117fd14ceSopenharmony_ci/* 217fd14ceSopenharmony_ci * Copyright (C) 2023 Huawei Device Co., Ltd. 317fd14ceSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 417fd14ceSopenharmony_ci * you may not use this file except in compliance with the License. 517fd14ceSopenharmony_ci * You may obtain a copy of the License at 617fd14ceSopenharmony_ci * 717fd14ceSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 817fd14ceSopenharmony_ci * 917fd14ceSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 1017fd14ceSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 1117fd14ceSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1217fd14ceSopenharmony_ci * See the License for the specific language governing permissions and 1317fd14ceSopenharmony_ci * limitations under the License. 1417fd14ceSopenharmony_ci */ 1517fd14ceSopenharmony_ci 1617fd14ceSopenharmony_ci#include "account_auth_plugin_proxy.h" 1717fd14ceSopenharmony_ci#include "account_related_group_auth.h" 1817fd14ceSopenharmony_ci#include "alg_defs.h" 1917fd14ceSopenharmony_ci#include "alg_loader.h" 2017fd14ceSopenharmony_ci#include "cert_operation.h" 2117fd14ceSopenharmony_ci#include "group_auth_data_operation.h" 2217fd14ceSopenharmony_ci#include "group_operation_common.h" 2317fd14ceSopenharmony_ci#include "hc_log.h" 2417fd14ceSopenharmony_ci#include "identity_manager.h" 2517fd14ceSopenharmony_ci 2617fd14ceSopenharmony_cistatic int32_t GetAccountRelatedCandidateGroups( 2717fd14ceSopenharmony_ci int32_t osAccountId, const CJson *in, bool isDeviceLevel, GroupEntryVec *vec) 2817fd14ceSopenharmony_ci{ 2917fd14ceSopenharmony_ci BaseGroupAuth *groupAuth = GetAccountRelatedGroupAuth(); 3017fd14ceSopenharmony_ci if (groupAuth == NULL) { 3117fd14ceSopenharmony_ci return HC_ERR_NULL_PTR; 3217fd14ceSopenharmony_ci } 3317fd14ceSopenharmony_ci QueryGroupParams queryParams = InitQueryGroupParams(); 3417fd14ceSopenharmony_ci if (!isDeviceLevel) { 3517fd14ceSopenharmony_ci queryParams.groupVisibility = GROUP_VISIBILITY_PUBLIC; 3617fd14ceSopenharmony_ci } 3717fd14ceSopenharmony_ci ((AccountRelatedGroupAuth *)groupAuth)->getAccountCandidateGroup(osAccountId, in, &queryParams, vec); 3817fd14ceSopenharmony_ci // All return success, only notify the plugin. 3917fd14ceSopenharmony_ci if (HasAccountAuthPlugin() == HC_SUCCESS && vec->size(vec) == 0) { 4017fd14ceSopenharmony_ci CJson *input = CreateJson(); 4117fd14ceSopenharmony_ci if (input == NULL) { 4217fd14ceSopenharmony_ci return HC_SUCCESS; 4317fd14ceSopenharmony_ci } 4417fd14ceSopenharmony_ci CJson *output = CreateJson(); 4517fd14ceSopenharmony_ci if (output == NULL) { 4617fd14ceSopenharmony_ci FreeJson(input); 4717fd14ceSopenharmony_ci return HC_SUCCESS; 4817fd14ceSopenharmony_ci } 4917fd14ceSopenharmony_ci int32_t ret = ExcuteCredMgrCmd(osAccountId, QUERY_SELF_CREDENTIAL_INFO, input, output); 5017fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 5117fd14ceSopenharmony_ci LOGE("Account cred is empty."); 5217fd14ceSopenharmony_ci } 5317fd14ceSopenharmony_ci FreeJson(input); 5417fd14ceSopenharmony_ci FreeJson(output); 5517fd14ceSopenharmony_ci } 5617fd14ceSopenharmony_ci return HC_SUCCESS; 5717fd14ceSopenharmony_ci} 5817fd14ceSopenharmony_ci 5917fd14ceSopenharmony_cistatic int32_t GetAccountUnrelatedCandidateGroups(int32_t osAccountId, bool isDeviceLevel, GroupEntryVec *vec) 6017fd14ceSopenharmony_ci{ 6117fd14ceSopenharmony_ci QueryGroupParams queryParams = InitQueryGroupParams(); 6217fd14ceSopenharmony_ci queryParams.groupType = PEER_TO_PEER_GROUP; 6317fd14ceSopenharmony_ci if (!isDeviceLevel) { 6417fd14ceSopenharmony_ci queryParams.groupVisibility = GROUP_VISIBILITY_PUBLIC; 6517fd14ceSopenharmony_ci } 6617fd14ceSopenharmony_ci return QueryGroups(osAccountId, &queryParams, vec); 6717fd14ceSopenharmony_ci} 6817fd14ceSopenharmony_ci 6917fd14ceSopenharmony_cistatic void GetGroupInfoByGroupId(int32_t osAccountId, const char *groupId, GroupEntryVec *groupEntryVec) 7017fd14ceSopenharmony_ci{ 7117fd14ceSopenharmony_ci QueryGroupParams queryParams = InitQueryGroupParams(); 7217fd14ceSopenharmony_ci queryParams.groupId = groupId; 7317fd14ceSopenharmony_ci int32_t ret = QueryGroups(osAccountId, &queryParams, groupEntryVec); 7417fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 7517fd14ceSopenharmony_ci LOGE("Failed to query groups for groupId: %s!", groupId); 7617fd14ceSopenharmony_ci } 7717fd14ceSopenharmony_ci} 7817fd14ceSopenharmony_ci 7917fd14ceSopenharmony_cistatic void GetCandidateGroups(int32_t osAccountId, const CJson *in, GroupEntryVec *groupEntryVec) 8017fd14ceSopenharmony_ci{ 8117fd14ceSopenharmony_ci bool isDeviceLevel = false; 8217fd14ceSopenharmony_ci (void)GetBoolFromJson(in, FIELD_IS_DEVICE_LEVEL, &isDeviceLevel); 8317fd14ceSopenharmony_ci 8417fd14ceSopenharmony_ci int32_t ret = GetAccountRelatedCandidateGroups(osAccountId, in, isDeviceLevel, groupEntryVec); 8517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 8617fd14ceSopenharmony_ci LOGE("Failed to get account related groups!"); 8717fd14ceSopenharmony_ci } 8817fd14ceSopenharmony_ci 8917fd14ceSopenharmony_ci ret = GetAccountUnrelatedCandidateGroups(osAccountId, isDeviceLevel, groupEntryVec); 9017fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 9117fd14ceSopenharmony_ci LOGE("Failed to get p2p groups!"); 9217fd14ceSopenharmony_ci } 9317fd14ceSopenharmony_ci} 9417fd14ceSopenharmony_ci 9517fd14ceSopenharmony_cistatic bool IsDeviceInGroup( 9617fd14ceSopenharmony_ci int32_t osAccountId, int32_t groupType, const char *deviceId, const char *groupId, bool isUdid) 9717fd14ceSopenharmony_ci{ 9817fd14ceSopenharmony_ci if (isUdid) { 9917fd14ceSopenharmony_ci return GaIsDeviceInGroup(groupType, osAccountId, deviceId, NULL, groupId); 10017fd14ceSopenharmony_ci } else { 10117fd14ceSopenharmony_ci return GaIsDeviceInGroup(groupType, osAccountId, NULL, deviceId, groupId); 10217fd14ceSopenharmony_ci } 10317fd14ceSopenharmony_ci} 10417fd14ceSopenharmony_ci 10517fd14ceSopenharmony_cistatic int32_t SetProtocolsToIdentityInfo(int32_t keyType, IdentityInfo *info) 10617fd14ceSopenharmony_ci{ 10717fd14ceSopenharmony_ci if (keyType == KEY_TYPE_ASYM) { 10817fd14ceSopenharmony_ci#ifdef ENABLE_P2P_AUTH_EC_SPEKE 10917fd14ceSopenharmony_ci ProtocolEntity *entity = (ProtocolEntity *)HcMalloc(sizeof(ProtocolEntity), 0); 11017fd14ceSopenharmony_ci if (entity == NULL) { 11117fd14ceSopenharmony_ci LOGE("Failed to alloc memory for entity!"); 11217fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 11317fd14ceSopenharmony_ci } 11417fd14ceSopenharmony_ci entity->protocolType = ALG_EC_SPEKE; 11517fd14ceSopenharmony_ci info->protocolVec.pushBack(&info->protocolVec, (const ProtocolEntity **)&entity); 11617fd14ceSopenharmony_ci#else 11717fd14ceSopenharmony_ci (void)info; 11817fd14ceSopenharmony_ci#endif 11917fd14ceSopenharmony_ci } else { 12017fd14ceSopenharmony_ci#ifdef ENABLE_P2P_AUTH_ISO 12117fd14ceSopenharmony_ci ProtocolEntity *entity = (ProtocolEntity *)HcMalloc(sizeof(ProtocolEntity), 0); 12217fd14ceSopenharmony_ci if (entity == NULL) { 12317fd14ceSopenharmony_ci LOGE("Failed to alloc memory for entity!"); 12417fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 12517fd14ceSopenharmony_ci } 12617fd14ceSopenharmony_ci entity->protocolType = ALG_ISO; 12717fd14ceSopenharmony_ci info->protocolVec.pushBack(&info->protocolVec, (const ProtocolEntity **)&entity); 12817fd14ceSopenharmony_ci#else 12917fd14ceSopenharmony_ci (void)info; 13017fd14ceSopenharmony_ci#endif 13117fd14ceSopenharmony_ci } 13217fd14ceSopenharmony_ci 13317fd14ceSopenharmony_ci return HC_SUCCESS; 13417fd14ceSopenharmony_ci} 13517fd14ceSopenharmony_ci 13617fd14ceSopenharmony_cistatic bool IsP2pAuthTokenExist(int32_t osAccountId, const TrustedDeviceEntry *deviceEntry) 13717fd14ceSopenharmony_ci{ 13817fd14ceSopenharmony_ci Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) }; 13917fd14ceSopenharmony_ci 14017fd14ceSopenharmony_ci const char *serviceType = StringGet(&deviceEntry->serviceType); 14117fd14ceSopenharmony_ci Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) }; 14217fd14ceSopenharmony_ci 14317fd14ceSopenharmony_ci const char *peerAuthId = StringGet(&deviceEntry->authId); 14417fd14ceSopenharmony_ci Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) }; 14517fd14ceSopenharmony_ci 14617fd14ceSopenharmony_ci uint8_t keyAliasVal[ISO_KEY_ALIAS_LEN] = { 0 }; 14717fd14ceSopenharmony_ci Uint8Buff keyAlias = { keyAliasVal, ISO_KEY_ALIAS_LEN }; 14817fd14ceSopenharmony_ci int32_t ret = 14917fd14ceSopenharmony_ci GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, KEY_ALIAS_AUTH_TOKEN, &peerAuthIdBuff, &keyAlias); 15017fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 15117fd14ceSopenharmony_ci LOGE("Failed to generate key alias!"); 15217fd14ceSopenharmony_ci return false; 15317fd14ceSopenharmony_ci } 15417fd14ceSopenharmony_ci 15517fd14ceSopenharmony_ci ret = GetLoaderInstance()->checkKeyExist(&keyAlias, false, osAccountId); 15617fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 15717fd14ceSopenharmony_ci LOGE("auth token not exist!"); 15817fd14ceSopenharmony_ci return false; 15917fd14ceSopenharmony_ci } 16017fd14ceSopenharmony_ci return true; 16117fd14ceSopenharmony_ci} 16217fd14ceSopenharmony_ci 16317fd14ceSopenharmony_cistatic int32_t GetAccountUnrelatedIdentityInfo( 16417fd14ceSopenharmony_ci int32_t osAccountId, const char *groupId, const char *deviceId, bool isUdid, IdentityInfo *info) 16517fd14ceSopenharmony_ci{ 16617fd14ceSopenharmony_ci TrustedDeviceEntry *deviceEntry = CreateDeviceEntry(); 16717fd14ceSopenharmony_ci if (deviceEntry == NULL) { 16817fd14ceSopenharmony_ci LOGE("Failed to create deviceEntry!"); 16917fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 17017fd14ceSopenharmony_ci } 17117fd14ceSopenharmony_ci int32_t ret = GaGetTrustedDeviceEntryById(osAccountId, deviceId, isUdid, groupId, deviceEntry); 17217fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 17317fd14ceSopenharmony_ci LOGE("Failed to get device entry!"); 17417fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 17517fd14ceSopenharmony_ci return ret; 17617fd14ceSopenharmony_ci } 17717fd14ceSopenharmony_ci 17817fd14ceSopenharmony_ci int32_t keyType = IsP2pAuthTokenExist(osAccountId, deviceEntry) ? KEY_TYPE_SYM : KEY_TYPE_ASYM; 17917fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 18017fd14ceSopenharmony_ci CJson *urlJson = CreateCredUrlJson(PRE_SHARED, keyType, TRUST_TYPE_P2P); 18117fd14ceSopenharmony_ci 18217fd14ceSopenharmony_ci if (!urlJson) { 18317fd14ceSopenharmony_ci LOGE("Failed to create CredUrlJson info!"); 18417fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 18517fd14ceSopenharmony_ci } 18617fd14ceSopenharmony_ci if (AddStringToJson(urlJson, FIELD_GROUP_ID, groupId) != HC_SUCCESS) { 18717fd14ceSopenharmony_ci LOGE("Failed to add group id!"); 18817fd14ceSopenharmony_ci FreeJson(urlJson); 18917fd14ceSopenharmony_ci return HC_ERR_JSON_ADD; 19017fd14ceSopenharmony_ci } 19117fd14ceSopenharmony_ci 19217fd14ceSopenharmony_ci char *urlStr = PackJsonToString(urlJson); 19317fd14ceSopenharmony_ci FreeJson(urlJson); 19417fd14ceSopenharmony_ci if (urlStr == NULL) { 19517fd14ceSopenharmony_ci LOGE("Failed to pack url json to string!"); 19617fd14ceSopenharmony_ci return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL; 19717fd14ceSopenharmony_ci } 19817fd14ceSopenharmony_ci 19917fd14ceSopenharmony_ci ret = SetPreSharedUrlForProof(urlStr, &info->proof.preSharedUrl); 20017fd14ceSopenharmony_ci FreeJsonString(urlStr); 20117fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 20217fd14ceSopenharmony_ci LOGE("Failed to set preSharedUrl of proof!"); 20317fd14ceSopenharmony_ci return ret; 20417fd14ceSopenharmony_ci } 20517fd14ceSopenharmony_ci 20617fd14ceSopenharmony_ci ret = SetProtocolsToIdentityInfo(keyType, info); 20717fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 20817fd14ceSopenharmony_ci LOGE("Failed to set protocols!"); 20917fd14ceSopenharmony_ci return ret; 21017fd14ceSopenharmony_ci } 21117fd14ceSopenharmony_ci 21217fd14ceSopenharmony_ci info->proofType = PRE_SHARED; 21317fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 21417fd14ceSopenharmony_ci LOGE("Failed to get p2p identity by key type!"); 21517fd14ceSopenharmony_ci } 21617fd14ceSopenharmony_ci return ret; 21717fd14ceSopenharmony_ci} 21817fd14ceSopenharmony_ci 21917fd14ceSopenharmony_cistatic int32_t GetIdentityInfo(int32_t osAccountId, const TrustedGroupEntry *groupEntry, const char *deviceId, 22017fd14ceSopenharmony_ci bool isUdid, IdentityInfo **returnInfo) 22117fd14ceSopenharmony_ci{ 22217fd14ceSopenharmony_ci IdentityInfo *info = CreateIdentityInfo(); 22317fd14ceSopenharmony_ci if (info == NULL) { 22417fd14ceSopenharmony_ci LOGE("Failed to create identity info!"); 22517fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 22617fd14ceSopenharmony_ci } 22717fd14ceSopenharmony_ci int32_t ret; 22817fd14ceSopenharmony_ci const char *groupId = StringGet(&groupEntry->id); 22917fd14ceSopenharmony_ci if (groupEntry->type == PEER_TO_PEER_GROUP) { 23017fd14ceSopenharmony_ci ret = GetAccountUnrelatedIdentityInfo(osAccountId, groupId, deviceId, isUdid, info); 23117fd14ceSopenharmony_ci } else { 23217fd14ceSopenharmony_ci ret = GetAccountRelatedCredInfo(osAccountId, groupId, deviceId, isUdid, info); 23317fd14ceSopenharmony_ci } 23417fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 23517fd14ceSopenharmony_ci LOGE("Failed to get identity info!"); 23617fd14ceSopenharmony_ci DestroyIdentityInfo(info); 23717fd14ceSopenharmony_ci return ret; 23817fd14ceSopenharmony_ci } 23917fd14ceSopenharmony_ci *returnInfo = info; 24017fd14ceSopenharmony_ci return HC_SUCCESS; 24117fd14ceSopenharmony_ci} 24217fd14ceSopenharmony_ci 24317fd14ceSopenharmony_cistatic void AddNoPseudonymIdentityInfo(int32_t osAccountId, const TrustedGroupEntry *groupEntry, 24417fd14ceSopenharmony_ci const char *deviceId, bool isUdid, IdentityInfoVec *identityInfoVec) 24517fd14ceSopenharmony_ci{ 24617fd14ceSopenharmony_ci IdentityInfo *info = NULL; 24717fd14ceSopenharmony_ci if (GetIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, &info) != HC_SUCCESS) { 24817fd14ceSopenharmony_ci return; 24917fd14ceSopenharmony_ci } 25017fd14ceSopenharmony_ci info->proof.certInfo.isPseudonym = false; 25117fd14ceSopenharmony_ci identityInfoVec->pushBack(identityInfoVec, (const IdentityInfo **)&info); 25217fd14ceSopenharmony_ci} 25317fd14ceSopenharmony_ci 25417fd14ceSopenharmony_cistatic int32_t GetIdentityInfos( 25517fd14ceSopenharmony_ci int32_t osAccountId, const CJson *in, const GroupEntryVec *groupEntryVec, IdentityInfoVec *identityInfoVec) 25617fd14ceSopenharmony_ci{ 25717fd14ceSopenharmony_ci const char *pkgName = GetStringFromJson(in, FIELD_SERVICE_PKG_NAME); 25817fd14ceSopenharmony_ci if (pkgName == NULL) { 25917fd14ceSopenharmony_ci LOGE("Failed to get service package name!"); 26017fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 26117fd14ceSopenharmony_ci } 26217fd14ceSopenharmony_ci bool isUdid = false; 26317fd14ceSopenharmony_ci const char *deviceId = GetPeerDevIdFromJson(in, &isUdid); 26417fd14ceSopenharmony_ci if (deviceId == NULL) { 26517fd14ceSopenharmony_ci LOGE("Failed to get peer device id!"); 26617fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 26717fd14ceSopenharmony_ci } 26817fd14ceSopenharmony_ci uint32_t index; 26917fd14ceSopenharmony_ci TrustedGroupEntry **ptr = NULL; 27017fd14ceSopenharmony_ci FOR_EACH_HC_VECTOR(*groupEntryVec, index, ptr) 27117fd14ceSopenharmony_ci { 27217fd14ceSopenharmony_ci const TrustedGroupEntry *groupEntry = (TrustedGroupEntry *)(*ptr); 27317fd14ceSopenharmony_ci const char *groupId = StringGet(&(groupEntry->id)); 27417fd14ceSopenharmony_ci if (groupId == NULL) { 27517fd14ceSopenharmony_ci continue; 27617fd14ceSopenharmony_ci } 27717fd14ceSopenharmony_ci if (!GaIsGroupAccessible(osAccountId, groupId, pkgName)) { 27817fd14ceSopenharmony_ci continue; 27917fd14ceSopenharmony_ci } 28017fd14ceSopenharmony_ci if (!IsDeviceInGroup(osAccountId, groupEntry->type, deviceId, groupId, isUdid)) { 28117fd14ceSopenharmony_ci continue; 28217fd14ceSopenharmony_ci } 28317fd14ceSopenharmony_ci IdentityInfo *info = NULL; 28417fd14ceSopenharmony_ci if (GetIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, &info) != HC_SUCCESS) { 28517fd14ceSopenharmony_ci continue; 28617fd14ceSopenharmony_ci } 28717fd14ceSopenharmony_ci if (info->proofType == CERTIFICATED) { 28817fd14ceSopenharmony_ci info->proof.certInfo.isPseudonym = true; 28917fd14ceSopenharmony_ci } 29017fd14ceSopenharmony_ci identityInfoVec->pushBack(identityInfoVec, (const IdentityInfo **)&info); 29117fd14ceSopenharmony_ci if (info->proofType == CERTIFICATED) { 29217fd14ceSopenharmony_ci AddNoPseudonymIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, identityInfoVec); 29317fd14ceSopenharmony_ci } 29417fd14ceSopenharmony_ci } 29517fd14ceSopenharmony_ci LOGI("The identity info size is: %u", identityInfoVec->size(identityInfoVec)); 29617fd14ceSopenharmony_ci return HC_SUCCESS; 29717fd14ceSopenharmony_ci} 29817fd14ceSopenharmony_ci 29917fd14ceSopenharmony_cistatic int32_t GetCredInfosByPeerIdentity(const CJson *in, IdentityInfoVec *identityInfoVec) 30017fd14ceSopenharmony_ci{ 30117fd14ceSopenharmony_ci int32_t osAccountId = INVALID_OS_ACCOUNT; 30217fd14ceSopenharmony_ci int32_t ret; 30317fd14ceSopenharmony_ci if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) { 30417fd14ceSopenharmony_ci LOGE("Failed to get osAccountId!"); 30517fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 30617fd14ceSopenharmony_ci } 30717fd14ceSopenharmony_ci const char *groupId = GetStringFromJson(in, FIELD_GROUP_ID); 30817fd14ceSopenharmony_ci if (groupId == NULL) { 30917fd14ceSopenharmony_ci groupId = GetStringFromJson(in, FIELD_SERVICE_TYPE); 31017fd14ceSopenharmony_ci } 31117fd14ceSopenharmony_ci GroupEntryVec groupEntryVec = CreateGroupEntryVec(); 31217fd14ceSopenharmony_ci if (groupId == NULL) { 31317fd14ceSopenharmony_ci GetCandidateGroups(osAccountId, in, &groupEntryVec); 31417fd14ceSopenharmony_ci } else { 31517fd14ceSopenharmony_ci GetGroupInfoByGroupId(osAccountId, groupId, &groupEntryVec); 31617fd14ceSopenharmony_ci } 31717fd14ceSopenharmony_ci 31817fd14ceSopenharmony_ci bool isDeviceLevel = false; 31917fd14ceSopenharmony_ci (void)GetBoolFromJson(in, FIELD_IS_DEVICE_LEVEL, &isDeviceLevel); 32017fd14ceSopenharmony_ci if (groupEntryVec.size(&groupEntryVec) == 0) { 32117fd14ceSopenharmony_ci if (isDeviceLevel) { 32217fd14ceSopenharmony_ci // device level auth still has the chance to try p2p direct auth 32317fd14ceSopenharmony_ci // so, do not report error here. 32417fd14ceSopenharmony_ci LOGI("No satisfied candidate group!"); 32517fd14ceSopenharmony_ci } else { 32617fd14ceSopenharmony_ci LOGE("No satisfied candidate group!"); 32717fd14ceSopenharmony_ci } 32817fd14ceSopenharmony_ci ClearGroupEntryVec(&groupEntryVec); 32917fd14ceSopenharmony_ci return HC_ERR_NO_CANDIDATE_GROUP; 33017fd14ceSopenharmony_ci } 33117fd14ceSopenharmony_ci ret = GetIdentityInfos(osAccountId, in, &groupEntryVec, identityInfoVec); 33217fd14ceSopenharmony_ci ClearGroupEntryVec(&groupEntryVec); 33317fd14ceSopenharmony_ci return ret; 33417fd14ceSopenharmony_ci} 33517fd14ceSopenharmony_ci 33617fd14ceSopenharmony_cistatic int32_t SetIdentityInfoByUrl(const CJson *urlJson, IdentityInfo *info) 33717fd14ceSopenharmony_ci{ 33817fd14ceSopenharmony_ci if (urlJson == NULL || info == NULL) { 33917fd14ceSopenharmony_ci LOGE("Need urlJson and IdentityInfo is not NULL!"); 34017fd14ceSopenharmony_ci return HC_ERR_INVALID_PARAMS; 34117fd14ceSopenharmony_ci } 34217fd14ceSopenharmony_ci 34317fd14ceSopenharmony_ci int32_t keyType = 0; 34417fd14ceSopenharmony_ci if (GetIntFromJson(urlJson, PRESHARED_URL_KEY_TYPE, &keyType) != HC_SUCCESS) { 34517fd14ceSopenharmony_ci LOGE("Failed to get trust type!"); 34617fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 34717fd14ceSopenharmony_ci } 34817fd14ceSopenharmony_ci 34917fd14ceSopenharmony_ci char *urlStr = PackJsonToString(urlJson); 35017fd14ceSopenharmony_ci if (urlStr == NULL) { 35117fd14ceSopenharmony_ci LOGE("Failed to pack url json to string!"); 35217fd14ceSopenharmony_ci return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL; 35317fd14ceSopenharmony_ci } 35417fd14ceSopenharmony_ci int32_t ret = SetPreSharedUrlForProof(urlStr, &info->proof.preSharedUrl); 35517fd14ceSopenharmony_ci FreeJsonString(urlStr); 35617fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 35717fd14ceSopenharmony_ci LOGE("Failed to set preSharedUrl of proof!"); 35817fd14ceSopenharmony_ci return ret; 35917fd14ceSopenharmony_ci } 36017fd14ceSopenharmony_ci 36117fd14ceSopenharmony_ci ret = SetProtocolsToIdentityInfo(keyType, info); 36217fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 36317fd14ceSopenharmony_ci LOGE("Failed to set protocols!"); 36417fd14ceSopenharmony_ci return ret; 36517fd14ceSopenharmony_ci } 36617fd14ceSopenharmony_ci 36717fd14ceSopenharmony_ci info->proofType = PRE_SHARED; 36817fd14ceSopenharmony_ci return ret; 36917fd14ceSopenharmony_ci} 37017fd14ceSopenharmony_ci 37117fd14ceSopenharmony_cistatic int32_t CheckAndGetP2pCredInfo(const CJson *in, const CJson *urlJson, IdentityInfo *info) 37217fd14ceSopenharmony_ci{ 37317fd14ceSopenharmony_ci int32_t osAccountId = INVALID_OS_ACCOUNT; 37417fd14ceSopenharmony_ci if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) { 37517fd14ceSopenharmony_ci LOGE("Failed to get osAccountId!"); 37617fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 37717fd14ceSopenharmony_ci } 37817fd14ceSopenharmony_ci 37917fd14ceSopenharmony_ci const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID); 38017fd14ceSopenharmony_ci if (groupId == NULL) { 38117fd14ceSopenharmony_ci LOGE("Failed to get groupId!"); 38217fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 38317fd14ceSopenharmony_ci } 38417fd14ceSopenharmony_ci int32_t ret = CheckGroupExist(osAccountId, groupId); 38517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 38617fd14ceSopenharmony_ci LOGE("group not exist!"); 38717fd14ceSopenharmony_ci return ret; 38817fd14ceSopenharmony_ci } 38917fd14ceSopenharmony_ci TrustedDeviceEntry *deviceEntry = CreateDeviceEntry(); 39017fd14ceSopenharmony_ci if (deviceEntry == NULL) { 39117fd14ceSopenharmony_ci LOGE("Failed to create device entry!"); 39217fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 39317fd14ceSopenharmony_ci } 39417fd14ceSopenharmony_ci ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry); 39517fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 39617fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 39717fd14ceSopenharmony_ci LOGE("peer device not found!"); 39817fd14ceSopenharmony_ci return ret; 39917fd14ceSopenharmony_ci } 40017fd14ceSopenharmony_ci 40117fd14ceSopenharmony_ci ret = SetIdentityInfoByUrl(urlJson, info); 40217fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 40317fd14ceSopenharmony_ci LOGE("Failed to get p2p identity info by key type!"); 40417fd14ceSopenharmony_ci } 40517fd14ceSopenharmony_ci return ret; 40617fd14ceSopenharmony_ci} 40717fd14ceSopenharmony_ci 40817fd14ceSopenharmony_cistatic int32_t GetCredInfoByPeerUrl(const CJson *in, const Uint8Buff *presharedUrl, IdentityInfo **returnInfo) 40917fd14ceSopenharmony_ci{ 41017fd14ceSopenharmony_ci if (in == NULL || presharedUrl == NULL || returnInfo == NULL) { 41117fd14ceSopenharmony_ci LOGE("Invalid input params!"); 41217fd14ceSopenharmony_ci return HC_ERR_INVALID_PARAMS; 41317fd14ceSopenharmony_ci } 41417fd14ceSopenharmony_ci 41517fd14ceSopenharmony_ci CJson *urlJson = CreateJsonFromString((const char *)presharedUrl->val); 41617fd14ceSopenharmony_ci if (urlJson == NULL) { 41717fd14ceSopenharmony_ci LOGE("Failed to create url json!"); 41817fd14ceSopenharmony_ci return HC_ERR_JSON_CREATE; 41917fd14ceSopenharmony_ci } 42017fd14ceSopenharmony_ci 42117fd14ceSopenharmony_ci int32_t trustType = 0; 42217fd14ceSopenharmony_ci if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) { 42317fd14ceSopenharmony_ci LOGE("Failed to get trust type!"); 42417fd14ceSopenharmony_ci FreeJson(urlJson); 42517fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 42617fd14ceSopenharmony_ci } 42717fd14ceSopenharmony_ci 42817fd14ceSopenharmony_ci IdentityInfo *info = CreateIdentityInfo(); 42917fd14ceSopenharmony_ci if (info == NULL) { 43017fd14ceSopenharmony_ci LOGE("Failed to create identity info!"); 43117fd14ceSopenharmony_ci FreeJson(urlJson); 43217fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 43317fd14ceSopenharmony_ci } 43417fd14ceSopenharmony_ci int32_t ret; 43517fd14ceSopenharmony_ci switch (trustType) { 43617fd14ceSopenharmony_ci case TRUST_TYPE_UID: 43717fd14ceSopenharmony_ci ret = GetAccountSymCredInfoByPeerUrl(in, urlJson, info); 43817fd14ceSopenharmony_ci break; 43917fd14ceSopenharmony_ci case TRUST_TYPE_P2P: 44017fd14ceSopenharmony_ci ret = CheckAndGetP2pCredInfo(in, urlJson, info); 44117fd14ceSopenharmony_ci break; 44217fd14ceSopenharmony_ci default: 44317fd14ceSopenharmony_ci LOGE("Invalid trust type!"); 44417fd14ceSopenharmony_ci ret = HC_ERR_INVALID_PARAMS; 44517fd14ceSopenharmony_ci break; 44617fd14ceSopenharmony_ci } 44717fd14ceSopenharmony_ci FreeJson(urlJson); 44817fd14ceSopenharmony_ci 44917fd14ceSopenharmony_ci *returnInfo = info; 45017fd14ceSopenharmony_ci return ret; 45117fd14ceSopenharmony_ci} 45217fd14ceSopenharmony_ci 45317fd14ceSopenharmony_cistatic int32_t GenerateKeyAliasForIso(const TrustedDeviceEntry *deviceEntry, Uint8Buff *keyAliasBuff) 45417fd14ceSopenharmony_ci{ 45517fd14ceSopenharmony_ci Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, (uint32_t)HcStrlen(GROUP_MANAGER_PACKAGE_NAME) }; 45617fd14ceSopenharmony_ci const char *serviceType = StringGet(&deviceEntry->serviceType); 45717fd14ceSopenharmony_ci Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, (uint32_t)HcStrlen(serviceType) }; 45817fd14ceSopenharmony_ci const char *peerAuthId = StringGet(&deviceEntry->authId); 45917fd14ceSopenharmony_ci Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, (uint32_t)HcStrlen(peerAuthId) }; 46017fd14ceSopenharmony_ci KeyAliasType keyType = KEY_ALIAS_AUTH_TOKEN; 46117fd14ceSopenharmony_ci if (deviceEntry->upgradeFlag == 1) { 46217fd14ceSopenharmony_ci keyType = deviceEntry->devType; 46317fd14ceSopenharmony_ci } 46417fd14ceSopenharmony_ci int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, &peerAuthIdBuff, keyAliasBuff); 46517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 46617fd14ceSopenharmony_ci LOGE("Failed to generate key alias for iso!"); 46717fd14ceSopenharmony_ci return ret; 46817fd14ceSopenharmony_ci } 46917fd14ceSopenharmony_ci if (deviceEntry->upgradeFlag == 1) { 47017fd14ceSopenharmony_ci ret = ToLowerCase(keyAliasBuff); 47117fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 47217fd14ceSopenharmony_ci LOGE("Failed to convert psk alias to lower case!"); 47317fd14ceSopenharmony_ci return ret; 47417fd14ceSopenharmony_ci } 47517fd14ceSopenharmony_ci } 47617fd14ceSopenharmony_ci return HC_SUCCESS; 47717fd14ceSopenharmony_ci} 47817fd14ceSopenharmony_ci 47917fd14ceSopenharmony_cistatic int32_t AuthGeneratePsk(const CJson *in, const char *groupId, const Uint8Buff *seed, Uint8Buff *sharedSecret) 48017fd14ceSopenharmony_ci{ 48117fd14ceSopenharmony_ci int32_t osAccountId = INVALID_OS_ACCOUNT; 48217fd14ceSopenharmony_ci if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) { 48317fd14ceSopenharmony_ci LOGE("Failed to get osAccountId!"); 48417fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 48517fd14ceSopenharmony_ci } 48617fd14ceSopenharmony_ci TrustedDeviceEntry *deviceEntry = CreateDeviceEntry(); 48717fd14ceSopenharmony_ci if (deviceEntry == NULL) { 48817fd14ceSopenharmony_ci LOGE("Failed to create device entry!"); 48917fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 49017fd14ceSopenharmony_ci } 49117fd14ceSopenharmony_ci int32_t ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry); 49217fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 49317fd14ceSopenharmony_ci LOGE("Failed to get peer device entry!"); 49417fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 49517fd14ceSopenharmony_ci return ret; 49617fd14ceSopenharmony_ci } 49717fd14ceSopenharmony_ci uint8_t keyAlias[ISO_KEY_ALIAS_LEN] = { 0 }; 49817fd14ceSopenharmony_ci uint8_t upgradeKeyAlias[ISO_UPGRADE_KEY_ALIAS_LEN] = { 0 }; 49917fd14ceSopenharmony_ci Uint8Buff keyAliasBuf = { keyAlias, ISO_KEY_ALIAS_LEN }; 50017fd14ceSopenharmony_ci if (deviceEntry->upgradeFlag == 1) { 50117fd14ceSopenharmony_ci keyAliasBuf.val = upgradeKeyAlias; 50217fd14ceSopenharmony_ci keyAliasBuf.length = ISO_UPGRADE_KEY_ALIAS_LEN; 50317fd14ceSopenharmony_ci } 50417fd14ceSopenharmony_ci ret = GenerateKeyAliasForIso(deviceEntry, &keyAliasBuf); 50517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 50617fd14ceSopenharmony_ci LOGE("Failed to generate key alias in iso!"); 50717fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 50817fd14ceSopenharmony_ci return ret; 50917fd14ceSopenharmony_ci } 51017fd14ceSopenharmony_ci if (deviceEntry->upgradeFlag == 1) { 51117fd14ceSopenharmony_ci KeyParams keyAliasParams = { { keyAliasBuf.val, keyAliasBuf.length, true }, true, osAccountId }; 51217fd14ceSopenharmony_ci ret = GetLoaderInstance()->computeHmacWithThreeStage(&keyAliasParams, seed, sharedSecret); 51317fd14ceSopenharmony_ci } else { 51417fd14ceSopenharmony_ci KeyParams keyAliasParams = { { keyAliasBuf.val, keyAliasBuf.length, true }, false, osAccountId }; 51517fd14ceSopenharmony_ci ret = GetLoaderInstance()->computeHmac(&keyAliasParams, seed, sharedSecret); 51617fd14ceSopenharmony_ci } 51717fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 51817fd14ceSopenharmony_ci return ret; 51917fd14ceSopenharmony_ci} 52017fd14ceSopenharmony_ci 52117fd14ceSopenharmony_cistatic int32_t GetSharedSecretForP2pInIso(const CJson *in, const char *groupId, Uint8Buff *sharedSecret) 52217fd14ceSopenharmony_ci{ 52317fd14ceSopenharmony_ci uint8_t *seedVal = (uint8_t *)HcMalloc(SEED_LEN, 0); 52417fd14ceSopenharmony_ci if (seedVal == NULL) { 52517fd14ceSopenharmony_ci LOGE("Failed to alloc memory for seed!"); 52617fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 52717fd14ceSopenharmony_ci } 52817fd14ceSopenharmony_ci Uint8Buff seedBuff = { seedVal, SEED_LEN }; 52917fd14ceSopenharmony_ci int32_t ret = GetByteFromJson(in, FIELD_SEED, seedBuff.val, seedBuff.length); 53017fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 53117fd14ceSopenharmony_ci LOGE("Failed to get seed!"); 53217fd14ceSopenharmony_ci HcFree(seedVal); 53317fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 53417fd14ceSopenharmony_ci } 53517fd14ceSopenharmony_ci uint8_t *pskVal = (uint8_t *)HcMalloc(ISO_PSK_LEN, 0); 53617fd14ceSopenharmony_ci if (pskVal == NULL) { 53717fd14ceSopenharmony_ci LOGE("Failed to alloc memory for psk!"); 53817fd14ceSopenharmony_ci HcFree(seedVal); 53917fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 54017fd14ceSopenharmony_ci } 54117fd14ceSopenharmony_ci sharedSecret->val = pskVal; 54217fd14ceSopenharmony_ci sharedSecret->length = ISO_PSK_LEN; 54317fd14ceSopenharmony_ci ret = AuthGeneratePsk(in, groupId, &seedBuff, sharedSecret); 54417fd14ceSopenharmony_ci HcFree(seedVal); 54517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 54617fd14ceSopenharmony_ci LOGE("Failed to generate psk!"); 54717fd14ceSopenharmony_ci FreeBuffData(sharedSecret); 54817fd14ceSopenharmony_ci } 54917fd14ceSopenharmony_ci return ret; 55017fd14ceSopenharmony_ci} 55117fd14ceSopenharmony_ci 55217fd14ceSopenharmony_cistatic int32_t GetSelfAuthIdAndUserType( 55317fd14ceSopenharmony_ci int32_t osAccountId, const char *groupId, Uint8Buff *authIdBuff, int32_t *userType, int32_t *upgradeFlag) 55417fd14ceSopenharmony_ci{ 55517fd14ceSopenharmony_ci TrustedDeviceEntry *deviceEntry = CreateDeviceEntry(); 55617fd14ceSopenharmony_ci if (deviceEntry == NULL) { 55717fd14ceSopenharmony_ci LOGE("Failed to create device entry!"); 55817fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 55917fd14ceSopenharmony_ci } 56017fd14ceSopenharmony_ci int32_t ret = GetSelfDeviceEntry(osAccountId, groupId, deviceEntry); 56117fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 56217fd14ceSopenharmony_ci LOGE("Failed to get self device entry!"); 56317fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 56417fd14ceSopenharmony_ci return ret; 56517fd14ceSopenharmony_ci } 56617fd14ceSopenharmony_ci const char *selfAuthId = StringGet(&deviceEntry->authId); 56717fd14ceSopenharmony_ci uint32_t authIdLen = HcStrlen(selfAuthId); 56817fd14ceSopenharmony_ci authIdBuff->val = (uint8_t *)HcMalloc(authIdLen + 1, 0); 56917fd14ceSopenharmony_ci if (authIdBuff->val == NULL) { 57017fd14ceSopenharmony_ci LOGE("Failed to alloc memory for authId!"); 57117fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 57217fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 57317fd14ceSopenharmony_ci } 57417fd14ceSopenharmony_ci if (memcpy_s(authIdBuff->val, authIdLen + 1, selfAuthId, authIdLen) != EOK) { 57517fd14ceSopenharmony_ci LOGE("Failed to copy authId!"); 57617fd14ceSopenharmony_ci HcFree(authIdBuff->val); 57717fd14ceSopenharmony_ci authIdBuff->val = NULL; 57817fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 57917fd14ceSopenharmony_ci return HC_ERR_MEMORY_COPY; 58017fd14ceSopenharmony_ci } 58117fd14ceSopenharmony_ci authIdBuff->length = authIdLen; 58217fd14ceSopenharmony_ci *userType = deviceEntry->devType; 58317fd14ceSopenharmony_ci *upgradeFlag = deviceEntry->upgradeFlag; 58417fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 58517fd14ceSopenharmony_ci return HC_SUCCESS; 58617fd14ceSopenharmony_ci} 58717fd14ceSopenharmony_ci 58817fd14ceSopenharmony_cistatic int32_t GenerateSelfKeyAlias(const char *serviceType, int32_t selfUserType, const Uint8Buff *selfAuthIdBuff, 58917fd14ceSopenharmony_ci bool isSelfFromUpgrade, Uint8Buff *selfKeyAlias) 59017fd14ceSopenharmony_ci{ 59117fd14ceSopenharmony_ci Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) }; 59217fd14ceSopenharmony_ci Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) }; 59317fd14ceSopenharmony_ci KeyAliasType keyType = (KeyAliasType)selfUserType; 59417fd14ceSopenharmony_ci if (isSelfFromUpgrade) { 59517fd14ceSopenharmony_ci keyType = KEY_ALIAS_LT_KEY_PAIR; 59617fd14ceSopenharmony_ci } 59717fd14ceSopenharmony_ci int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, selfAuthIdBuff, selfKeyAlias); 59817fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 59917fd14ceSopenharmony_ci LOGE("Failed to generate self key alias!"); 60017fd14ceSopenharmony_ci return ret; 60117fd14ceSopenharmony_ci } 60217fd14ceSopenharmony_ci if (isSelfFromUpgrade) { 60317fd14ceSopenharmony_ci ret = ToLowerCase(selfKeyAlias); 60417fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 60517fd14ceSopenharmony_ci LOGE("Failed to convert self key alias to lower case!"); 60617fd14ceSopenharmony_ci return ret; 60717fd14ceSopenharmony_ci } 60817fd14ceSopenharmony_ci } 60917fd14ceSopenharmony_ci return HC_SUCCESS; 61017fd14ceSopenharmony_ci} 61117fd14ceSopenharmony_ci 61217fd14ceSopenharmony_cistatic int32_t GeneratePeerKeyAlias(const TrustedDeviceEntry *peerDeviceEntry, Uint8Buff *peerKeyAlias) 61317fd14ceSopenharmony_ci{ 61417fd14ceSopenharmony_ci Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) }; 61517fd14ceSopenharmony_ci const char *serviceType = StringGet(&peerDeviceEntry->serviceType); 61617fd14ceSopenharmony_ci Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) }; 61717fd14ceSopenharmony_ci#ifdef DEV_AUTH_FUNC_TEST 61817fd14ceSopenharmony_ci KeyAliasType keyTypePeer = KEY_ALIAS_LT_KEY_PAIR; 61917fd14ceSopenharmony_ci#else 62017fd14ceSopenharmony_ci KeyAliasType keyTypePeer = (KeyAliasType)peerDeviceEntry->devType; 62117fd14ceSopenharmony_ci#endif 62217fd14ceSopenharmony_ci const char *peerAuthId = StringGet(&peerDeviceEntry->authId); 62317fd14ceSopenharmony_ci Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) }; 62417fd14ceSopenharmony_ci int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyTypePeer, &peerAuthIdBuff, peerKeyAlias); 62517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 62617fd14ceSopenharmony_ci LOGE("Failed to generate peer key alias!"); 62717fd14ceSopenharmony_ci return ret; 62817fd14ceSopenharmony_ci } 62917fd14ceSopenharmony_ci if (peerDeviceEntry->upgradeFlag == 1) { 63017fd14ceSopenharmony_ci ret = ToLowerCase(peerKeyAlias); 63117fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 63217fd14ceSopenharmony_ci LOGE("Failed to convert peer key alias to lower case!"); 63317fd14ceSopenharmony_ci return ret; 63417fd14ceSopenharmony_ci } 63517fd14ceSopenharmony_ci } 63617fd14ceSopenharmony_ci return HC_SUCCESS; 63717fd14ceSopenharmony_ci} 63817fd14ceSopenharmony_ci 63917fd14ceSopenharmony_cistatic int32_t CheckSelfKeyAlias(const Uint8Buff *selfKeyAlias, bool isSelfFromUpgrade, int32_t osAccountId, 64017fd14ceSopenharmony_ci const char *groupId) 64117fd14ceSopenharmony_ci{ 64217fd14ceSopenharmony_ci int32_t ret = GetLoaderInstance()->checkKeyExist(selfKeyAlias, isSelfFromUpgrade, osAccountId); 64317fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 64417fd14ceSopenharmony_ci LOGE("self auth keyPair not exist, need to delete group and devices!"); 64517fd14ceSopenharmony_ci if (DelGroupFromDb(osAccountId, groupId) != HC_SUCCESS) { 64617fd14ceSopenharmony_ci LOGW("delete group from db failed!"); 64717fd14ceSopenharmony_ci return ret; 64817fd14ceSopenharmony_ci } 64917fd14ceSopenharmony_ci LOGI("self auth keyPair not exist, delete group from db successfully!"); 65017fd14ceSopenharmony_ci } 65117fd14ceSopenharmony_ci return ret; 65217fd14ceSopenharmony_ci} 65317fd14ceSopenharmony_ci 65417fd14ceSopenharmony_cistatic int32_t CheckPeerKeyAlias(const Uint8Buff *peerKeyAlias, bool isPeerFromUpgrade, int32_t osAccountId, 65517fd14ceSopenharmony_ci const char *groupId, const TrustedDeviceEntry *peerDeviceEntry) 65617fd14ceSopenharmony_ci{ 65717fd14ceSopenharmony_ci int32_t ret = GetLoaderInstance()->checkKeyExist(peerKeyAlias, isPeerFromUpgrade, osAccountId); 65817fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 65917fd14ceSopenharmony_ci LOGE("peer auth pubKey not exist, need to delete peer device!"); 66017fd14ceSopenharmony_ci if (DelDeviceFromDb(osAccountId, groupId, peerDeviceEntry) != HC_SUCCESS) { 66117fd14ceSopenharmony_ci LOGW("delete peer device from db failed!"); 66217fd14ceSopenharmony_ci return ret; 66317fd14ceSopenharmony_ci } 66417fd14ceSopenharmony_ci LOGI("peer auth pubKey not exist, delete peer device from db successfully!"); 66517fd14ceSopenharmony_ci } 66617fd14ceSopenharmony_ci return ret; 66717fd14ceSopenharmony_ci} 66817fd14ceSopenharmony_ci 66917fd14ceSopenharmony_cistatic int32_t ComputeAndSavePsk(int32_t osAccountId, const char *groupId, 67017fd14ceSopenharmony_ci const TrustedDeviceEntry *peerDeviceEntry, const Uint8Buff *sharedKeyAlias) 67117fd14ceSopenharmony_ci{ 67217fd14ceSopenharmony_ci Uint8Buff selfAuthIdBuff = { NULL, 0 }; 67317fd14ceSopenharmony_ci int32_t selfUserType = 0; 67417fd14ceSopenharmony_ci int32_t selfUpgradeFlag = 0; 67517fd14ceSopenharmony_ci int32_t ret = GetSelfAuthIdAndUserType(osAccountId, groupId, &selfAuthIdBuff, &selfUserType, &selfUpgradeFlag); 67617fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 67717fd14ceSopenharmony_ci LOGE("Failed to get self auth id and user type!"); 67817fd14ceSopenharmony_ci return ret; 67917fd14ceSopenharmony_ci } 68017fd14ceSopenharmony_ci const char *serviceType = StringGet(&peerDeviceEntry->serviceType); 68117fd14ceSopenharmony_ci bool isSelfFromUpgrade = selfUpgradeFlag == 1; 68217fd14ceSopenharmony_ci uint8_t selfKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 }; 68317fd14ceSopenharmony_ci Uint8Buff selfKeyAlias = { selfKeyAliasVal, PAKE_KEY_ALIAS_LEN }; 68417fd14ceSopenharmony_ci ret = GenerateSelfKeyAlias(serviceType, selfUserType, &selfAuthIdBuff, isSelfFromUpgrade, &selfKeyAlias); 68517fd14ceSopenharmony_ci HcFree(selfAuthIdBuff.val); 68617fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 68717fd14ceSopenharmony_ci LOGE("Failed to generate self key alias!"); 68817fd14ceSopenharmony_ci return ret; 68917fd14ceSopenharmony_ci } 69017fd14ceSopenharmony_ci 69117fd14ceSopenharmony_ci uint8_t peerKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 }; 69217fd14ceSopenharmony_ci Uint8Buff peerKeyAlias = { peerKeyAliasVal, PAKE_KEY_ALIAS_LEN }; 69317fd14ceSopenharmony_ci ret = GeneratePeerKeyAlias(peerDeviceEntry, &peerKeyAlias); 69417fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 69517fd14ceSopenharmony_ci LOGE("Failed to generate peer key alias!"); 69617fd14ceSopenharmony_ci return ret; 69717fd14ceSopenharmony_ci } 69817fd14ceSopenharmony_ci 69917fd14ceSopenharmony_ci ret = CheckSelfKeyAlias(&selfKeyAlias, isSelfFromUpgrade, osAccountId, groupId); 70017fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 70117fd14ceSopenharmony_ci return ret; 70217fd14ceSopenharmony_ci } 70317fd14ceSopenharmony_ci bool isPeerFromUpgrade = peerDeviceEntry->upgradeFlag == 1; 70417fd14ceSopenharmony_ci ret = CheckPeerKeyAlias(&peerKeyAlias, isPeerFromUpgrade, osAccountId, groupId, peerDeviceEntry); 70517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 70617fd14ceSopenharmony_ci return ret; 70717fd14ceSopenharmony_ci } 70817fd14ceSopenharmony_ci uint8_t peerPubKeyVal[PAKE_ED25519_KEY_PAIR_LEN] = { 0 }; 70917fd14ceSopenharmony_ci Uint8Buff peerPubKeyBuff = { peerPubKeyVal, PAKE_ED25519_KEY_PAIR_LEN }; 71017fd14ceSopenharmony_ci KeyParams peerKeyParams = { { peerKeyAlias.val, peerKeyAlias.length, true }, isPeerFromUpgrade, osAccountId }; 71117fd14ceSopenharmony_ci ret = GetLoaderInstance()->exportPublicKey(&peerKeyParams, &peerPubKeyBuff); 71217fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 71317fd14ceSopenharmony_ci LOGE("Failed to export peer public key!"); 71417fd14ceSopenharmony_ci return ret; 71517fd14ceSopenharmony_ci } 71617fd14ceSopenharmony_ci KeyParams selfKeyAliasParams = { { selfKeyAlias.val, selfKeyAlias.length, true }, isSelfFromUpgrade, osAccountId }; 71717fd14ceSopenharmony_ci KeyBuff peerKeyBuff = { peerPubKeyBuff.val, peerPubKeyBuff.length, false }; 71817fd14ceSopenharmony_ci return GetLoaderInstance()->agreeSharedSecretWithStorage( 71917fd14ceSopenharmony_ci &selfKeyAliasParams, &peerKeyBuff, ED25519, PAKE_PSK_LEN, sharedKeyAlias); 72017fd14ceSopenharmony_ci} 72117fd14ceSopenharmony_ci 72217fd14ceSopenharmony_cistatic int32_t GeneratePskAliasAndCheckExist(const CJson *in, const char *groupId, Uint8Buff *pskKeyAlias) 72317fd14ceSopenharmony_ci{ 72417fd14ceSopenharmony_ci int32_t osAccountId = INVALID_OS_ACCOUNT; 72517fd14ceSopenharmony_ci if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) { 72617fd14ceSopenharmony_ci LOGE("Failed to get osAccountId!"); 72717fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 72817fd14ceSopenharmony_ci } 72917fd14ceSopenharmony_ci TrustedDeviceEntry *deviceEntry = CreateDeviceEntry(); 73017fd14ceSopenharmony_ci if (deviceEntry == NULL) { 73117fd14ceSopenharmony_ci LOGE("Failed to create device entry!"); 73217fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 73317fd14ceSopenharmony_ci } 73417fd14ceSopenharmony_ci int32_t ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry); 73517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 73617fd14ceSopenharmony_ci LOGE("Failed to get peer device entry!"); 73717fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 73817fd14ceSopenharmony_ci return ret; 73917fd14ceSopenharmony_ci } 74017fd14ceSopenharmony_ci Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) }; 74117fd14ceSopenharmony_ci const char *serviceType = StringGet(&deviceEntry->serviceType); 74217fd14ceSopenharmony_ci Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) }; 74317fd14ceSopenharmony_ci const char *peerAuthId = StringGet(&deviceEntry->authId); 74417fd14ceSopenharmony_ci Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) }; 74517fd14ceSopenharmony_ci ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, KEY_ALIAS_PSK, &peerAuthIdBuff, pskKeyAlias); 74617fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 74717fd14ceSopenharmony_ci LOGE("Failed to generate psk key alias!"); 74817fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 74917fd14ceSopenharmony_ci return ret; 75017fd14ceSopenharmony_ci } 75117fd14ceSopenharmony_ci bool isPeerFromUpgrade = deviceEntry->upgradeFlag == 1; 75217fd14ceSopenharmony_ci if (isPeerFromUpgrade) { 75317fd14ceSopenharmony_ci ret = ToLowerCase(pskKeyAlias); 75417fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 75517fd14ceSopenharmony_ci LOGE("Failed to convert psk alias to lower case!"); 75617fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 75717fd14ceSopenharmony_ci return ret; 75817fd14ceSopenharmony_ci } 75917fd14ceSopenharmony_ci } 76017fd14ceSopenharmony_ci LOGI("psk alias: %x %x %x %x****.", pskKeyAlias->val[DEV_AUTH_ZERO], pskKeyAlias->val[DEV_AUTH_ONE], 76117fd14ceSopenharmony_ci pskKeyAlias->val[DEV_AUTH_TWO], pskKeyAlias->val[DEV_AUTH_THREE]); 76217fd14ceSopenharmony_ci if (GetLoaderInstance()->checkKeyExist(pskKeyAlias, isPeerFromUpgrade, osAccountId) != HC_SUCCESS) { 76317fd14ceSopenharmony_ci ret = ComputeAndSavePsk(osAccountId, groupId, deviceEntry, pskKeyAlias); 76417fd14ceSopenharmony_ci } 76517fd14ceSopenharmony_ci DestroyDeviceEntry(deviceEntry); 76617fd14ceSopenharmony_ci return ret; 76717fd14ceSopenharmony_ci} 76817fd14ceSopenharmony_ci 76917fd14ceSopenharmony_cistatic int32_t GetSharedSecretForP2pInPake(const CJson *in, const char *groupId, Uint8Buff *sharedSecret) 77017fd14ceSopenharmony_ci{ 77117fd14ceSopenharmony_ci int32_t osAccountId; 77217fd14ceSopenharmony_ci if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) { 77317fd14ceSopenharmony_ci LOGE("Failed to get osAccountId!"); 77417fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 77517fd14ceSopenharmony_ci } 77617fd14ceSopenharmony_ci uint8_t pskKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 }; 77717fd14ceSopenharmony_ci Uint8Buff pskKeyAlias = { pskKeyAliasVal, PAKE_KEY_ALIAS_LEN }; 77817fd14ceSopenharmony_ci int32_t ret = GeneratePskAliasAndCheckExist(in, groupId, &pskKeyAlias); 77917fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 78017fd14ceSopenharmony_ci LOGE("Failed to generate key alias for psk!"); 78117fd14ceSopenharmony_ci return ret; 78217fd14ceSopenharmony_ci } 78317fd14ceSopenharmony_ci uint8_t *pskVal = (uint8_t *)HcMalloc(PAKE_PSK_LEN, 0); 78417fd14ceSopenharmony_ci if (pskVal == NULL) { 78517fd14ceSopenharmony_ci LOGE("Failed to alloc memory for psk!"); 78617fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 78717fd14ceSopenharmony_ci } 78817fd14ceSopenharmony_ci Uint8Buff pskBuff = { pskVal, PAKE_PSK_LEN }; 78917fd14ceSopenharmony_ci uint8_t *nonceVal = (uint8_t *)HcMalloc(PAKE_NONCE_LEN, 0); 79017fd14ceSopenharmony_ci if (nonceVal == NULL) { 79117fd14ceSopenharmony_ci LOGE("Failed to alloc memory for nonce!"); 79217fd14ceSopenharmony_ci HcFree(pskVal); 79317fd14ceSopenharmony_ci return HC_ERR_ALLOC_MEMORY; 79417fd14ceSopenharmony_ci } 79517fd14ceSopenharmony_ci Uint8Buff nonceBuff = { nonceVal, PAKE_NONCE_LEN }; 79617fd14ceSopenharmony_ci ret = GetByteFromJson(in, FIELD_NONCE, nonceBuff.val, nonceBuff.length); 79717fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 79817fd14ceSopenharmony_ci LOGE("Failed to get nonce!"); 79917fd14ceSopenharmony_ci HcFree(pskVal); 80017fd14ceSopenharmony_ci HcFree(nonceVal); 80117fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 80217fd14ceSopenharmony_ci } 80317fd14ceSopenharmony_ci Uint8Buff keyInfo = { (uint8_t *)TMP_AUTH_KEY_FACTOR, HcStrlen(TMP_AUTH_KEY_FACTOR) }; 80417fd14ceSopenharmony_ci KeyParams keyAliasParams = { { pskKeyAlias.val, pskKeyAlias.length, true }, false, osAccountId }; 80517fd14ceSopenharmony_ci ret = GetLoaderInstance()->computeHkdf(&keyAliasParams, &nonceBuff, &keyInfo, &pskBuff); 80617fd14ceSopenharmony_ci HcFree(nonceVal); 80717fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 80817fd14ceSopenharmony_ci LOGE("Failed to compute hkdf for psk!"); 80917fd14ceSopenharmony_ci HcFree(pskVal); 81017fd14ceSopenharmony_ci return ret; 81117fd14ceSopenharmony_ci } 81217fd14ceSopenharmony_ci 81317fd14ceSopenharmony_ci ret = ConvertPsk(&pskBuff, sharedSecret); 81417fd14ceSopenharmony_ci HcFree(pskVal); 81517fd14ceSopenharmony_ci if (ret != HC_SUCCESS) { 81617fd14ceSopenharmony_ci LOGE("Failed to convert psk!"); 81717fd14ceSopenharmony_ci } 81817fd14ceSopenharmony_ci return ret; 81917fd14ceSopenharmony_ci} 82017fd14ceSopenharmony_ci 82117fd14ceSopenharmony_cistatic int32_t GetSharedSecretForP2p( 82217fd14ceSopenharmony_ci const CJson *in, const CJson *urlJson, ProtocolAlgType protocolType, Uint8Buff *sharedSecret) 82317fd14ceSopenharmony_ci{ 82417fd14ceSopenharmony_ci const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID); 82517fd14ceSopenharmony_ci if (groupId == NULL) { 82617fd14ceSopenharmony_ci LOGE("Failed to get groupId!"); 82717fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 82817fd14ceSopenharmony_ci } 82917fd14ceSopenharmony_ci int32_t ret; 83017fd14ceSopenharmony_ci if (protocolType == ALG_ISO) { 83117fd14ceSopenharmony_ci ret = GetSharedSecretForP2pInIso(in, groupId, sharedSecret); 83217fd14ceSopenharmony_ci LOGI("get shared secret for p2p in iso result: %d", ret); 83317fd14ceSopenharmony_ci } else { 83417fd14ceSopenharmony_ci ret = GetSharedSecretForP2pInPake(in, groupId, sharedSecret); 83517fd14ceSopenharmony_ci LOGI("get shared secret for p2p in pake result: %d", ret); 83617fd14ceSopenharmony_ci } 83717fd14ceSopenharmony_ci return ret; 83817fd14ceSopenharmony_ci} 83917fd14ceSopenharmony_ci 84017fd14ceSopenharmony_cistatic int32_t GetSharedSecretByUrl( 84117fd14ceSopenharmony_ci const CJson *in, const Uint8Buff *presharedUrl, ProtocolAlgType protocolType, Uint8Buff *sharedSecret) 84217fd14ceSopenharmony_ci{ 84317fd14ceSopenharmony_ci if (in == NULL || presharedUrl == NULL || sharedSecret == NULL) { 84417fd14ceSopenharmony_ci LOGE("Invalid input params!"); 84517fd14ceSopenharmony_ci return HC_ERR_INVALID_PARAMS; 84617fd14ceSopenharmony_ci } 84717fd14ceSopenharmony_ci 84817fd14ceSopenharmony_ci CJson *urlJson = CreateJsonFromString((const char *)presharedUrl->val); 84917fd14ceSopenharmony_ci if (urlJson == NULL) { 85017fd14ceSopenharmony_ci LOGE("Failed to create url json!"); 85117fd14ceSopenharmony_ci return HC_ERR_JSON_CREATE; 85217fd14ceSopenharmony_ci } 85317fd14ceSopenharmony_ci 85417fd14ceSopenharmony_ci int32_t trustType = 0; 85517fd14ceSopenharmony_ci if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) { 85617fd14ceSopenharmony_ci LOGE("Failed to get trust type!"); 85717fd14ceSopenharmony_ci FreeJson(urlJson); 85817fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 85917fd14ceSopenharmony_ci } 86017fd14ceSopenharmony_ci 86117fd14ceSopenharmony_ci int32_t ret; 86217fd14ceSopenharmony_ci switch (trustType) { 86317fd14ceSopenharmony_ci case TRUST_TYPE_P2P: 86417fd14ceSopenharmony_ci ret = GetSharedSecretForP2p(in, urlJson, protocolType, sharedSecret); 86517fd14ceSopenharmony_ci break; 86617fd14ceSopenharmony_ci case TRUST_TYPE_UID: 86717fd14ceSopenharmony_ci if (protocolType != ALG_ISO) { 86817fd14ceSopenharmony_ci LOGE("protocol type is not iso, not supported!"); 86917fd14ceSopenharmony_ci ret = HC_ERR_INVALID_PARAMS; 87017fd14ceSopenharmony_ci } else { 87117fd14ceSopenharmony_ci ret = GetAccountSymSharedSecret(in, urlJson, sharedSecret); 87217fd14ceSopenharmony_ci } 87317fd14ceSopenharmony_ci break; 87417fd14ceSopenharmony_ci default: 87517fd14ceSopenharmony_ci LOGE("Invalid trust type!"); 87617fd14ceSopenharmony_ci ret = HC_ERR_INVALID_PARAMS; 87717fd14ceSopenharmony_ci break; 87817fd14ceSopenharmony_ci } 87917fd14ceSopenharmony_ci FreeJson(urlJson); 88017fd14ceSopenharmony_ci 88117fd14ceSopenharmony_ci return ret; 88217fd14ceSopenharmony_ci} 88317fd14ceSopenharmony_ci 88417fd14ceSopenharmony_cistatic int32_t GetCredInfoByPeerCert(const CJson *in, const CertInfo *certInfo, IdentityInfo **returnInfo) 88517fd14ceSopenharmony_ci{ 88617fd14ceSopenharmony_ci if (in == NULL || certInfo == NULL || returnInfo == NULL) { 88717fd14ceSopenharmony_ci LOGE("Invalid input params!"); 88817fd14ceSopenharmony_ci return HC_ERR_INVALID_PARAMS; 88917fd14ceSopenharmony_ci } 89017fd14ceSopenharmony_ci int32_t osAccountId = INVALID_OS_ACCOUNT; 89117fd14ceSopenharmony_ci if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) { 89217fd14ceSopenharmony_ci LOGE("Failed to get osAccountId!"); 89317fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 89417fd14ceSopenharmony_ci } 89517fd14ceSopenharmony_ci int32_t res = GetAccountAsymCredInfo(osAccountId, certInfo, returnInfo); 89617fd14ceSopenharmony_ci if (res != HC_SUCCESS) { 89717fd14ceSopenharmony_ci LOGE("Failed to get account asym cred info!"); 89817fd14ceSopenharmony_ci return res; 89917fd14ceSopenharmony_ci } 90017fd14ceSopenharmony_ci if (certInfo->isPseudonym) { 90117fd14ceSopenharmony_ci (*returnInfo)->proof.certInfo.isPseudonym = true; 90217fd14ceSopenharmony_ci } else { 90317fd14ceSopenharmony_ci (*returnInfo)->proof.certInfo.isPseudonym = false; 90417fd14ceSopenharmony_ci } 90517fd14ceSopenharmony_ci return HC_SUCCESS; 90617fd14ceSopenharmony_ci} 90717fd14ceSopenharmony_ci 90817fd14ceSopenharmony_cistatic int32_t GetSharedSecretByPeerCert( 90917fd14ceSopenharmony_ci const CJson *in, const CertInfo *peerCertInfo, ProtocolAlgType protocolType, Uint8Buff *sharedSecret) 91017fd14ceSopenharmony_ci{ 91117fd14ceSopenharmony_ci if (in == NULL || peerCertInfo == NULL || sharedSecret == NULL) { 91217fd14ceSopenharmony_ci LOGE("Invalid input params!"); 91317fd14ceSopenharmony_ci return HC_ERR_INVALID_PARAMS; 91417fd14ceSopenharmony_ci } 91517fd14ceSopenharmony_ci if (protocolType != ALG_EC_SPEKE) { 91617fd14ceSopenharmony_ci LOGE("protocol type is not ec speke, not support!"); 91717fd14ceSopenharmony_ci return HC_ERR_INVALID_PARAMS; 91817fd14ceSopenharmony_ci } 91917fd14ceSopenharmony_ci int32_t osAccountId = INVALID_OS_ACCOUNT; 92017fd14ceSopenharmony_ci if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) { 92117fd14ceSopenharmony_ci LOGE("Failed to get osAccountId!"); 92217fd14ceSopenharmony_ci return HC_ERR_JSON_GET; 92317fd14ceSopenharmony_ci } 92417fd14ceSopenharmony_ci const char *peerUserId = GetStringFromJson(in, FIELD_PEER_USER_ID); 92517fd14ceSopenharmony_ci if (peerUserId != NULL) { 92617fd14ceSopenharmony_ci LOGE("peerUserId exists."); 92717fd14ceSopenharmony_ci } 92817fd14ceSopenharmony_ci return GetAccountAsymSharedSecret(osAccountId, peerUserId, peerCertInfo, sharedSecret); 92917fd14ceSopenharmony_ci} 93017fd14ceSopenharmony_ci 93117fd14ceSopenharmony_cistatic const AuthIdentity g_authIdentity = { 93217fd14ceSopenharmony_ci .getCredInfosByPeerIdentity = GetCredInfosByPeerIdentity, 93317fd14ceSopenharmony_ci .getCredInfoByPeerUrl = GetCredInfoByPeerUrl, 93417fd14ceSopenharmony_ci .getSharedSecretByUrl = GetSharedSecretByUrl, 93517fd14ceSopenharmony_ci .getCredInfoByPeerCert = GetCredInfoByPeerCert, 93617fd14ceSopenharmony_ci .getSharedSecretByPeerCert = GetSharedSecretByPeerCert, 93717fd14ceSopenharmony_ci}; 93817fd14ceSopenharmony_ci 93917fd14ceSopenharmony_ciconst AuthIdentity *GetGroupAuthIdentity(void) 94017fd14ceSopenharmony_ci{ 94117fd14ceSopenharmony_ci return &g_authIdentity; 94217fd14ceSopenharmony_ci}