1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "auth_uk_manager.h"
17 #include <securec.h>
18 #include "anonymizer.h"
19 #include "auth_log.h"
20 #include "auth_common.h"
21 #include "auth_connection.h"
22 #include "auth_deviceprofile.h"
23 #include "auth_hichain.h"
24 #include "auth_hichain_adapter.h"
25 #include "auth_identity_service_adapter.h"
26 #include "auth_interface.h"
27 #include "auth_manager.h"
28 #include "bus_center_manager.h"
29 #include "device_auth.h"
30 #include "lnn_async_callback_utils.h"
31 #include "lnn_distributed_net_ledger.h"
32 #include "lnn_local_net_ledger.h"
33 #include "lnn_log.h"
34 #include "lnn_ohos_account.h"
35 #include "lnn_ohos_account_adapter.h"
36 #include "session.h"
37 #include "softbus_adapter_crypto.h"
38 #include "softbus_adapter_mem.h"
39 #include "softbus_adapter_socket.h"
40 #include "softbus_error_code.h"
41 #include "softbus_json_utils.h"
42 #include "softbus_transmission_interface.h"
43
44 #define AUTH_APPID "softbus_auth"
45 #define ENCRYPT_INDEX_LEN 4
46 #define KEY_LENGTH 16
47 #define AUTH_PKT_HEAD_LEN 24
48 #define JSON_UK_DATA_TYPE "ukDataType"
49 #define UK_NEGO_PKGNAME "gen_Uk"
50 #define UK_NEGO_SESSIONNAME "ohos.genUk.com"
51 #define PEER_ACCOUNT_ID "peer_account_id"
52 #define LOCAL_ACCOUNT_ID "local_account_id"
53 #define DEFAULT_ACCOUNT_UID "ohosAnonymousUid"
54 #define DEFAULT_CHANNEL_ID 0
55 #define UK_MAX_INSTANCE_CNT 0x2000000
56 #define UK_NEGO_PROCESS_TIMEOUT (10 * 1000LL)
57 #define UK_SEQ_NETWORK_ID_BITS 16
58 #define SEQ_TIME_STAMP_BITS 8
59 #define SEQ_TIME_STAMP_MASK 0xFFL
60 #define UK_SEQ_INTEGER_BITS 7
61 #define UK_SEQ_INTEGER_MAX 0x0FFFFFFF
62 #define PEER_OS_ACCOUNT_ID_STR "peerOsAccountId"
63
64 static uint32_t g_uniqueId = 0;
65 static uint64_t g_ukDecayTime = 15552000000; //180 * 24 * 60 * 60 * 1000L
66 static SoftBusList *g_ukNegotiateList = NULL;
67 static SoftBusMutex g_ukNegotiateListLock;
68
69 static void OnGenFailed(uint32_t requestId, int32_t reason);
70 static void OnGenSuccess(uint32_t requestId);
71 static int32_t SendUkNegoCloseAckEvent(int32_t channelId, uint32_t requestId);
72 static HiChainAuthMode GetHichainAuthMode(const AuthACLInfo *info);
73
74 typedef struct {
75 uint32_t requestId;
76 bool isGenUkSuccess;
77 int32_t reason;
78 int32_t ukId;
79 } SyncGenUkResult;
80
81 typedef enum {
82 GENUK_STATE_WAIT = 1,
83 GENUK_STATE_START,
84 GENUK_STATE_UNKNOW,
85 } GenUkStartState;
86
87 typedef struct {
88 int32_t ukId;
89 int32_t channelId;
90 uint32_t requestId;
91 uint32_t keyLen;
92 HiChainAuthMode authMode;
93 GenUkStartState state;
94 AuthACLInfo info;
95 UkNegotiateInfo negoInfo;
96 AuthGenUkCallback genCb;
97 ListNode node;
98 } UkNegotiateInstance;
99
RequireUkNegotiateListLock(void)100 static bool RequireUkNegotiateListLock(void)
101 {
102 if (SoftBusMutexLock(&g_ukNegotiateListLock) != SOFTBUS_OK) {
103 AUTH_LOGE(AUTH_CONN, "UkNegotiateList lock fail");
104 return false;
105 }
106 return true;
107 }
108
ReleaseUkNegotiateListLock(void)109 static void ReleaseUkNegotiateListLock(void)
110 {
111 if (SoftBusMutexUnlock(&g_ukNegotiateListLock) != SOFTBUS_OK) {
112 AUTH_LOGE(AUTH_CONN, "UkNegotiateList unlock fail");
113 }
114 }
115
InitUkNegoInstanceList(void)116 int32_t InitUkNegoInstanceList(void)
117 {
118 if (g_ukNegotiateList != NULL) {
119 return SOFTBUS_OK;
120 }
121 g_ukNegotiateList = CreateSoftBusList();
122 if (g_ukNegotiateList == NULL) {
123 AUTH_LOGE(AUTH_INIT, "uknego create instance list fail");
124 return SOFTBUS_CREATE_LIST_ERR;
125 }
126 g_ukNegotiateList->cnt = 0;
127 return SOFTBUS_OK;
128 }
129
DeInitUkNegoInstanceList(void)130 void DeInitUkNegoInstanceList(void)
131 {
132 UkNegotiateInstance *item = NULL;
133 UkNegotiateInstance *nextItem = NULL;
134
135 if (g_ukNegotiateList == NULL) {
136 AUTH_LOGE(AUTH_CONN, "g_ukNegotiateList is null");
137 return;
138 }
139 if (!RequireUkNegotiateListLock()) {
140 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
141 return;
142 }
143 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_ukNegotiateList->list, UkNegotiateInstance, node) {
144 ListDelete(&item->node);
145 SoftBusFree(item);
146 }
147 AUTH_LOGI(AUTH_CONN, "deinit uknego instance");
148 ReleaseUkNegotiateListLock();
149 DestroySoftBusList(g_ukNegotiateList);
150 g_ukNegotiateList = NULL;
151 }
152
GetGenUkInstanceByChannel(int32_t channelId,UkNegotiateInstance * instance)153 static int32_t GetGenUkInstanceByChannel(int32_t channelId, UkNegotiateInstance *instance)
154 {
155 if (g_ukNegotiateList == NULL) {
156 AUTH_LOGE(AUTH_CONN, "g_ukNegotiateList is null");
157 return SOFTBUS_NO_INIT;
158 }
159 if (instance == NULL) {
160 AUTH_LOGE(AUTH_CONN, "instance is null");
161 return SOFTBUS_INVALID_PARAM;
162 }
163 UkNegotiateInstance *item = NULL;
164 UkNegotiateInstance *nextItem = NULL;
165 if (!RequireUkNegotiateListLock()) {
166 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
167 return SOFTBUS_LOCK_ERR;
168 }
169 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_ukNegotiateList->list, UkNegotiateInstance, node) {
170 if (item->channelId != channelId) {
171 continue;
172 }
173 if (memcpy_s(instance, sizeof(UkNegotiateInstance), item, sizeof(UkNegotiateInstance)) != EOK) {
174 ReleaseUkNegotiateListLock();
175 AUTH_LOGE(AUTH_CONN, "uknego memcpy_s instance fail, channelId=%{public}d", channelId);
176 return SOFTBUS_MEM_ERR;
177 }
178 ReleaseUkNegotiateListLock();
179 return SOFTBUS_OK;
180 }
181 ReleaseUkNegotiateListLock();
182 AUTH_LOGE(AUTH_CONN, "uknego instance not found, channelId=%{public}d", channelId);
183 return SOFTBUS_AUTH_UK_INSTANCE_NOT_FIND;
184 }
185
GetSameUkInstanceNum(AuthACLInfo * info)186 static uint32_t GetSameUkInstanceNum(AuthACLInfo *info)
187 {
188 if (g_ukNegotiateList == NULL) {
189 AUTH_LOGE(AUTH_INIT, "uknego instance is null");
190 return 0;
191 }
192
193 uint32_t num = 0;
194 UkNegotiateInstance *item = NULL;
195 UkNegotiateInstance *nextItem = NULL;
196 if (!RequireUkNegotiateListLock()) {
197 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
198 return num;
199 }
200 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_ukNegotiateList->list, UkNegotiateInstance, node) {
201 if (!CompareByAllAcl(info, &item->info, info->isServer == item->info.isServer)) {
202 continue;
203 }
204 if (item->state == GENUK_STATE_START) {
205 num++;
206 }
207 }
208 AUTH_LOGI(AUTH_CONN, "list has same aclinfo instance num=%{public}u", num);
209 ReleaseUkNegotiateListLock();
210 return num;
211 }
212
GetGenUkInstanceByReq(uint32_t requestId,UkNegotiateInstance * instance)213 static int32_t GetGenUkInstanceByReq(uint32_t requestId, UkNegotiateInstance *instance)
214 {
215 if (g_ukNegotiateList == NULL) {
216 AUTH_LOGE(AUTH_INIT, "uknego instance is null");
217 return SOFTBUS_NO_INIT;
218 }
219
220 UkNegotiateInstance *item = NULL;
221 UkNegotiateInstance *nextItem = NULL;
222 if (!RequireUkNegotiateListLock()) {
223 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
224 return SOFTBUS_LOCK_ERR;
225 }
226 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_ukNegotiateList->list, UkNegotiateInstance, node) {
227 if (item->requestId != requestId) {
228 continue;
229 }
230 if (instance != NULL &&
231 memcpy_s(instance, sizeof(UkNegotiateInstance), item, sizeof(UkNegotiateInstance)) != EOK) {
232 ReleaseUkNegotiateListLock();
233 AUTH_LOGE(AUTH_CONN, "uknego memcpy_s instance fail, requestId=%{public}u", requestId);
234 return SOFTBUS_MEM_ERR;
235 }
236 ReleaseUkNegotiateListLock();
237 return SOFTBUS_OK;
238 }
239 AUTH_LOGE(AUTH_CONN, "uknego req not found, requestId=%{public}u", requestId);
240 ReleaseUkNegotiateListLock();
241 return SOFTBUS_AUTH_UK_INSTANCE_NOT_FIND;
242 }
243
GetUkNegotiateInfo(uint32_t requestId)244 static UkNegotiateInfo *GetUkNegotiateInfo(uint32_t requestId)
245 {
246 if (g_ukNegotiateList == NULL) {
247 AUTH_LOGE(AUTH_INIT, "uknego instance is null");
248 return NULL;
249 }
250 UkNegotiateInstance *item = NULL;
251 UkNegotiateInstance *nextItem = NULL;
252
253 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_ukNegotiateList->list, UkNegotiateInstance, node) {
254 if (item->requestId == requestId) {
255 return &item->negoInfo;
256 }
257 }
258 return NULL;
259 }
260
GenUkTimeoutProcess(void * para)261 static void GenUkTimeoutProcess(void *para)
262 {
263 OnGenFailed((uint32_t)(uintptr_t)para, SOFTBUS_CHANNEL_AUTH_START_TIMEOUT);
264 }
265
AuthGenUkStartTimeout(uint32_t requestId)266 static void AuthGenUkStartTimeout(uint32_t requestId)
267 {
268 LnnAsyncCallbackDelayHelper(
269 GetLooper(LOOP_TYPE_DEFAULT), GenUkTimeoutProcess, (void *)(uintptr_t)requestId, UK_NEGO_PROCESS_TIMEOUT);
270 }
271
PrintfAuthAclInfo(uint32_t requestId,uint32_t channelId,const AuthACLInfo * info)272 void PrintfAuthAclInfo(uint32_t requestId, uint32_t channelId, const AuthACLInfo *info)
273 {
274 if (info == NULL) {
275 AUTH_LOGE(AUTH_CONN, "AuthACLInfo is null");
276 return;
277 }
278
279 char *anonySourceUdid = NULL;
280 char *anonySinkUdid = NULL;
281 char *anonySourceAccountId = NULL;
282 char *anonySinkAccountId = NULL;
283 Anonymize(info->sourceUdid, &anonySourceUdid);
284 Anonymize(info->sinkUdid, &anonySinkUdid);
285 Anonymize(info->sourceAccountId, &anonySourceAccountId);
286 Anonymize(info->sinkAccountId, &anonySinkAccountId);
287 AUTH_LOGI(AUTH_CONN,
288 "uknego requestId=%{public}u, channelId=%{public}d, isServer=%{public}d, sourceUdid=%{public}s, "
289 "sinkUdid=%{public}s, sourceAccountId=%{public}s, sinkAccountId=%{public}s, sourceUserId=%{public}d, "
290 "sinkUserId=%{public}d, sourceTokenId=%{public}" PRIu64 ", sinkTokenId=%{public}" PRIu64,
291 requestId, channelId, info->isServer, AnonymizeWrapper(anonySourceUdid), AnonymizeWrapper(anonySinkUdid),
292 AnonymizeWrapper(anonySourceAccountId), AnonymizeWrapper(anonySinkAccountId), info->sourceUserId,
293 info->sinkUserId, info->sourceTokenId, info->sinkTokenId);
294 AnonymizeFree(anonySourceUdid);
295 AnonymizeFree(anonySinkUdid);
296 AnonymizeFree(anonySourceAccountId);
297 AnonymizeFree(anonySinkAccountId);
298 }
299
CreateUkNegotiateInstance(uint32_t requestId,uint32_t channelId,const AuthACLInfo * info,const AuthGenUkCallback * genCb)300 static int32_t CreateUkNegotiateInstance(
301 uint32_t requestId, uint32_t channelId, const AuthACLInfo *info, const AuthGenUkCallback *genCb)
302 {
303 if (g_ukNegotiateList == NULL) {
304 AUTH_LOGE(AUTH_INIT, "uknego instance is null");
305 return SOFTBUS_NO_INIT;
306 }
307
308 if (!RequireUkNegotiateListLock()) {
309 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
310 return SOFTBUS_LOCK_ERR;
311 }
312 UkNegotiateInstance *instance = NULL;
313 instance = (UkNegotiateInstance *)SoftBusCalloc(sizeof(UkNegotiateInstance));
314 if (instance == NULL) {
315 AUTH_LOGE(AUTH_CONN, "malloc instance fail");
316 ReleaseUkNegotiateListLock();
317 return SOFTBUS_MEM_ERR;
318 }
319 instance->channelId = (int32_t)channelId;
320 instance->requestId = requestId;
321 instance->info = *info;
322 instance->authMode = GetHichainAuthMode(info);
323 instance->state = GENUK_STATE_UNKNOW;
324 instance->genCb = *genCb;
325 instance->negoInfo.isRecvSessionKeyEvent = false;
326 instance->negoInfo.isRecvFinishEvent = false;
327 instance->negoInfo.isRecvCloseAckEvent = false;
328 ListInit(&instance->node);
329 ListAdd(&g_ukNegotiateList->list, &instance->node);
330 PrintfAuthAclInfo(requestId, channelId, info);
331 ReleaseUkNegotiateListLock();
332 AuthGenUkStartTimeout(requestId);
333 return SOFTBUS_OK;
334 }
335
UpdateUkNegotiateInfo(uint32_t requestId,const UkNegotiateInstance * instance)336 static int32_t UpdateUkNegotiateInfo(uint32_t requestId, const UkNegotiateInstance *instance)
337 {
338 if (g_ukNegotiateList == NULL) {
339 AUTH_LOGE(AUTH_INIT, "uknego instance is null");
340 return SOFTBUS_NO_INIT;
341 }
342 if (instance == NULL) {
343 AUTH_LOGE(AUTH_CONN, "instance is null");
344 return SOFTBUS_INVALID_PARAM;
345 }
346 UkNegotiateInstance *item = NULL;
347 UkNegotiateInstance *nextItem = NULL;
348
349 if (!RequireUkNegotiateListLock()) {
350 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
351 return SOFTBUS_LOCK_ERR;
352 }
353 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_ukNegotiateList->list, UkNegotiateInstance, node) {
354 if (item->requestId != requestId) {
355 continue;
356 }
357 item->ukId = instance->ukId;
358 item->channelId = instance->channelId;
359 item->keyLen = instance->keyLen;
360 item->authMode = instance->authMode;
361 item->state = instance->state;
362 item->negoInfo.isRecvSessionKeyEvent = instance->negoInfo.isRecvSessionKeyEvent;
363 item->negoInfo.isRecvFinishEvent = instance->negoInfo.isRecvFinishEvent;
364 item->negoInfo.isRecvCloseAckEvent = instance->negoInfo.isRecvCloseAckEvent;
365 AUTH_LOGI(AUTH_CONN,
366 "update uknego requestId=%{public}u, channelId=%{public}d, state=%{public}d, "
367 "isCloseAck=%{public}d, isFinish=%{public}d, isSessionKey=%{public}d",
368 requestId, item->channelId, item->state, item->negoInfo.isRecvSessionKeyEvent,
369 item->negoInfo.isRecvFinishEvent, item->negoInfo.isRecvCloseAckEvent);
370 if (memcpy_s(&item->info, sizeof(AuthACLInfo), (uint8_t *)&instance->info, sizeof(AuthACLInfo)) != EOK) {
371 AUTH_LOGE(AUTH_CONN, "memcpy_s uknego acl data fail");
372 ReleaseUkNegotiateListLock();
373 return SOFTBUS_AUTH_ACL_SET_CHANNEL_FAIL;
374 }
375 ReleaseUkNegotiateListLock();
376 return SOFTBUS_OK;
377 }
378 AUTH_LOGE(AUTH_CONN, "uknego req not found, requestId=%{public}u", requestId);
379 ReleaseUkNegotiateListLock();
380 return SOFTBUS_AUTH_ACL_SET_CHANNEL_FAIL;
381 }
382
DeleteUkNegotiateInstance(uint32_t requestId)383 static void DeleteUkNegotiateInstance(uint32_t requestId)
384 {
385 if (g_ukNegotiateList == NULL) {
386 AUTH_LOGE(AUTH_INIT, "uknego instance is null");
387 return;
388 }
389
390 UkNegotiateInstance *item = NULL;
391 UkNegotiateInstance *nextItem = NULL;
392 if (!RequireUkNegotiateListLock()) {
393 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
394 return;
395 }
396 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_ukNegotiateList->list, UkNegotiateInstance, node) {
397 if (item->requestId != requestId) {
398 continue;
399 }
400 AUTH_LOGE(AUTH_CONN, "delete uknego instance, requestId=%{public}u", requestId);
401 ListDelete(&(item->node));
402 SoftBusFree(item);
403 ReleaseUkNegotiateListLock();
404 return;
405 }
406 AUTH_LOGE(AUTH_CONN, "uknego instance not found, requestId=%{public}u", requestId);
407 ReleaseUkNegotiateListLock();
408 }
409
CompareByAllAcl(const AuthACLInfo * oldAcl,const AuthACLInfo * newAcl,bool isSameSide)410 bool CompareByAllAcl(const AuthACLInfo *oldAcl, const AuthACLInfo *newAcl, bool isSameSide)
411 {
412 if (oldAcl == NULL || newAcl == NULL) {
413 AUTH_LOGE(AUTH_CONN, "acl invalid param");
414 return false;
415 }
416
417 if (isSameSide) {
418 if (strcmp(oldAcl->sourceUdid, newAcl->sourceUdid) != 0 || strcmp(oldAcl->sinkUdid, newAcl->sinkUdid) != 0 ||
419 oldAcl->sourceUserId != newAcl->sourceUserId || oldAcl->sinkUserId != newAcl->sinkUserId ||
420 oldAcl->sourceTokenId != newAcl->sourceTokenId || oldAcl->sinkTokenId != newAcl->sinkTokenId ||
421 strcmp(oldAcl->sourceAccountId, newAcl->sourceAccountId) != 0 ||
422 strcmp(oldAcl->sinkAccountId, newAcl->sinkAccountId) != 0) {
423 AUTH_LOGE(AUTH_CONN, "same side compare fail");
424 return false;
425 }
426 return true;
427 } else {
428 if (strcmp(oldAcl->sourceUdid, newAcl->sinkUdid) != 0 || strcmp(oldAcl->sinkUdid, newAcl->sourceUdid) != 0 ||
429 oldAcl->sourceUserId != newAcl->sinkUserId || oldAcl->sinkUserId != newAcl->sourceUserId ||
430 oldAcl->sourceTokenId != newAcl->sinkTokenId || oldAcl->sinkTokenId != newAcl->sourceTokenId ||
431 strcmp(oldAcl->sourceAccountId, newAcl->sinkAccountId) != 0 ||
432 strcmp(oldAcl->sinkAccountId, newAcl->sourceAccountId) != 0) {
433 AUTH_LOGE(AUTH_CONN, "diff side compare fail");
434 return false;
435 }
436 return true;
437 }
438 }
439
CompareByAclDiffAccountWithUserLevel(const AuthACLInfo * oldAcl,const AuthACLInfo * newAcl,bool isSameSide)440 bool CompareByAclDiffAccountWithUserLevel(const AuthACLInfo *oldAcl, const AuthACLInfo *newAcl, bool isSameSide)
441 {
442 if (oldAcl == NULL || newAcl == NULL) {
443 AUTH_LOGE(AUTH_CONN, "acl invalid param");
444 return false;
445 }
446
447 if (isSameSide) {
448 if (strcmp(oldAcl->sourceUdid, newAcl->sourceUdid) != 0 || strcmp(oldAcl->sinkUdid, newAcl->sinkUdid) != 0 ||
449 oldAcl->sourceUserId != newAcl->sourceUserId || oldAcl->sinkUserId != newAcl->sinkUserId) {
450 AUTH_LOGE(AUTH_CONN, "same side compare fail");
451 return false;
452 }
453 return true;
454 } else {
455 if (strcmp(oldAcl->sourceUdid, newAcl->sinkUdid) != 0 || strcmp(oldAcl->sinkUdid, newAcl->sourceUdid) != 0 ||
456 oldAcl->sourceUserId != newAcl->sinkUserId || oldAcl->sinkUserId != newAcl->sourceUserId) {
457 AUTH_LOGE(AUTH_CONN, "diff side compare fail");
458 return false;
459 }
460 return true;
461 }
462 }
463
CompareByAclDiffAccount(const AuthACLInfo * oldAcl,const AuthACLInfo * newAcl,bool isSameSide)464 bool CompareByAclDiffAccount(const AuthACLInfo *oldAcl, const AuthACLInfo *newAcl, bool isSameSide)
465 {
466 if (oldAcl == NULL || newAcl == NULL) {
467 AUTH_LOGE(AUTH_CONN, "acl invalid param");
468 return false;
469 }
470
471 if (isSameSide) {
472 if (strcmp(oldAcl->sourceUdid, newAcl->sourceUdid) != 0 || strcmp(oldAcl->sinkUdid, newAcl->sinkUdid) != 0 ||
473 oldAcl->sourceUserId != newAcl->sourceUserId || oldAcl->sinkUserId != newAcl->sinkUserId ||
474 oldAcl->sourceTokenId != newAcl->sourceTokenId || oldAcl->sinkTokenId != newAcl->sinkTokenId) {
475 AUTH_LOGE(AUTH_CONN, "same side compare fail");
476 return false;
477 }
478 return true;
479 } else {
480 if (strcmp(oldAcl->sourceUdid, newAcl->sinkUdid) != 0 || strcmp(oldAcl->sinkUdid, newAcl->sourceUdid) != 0 ||
481 oldAcl->sourceUserId != newAcl->sinkUserId || oldAcl->sinkUserId != newAcl->sourceUserId ||
482 oldAcl->sourceTokenId != newAcl->sinkTokenId || oldAcl->sinkTokenId != newAcl->sourceTokenId) {
483 AUTH_LOGE(AUTH_CONN, "diff side compare fail");
484 return false;
485 }
486 return true;
487 }
488 }
489
CompareByAclSameAccount(const AuthACLInfo * oldAcl,const AuthACLInfo * newAcl,bool isSameSide)490 bool CompareByAclSameAccount(const AuthACLInfo *oldAcl, const AuthACLInfo *newAcl, bool isSameSide)
491 {
492 if (oldAcl == NULL || newAcl == NULL) {
493 AUTH_LOGE(AUTH_CONN, "acl invalid param");
494 return false;
495 }
496
497 if (strcmp(DEFAULT_ACCOUNT_UID, newAcl->sourceAccountId) == 0 ||
498 strcmp(DEFAULT_ACCOUNT_UID, newAcl->sinkAccountId) == 0 ||
499 strcmp(newAcl->sourceAccountId, newAcl->sinkAccountId) != 0) {
500 AUTH_LOGE(AUTH_CONN, "acl is not same account");
501 return false;
502 }
503 if (isSameSide) {
504 if (strcmp(oldAcl->sourceUdid, newAcl->sourceUdid) != 0 || strcmp(oldAcl->sinkUdid, newAcl->sinkUdid) != 0 ||
505 oldAcl->sourceUserId != newAcl->sourceUserId || oldAcl->sinkUserId != newAcl->sinkUserId ||
506 strcmp(oldAcl->sourceAccountId, newAcl->sourceAccountId) != 0 ||
507 strcmp(oldAcl->sinkAccountId, newAcl->sinkAccountId) != 0) {
508 AUTH_LOGE(AUTH_CONN, "same side compare fail");
509 return false;
510 }
511 return true;
512 } else {
513 if (strcmp(oldAcl->sourceUdid, newAcl->sinkUdid) != 0 || strcmp(oldAcl->sinkUdid, newAcl->sourceUdid) != 0 ||
514 oldAcl->sourceUserId != newAcl->sinkUserId || oldAcl->sinkUserId != newAcl->sourceUserId ||
515 strcmp(oldAcl->sourceAccountId, newAcl->sinkAccountId) != 0 ||
516 strcmp(oldAcl->sinkAccountId, newAcl->sourceAccountId) != 0) {
517 AUTH_LOGE(AUTH_CONN, "diff side compare fail");
518 return false;
519 }
520 return true;
521 }
522 }
523
AsyncCallGenUkResultReceived(void * para)524 static void AsyncCallGenUkResultReceived(void *para)
525 {
526 if (para == NULL) {
527 AUTH_LOGE(AUTH_CONN, "invalid param");
528 return;
529 }
530 SyncGenUkResult *res = (SyncGenUkResult *)para;
531 UkNegotiateInstance instance;
532 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
533 int32_t ret = GetGenUkInstanceByReq(res->requestId, &instance);
534 if (ret != SOFTBUS_OK) {
535 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
536 SoftBusFree(res);
537 return;
538 }
539 if (res->isGenUkSuccess) {
540 AUTH_LOGI(AUTH_CONN, "recv genuk success, requestId=%{public}u", res->requestId);
541 if (instance.genCb.onGenSuccess != NULL) {
542 AUTH_LOGI(AUTH_CONN, "onGenSuccess callback");
543 instance.genCb.onGenSuccess(instance.requestId, res->ukId);
544 TransCloseSessionInner(instance.channelId);
545 DeleteUkNegotiateInstance(instance.requestId);
546 }
547 } else {
548 AUTH_LOGI(AUTH_CONN, "recv genuk fail, requestId=%{public}u, reason=%{public}d", res->requestId, res->reason);
549 if (instance.genCb.onGenFailed != NULL) {
550 AUTH_LOGI(AUTH_CONN, "onGenFailed callback");
551 instance.genCb.onGenFailed(instance.requestId, res->reason);
552 }
553 TransCloseSessionInner(instance.channelId);
554 DeleteUkNegotiateInstance(instance.requestId);
555 }
556 SoftBusFree(res);
557 }
558
UpdateAllGenCbCallback(const AuthACLInfo * info,bool isSuccess,int32_t reason,int32_t ukId)559 static void UpdateAllGenCbCallback(const AuthACLInfo *info, bool isSuccess, int32_t reason, int32_t ukId)
560 {
561 if (g_ukNegotiateList == NULL) {
562 AUTH_LOGE(AUTH_INIT, "uknego instance is null");
563 return;
564 }
565
566 UkNegotiateInstance *item = NULL;
567 UkNegotiateInstance *nextItem = NULL;
568 if (!RequireUkNegotiateListLock()) {
569 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
570 return;
571 }
572 LIST_FOR_EACH_ENTRY_SAFE(item, nextItem, &g_ukNegotiateList->list, UkNegotiateInstance, node) {
573 if (!CompareByAllAcl(info, &item->info, info->isServer == item->info.isServer)) {
574 continue;
575 }
576 if (isSuccess) {
577 item->negoInfo.isRecvSessionKeyEvent = true;
578 item->negoInfo.isRecvFinishEvent = true;
579 item->negoInfo.isRecvCloseAckEvent = true;
580 }
581 SyncGenUkResult *result = (SyncGenUkResult *)SoftBusCalloc(sizeof(SyncGenUkResult));
582 if (result == NULL) {
583 ReleaseUkNegotiateListLock();
584 AUTH_LOGE(AUTH_CONN, "calloc result fail");
585 return;
586 }
587 result->requestId = item->requestId;
588 result->isGenUkSuccess = isSuccess;
589 result->reason = reason;
590 result->ukId = ukId;
591 if (LnnAsyncCallbackDelayHelper(
592 GetLooper(LOOP_TYPE_DEFAULT), AsyncCallGenUkResultReceived, (void *)result, 0) != SOFTBUS_OK) {
593 AUTH_LOGE(AUTH_CONN, "async uknego success event fail");
594 SoftBusFree(result);
595 }
596 }
597 ReleaseUkNegotiateListLock();
598 }
599
OnGenSuccess(uint32_t requestId)600 static void OnGenSuccess(uint32_t requestId)
601 {
602 AUTH_LOGI(AUTH_CONN, "OnGenSuccess, requestId=%{public}u", requestId);
603 UkNegotiateInstance instance;
604 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
605 int32_t ret = GetGenUkInstanceByReq(requestId, &instance);
606 if (ret != SOFTBUS_OK) {
607 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
608 return;
609 }
610 if (!instance.negoInfo.isRecvSessionKeyEvent || !instance.negoInfo.isRecvFinishEvent ||
611 !instance.negoInfo.isRecvCloseAckEvent) {
612 AUTH_LOGI(AUTH_CONN,
613 "uknego is not complete, recvsessionkey=%{public}d, recvfinish=%{public}d, recvack=%{public}d",
614 instance.negoInfo.isRecvSessionKeyEvent, instance.negoInfo.isRecvFinishEvent,
615 instance.negoInfo.isRecvCloseAckEvent);
616 return;
617 }
618 UpdateAllGenCbCallback(&instance.info, true, SOFTBUS_OK, instance.ukId);
619 }
620
OnGenFailed(uint32_t requestId,int32_t reason)621 static void OnGenFailed(uint32_t requestId, int32_t reason)
622 {
623 AUTH_LOGE(AUTH_CONN, "OnGenFailed, requestId=%{public}u, reason=%{public}d", requestId, reason);
624 UkNegotiateInstance instance;
625 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
626 int32_t ret = GetGenUkInstanceByReq(requestId, &instance);
627 if (ret != SOFTBUS_OK) {
628 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
629 return;
630 }
631 UpdateAllGenCbCallback(&instance.info, false, reason, 0);
632 }
633
PackUkAclParam(const AuthACLInfo * info,bool isClient)634 static char *PackUkAclParam(const AuthACLInfo *info, bool isClient)
635 {
636 cJSON *msg = cJSON_CreateObject();
637 if (msg == NULL) {
638 AUTH_LOGE(AUTH_CONN, "create json fail");
639 return NULL;
640 }
641 if (!AddStringToJsonObject(msg, FIELD_PEER_UDID, info->sourceUdid) ||
642 !AddStringToJsonObject(msg, FIELD_UDID, info->sinkUdid) ||
643 !AddNumberToJsonObject(msg, FIELD_PEER_USER_ID, info->sourceUserId) ||
644 !AddNumberToJsonObject(msg, FIELD_USER_ID, info->sinkUserId) ||
645 !AddNumber64ToJsonObject(msg, FIELD_PEER_CONN_DEVICE_ID, info->sourceTokenId) ||
646 !AddNumber64ToJsonObject(msg, FIELD_DEVICE_ID, info->sinkTokenId) ||
647 !AddStringToJsonObject(msg, PEER_ACCOUNT_ID, info->sourceAccountId) ||
648 !AddStringToJsonObject(msg, LOCAL_ACCOUNT_ID, info->sinkAccountId) ||
649 !AddBoolToJsonObject(msg, FIELD_IS_CLIENT, isClient)) {
650 AUTH_LOGE(AUTH_CONN, "add json object fail");
651 cJSON_Delete(msg);
652 return NULL;
653 }
654 char *data = cJSON_PrintUnformatted(msg);
655 if (data == NULL) {
656 AUTH_LOGE(AUTH_CONN, "cJSON_PrintUnformatted fail");
657 }
658 cJSON_Delete(msg);
659 return data;
660 }
661
UnpackUkAclParam(const char * data,uint32_t len,AuthACLInfo * info)662 static int32_t UnpackUkAclParam(const char *data, uint32_t len, AuthACLInfo *info)
663 {
664 cJSON *msg = cJSON_ParseWithLength((char *)data, len);
665 if (msg == NULL) {
666 AUTH_LOGE(AUTH_CONN, "cJSON_ParseWithLength fail");
667 return SOFTBUS_CREATE_JSON_ERR;
668 }
669 bool isClient = false;
670 if (!GetJsonObjectStringItem(msg, FIELD_PEER_UDID, info->sourceUdid, UDID_BUF_LEN) ||
671 !GetJsonObjectStringItem(msg, FIELD_UDID, info->sinkUdid, UDID_BUF_LEN) ||
672 !GetJsonObjectNumberItem(msg, FIELD_PEER_USER_ID, &info->sourceUserId) ||
673 !GetJsonObjectNumberItem(msg, FIELD_USER_ID, &info->sinkUserId) ||
674 !GetJsonObjectNumber64Item(msg, FIELD_PEER_CONN_DEVICE_ID, &info->sourceTokenId) ||
675 !GetJsonObjectNumber64Item(msg, FIELD_DEVICE_ID, &info->sinkTokenId) ||
676 !GetJsonObjectStringItem(msg, PEER_ACCOUNT_ID, info->sourceAccountId, ACCOUNT_ID_BUF_LEN) ||
677 !GetJsonObjectStringItem(msg, LOCAL_ACCOUNT_ID, info->sinkAccountId, ACCOUNT_ID_BUF_LEN) ||
678 !GetJsonObjectBoolItem(msg, FIELD_IS_CLIENT, &isClient)) {
679 AUTH_LOGE(AUTH_CONN, "get json object fail");
680 cJSON_Delete(msg);
681 return SOFTBUS_PARSE_JSON_ERR;
682 }
683 cJSON_Delete(msg);
684 info->isServer = !isClient;
685 return SOFTBUS_OK;
686 }
687
JudgeIsSameAccount(const char * accountHash)688 static bool JudgeIsSameAccount(const char *accountHash)
689 {
690 uint8_t localAccountHash[SHA_256_HASH_LEN] = { 0 };
691 uint8_t peerAccountHash[SHA_256_HASH_LEN] = { 0 };
692
693 if (LnnGetLocalByteInfo(BYTE_KEY_ACCOUNT_HASH, localAccountHash, SHA_256_HASH_LEN) != SOFTBUS_OK) {
694 AUTH_LOGE(AUTH_CONN, "get local account hash fail");
695 return false;
696 }
697 if (ConvertHexStringToBytes(peerAccountHash, SHA_256_HASH_LEN, accountHash, strlen(accountHash)) != SOFTBUS_OK) {
698 AUTH_LOGE(AUTH_CONN, "convert peer account hash to bytes fail");
699 return false;
700 }
701 AUTH_LOGI(AUTH_CONN, "local account=%{public}02X%{public}02X, peer account=%{public}02X%{public}02X",
702 localAccountHash[0], localAccountHash[1], peerAccountHash[0], peerAccountHash[1]);
703 return ((memcmp(localAccountHash, peerAccountHash, SHA_256_HASH_LEN) == 0) && (!LnnIsDefaultOhosAccount()));
704 }
705
GetShortUdidHash(char * udid,char * udidHash,uint32_t len)706 static int32_t GetShortUdidHash(char *udid, char *udidHash, uint32_t len)
707 {
708 if (udid == NULL || udidHash == NULL) {
709 AUTH_LOGE(AUTH_CONN, "invalid param");
710 return SOFTBUS_INVALID_PARAM;
711 }
712
713 uint8_t hash[UDID_HASH_LEN] = { 0 };
714 if (SoftBusGenerateStrHash((unsigned char *)udid, strlen(udid), (unsigned char *)hash) != SOFTBUS_OK) {
715 AUTH_LOGE(AUTH_CONN, "generate strhash fail");
716 return SOFTBUS_NETWORK_GENERATE_STR_HASH_ERR;
717 }
718 if (ConvertBytesToHexString(udidHash, len, hash, UDID_SHORT_HASH_LEN_TEMP) != SOFTBUS_OK) {
719 AUTH_LOGE(AUTH_CONN, "convert bytes to string fail");
720 return SOFTBUS_NETWORK_BYTES_TO_HEX_STR_ERR;
721 }
722 return SOFTBUS_OK;
723 }
724
GetCredIdByIdService(char * localUdidHash,char * remoteUdidHash,char * accountHash,int32_t userId)725 static char *GetCredIdByIdService(char *localUdidHash, char *remoteUdidHash, char *accountHash, int32_t userId)
726 {
727 char *credList = NULL;
728 char *credId = NULL;
729 char accountHashStr[SHA_256_HEX_HASH_LEN] = { 0 };
730
731 if (ConvertBytesToHexString(accountHashStr, SHA_256_HEX_HASH_LEN, (unsigned char *)accountHash, SHA_256_HASH_LEN) !=
732 SOFTBUS_OK) {
733 AUTH_LOGE(AUTH_CONN, "convert account to string fail");
734 return credId;
735 }
736 bool isSameAccount = JudgeIsSameAccount(accountHashStr);
737 char *udidShortHash = isSameAccount ? (char *)localUdidHash : (char *)remoteUdidHash;
738 if (IdServiceQueryCredential(userId, udidShortHash, accountHashStr, isSameAccount, &credList) != SOFTBUS_OK) {
739 AUTH_LOGE(AUTH_CONN, "query credential fail");
740 return credId;
741 }
742 credId = IdServiceGetCredIdFromCredList(userId, credList);
743 if (credId == NULL) {
744 AUTH_LOGE(AUTH_CONN, "get cred id fail");
745 }
746 IdServiceDestroyCredentialList(&credList);
747 return credId;
748 }
749
GenerateAuthParam(NodeInfo * localNodeInfo,NodeInfo * remoteNodeInfo,const AuthACLInfo * info,HiChainAuthMode authMode,HiChainAuthParam * authParam)750 static int32_t GenerateAuthParam(NodeInfo *localNodeInfo, NodeInfo *remoteNodeInfo, const AuthACLInfo *info,
751 HiChainAuthMode authMode, HiChainAuthParam *authParam)
752 {
753 if (localNodeInfo == NULL || remoteNodeInfo == NULL || info == NULL || authParam == NULL) {
754 AUTH_LOGE(AUTH_CONN, "invalid param");
755 return SOFTBUS_INVALID_PARAM;
756 }
757 char *credId = NULL;
758 char localUdidHash[SHA_256_HEX_HASH_LEN] = { 0 };
759 char remoteUdidHash[SHA_256_HEX_HASH_LEN] = { 0 };
760 char *remoteUdid = info->isServer ? (char *)info->sinkUdid : (char *)info->sourceUdid;
761 char *remoteAccountId = info->isServer ? (char *)info->sinkAccountId : (char *)info->sourceAccountId;
762 int32_t remoteUserId = info->isServer ? info->sinkUserId : info->sourceUserId;
763
764 int32_t ret = GetShortUdidHash(localNodeInfo->deviceInfo.deviceUdid, localUdidHash, SHA_256_HEX_HASH_LEN);
765 if (ret != SOFTBUS_OK) {
766 AUTH_LOGE(AUTH_CONN, "get local udid hash fail");
767 return ret;
768 }
769 ret = GetShortUdidHash(remoteNodeInfo->deviceInfo.deviceUdid, remoteUdidHash, SHA_256_HEX_HASH_LEN);
770 if (ret != SOFTBUS_OK) {
771 AUTH_LOGE(AUTH_CONN, "get remote udid hash fail");
772 return ret;
773 }
774 if (strcpy_s(authParam->udid, UDID_BUF_LEN, remoteUdid) != EOK ||
775 strcpy_s(authParam->uid, MAX_ACCOUNT_HASH_LEN, remoteAccountId) != EOK) {
776 AUTH_LOGE(AUTH_FSM, "copy peer udid and uid fail");
777 return SOFTBUS_STRCPY_ERR;
778 }
779 if (authMode == HICHAIN_AUTH_IDENTITY_SERVICE) {
780 credId =
781 GetCredIdByIdService(localUdidHash, remoteUdidHash, remoteNodeInfo->accountHash, localNodeInfo->userId);
782 if (credId == NULL) {
783 AUTH_LOGE(AUTH_CONN, "get cred id fail");
784 return SOFTBUS_AUTH_GET_CRED_ID_FAIL;
785 }
786 if (strcpy_s(authParam->credId, MAX_CRED_ID_SIZE, credId) != EOK) {
787 AUTH_LOGE(AUTH_FSM, "copy peer udid and uid fail");
788 SoftBusFree(credId);
789 return SOFTBUS_STRCPY_ERR;
790 }
791 SoftBusFree(credId);
792 }
793 authParam->userId = remoteUserId;
794 return SOFTBUS_OK;
795 }
796
GetUkNegoAuthParamInfo(const AuthACLInfo * info,HiChainAuthMode authMode,HiChainAuthParam * authParam)797 static int32_t GetUkNegoAuthParamInfo(const AuthACLInfo *info, HiChainAuthMode authMode, HiChainAuthParam *authParam)
798 {
799 if (info == NULL || authParam == NULL) {
800 AUTH_LOGE(AUTH_CONN, "invalid param");
801 return SOFTBUS_INVALID_PARAM;
802 }
803
804 NodeInfo nodeInfo;
805 (void)memset_s(&nodeInfo, sizeof(NodeInfo), 0, sizeof(NodeInfo));
806 int32_t ret = LnnGetLocalNodeInfoSafe(&nodeInfo);
807 if (ret != SOFTBUS_OK) {
808 AUTH_LOGE(AUTH_CONN, "get local node info fail");
809 return ret;
810 }
811 NodeInfo *remoteNodeInfo = LnnGetNodeInfoById(info->isServer ? info->sinkUdid : info->sourceUdid, CATEGORY_UDID);
812 if (remoteNodeInfo == NULL) {
813 AUTH_LOGE(AUTH_CONN, "remote node info is null");
814 return SOFTBUS_NETWORK_GET_DEVICE_INFO_ERR;
815 }
816 ret = GenerateAuthParam(&nodeInfo, remoteNodeInfo, info, authMode, authParam);
817 if (ret != SOFTBUS_OK) {
818 AUTH_LOGE(AUTH_CONN, "gen auth param fail");
819 return ret;
820 }
821 return SOFTBUS_OK;
822 }
823
OnTransmitted(int64_t authSeq,const uint8_t * data,uint32_t len)824 static bool OnTransmitted(int64_t authSeq, const uint8_t *data, uint32_t len)
825 {
826 if (data == NULL) {
827 AUTH_LOGE(AUTH_CONN, "data is null");
828 return false;
829 }
830 AUTH_LOGI(AUTH_CONN, "uknego OnTransmit: authSeq=%{public}" PRId64 ", len=%{public}u", authSeq, len);
831 UkNegotiateInstance instance;
832 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
833 int32_t ret = GetGenUkInstanceByReq((uint32_t)authSeq, &instance);
834 if (ret != SOFTBUS_OK) {
835 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
836 return false;
837 }
838 AuthDataHead head = {
839 .dataType = DATA_TYPE_AUTH,
840 .module = MODULE_HICHAIN,
841 .seq = authSeq,
842 .flag = 0,
843 .len = len,
844 };
845 uint32_t size = AUTH_PKT_HEAD_LEN + len;
846 uint8_t *buf = (uint8_t *)SoftBusCalloc(size);
847 if (buf == NULL) {
848 AUTH_LOGE(AUTH_CONN, "malloc fail");
849 return false;
850 }
851 ret = PackAuthData(&head, data, buf, size);
852 if (ret != SOFTBUS_OK) {
853 AUTH_LOGE(AUTH_CONN, "pack data fail=%{public}d", ret);
854 SoftBusFree(buf);
855 return false;
856 }
857 ret = TransSendDataInner(instance.channelId, (char *)buf, size);
858 SoftBusFree(buf);
859 if (ret != SOFTBUS_OK) {
860 AUTH_LOGE(AUTH_CONN, "uknego OnTransmit fail: authSeq=%{public}" PRId64, authSeq);
861 return false;
862 }
863 return true;
864 }
865
OnSessionKeyReturned(int64_t authSeq,const uint8_t * sessionKey,uint32_t sessionKeyLen)866 static void OnSessionKeyReturned(int64_t authSeq, const uint8_t *sessionKey, uint32_t sessionKeyLen)
867 {
868 AUTH_LOGI(
869 AUTH_CONN, "uknego OnSessionKeyReturned: authSeq=%{public}" PRId64 ", len=%{public}u", authSeq, sessionKeyLen);
870 if (sessionKey == NULL || sessionKeyLen > SESSION_KEY_LENGTH) {
871 AUTH_LOGE(AUTH_CONN, "invalid sessionKey");
872 return;
873 }
874 int32_t sessionKeyId = 0;
875 UkNegotiateInstance instance;
876 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
877 int32_t ret = GetGenUkInstanceByReq((uint32_t)authSeq, &instance);
878 if (ret != SOFTBUS_OK) {
879 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
880 return;
881 }
882 bool isSameAccount =
883 JudgeIsSameAccount(!instance.info.isServer ? instance.info.sourceAccountId : instance.info.sinkAccountId);
884 PrintfAuthAclInfo(instance.requestId, instance.channelId, &instance.info);
885 UpdateAssetSessionKeyByAcl(&instance.info, (uint8_t *)sessionKey, sessionKeyLen, &sessionKeyId, isSameAccount);
886 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
887 ret = GetGenUkInstanceByReq((uint32_t)authSeq, &instance);
888 if (ret != SOFTBUS_OK) {
889 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
890 return;
891 }
892 instance.ukId = sessionKeyId;
893 instance.negoInfo.isRecvSessionKeyEvent = true;
894 AUTH_LOGI(AUTH_CONN, "isRecvSessionKeyEvent=%{public}d", instance.negoInfo.isRecvSessionKeyEvent);
895 ret = UpdateUkNegotiateInfo((uint32_t)authSeq, &instance);
896 if (ret != SOFTBUS_OK) {
897 AUTH_LOGE(AUTH_CONN, "update uknego instance failed! ret=%{public}d", ret);
898 return;
899 }
900 }
901
OnFinished(int64_t authSeq,int32_t operationCode,const char * returnData)902 static void OnFinished(int64_t authSeq, int32_t operationCode, const char *returnData)
903 {
904 AUTH_LOGI(AUTH_CONN, "uknego OnFinish: authSeq=%{public}" PRId64, authSeq);
905 UkNegotiateInstance instance;
906 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
907 int32_t ret = GetGenUkInstanceByReq((uint32_t)authSeq, &instance);
908 if (ret != SOFTBUS_OK) {
909 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
910 return;
911 }
912 if (instance.info.isServer) {
913 (void)SendUkNegoCloseAckEvent(instance.channelId, instance.requestId);
914 }
915 UkNegotiateInfo *negoInfo = NULL;
916
917 if (!RequireUkNegotiateListLock()) {
918 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
919 return;
920 }
921 negoInfo = GetUkNegotiateInfo((uint32_t)authSeq);
922 if (negoInfo == NULL) {
923 AUTH_LOGE(AUTH_CONN, "uknego info not found, requestId=%{public}u", instance.requestId);
924 ReleaseUkNegotiateListLock();
925 return;
926 }
927 negoInfo->isRecvFinishEvent = true;
928 AUTH_LOGI(AUTH_CONN, "update instance event. finish=%{public}d", negoInfo->isRecvFinishEvent);
929 ReleaseUkNegotiateListLock();
930 OnGenSuccess((uint32_t)authSeq);
931 }
932
OnError(int64_t authSeq,int32_t operationCode,int32_t errCode,const char * errorReturn)933 static void OnError(int64_t authSeq, int32_t operationCode, int32_t errCode, const char *errorReturn)
934 {
935 (void)operationCode;
936 uint32_t authErrCode = 0;
937 (void)GetSoftbusHichainAuthErrorCode((uint32_t)errCode, &authErrCode);
938 AUTH_LOGE(AUTH_CONN, "uknego OnError: authSeq=%{public}" PRId64 ", errCode=%{public}d authErrCode=%{public}d",
939 authSeq, errCode, authErrCode);
940 UkNegotiateInstance instance;
941 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
942 int32_t ret = GetGenUkInstanceByReq((uint32_t)authSeq, &instance);
943 if (ret != SOFTBUS_OK) {
944 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
945 return;
946 }
947 OnGenFailed((uint32_t)authSeq, authErrCode);
948 }
949
JsonObjectPackAuthBaseInfo(const UkNegotiateInstance * instance,cJSON * json)950 static int32_t JsonObjectPackAuthBaseInfo(const UkNegotiateInstance *instance, cJSON *json)
951 {
952 int32_t peerUserId = instance->info.isServer ? instance->info.sinkUserId : instance->info.sourceUserId;
953 if (!AddNumberToJsonObject(json, FIELD_CONFIRMATION, REQUEST_ACCEPTED) ||
954 !AddStringToJsonObject(json, FIELD_SERVICE_PKG_NAME, AUTH_APPID) ||
955 !AddStringToJsonObject(json, FIELD_PEER_CONN_DEVICE_ID,
956 instance->info.isServer ? instance->info.sinkUdid : instance->info.sourceUdid) ||
957 !AddStringToJsonObject(
958 json, FIELD_DEVICE_ID, instance->info.isServer ? instance->info.sourceUdid : instance->info.sinkUdid) ||
959 !AddBoolToJsonObject(json, FIELD_IS_UDID_HASH, false) ||
960 (peerUserId != 0 && !AddNumberToJsonObject(json, PEER_OS_ACCOUNT_ID_STR, peerUserId))) {
961 AUTH_LOGE(AUTH_CONN, "pack request json fail");
962 return SOFTBUS_PARSE_JSON_ERR;
963 }
964 return SOFTBUS_OK;
965 }
966
OnRequest(int64_t authSeq,int operationCode,const char * reqParams)967 static char *OnRequest(int64_t authSeq, int operationCode, const char *reqParams)
968 {
969 (void)reqParams;
970 AUTH_LOGI(AUTH_CONN, "uknego OnRequest: authSeq=%{public}" PRId64 ", ret=%{public}d", authSeq, operationCode);
971 HiChainAuthParam authParam = {};
972 UkNegotiateInstance instance;
973
974 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
975 int32_t ret = GetGenUkInstanceByReq(authSeq, &instance);
976 if (ret != SOFTBUS_OK) {
977 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
978 return NULL;
979 }
980 cJSON *msg = cJSON_CreateObject();
981 if (msg == NULL) {
982 AUTH_LOGE(AUTH_CONN, "create json fail");
983 return NULL;
984 }
985 if (JsonObjectPackAuthBaseInfo(&instance, msg) != SOFTBUS_OK) {
986 AUTH_LOGE(AUTH_CONN, "pack base info fail");
987 cJSON_Delete(msg);
988 return NULL;
989 }
990 if (instance.authMode == HICHAIN_AUTH_IDENTITY_SERVICE) {
991 ret = GetUkNegoAuthParamInfo(&instance.info, instance.authMode, &authParam);
992 if (ret != SOFTBUS_OK) {
993 AUTH_LOGE(AUTH_CONN, "get authparam failed! ret=%{public}d", ret);
994 cJSON_Delete(msg);
995 return NULL;
996 }
997 if (!AddStringToJsonObject(msg, FIELD_CRED_ID, authParam.credId)) {
998 AUTH_LOGE(AUTH_CONN, "add credid fail");
999 cJSON_Delete(msg);
1000 return NULL;
1001 }
1002 }
1003 char *msgStr = cJSON_PrintUnformatted(msg);
1004 if (msgStr == NULL) {
1005 AUTH_LOGE(AUTH_CONN, "cJSON_PrintUnformatted fail");
1006 cJSON_Delete(msg);
1007 return NULL;
1008 }
1009 cJSON_Delete(msg);
1010 return msgStr;
1011 }
1012
1013 static DeviceAuthCallback g_GenUkCallback = {
1014 .onTransmit = OnTransmitted,
1015 .onSessionKeyReturned = OnSessionKeyReturned,
1016 .onFinish = OnFinished,
1017 .onError = OnError,
1018 .onRequest = OnRequest
1019 };
1020
GetHichainAuthMode(const AuthACLInfo * info)1021 static HiChainAuthMode GetHichainAuthMode(const AuthACLInfo *info)
1022 {
1023 return HICHAIN_AUTH_IDENTITY_SERVICE;
1024 }
1025
ProcessAuthHichainParam(uint32_t requestId,AuthACLInfo * info,HiChainAuthMode authMode)1026 static int32_t ProcessAuthHichainParam(uint32_t requestId, AuthACLInfo *info, HiChainAuthMode authMode)
1027 {
1028 HiChainAuthParam authParam = {};
1029 int32_t ret = GetUkNegoAuthParamInfo(info, authMode, &authParam);
1030 if (ret != SOFTBUS_OK) {
1031 AUTH_LOGE(AUTH_CONN, "hichain auth parameter invalid");
1032 return ret;
1033 }
1034 authParam.cb = &g_GenUkCallback;
1035 AUTH_LOGI(AUTH_CONN, "start uknego auth");
1036 return HichainStartAuth(requestId, &authParam, authMode);
1037 }
1038
SendUkNegoDeviceId(UkNegotiateInstance * instance)1039 static int32_t SendUkNegoDeviceId(UkNegotiateInstance *instance)
1040 {
1041 char *ukParams = PackUkAclParam(&instance->info, instance->info.isServer);
1042 if (ukParams == NULL) {
1043 AUTH_LOGE(AUTH_CONN, "generate auth param fail");
1044 return SOFTBUS_CREATE_JSON_ERR;
1045 }
1046 AuthDataHead head = {
1047 .dataType = DATA_TYPE_DEVICE_ID,
1048 .module = MODULE_HICHAIN,
1049 .seq = instance->requestId,
1050 .flag = instance->info.isServer ? SERVER_SIDE_FLAG : CLIENT_SIDE_FLAG,
1051 .len = strlen(ukParams),
1052 };
1053 uint32_t size = AUTH_PKT_HEAD_LEN + head.len;
1054 uint8_t *buf = (uint8_t *)SoftBusCalloc(size);
1055 if (buf == NULL) {
1056 AUTH_LOGE(AUTH_CONN, "malloc fail");
1057 cJSON_free(ukParams);
1058 return SOFTBUS_MALLOC_ERR;
1059 }
1060 int32_t ret = PackAuthData(&head, (uint8_t *)ukParams, buf, size);
1061 cJSON_free(ukParams);
1062 if (ret != SOFTBUS_OK) {
1063 AUTH_LOGE(AUTH_CONN, "pack data fail=%{public}d", ret);
1064 SoftBusFree(buf);
1065 return ret;
1066 }
1067 ret = TransSendDataInner(instance->channelId, (char *)buf, size);
1068 SoftBusFree(buf);
1069 if (ret != SOFTBUS_OK) {
1070 AUTH_LOGE(AUTH_CONN, "send uknego sync info data fail");
1071 }
1072 return ret;
1073 }
1074
ProcessUkNegoState(AuthACLInfo * info,bool * isGreater)1075 static int32_t ProcessUkNegoState(AuthACLInfo *info, bool *isGreater)
1076 {
1077 if (info == NULL) {
1078 AUTH_LOGE(AUTH_CONN, "find uknego info is invalid param");
1079 return SOFTBUS_INVALID_PARAM;
1080 }
1081 char sourceUdidHash[SHA_256_HEX_HASH_LEN] = { 0 };
1082 char sinkUdidHash[SHA_256_HEX_HASH_LEN] = { 0 };
1083 if (GetShortUdidHash((char *)info->sourceUdid, sourceUdidHash, SHA_256_HEX_HASH_LEN) != SOFTBUS_OK) {
1084 AUTH_LOGE(AUTH_CONN, "get source udid hash fail");
1085 return SOFTBUS_NETWORK_GET_NODE_INFO_ERR;
1086 }
1087 if (GetShortUdidHash((char *)info->sinkUdid, sinkUdidHash, SHA_256_HEX_HASH_LEN) != SOFTBUS_OK) {
1088 AUTH_LOGE(AUTH_CONN, "get sink udid hash fail");
1089 return SOFTBUS_NETWORK_GET_NODE_INFO_ERR;
1090 }
1091 *isGreater = true;
1092 if ((info->isServer && memcmp(sourceUdidHash, sinkUdidHash, SHORT_HASH_LEN) < 0) ||
1093 (!info->isServer && memcmp(sinkUdidHash, sourceUdidHash, SHORT_HASH_LEN) < 0)) {
1094 *isGreater = false;
1095 AUTH_LOGW(AUTH_CONN, "peer udid is greater, wait another uknego");
1096 }
1097 return SOFTBUS_OK;
1098 }
1099
ProcessUkDeviceId(int32_t channelId,uint32_t requestId,const void * data,uint32_t dataLen)1100 static int32_t ProcessUkDeviceId(int32_t channelId, uint32_t requestId, const void *data, uint32_t dataLen)
1101 {
1102 AUTH_CHECK_AND_RETURN_RET_LOGE(data != NULL, SOFTBUS_INVALID_PARAM, AUTH_CONN, "data is null");
1103 AuthACLInfo info = { 0 };
1104 UkNegotiateInstance instance;
1105 AuthGenUkCallback cb;
1106 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
1107 (void)memset_s(&cb, sizeof(AuthGenUkCallback), 0, sizeof(AuthGenUkCallback));
1108 bool isLocalUdidGreater = false;
1109 int32_t ret = UnpackUkAclParam((const char *)data, dataLen, &info);
1110 if (ret != SOFTBUS_OK) {
1111 AUTH_LOGE(AUTH_CONN, "UnpackUkAclParam failed! ret=%{public}d", ret);
1112 return ret;
1113 }
1114 ret = GetGenUkInstanceByReq(requestId, &instance);
1115 if (ret != SOFTBUS_OK) {
1116 ret = CreateUkNegotiateInstance(requestId, channelId, &info, &cb);
1117 if (ret != SOFTBUS_OK) {
1118 AUTH_LOGE(AUTH_CONN, "create new uknego instance failed! ret=%{public}d", ret);
1119 return ret;
1120 }
1121 } else {
1122 instance.channelId = channelId;
1123 instance.info = info;
1124 instance.authMode = GetHichainAuthMode(&instance.info);
1125 ret = UpdateUkNegotiateInfo(requestId, &instance);
1126 if (ret != SOFTBUS_OK) {
1127 AUTH_LOGE(AUTH_CONN, "create uknego instance failed! ret=%{public}d", ret);
1128 return ret;
1129 }
1130 }
1131 ret = ProcessUkNegoState(&info, &isLocalUdidGreater);
1132 if (ret != SOFTBUS_OK || GetSameUkInstanceNum(&info) > 0) {
1133 AUTH_LOGW(AUTH_CONN, "wait another uknego");
1134 return ret;
1135 }
1136 if (ret == SOFTBUS_OK && isLocalUdidGreater) {
1137 ret = GetGenUkInstanceByReq(requestId, &instance);
1138 if (ret != SOFTBUS_OK) {
1139 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
1140 return ret;
1141 }
1142 instance.state = GENUK_STATE_START;
1143 (void)UpdateUkNegotiateInfo(requestId, &instance);
1144 return ProcessAuthHichainParam(requestId, &info, instance.authMode);
1145 }
1146 return ret;
1147 }
1148
ProcessUkData(uint32_t requestId,const uint8_t * data,uint32_t dataLen)1149 static int32_t ProcessUkData(uint32_t requestId, const uint8_t *data, uint32_t dataLen)
1150 {
1151 AUTH_LOGI(AUTH_CONN, "ProcessUkData enter: requestId=%{public}u, len=%{public}u", requestId, dataLen);
1152 UkNegotiateInstance instance;
1153 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
1154 int32_t ret = GetGenUkInstanceByReq(requestId, &instance);
1155 if (ret != SOFTBUS_OK) {
1156 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
1157 return ret;
1158 }
1159 ret = HichainProcessUkNegoData(requestId, data, dataLen, instance.authMode, &g_GenUkCallback);
1160 if (ret != SOFTBUS_OK) {
1161 AUTH_LOGE(AUTH_CONN, "uknego processData err=%{public}d", ret);
1162 return ret;
1163 }
1164 return ret;
1165 }
1166
SendUkNegoCloseAckEvent(int32_t channelId,uint32_t requestId)1167 static int32_t SendUkNegoCloseAckEvent(int32_t channelId, uint32_t requestId)
1168 {
1169 const char *msg = "";
1170 AuthDataHead head = {
1171 .dataType = DATA_TYPE_CLOSE_ACK,
1172 .module = MODULE_HICHAIN,
1173 .seq = requestId,
1174 .flag = 0,
1175 .len = strlen(msg) + 1,
1176 };
1177 uint32_t size = AUTH_PKT_HEAD_LEN + head.len;
1178 uint8_t *buf = (uint8_t *)SoftBusCalloc(size);
1179 if (buf == NULL) {
1180 AUTH_LOGE(AUTH_CONN, "malloc fail");
1181 return SOFTBUS_MEM_ERR;
1182 }
1183 int32_t ret = PackAuthData(&head, (uint8_t *)msg, buf, size);
1184 if (ret != SOFTBUS_OK) {
1185 AUTH_LOGE(AUTH_CONN, "pack data fail=%{public}d", ret);
1186 SoftBusFree(buf);
1187 return ret;
1188 }
1189 ret = TransSendDataInner(channelId, (char *)buf, size);
1190 SoftBusFree(buf);
1191 if (ret != SOFTBUS_OK) {
1192 AUTH_LOGE(AUTH_CONN, "send uknego close ack fail: requestId=%{public}u", requestId);
1193 }
1194 return ret;
1195 }
1196
ProcessCloseAckData(uint32_t requestId,const uint8_t * data,uint32_t dataLen)1197 static int32_t ProcessCloseAckData(uint32_t requestId, const uint8_t *data, uint32_t dataLen)
1198 {
1199 AUTH_LOGI(AUTH_CONN, "close ack, requestId=%{public}u", requestId);
1200 UkNegotiateInstance instance;
1201 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
1202 int32_t ret = GetGenUkInstanceByReq(requestId, &instance);
1203 if (ret != SOFTBUS_OK) {
1204 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
1205 return ret;
1206 }
1207 UkNegotiateInfo *negoInfo = NULL;
1208
1209 if (!RequireUkNegotiateListLock()) {
1210 AUTH_LOGE(AUTH_CONN, "RequireUkNegotiateListLock fail");
1211 return SOFTBUS_LOCK_ERR;
1212 }
1213 negoInfo = GetUkNegotiateInfo(requestId);
1214 if (negoInfo == NULL) {
1215 AUTH_LOGE(AUTH_CONN, "negotiate info not find, requestId=%{public}u", requestId);
1216 ReleaseUkNegotiateListLock();
1217 return SOFTBUS_AUTH_UK_NEGOINFO_NOT_FIND;
1218 }
1219 negoInfo->isRecvCloseAckEvent = true;
1220 AUTH_LOGI(AUTH_CONN, "set negotiate info recv closeAck ok, closeAck=%{public}d", negoInfo->isRecvCloseAckEvent);
1221 ReleaseUkNegotiateListLock();
1222 OnGenSuccess(requestId);
1223 if (!instance.info.isServer) {
1224 (void)SendUkNegoCloseAckEvent(instance.channelId, requestId);
1225 }
1226 return SOFTBUS_OK;
1227 }
1228
UkMsgHandler(int32_t channelId,uint32_t requestId,const AuthDataHead * head,const void * data,uint32_t dataLen)1229 static int32_t UkMsgHandler(
1230 int32_t channelId, uint32_t requestId, const AuthDataHead *head, const void *data, uint32_t dataLen)
1231 {
1232 if (head == NULL || data == NULL) {
1233 AUTH_LOGE(AUTH_CONN, "param error");
1234 return SOFTBUS_INVALID_PARAM;
1235 }
1236 int32_t ret = SOFTBUS_OK;
1237 switch (head->dataType) {
1238 case DATA_TYPE_DEVICE_ID:
1239 ret = ProcessUkDeviceId(channelId, requestId, data, dataLen);
1240 break;
1241 case DATA_TYPE_AUTH:
1242 ret = ProcessUkData(requestId, (const uint8_t *)data, dataLen);
1243 break;
1244 case DATA_TYPE_CLOSE_ACK:
1245 ret = ProcessCloseAckData(requestId, (const uint8_t *)data, dataLen);
1246 break;
1247 default:
1248 ret = SOFTBUS_CHANNEL_AUTH_HANDLE_DATA_FAIL;
1249 break;
1250 }
1251 if (ret != SOFTBUS_OK) {
1252 OnGenFailed(requestId, ret);
1253 }
1254 AUTH_LOGI(AUTH_CONN, "exit, ret=%{public}d", ret);
1255 return ret;
1256 }
1257
AuthFindUkIdByAclInfo(const AuthACLInfo * acl,int32_t * ukId)1258 int32_t AuthFindUkIdByAclInfo(const AuthACLInfo *acl, int32_t *ukId)
1259 {
1260 if (acl == NULL || ukId == NULL) {
1261 AUTH_LOGE(AUTH_CONN, "find uknego info is invalid param");
1262 return SOFTBUS_INVALID_PARAM;
1263 }
1264 uint64_t time = 0;
1265 *ukId = -1;
1266 AuthUserKeyInfo userKeyInfo;
1267 AuthACLInfo aclInfo = { 0 };
1268
1269 (void)memset_s(&userKeyInfo, sizeof(AuthUserKeyInfo), 0, sizeof(AuthUserKeyInfo));
1270 aclInfo = *acl;
1271 aclInfo.isServer = !acl->isServer;
1272 PrintfAuthAclInfo(0, 0, &aclInfo);
1273 if (GetUserKeyInfoSameAccount(&aclInfo, &userKeyInfo) != SOFTBUS_OK &&
1274 GetUserKeyInfoDiffAccountWithUserLevel(&aclInfo, &userKeyInfo) != SOFTBUS_OK &&
1275 GetUserKeyInfoDiffAccount(&aclInfo, &userKeyInfo) != SOFTBUS_OK) {
1276 AUTH_LOGE(AUTH_CONN, "get uk by ukcachelist fail");
1277 if (GetAccessUkIdSameAccount(&aclInfo, ukId, &time) != SOFTBUS_OK &&
1278 GetAccessUkIdDiffAccountWithUserLevel(&aclInfo, ukId, &time) != SOFTBUS_OK &&
1279 GetAccessUkIdDiffAccount(&aclInfo, ukId, &time) != SOFTBUS_OK) {
1280 AUTH_LOGE(AUTH_CONN, "get uk by asset fail");
1281 return SOFTBUS_AUTH_ACL_NOT_FOUND;
1282 }
1283 } else {
1284 *ukId = userKeyInfo.keyIndex;
1285 time = userKeyInfo.time;
1286 }
1287 AUTH_LOGI(AUTH_CONN, "get user key id=%{public}d, time=%{public}" PRIu64, *ukId, time);
1288 if (*ukId == -1) {
1289 return SOFTBUS_AUTH_UK_NOT_FIND;
1290 }
1291 return SOFTBUS_OK;
1292 }
1293
AuthGetUkEncryptSize(uint32_t inLen)1294 uint32_t AuthGetUkEncryptSize(uint32_t inLen)
1295 {
1296 if (inLen > UINT32_MAX - OVERHEAD_LEN) {
1297 AUTH_LOGE(AUTH_CONN, "inLen is over head");
1298 return inLen;
1299 }
1300 return inLen + OVERHEAD_LEN;
1301 }
1302
AuthGetUkDecryptSize(uint32_t inLen)1303 uint32_t AuthGetUkDecryptSize(uint32_t inLen)
1304 {
1305 if (inLen < OVERHEAD_LEN) {
1306 return inLen;
1307 }
1308 return inLen - OVERHEAD_LEN;
1309 }
1310
AuthEncryptByUkId(int32_t ukId,const uint8_t * inData,uint32_t inLen,uint8_t * outData,uint32_t * outLen)1311 int32_t AuthEncryptByUkId(int32_t ukId, const uint8_t *inData, uint32_t inLen, uint8_t *outData, uint32_t *outLen)
1312 {
1313 if (inData == NULL || inLen == 0 || outData == NULL || outLen == NULL || *outLen < (inLen + OVERHEAD_LEN)) {
1314 AUTH_LOGE(AUTH_CONN, "invalid param");
1315 return SOFTBUS_INVALID_PARAM;
1316 }
1317
1318 uint8_t *userKey = (uint8_t *)SoftBusCalloc(SESSION_KEY_LENGTH);
1319 if (userKey == NULL) {
1320 AUTH_LOGE(AUTH_CONN, "malloc fail");
1321 return SOFTBUS_MEM_ERR;
1322 }
1323 AUTH_LOGI(AUTH_CONN, "get ukid=%{public}d", ukId);
1324 if (GetUserKeyByUkId(ukId, userKey, SESSION_KEY_LENGTH) != SOFTBUS_OK &&
1325 GetAccessUkByUkId(ukId, userKey, SESSION_KEY_LENGTH) != SOFTBUS_OK) {
1326 AUTH_LOGE(AUTH_CONN, "get user key by ukId fail");
1327 (void)memset_s(userKey, SESSION_KEY_LENGTH, 0, SESSION_KEY_LENGTH);
1328 SoftBusFree(userKey);
1329 return SOFTBUS_AUTH_ACL_NOT_FOUND;
1330 }
1331 AesGcmCipherKey cipherKey = { .keyLen = SESSION_KEY_LENGTH };
1332 if (memcpy_s(cipherKey.key, SESSION_KEY_LENGTH, userKey, SESSION_KEY_LENGTH) != EOK) {
1333 AUTH_LOGE(AUTH_CONN, "memcpy key fail");
1334 (void)memset_s(userKey, SESSION_KEY_LENGTH, 0, SESSION_KEY_LENGTH);
1335 SoftBusFree(userKey);
1336 return SOFTBUS_MEM_ERR;
1337 }
1338 (void)memset_s(userKey, SESSION_KEY_LENGTH, 0, SESSION_KEY_LENGTH);
1339 SoftBusFree(userKey);
1340 int32_t ret = SoftBusEncryptData(&cipherKey, (unsigned char *)inData, inLen, (unsigned char *)outData, outLen);
1341 (void)memset_s(&cipherKey, sizeof(AesGcmCipherKey), 0, sizeof(AesGcmCipherKey));
1342 if (ret != SOFTBUS_OK) {
1343 AUTH_LOGE(AUTH_CONN, "AuthEncryptByUkId fail. ret=%{public}d", ret);
1344 return SOFTBUS_ENCRYPT_ERR;
1345 }
1346 return SOFTBUS_OK;
1347 }
1348
AuthDecryptByUkId(int32_t ukId,const uint8_t * inData,uint32_t inLen,uint8_t * outData,uint32_t * outLen)1349 int32_t AuthDecryptByUkId(int32_t ukId, const uint8_t *inData, uint32_t inLen, uint8_t *outData, uint32_t *outLen)
1350 {
1351 if (inData == NULL || inLen < OVERHEAD_LEN || outData == NULL || outLen == NULL ||
1352 *outLen < (inLen - OVERHEAD_LEN)) {
1353 AUTH_LOGE(AUTH_CONN, "invalid param");
1354 return SOFTBUS_INVALID_PARAM;
1355 }
1356
1357 uint8_t *userKey = (uint8_t *)SoftBusCalloc(SESSION_KEY_LENGTH);
1358 if (userKey == NULL) {
1359 AUTH_LOGE(AUTH_CONN, "malloc fail");
1360 return SOFTBUS_MEM_ERR;
1361 }
1362 AUTH_LOGI(AUTH_CONN, "get ukid=%{public}d", ukId);
1363 if (GetUserKeyByUkId(ukId, userKey, SESSION_KEY_LENGTH) != SOFTBUS_OK &&
1364 GetAccessUkByUkId(ukId, userKey, SESSION_KEY_LENGTH) != SOFTBUS_OK) {
1365 AUTH_LOGE(AUTH_CONN, "get user key fail");
1366 SoftBusFree(userKey);
1367 return SOFTBUS_AUTH_ACL_NOT_FOUND;
1368 }
1369 AesGcmCipherKey cipherKey = { .keyLen = SESSION_KEY_LENGTH };
1370 if (memcpy_s(cipherKey.key, SESSION_KEY_LENGTH, userKey, SESSION_KEY_LENGTH) != EOK) {
1371 AUTH_LOGE(AUTH_CONN, "memcpy key fail");
1372 (void)memset_s(userKey, SESSION_KEY_LENGTH, 0, SESSION_KEY_LENGTH);
1373 SoftBusFree(userKey);
1374 return SOFTBUS_MEM_ERR;
1375 }
1376 (void)memset_s(userKey, SESSION_KEY_LENGTH, 0, SESSION_KEY_LENGTH);
1377 SoftBusFree(userKey);
1378 int32_t ret = SoftBusDecryptData(&cipherKey, inData, inLen, outData, outLen);
1379 (void)memset_s(&cipherKey, sizeof(AesGcmCipherKey), 0, sizeof(AesGcmCipherKey));
1380 if (ret != SOFTBUS_OK) {
1381 AUTH_LOGE(AUTH_CONN, "SoftBusDecryptData fail. ret=%{public}d", ret);
1382 return SOFTBUS_DECRYPT_ERR;
1383 }
1384 return SOFTBUS_OK;
1385 }
1386
AuthIsUkExpired(uint64_t time)1387 bool AuthIsUkExpired(uint64_t time)
1388 {
1389 uint64_t currentTime = SoftBusGetSysTimeMs();
1390 if (currentTime < time || currentTime - time > g_ukDecayTime) {
1391 AUTH_LOGE(AUTH_CONN, "UK has expired and cannot be used.");
1392 return false;
1393 }
1394 return true;
1395 }
1396
SecurityOnSessionOpened(int32_t channelId,int32_t channelType,char * peerNetworkId,int32_t result)1397 static int32_t SecurityOnSessionOpened(int32_t channelId, int32_t channelType, char *peerNetworkId, int32_t result)
1398 {
1399 (void)channelType;
1400 (void)peerNetworkId;
1401 AUTH_LOGI(AUTH_CONN, "inner channelId=%{public}d", channelId);
1402 if (result != SOFTBUS_OK) {
1403 AUTH_LOGE(AUTH_CONN, "get session open failed! result=%{public}d", result);
1404 return result;
1405 }
1406 UkNegotiateInstance instance;
1407 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
1408 int32_t ret = GetGenUkInstanceByChannel(channelId, &instance);
1409 if (ret == SOFTBUS_OK) {
1410 if (instance.info.isServer) {
1411 AUTH_LOGW(AUTH_CONN, "remove start uknego");
1412 return ret;
1413 }
1414 if (GetSameUkInstanceNum(&instance.info) > 0) {
1415 AUTH_LOGW(AUTH_CONN, "wait another uknego");
1416 return ret;
1417 }
1418 bool isGreater = false;
1419 instance.authMode = GetHichainAuthMode(&instance.info);
1420 ret = ProcessUkNegoState(&instance.info, &isGreater);
1421 if (ret == SOFTBUS_OK && isGreater) {
1422 AUTH_LOGI(AUTH_CONN, "start uknego auth");
1423 instance.state = GENUK_STATE_START;
1424 ret = ProcessAuthHichainParam(instance.requestId, &instance.info, instance.authMode);
1425 }
1426 if (ret != SOFTBUS_OK) {
1427 AUTH_LOGE(AUTH_CONN, "uknego auth failed! result=%{public}d", ret);
1428 return ret;
1429 }
1430 (void)UpdateUkNegotiateInfo(instance.requestId, &instance);
1431 return SendUkNegoDeviceId(&instance);
1432 } else {
1433 AUTH_LOGW(AUTH_CONN, "uknego not recv acl info");
1434 return SOFTBUS_OK;
1435 }
1436 }
1437
SecurityOnSessionClosed(int32_t channelId)1438 static void SecurityOnSessionClosed(int32_t channelId)
1439 {
1440 UkNegotiateInstance instance;
1441 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
1442 int32_t ret = GetGenUkInstanceByChannel(channelId, &instance);
1443 if (ret != SOFTBUS_OK) {
1444 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
1445 return;
1446 }
1447 DeleteUkNegotiateInstance(instance.requestId);
1448 }
1449
SecurityOnBytesReceived(int32_t channelId,const void * data,uint32_t dataLen)1450 static void SecurityOnBytesReceived(int32_t channelId, const void *data, uint32_t dataLen)
1451 {
1452 AuthDataHead head = { 0 };
1453 const uint8_t *body = UnpackAuthData((const uint8_t *)data, (uint32_t)dataLen, &head);
1454 if (body == NULL) {
1455 AUTH_LOGE(AUTH_CONN, "empty body");
1456 return;
1457 }
1458 int32_t ret = UkMsgHandler(channelId, head.seq, &head, body, head.len);
1459 AUTH_LOGI(AUTH_CONN, "recv ret=%{public}d", ret);
1460 }
1461
SecuritySetChannelInfoByReqId(uint32_t requestId,int32_t channelId,int32_t channelType)1462 static int32_t SecuritySetChannelInfoByReqId(uint32_t requestId, int32_t channelId, int32_t channelType)
1463 {
1464 (void)channelType;
1465 UkNegotiateInstance instance;
1466 AuthACLInfo info = { 0 };
1467 AuthGenUkCallback cb;
1468 (void)memset_s(&cb, sizeof(AuthGenUkCallback), 0, sizeof(AuthGenUkCallback));
1469 (void)memset_s(&instance, sizeof(UkNegotiateInstance), 0, sizeof(UkNegotiateInstance));
1470 int32_t ret = GetGenUkInstanceByReq(requestId, &instance);
1471 if (ret != SOFTBUS_OK) {
1472 AUTH_LOGE(AUTH_CONN, "get instance failed! ret=%{public}d", ret);
1473 ret = CreateUkNegotiateInstance(requestId, channelId, &info, &cb);
1474 if (ret != SOFTBUS_OK) {
1475 AUTH_LOGE(AUTH_CONN, "create uknego instance failed! ret=%{public}d", ret);
1476 return ret;
1477 }
1478 } else {
1479 AUTH_LOGI(AUTH_CONN, "get instance succ! requestId=%{public}u", requestId);
1480 instance.channelId = channelId;
1481 ret = UpdateUkNegotiateInfo(requestId, &instance);
1482 if (ret != SOFTBUS_OK) {
1483 AUTH_LOGE(AUTH_CONN, "create uknego instance failed! ret=%{public}d", ret);
1484 return ret;
1485 }
1486 }
1487 return SOFTBUS_OK;
1488 }
1489
1490 static ISessionListenerInner g_sessionListener = {
1491 .OnSessionOpened = SecurityOnSessionOpened,
1492 .OnSessionClosed = SecurityOnSessionClosed,
1493 .OnBytesReceived = SecurityOnBytesReceived,
1494 .OnLinkDown = NULL,
1495 .OnSetChannelInfoByReqId = SecuritySetChannelInfoByReqId,
1496 };
1497
UpdateUniqueId(void)1498 static void UpdateUniqueId(void)
1499 {
1500 char networkId[NETWORK_ID_BUF_LEN] = { 0 };
1501 if (LnnGetLocalStrInfo(STRING_KEY_NETWORKID, networkId, sizeof(networkId)) != SOFTBUS_OK) {
1502 AUTH_LOGE(AUTH_CONN, "get local networkId fail");
1503 return;
1504 }
1505 uint8_t hashId[SHA_256_HASH_LEN] = { 0 };
1506 if (SoftBusGenerateStrHash((uint8_t *)networkId, strlen(networkId), hashId) != SOFTBUS_OK) {
1507 AUTH_LOGE(AUTH_CONN, "GenerateStrHash fail");
1508 return;
1509 }
1510 for (uint32_t i = 0; i < UK_SEQ_NETWORK_ID_BITS / BYTES_BIT_NUM; i++) {
1511 g_uniqueId = (g_uniqueId << BYTES_BIT_NUM) | hashId[i];
1512 }
1513 uint64_t timeStamp = SoftBusGetSysTimeMs();
1514 g_uniqueId = (g_uniqueId << SEQ_TIME_STAMP_BITS) | (SEQ_TIME_STAMP_MASK & timeStamp);
1515 }
1516
GenUkSeq(void)1517 uint32_t GenUkSeq(void)
1518 {
1519 static uint32_t integer = 0;
1520 if (integer >= UK_SEQ_INTEGER_MAX) {
1521 integer = 0;
1522 }
1523 if (integer == 0) {
1524 UpdateUniqueId();
1525 }
1526 integer++;
1527 /* |----GreaterZero(1)----|----NetworkIdHash(16)----|----TimeStamp(8)----|----AtomicInteger(7)----| */
1528 uint32_t seq = integer;
1529 seq = (g_uniqueId << UK_SEQ_INTEGER_BITS) | (seq & UK_SEQ_INTEGER_MAX);
1530 return seq;
1531 }
1532
AuthGenUkIdByAclInfo(const AuthACLInfo * acl,uint32_t requestId,const AuthGenUkCallback * genCb)1533 int32_t AuthGenUkIdByAclInfo(const AuthACLInfo *acl, uint32_t requestId, const AuthGenUkCallback *genCb)
1534 {
1535 if (acl == NULL || genCb == NULL) {
1536 AUTH_LOGE(AUTH_CONN, "generate uknogo info is invalid param");
1537 return SOFTBUS_INVALID_PARAM;
1538 }
1539 char networkId[NETWORK_ID_BUF_LEN] = { 0 };
1540 AuthACLInfo *info = (AuthACLInfo *)acl;
1541
1542 info->isServer = (!acl->isServer);
1543 int32_t ret = LnnGetNetworkIdByUdid(acl->sourceUdid, networkId, sizeof(networkId));
1544 if (ret != SOFTBUS_OK) {
1545 AUTH_LOGE(AUTH_CONN, "get networkId by udid fail");
1546 return ret;
1547 }
1548 ret = TransOpenSessionInner(UK_NEGO_SESSIONNAME, networkId, requestId);
1549 if (ret != SOFTBUS_OK) {
1550 AUTH_LOGE(AUTH_CONN, "uknego open session fail, ret=%{public}d", ret);
1551 return ret;
1552 }
1553 ret = CreateUkNegotiateInstance(requestId, DEFAULT_CHANNEL_ID, (const AuthACLInfo *)info,
1554 (AuthGenUkCallback *)genCb);
1555 if (ret != SOFTBUS_OK) {
1556 AUTH_LOGE(AUTH_CONN, "uk add instance fail, ret=%{public}d", ret);
1557 return ret;
1558 }
1559 return SOFTBUS_OK;
1560 }
1561
UkNegotiateInit(void)1562 int32_t UkNegotiateInit(void)
1563 {
1564 AUTH_LOGI(AUTH_CONN, "enter.");
1565
1566 if (SoftBusMutexInit(&g_ukNegotiateListLock, NULL) != SOFTBUS_OK) {
1567 AUTH_LOGE(AUTH_CONN, "UkNegotiate mutex init fail");
1568 return SOFTBUS_LOCK_ERR;
1569 }
1570 if (InitUkNegoInstanceList() != SOFTBUS_OK) {
1571 AUTH_LOGE(AUTH_CONN, "uk nego instance list init err");
1572 return SOFTBUS_CREATE_LIST_ERR;
1573 }
1574 if (AuthUserKeyInit() != SOFTBUS_OK) {
1575 AUTH_LOGE(AUTH_CONN, "uk list init err");
1576 return SOFTBUS_CREATE_LIST_ERR;
1577 }
1578 AUTH_LOGI(AUTH_CONN, "ok");
1579 return SOFTBUS_OK;
1580 }
1581
UkNegotiateDeinit(void)1582 void UkNegotiateDeinit(void)
1583 {
1584 DeInitUkNegoInstanceList();
1585 DeinitUserKeyList();
1586 SoftBusMutexDestroy(&g_ukNegotiateListLock);
1587 }
1588
UkNegotiateSessionInit(void)1589 void UkNegotiateSessionInit(void)
1590 {
1591 AUTH_LOGI(AUTH_CONN, "enter.");
1592
1593 int32_t ret = TransCreateSessionServerInner(UK_NEGO_PKGNAME, UK_NEGO_SESSIONNAME, &g_sessionListener);
1594 if (ret != SOFTBUS_OK) {
1595 AUTH_LOGE(AUTH_CONN, "create server fail, ret=%{public}d", ret);
1596 return;
1597 }
1598 AUTH_LOGI(AUTH_CONN, "ok");
1599 }
1600