1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_related_group_auth.h"
17 #include "account_task_manager.h"
18 #include "alg_defs.h"
19 #include "alg_loader.h"
20 #include "cert_operation.h"
21 #include "group_auth_data_operation.h"
22 #include "group_operation_common.h"
23 #include "hc_log.h"
24 #include "identity_manager.h"
25 #include "hisysevent_common.h"
26
GetAccountRelatedCandidateGroups(int32_t osAccountId,const CJson * in,bool isDeviceLevel,GroupEntryVec * vec)27 static int32_t GetAccountRelatedCandidateGroups(
28 int32_t osAccountId, const CJson *in, bool isDeviceLevel, GroupEntryVec *vec)
29 {
30 BaseGroupAuth *groupAuth = GetAccountRelatedGroupAuth();
31 if (groupAuth == NULL) {
32 return HC_ERR_NULL_PTR;
33 }
34 QueryGroupParams queryParams = InitQueryGroupParams();
35 if (!isDeviceLevel) {
36 queryParams.groupVisibility = GROUP_VISIBILITY_PUBLIC;
37 }
38 ((AccountRelatedGroupAuth *)groupAuth)->getAccountCandidateGroup(osAccountId, in, &queryParams, vec);
39 // All return success, only notify the plugin.
40 if (HasAccountPlugin() && vec->size(vec) == 0) {
41 CJson *input = CreateJson();
42 if (input == NULL) {
43 return HC_SUCCESS;
44 }
45 CJson *output = CreateJson();
46 if (output == NULL) {
47 FreeJson(input);
48 return HC_SUCCESS;
49 }
50 int32_t ret = ExecuteAccountAuthCmd(osAccountId, QUERY_SELF_CREDENTIAL_INFO, input, output);
51 if (ret != HC_SUCCESS) {
52 LOGE("Account cred is empty.");
53 }
54 FreeJson(input);
55 FreeJson(output);
56 }
57 return HC_SUCCESS;
58 }
59
GetAccountUnrelatedCandidateGroups(int32_t osAccountId,bool isDeviceLevel,GroupEntryVec * vec)60 static int32_t GetAccountUnrelatedCandidateGroups(int32_t osAccountId, bool isDeviceLevel, GroupEntryVec *vec)
61 {
62 QueryGroupParams queryParams = InitQueryGroupParams();
63 queryParams.groupType = PEER_TO_PEER_GROUP;
64 if (!isDeviceLevel) {
65 queryParams.groupVisibility = GROUP_VISIBILITY_PUBLIC;
66 }
67 return QueryGroups(osAccountId, &queryParams, vec);
68 }
69
GetGroupInfoByGroupId(int32_t osAccountId,const char * groupId,GroupEntryVec * groupEntryVec)70 static void GetGroupInfoByGroupId(int32_t osAccountId, const char *groupId, GroupEntryVec *groupEntryVec)
71 {
72 QueryGroupParams queryParams = InitQueryGroupParams();
73 queryParams.groupId = groupId;
74 int32_t ret = QueryGroups(osAccountId, &queryParams, groupEntryVec);
75 if (ret != HC_SUCCESS) {
76 LOGE("Failed to query groups for groupId: %" LOG_PUB "s!", groupId);
77 }
78 }
79
GetCandidateGroups(int32_t osAccountId,const CJson * in,GroupEntryVec * groupEntryVec)80 static void GetCandidateGroups(int32_t osAccountId, const CJson *in, GroupEntryVec *groupEntryVec)
81 {
82 bool isDeviceLevel = false;
83 (void)GetBoolFromJson(in, FIELD_IS_DEVICE_LEVEL, &isDeviceLevel);
84
85 int32_t ret = GetAccountRelatedCandidateGroups(osAccountId, in, isDeviceLevel, groupEntryVec);
86 if (ret != HC_SUCCESS) {
87 LOGE("Failed to get account related groups!");
88 }
89
90 ret = GetAccountUnrelatedCandidateGroups(osAccountId, isDeviceLevel, groupEntryVec);
91 if (ret != HC_SUCCESS) {
92 LOGE("Failed to get p2p groups!");
93 }
94 }
95
IsDeviceInGroup(int32_t osAccountId,int32_t groupType,const char * deviceId,const char * groupId,bool isUdid)96 static bool IsDeviceInGroup(
97 int32_t osAccountId, int32_t groupType, const char *deviceId, const char *groupId, bool isUdid)
98 {
99 if (isUdid) {
100 return GaIsDeviceInGroup(groupType, osAccountId, deviceId, NULL, groupId);
101 } else {
102 return GaIsDeviceInGroup(groupType, osAccountId, NULL, deviceId, groupId);
103 }
104 }
105
SetProtocolsToIdentityInfo(int32_t keyType,IdentityInfo * info)106 static int32_t SetProtocolsToIdentityInfo(int32_t keyType, IdentityInfo *info)
107 {
108 if (keyType == KEY_TYPE_ASYM) {
109 #ifdef ENABLE_P2P_AUTH_EC_SPEKE
110 ProtocolEntity *entity = (ProtocolEntity *)HcMalloc(sizeof(ProtocolEntity), 0);
111 if (entity == NULL) {
112 LOGE("Failed to alloc memory for entity!");
113 return HC_ERR_ALLOC_MEMORY;
114 }
115 entity->protocolType = ALG_EC_SPEKE;
116 if (info->protocolVec.pushBack(&info->protocolVec, (const ProtocolEntity **)&entity) == NULL) {
117 LOGE("Failed to push entity!");
118 HcFree(entity);
119 return HC_ERR_ALLOC_MEMORY;
120 }
121 #else
122 (void)info;
123 #endif
124 } else {
125 #ifdef ENABLE_P2P_AUTH_ISO
126 ProtocolEntity *entity = (ProtocolEntity *)HcMalloc(sizeof(ProtocolEntity), 0);
127 if (entity == NULL) {
128 LOGE("Failed to alloc memory for entity!");
129 return HC_ERR_ALLOC_MEMORY;
130 }
131 entity->protocolType = ALG_ISO;
132 if (info->protocolVec.pushBack(&info->protocolVec, (const ProtocolEntity **)&entity) == NULL) {
133 LOGE("Failed to push entity!");
134 HcFree(entity);
135 return HC_ERR_ALLOC_MEMORY;
136 }
137 #else
138 (void)info;
139 #endif
140 }
141
142 return HC_SUCCESS;
143 }
144
IsP2pAuthTokenExist(int32_t osAccountId,const TrustedDeviceEntry * deviceEntry)145 static bool IsP2pAuthTokenExist(int32_t osAccountId, const TrustedDeviceEntry *deviceEntry)
146 {
147 const char *serviceType = StringGet(&deviceEntry->serviceType);
148 const char *peerAuthId = StringGet(&deviceEntry->authId);
149 uint8_t keyAliasVal[ISO_KEY_ALIAS_LEN] = { 0 };
150 Uint8Buff keyAlias = { keyAliasVal, ISO_KEY_ALIAS_LEN };
151 TokenManagerParams tokenParams = { 0 };
152 tokenParams.pkgName.val = (uint8_t *)GROUP_MANAGER_PACKAGE_NAME;
153 tokenParams.pkgName.length = HcStrlen(GROUP_MANAGER_PACKAGE_NAME);
154 tokenParams.serviceType.val = (uint8_t *)serviceType;
155 tokenParams.serviceType.length = HcStrlen(serviceType);
156 tokenParams.userType = KEY_ALIAS_AUTH_TOKEN;
157 tokenParams.authId.val = (uint8_t *)peerAuthId;
158 tokenParams.authId.length = HcStrlen(peerAuthId);
159 int32_t ret = GenerateKeyAlias(&tokenParams, &keyAlias);
160 if (ret != HC_SUCCESS) {
161 LOGE("Failed to generate key alias!");
162 return false;
163 }
164
165 ret = GetLoaderInstance()->checkKeyExist(&keyAlias, false, osAccountId);
166 if (ret != HC_SUCCESS) {
167 LOGE("auth token not exist!");
168 return false;
169 }
170 return true;
171 }
172
GetAccountUnrelatedIdentityInfo(int32_t osAccountId,const char * groupId,const char * deviceId,bool isUdid,IdentityInfo * info)173 static int32_t GetAccountUnrelatedIdentityInfo(
174 int32_t osAccountId, const char *groupId, const char *deviceId, bool isUdid, IdentityInfo *info)
175 {
176 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
177 if (deviceEntry == NULL) {
178 LOGE("Failed to create deviceEntry!");
179 return HC_ERR_ALLOC_MEMORY;
180 }
181 int32_t ret = GaGetTrustedDeviceEntryById(osAccountId, deviceId, isUdid, groupId, deviceEntry);
182 if (ret != HC_SUCCESS) {
183 LOGE("Failed to get device entry!");
184 DestroyDeviceEntry(deviceEntry);
185 return ret;
186 }
187
188 int32_t keyType = IsP2pAuthTokenExist(osAccountId, deviceEntry) ? KEY_TYPE_SYM : KEY_TYPE_ASYM;
189 DestroyDeviceEntry(deviceEntry);
190 CJson *urlJson = CreateCredUrlJson(PRE_SHARED, keyType, TRUST_TYPE_P2P);
191
192 if (!urlJson) {
193 LOGE("Failed to create CredUrlJson info!");
194 return HC_ERR_ALLOC_MEMORY;
195 }
196 if (AddStringToJson(urlJson, FIELD_GROUP_ID, groupId) != HC_SUCCESS) {
197 LOGE("Failed to add group id to url json!");
198 FreeJson(urlJson);
199 return HC_ERR_JSON_ADD;
200 }
201
202 char *urlStr = PackJsonToString(urlJson);
203 FreeJson(urlJson);
204 if (urlStr == NULL) {
205 LOGE("Failed to pack url json to string!");
206 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
207 }
208
209 ret = SetPreSharedUrlForProof(urlStr, &info->proof.preSharedUrl);
210 FreeJsonString(urlStr);
211 if (ret != HC_SUCCESS) {
212 LOGE("Failed to set preSharedUrl of proof!");
213 return ret;
214 }
215
216 ret = SetProtocolsToIdentityInfo(keyType, info);
217 if (ret != HC_SUCCESS) {
218 LOGE("Failed to set protocols with keyType!");
219 return ret;
220 }
221
222 info->proofType = PRE_SHARED;
223 if (ret != HC_SUCCESS) {
224 LOGE("Failed to get p2p identity by key type!");
225 }
226 return ret;
227 }
228
GetIdentityInfo(int32_t osAccountId,const TrustedGroupEntry * groupEntry,const char * deviceId,bool isUdid,IdentityInfo ** returnInfo)229 static int32_t GetIdentityInfo(int32_t osAccountId, const TrustedGroupEntry *groupEntry, const char *deviceId,
230 bool isUdid, IdentityInfo **returnInfo)
231 {
232 IdentityInfo *info = CreateIdentityInfo();
233 if (info == NULL) {
234 LOGE("Failed to create identity info!");
235 return HC_ERR_ALLOC_MEMORY;
236 }
237 int32_t ret;
238 const char *groupId = StringGet(&groupEntry->id);
239 if (groupEntry->type == PEER_TO_PEER_GROUP) {
240 ret = GetAccountUnrelatedIdentityInfo(osAccountId, groupId, deviceId, isUdid, info);
241 } else {
242 ret = GetAccountRelatedCredInfo(osAccountId, groupId, deviceId, isUdid, info);
243 }
244 if (ret != HC_SUCCESS) {
245 LOGE("Failed to get identity info!");
246 DestroyIdentityInfo(info);
247 return ret;
248 }
249 *returnInfo = info;
250 return HC_SUCCESS;
251 }
252
AddNoPseudonymIdentityInfo(int32_t osAccountId,const TrustedGroupEntry * groupEntry,const char * deviceId,bool isUdid,IdentityInfoVec * identityInfoVec)253 static void AddNoPseudonymIdentityInfo(int32_t osAccountId, const TrustedGroupEntry *groupEntry,
254 const char *deviceId, bool isUdid, IdentityInfoVec *identityInfoVec)
255 {
256 IdentityInfo *info = NULL;
257 if (GetIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, &info) != HC_SUCCESS) {
258 return;
259 }
260 info->proof.certInfo.isPseudonym = false;
261 if (identityInfoVec->pushBack(identityInfoVec, (const IdentityInfo **)&info) == NULL) {
262 LOGE("Failed to push info!");
263 DestroyIdentityInfo(info);
264 return;
265 }
266 }
267
GetIdentityInfos(int32_t osAccountId,const CJson * in,const GroupEntryVec * groupEntryVec,IdentityInfoVec * identityInfoVec)268 static int32_t GetIdentityInfos(
269 int32_t osAccountId, const CJson *in, const GroupEntryVec *groupEntryVec, IdentityInfoVec *identityInfoVec)
270 {
271 const char *pkgName = GetStringFromJson(in, FIELD_SERVICE_PKG_NAME);
272 if (pkgName == NULL) {
273 LOGE("Failed to get service package name!");
274 return HC_ERR_JSON_GET;
275 }
276 bool isUdid = false;
277 const char *deviceId = GetPeerDevIdFromJson(in, &isUdid);
278 if (deviceId == NULL) {
279 LOGE("Failed to get peer device id!");
280 return HC_ERR_JSON_GET;
281 }
282 uint32_t index;
283 TrustedGroupEntry **ptr = NULL;
284 FOR_EACH_HC_VECTOR(*groupEntryVec, index, ptr)
285 {
286 const TrustedGroupEntry *groupEntry = (TrustedGroupEntry *)(*ptr);
287 const char *groupId = StringGet(&(groupEntry->id));
288 if (groupId == NULL) {
289 continue;
290 }
291 if (!GaIsGroupAccessible(osAccountId, groupId, pkgName)) {
292 continue;
293 }
294 if (!IsDeviceInGroup(osAccountId, groupEntry->type, deviceId, groupId, isUdid)) {
295 continue;
296 }
297 IdentityInfo *info = NULL;
298 if (GetIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, &info) != HC_SUCCESS) {
299 continue;
300 }
301 if (info->proofType == CERTIFICATED) {
302 info->proof.certInfo.isPseudonym = true;
303 }
304 if (identityInfoVec->pushBack(identityInfoVec, (const IdentityInfo **)&info) == NULL) {
305 LOGE("Failed to push info!");
306 DestroyIdentityInfo(info);
307 return HC_ERR_ALLOC_MEMORY;
308 }
309 if (info->proofType == CERTIFICATED) {
310 AddNoPseudonymIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, identityInfoVec);
311 }
312 }
313 LOGI("The identity info size is: %" LOG_PUB "u", identityInfoVec->size(identityInfoVec));
314 return HC_SUCCESS;
315 }
316
GetCredInfosByPeerIdentity(const CJson * in,IdentityInfoVec * identityInfoVec)317 static int32_t GetCredInfosByPeerIdentity(const CJson *in, IdentityInfoVec *identityInfoVec)
318 {
319 int32_t osAccountId = INVALID_OS_ACCOUNT;
320 int32_t ret;
321 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
322 LOGE("Failed to get osAccountId!");
323 return HC_ERR_JSON_GET;
324 }
325 const char *groupId = GetStringFromJson(in, FIELD_GROUP_ID);
326 if (groupId == NULL) {
327 groupId = GetStringFromJson(in, FIELD_SERVICE_TYPE);
328 }
329 GroupEntryVec groupEntryVec = CreateGroupEntryVec();
330 if (groupId == NULL) {
331 GetCandidateGroups(osAccountId, in, &groupEntryVec);
332 } else {
333 GetGroupInfoByGroupId(osAccountId, groupId, &groupEntryVec);
334 }
335
336 bool isDeviceLevel = false;
337 (void)GetBoolFromJson(in, FIELD_IS_DEVICE_LEVEL, &isDeviceLevel);
338 if (groupEntryVec.size(&groupEntryVec) == 0) {
339 if (isDeviceLevel) {
340 // device level auth still has the chance to try p2p direct auth
341 // so, do not report error here.
342 LOGI("No satisfied candidate group!");
343 } else {
344 LOGE("No satisfied candidate group!");
345 }
346 ClearGroupEntryVec(&groupEntryVec);
347 return HC_ERR_NO_CANDIDATE_GROUP;
348 }
349 ret = GetIdentityInfos(osAccountId, in, &groupEntryVec, identityInfoVec);
350 ClearGroupEntryVec(&groupEntryVec);
351 return ret;
352 }
353
SetIdentityInfoByUrl(const CJson * urlJson,IdentityInfo * info)354 static int32_t SetIdentityInfoByUrl(const CJson *urlJson, IdentityInfo *info)
355 {
356 if (urlJson == NULL || info == NULL) {
357 LOGE("Need urlJson and IdentityInfo is not NULL!");
358 return HC_ERR_INVALID_PARAMS;
359 }
360
361 int32_t keyType = 0;
362 if (GetIntFromJson(urlJson, PRESHARED_URL_KEY_TYPE, &keyType) != HC_SUCCESS) {
363 LOGE("Failed to get trust type!");
364 return HC_ERR_JSON_GET;
365 }
366
367 char *urlStr = PackJsonToString(urlJson);
368 if (urlStr == NULL) {
369 LOGE("Failed to pack json to str!");
370 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
371 }
372 int32_t ret = SetPreSharedUrlForProof(urlStr, &info->proof.preSharedUrl);
373 FreeJsonString(urlStr);
374 if (ret != HC_SUCCESS) {
375 LOGE("Failed to set preSharedUrl for proof!");
376 return ret;
377 }
378
379 ret = SetProtocolsToIdentityInfo(keyType, info);
380 if (ret != HC_SUCCESS) {
381 LOGE("Failed to set protocols to identity info with keyType!");
382 return ret;
383 }
384
385 info->proofType = PRE_SHARED;
386 return ret;
387 }
388
CheckAndGetP2pCredInfo(const CJson * in,const CJson * urlJson,IdentityInfo * info)389 static int32_t CheckAndGetP2pCredInfo(const CJson *in, const CJson *urlJson, IdentityInfo *info)
390 {
391 int32_t osAccountId = INVALID_OS_ACCOUNT;
392 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
393 LOGE("Failed to get osAccountId from json!");
394 return HC_ERR_JSON_GET;
395 }
396
397 const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID);
398 if (groupId == NULL) {
399 LOGE("Failed to get groupId from url json!");
400 return HC_ERR_JSON_GET;
401 }
402 int32_t ret = CheckGroupExist(osAccountId, groupId);
403 if (ret != HC_SUCCESS) {
404 LOGE("Group not exist!");
405 return ret;
406 }
407 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
408 if (deviceEntry == NULL) {
409 LOGE("Failed to create device entry!");
410 return HC_ERR_ALLOC_MEMORY;
411 }
412 ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
413 DestroyDeviceEntry(deviceEntry);
414 if (ret != HC_SUCCESS) {
415 LOGE("peer device not found!");
416 return ret;
417 }
418
419 ret = SetIdentityInfoByUrl(urlJson, info);
420 if (ret != HC_SUCCESS) {
421 LOGE("Failed to get p2p identity info by key type!");
422 }
423 return ret;
424 }
425
GetCredInfoByPeerUrl(const CJson * in,const Uint8Buff * presharedUrl,IdentityInfo ** returnInfo)426 static int32_t GetCredInfoByPeerUrl(const CJson *in, const Uint8Buff *presharedUrl, IdentityInfo **returnInfo)
427 {
428 if (in == NULL || presharedUrl == NULL || returnInfo == NULL) {
429 LOGE("Invalid input params!");
430 return HC_ERR_INVALID_PARAMS;
431 }
432
433 CJson *urlJson = CreateJsonFromString((const char *)presharedUrl->val);
434 if (urlJson == NULL) {
435 LOGE("Failed to create url json!");
436 return HC_ERR_JSON_CREATE;
437 }
438
439 int32_t trustType = 0;
440 if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) {
441 LOGE("Failed to get trust type!");
442 FreeJson(urlJson);
443 return HC_ERR_JSON_GET;
444 }
445
446 IdentityInfo *info = CreateIdentityInfo();
447 if (info == NULL) {
448 LOGE("Failed to create identity info!");
449 FreeJson(urlJson);
450 return HC_ERR_ALLOC_MEMORY;
451 }
452 int32_t ret;
453 switch (trustType) {
454 case TRUST_TYPE_UID:
455 ret = GetAccountSymCredInfoByPeerUrl(in, urlJson, info);
456 break;
457 case TRUST_TYPE_P2P:
458 ret = CheckAndGetP2pCredInfo(in, urlJson, info);
459 break;
460 default:
461 LOGE("Invalid trust type!");
462 ret = HC_ERR_INVALID_PARAMS;
463 break;
464 }
465 FreeJson(urlJson);
466
467 *returnInfo = info;
468 return ret;
469 }
470
GenerateKeyAliasForIso(const TrustedDeviceEntry * deviceEntry,Uint8Buff * keyAliasBuff)471 static int32_t GenerateKeyAliasForIso(const TrustedDeviceEntry *deviceEntry, Uint8Buff *keyAliasBuff)
472 {
473 const char *serviceType = StringGet(&deviceEntry->serviceType);
474 const char *peerAuthId = StringGet(&deviceEntry->authId);
475 TokenManagerParams tokenParams = { 0 };
476 tokenParams.pkgName.val = (uint8_t *)GROUP_MANAGER_PACKAGE_NAME;
477 tokenParams.pkgName.length = HcStrlen(GROUP_MANAGER_PACKAGE_NAME);
478 tokenParams.serviceType.val = (uint8_t *)serviceType;
479 tokenParams.serviceType.length = HcStrlen(serviceType);
480 tokenParams.userType = KEY_ALIAS_AUTH_TOKEN;
481 if (deviceEntry->upgradeFlag == 1) {
482 tokenParams.userType = deviceEntry->devType;
483 }
484 tokenParams.authId.val = (uint8_t *)peerAuthId;
485 tokenParams.authId.length = HcStrlen(peerAuthId);
486 int32_t ret = GenerateKeyAlias(&tokenParams, keyAliasBuff);
487 if (ret != HC_SUCCESS) {
488 LOGE("Failed to generate key alias for iso!");
489 return ret;
490 }
491 if (deviceEntry->upgradeFlag == 1) {
492 ret = ToLowerCase(keyAliasBuff);
493 if (ret != HC_SUCCESS) {
494 LOGE("Failed to convert psk alias to lower case!");
495 return ret;
496 }
497 }
498 return HC_SUCCESS;
499 }
500
AuthGeneratePsk(const CJson * in,const char * groupId,const Uint8Buff * seed,Uint8Buff * sharedSecret)501 static int32_t AuthGeneratePsk(const CJson *in, const char *groupId, const Uint8Buff *seed, Uint8Buff *sharedSecret)
502 {
503 int32_t osAccountId = INVALID_OS_ACCOUNT;
504 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
505 LOGE("Failed to get osAccountId from inJson!");
506 return HC_ERR_JSON_GET;
507 }
508 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
509 if (deviceEntry == NULL) {
510 LOGE("Create deviceEntry failed!");
511 return HC_ERR_ALLOC_MEMORY;
512 }
513 int32_t ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
514 if (ret != HC_SUCCESS) {
515 LOGE("Error occurs, failed to get peerDeviceEntry!");
516 DestroyDeviceEntry(deviceEntry);
517 return ret;
518 }
519 uint8_t keyAlias[ISO_KEY_ALIAS_LEN] = { 0 };
520 uint8_t upgradeKeyAlias[ISO_UPGRADE_KEY_ALIAS_LEN] = { 0 };
521 Uint8Buff keyAliasBuf = { keyAlias, ISO_KEY_ALIAS_LEN };
522 if (deviceEntry->upgradeFlag == 1) {
523 keyAliasBuf.val = upgradeKeyAlias;
524 keyAliasBuf.length = ISO_UPGRADE_KEY_ALIAS_LEN;
525 }
526 ret = GenerateKeyAliasForIso(deviceEntry, &keyAliasBuf);
527 if (ret != HC_SUCCESS) {
528 LOGE("Failed to generate key alias in iso!");
529 DestroyDeviceEntry(deviceEntry);
530 return ret;
531 }
532 if (deviceEntry->upgradeFlag == 1) {
533 KeyParams keyAliasParams = { { keyAliasBuf.val, keyAliasBuf.length, true }, true, osAccountId };
534 ret = GetLoaderInstance()->computeHmacWithThreeStage(&keyAliasParams, seed, sharedSecret);
535 ReportRadarEvent(ret);
536 } else {
537 KeyParams keyAliasParams = { { keyAliasBuf.val, keyAliasBuf.length, true }, false, osAccountId };
538 ret = GetLoaderInstance()->computeHmac(&keyAliasParams, seed, sharedSecret);
539 }
540 DestroyDeviceEntry(deviceEntry);
541 return ret;
542 }
543
GetSharedSecretForP2pInIso(const CJson * in,const char * groupId,Uint8Buff * sharedSecret)544 static int32_t GetSharedSecretForP2pInIso(const CJson *in, const char *groupId, Uint8Buff *sharedSecret)
545 {
546 uint8_t *seedVal = (uint8_t *)HcMalloc(SEED_LEN, 0);
547 if (seedVal == NULL) {
548 LOGE("Failed to alloc memory for seed!");
549 return HC_ERR_ALLOC_MEMORY;
550 }
551 Uint8Buff seedBuff = { seedVal, SEED_LEN };
552 int32_t ret = GetByteFromJson(in, FIELD_SEED, seedBuff.val, seedBuff.length);
553 if (ret != HC_SUCCESS) {
554 HcFree(seedVal);
555 LOGE("Get seed from json failed!");
556 return HC_ERR_JSON_GET;
557 }
558 uint8_t *pskVal = (uint8_t *)HcMalloc(ISO_PSK_LEN, 0);
559 if (pskVal == NULL) {
560 LOGE("Failed to alloc memory for psk!");
561 HcFree(seedVal);
562 return HC_ERR_ALLOC_MEMORY;
563 }
564 sharedSecret->val = pskVal;
565 sharedSecret->length = ISO_PSK_LEN;
566 ret = AuthGeneratePsk(in, groupId, &seedBuff, sharedSecret);
567 HcFree(seedVal);
568 if (ret != HC_SUCCESS) {
569 LOGE("Failed to generate psk!");
570 FreeBuffData(sharedSecret);
571 }
572 return ret;
573 }
574
GetSelfAuthIdAndUserType(int32_t osAccountId,const char * groupId,Uint8Buff * authIdBuff,int32_t * userType,int32_t * upgradeFlag)575 static int32_t GetSelfAuthIdAndUserType(
576 int32_t osAccountId, const char *groupId, Uint8Buff *authIdBuff, int32_t *userType, int32_t *upgradeFlag)
577 {
578 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
579 if (deviceEntry == NULL) {
580 LOGE("Failed to create device entry!");
581 return HC_ERR_ALLOC_MEMORY;
582 }
583 int32_t ret = GetSelfDeviceEntry(osAccountId, groupId, deviceEntry);
584 if (ret != HC_SUCCESS) {
585 LOGE("Failed to get self device entry with groupId!");
586 DestroyDeviceEntry(deviceEntry);
587 return ret;
588 }
589 const char *selfAuthId = StringGet(&deviceEntry->authId);
590 uint32_t authIdLen = HcStrlen(selfAuthId);
591 authIdBuff->val = (uint8_t *)HcMalloc(authIdLen + 1, 0);
592 if (authIdBuff->val == NULL) {
593 LOGE("Failed to alloc memory for authId!");
594 DestroyDeviceEntry(deviceEntry);
595 return HC_ERR_ALLOC_MEMORY;
596 }
597 if (memcpy_s(authIdBuff->val, authIdLen + 1, selfAuthId, authIdLen) != EOK) {
598 LOGE("Failed to copy authId!");
599 HcFree(authIdBuff->val);
600 authIdBuff->val = NULL;
601 DestroyDeviceEntry(deviceEntry);
602 return HC_ERR_MEMORY_COPY;
603 }
604 authIdBuff->length = authIdLen;
605 *userType = deviceEntry->devType;
606 *upgradeFlag = deviceEntry->upgradeFlag;
607 DestroyDeviceEntry(deviceEntry);
608 return HC_SUCCESS;
609 }
610
GenerateSelfKeyAlias(const char * serviceType,int32_t selfUserType,const Uint8Buff * selfAuthIdBuff,bool isSelfFromUpgrade,Uint8Buff * selfKeyAlias)611 static int32_t GenerateSelfKeyAlias(const char *serviceType, int32_t selfUserType, const Uint8Buff *selfAuthIdBuff,
612 bool isSelfFromUpgrade, Uint8Buff *selfKeyAlias)
613 {
614 TokenManagerParams tokenParams = { 0 };
615 tokenParams.pkgName.val = (uint8_t *)GROUP_MANAGER_PACKAGE_NAME;
616 tokenParams.pkgName.length = HcStrlen(GROUP_MANAGER_PACKAGE_NAME);
617 tokenParams.serviceType.val = (uint8_t *)serviceType;
618 tokenParams.serviceType.length = HcStrlen(serviceType);
619 tokenParams.userType = selfUserType;
620 if (isSelfFromUpgrade) {
621 tokenParams.userType = KEY_ALIAS_LT_KEY_PAIR;
622 }
623 tokenParams.authId = *selfAuthIdBuff;
624 int32_t ret = GenerateKeyAlias(&tokenParams, selfKeyAlias);
625 if (ret != HC_SUCCESS) {
626 LOGE("Failed to generate self key alias!");
627 return ret;
628 }
629 if (isSelfFromUpgrade) {
630 ret = ToLowerCase(selfKeyAlias);
631 if (ret != HC_SUCCESS) {
632 LOGE("Failed to convert self key alias to lower case!");
633 return ret;
634 }
635 }
636 return HC_SUCCESS;
637 }
638
GeneratePeerKeyAlias(const TrustedDeviceEntry * peerDeviceEntry,Uint8Buff * peerKeyAlias)639 static int32_t GeneratePeerKeyAlias(const TrustedDeviceEntry *peerDeviceEntry, Uint8Buff *peerKeyAlias)
640 {
641 const char *serviceType = StringGet(&peerDeviceEntry->serviceType);
642 const char *peerAuthId = StringGet(&peerDeviceEntry->authId);
643 TokenManagerParams tokenParams = { 0 };
644 tokenParams.pkgName.val = (uint8_t *)GROUP_MANAGER_PACKAGE_NAME;
645 tokenParams.pkgName.length = HcStrlen(GROUP_MANAGER_PACKAGE_NAME);
646 tokenParams.serviceType.val = (uint8_t *)serviceType;
647 tokenParams.serviceType.length = HcStrlen(serviceType);
648 #ifdef DEV_AUTH_FUNC_TEST
649 tokenParams.userType = KEY_ALIAS_LT_KEY_PAIR;
650 #else
651 tokenParams.userType = peerDeviceEntry->devType;
652 #endif
653 tokenParams.authId.val = (uint8_t *)peerAuthId;
654 tokenParams.authId.length = HcStrlen(peerAuthId);
655 int32_t ret = GenerateKeyAlias(&tokenParams, peerKeyAlias);
656 if (ret != HC_SUCCESS) {
657 LOGE("Failed to generate peer key alias!");
658 return ret;
659 }
660 if (peerDeviceEntry->upgradeFlag == 1) {
661 ret = ToLowerCase(peerKeyAlias);
662 if (ret != HC_SUCCESS) {
663 LOGE("Failed to convert peer key alias to lower case!");
664 return ret;
665 }
666 }
667 return HC_SUCCESS;
668 }
669
CheckSelfKeyAlias(const Uint8Buff * selfKeyAlias,bool isSelfFromUpgrade,int32_t osAccountId,const char * groupId)670 static int32_t CheckSelfKeyAlias(const Uint8Buff *selfKeyAlias, bool isSelfFromUpgrade, int32_t osAccountId,
671 const char *groupId)
672 {
673 int32_t ret = GetLoaderInstance()->checkKeyExist(selfKeyAlias, isSelfFromUpgrade, osAccountId);
674 if (ret != HC_SUCCESS) {
675 LOGE("self auth keyPair not exist, need to delete group and devices!");
676 if (DelGroupFromDb(osAccountId, groupId) != HC_SUCCESS) {
677 LOGW("delete group from db failed!");
678 return ret;
679 }
680 LOGI("self auth keyPair not exist, delete group from db successfully!");
681 }
682 return ret;
683 }
684
CheckPeerKeyAlias(const Uint8Buff * peerKeyAlias,bool isPeerFromUpgrade,int32_t osAccountId,const char * groupId,const TrustedDeviceEntry * peerDeviceEntry)685 static int32_t CheckPeerKeyAlias(const Uint8Buff *peerKeyAlias, bool isPeerFromUpgrade, int32_t osAccountId,
686 const char *groupId, const TrustedDeviceEntry *peerDeviceEntry)
687 {
688 int32_t ret = GetLoaderInstance()->checkKeyExist(peerKeyAlias, isPeerFromUpgrade, osAccountId);
689 if (ret != HC_SUCCESS) {
690 LOGE("peer auth pubKey not exist, need to delete peer device!");
691 if (DelDeviceFromDb(osAccountId, groupId, peerDeviceEntry) != HC_SUCCESS) {
692 LOGW("delete peer device from db failed!");
693 return ret;
694 }
695 LOGI("peer auth pubKey not exist, delete peer device from db successfully!");
696 }
697 return ret;
698 }
699
ComputeAndSavePsk(int32_t osAccountId,const char * groupId,const TrustedDeviceEntry * peerDeviceEntry,const Uint8Buff * sharedKeyAlias)700 static int32_t ComputeAndSavePsk(int32_t osAccountId, const char *groupId,
701 const TrustedDeviceEntry *peerDeviceEntry, const Uint8Buff *sharedKeyAlias)
702 {
703 Uint8Buff selfAuthIdBuff = { NULL, 0 };
704 int32_t selfUserType = 0;
705 int32_t selfUpgradeFlag = 0;
706 int32_t ret = GetSelfAuthIdAndUserType(osAccountId, groupId, &selfAuthIdBuff, &selfUserType, &selfUpgradeFlag);
707 if (ret != HC_SUCCESS) {
708 LOGE("Failed to get self auth id and user type!");
709 return ret;
710 }
711 const char *serviceType = StringGet(&peerDeviceEntry->serviceType);
712 bool isSelfFromUpgrade = selfUpgradeFlag == 1;
713 uint8_t selfKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
714 Uint8Buff selfKeyAlias = { selfKeyAliasVal, PAKE_KEY_ALIAS_LEN };
715 ret = GenerateSelfKeyAlias(serviceType, selfUserType, &selfAuthIdBuff, isSelfFromUpgrade, &selfKeyAlias);
716 HcFree(selfAuthIdBuff.val);
717 if (ret != HC_SUCCESS) {
718 LOGE("Failed to generate self key alias!");
719 return ret;
720 }
721
722 uint8_t peerKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
723 Uint8Buff peerKeyAlias = { peerKeyAliasVal, PAKE_KEY_ALIAS_LEN };
724 ret = GeneratePeerKeyAlias(peerDeviceEntry, &peerKeyAlias);
725 if (ret != HC_SUCCESS) {
726 LOGE("Failed to generate peer key alias!");
727 return ret;
728 }
729
730 ret = CheckSelfKeyAlias(&selfKeyAlias, isSelfFromUpgrade, osAccountId, groupId);
731 if (ret != HC_SUCCESS) {
732 return ret;
733 }
734 bool isPeerFromUpgrade = peerDeviceEntry->upgradeFlag == 1;
735 ret = CheckPeerKeyAlias(&peerKeyAlias, isPeerFromUpgrade, osAccountId, groupId, peerDeviceEntry);
736 if (ret != HC_SUCCESS) {
737 return ret;
738 }
739 uint8_t peerPubKeyVal[PAKE_ED25519_KEY_PAIR_LEN] = { 0 };
740 Uint8Buff peerPubKeyBuff = { peerPubKeyVal, PAKE_ED25519_KEY_PAIR_LEN };
741 KeyParams peerKeyParams = { { peerKeyAlias.val, peerKeyAlias.length, true }, isPeerFromUpgrade, osAccountId };
742 ret = GetLoaderInstance()->exportPublicKey(&peerKeyParams, &peerPubKeyBuff);
743 if (ret != HC_SUCCESS) {
744 LOGE("Failed to export peer public key!");
745 return ret;
746 }
747 KeyParams selfKeyAliasParams = { { selfKeyAlias.val, selfKeyAlias.length, true }, isSelfFromUpgrade, osAccountId };
748 KeyBuff peerKeyBuff = { peerPubKeyBuff.val, peerPubKeyBuff.length, false };
749 return GetLoaderInstance()->agreeSharedSecretWithStorage(
750 &selfKeyAliasParams, &peerKeyBuff, ED25519, PAKE_PSK_LEN, sharedKeyAlias);
751 }
752
GeneratePskAliasInner(const char * serviceType,const char * peerAuthId,Uint8Buff * pskKeyAlias)753 static int32_t GeneratePskAliasInner(const char *serviceType, const char *peerAuthId, Uint8Buff *pskKeyAlias)
754 {
755 TokenManagerParams tokenParams = { 0 };
756 tokenParams.pkgName.val = (uint8_t *)GROUP_MANAGER_PACKAGE_NAME;
757 tokenParams.pkgName.length = HcStrlen(GROUP_MANAGER_PACKAGE_NAME);
758 tokenParams.serviceType.val = (uint8_t *)serviceType;
759 tokenParams.serviceType.length = HcStrlen(serviceType);
760 tokenParams.userType = KEY_ALIAS_PSK;
761 tokenParams.authId.val = (uint8_t *)peerAuthId;
762 tokenParams.authId.length = HcStrlen(peerAuthId);
763 return GenerateKeyAlias(&tokenParams, pskKeyAlias);
764 }
765
GeneratePskAliasAndCheckExist(const CJson * in,const char * groupId,Uint8Buff * pskKeyAlias)766 static int32_t GeneratePskAliasAndCheckExist(const CJson *in, const char *groupId, Uint8Buff *pskKeyAlias)
767 {
768 int32_t osAccountId = INVALID_OS_ACCOUNT;
769 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
770 LOGE("Failed to get osAccountId!");
771 return HC_ERR_JSON_GET;
772 }
773 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
774 if (deviceEntry == NULL) {
775 LOGE("Create device entry failed!");
776 return HC_ERR_ALLOC_MEMORY;
777 }
778 int32_t ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
779 if (ret != HC_SUCCESS) {
780 LOGE("Error occurs, Failed to get peer device entry!");
781 DestroyDeviceEntry(deviceEntry);
782 return ret;
783 }
784 const char *serviceType = StringGet(&deviceEntry->serviceType);
785 const char *peerAuthId = StringGet(&deviceEntry->authId);
786 ret = GeneratePskAliasInner(serviceType, peerAuthId, pskKeyAlias);
787 if (ret != HC_SUCCESS) {
788 LOGE("Failed to generate psk key alias!");
789 DestroyDeviceEntry(deviceEntry);
790 return ret;
791 }
792 bool isPeerFromUpgrade = deviceEntry->upgradeFlag == 1;
793 if (isPeerFromUpgrade) {
794 ret = ToLowerCase(pskKeyAlias);
795 if (ret != HC_SUCCESS) {
796 LOGE("Failed to convert psk alias to lower case!");
797 DestroyDeviceEntry(deviceEntry);
798 return ret;
799 }
800 }
801 LOGI("psk alias: %" LOG_PUB "x %" LOG_PUB "x %" LOG_PUB "x %" LOG_PUB "x****.", pskKeyAlias->val[DEV_AUTH_ZERO],
802 pskKeyAlias->val[DEV_AUTH_ONE], pskKeyAlias->val[DEV_AUTH_TWO], pskKeyAlias->val[DEV_AUTH_THREE]);
803 if (GetLoaderInstance()->checkKeyExist(pskKeyAlias, isPeerFromUpgrade, osAccountId) != HC_SUCCESS) {
804 ret = ComputeAndSavePsk(osAccountId, groupId, deviceEntry, pskKeyAlias);
805 ReportRadarEvent(ret);
806 }
807 DestroyDeviceEntry(deviceEntry);
808 return ret;
809 }
810
GetSharedSecretForP2pInPake(const CJson * in,const char * groupId,Uint8Buff * sharedSecret)811 static int32_t GetSharedSecretForP2pInPake(const CJson *in, const char *groupId, Uint8Buff *sharedSecret)
812 {
813 int32_t osAccountId;
814 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
815 LOGE("Failed to get osAccountId!");
816 return HC_ERR_JSON_GET;
817 }
818 uint8_t pskKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
819 Uint8Buff pskKeyAlias = { pskKeyAliasVal, PAKE_KEY_ALIAS_LEN };
820 int32_t ret = GeneratePskAliasAndCheckExist(in, groupId, &pskKeyAlias);
821 if (ret != HC_SUCCESS) {
822 LOGE("Failed to generate key alias for psk!");
823 return ret;
824 }
825 uint8_t *pskVal = (uint8_t *)HcMalloc(PAKE_PSK_LEN, 0);
826 if (pskVal == NULL) {
827 LOGE("Failed to allocate memory for psk!");
828 return HC_ERR_ALLOC_MEMORY;
829 }
830 Uint8Buff pskBuff = { pskVal, PAKE_PSK_LEN };
831 uint8_t *nonceVal = (uint8_t *)HcMalloc(PAKE_NONCE_LEN, 0);
832 if (nonceVal == NULL) {
833 LOGE("Failed to allocate memory for nonce!");
834 HcFree(pskVal);
835 return HC_ERR_ALLOC_MEMORY;
836 }
837 Uint8Buff nonceBuff = { nonceVal, PAKE_NONCE_LEN };
838 ret = GetByteFromJson(in, FIELD_NONCE, nonceBuff.val, nonceBuff.length);
839 if (ret != HC_SUCCESS) {
840 LOGE("Failed to get nonce!");
841 HcFree(pskVal);
842 HcFree(nonceVal);
843 return HC_ERR_JSON_GET;
844 }
845 Uint8Buff keyInfo = { (uint8_t *)TMP_AUTH_KEY_FACTOR, HcStrlen(TMP_AUTH_KEY_FACTOR) };
846 KeyParams keyAliasParams = { { pskKeyAlias.val, pskKeyAlias.length, true }, false, osAccountId };
847 ret = GetLoaderInstance()->computeHkdf(&keyAliasParams, &nonceBuff, &keyInfo, &pskBuff);
848 HcFree(nonceVal);
849 if (ret != HC_SUCCESS) {
850 LOGE("Failed to computeHkdf for psk!");
851 HcFree(pskVal);
852 return ret;
853 }
854
855 ret = ConvertPsk(&pskBuff, sharedSecret);
856 HcFree(pskVal);
857 if (ret != HC_SUCCESS) {
858 LOGE("Failed to convert psk!");
859 }
860 return ret;
861 }
862
GetSharedSecretForP2p(const CJson * in,const CJson * urlJson,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)863 static int32_t GetSharedSecretForP2p(
864 const CJson *in, const CJson *urlJson, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
865 {
866 const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID);
867 if (groupId == NULL) {
868 LOGE("Failed to get groupId!");
869 return HC_ERR_JSON_GET;
870 }
871 int32_t ret;
872 if (protocolType == ALG_ISO) {
873 ret = GetSharedSecretForP2pInIso(in, groupId, sharedSecret);
874 LOGI("get shared secret for p2p in iso result: %" LOG_PUB "d", ret);
875 } else {
876 ret = GetSharedSecretForP2pInPake(in, groupId, sharedSecret);
877 LOGI("get shared secret for p2p in pake result: %" LOG_PUB "d", ret);
878 }
879 return ret;
880 }
881
GetSharedSecretByUrl(const CJson * in,const Uint8Buff * presharedUrl,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)882 static int32_t GetSharedSecretByUrl(
883 const CJson *in, const Uint8Buff *presharedUrl, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
884 {
885 if (in == NULL || presharedUrl == NULL || sharedSecret == NULL) {
886 LOGE("Invalid input params!");
887 return HC_ERR_INVALID_PARAMS;
888 }
889
890 CJson *urlJson = CreateJsonFromString((const char *)presharedUrl->val);
891 if (urlJson == NULL) {
892 LOGE("Create url json from url failed!");
893 return HC_ERR_JSON_CREATE;
894 }
895
896 int32_t trustType = 0;
897 if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) {
898 LOGE("Failed to get trust type!");
899 FreeJson(urlJson);
900 return HC_ERR_JSON_GET;
901 }
902
903 int32_t ret;
904 switch (trustType) {
905 case TRUST_TYPE_P2P:
906 ret = GetSharedSecretForP2p(in, urlJson, protocolType, sharedSecret);
907 break;
908 case TRUST_TYPE_UID:
909 if (protocolType != ALG_ISO) {
910 LOGE("protocol type is not iso, not supported!");
911 ret = HC_ERR_INVALID_PARAMS;
912 } else {
913 ret = GetAccountSymSharedSecret(in, urlJson, sharedSecret);
914 }
915 break;
916 default:
917 LOGE("Invalid trust type!");
918 ret = HC_ERR_INVALID_PARAMS;
919 break;
920 }
921 FreeJson(urlJson);
922
923 return ret;
924 }
925
GetCredInfoByPeerCert(const CJson * in,const CertInfo * certInfo,IdentityInfo ** returnInfo)926 static int32_t GetCredInfoByPeerCert(const CJson *in, const CertInfo *certInfo, IdentityInfo **returnInfo)
927 {
928 if (in == NULL || certInfo == NULL || returnInfo == NULL) {
929 LOGE("Invalid input params!");
930 return HC_ERR_INVALID_PARAMS;
931 }
932 int32_t osAccountId = INVALID_OS_ACCOUNT;
933 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
934 LOGE("Failed to get osAccountId!");
935 return HC_ERR_JSON_GET;
936 }
937 int32_t res = GetAccountAsymCredInfo(osAccountId, certInfo, returnInfo);
938 if (res != HC_SUCCESS) {
939 LOGE("Failed to get account asym cred info!");
940 return res;
941 }
942 if (certInfo->isPseudonym) {
943 (*returnInfo)->proof.certInfo.isPseudonym = true;
944 } else {
945 (*returnInfo)->proof.certInfo.isPseudonym = false;
946 }
947 return HC_SUCCESS;
948 }
949
GetSharedSecretByPeerCert(const CJson * in,const CertInfo * peerCertInfo,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)950 static int32_t GetSharedSecretByPeerCert(
951 const CJson *in, const CertInfo *peerCertInfo, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
952 {
953 if (in == NULL || peerCertInfo == NULL || sharedSecret == NULL) {
954 LOGE("Invalid input params!");
955 return HC_ERR_INVALID_PARAMS;
956 }
957 if (protocolType != ALG_EC_SPEKE) {
958 LOGE("protocol type is not ec speke, not support!");
959 return HC_ERR_INVALID_PARAMS;
960 }
961 int32_t osAccountId = INVALID_OS_ACCOUNT;
962 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
963 LOGE("Failed to get osAccountId!");
964 return HC_ERR_JSON_GET;
965 }
966 const char *peerUserId = GetStringFromJson(in, FIELD_PEER_USER_ID);
967 if (peerUserId != NULL) {
968 LOGE("peerUserId exists.");
969 }
970 return GetAccountAsymSharedSecret(osAccountId, peerUserId, FIELD_PEER_USER_ID, peerCertInfo, sharedSecret);
971 }
972
973 static const AuthIdentity g_authIdentity = {
974 .getCredInfosByPeerIdentity = GetCredInfosByPeerIdentity,
975 .getCredInfoByPeerUrl = GetCredInfoByPeerUrl,
976 .getSharedSecretByUrl = GetSharedSecretByUrl,
977 .getCredInfoByPeerCert = GetCredInfoByPeerCert,
978 .getSharedSecretByPeerCert = GetSharedSecretByPeerCert,
979 };
980
GetGroupAuthIdentity(void)981 const AuthIdentity *GetGroupAuthIdentity(void)
982 {
983 return &g_authIdentity;
984 }