUserKeyInfo * userKeyInfo)295 int32_t GetUserKeyInfoSameAccount(const AuthACLInfo *aclInfo, AuthUserKeyInfo *userKeyInfo)
296 {
297 if (aclInfo == NULL || userKeyInfo == NULL) {
298 AUTH_LOGE(AUTH_KEY, "param error");
299 return SOFTBUS_INVALID_PARAM;
300 }
301 if (g_userKeyList == NULL) {
302 AUTH_LOGE(AUTH_KEY, "g_userKeyList is empty");
303 return SOFTBUS_NO_INIT;
304 }
305 const UserKeyInfo *item = NULL;
306
307 if (SoftBusMutexLock(&g_userKeyList->lock) != SOFTBUS_OK) {
308 AUTH_LOGE(AUTH_KEY, "get user key lock fail");
309 return SOFTBUS_LOCK_ERR;
310 }
311 LIST_FOR_EACH_ENTRY(item, &g_userKeyList->list, UserKeyInfo, node) {
312 if (!CompareByAclSameAccount(aclInfo, &item->aclInfo, aclInfo->isServer == item->aclInfo.isServer)) {
313 continue;
314 }
315 if (memcpy_s(userKeyInfo, sizeof(AuthUserKeyInfo), &item->ukInfo, sizeof(AuthUserKeyInfo)) != EOK) {
316 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
317 AUTH_LOGE(AUTH_KEY, "memcpy_s user key info fail.");
318 return SOFTBUS_MEM_ERR;
319 }
320 AUTH_LOGI(AUTH_KEY, "get user key item, no need insert, index=%{public}d", item->ukInfo.keyIndex);
321 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
322 return SOFTBUS_OK;
323 }
324 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
325 AUTH_LOGE(AUTH_KEY, "user key not found");
326 return SOFTBUS_CHANNEL_AUTH_KEY_NOT_FOUND;
327 }
328
GetUserKeyByUkId(int32_t sessionKeyId,uint8_t * uk,uint32_t ukLen)329 int32_t GetUserKeyByUkId(int32_t sessionKeyId, uint8_t *uk, uint32_t ukLen)
330 {
331 if (uk == NULL || g_userKeyList == NULL) {
332 AUTH_LOGE(AUTH_KEY, "param error");
333 return SOFTBUS_INVALID_PARAM;
334 }
335 const UserKeyInfo *item = NULL;
336
337 if (SoftBusMutexLock(&g_userKeyList->lock) != SOFTBUS_OK) {
338 AUTH_LOGE(AUTH_KEY, "get user key lock fail");
339 return SOFTBUS_LOCK_ERR;
340 }
341 LIST_FOR_EACH_ENTRY(item, &g_userKeyList->list, UserKeyInfo, node) {
342 if (item->ukInfo.keyIndex != sessionKeyId) {
343 continue;
344 }
345 if (ukLen < item->ukInfo.keyLen || memcpy_s(uk, ukLen, item->ukInfo.deviceKey, item->ukInfo.keyLen) != EOK) {
346 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
347 AUTH_LOGE(AUTH_KEY, "memcpy_s user key fail.");
348 return SOFTBUS_MEM_ERR;
349 }
350 AUTH_LOGI(AUTH_KEY, "get user key item, no need insert, index=%{public}d", item->ukInfo.keyIndex);
351 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
352 return SOFTBUS_OK;
353 }
354 (void)SoftBusMutexUnlock(&g_userKeyList->lock);
355 AUTH_LOGE(AUTH_KEY, "user key not found.");
356 return SOFTBUS_CHANNEL_AUTH_KEY_NOT_FOUND;
357 }