1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_related_group_auth.h"
17 #include "account_task_manager.h"
18 #include "alg_defs.h"
19 #include "alg_loader.h"
20 #include "cert_operation.h"
21 #include "group_auth_data_operation.h"
22 #include "group_operation_common.h"
23 #include "hc_log.h"
24 #include "identity_manager.h"
25
GetAccountRelatedCandidateGroups(int32_t osAccountId,const CJson * in,bool isDeviceLevel,GroupEntryVec * vec)26 static int32_t GetAccountRelatedCandidateGroups(
27 int32_t osAccountId, const CJson *in, bool isDeviceLevel, GroupEntryVec *vec)
28 {
29 BaseGroupAuth *groupAuth = GetAccountRelatedGroupAuth();
30 if (groupAuth == NULL) {
31 return HC_ERR_NULL_PTR;
32 }
33 QueryGroupParams queryParams = InitQueryGroupParams();
34 if (!isDeviceLevel) {
35 queryParams.groupVisibility = GROUP_VISIBILITY_PUBLIC;
36 }
37 ((AccountRelatedGroupAuth *)groupAuth)->getAccountCandidateGroup(osAccountId, in, &queryParams, vec);
38 // All return success, only notify the plugin.
39 if (HasAccountPlugin() && vec->size(vec) == 0) {
40 CJson *input = CreateJson();
41 if (input == NULL) {
42 return HC_SUCCESS;
43 }
44 CJson *output = CreateJson();
45 if (output == NULL) {
46 FreeJson(input);
47 return HC_SUCCESS;
48 }
49 int32_t ret = ExecuteAccountAuthCmd(osAccountId, QUERY_SELF_CREDENTIAL_INFO, input, output);
50 if (ret != HC_SUCCESS) {
51 LOGE("Account cred is empty.");
52 }
53 FreeJson(input);
54 FreeJson(output);
55 }
56 return HC_SUCCESS;
57 }
58
GetAccountUnrelatedCandidateGroups(int32_t osAccountId,bool isDeviceLevel,GroupEntryVec * vec)59 static int32_t GetAccountUnrelatedCandidateGroups(int32_t osAccountId, bool isDeviceLevel, GroupEntryVec *vec)
60 {
61 QueryGroupParams queryParams = InitQueryGroupParams();
62 queryParams.groupType = PEER_TO_PEER_GROUP;
63 if (!isDeviceLevel) {
64 queryParams.groupVisibility = GROUP_VISIBILITY_PUBLIC;
65 }
66 return QueryGroups(osAccountId, &queryParams, vec);
67 }
68
GetGroupInfoByGroupId(int32_t osAccountId,const char * groupId,GroupEntryVec * groupEntryVec)69 static void GetGroupInfoByGroupId(int32_t osAccountId, const char *groupId, GroupEntryVec *groupEntryVec)
70 {
71 QueryGroupParams queryParams = InitQueryGroupParams();
72 queryParams.groupId = groupId;
73 int32_t ret = QueryGroups(osAccountId, &queryParams, groupEntryVec);
74 if (ret != HC_SUCCESS) {
75 LOGE("Failed to query groups for groupId: %" LOG_PUB "s!", groupId);
76 }
77 }
78
GetCandidateGroups(int32_t osAccountId,const CJson * in,GroupEntryVec * groupEntryVec)79 static void GetCandidateGroups(int32_t osAccountId, const CJson *in, GroupEntryVec *groupEntryVec)
80 {
81 bool isDeviceLevel = false;
82 (void)GetBoolFromJson(in, FIELD_IS_DEVICE_LEVEL, &isDeviceLevel);
83
84 int32_t ret = GetAccountRelatedCandidateGroups(osAccountId, in, isDeviceLevel, groupEntryVec);
85 if (ret != HC_SUCCESS) {
86 LOGE("Failed to get account related groups!");
87 }
88
89 ret = GetAccountUnrelatedCandidateGroups(osAccountId, isDeviceLevel, groupEntryVec);
90 if (ret != HC_SUCCESS) {
91 LOGE("Failed to get p2p groups!");
92 }
93 }
94
IsDeviceInGroup(int32_t osAccountId,int32_t groupType,const char * deviceId,const char * groupId,bool isUdid)95 static bool IsDeviceInGroup(
96 int32_t osAccountId, int32_t groupType, const char *deviceId, const char *groupId, bool isUdid)
97 {
98 if (isUdid) {
99 return GaIsDeviceInGroup(groupType, osAccountId, deviceId, NULL, groupId);
100 } else {
101 return GaIsDeviceInGroup(groupType, osAccountId, NULL, deviceId, groupId);
102 }
103 }
104
SetProtocolsToIdentityInfo(int32_t keyType,IdentityInfo * info)105 static int32_t SetProtocolsToIdentityInfo(int32_t keyType, IdentityInfo *info)
106 {
107 if (keyType == KEY_TYPE_ASYM) {
108 #ifdef ENABLE_P2P_AUTH_EC_SPEKE
109 ProtocolEntity *entity = (ProtocolEntity *)HcMalloc(sizeof(ProtocolEntity), 0);
110 if (entity == NULL) {
111 LOGE("Failed to alloc memory for entity!");
112 return HC_ERR_ALLOC_MEMORY;
113 }
114 entity->protocolType = ALG_EC_SPEKE;
115 if (info->protocolVec.pushBack(&info->protocolVec, (const ProtocolEntity **)&entity) == NULL) {
116 LOGE("Failed to push entity!");
117 HcFree(entity);
118 return HC_ERR_ALLOC_MEMORY;
119 }
120 #else
121 (void)info;
122 #endif
123 } else {
124 #ifdef ENABLE_P2P_AUTH_ISO
125 ProtocolEntity *entity = (ProtocolEntity *)HcMalloc(sizeof(ProtocolEntity), 0);
126 if (entity == NULL) {
127 LOGE("Failed to alloc memory for entity!");
128 return HC_ERR_ALLOC_MEMORY;
129 }
130 entity->protocolType = ALG_ISO;
131 if (info->protocolVec.pushBack(&info->protocolVec, (const ProtocolEntity **)&entity) == NULL) {
132 LOGE("Failed to push entity!");
133 HcFree(entity);
134 return HC_ERR_ALLOC_MEMORY;
135 }
136 #else
137 (void)info;
138 #endif
139 }
140
141 return HC_SUCCESS;
142 }
143
IsP2pAuthTokenExist(int32_t osAccountId,const TrustedDeviceEntry * deviceEntry)144 static bool IsP2pAuthTokenExist(int32_t osAccountId, const TrustedDeviceEntry *deviceEntry)
145 {
146 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
147
148 const char *serviceType = StringGet(&deviceEntry->serviceType);
149 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) };
150
151 const char *peerAuthId = StringGet(&deviceEntry->authId);
152 Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) };
153
154 uint8_t keyAliasVal[ISO_KEY_ALIAS_LEN] = { 0 };
155 Uint8Buff keyAlias = { keyAliasVal, ISO_KEY_ALIAS_LEN };
156 int32_t ret =
157 GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, KEY_ALIAS_AUTH_TOKEN, &peerAuthIdBuff, &keyAlias);
158 if (ret != HC_SUCCESS) {
159 LOGE("Failed to generate key alias!");
160 return false;
161 }
162
163 ret = GetLoaderInstance()->checkKeyExist(&keyAlias, false, osAccountId);
164 if (ret != HC_SUCCESS) {
165 LOGE("auth token not exist!");
166 return false;
167 }
168 return true;
169 }
170
GetAccountUnrelatedIdentityInfo(int32_t osAccountId,const char * groupId,const char * deviceId,bool isUdid,IdentityInfo * info)171 static int32_t GetAccountUnrelatedIdentityInfo(
172 int32_t osAccountId, const char *groupId, const char *deviceId, bool isUdid, IdentityInfo *info)
173 {
174 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
175 if (deviceEntry == NULL) {
176 LOGE("Failed to create deviceEntry!");
177 return HC_ERR_ALLOC_MEMORY;
178 }
179 int32_t ret = GaGetTrustedDeviceEntryById(osAccountId, deviceId, isUdid, groupId, deviceEntry);
180 if (ret != HC_SUCCESS) {
181 LOGE("Failed to get device entry!");
182 DestroyDeviceEntry(deviceEntry);
183 return ret;
184 }
185
186 int32_t keyType = IsP2pAuthTokenExist(osAccountId, deviceEntry) ? KEY_TYPE_SYM : KEY_TYPE_ASYM;
187 DestroyDeviceEntry(deviceEntry);
188 CJson *urlJson = CreateCredUrlJson(PRE_SHARED, keyType, TRUST_TYPE_P2P);
189
190 if (!urlJson) {
191 LOGE("Failed to create CredUrlJson info!");
192 return HC_ERR_ALLOC_MEMORY;
193 }
194 if (AddStringToJson(urlJson, FIELD_GROUP_ID, groupId) != HC_SUCCESS) {
195 LOGE("Failed to add group id!");
196 FreeJson(urlJson);
197 return HC_ERR_JSON_ADD;
198 }
199
200 char *urlStr = PackJsonToString(urlJson);
201 FreeJson(urlJson);
202 if (urlStr == NULL) {
203 LOGE("Failed to pack url json to string!");
204 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
205 }
206
207 ret = SetPreSharedUrlForProof(urlStr, &info->proof.preSharedUrl);
208 FreeJsonString(urlStr);
209 if (ret != HC_SUCCESS) {
210 LOGE("Failed to set preSharedUrl of proof!");
211 return ret;
212 }
213
214 ret = SetProtocolsToIdentityInfo(keyType, info);
215 if (ret != HC_SUCCESS) {
216 LOGE("Failed to set protocols!");
217 return ret;
218 }
219
220 info->proofType = PRE_SHARED;
221 if (ret != HC_SUCCESS) {
222 LOGE("Failed to get p2p identity by key type!");
223 }
224 return ret;
225 }
226
GetIdentityInfo(int32_t osAccountId,const TrustedGroupEntry * groupEntry,const char * deviceId,bool isUdid,IdentityInfo ** returnInfo)227 static int32_t GetIdentityInfo(int32_t osAccountId, const TrustedGroupEntry *groupEntry, const char *deviceId,
228 bool isUdid, IdentityInfo **returnInfo)
229 {
230 IdentityInfo *info = CreateIdentityInfo();
231 if (info == NULL) {
232 LOGE("Failed to create identity info!");
233 return HC_ERR_ALLOC_MEMORY;
234 }
235 int32_t ret;
236 const char *groupId = StringGet(&groupEntry->id);
237 if (groupEntry->type == PEER_TO_PEER_GROUP) {
238 ret = GetAccountUnrelatedIdentityInfo(osAccountId, groupId, deviceId, isUdid, info);
239 } else {
240 ret = GetAccountRelatedCredInfo(osAccountId, groupId, deviceId, isUdid, info);
241 }
242 if (ret != HC_SUCCESS) {
243 LOGE("Failed to get identity info!");
244 DestroyIdentityInfo(info);
245 return ret;
246 }
247 *returnInfo = info;
248 return HC_SUCCESS;
249 }
250
AddNoPseudonymIdentityInfo(int32_t osAccountId,const TrustedGroupEntry * groupEntry,const char * deviceId,bool isUdid,IdentityInfoVec * identityInfoVec)251 static void AddNoPseudonymIdentityInfo(int32_t osAccountId, const TrustedGroupEntry *groupEntry,
252 const char *deviceId, bool isUdid, IdentityInfoVec *identityInfoVec)
253 {
254 IdentityInfo *info = NULL;
255 if (GetIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, &info) != HC_SUCCESS) {
256 return;
257 }
258 info->proof.certInfo.isPseudonym = false;
259 if (identityInfoVec->pushBack(identityInfoVec, (const IdentityInfo **)&info) == NULL) {
260 LOGE("Failed to push info!");
261 DestroyIdentityInfo(info);
262 return;
263 }
264 }
265
GetIdentityInfos(int32_t osAccountId,const CJson * in,const GroupEntryVec * groupEntryVec,IdentityInfoVec * identityInfoVec)266 static int32_t GetIdentityInfos(
267 int32_t osAccountId, const CJson *in, const GroupEntryVec *groupEntryVec, IdentityInfoVec *identityInfoVec)
268 {
269 const char *pkgName = GetStringFromJson(in, FIELD_SERVICE_PKG_NAME);
270 if (pkgName == NULL) {
271 LOGE("Failed to get service package name!");
272 return HC_ERR_JSON_GET;
273 }
274 bool isUdid = false;
275 const char *deviceId = GetPeerDevIdFromJson(in, &isUdid);
276 if (deviceId == NULL) {
277 LOGE("Failed to get peer device id!");
278 return HC_ERR_JSON_GET;
279 }
280 uint32_t index;
281 TrustedGroupEntry **ptr = NULL;
282 FOR_EACH_HC_VECTOR(*groupEntryVec, index, ptr)
283 {
284 const TrustedGroupEntry *groupEntry = (TrustedGroupEntry *)(*ptr);
285 const char *groupId = StringGet(&(groupEntry->id));
286 if (groupId == NULL) {
287 continue;
288 }
289 if (!GaIsGroupAccessible(osAccountId, groupId, pkgName)) {
290 continue;
291 }
292 if (!IsDeviceInGroup(osAccountId, groupEntry->type, deviceId, groupId, isUdid)) {
293 continue;
294 }
295 IdentityInfo *info = NULL;
296 if (GetIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, &info) != HC_SUCCESS) {
297 continue;
298 }
299 if (info->proofType == CERTIFICATED) {
300 info->proof.certInfo.isPseudonym = true;
301 }
302 if (identityInfoVec->pushBack(identityInfoVec, (const IdentityInfo **)&info) == NULL) {
303 LOGE("Failed to push info!");
304 DestroyIdentityInfo(info);
305 return HC_ERR_ALLOC_MEMORY;
306 }
307 if (info->proofType == CERTIFICATED) {
308 AddNoPseudonymIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, identityInfoVec);
309 }
310 }
311 LOGI("The identity info size is: %" LOG_PUB "u", identityInfoVec->size(identityInfoVec));
312 return HC_SUCCESS;
313 }
314
GetCredInfosByPeerIdentity(const CJson * in,IdentityInfoVec * identityInfoVec)315 static int32_t GetCredInfosByPeerIdentity(const CJson *in, IdentityInfoVec *identityInfoVec)
316 {
317 int32_t osAccountId = INVALID_OS_ACCOUNT;
318 int32_t ret;
319 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
320 LOGE("Failed to get osAccountId!");
321 return HC_ERR_JSON_GET;
322 }
323 const char *groupId = GetStringFromJson(in, FIELD_GROUP_ID);
324 if (groupId == NULL) {
325 groupId = GetStringFromJson(in, FIELD_SERVICE_TYPE);
326 }
327 GroupEntryVec groupEntryVec = CreateGroupEntryVec();
328 if (groupId == NULL) {
329 GetCandidateGroups(osAccountId, in, &groupEntryVec);
330 } else {
331 GetGroupInfoByGroupId(osAccountId, groupId, &groupEntryVec);
332 }
333
334 bool isDeviceLevel = false;
335 (void)GetBoolFromJson(in, FIELD_IS_DEVICE_LEVEL, &isDeviceLevel);
336 if (groupEntryVec.size(&groupEntryVec) == 0) {
337 if (isDeviceLevel) {
338 // device level auth still has the chance to try p2p direct auth
339 // so, do not report error here.
340 LOGI("No satisfied candidate group!");
341 } else {
342 LOGE("No satisfied candidate group!");
343 }
344 ClearGroupEntryVec(&groupEntryVec);
345 return HC_ERR_NO_CANDIDATE_GROUP;
346 }
347 ret = GetIdentityInfos(osAccountId, in, &groupEntryVec, identityInfoVec);
348 ClearGroupEntryVec(&groupEntryVec);
349 return ret;
350 }
351
SetIdentityInfoByUrl(const CJson * urlJson,IdentityInfo * info)352 static int32_t SetIdentityInfoByUrl(const CJson *urlJson, IdentityInfo *info)
353 {
354 if (urlJson == NULL || info == NULL) {
355 LOGE("Need urlJson and IdentityInfo is not NULL!");
356 return HC_ERR_INVALID_PARAMS;
357 }
358
359 int32_t keyType = 0;
360 if (GetIntFromJson(urlJson, PRESHARED_URL_KEY_TYPE, &keyType) != HC_SUCCESS) {
361 LOGE("Failed to get trust type!");
362 return HC_ERR_JSON_GET;
363 }
364
365 char *urlStr = PackJsonToString(urlJson);
366 if (urlStr == NULL) {
367 LOGE("Failed to pack url json to string!");
368 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
369 }
370 int32_t ret = SetPreSharedUrlForProof(urlStr, &info->proof.preSharedUrl);
371 FreeJsonString(urlStr);
372 if (ret != HC_SUCCESS) {
373 LOGE("Failed to set preSharedUrl of proof!");
374 return ret;
375 }
376
377 ret = SetProtocolsToIdentityInfo(keyType, info);
378 if (ret != HC_SUCCESS) {
379 LOGE("Failed to set protocols!");
380 return ret;
381 }
382
383 info->proofType = PRE_SHARED;
384 return ret;
385 }
386
CheckAndGetP2pCredInfo(const CJson * in,const CJson * urlJson,IdentityInfo * info)387 static int32_t CheckAndGetP2pCredInfo(const CJson *in, const CJson *urlJson, IdentityInfo *info)
388 {
389 int32_t osAccountId = INVALID_OS_ACCOUNT;
390 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
391 LOGE("Failed to get osAccountId!");
392 return HC_ERR_JSON_GET;
393 }
394
395 const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID);
396 if (groupId == NULL) {
397 LOGE("Failed to get groupId!");
398 return HC_ERR_JSON_GET;
399 }
400 int32_t ret = CheckGroupExist(osAccountId, groupId);
401 if (ret != HC_SUCCESS) {
402 LOGE("group not exist!");
403 return ret;
404 }
405 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
406 if (deviceEntry == NULL) {
407 LOGE("Failed to create device entry!");
408 return HC_ERR_ALLOC_MEMORY;
409 }
410 ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
411 DestroyDeviceEntry(deviceEntry);
412 if (ret != HC_SUCCESS) {
413 LOGE("peer device not found!");
414 return ret;
415 }
416
417 ret = SetIdentityInfoByUrl(urlJson, info);
418 if (ret != HC_SUCCESS) {
419 LOGE("Failed to get p2p identity info by key type!");
420 }
421 return ret;
422 }
423
GetCredInfoByPeerUrl(const CJson * in,const Uint8Buff * presharedUrl,IdentityInfo ** returnInfo)424 static int32_t GetCredInfoByPeerUrl(const CJson *in, const Uint8Buff *presharedUrl, IdentityInfo **returnInfo)
425 {
426 if (in == NULL || presharedUrl == NULL || returnInfo == NULL) {
427 LOGE("Invalid input params!");
428 return HC_ERR_INVALID_PARAMS;
429 }
430
431 CJson *urlJson = CreateJsonFromString((const char *)presharedUrl->val);
432 if (urlJson == NULL) {
433 LOGE("Failed to create url json!");
434 return HC_ERR_JSON_CREATE;
435 }
436
437 int32_t trustType = 0;
438 if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) {
439 LOGE("Failed to get trust type!");
440 FreeJson(urlJson);
441 return HC_ERR_JSON_GET;
442 }
443
444 IdentityInfo *info = CreateIdentityInfo();
445 if (info == NULL) {
446 LOGE("Failed to create identity info!");
447 FreeJson(urlJson);
448 return HC_ERR_ALLOC_MEMORY;
449 }
450 int32_t ret;
451 switch (trustType) {
452 case TRUST_TYPE_UID:
453 ret = GetAccountSymCredInfoByPeerUrl(in, urlJson, info);
454 break;
455 case TRUST_TYPE_P2P:
456 ret = CheckAndGetP2pCredInfo(in, urlJson, info);
457 break;
458 default:
459 LOGE("Invalid trust type!");
460 ret = HC_ERR_INVALID_PARAMS;
461 break;
462 }
463 FreeJson(urlJson);
464
465 *returnInfo = info;
466 return ret;
467 }
468
GenerateKeyAliasForIso(const TrustedDeviceEntry * deviceEntry,Uint8Buff * keyAliasBuff)469 static int32_t GenerateKeyAliasForIso(const TrustedDeviceEntry *deviceEntry, Uint8Buff *keyAliasBuff)
470 {
471 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, (uint32_t)HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
472 const char *serviceType = StringGet(&deviceEntry->serviceType);
473 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, (uint32_t)HcStrlen(serviceType) };
474 const char *peerAuthId = StringGet(&deviceEntry->authId);
475 Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, (uint32_t)HcStrlen(peerAuthId) };
476 KeyAliasType keyType = KEY_ALIAS_AUTH_TOKEN;
477 if (deviceEntry->upgradeFlag == 1) {
478 keyType = deviceEntry->devType;
479 }
480 int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, &peerAuthIdBuff, keyAliasBuff);
481 if (ret != HC_SUCCESS) {
482 LOGE("Failed to generate key alias for iso!");
483 return ret;
484 }
485 if (deviceEntry->upgradeFlag == 1) {
486 ret = ToLowerCase(keyAliasBuff);
487 if (ret != HC_SUCCESS) {
488 LOGE("Failed to convert psk alias to lower case!");
489 return ret;
490 }
491 }
492 return HC_SUCCESS;
493 }
494
AuthGeneratePsk(const CJson * in,const char * groupId,const Uint8Buff * seed,Uint8Buff * sharedSecret)495 static int32_t AuthGeneratePsk(const CJson *in, const char *groupId, const Uint8Buff *seed, Uint8Buff *sharedSecret)
496 {
497 int32_t osAccountId = INVALID_OS_ACCOUNT;
498 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
499 LOGE("Failed to get osAccountId!");
500 return HC_ERR_JSON_GET;
501 }
502 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
503 if (deviceEntry == NULL) {
504 LOGE("Failed to create device entry!");
505 return HC_ERR_ALLOC_MEMORY;
506 }
507 int32_t ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
508 if (ret != HC_SUCCESS) {
509 LOGE("Failed to get peer device entry!");
510 DestroyDeviceEntry(deviceEntry);
511 return ret;
512 }
513 uint8_t keyAlias[ISO_KEY_ALIAS_LEN] = { 0 };
514 uint8_t upgradeKeyAlias[ISO_UPGRADE_KEY_ALIAS_LEN] = { 0 };
515 Uint8Buff keyAliasBuf = { keyAlias, ISO_KEY_ALIAS_LEN };
516 if (deviceEntry->upgradeFlag == 1) {
517 keyAliasBuf.val = upgradeKeyAlias;
518 keyAliasBuf.length = ISO_UPGRADE_KEY_ALIAS_LEN;
519 }
520 ret = GenerateKeyAliasForIso(deviceEntry, &keyAliasBuf);
521 if (ret != HC_SUCCESS) {
522 LOGE("Failed to generate key alias in iso!");
523 DestroyDeviceEntry(deviceEntry);
524 return ret;
525 }
526 if (deviceEntry->upgradeFlag == 1) {
527 KeyParams keyAliasParams = { { keyAliasBuf.val, keyAliasBuf.length, true }, true, osAccountId };
528 ret = GetLoaderInstance()->computeHmacWithThreeStage(&keyAliasParams, seed, sharedSecret);
529 } else {
530 KeyParams keyAliasParams = { { keyAliasBuf.val, keyAliasBuf.length, true }, false, osAccountId };
531 ret = GetLoaderInstance()->computeHmac(&keyAliasParams, seed, sharedSecret);
532 }
533 DestroyDeviceEntry(deviceEntry);
534 return ret;
535 }
536
GetSharedSecretForP2pInIso(const CJson * in,const char * groupId,Uint8Buff * sharedSecret)537 static int32_t GetSharedSecretForP2pInIso(const CJson *in, const char *groupId, Uint8Buff *sharedSecret)
538 {
539 uint8_t *seedVal = (uint8_t *)HcMalloc(SEED_LEN, 0);
540 if (seedVal == NULL) {
541 LOGE("Failed to alloc memory for seed!");
542 return HC_ERR_ALLOC_MEMORY;
543 }
544 Uint8Buff seedBuff = { seedVal, SEED_LEN };
545 int32_t ret = GetByteFromJson(in, FIELD_SEED, seedBuff.val, seedBuff.length);
546 if (ret != HC_SUCCESS) {
547 LOGE("Failed to get seed!");
548 HcFree(seedVal);
549 return HC_ERR_JSON_GET;
550 }
551 uint8_t *pskVal = (uint8_t *)HcMalloc(ISO_PSK_LEN, 0);
552 if (pskVal == NULL) {
553 LOGE("Failed to alloc memory for psk!");
554 HcFree(seedVal);
555 return HC_ERR_ALLOC_MEMORY;
556 }
557 sharedSecret->val = pskVal;
558 sharedSecret->length = ISO_PSK_LEN;
559 ret = AuthGeneratePsk(in, groupId, &seedBuff, sharedSecret);
560 HcFree(seedVal);
561 if (ret != HC_SUCCESS) {
562 LOGE("Failed to generate psk!");
563 FreeBuffData(sharedSecret);
564 }
565 return ret;
566 }
567
GetSelfAuthIdAndUserType(int32_t osAccountId,const char * groupId,Uint8Buff * authIdBuff,int32_t * userType,int32_t * upgradeFlag)568 static int32_t GetSelfAuthIdAndUserType(
569 int32_t osAccountId, const char *groupId, Uint8Buff *authIdBuff, int32_t *userType, int32_t *upgradeFlag)
570 {
571 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
572 if (deviceEntry == NULL) {
573 LOGE("Failed to create device entry!");
574 return HC_ERR_ALLOC_MEMORY;
575 }
576 int32_t ret = GetSelfDeviceEntry(osAccountId, groupId, deviceEntry);
577 if (ret != HC_SUCCESS) {
578 LOGE("Failed to get self device entry!");
579 DestroyDeviceEntry(deviceEntry);
580 return ret;
581 }
582 const char *selfAuthId = StringGet(&deviceEntry->authId);
583 uint32_t authIdLen = HcStrlen(selfAuthId);
584 authIdBuff->val = (uint8_t *)HcMalloc(authIdLen + 1, 0);
585 if (authIdBuff->val == NULL) {
586 LOGE("Failed to alloc memory for authId!");
587 DestroyDeviceEntry(deviceEntry);
588 return HC_ERR_ALLOC_MEMORY;
589 }
590 if (memcpy_s(authIdBuff->val, authIdLen + 1, selfAuthId, authIdLen) != EOK) {
591 LOGE("Failed to copy authId!");
592 HcFree(authIdBuff->val);
593 authIdBuff->val = NULL;
594 DestroyDeviceEntry(deviceEntry);
595 return HC_ERR_MEMORY_COPY;
596 }
597 authIdBuff->length = authIdLen;
598 *userType = deviceEntry->devType;
599 *upgradeFlag = deviceEntry->upgradeFlag;
600 DestroyDeviceEntry(deviceEntry);
601 return HC_SUCCESS;
602 }
603
GenerateSelfKeyAlias(const char * serviceType,int32_t selfUserType,const Uint8Buff * selfAuthIdBuff,bool isSelfFromUpgrade,Uint8Buff * selfKeyAlias)604 static int32_t GenerateSelfKeyAlias(const char *serviceType, int32_t selfUserType, const Uint8Buff *selfAuthIdBuff,
605 bool isSelfFromUpgrade, Uint8Buff *selfKeyAlias)
606 {
607 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
608 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) };
609 KeyAliasType keyType = (KeyAliasType)selfUserType;
610 if (isSelfFromUpgrade) {
611 keyType = KEY_ALIAS_LT_KEY_PAIR;
612 }
613 int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, selfAuthIdBuff, selfKeyAlias);
614 if (ret != HC_SUCCESS) {
615 LOGE("Failed to generate self key alias!");
616 return ret;
617 }
618 if (isSelfFromUpgrade) {
619 ret = ToLowerCase(selfKeyAlias);
620 if (ret != HC_SUCCESS) {
621 LOGE("Failed to convert self key alias to lower case!");
622 return ret;
623 }
624 }
625 return HC_SUCCESS;
626 }
627
GeneratePeerKeyAlias(const TrustedDeviceEntry * peerDeviceEntry,Uint8Buff * peerKeyAlias)628 static int32_t GeneratePeerKeyAlias(const TrustedDeviceEntry *peerDeviceEntry, Uint8Buff *peerKeyAlias)
629 {
630 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
631 const char *serviceType = StringGet(&peerDeviceEntry->serviceType);
632 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) };
633 #ifdef DEV_AUTH_FUNC_TEST
634 KeyAliasType keyTypePeer = KEY_ALIAS_LT_KEY_PAIR;
635 #else
636 KeyAliasType keyTypePeer = (KeyAliasType)peerDeviceEntry->devType;
637 #endif
638 const char *peerAuthId = StringGet(&peerDeviceEntry->authId);
639 Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) };
640 int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyTypePeer, &peerAuthIdBuff, peerKeyAlias);
641 if (ret != HC_SUCCESS) {
642 LOGE("Failed to generate peer key alias!");
643 return ret;
644 }
645 if (peerDeviceEntry->upgradeFlag == 1) {
646 ret = ToLowerCase(peerKeyAlias);
647 if (ret != HC_SUCCESS) {
648 LOGE("Failed to convert peer key alias to lower case!");
649 return ret;
650 }
651 }
652 return HC_SUCCESS;
653 }
654
CheckSelfKeyAlias(const Uint8Buff * selfKeyAlias,bool isSelfFromUpgrade,int32_t osAccountId,const char * groupId)655 static int32_t CheckSelfKeyAlias(const Uint8Buff *selfKeyAlias, bool isSelfFromUpgrade, int32_t osAccountId,
656 const char *groupId)
657 {
658 int32_t ret = GetLoaderInstance()->checkKeyExist(selfKeyAlias, isSelfFromUpgrade, osAccountId);
659 if (ret != HC_SUCCESS) {
660 LOGE("self auth keyPair not exist, need to delete group and devices!");
661 if (DelGroupFromDb(osAccountId, groupId) != HC_SUCCESS) {
662 LOGW("delete group from db failed!");
663 return ret;
664 }
665 LOGI("self auth keyPair not exist, delete group from db successfully!");
666 }
667 return ret;
668 }
669
CheckPeerKeyAlias(const Uint8Buff * peerKeyAlias,bool isPeerFromUpgrade,int32_t osAccountId,const char * groupId,const TrustedDeviceEntry * peerDeviceEntry)670 static int32_t CheckPeerKeyAlias(const Uint8Buff *peerKeyAlias, bool isPeerFromUpgrade, int32_t osAccountId,
671 const char *groupId, const TrustedDeviceEntry *peerDeviceEntry)
672 {
673 int32_t ret = GetLoaderInstance()->checkKeyExist(peerKeyAlias, isPeerFromUpgrade, osAccountId);
674 if (ret != HC_SUCCESS) {
675 LOGE("peer auth pubKey not exist, need to delete peer device!");
676 if (DelDeviceFromDb(osAccountId, groupId, peerDeviceEntry) != HC_SUCCESS) {
677 LOGW("delete peer device from db failed!");
678 return ret;
679 }
680 LOGI("peer auth pubKey not exist, delete peer device from db successfully!");
681 }
682 return ret;
683 }
684
ComputeAndSavePsk(int32_t osAccountId,const char * groupId,const TrustedDeviceEntry * peerDeviceEntry,const Uint8Buff * sharedKeyAlias)685 static int32_t ComputeAndSavePsk(int32_t osAccountId, const char *groupId,
686 const TrustedDeviceEntry *peerDeviceEntry, const Uint8Buff *sharedKeyAlias)
687 {
688 Uint8Buff selfAuthIdBuff = { NULL, 0 };
689 int32_t selfUserType = 0;
690 int32_t selfUpgradeFlag = 0;
691 int32_t ret = GetSelfAuthIdAndUserType(osAccountId, groupId, &selfAuthIdBuff, &selfUserType, &selfUpgradeFlag);
692 if (ret != HC_SUCCESS) {
693 LOGE("Failed to get self auth id and user type!");
694 return ret;
695 }
696 const char *serviceType = StringGet(&peerDeviceEntry->serviceType);
697 bool isSelfFromUpgrade = selfUpgradeFlag == 1;
698 uint8_t selfKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
699 Uint8Buff selfKeyAlias = { selfKeyAliasVal, PAKE_KEY_ALIAS_LEN };
700 ret = GenerateSelfKeyAlias(serviceType, selfUserType, &selfAuthIdBuff, isSelfFromUpgrade, &selfKeyAlias);
701 HcFree(selfAuthIdBuff.val);
702 if (ret != HC_SUCCESS) {
703 LOGE("Failed to generate self key alias!");
704 return ret;
705 }
706
707 uint8_t peerKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
708 Uint8Buff peerKeyAlias = { peerKeyAliasVal, PAKE_KEY_ALIAS_LEN };
709 ret = GeneratePeerKeyAlias(peerDeviceEntry, &peerKeyAlias);
710 if (ret != HC_SUCCESS) {
711 LOGE("Failed to generate peer key alias!");
712 return ret;
713 }
714
715 ret = CheckSelfKeyAlias(&selfKeyAlias, isSelfFromUpgrade, osAccountId, groupId);
716 if (ret != HC_SUCCESS) {
717 return ret;
718 }
719 bool isPeerFromUpgrade = peerDeviceEntry->upgradeFlag == 1;
720 ret = CheckPeerKeyAlias(&peerKeyAlias, isPeerFromUpgrade, osAccountId, groupId, peerDeviceEntry);
721 if (ret != HC_SUCCESS) {
722 return ret;
723 }
724 uint8_t peerPubKeyVal[PAKE_ED25519_KEY_PAIR_LEN] = { 0 };
725 Uint8Buff peerPubKeyBuff = { peerPubKeyVal, PAKE_ED25519_KEY_PAIR_LEN };
726 KeyParams peerKeyParams = { { peerKeyAlias.val, peerKeyAlias.length, true }, isPeerFromUpgrade, osAccountId };
727 ret = GetLoaderInstance()->exportPublicKey(&peerKeyParams, &peerPubKeyBuff);
728 if (ret != HC_SUCCESS) {
729 LOGE("Failed to export peer public key!");
730 return ret;
731 }
732 KeyParams selfKeyAliasParams = { { selfKeyAlias.val, selfKeyAlias.length, true }, isSelfFromUpgrade, osAccountId };
733 KeyBuff peerKeyBuff = { peerPubKeyBuff.val, peerPubKeyBuff.length, false };
734 return GetLoaderInstance()->agreeSharedSecretWithStorage(
735 &selfKeyAliasParams, &peerKeyBuff, ED25519, PAKE_PSK_LEN, sharedKeyAlias);
736 }
737
GeneratePskAliasAndCheckExist(const CJson * in,const char * groupId,Uint8Buff * pskKeyAlias)738 static int32_t GeneratePskAliasAndCheckExist(const CJson *in, const char *groupId, Uint8Buff *pskKeyAlias)
739 {
740 int32_t osAccountId = INVALID_OS_ACCOUNT;
741 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
742 LOGE("Failed to get osAccountId!");
743 return HC_ERR_JSON_GET;
744 }
745 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
746 if (deviceEntry == NULL) {
747 LOGE("Failed to create device entry!");
748 return HC_ERR_ALLOC_MEMORY;
749 }
750 int32_t ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
751 if (ret != HC_SUCCESS) {
752 LOGE("Failed to get peer device entry!");
753 DestroyDeviceEntry(deviceEntry);
754 return ret;
755 }
756 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
757 const char *serviceType = StringGet(&deviceEntry->serviceType);
758 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) };
759 const char *peerAuthId = StringGet(&deviceEntry->authId);
760 Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) };
761 ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, KEY_ALIAS_PSK, &peerAuthIdBuff, pskKeyAlias);
762 if (ret != HC_SUCCESS) {
763 LOGE("Failed to generate psk key alias!");
764 DestroyDeviceEntry(deviceEntry);
765 return ret;
766 }
767 bool isPeerFromUpgrade = deviceEntry->upgradeFlag == 1;
768 if (isPeerFromUpgrade) {
769 ret = ToLowerCase(pskKeyAlias);
770 if (ret != HC_SUCCESS) {
771 LOGE("Failed to convert psk alias to lower case!");
772 DestroyDeviceEntry(deviceEntry);
773 return ret;
774 }
775 }
776 LOGI("psk alias: %" LOG_PUB "x %" LOG_PUB "x %" LOG_PUB "x %" LOG_PUB "x****.", pskKeyAlias->val[DEV_AUTH_ZERO],
777 pskKeyAlias->val[DEV_AUTH_ONE], pskKeyAlias->val[DEV_AUTH_TWO], pskKeyAlias->val[DEV_AUTH_THREE]);
778 if (GetLoaderInstance()->checkKeyExist(pskKeyAlias, isPeerFromUpgrade, osAccountId) != HC_SUCCESS) {
779 ret = ComputeAndSavePsk(osAccountId, groupId, deviceEntry, pskKeyAlias);
780 }
781 DestroyDeviceEntry(deviceEntry);
782 return ret;
783 }
784
GetSharedSecretForP2pInPake(const CJson * in,const char * groupId,Uint8Buff * sharedSecret)785 static int32_t GetSharedSecretForP2pInPake(const CJson *in, const char *groupId, Uint8Buff *sharedSecret)
786 {
787 int32_t osAccountId;
788 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
789 LOGE("Failed to get osAccountId!");
790 return HC_ERR_JSON_GET;
791 }
792 uint8_t pskKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
793 Uint8Buff pskKeyAlias = { pskKeyAliasVal, PAKE_KEY_ALIAS_LEN };
794 int32_t ret = GeneratePskAliasAndCheckExist(in, groupId, &pskKeyAlias);
795 if (ret != HC_SUCCESS) {
796 LOGE("Failed to generate key alias for psk!");
797 return ret;
798 }
799 uint8_t *pskVal = (uint8_t *)HcMalloc(PAKE_PSK_LEN, 0);
800 if (pskVal == NULL) {
801 LOGE("Failed to alloc memory for psk!");
802 return HC_ERR_ALLOC_MEMORY;
803 }
804 Uint8Buff pskBuff = { pskVal, PAKE_PSK_LEN };
805 uint8_t *nonceVal = (uint8_t *)HcMalloc(PAKE_NONCE_LEN, 0);
806 if (nonceVal == NULL) {
807 LOGE("Failed to alloc memory for nonce!");
808 HcFree(pskVal);
809 return HC_ERR_ALLOC_MEMORY;
810 }
811 Uint8Buff nonceBuff = { nonceVal, PAKE_NONCE_LEN };
812 ret = GetByteFromJson(in, FIELD_NONCE, nonceBuff.val, nonceBuff.length);
813 if (ret != HC_SUCCESS) {
814 LOGE("Failed to get nonce!");
815 HcFree(pskVal);
816 HcFree(nonceVal);
817 return HC_ERR_JSON_GET;
818 }
819 Uint8Buff keyInfo = { (uint8_t *)TMP_AUTH_KEY_FACTOR, HcStrlen(TMP_AUTH_KEY_FACTOR) };
820 KeyParams keyAliasParams = { { pskKeyAlias.val, pskKeyAlias.length, true }, false, osAccountId };
821 ret = GetLoaderInstance()->computeHkdf(&keyAliasParams, &nonceBuff, &keyInfo, &pskBuff);
822 HcFree(nonceVal);
823 if (ret != HC_SUCCESS) {
824 LOGE("Failed to compute hkdf for psk!");
825 HcFree(pskVal);
826 return ret;
827 }
828
829 ret = ConvertPsk(&pskBuff, sharedSecret);
830 HcFree(pskVal);
831 if (ret != HC_SUCCESS) {
832 LOGE("Failed to convert psk!");
833 }
834 return ret;
835 }
836
GetSharedSecretForP2p(const CJson * in,const CJson * urlJson,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)837 static int32_t GetSharedSecretForP2p(
838 const CJson *in, const CJson *urlJson, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
839 {
840 const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID);
841 if (groupId == NULL) {
842 LOGE("Failed to get groupId!");
843 return HC_ERR_JSON_GET;
844 }
845 int32_t ret;
846 if (protocolType == ALG_ISO) {
847 ret = GetSharedSecretForP2pInIso(in, groupId, sharedSecret);
848 LOGI("get shared secret for p2p in iso result: %" LOG_PUB "d", ret);
849 } else {
850 ret = GetSharedSecretForP2pInPake(in, groupId, sharedSecret);
851 LOGI("get shared secret for p2p in pake result: %" LOG_PUB "d", ret);
852 }
853 return ret;
854 }
855
GetSharedSecretByUrl(const CJson * in,const Uint8Buff * presharedUrl,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)856 static int32_t GetSharedSecretByUrl(
857 const CJson *in, const Uint8Buff *presharedUrl, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
858 {
859 if (in == NULL || presharedUrl == NULL || sharedSecret == NULL) {
860 LOGE("Invalid input params!");
861 return HC_ERR_INVALID_PARAMS;
862 }
863
864 CJson *urlJson = CreateJsonFromString((const char *)presharedUrl->val);
865 if (urlJson == NULL) {
866 LOGE("Failed to create url json!");
867 return HC_ERR_JSON_CREATE;
868 }
869
870 int32_t trustType = 0;
871 if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) {
872 LOGE("Failed to get trust type!");
873 FreeJson(urlJson);
874 return HC_ERR_JSON_GET;
875 }
876
877 int32_t ret;
878 switch (trustType) {
879 case TRUST_TYPE_P2P:
880 ret = GetSharedSecretForP2p(in, urlJson, protocolType, sharedSecret);
881 break;
882 case TRUST_TYPE_UID:
883 if (protocolType != ALG_ISO) {
884 LOGE("protocol type is not iso, not supported!");
885 ret = HC_ERR_INVALID_PARAMS;
886 } else {
887 ret = GetAccountSymSharedSecret(in, urlJson, sharedSecret);
888 }
889 break;
890 default:
891 LOGE("Invalid trust type!");
892 ret = HC_ERR_INVALID_PARAMS;
893 break;
894 }
895 FreeJson(urlJson);
896
897 return ret;
898 }
899
GetCredInfoByPeerCert(const CJson * in,const CertInfo * certInfo,IdentityInfo ** returnInfo)900 static int32_t GetCredInfoByPeerCert(const CJson *in, const CertInfo *certInfo, IdentityInfo **returnInfo)
901 {
902 if (in == NULL || certInfo == NULL || returnInfo == NULL) {
903 LOGE("Invalid input params!");
904 return HC_ERR_INVALID_PARAMS;
905 }
906 int32_t osAccountId = INVALID_OS_ACCOUNT;
907 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
908 LOGE("Failed to get osAccountId!");
909 return HC_ERR_JSON_GET;
910 }
911 int32_t res = GetAccountAsymCredInfo(osAccountId, certInfo, returnInfo);
912 if (res != HC_SUCCESS) {
913 LOGE("Failed to get account asym cred info!");
914 return res;
915 }
916 if (certInfo->isPseudonym) {
917 (*returnInfo)->proof.certInfo.isPseudonym = true;
918 } else {
919 (*returnInfo)->proof.certInfo.isPseudonym = false;
920 }
921 return HC_SUCCESS;
922 }
923
GetSharedSecretByPeerCert(const CJson * in,const CertInfo * peerCertInfo,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)924 static int32_t GetSharedSecretByPeerCert(
925 const CJson *in, const CertInfo *peerCertInfo, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
926 {
927 if (in == NULL || peerCertInfo == NULL || sharedSecret == NULL) {
928 LOGE("Invalid input params!");
929 return HC_ERR_INVALID_PARAMS;
930 }
931 if (protocolType != ALG_EC_SPEKE) {
932 LOGE("protocol type is not ec speke, not support!");
933 return HC_ERR_INVALID_PARAMS;
934 }
935 int32_t osAccountId = INVALID_OS_ACCOUNT;
936 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
937 LOGE("Failed to get osAccountId!");
938 return HC_ERR_JSON_GET;
939 }
940 const char *peerUserId = GetStringFromJson(in, FIELD_PEER_USER_ID);
941 if (peerUserId != NULL) {
942 LOGE("peerUserId exists.");
943 }
944 return GetAccountAsymSharedSecret(osAccountId, peerUserId, peerCertInfo, sharedSecret);
945 }
946
947 static const AuthIdentity g_authIdentity = {
948 .getCredInfosByPeerIdentity = GetCredInfosByPeerIdentity,
949 .getCredInfoByPeerUrl = GetCredInfoByPeerUrl,
950 .getSharedSecretByUrl = GetSharedSecretByUrl,
951 .getCredInfoByPeerCert = GetCredInfoByPeerCert,
952 .getSharedSecretByPeerCert = GetSharedSecretByPeerCert,
953 };
954
GetGroupAuthIdentity(void)955 const AuthIdentity *GetGroupAuthIdentity(void)
956 {
957 return &g_authIdentity;
958 }