1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "compatible_auth_sub_session.h"
17
18 #include "compatible_auth_sub_session_common.h"
19 #include "compatible_auth_sub_session_util.h"
20 #include "dev_auth_module_manager.h"
21 #include "hc_log.h"
22 #include "hc_types.h"
23 #include "hitrace_adapter.h"
24
CheckInputAuthParams(const CJson * authParam)25 static int32_t CheckInputAuthParams(const CJson *authParam)
26 {
27 int32_t keyLen = DEFAULT_RETURN_KEY_LENGTH;
28 (void)GetIntFromJson(authParam, FIELD_KEY_LENGTH, &keyLen);
29 if ((keyLen < MIN_KEY_LENGTH) || (keyLen > MAX_KEY_LENGTH)) {
30 LOGE("The key length is invalid!");
31 return HC_ERR_INVALID_PARAMS;
32 }
33 if (GetStringFromJson(authParam, FIELD_SERVICE_PKG_NAME) == NULL) {
34 LOGE("Failed to get servicePkgName!");
35 return HC_ERR_JSON_GET;
36 }
37 return HC_SUCCESS;
38 }
39
CreateClientAuthSubSessionInner(int32_t osAccountId,CJson * jsonParams,const DeviceAuthCallback * callback,CompatibleBaseSubSession ** session)40 static int32_t CreateClientAuthSubSessionInner(int32_t osAccountId, CJson *jsonParams,
41 const DeviceAuthCallback *callback, CompatibleBaseSubSession **session)
42 {
43 ParamsVecForAuth authParamsVec;
44 CreateAuthParamsList(&authParamsVec);
45 int32_t res = GetAuthParamsVec(osAccountId, jsonParams, &authParamsVec);
46 if (res != HC_SUCCESS) {
47 LOGW("Failed to get auth param list!");
48 DestroyAuthParamsList(&authParamsVec);
49 return res;
50 }
51 if (authParamsVec.size(&authParamsVec) == 0) {
52 LOGE("Empty auth params list!");
53 DestroyAuthParamsList(&authParamsVec);
54 return HC_ERR_NO_CANDIDATE_GROUP;
55 }
56 CompatibleAuthSubSession *subSession = (CompatibleAuthSubSession *)HcMalloc(sizeof(CompatibleAuthSubSession), 0);
57 if (subSession == NULL) {
58 LOGE("Failed to allocate memory for session!");
59 DestroyAuthParamsList(&authParamsVec);
60 return HC_ERR_ALLOC_MEMORY;
61 }
62 subSession->base.type = TYPE_CLIENT_AUTH_SUB_SESSION;
63 subSession->base.callback = callback;
64 subSession->base.appId = GetDuplicatePkgName(jsonParams);
65 subSession->currentIndex = 0;
66 subSession->paramsList = authParamsVec;
67 subSession->base.status = STATUS_INITIAL;
68 *session = (CompatibleBaseSubSession *)subSession;
69
70 return HC_SUCCESS;
71 }
72
GetAuthInfoForServer(CJson * dataFromClient,ParamsVecForAuth * authParamsVec)73 static int32_t GetAuthInfoForServer(CJson *dataFromClient, ParamsVecForAuth *authParamsVec)
74 {
75 int32_t authForm = AUTH_FORM_INVALID_TYPE;
76 if (GetIntFromJson(dataFromClient, FIELD_AUTH_FORM, &authForm) != HC_SUCCESS) {
77 LOGE("Failed to get auth form!");
78 return HC_ERR_JSON_GET;
79 }
80 int32_t groupAuthType = GetAuthType(authForm);
81 BaseGroupAuth *groupAuthHandle = GetGroupAuth(groupAuthType);
82 if (groupAuthHandle == NULL) {
83 LOGE("Failed to get group auth handle!");
84 return HC_ERR_NOT_SUPPORT;
85 }
86 return groupAuthHandle->getAuthParamsVecForServer(dataFromClient, authParamsVec);
87 }
88
IsPeerGroupAuthError(const CJson * in)89 static bool IsPeerGroupAuthError(const CJson *in)
90 {
91 int32_t groupErrMsg = 0;
92 if (GetIntFromJson(in, FIELD_GROUP_ERROR_MSG, &groupErrMsg) != HC_SUCCESS) {
93 return false;
94 }
95 return true;
96 }
97
HandlePeerAuthError(CompatibleAuthSubSession * session)98 static int32_t HandlePeerAuthError(CompatibleAuthSubSession *session)
99 {
100 if (AuthOnNextGroupIfExist(session) != HC_SUCCESS) {
101 LOGE("Failed to auth on next group!");
102 return HC_ERR_PEER_ERROR;
103 }
104 return HC_SUCCESS;
105 }
106
ProcessClientAuthTaskInner(CompatibleAuthSubSession * session,int32_t moduleType,CJson * in,CJson * out,int32_t * status)107 static int32_t ProcessClientAuthTaskInner(CompatibleAuthSubSession *session, int32_t moduleType, CJson *in,
108 CJson *out, int32_t *status)
109 {
110 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
111 if (paramInSession == NULL) {
112 LOGE("Failed to get param in session!");
113 return HC_ERR_NULL_PTR;
114 }
115 DEV_AUTH_START_TRACE(TRACE_TAG_PROCESS_AUTH_TASK);
116 int32_t res = ProcessTask(session->base.curTaskId, in, out, status, moduleType);
117 DEV_AUTH_FINISH_TRACE();
118 DeleteItemFromJson(in, FIELD_PAYLOAD);
119 if (res != HC_SUCCESS) {
120 LOGW("Failed to process client auth task, try to auth on next group!");
121 DestroyTask(session->base.curTaskId, moduleType);
122 return ProcessClientAuthError(session, out);
123 }
124 return HandleAuthTaskStatus(session, out, *status);
125 }
126
ProcessDeviceLevel(const CJson * receiveData,CJson * authParam)127 static void ProcessDeviceLevel(const CJson *receiveData, CJson *authParam)
128 {
129 bool receiveLevel = false;
130 bool authLevel = false;
131 (void)GetBoolFromJson(receiveData, FIELD_IS_DEVICE_LEVEL, &receiveLevel);
132 (void)GetBoolFromJson(authParam, FIELD_IS_DEVICE_LEVEL, &authLevel);
133 if (AddBoolToJson(authParam, FIELD_IS_DEVICE_LEVEL, receiveLevel && authLevel) != HC_SUCCESS) {
134 LOGE("Failed to add device level to auth param!");
135 }
136 }
137
ProcessClientAuthTask(CompatibleAuthSubSession * session,CJson * receivedData,int32_t * status)138 static int32_t ProcessClientAuthTask(CompatibleAuthSubSession *session, CJson *receivedData, int32_t *status)
139 {
140 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
141 if (paramInSession == NULL) {
142 LOGE("Failed to get param in session!");
143 return HC_ERR_NULL_PTR;
144 }
145 ProcessDeviceLevel(receivedData, paramInSession);
146
147 if (IsPeerGroupAuthError(receivedData)) {
148 return HandlePeerAuthError(session);
149 }
150
151 CJson *out = CreateJson();
152 if (out == NULL) {
153 LOGE("Failed to create json for out!");
154 NotifyPeerAuthError(paramInSession, session->base.callback);
155 return HC_ERR_JSON_CREATE;
156 }
157 int32_t res = ProcessClientAuthTaskInner(session, GetAuthModuleType(paramInSession), receivedData, out, status);
158 ClearSensitiveStringInJson(out, FIELD_SESSION_KEY);
159 FreeJson(out);
160 if (res == FINISH) {
161 LOGI("End process client authSession.");
162 }
163 return res;
164 }
165
GenerateClientFirstMsg(CompatibleAuthSubSession * session,CJson * out,CJson ** sendData)166 static int32_t GenerateClientFirstMsg(CompatibleAuthSubSession *session, CJson *out, CJson **sendData)
167 {
168 *sendData = DetachItemFromJson(out, FIELD_SEND_TO_PEER);
169 if (*sendData == NULL) {
170 LOGE("The transmit data to peer is null!");
171 return HC_ERR_JSON_GET;
172 }
173 int32_t res = AddGroupAuthTransmitData(session, true, *sendData);
174 if (res != HC_SUCCESS) {
175 FreeJson(*sendData);
176 *sendData = NULL;
177 }
178 return res;
179 }
180
CreateAndProcessClientAuthTask(CompatibleAuthSubSession * session,CJson ** sendData,int32_t * status)181 static int32_t CreateAndProcessClientAuthTask(CompatibleAuthSubSession *session, CJson **sendData, int32_t *status)
182 {
183 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
184 if (paramInSession == NULL) {
185 LOGE("Failed to get param in session!");
186 return HC_ERR_NULL_PTR;
187 }
188 CJson *out = CreateJson();
189 if (out == NULL) {
190 LOGE("Failed to create json!");
191 return HC_ERR_JSON_CREATE;
192 }
193 int32_t res = CreateAndProcessAuthTask(session, paramInSession, out, status);
194 if (res != HC_SUCCESS) {
195 LOGW("Failed to create and process client auth task, try to auth on next group!");
196 res = ProcessClientAuthError(session, out);
197 FreeJson(out);
198 return res;
199 }
200 res = GenerateClientFirstMsg(session, out, sendData);
201 FreeJson(out);
202 return res;
203 }
204
ProcessServerAuthTaskInner(CompatibleAuthSubSession * session,int32_t moduleType,CJson * in,CJson * out,int32_t * status)205 static int32_t ProcessServerAuthTaskInner(CompatibleAuthSubSession *session, int32_t moduleType,
206 CJson *in, CJson *out, int32_t *status)
207 {
208 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
209 if (paramInSession == NULL) {
210 LOGE("The json data in session is null!");
211 return HC_ERR_NULL_PTR;
212 }
213 DEV_AUTH_START_TRACE(TRACE_TAG_PROCESS_AUTH_TASK);
214 int32_t res = ProcessTask(session->base.curTaskId, in, out, status, moduleType);
215 DEV_AUTH_FINISH_TRACE();
216 DeleteItemFromJson(in, FIELD_PAYLOAD);
217 if (res != HC_SUCCESS) {
218 ProcessServerAuthError(session, out);
219 return res;
220 }
221 return HandleAuthTaskStatus(session, out, *status);
222 }
223
ProcessServerAuthTask(CompatibleAuthSubSession * session,CJson * receivedData,int32_t * status)224 static int32_t ProcessServerAuthTask(CompatibleAuthSubSession *session, CJson *receivedData, int32_t *status)
225 {
226 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
227 if (paramInSession == NULL) {
228 LOGE("Failed to get param in session!");
229 return HC_ERR_NULL_PTR;
230 }
231 if (IsPeerGroupAuthError(receivedData)) {
232 LOGE("Peer group auth error happened, stop the server auth session!");
233 return HC_ERR_PEER_ERROR;
234 }
235 CJson *out = CreateJson();
236 if (out == NULL) {
237 LOGE("Failed to create json for out!");
238 NotifyPeerAuthError(paramInSession, session->base.callback);
239 return HC_ERR_JSON_CREATE;
240 }
241 int32_t moduleType = GetAuthModuleType(paramInSession);
242 int32_t res = ProcessServerAuthTaskInner(session, moduleType, receivedData, out, status);
243 FreeJson(out);
244 if (res == FINISH) {
245 LOGI("finish process server authSession.");
246 }
247 return res;
248 }
249
CreateAndProcessServerAuthTask(CompatibleAuthSubSession * session,CJson * receivedData,int32_t * status)250 static int32_t CreateAndProcessServerAuthTask(CompatibleAuthSubSession *session, CJson *receivedData, int32_t *status)
251 {
252 CJson *paramInSession = (session->paramsList).get(&(session->paramsList), session->currentIndex);
253 if (paramInSession == NULL) {
254 LOGE("The json data in session is null!");
255 return HC_ERR_NULL_PTR;
256 }
257 ProcessDeviceLevel(receivedData, paramInSession);
258 CJson *out = CreateJson();
259 if (out == NULL) {
260 LOGE("Failed to create json!");
261 NotifyPeerAuthError(receivedData, session->base.callback);
262 return HC_ERR_JSON_CREATE;
263 }
264 int32_t res = CreateAndProcessAuthTask(session, paramInSession, out, status);
265 if (res != HC_SUCCESS) {
266 ProcessServerAuthError(session, out);
267 FreeJson(out);
268 return res;
269 }
270 res = HandleAuthTaskStatus(session, out, *status);
271 FreeJson(out);
272 return res;
273 }
274
CreateClientAuthSubSession(CJson * jsonParams,const DeviceAuthCallback * callback,CompatibleBaseSubSession ** session)275 int32_t CreateClientAuthSubSession(CJson *jsonParams, const DeviceAuthCallback *callback,
276 CompatibleBaseSubSession **session)
277 {
278 int32_t res = CheckInputAuthParams(jsonParams);
279 if (res != HC_SUCCESS) {
280 LOGE("Invalid input params!");
281 return res;
282 }
283 if (AddIntToJson(jsonParams, FIELD_OPERATION_CODE, AUTHENTICATE) != HC_SUCCESS) {
284 LOGE("Failed to add operation code to json!");
285 return HC_ERR_JSON_ADD;
286 }
287 int32_t osAccountId = INVALID_OS_ACCOUNT;
288 if (GetIntFromJson(jsonParams, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
289 LOGE("Failed to get osAccountId from params!");
290 return HC_ERR_JSON_GET;
291 }
292 return CreateClientAuthSubSessionInner(osAccountId, jsonParams, callback, session);
293 }
294
CreateServerAuthSubSession(CJson * jsonParams,const DeviceAuthCallback * callback,CompatibleBaseSubSession ** session)295 int32_t CreateServerAuthSubSession(CJson *jsonParams, const DeviceAuthCallback *callback,
296 CompatibleBaseSubSession **session)
297 {
298 ParamsVecForAuth authVec;
299 CreateAuthParamsList(&authVec);
300 int32_t res = GetAuthInfoForServer(jsonParams, &authVec);
301 ClearCachedData(jsonParams);
302 if (res != HC_SUCCESS) {
303 LOGE("Failed to add auth param for server!");
304 DestroyAuthParamsList(&authVec);
305 NotifyPeerAuthError(jsonParams, callback);
306 return res;
307 }
308 if (authVec.size(&authVec) == 0) {
309 LOGE("Empty auth params list!");
310 DestroyAuthParamsList(&authVec);
311 NotifyPeerAuthError(jsonParams, callback);
312 return HC_ERR_NO_CANDIDATE_GROUP;
313 }
314 CompatibleAuthSubSession *subSession = (CompatibleAuthSubSession *)HcMalloc(sizeof(CompatibleAuthSubSession), 0);
315 if (subSession == NULL) {
316 LOGE("Failed to malloc memory for session!");
317 DestroyAuthParamsList(&authVec);
318 NotifyPeerAuthError(jsonParams, callback);
319 return HC_ERR_ALLOC_MEMORY;
320 }
321
322 subSession->base.type = TYPE_SERVER_AUTH_SUB_SESSION;
323 subSession->base.callback = callback;
324 subSession->base.appId = GetDuplicatePkgName(jsonParams);
325 subSession->currentIndex = 0;
326 subSession->paramsList = authVec;
327 subSession->base.status = STATUS_INITIAL;
328 *session = (CompatibleBaseSubSession *)subSession;
329
330 return HC_SUCCESS;
331 }
332
ProcessClientAuthSubSession(CompatibleBaseSubSession * session,CJson * in,CJson ** out,int32_t * status)333 int32_t ProcessClientAuthSubSession(CompatibleBaseSubSession *session, CJson *in, CJson **out, int32_t *status)
334 {
335 CompatibleAuthSubSession *subSession = (CompatibleAuthSubSession *)session;
336 if (session->status == STATUS_PROCESSING) {
337 return ProcessClientAuthTask(subSession, in, status);
338 } else {
339 session->status = STATUS_PROCESSING;
340 return CreateAndProcessClientAuthTask(subSession, out, status);
341 }
342 }
343
ProcessServerAuthSubSession(CompatibleBaseSubSession * session,CJson * in,int32_t * status)344 int32_t ProcessServerAuthSubSession(CompatibleBaseSubSession *session, CJson *in, int32_t *status)
345 {
346 CompatibleAuthSubSession *subSession = (CompatibleAuthSubSession *)session;
347 if (session->status == STATUS_PROCESSING) {
348 return ProcessServerAuthTask(subSession, in, status);
349 } else {
350 session->status = STATUS_PROCESSING;
351 return CreateAndProcessServerAuthTask(subSession, in, status);
352 }
353 }
354
DestroyCompatibleAuthSubSession(CompatibleBaseSubSession * session)355 void DestroyCompatibleAuthSubSession(CompatibleBaseSubSession *session)
356 {
357 if (session == NULL) {
358 return;
359 }
360 CompatibleAuthSubSession *realSession = (CompatibleAuthSubSession *)session;
361 HcFree(realSession->base.appId);
362 realSession->base.appId = NULL;
363 CJson *paramInSession = (realSession->paramsList).get(&(realSession->paramsList), realSession->currentIndex);
364 if (paramInSession == NULL) {
365 LOGE("The json param in session is null!");
366 return;
367 }
368 DestroyTask(realSession->base.curTaskId, GetAuthModuleType(paramInSession));
369
370 uint32_t index;
371 void **paramsData = NULL;
372 FOR_EACH_HC_VECTOR(realSession->paramsList, index, paramsData) {
373 FreeJson((CJson *)*paramsData);
374 }
375 DestroyAuthParamsList(&(realSession->paramsList));
376 HcFree(realSession);
377 }