1 /*
2 * Copyright (C) 2023-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dev_session_util.h"
17
18 #include <time.h>
19 #include "alg_loader.h"
20 #include "hc_log.h"
21 #include "pseudonym_manager.h"
22
23 #include "dev_session_def.h"
24 #include "string_util.h"
25
26 #define AUTH_ID_LEN 32
27 #define FIELD_AUTH_ID_CLIENT "authIdC"
28 #define FIELD_AUTH_ID_SERVER "authIdS"
29
GetPeerDeviceEntryByContext(int32_t osAccountId,const CJson * context)30 static TrustedDeviceEntry *GetPeerDeviceEntryByContext(int32_t osAccountId, const CJson *context)
31 {
32 const char *groupId = GetStringFromJson(context, FIELD_GROUP_ID);
33 if (groupId == NULL) {
34 LOGE("Failed to get groupId!");
35 return NULL;
36 }
37 bool isUdid = false;
38 const char *peerDeviceId = GetStringFromJson(context, FIELD_PEER_UDID);
39 if (peerDeviceId != NULL) {
40 isUdid = true;
41 } else {
42 LOGW("peer udid not found, try to get peer authId!");
43 peerDeviceId = GetStringFromJson(context, FIELD_PEER_AUTH_ID);
44 if (peerDeviceId == NULL) {
45 LOGE("Failed to get peer authId!");
46 return NULL;
47 }
48 }
49 return GetDeviceEntryById(osAccountId, peerDeviceId, isUdid, groupId);
50 }
51
GetPdidIndexByGroup(const CJson * context,int32_t osAccountId,char ** returnPdidIndex)52 static int32_t GetPdidIndexByGroup(const CJson *context, int32_t osAccountId, char **returnPdidIndex)
53 {
54 TrustedDeviceEntry *deviceEntry = GetPeerDeviceEntryByContext(osAccountId, context);
55 if (deviceEntry == NULL) {
56 LOGE("Failed to get device entry!");
57 return HC_ERR_DEVICE_NOT_EXIST;
58 }
59 const char *pdidIndex = StringGet(&deviceEntry->userId);
60 if (pdidIndex == NULL) {
61 LOGE("pdidIndex is null!");
62 DestroyDeviceEntry(deviceEntry);
63 return HC_ERR_NULL_PTR;
64 }
65 if (DeepCopyString(pdidIndex, returnPdidIndex) != HC_SUCCESS) {
66 LOGE("Failed to copy pdidIndex!");
67 DestroyDeviceEntry(deviceEntry);
68 return HC_ERR_ALLOC_MEMORY;
69 }
70 DestroyDeviceEntry(deviceEntry);
71 return HC_SUCCESS;
72 }
73
GetPdidIndexByISInfo(const CJson * context,char ** returnPdidIndex)74 static int32_t GetPdidIndexByISInfo(const CJson *context, char **returnPdidIndex)
75 {
76 const char *pdidIndex = GetStringFromJson(context, FIELD_CRED_ID);
77 if (pdidIndex == NULL) {
78 LOGE("Failed to get cred ID!");
79 return HC_ERR_JSON_GET;
80 }
81 if (DeepCopyString(pdidIndex, returnPdidIndex) != HC_SUCCESS) {
82 LOGE("Failed to copy pdidIndex!");
83 return HC_ERR_ALLOC_MEMORY;
84 }
85 return HC_SUCCESS;
86 }
87
GetPdidByContext(const CJson * context,bool isCredAuth,char ** returnPdid)88 static int32_t GetPdidByContext(const CJson *context, bool isCredAuth, char **returnPdid)
89 {
90 int32_t osAccountId;
91 if (GetIntFromJson(context, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
92 LOGE("Failed to get osAccountId!");
93 return HC_ERR_JSON_GET;
94 }
95 char *pdidIndex = NULL;
96 int32_t res = isCredAuth? GetPdidIndexByISInfo(context, &pdidIndex)
97 : GetPdidIndexByGroup(context, osAccountId, &pdidIndex);
98 if (res != HC_SUCCESS) {
99 LOGE("Failed to get pdidIndex!");
100 return res;
101 }
102 PseudonymManager *manager = GetPseudonymInstance();
103 if (manager == NULL) {
104 LOGE("Pseudonym manager is null!");
105 HcFree(pdidIndex);
106 return HC_ERR_NULL_PTR;
107 }
108 char *pdid = NULL;
109 res = manager->getPseudonymId(osAccountId, pdidIndex, &pdid);
110 HcFree(pdidIndex);
111 if (res != HC_SUCCESS) {
112 LOGE("Failed to get pdid!");
113 return res;
114 }
115 if (DeepCopyString(pdid, returnPdid) != HC_SUCCESS) {
116 LOGE("Failed to copy pdid!");
117 HcFree(pdid);
118 return HC_ERR_ALLOC_MEMORY;
119 }
120 HcFree(pdid);
121 return HC_SUCCESS;
122 }
123
BuildRealPkInfoJson(const CJson * pkInfoJson,const CJson * peerInfoJson,CJson * realPkInfoJson)124 static int32_t BuildRealPkInfoJson(const CJson *pkInfoJson, const CJson *peerInfoJson, CJson *realPkInfoJson)
125 {
126 const char *devicePk = GetStringFromJson(pkInfoJson, FIELD_DEVICE_PK);
127 if (devicePk == NULL) {
128 LOGE("Failed to get devicePk!");
129 return HC_ERR_JSON_GET;
130 }
131 const char *version = GetStringFromJson(pkInfoJson, FIELD_VERSION);
132 if (version == NULL) {
133 LOGE("Failed to get version!");
134 return HC_ERR_JSON_GET;
135 }
136 const char *userId = GetStringFromJson(peerInfoJson, FIELD_USER_ID);
137 if (userId == NULL) {
138 LOGE("Failed to get userId!");
139 return HC_ERR_JSON_GET;
140 }
141 const char *deviceId = GetStringFromJson(peerInfoJson, FIELD_DEVICE_ID);
142 if (deviceId == NULL) {
143 LOGE("Failed to get deviceId!");
144 return HC_ERR_JSON_GET;
145 }
146 if (AddStringToJson(realPkInfoJson, FIELD_DEVICE_PK, devicePk) != HC_SUCCESS) {
147 LOGE("Failed to add devicePk!");
148 return HC_ERR_JSON_ADD;
149 }
150 if (AddStringToJson(realPkInfoJson, FIELD_USER_ID, userId) != HC_SUCCESS) {
151 LOGE("Failed to add userId!");
152 return HC_ERR_JSON_ADD;
153 }
154 if (AddStringToJson(realPkInfoJson, FIELD_DEVICE_ID, deviceId) != HC_SUCCESS) {
155 LOGE("Failed to add deviceId!");
156 return HC_ERR_JSON_ADD;
157 }
158 if (AddStringToJson(realPkInfoJson, FIELD_VERSION, version) != HC_SUCCESS) {
159 LOGE("Failed to add version!");
160 return HC_ERR_JSON_ADD;
161 }
162 return HC_SUCCESS;
163 }
164
GetRealPkInfoJson(int32_t osAccountId,CJson * pkInfoJson,CJson ** realPkInfoJson)165 static int32_t GetRealPkInfoJson(int32_t osAccountId, CJson *pkInfoJson, CJson **realPkInfoJson)
166 {
167 const char *pdid = GetStringFromJson(pkInfoJson, FIELD_PSEUDONYM_ID);
168 if (pdid == NULL) {
169 LOGE("Failed to get pdid!");
170 return HC_ERR_JSON_GET;
171 }
172 PseudonymManager *manager = GetPseudonymInstance();
173 if (manager == NULL) {
174 LOGE("Pseudonym manager is null!");
175 return HC_ERR_NULL_PTR;
176 }
177 char *peerInfo = NULL;
178 int32_t res = manager->getRealInfo(osAccountId, pdid, &peerInfo);
179 if (res != HC_SUCCESS) {
180 LOGE("Failed to get peerInfo!");
181 return res;
182 }
183 CJson *peerInfoJson = CreateJsonFromString(peerInfo);
184 HcFree(peerInfo);
185 if (peerInfoJson == NULL) {
186 LOGE("Failed to create peerInfo json!");
187 return HC_ERR_JSON_CREATE;
188 }
189 *realPkInfoJson = CreateJson();
190 if (*realPkInfoJson == NULL) {
191 LOGE("Failed to create real pkInfo json!");
192 FreeJson(peerInfoJson);
193 return HC_ERR_JSON_CREATE;
194 }
195 res = BuildRealPkInfoJson(pkInfoJson, peerInfoJson, *realPkInfoJson);
196 FreeJson(peerInfoJson);
197 if (res != HC_SUCCESS) {
198 LOGE("Failed to build real pkInfo json!");
199 FreeJson(*realPkInfoJson);
200 *realPkInfoJson = NULL;
201 }
202 return res;
203 }
204
GeneratePeerInfoJson(const CJson * pkInfoJson,CJson ** peerInfoJson)205 static int32_t GeneratePeerInfoJson(const CJson *pkInfoJson, CJson **peerInfoJson)
206 {
207 const char *userId = GetStringFromJson(pkInfoJson, FIELD_USER_ID);
208 if (userId == NULL) {
209 LOGE("Failed to get userId!");
210 return HC_ERR_JSON_GET;
211 }
212 const char *devId = GetStringFromJson(pkInfoJson, FIELD_DEVICE_ID);
213 if (devId == NULL) {
214 LOGE("Failed to get devId!");
215 return HC_ERR_JSON_GET;
216 }
217 *peerInfoJson = CreateJson();
218 if (*peerInfoJson == NULL) {
219 LOGE("Failed to create peerInfo json!");
220 return HC_ERR_JSON_CREATE;
221 }
222 if (AddStringToJson(*peerInfoJson, FIELD_USER_ID, userId) != HC_SUCCESS) {
223 LOGE("Failed to add userId!");
224 FreeJson(*peerInfoJson);
225 *peerInfoJson = NULL;
226 return HC_ERR_JSON_ADD;
227 }
228 if (AddStringToJson(*peerInfoJson, FIELD_DEVICE_ID, devId) != HC_SUCCESS) {
229 LOGE("Failed to add devId!");
230 FreeJson(*peerInfoJson);
231 *peerInfoJson = NULL;
232 return HC_ERR_JSON_ADD;
233 }
234 return HC_SUCCESS;
235 }
236
IsPeerPseudonym(const CJson * inputData)237 static bool IsPeerPseudonym(const CJson *inputData)
238 {
239 const char *pkInfoStr = GetStringFromJson(inputData, FIELD_PK_INFO);
240 if (pkInfoStr == NULL) {
241 LOGE("Failed to get peer pkInfo!");
242 return false;
243 }
244 CJson *pkInfoJson = CreateJsonFromString(pkInfoStr);
245 if (pkInfoJson == NULL) {
246 LOGE("Failed to create pkInfo json!");
247 return false;
248 }
249 bool res = GetStringFromJson(pkInfoJson, FIELD_PSEUDONYM_ID) != NULL;
250 FreeJson(pkInfoJson);
251 return res;
252 }
253
SetPeerAuthIdByDb(CJson * context,const char * groupId)254 static int32_t SetPeerAuthIdByDb(CJson *context, const char *groupId)
255 {
256 int32_t osAccountId;
257 if (GetIntFromJson(context, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
258 LOGE("Failed to get osAccountId!");
259 return HC_ERR_JSON_GET;
260 }
261 const char *peerUdid = GetStringFromJson(context, FIELD_PEER_UDID);
262 if (peerUdid == NULL) {
263 LOGE("Failed to get peer udid!");
264 return HC_ERR_JSON_GET;
265 }
266 TrustedDeviceEntry *entry = GetDeviceEntryById(osAccountId, peerUdid, true, groupId);
267 if (entry == NULL) {
268 LOGE("Failed to get device entry!");
269 return HC_ERR_DEVICE_NOT_EXIST;
270 }
271 const char *peerAuthId = StringGet(&entry->authId);
272 if (AddStringToJson(context, FIELD_PEER_AUTH_ID, peerAuthId) != HC_SUCCESS) {
273 LOGE("Failed to add peer authId to context!");
274 DestroyDeviceEntry(entry);
275 return HC_ERR_JSON_ADD;
276 }
277 DestroyDeviceEntry(entry);
278 return HC_SUCCESS;
279 }
280
SetPeerAuthIdByCredAuthInfo(CJson * context)281 static int32_t SetPeerAuthIdByCredAuthInfo(CJson *context)
282 {
283 CJson *credAuthInfo = GetObjFromJson(context, FIELD_CREDENTIAL_OBJ);
284 if (credAuthInfo == NULL) {
285 LOGE("Get self credAuthInfo fail.");
286 return HC_ERR_JSON_GET;
287 }
288 const char *peerAuthId = GetStringFromJson(credAuthInfo, FIELD_DEVICE_ID);
289 if (peerAuthId == NULL) {
290 LOGE("Get peer authId fail.");
291 return HC_ERR_JSON_GET;
292 }
293 if (AddStringToJson(context, FIELD_PEER_AUTH_ID, peerAuthId) != HC_SUCCESS) {
294 LOGE("Failed to add peer authId to context!");
295 return HC_ERR_JSON_ADD;
296 }
297 return HC_SUCCESS;
298 }
299
FillPeerAuthIdIfNeeded(bool isClient,const CJson * context,CJson * inputData)300 int32_t FillPeerAuthIdIfNeeded(bool isClient, const CJson *context, CJson *inputData)
301 {
302 const char *peerAuthId = GetStringFromJson(context, FIELD_PEER_AUTH_ID);
303 if (peerAuthId == NULL) {
304 LOGI("no peer authId in context, no need to fill!");
305 return HC_SUCCESS;
306 }
307 CJson *authData = GetObjFromJson(inputData, FIELD_AUTH_DATA);
308 if (authData == NULL) {
309 LOGE("Failed to get authData!");
310 return HC_ERR_JSON_GET;
311 }
312 Uint8Buff authIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) + 1 };
313 if (isClient && GetStringFromJson(authData, FIELD_AUTH_ID_SERVER) != NULL) {
314 if (AddByteToJson(authData, FIELD_AUTH_ID_SERVER, authIdBuff.val, authIdBuff.length) != HC_SUCCESS) {
315 LOGE("Failed to fill server authId!");
316 return HC_ERR_JSON_ADD;
317 }
318 return HC_SUCCESS;
319 }
320 if (!isClient && GetStringFromJson(authData, FIELD_AUTH_ID_CLIENT) != NULL) {
321 if (AddByteToJson(authData, FIELD_AUTH_ID_CLIENT, authIdBuff.val, authIdBuff.length) != HC_SUCCESS) {
322 LOGE("Failed to fill client authId!");
323 return HC_ERR_JSON_ADD;
324 }
325 return HC_SUCCESS;
326 }
327 return HC_SUCCESS;
328 }
329
IsP2pAuth(const IdentityInfo * info)330 bool IsP2pAuth(const IdentityInfo *info)
331 {
332 if (info->proofType == CERTIFICATED) {
333 return false;
334 }
335 CJson *urlJson = CreateJsonFromString((const char *)info->proof.preSharedUrl.val);
336 if (urlJson == NULL) {
337 LOGE("Failed to create urlJson!");
338 return false;
339 }
340 int32_t trustType = 0;
341 if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) {
342 LOGE("Failed to get trust type!");
343 FreeJson(urlJson);
344 return false;
345 }
346 FreeJson(urlJson);
347 return trustType == TRUST_TYPE_P2P;
348 }
349
SetPeerAuthIdToContextIfNeeded(CJson * context,bool isCredAuth,const IdentityInfo * info)350 int32_t SetPeerAuthIdToContextIfNeeded(CJson *context, bool isCredAuth, const IdentityInfo *info)
351 {
352 if (!IsP2pAuth(info)) {
353 LOGI("Not p2p auth, no need to set peer authId!");
354 return HC_SUCCESS;
355 }
356 /* auth with credentials directly no need set peer auth id here */
357 bool isDirectAuth = false;
358 (void)GetBoolFromJson(context, FIELD_IS_DIRECT_AUTH, &isDirectAuth);
359 if (isDirectAuth) {
360 return HC_SUCCESS;
361 }
362 if (isCredAuth) {
363 return SetPeerAuthIdByCredAuthInfo(context);
364 }
365 CJson *urlJson = CreateJsonFromString((const char *)info->proof.preSharedUrl.val);
366 if (urlJson == NULL) {
367 LOGE("Failed to create urlJson!");
368 return HC_ERR_JSON_CREATE;
369 }
370 const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID);
371 if (groupId == NULL) {
372 LOGE("Failed to get groupId!");
373 FreeJson(urlJson);
374 return HC_ERR_JSON_GET;
375 }
376 int32_t res = SetPeerAuthIdByDb(context, groupId);
377 FreeJson(urlJson);
378 return res;
379 }
380
SetPeerInfoToContext(CJson * context,bool isCredAuth,const CJson * inputData)381 int32_t SetPeerInfoToContext(CJson *context, bool isCredAuth, const CJson *inputData)
382 {
383 if (IsPeerPseudonym(inputData)) {
384 LOGI("Peer is pseudonym, no need to set peerInfo!");
385 return HC_SUCCESS;
386 }
387 const char *pkInfoStr = GetStringFromJson(inputData, FIELD_PK_INFO);
388 if (pkInfoStr == NULL) {
389 LOGE("Failed to get peer pkInfo!");
390 return HC_ERR_JSON_GET;
391 }
392 CJson *pkInfoJson = CreateJsonFromString(pkInfoStr);
393 if (pkInfoJson == NULL) {
394 LOGE("Failed to create pkInfo json!");
395 return HC_ERR_JSON_CREATE;
396 }
397 const char *pdidIndex = isCredAuth ? GetStringFromJson(context, FIELD_CRED_ID)
398 : GetStringFromJson(pkInfoJson, FIELD_USER_ID);
399 if (pdidIndex == NULL) {
400 LOGE("Failed to get pdidIndex!");
401 FreeJson(pkInfoJson);
402 return HC_ERR_JSON_GET;
403 }
404 if (AddStringToJson(context, FIELD_INDEX_KEY, pdidIndex) != HC_SUCCESS) {
405 LOGE("Failed to add pdidIndex!");
406 FreeJson(pkInfoJson);
407 return HC_ERR_JSON_ADD;
408 }
409 CJson *peerInfoJson = NULL;
410 int32_t res = GeneratePeerInfoJson(pkInfoJson, &peerInfoJson);
411 FreeJson(pkInfoJson);
412 if (res != HC_SUCCESS) {
413 LOGE("Failed to generate peerInfo json!");
414 return res;
415 }
416 char *peerInfoStr = PackJsonToString(peerInfoJson);
417 FreeJson(peerInfoJson);
418 if (peerInfoStr == NULL) {
419 LOGE("Failed to convert peerInfo from json to string!");
420 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
421 }
422 if (AddStringToJson(context, FIELD_REAL_INFO, peerInfoStr) != HC_SUCCESS) {
423 LOGE("Failed to add peerInfo to context!");
424 FreeJsonString(peerInfoStr);
425 return HC_ERR_JSON_ADD;
426 }
427 FreeJsonString(peerInfoStr);
428 return HC_SUCCESS;
429 }
430
ReplaceAuthIdWithRandom(CJson * authData)431 int32_t ReplaceAuthIdWithRandom(CJson *authData)
432 {
433 uint8_t authId[AUTH_ID_LEN] = { 0 };
434 Uint8Buff authIdBuff = { authId, AUTH_ID_LEN };
435 int32_t res = GetLoaderInstance()->generateRandom(&authIdBuff);
436 if (res != HC_SUCCESS) {
437 LOGI("Failed to generate random authId!");
438 return res;
439 }
440 if (GetStringFromJson(authData, FIELD_AUTH_ID_CLIENT) != NULL &&
441 AddByteToJson(authData, FIELD_AUTH_ID_CLIENT, authIdBuff.val, authIdBuff.length) != HC_SUCCESS) {
442 LOGE("Failed to replace client authId with random!");
443 return HC_ERR_JSON_ADD;
444 }
445 if (GetStringFromJson(authData, FIELD_AUTH_ID_SERVER) != NULL &&
446 AddByteToJson(authData, FIELD_AUTH_ID_SERVER, authIdBuff.val, authIdBuff.length) != HC_SUCCESS) {
447 LOGE("Failed to replace server authId with random!");
448 return HC_ERR_JSON_ADD;
449 }
450 return HC_SUCCESS;
451 }
452
CheckPeerPkInfoForPdid(const CJson * context,const CJson * inputData)453 int32_t CheckPeerPkInfoForPdid(const CJson *context, const CJson *inputData)
454 {
455 int32_t osAccountId;
456 if (GetIntFromJson(context, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
457 LOGE("Failed to get osAccountId!");
458 return HC_ERR_JSON_GET;
459 }
460 const char *pkInfo = GetStringFromJson(inputData, FIELD_PK_INFO);
461 if (pkInfo == NULL) {
462 LOGE("Failed to get pkInfo!");
463 return HC_ERR_JSON_GET;
464 }
465 CJson *pkInfoJson = CreateJsonFromString(pkInfo);
466 if (pkInfoJson == NULL) {
467 LOGE("Failed to create pkInfo json!");
468 return HC_ERR_JSON_CREATE;
469 }
470 const char *pdid = GetStringFromJson(pkInfoJson, FIELD_PSEUDONYM_ID);
471 if (pdid == NULL) {
472 LOGI("No pdid in peer pkInfo, check success!");
473 FreeJson(pkInfoJson);
474 return HC_SUCCESS;
475 }
476 PseudonymManager *manager = GetPseudonymInstance();
477 if (manager == NULL) {
478 LOGE("Pseudonym manager is null!");
479 FreeJson(pkInfoJson);
480 return HC_ERR_NULL_PTR;
481 }
482 char *peerInfo = NULL;
483 int32_t res = manager->getRealInfo(osAccountId, pdid, &peerInfo);
484 FreeJson(pkInfoJson);
485 if (res != HC_SUCCESS) {
486 LOGE("Can not get peerInfo with pdid, check fail!");
487 return res;
488 }
489 HcFree(peerInfo);
490 return HC_SUCCESS;
491 }
492
GetRealPkInfoStr(int32_t osAccountId,const CJson * credInfo,char ** returnPkInfoStr,bool * isPseudonym)493 int32_t GetRealPkInfoStr(int32_t osAccountId, const CJson *credInfo, char **returnPkInfoStr, bool *isPseudonym)
494 {
495 const char *pkInfoStr = GetStringFromJson(credInfo, FIELD_PK_INFO);
496 if (pkInfoStr == NULL) {
497 LOGE("Failed to get pkInfo!");
498 return HC_ERR_JSON_GET;
499 }
500 CJson *pkInfoJson = CreateJsonFromString(pkInfoStr);
501 if (pkInfoJson == NULL) {
502 LOGE("Failed to create pkInfo json!");
503 return HC_ERR_JSON_CREATE;
504 }
505 CJson *realPkInfoJson = NULL;
506 int32_t res = GetRealPkInfoJson(osAccountId, pkInfoJson, &realPkInfoJson);
507 FreeJson(pkInfoJson);
508 if (res != HC_SUCCESS) {
509 LOGW("Failed to get real pkInfo json!");
510 if (DeepCopyString(pkInfoStr, returnPkInfoStr) != HC_SUCCESS) {
511 LOGE("Failed to copy pkInfoStr!");
512 return HC_ERR_ALLOC_MEMORY;
513 }
514 *isPseudonym = false;
515 return HC_SUCCESS;
516 } else {
517 LOGI("Get real pkInfo json successfully!");
518 char *realPkInfoStr = PackJsonToString(realPkInfoJson);
519 FreeJson(realPkInfoJson);
520 if (realPkInfoStr == NULL) {
521 LOGE("Failed to convert pkInfo from json to string!");
522 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
523 }
524 res = DeepCopyString(realPkInfoStr, returnPkInfoStr);
525 FreeJsonString(realPkInfoStr);
526 if (res != HC_SUCCESS) {
527 LOGE("Failed to copy realPkInfoStr!");
528 return HC_ERR_ALLOC_MEMORY;
529 }
530 *isPseudonym = true;
531 return HC_SUCCESS;
532 }
533 }
534
AddPkInfoWithPdid(const CJson * context,CJson * credInfo,bool isCredAuth,const char * realPkInfoStr)535 int32_t AddPkInfoWithPdid(const CJson *context, CJson *credInfo, bool isCredAuth,
536 const char *realPkInfoStr)
537 {
538 if (context == NULL || credInfo == NULL || realPkInfoStr == NULL) {
539 LOGE("Invalid input params!");
540 return HC_ERR_INVALID_PARAMS;
541 }
542 char *pdid = NULL;
543 int32_t res = GetPdidByContext(context, isCredAuth, &pdid);
544 if (res != HC_SUCCESS) {
545 LOGE("Failed to get pdid by context!");
546 return res;
547 }
548 CJson *pkInfoJson = CreateJsonFromString(realPkInfoStr);
549 if (pkInfoJson == NULL) {
550 LOGE("Failed to create pkInfo json!");
551 HcFree(pdid);
552 return HC_ERR_JSON_CREATE;
553 }
554 DeleteItemFromJson(pkInfoJson, FIELD_USER_ID);
555 DeleteItemFromJson(pkInfoJson, FIELD_DEVICE_ID);
556 if (AddStringToJson(pkInfoJson, FIELD_PSEUDONYM_ID, pdid) != HC_SUCCESS) {
557 LOGE("Failed to add pdid to pkInfo!");
558 HcFree(pdid);
559 FreeJson(pkInfoJson);
560 return HC_ERR_JSON_ADD;
561 }
562 HcFree(pdid);
563 char *pkInfoWithPdid = PackJsonToString(pkInfoJson);
564 FreeJson(pkInfoJson);
565 if (pkInfoWithPdid == NULL) {
566 LOGE("Failed to convert pkInfo from json to string!");
567 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
568 }
569 if (AddStringToJson(credInfo, FIELD_PK_INFO, pkInfoWithPdid) != HC_SUCCESS) {
570 LOGE("Failed to add pkInfo with pdid!");
571 FreeJsonString(pkInfoWithPdid);
572 return HC_ERR_JSON_ADD;
573 }
574 FreeJsonString(pkInfoWithPdid);
575 return HC_SUCCESS;
576 }
577
GetDeviceEntryById(int32_t osAccountId,const char * deviceId,bool isUdid,const char * groupId)578 TrustedDeviceEntry *GetDeviceEntryById(int32_t osAccountId, const char *deviceId, bool isUdid,
579 const char *groupId)
580 {
581 DeviceEntryVec deviceEntryVec = CreateDeviceEntryVec();
582 QueryDeviceParams params = InitQueryDeviceParams();
583 params.groupId = groupId;
584 if (isUdid) {
585 params.udid = deviceId;
586 } else {
587 params.authId = deviceId;
588 }
589 if (QueryDevices(osAccountId, ¶ms, &deviceEntryVec) != HC_SUCCESS) {
590 LOGE("Failed to query trusted devices!");
591 ClearDeviceEntryVec(&deviceEntryVec);
592 return NULL;
593 }
594 uint32_t index;
595 TrustedDeviceEntry **deviceEntry;
596 FOR_EACH_HC_VECTOR(deviceEntryVec, index, deviceEntry) {
597 TrustedDeviceEntry *returnEntry = DeepCopyDeviceEntry(*deviceEntry);
598 ClearDeviceEntryVec(&deviceEntryVec);
599 return returnEntry;
600 }
601 ClearDeviceEntryVec(&deviceEntryVec);
602 return NULL;
603 }
604
BuildPeerCertInfo(const char * pkInfoStr,const char * pkInfoSignHexStr,int32_t signAlg,CertInfo * peerCert)605 int32_t BuildPeerCertInfo(const char *pkInfoStr, const char *pkInfoSignHexStr, int32_t signAlg,
606 CertInfo *peerCert)
607 {
608 if ((pkInfoStr == NULL) || (pkInfoSignHexStr == NULL) || (peerCert == NULL)) {
609 LOGE("The input contains null ptr!");
610 return HC_ERR_NULL_PTR;
611 }
612 Uint8Buff pkInfoStrBuff = { (uint8_t *)pkInfoStr, HcStrlen(pkInfoStr) + 1 };
613 uint32_t pkInfoSignatureLen = HcStrlen(pkInfoSignHexStr) / BYTE_TO_HEX_OPER_LENGTH;
614 if (DeepCopyUint8Buff(&pkInfoStrBuff, &peerCert->pkInfoStr) != HC_SUCCESS) {
615 LOGE("copy pkInfoStr fail.");
616 return HC_ERR_ALLOC_MEMORY;
617 }
618 if (InitUint8Buff(&peerCert->pkInfoSignature, pkInfoSignatureLen) != HC_SUCCESS) {
619 LOGE("allocate pkInfoSignature memory fail.");
620 ClearFreeUint8Buff(&peerCert->pkInfoStr);
621 return HC_ERR_ALLOC_MEMORY;
622 }
623 if (HexStringToByte(pkInfoSignHexStr, peerCert->pkInfoSignature.val,
624 peerCert->pkInfoSignature.length) != HC_SUCCESS) {
625 LOGE("get pkInfoSignature from json fail.");
626 ClearFreeUint8Buff(&peerCert->pkInfoStr);
627 ClearFreeUint8Buff(&peerCert->pkInfoSignature);
628 return HC_ERR_JSON_ADD;
629 }
630 peerCert->signAlg = (Algorithm)signAlg;
631 return HC_SUCCESS;
632 }
633
DestroyCertInfo(CertInfo * certInfo)634 void DestroyCertInfo(CertInfo *certInfo)
635 {
636 ClearFreeUint8Buff(&certInfo->pkInfoSignature);
637 ClearFreeUint8Buff(&certInfo->pkInfoStr);
638 }
639
GetPeerCertInfo(CJson * context,const CJson * credInfo,CertInfo * peerCert)640 int32_t GetPeerCertInfo(CJson *context, const CJson *credInfo, CertInfo *peerCert)
641 {
642 if ((context == NULL) || (credInfo == NULL) || (peerCert == NULL)) {
643 LOGE("The input contains null ptr!");
644 return HC_ERR_NULL_PTR;
645 }
646 int32_t osAccountId = 0;
647 if (GetIntFromJson(context, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
648 LOGE("Failed to get osAccountId!");
649 return HC_ERR_JSON_GET;
650 }
651 int32_t signAlg;
652 if (GetIntFromJson(credInfo, FIELD_SIGN_ALG, &signAlg) != HC_SUCCESS) {
653 LOGE("get signAlg from json fail.");
654 return HC_ERR_JSON_GET;
655 }
656 char *pkInfoStr = NULL;
657 int32_t res = GetRealPkInfoStr(osAccountId, credInfo, &pkInfoStr, &peerCert->isPseudonym);
658 if (res != HC_SUCCESS) {
659 LOGE("Failed to get real pkInfo string!");
660 return res;
661 }
662 const char *pkInfoSignHexStr = GetStringFromJson(credInfo, FIELD_PK_INFO_SIGNATURE);
663 if (pkInfoSignHexStr == NULL) {
664 LOGE("get pkInfoSignature from json fail.");
665 HcFree(pkInfoStr);
666 return HC_ERR_JSON_GET;
667 }
668 res = BuildPeerCertInfo(pkInfoStr, pkInfoSignHexStr, signAlg, peerCert);
669 HcFree(pkInfoStr);
670 return res;
671 }
672
GetSaltMsg(Uint8Buff * saltMsg)673 static int32_t GetSaltMsg(Uint8Buff *saltMsg)
674 {
675 uint8_t randomVal[DEV_SESSION_SALT_LEN] = { 0 };
676 Uint8Buff random = { randomVal, DEV_SESSION_SALT_LEN };
677 int32_t res = GetLoaderInstance()->generateRandom(&random);
678 if (res != HC_SUCCESS) {
679 LOGE("generate random failed, res: %" LOG_PUB "d", res);
680 return res;
681 }
682 clock_t times = 0;
683 if (memcpy_s(saltMsg->val, saltMsg->length, random.val, random.length) != EOK) {
684 LOGE("memcpy random failed.");
685 return HC_ERR_MEMORY_COPY;
686 }
687 if (memcpy_s(saltMsg->val + random.length, saltMsg->length - random.length, ×, sizeof(clock_t)) != EOK) {
688 LOGE("memcpy times failed.");
689 return HC_ERR_MEMORY_COPY;
690 }
691 return HC_SUCCESS;
692 }
693
CalSalt(Uint8Buff * salt)694 int32_t CalSalt(Uint8Buff *salt)
695 {
696 if ((salt == NULL) || (salt->val == NULL)) {
697 LOGE("The input contains null ptr!");
698 return HC_ERR_NULL_PTR;
699 }
700 uint32_t saltMsgLen = DEV_SESSION_SALT_LEN + sizeof(clock_t);
701 Uint8Buff saltMsg = { NULL, 0 };
702 if (InitUint8Buff(&saltMsg, saltMsgLen) != HC_SUCCESS) {
703 LOGE("allocate saltMsg memory fail.");
704 return HC_ERR_ALLOC_MEMORY;
705 }
706 int32_t res = GetSaltMsg(&saltMsg);
707 if (res != HC_SUCCESS) {
708 FreeUint8Buff(&saltMsg);
709 return res;
710 }
711 res = GetLoaderInstance()->sha256(&saltMsg, salt);
712 FreeUint8Buff(&saltMsg);
713 if (res != HC_SUCCESS) {
714 LOGE("sha256 for session salt failed.");
715 return res;
716 }
717 return HC_SUCCESS;
718 }
719
GetSelfUserId(int32_t osAccountId,char * userId,uint32_t userIdLen)720 int32_t GetSelfUserId(int32_t osAccountId, char *userId, uint32_t userIdLen)
721 {
722 if (userId == NULL) {
723 LOGE("The input is null ptr!");
724 return HC_ERR_NULL_PTR;
725 }
726 GroupEntryVec accountVec = CreateGroupEntryVec();
727 QueryGroupParams queryParams = InitQueryGroupParams();
728 queryParams.groupType = IDENTICAL_ACCOUNT_GROUP;
729 do {
730 if (QueryGroups(osAccountId, &queryParams, &accountVec) != HC_SUCCESS) {
731 LOGD("No identical-account group in db, no identical-account auth!");
732 break;
733 }
734 uint32_t index = 0;
735 TrustedGroupEntry **ptr = NULL;
736 while (index < accountVec.size(&accountVec)) {
737 ptr = accountVec.getp(&accountVec, index);
738 if ((ptr == NULL) || (*ptr == NULL)) {
739 index++;
740 continue;
741 }
742 if (memcpy_s(userId, userIdLen, StringGet(&(*ptr)->userId), StringLength(&(*ptr)->userId)) != EOK) {
743 LOGE("copy fail");
744 ClearGroupEntryVec(&accountVec);
745 return HC_ERROR;
746 }
747 index++;
748 }
749 } while (0);
750 ClearGroupEntryVec(&accountVec);
751 return HC_SUCCESS;
752 }
753
AddMsgToSessionMsg(int32_t eventType,const CJson * msg,CJson * sessionMsg)754 int32_t AddMsgToSessionMsg(int32_t eventType, const CJson *msg, CJson *sessionMsg)
755 {
756 if ((msg == NULL) || (sessionMsg == NULL)) {
757 LOGE("The input contains null ptr!");
758 return HC_ERR_NULL_PTR;
759 }
760 CJson *event = CreateJson();
761 if (event == NULL) {
762 LOGE("allocate event memory fail.");
763 return HC_ERR_ALLOC_MEMORY;
764 }
765 if (AddIntToJson(event, FIELD_TYPE, eventType) != HC_SUCCESS) {
766 LOGE("add eventType to event fail.");
767 FreeJson(event);
768 return HC_ERR_JSON_ADD;
769 }
770 if (AddObjToJson(event, FIELD_DATA, msg) != HC_SUCCESS) {
771 LOGE("add msg to event fail.");
772 FreeJson(event);
773 return HC_ERR_JSON_ADD;
774 }
775 if (AddObjToArray(sessionMsg, event) != HC_SUCCESS) {
776 LOGE("add event to sessionMsg fail.");
777 FreeJson(event);
778 return HC_ERR_JSON_ADD;
779 }
780 return HC_SUCCESS;
781 }
782
IsPeerSameUserId(int32_t osAccountId,const char * peerUserId)783 bool IsPeerSameUserId(int32_t osAccountId, const char *peerUserId)
784 {
785 if (peerUserId == NULL) {
786 LOGE("The input is null ptr!");
787 return false;
788 }
789 GroupEntryVec groupVec = CreateGroupEntryVec();
790 QueryGroupParams queryParams = InitQueryGroupParams();
791 queryParams.groupType = IDENTICAL_ACCOUNT_GROUP;
792 if (QueryGroups(osAccountId, &queryParams, &groupVec) != HC_SUCCESS || groupVec.size(&groupVec) <= 0) {
793 LOGE("get identical account group from db fail.");
794 ClearGroupEntryVec(&groupVec);
795 return false;
796 }
797 TrustedGroupEntry *groupEntry = groupVec.get(&groupVec, 0);
798 bool isSame = (IsStrEqual(StringGet(&(groupEntry->userId)), peerUserId));
799 ClearGroupEntryVec(&groupVec);
800 return isSame;
801 }