1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dev_session_util.h"
17
18 #include <time.h>
19 #include "alg_loader.h"
20 #include "hc_log.h"
21 #include "pseudonym_manager.h"
22
23 #include "dev_session_def.h"
24
25 #define AUTH_ID_LEN 32
26 #define FIELD_AUTH_ID_CLIENT "authIdC"
27 #define FIELD_AUTH_ID_SERVER "authIdS"
28
GetPeerDeviceEntryByContext(int32_t osAccountId,const CJson * context)29 static TrustedDeviceEntry *GetPeerDeviceEntryByContext(int32_t osAccountId, const CJson *context)
30 {
31 const char *groupId = GetStringFromJson(context, FIELD_GROUP_ID);
32 if (groupId == NULL) {
33 LOGE("Failed to get groupId!");
34 return NULL;
35 }
36 bool isUdid = false;
37 const char *peerDeviceId = GetStringFromJson(context, FIELD_PEER_UDID);
38 if (peerDeviceId != NULL) {
39 isUdid = true;
40 } else {
41 LOGW("peer udid not found, try to get peer authId!");
42 peerDeviceId = GetStringFromJson(context, FIELD_PEER_AUTH_ID);
43 if (peerDeviceId == NULL) {
44 LOGE("Failed to get peer authId!");
45 return NULL;
46 }
47 }
48 return GetDeviceEntryById(osAccountId, peerDeviceId, isUdid, groupId);
49 }
50
GetPdidIndexByGroup(const CJson * context,int32_t osAccountId,char ** returnPdidIndex)51 static int32_t GetPdidIndexByGroup(const CJson *context, int32_t osAccountId, char **returnPdidIndex)
52 {
53 TrustedDeviceEntry *deviceEntry = GetPeerDeviceEntryByContext(osAccountId, context);
54 if (deviceEntry == NULL) {
55 LOGE("Failed to get device entry!");
56 return HC_ERR_DEVICE_NOT_EXIST;
57 }
58 const char *pdidIndex = StringGet(&deviceEntry->userId);
59 if (pdidIndex == NULL) {
60 LOGE("pdidIndex is null!");
61 DestroyDeviceEntry(deviceEntry);
62 return HC_ERR_NULL_PTR;
63 }
64 if (DeepCopyString(pdidIndex, returnPdidIndex) != HC_SUCCESS) {
65 LOGE("Failed to copy pdidIndex!");
66 DestroyDeviceEntry(deviceEntry);
67 return HC_ERR_ALLOC_MEMORY;
68 }
69 DestroyDeviceEntry(deviceEntry);
70 return HC_SUCCESS;
71 }
72
GetPdidIndexByISInfo(const CJson * context,char ** returnPdidIndex)73 static int32_t GetPdidIndexByISInfo(const CJson *context, char **returnPdidIndex)
74 {
75 const char *pdidIndex = GetStringFromJson(context, FIELD_CRED_ID);
76 if (pdidIndex == NULL) {
77 LOGE("Failed to get cred ID!");
78 return HC_ERR_JSON_GET;
79 }
80 if (DeepCopyString(pdidIndex, returnPdidIndex) != HC_SUCCESS) {
81 LOGE("Failed to copy pdidIndex!");
82 return HC_ERR_ALLOC_MEMORY;
83 }
84 return HC_SUCCESS;
85 }
86
GetPdidByContext(const CJson * context,bool isCredAuth,char ** returnPdid)87 static int32_t GetPdidByContext(const CJson *context, bool isCredAuth, char **returnPdid)
88 {
89 int32_t osAccountId;
90 if (GetIntFromJson(context, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
91 LOGE("Failed to get osAccountId!");
92 return HC_ERR_JSON_GET;
93 }
94 char *pdidIndex = NULL;
95 int32_t res = isCredAuth? GetPdidIndexByISInfo(context, &pdidIndex)
96 : GetPdidIndexByGroup(context, osAccountId, &pdidIndex);
97 if (res != HC_SUCCESS) {
98 LOGE("Failed to get pdidIndex!");
99 return res;
100 }
101 PseudonymManager *manager = GetPseudonymInstance();
102 if (manager == NULL) {
103 LOGE("Pseudonym manager is null!");
104 HcFree(pdidIndex);
105 return HC_ERR_NULL_PTR;
106 }
107 char *pdid = NULL;
108 res = manager->getPseudonymId(osAccountId, pdidIndex, &pdid);
109 HcFree(pdidIndex);
110 if (res != HC_SUCCESS) {
111 LOGE("Failed to get pdid!");
112 return res;
113 }
114 if (DeepCopyString(pdid, returnPdid) != HC_SUCCESS) {
115 LOGE("Failed to copy pdid!");
116 HcFree(pdid);
117 return HC_ERR_ALLOC_MEMORY;
118 }
119 HcFree(pdid);
120 return HC_SUCCESS;
121 }
122
BuildRealPkInfoJson(const CJson * pkInfoJson,const CJson * peerInfoJson,CJson * realPkInfoJson)123 static int32_t BuildRealPkInfoJson(const CJson *pkInfoJson, const CJson *peerInfoJson, CJson *realPkInfoJson)
124 {
125 const char *devicePk = GetStringFromJson(pkInfoJson, FIELD_DEVICE_PK);
126 if (devicePk == NULL) {
127 LOGE("Failed to get devicePk!");
128 return HC_ERR_JSON_GET;
129 }
130 const char *version = GetStringFromJson(pkInfoJson, FIELD_VERSION);
131 if (version == NULL) {
132 LOGE("Failed to get version!");
133 return HC_ERR_JSON_GET;
134 }
135 const char *userId = GetStringFromJson(peerInfoJson, FIELD_USER_ID);
136 if (userId == NULL) {
137 LOGE("Failed to get userId!");
138 return HC_ERR_JSON_GET;
139 }
140 const char *deviceId = GetStringFromJson(peerInfoJson, FIELD_DEVICE_ID);
141 if (deviceId == NULL) {
142 LOGE("Failed to get deviceId!");
143 return HC_ERR_JSON_GET;
144 }
145 if (AddStringToJson(realPkInfoJson, FIELD_DEVICE_PK, devicePk) != HC_SUCCESS) {
146 LOGE("Failed to add devicePk!");
147 return HC_ERR_JSON_ADD;
148 }
149 if (AddStringToJson(realPkInfoJson, FIELD_USER_ID, userId) != HC_SUCCESS) {
150 LOGE("Failed to add userId!");
151 return HC_ERR_JSON_ADD;
152 }
153 if (AddStringToJson(realPkInfoJson, FIELD_DEVICE_ID, deviceId) != HC_SUCCESS) {
154 LOGE("Failed to add deviceId!");
155 return HC_ERR_JSON_ADD;
156 }
157 if (AddStringToJson(realPkInfoJson, FIELD_VERSION, version) != HC_SUCCESS) {
158 LOGE("Failed to add version!");
159 return HC_ERR_JSON_ADD;
160 }
161 return HC_SUCCESS;
162 }
163
GetRealPkInfoJson(int32_t osAccountId,CJson * pkInfoJson,CJson ** realPkInfoJson)164 static int32_t GetRealPkInfoJson(int32_t osAccountId, CJson *pkInfoJson, CJson **realPkInfoJson)
165 {
166 const char *pdid = GetStringFromJson(pkInfoJson, FIELD_PSEUDONYM_ID);
167 if (pdid == NULL) {
168 LOGE("Failed to get pdid!");
169 return HC_ERR_JSON_GET;
170 }
171 PseudonymManager *manager = GetPseudonymInstance();
172 if (manager == NULL) {
173 LOGE("Pseudonym manager is null!");
174 return HC_ERR_NULL_PTR;
175 }
176 char *peerInfo = NULL;
177 int32_t res = manager->getRealInfo(osAccountId, pdid, &peerInfo);
178 if (res != HC_SUCCESS) {
179 LOGE("Failed to get peerInfo!");
180 return res;
181 }
182 CJson *peerInfoJson = CreateJsonFromString(peerInfo);
183 HcFree(peerInfo);
184 if (peerInfoJson == NULL) {
185 LOGE("Failed to create peerInfo json!");
186 return HC_ERR_JSON_CREATE;
187 }
188 *realPkInfoJson = CreateJson();
189 if (*realPkInfoJson == NULL) {
190 LOGE("Failed to create real pkInfo json!");
191 FreeJson(peerInfoJson);
192 return HC_ERR_JSON_CREATE;
193 }
194 res = BuildRealPkInfoJson(pkInfoJson, peerInfoJson, *realPkInfoJson);
195 FreeJson(peerInfoJson);
196 if (res != HC_SUCCESS) {
197 LOGE("Failed to build real pkInfo json!");
198 FreeJson(*realPkInfoJson);
199 *realPkInfoJson = NULL;
200 }
201 return res;
202 }
203
GeneratePeerInfoJson(const CJson * pkInfoJson,CJson ** peerInfoJson)204 static int32_t GeneratePeerInfoJson(const CJson *pkInfoJson, CJson **peerInfoJson)
205 {
206 const char *userId = GetStringFromJson(pkInfoJson, FIELD_USER_ID);
207 if (userId == NULL) {
208 LOGE("Failed to get userId!");
209 return HC_ERR_JSON_GET;
210 }
211 const char *devId = GetStringFromJson(pkInfoJson, FIELD_DEVICE_ID);
212 if (devId == NULL) {
213 LOGE("Failed to get devId!");
214 return HC_ERR_JSON_GET;
215 }
216 *peerInfoJson = CreateJson();
217 if (*peerInfoJson == NULL) {
218 LOGE("Failed to create peerInfo json!");
219 return HC_ERR_JSON_CREATE;
220 }
221 if (AddStringToJson(*peerInfoJson, FIELD_USER_ID, userId) != HC_SUCCESS) {
222 LOGE("Failed to add userId!");
223 FreeJson(*peerInfoJson);
224 *peerInfoJson = NULL;
225 return HC_ERR_JSON_ADD;
226 }
227 if (AddStringToJson(*peerInfoJson, FIELD_DEVICE_ID, devId) != HC_SUCCESS) {
228 LOGE("Failed to add devId!");
229 FreeJson(*peerInfoJson);
230 *peerInfoJson = NULL;
231 return HC_ERR_JSON_ADD;
232 }
233 return HC_SUCCESS;
234 }
235
IsPeerPseudonym(const CJson * inputData)236 static bool IsPeerPseudonym(const CJson *inputData)
237 {
238 const char *pkInfoStr = GetStringFromJson(inputData, FIELD_PK_INFO);
239 if (pkInfoStr == NULL) {
240 LOGE("Failed to get peer pkInfo!");
241 return false;
242 }
243 CJson *pkInfoJson = CreateJsonFromString(pkInfoStr);
244 if (pkInfoJson == NULL) {
245 LOGE("Failed to create pkInfo json!");
246 return false;
247 }
248 bool res = GetStringFromJson(pkInfoJson, FIELD_PSEUDONYM_ID) != NULL;
249 FreeJson(pkInfoJson);
250 return res;
251 }
252
SetPeerAuthIdByDb(CJson * context,const char * groupId)253 static int32_t SetPeerAuthIdByDb(CJson *context, const char *groupId)
254 {
255 int32_t osAccountId;
256 if (GetIntFromJson(context, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
257 LOGE("Failed to get osAccountId!");
258 return HC_ERR_JSON_GET;
259 }
260 const char *peerUdid = GetStringFromJson(context, FIELD_PEER_UDID);
261 if (peerUdid == NULL) {
262 LOGE("Failed to get peer udid!");
263 return HC_ERR_JSON_GET;
264 }
265 TrustedDeviceEntry *entry = GetDeviceEntryById(osAccountId, peerUdid, true, groupId);
266 if (entry == NULL) {
267 LOGE("Failed to get device entry!");
268 return HC_ERR_DEVICE_NOT_EXIST;
269 }
270 const char *peerAuthId = StringGet(&entry->authId);
271 if (AddStringToJson(context, FIELD_PEER_AUTH_ID, peerAuthId) != HC_SUCCESS) {
272 LOGE("Failed to add peer authId to context!");
273 DestroyDeviceEntry(entry);
274 return HC_ERR_JSON_ADD;
275 }
276 DestroyDeviceEntry(entry);
277 return HC_SUCCESS;
278 }
279
SetPeerAuthIdByCredAuthInfo(CJson * context)280 static int32_t SetPeerAuthIdByCredAuthInfo(CJson *context)
281 {
282 CJson *credAuthInfo = GetObjFromJson(context, FIELD_CREDENTIAL_OBJ);
283 if (credAuthInfo == NULL) {
284 LOGE("Get self credAuthInfo fail.");
285 return HC_ERR_JSON_GET;
286 }
287 const char *peerAuthId = GetStringFromJson(context, FIELD_DEVICE_ID);
288 if (peerAuthId == NULL) {
289 LOGE("Get peer authId fail.");
290 return HC_ERR_JSON_GET;
291 }
292 if (AddStringToJson(context, FIELD_PEER_AUTH_ID, peerAuthId) != HC_SUCCESS) {
293 LOGE("Failed to add peer authId to context!");
294 return HC_ERR_JSON_ADD;
295 }
296 return HC_SUCCESS;
297 }
298
FillPeerAuthIdIfNeeded(bool isClient,const CJson * context,CJson * inputData)299 int32_t FillPeerAuthIdIfNeeded(bool isClient, const CJson *context, CJson *inputData)
300 {
301 const char *peerAuthId = GetStringFromJson(context, FIELD_PEER_AUTH_ID);
302 if (peerAuthId == NULL) {
303 LOGI("no peer authId in context, no need to fill!");
304 return HC_SUCCESS;
305 }
306 CJson *authData = GetObjFromJson(inputData, FIELD_AUTH_DATA);
307 if (authData == NULL) {
308 LOGE("Failed to get authData!");
309 return HC_ERR_JSON_GET;
310 }
311 Uint8Buff authIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) + 1 };
312 if (isClient && GetStringFromJson(authData, FIELD_AUTH_ID_SERVER) != NULL) {
313 if (AddByteToJson(authData, FIELD_AUTH_ID_SERVER, authIdBuff.val, authIdBuff.length) != HC_SUCCESS) {
314 LOGE("Failed to fill server authId!");
315 return HC_ERR_JSON_ADD;
316 }
317 return HC_SUCCESS;
318 }
319 if (!isClient && GetStringFromJson(authData, FIELD_AUTH_ID_CLIENT) != NULL) {
320 if (AddByteToJson(authData, FIELD_AUTH_ID_CLIENT, authIdBuff.val, authIdBuff.length) != HC_SUCCESS) {
321 LOGE("Failed to fill client authId!");
322 return HC_ERR_JSON_ADD;
323 }
324 return HC_SUCCESS;
325 }
326 return HC_SUCCESS;
327 }
328
IsP2pAuth(const IdentityInfo * info)329 bool IsP2pAuth(const IdentityInfo *info)
330 {
331 if (info->proofType == CERTIFICATED) {
332 return false;
333 }
334 CJson *urlJson = CreateJsonFromString((const char *)info->proof.preSharedUrl.val);
335 if (urlJson == NULL) {
336 LOGE("Failed to create urlJson!");
337 return false;
338 }
339 int32_t trustType = 0;
340 if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) {
341 LOGE("Failed to get trust type!");
342 FreeJson(urlJson);
343 return false;
344 }
345 FreeJson(urlJson);
346 return trustType == TRUST_TYPE_P2P;
347 }
348
SetPeerAuthIdToContextIfNeeded(CJson * context,bool isCredAuth,const IdentityInfo * info)349 int32_t SetPeerAuthIdToContextIfNeeded(CJson *context, bool isCredAuth, const IdentityInfo *info)
350 {
351 if (!IsP2pAuth(info)) {
352 LOGI("Not p2p auth, no need to set peer authId!");
353 return HC_SUCCESS;
354 }
355 /* auth with credentials directly no need set peer auth id here */
356 bool isDirectAuth = false;
357 (void)GetBoolFromJson(context, FIELD_IS_DIRECT_AUTH, &isDirectAuth);
358 if (isDirectAuth) {
359 return HC_SUCCESS;
360 }
361 if (isCredAuth) {
362 return SetPeerAuthIdByCredAuthInfo(context);
363 }
364 CJson *urlJson = CreateJsonFromString((const char *)info->proof.preSharedUrl.val);
365 if (urlJson == NULL) {
366 LOGE("Failed to create urlJson!");
367 return HC_ERR_JSON_CREATE;
368 }
369 const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID);
370 if (groupId == NULL) {
371 LOGE("Failed to get groupId!");
372 FreeJson(urlJson);
373 return HC_ERR_JSON_GET;
374 }
375 int32_t res = SetPeerAuthIdByDb(context, groupId);
376 FreeJson(urlJson);
377 return res;
378 }
379
SetPeerInfoToContext(CJson * context,bool isCredAuth,const CJson * inputData)380 int32_t SetPeerInfoToContext(CJson *context, bool isCredAuth, const CJson *inputData)
381 {
382 if (IsPeerPseudonym(inputData)) {
383 LOGI("Peer is pseudonym, no need to set peerInfo!");
384 return HC_SUCCESS;
385 }
386 const char *pkInfoStr = GetStringFromJson(inputData, FIELD_PK_INFO);
387 if (pkInfoStr == NULL) {
388 LOGE("Failed to get peer pkInfo!");
389 return HC_ERR_JSON_GET;
390 }
391 CJson *pkInfoJson = CreateJsonFromString(pkInfoStr);
392 if (pkInfoJson == NULL) {
393 LOGE("Failed to create pkInfo json!");
394 return HC_ERR_JSON_CREATE;
395 }
396 const char *pdidIndex = isCredAuth ? GetStringFromJson(context, FIELD_CRED_ID)
397 : GetStringFromJson(pkInfoJson, FIELD_USER_ID);
398 if (pdidIndex == NULL) {
399 LOGE("Failed to get pdidIndex!");
400 FreeJson(pkInfoJson);
401 return HC_ERR_JSON_GET;
402 }
403 if (AddStringToJson(context, FIELD_INDEX_KEY, pdidIndex) != HC_SUCCESS) {
404 LOGE("Failed to add pdidIndex!");
405 FreeJson(pkInfoJson);
406 return HC_ERR_JSON_ADD;
407 }
408 CJson *peerInfoJson = NULL;
409 int32_t res = GeneratePeerInfoJson(pkInfoJson, &peerInfoJson);
410 FreeJson(pkInfoJson);
411 if (res != HC_SUCCESS) {
412 LOGE("Failed to generate peerInfo json!");
413 return res;
414 }
415 char *peerInfoStr = PackJsonToString(peerInfoJson);
416 FreeJson(peerInfoJson);
417 if (peerInfoStr == NULL) {
418 LOGE("Failed to convert peerInfo from json to string!");
419 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
420 }
421 if (AddStringToJson(context, FIELD_REAL_INFO, peerInfoStr) != HC_SUCCESS) {
422 LOGE("Failed to add peerInfo to context!");
423 FreeJsonString(peerInfoStr);
424 return HC_ERR_JSON_ADD;
425 }
426 FreeJsonString(peerInfoStr);
427 return HC_SUCCESS;
428 }
429
ReplaceAuthIdWithRandom(CJson * authData)430 int32_t ReplaceAuthIdWithRandom(CJson *authData)
431 {
432 uint8_t authId[AUTH_ID_LEN] = { 0 };
433 Uint8Buff authIdBuff = { authId, AUTH_ID_LEN };
434 int32_t res = GetLoaderInstance()->generateRandom(&authIdBuff);
435 if (res != HC_SUCCESS) {
436 LOGI("Failed to generate random authId!");
437 return res;
438 }
439 if (GetStringFromJson(authData, FIELD_AUTH_ID_CLIENT) != NULL &&
440 AddByteToJson(authData, FIELD_AUTH_ID_CLIENT, authIdBuff.val, authIdBuff.length) != HC_SUCCESS) {
441 LOGE("Failed to replace client authId with random!");
442 return HC_ERR_JSON_ADD;
443 }
444 if (GetStringFromJson(authData, FIELD_AUTH_ID_SERVER) != NULL &&
445 AddByteToJson(authData, FIELD_AUTH_ID_SERVER, authIdBuff.val, authIdBuff.length) != HC_SUCCESS) {
446 LOGE("Failed to replace server authId with random!");
447 return HC_ERR_JSON_ADD;
448 }
449 return HC_SUCCESS;
450 }
451
CheckPeerPkInfoForPdid(const CJson * context,const CJson * inputData)452 int32_t CheckPeerPkInfoForPdid(const CJson *context, const CJson *inputData)
453 {
454 int32_t osAccountId;
455 if (GetIntFromJson(context, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
456 LOGE("Failed to get osAccountId!");
457 return HC_ERR_JSON_GET;
458 }
459 const char *pkInfo = GetStringFromJson(inputData, FIELD_PK_INFO);
460 if (pkInfo == NULL) {
461 LOGE("Failed to get pkInfo!");
462 return HC_ERR_JSON_GET;
463 }
464 CJson *pkInfoJson = CreateJsonFromString(pkInfo);
465 if (pkInfoJson == NULL) {
466 LOGE("Failed to create pkInfo json!");
467 return HC_ERR_JSON_CREATE;
468 }
469 const char *pdid = GetStringFromJson(pkInfoJson, FIELD_PSEUDONYM_ID);
470 if (pdid == NULL) {
471 LOGI("No pdid in peer pkInfo, check success!");
472 FreeJson(pkInfoJson);
473 return HC_SUCCESS;
474 }
475 PseudonymManager *manager = GetPseudonymInstance();
476 if (manager == NULL) {
477 LOGE("Pseudonym manager is null!");
478 FreeJson(pkInfoJson);
479 return HC_ERR_NULL_PTR;
480 }
481 char *peerInfo = NULL;
482 int32_t res = manager->getRealInfo(osAccountId, pdid, &peerInfo);
483 FreeJson(pkInfoJson);
484 if (res != HC_SUCCESS) {
485 LOGE("Can not get peerInfo with pdid, check fail!");
486 return res;
487 }
488 HcFree(peerInfo);
489 return HC_SUCCESS;
490 }
491
GetRealPkInfoStr(int32_t osAccountId,const CJson * credInfo,char ** returnPkInfoStr,bool * isPseudonym)492 int32_t GetRealPkInfoStr(int32_t osAccountId, const CJson *credInfo, char **returnPkInfoStr, bool *isPseudonym)
493 {
494 const char *pkInfoStr = GetStringFromJson(credInfo, FIELD_PK_INFO);
495 if (pkInfoStr == NULL) {
496 LOGE("Failed to get pkInfo!");
497 return HC_ERR_JSON_GET;
498 }
499 CJson *pkInfoJson = CreateJsonFromString(pkInfoStr);
500 if (pkInfoJson == NULL) {
501 LOGE("Failed to create pkInfo json!");
502 return HC_ERR_JSON_CREATE;
503 }
504 CJson *realPkInfoJson = NULL;
505 int32_t res = GetRealPkInfoJson(osAccountId, pkInfoJson, &realPkInfoJson);
506 FreeJson(pkInfoJson);
507 if (res != HC_SUCCESS) {
508 LOGW("Failed to get real pkInfo json!");
509 if (DeepCopyString(pkInfoStr, returnPkInfoStr) != HC_SUCCESS) {
510 LOGE("Failed to copy pkInfoStr!");
511 return HC_ERR_ALLOC_MEMORY;
512 }
513 *isPseudonym = false;
514 return HC_SUCCESS;
515 } else {
516 LOGI("Get real pkInfo json successfully!");
517 char *realPkInfoStr = PackJsonToString(realPkInfoJson);
518 FreeJson(realPkInfoJson);
519 if (realPkInfoStr == NULL) {
520 LOGE("Failed to convert pkInfo from json to string!");
521 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
522 }
523 res = DeepCopyString(realPkInfoStr, returnPkInfoStr);
524 FreeJsonString(realPkInfoStr);
525 if (res != HC_SUCCESS) {
526 LOGE("Failed to copy realPkInfoStr!");
527 return HC_ERR_ALLOC_MEMORY;
528 }
529 *isPseudonym = true;
530 return HC_SUCCESS;
531 }
532 }
533
AddPkInfoWithPdid(const CJson * context,CJson * credInfo,bool isCredAuth,const char * realPkInfoStr)534 int32_t AddPkInfoWithPdid(const CJson *context, CJson *credInfo, bool isCredAuth,
535 const char *realPkInfoStr)
536 {
537 if (context == NULL || credInfo == NULL || realPkInfoStr == NULL) {
538 LOGE("Invalid input params!");
539 return HC_ERR_INVALID_PARAMS;
540 }
541 char *pdid = NULL;
542 int32_t res = GetPdidByContext(context, isCredAuth, &pdid);
543 if (res != HC_SUCCESS) {
544 LOGE("Failed to get pdid by context!");
545 return res;
546 }
547 CJson *pkInfoJson = CreateJsonFromString(realPkInfoStr);
548 if (pkInfoJson == NULL) {
549 LOGE("Failed to create pkInfo json!");
550 HcFree(pdid);
551 return HC_ERR_JSON_CREATE;
552 }
553 DeleteItemFromJson(pkInfoJson, FIELD_USER_ID);
554 DeleteItemFromJson(pkInfoJson, FIELD_DEVICE_ID);
555 if (AddStringToJson(pkInfoJson, FIELD_PSEUDONYM_ID, pdid) != HC_SUCCESS) {
556 LOGE("Failed to add pdid to pkInfo!");
557 HcFree(pdid);
558 FreeJson(pkInfoJson);
559 return HC_ERR_JSON_ADD;
560 }
561 HcFree(pdid);
562 char *pkInfoWithPdid = PackJsonToString(pkInfoJson);
563 FreeJson(pkInfoJson);
564 if (pkInfoWithPdid == NULL) {
565 LOGE("Failed to convert pkInfo from json to string!");
566 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
567 }
568 if (AddStringToJson(credInfo, FIELD_PK_INFO, pkInfoWithPdid) != HC_SUCCESS) {
569 LOGE("Failed to add pkInfo with pdid!");
570 FreeJsonString(pkInfoWithPdid);
571 return HC_ERR_JSON_ADD;
572 }
573 FreeJsonString(pkInfoWithPdid);
574 return HC_SUCCESS;
575 }
576
GetDeviceEntryById(int32_t osAccountId,const char * deviceId,bool isUdid,const char * groupId)577 TrustedDeviceEntry *GetDeviceEntryById(int32_t osAccountId, const char *deviceId, bool isUdid,
578 const char *groupId)
579 {
580 DeviceEntryVec deviceEntryVec = CreateDeviceEntryVec();
581 QueryDeviceParams params = InitQueryDeviceParams();
582 params.groupId = groupId;
583 if (isUdid) {
584 params.udid = deviceId;
585 } else {
586 params.authId = deviceId;
587 }
588 if (QueryDevices(osAccountId, ¶ms, &deviceEntryVec) != HC_SUCCESS) {
589 LOGE("Failed to query trusted devices!");
590 ClearDeviceEntryVec(&deviceEntryVec);
591 return NULL;
592 }
593 uint32_t index;
594 TrustedDeviceEntry **deviceEntry;
595 FOR_EACH_HC_VECTOR(deviceEntryVec, index, deviceEntry) {
596 TrustedDeviceEntry *returnEntry = DeepCopyDeviceEntry(*deviceEntry);
597 ClearDeviceEntryVec(&deviceEntryVec);
598 return returnEntry;
599 }
600 ClearDeviceEntryVec(&deviceEntryVec);
601 return NULL;
602 }
603
BuildPeerCertInfo(const char * pkInfoStr,const char * pkInfoSignHexStr,int32_t signAlg,CertInfo * peerCert)604 int32_t BuildPeerCertInfo(const char *pkInfoStr, const char *pkInfoSignHexStr, int32_t signAlg,
605 CertInfo *peerCert)
606 {
607 if ((pkInfoStr == NULL) || (pkInfoSignHexStr == NULL) || (peerCert == NULL)) {
608 LOGE("The input contains null ptr!");
609 return HC_ERR_NULL_PTR;
610 }
611 Uint8Buff pkInfoStrBuff = { (uint8_t *)pkInfoStr, HcStrlen(pkInfoStr) + 1 };
612 uint32_t pkInfoSignatureLen = HcStrlen(pkInfoSignHexStr) / BYTE_TO_HEX_OPER_LENGTH;
613 if (DeepCopyUint8Buff(&pkInfoStrBuff, &peerCert->pkInfoStr) != HC_SUCCESS) {
614 LOGE("copy pkInfoStr fail.");
615 return HC_ERR_ALLOC_MEMORY;
616 }
617 if (InitUint8Buff(&peerCert->pkInfoSignature, pkInfoSignatureLen) != HC_SUCCESS) {
618 LOGE("allocate pkInfoSignature memory fail.");
619 ClearFreeUint8Buff(&peerCert->pkInfoStr);
620 return HC_ERR_ALLOC_MEMORY;
621 }
622 if (HexStringToByte(pkInfoSignHexStr, peerCert->pkInfoSignature.val,
623 peerCert->pkInfoSignature.length) != HC_SUCCESS) {
624 LOGE("get pkInfoSignature from json fail.");
625 ClearFreeUint8Buff(&peerCert->pkInfoStr);
626 ClearFreeUint8Buff(&peerCert->pkInfoSignature);
627 return HC_ERR_JSON_ADD;
628 }
629 peerCert->signAlg = (Algorithm)signAlg;
630 return HC_SUCCESS;
631 }
632
DestroyCertInfo(CertInfo * certInfo)633 void DestroyCertInfo(CertInfo *certInfo)
634 {
635 ClearFreeUint8Buff(&certInfo->pkInfoSignature);
636 ClearFreeUint8Buff(&certInfo->pkInfoStr);
637 }
638
GetPeerCertInfo(CJson * context,const CJson * credInfo,CertInfo * peerCert)639 int32_t GetPeerCertInfo(CJson *context, const CJson *credInfo, CertInfo *peerCert)
640 {
641 if ((context == NULL) || (credInfo == NULL) || (peerCert == NULL)) {
642 LOGE("The input contains null ptr!");
643 return HC_ERR_NULL_PTR;
644 }
645 int32_t osAccountId = 0;
646 if (GetIntFromJson(context, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
647 LOGE("Failed to get osAccountId!");
648 return HC_ERR_JSON_GET;
649 }
650 int32_t signAlg;
651 if (GetIntFromJson(credInfo, FIELD_SIGN_ALG, &signAlg) != HC_SUCCESS) {
652 LOGE("get signAlg from json fail.");
653 return HC_ERR_JSON_ADD;
654 }
655 char *pkInfoStr = NULL;
656 int32_t res = GetRealPkInfoStr(osAccountId, credInfo, &pkInfoStr, &peerCert->isPseudonym);
657 if (res != HC_SUCCESS) {
658 LOGE("Failed to get real pkInfo string!");
659 return res;
660 }
661 const char *pkInfoSignHexStr = GetStringFromJson(credInfo, FIELD_PK_INFO_SIGNATURE);
662 if (pkInfoSignHexStr == NULL) {
663 LOGE("get pkInfoSignature from json fail.");
664 HcFree(pkInfoStr);
665 return HC_ERR_JSON_GET;
666 }
667 res = BuildPeerCertInfo(pkInfoStr, pkInfoSignHexStr, signAlg, peerCert);
668 HcFree(pkInfoStr);
669 return res;
670 }
671
GetSaltMsg(Uint8Buff * saltMsg)672 static int32_t GetSaltMsg(Uint8Buff *saltMsg)
673 {
674 uint8_t randomVal[DEV_SESSION_SALT_LEN] = { 0 };
675 Uint8Buff random = { randomVal, DEV_SESSION_SALT_LEN };
676 int32_t res = GetLoaderInstance()->generateRandom(&random);
677 if (res != HC_SUCCESS) {
678 LOGE("generate random failed, res: %" LOG_PUB "d", res);
679 return res;
680 }
681 clock_t times = 0;
682 if (memcpy_s(saltMsg->val, saltMsg->length, random.val, random.length) != EOK) {
683 LOGE("memcpy random failed.");
684 return HC_ERR_MEMORY_COPY;
685 }
686 if (memcpy_s(saltMsg->val + random.length, saltMsg->length - random.length, ×, sizeof(clock_t)) != EOK) {
687 LOGE("memcpy times failed.");
688 return HC_ERR_MEMORY_COPY;
689 }
690 return HC_SUCCESS;
691 }
692
CalSalt(Uint8Buff * salt)693 int32_t CalSalt(Uint8Buff *salt)
694 {
695 if ((salt == NULL) || (salt->val == NULL)) {
696 LOGE("The input contains null ptr!");
697 return HC_ERR_NULL_PTR;
698 }
699 uint32_t saltMsgLen = DEV_SESSION_SALT_LEN + sizeof(clock_t);
700 Uint8Buff saltMsg = { NULL, 0 };
701 if (InitUint8Buff(&saltMsg, saltMsgLen) != HC_SUCCESS) {
702 LOGE("allocate saltMsg memory fail.");
703 return HC_ERR_ALLOC_MEMORY;
704 }
705 int32_t res = GetSaltMsg(&saltMsg);
706 if (res != HC_SUCCESS) {
707 FreeUint8Buff(&saltMsg);
708 return res;
709 }
710 res = GetLoaderInstance()->sha256(&saltMsg, salt);
711 FreeUint8Buff(&saltMsg);
712 if (res != HC_SUCCESS) {
713 LOGE("sha256 for session salt failed.");
714 return res;
715 }
716 return HC_SUCCESS;
717 }
718
GetSelfUserId(int32_t osAccountId,char * userId,uint32_t userIdLen)719 int32_t GetSelfUserId(int32_t osAccountId, char *userId, uint32_t userIdLen)
720 {
721 if (userId == NULL) {
722 LOGE("The input is null ptr!");
723 return HC_ERR_NULL_PTR;
724 }
725 GroupEntryVec accountVec = CreateGroupEntryVec();
726 QueryGroupParams queryParams = InitQueryGroupParams();
727 queryParams.groupType = IDENTICAL_ACCOUNT_GROUP;
728 do {
729 if (QueryGroups(osAccountId, &queryParams, &accountVec) != HC_SUCCESS) {
730 LOGD("No identical-account group in db, no identical-account auth!");
731 break;
732 }
733 uint32_t index = 0;
734 TrustedGroupEntry **ptr = NULL;
735 while (index < accountVec.size(&accountVec)) {
736 ptr = accountVec.getp(&accountVec, index);
737 if ((ptr == NULL) || (*ptr == NULL)) {
738 index++;
739 continue;
740 }
741 if (memcpy_s(userId, userIdLen, StringGet(&(*ptr)->userId), StringLength(&(*ptr)->userId)) != EOK) {
742 LOGE("copy fail");
743 ClearGroupEntryVec(&accountVec);
744 return HC_ERROR;
745 }
746 index++;
747 }
748 } while (0);
749 ClearGroupEntryVec(&accountVec);
750 return HC_SUCCESS;
751 }
752
AddMsgToSessionMsg(int32_t eventType,const CJson * msg,CJson * sessionMsg)753 int32_t AddMsgToSessionMsg(int32_t eventType, const CJson *msg, CJson *sessionMsg)
754 {
755 if ((msg == NULL) || (sessionMsg == NULL)) {
756 LOGE("The input contains null ptr!");
757 return HC_ERR_NULL_PTR;
758 }
759 CJson *event = CreateJson();
760 if (event == NULL) {
761 LOGE("allocate event memory fail.");
762 return HC_ERR_ALLOC_MEMORY;
763 }
764 if (AddIntToJson(event, FIELD_TYPE, eventType) != HC_SUCCESS) {
765 LOGE("add eventType to event fail.");
766 FreeJson(event);
767 return HC_ERR_JSON_ADD;
768 }
769 if (AddObjToJson(event, FIELD_DATA, msg) != HC_SUCCESS) {
770 LOGE("add msg to event fail.");
771 FreeJson(event);
772 return HC_ERR_JSON_ADD;
773 }
774 if (AddObjToArray(sessionMsg, event) != HC_SUCCESS) {
775 LOGE("add event to sessionMsg fail.");
776 FreeJson(event);
777 return HC_ERR_JSON_ADD;
778 }
779 return HC_SUCCESS;
780 }
781
IsPeerSameUserId(int32_t osAccountId,const char * peerUserId)782 bool IsPeerSameUserId(int32_t osAccountId, const char *peerUserId)
783 {
784 if (peerUserId == NULL) {
785 LOGE("The input is null ptr!");
786 return HC_ERR_NULL_PTR;
787 }
788 GroupEntryVec groupVec = CreateGroupEntryVec();
789 QueryGroupParams queryParams = InitQueryGroupParams();
790 queryParams.groupType = IDENTICAL_ACCOUNT_GROUP;
791 if (QueryGroups(osAccountId, &queryParams, &groupVec) != HC_SUCCESS || groupVec.size(&groupVec) <= 0) {
792 LOGE("get identical account group from db fail.");
793 ClearGroupEntryVec(&groupVec);
794 return false;
795 }
796 TrustedGroupEntry *groupEntry = groupVec.get(&groupVec, 0);
797 bool isSame = (strcmp(StringGet(&(groupEntry->userId)), peerUserId) == 0);
798 ClearGroupEntryVec(&groupVec);
799 return isSame;
800 }