# è®¾å¤‡äº’ä¿¡è®¤è¯<a name="ZH-CN_TOPIC_0000001150002727"></a>

-   [ç®€ä»‹](#section11660541593)
-   [ç›®å½•](#section161941989596)
-   [è¯´æ˜Ž](#section1312121216216)
    -   [æŽ¥å£è¯´æ˜Ž](#section1551164914237)

-   [ç›¸å…³ä»“](#section1371113476307)

## ç®€ä»‹<a name="section11660541593"></a>

åœ¨OpenHarmonyä¸ï¼Œè®¾å¤‡äº’ä¿¡è®¤è¯æ¨¡å—ä½œä¸ºå®‰å…¨åç³»ç»Ÿçš„åæ¨¡å—ï¼Œè´Ÿè´£è®¾å¤‡é—´å¯ä¿¡å…³ç³»çš„å»ºç«‹ã€ç»´æŠ¤ã€ä½¿ç”¨ã€æ’¤é”€ç‰å…¨ç”Ÿå‘½å‘¨æœŸçš„ç®¡ç†ï¼Œå®žçŽ°å¯ä¿¡è®¾å¤‡é—´çš„äº’ä¿¡è®¤è¯å’Œå®‰å…¨ä¼šè¯å¯†é’¥åå•†ï¼Œæ˜¯æè½½OpenHarmonyçš„è®¾å¤‡è¿›è¡Œå¯ä¿¡äº’è”çš„åŸºç¡€å¹³å°èƒ½åŠ›ã€‚

è®¾å¤‡äº’ä¿¡è®¤è¯æ¨¡å—å½“å‰æä¾›å¦‚ä¸‹åŠŸèƒ½ï¼š

-   è®¾å¤‡äº’ä¿¡å…³ç³»ç®¡ç†åŠŸèƒ½ï¼šç»Ÿä¸€ç®¡ç†è®¾å¤‡äº’ä¿¡å…³ç³»çš„å»ºç«‹ã€ç»´æŠ¤ã€æ’¤é”€è¿‡ç¨‹ï¼›æ”¯æŒå„ä¸ªä¸šåŠ¡åˆ›å»ºçš„è®¾å¤‡äº’ä¿¡å…³ç³»çš„éš”ç¦»å’Œå¯æŽ§å…±äº«ã€‚
-   è®¾å¤‡äº’ä¿¡å…³ç³»è®¤è¯åŠŸèƒ½ï¼šæä¾›è®¤è¯è®¾å¤‡é—´äº’ä¿¡å…³ç³»ã€è¿›è¡Œå®‰å…¨ä¼šè¯å¯†é’¥åå•†çš„èƒ½åŠ›ï¼Œæ”¯æŒåˆ†å¸ƒå¼è½¯æ€»çº¿å®žçŽ°äº’ä¿¡è®¾å¤‡é—´çš„ç»„ç½‘ã€‚

ä¸ºå®žçŽ°ä¸Šè¿°åŠŸèƒ½ï¼Œè®¾å¤‡äº’ä¿¡è®¤è¯æ¨¡å—å½“å‰åŒ…å«è®¾å¤‡ç¾¤ç»„ç®¡ç†ã€è®¾å¤‡ç¾¤ç»„è®¤è¯å’Œå¸å·æ— å…³ç‚¹å¯¹ç‚¹è®¤è¯ä¸‰ä¸ªåæ¨¡å—ï¼Œå…¶éƒ¨ç½²é€»è¾‘å¦‚ä¸‹å›¾ï¼š

**å›¾ 1**  åç³»ç»Ÿæž¶æž„å›¾<a name="fig4460722185514"></a>  


![](figures/zh-cn_deviceauth_architecture.png)

å…¶ä¸ï¼Œ

-   è®¾å¤‡ç¾¤ç»„ç®¡ç†æœåŠ¡ï¼šç»Ÿä¸€ç®¡ç†ä¸åŒä¸šåŠ¡å»ºç«‹çš„æœ¬è®¾å¤‡ä¸Žå…¶ä»–è®¾å¤‡é—´çš„äº’ä¿¡å…³ç³»ï¼Œå¹¶å¯¹å¤–æä¾›è®¾å¤‡äº’ä¿¡å…³ç³»çš„åˆ›å»ºå…¥å£ ï¼Œå®Œæˆä¿¡ä»»å»ºç«‹åŽåˆ›å»ºå¸å·æ— å…³è®¾å¤‡ç¾¤ç»„ï¼Œå¹¶å°†ä¿¡ä»»å¯¹è±¡è®¾å¤‡æ·»åŠ è¿›ç¾¤ç»„ï¼›OpenHarmonyä¸Šå„ä¸šåŠ¡å¯ç‹¬ç«‹åˆ›å»ºç›¸äº’éš”ç¦»çš„è®¾å¤‡é—´å¯ä¿¡å…³ç³»ã€‚
-   è®¾å¤‡ç¾¤ç»„è®¤è¯æœåŠ¡ï¼šæ”¯æŒå·²å»ºç«‹å¯ä¿¡å…³ç³»çš„è®¾å¤‡é—´å®Œæˆäº’ä¿¡å…³ç³»çš„è®¤è¯åŠä¼šè¯å¯†é’¥çš„åå•†ã€‚
-   å¸å·æ— å…³ç‚¹å¯¹ç‚¹è®¾å¤‡äº’ä¿¡è®¤è¯ï¼šæä¾›è®¾å¤‡é—´åŸºäºŽå…±äº«ç§˜å¯†å»ºç«‹ä¸€å¯¹ä¸€äº’ä¿¡å…³ç³»çš„åŠŸèƒ½ï¼Œå¹¶æ”¯æŒåŸºäºŽè¿™ç§äº’ä¿¡å…³ç³»çš„è®¤è¯å¯†é’¥åå•†ã€‚
-   è®¤è¯åè®®åº“ï¼šç»Ÿä¸€å°è£…ä¸åŒç±»åž‹çš„è®¤è¯åè®®ï¼Œæ”¯æŒå¤šç§è½»é‡çº§ä»¥åŠæ ‡å‡†è®¤è¯åè®®å®žçŽ°ã€‚



å…±äº«ç§˜å¯†çš„ä½¿ç”¨è¦æ±‚å’Œçº¦æŸï¼š

ä¸šåŠ¡åœ¨è®¾å¤‡é—´å»ºç«‹è´¦å·æ— å…³ç‚¹å¯¹ç‚¹ä¿¡ä»»å…³ç³»æ—¶ï¼Œéœ€è¦ä½¿ç”¨å¸¦å¤–å…±äº«çš„ç§˜å¯†ä¿¡æ¯ï¼Œè¯¥ç§˜å¯†ä¿¡æ¯åœ¨å…±äº«æ–¹å¼ã€é•¿åº¦ã€å¤æ‚åº¦ä»¥åŠæ—¶æ•ˆæ€§ä¸Šå‡éœ€ç¬¦åˆå®‰å…¨è¦æ±‚ã€‚ç³»ç»Ÿä¼šå¯¹å…±äº«ç§˜å¯†çš„é•¿åº¦åšçº¦æŸï¼Œå¦‚ä¸æ»¡è¶³ï¼Œåˆ™æ— æ³•è¿›è¡Œè´¦å·æ— å…³ç‚¹å¯¹ç‚¹ä¿¡ä»»å…³ç³»çš„å»ºç«‹ï¼Œè§„åˆ™å¦‚ä¸‹ï¼š

| åè®®     | å…±äº«ç§˜å¯†ï¼ˆPINç ï¼‰é•¿åº¦ |
| -------- | --------------------- |
| EC-SPEKE | >=6bit                |
| DL-SPEKE | >=6bit                |
| ISO      | >=128bit              |

## ç›®å½•<a name="section161941989596"></a>

```
/base/security/device_auth
â”œâ”€â”€ default_config               # ç¼–è¯‘é…ç½®æ–‡ä»¶
â”œâ”€â”€ frameworks                   # è®¾å¤‡äº’ä¿¡è®¤è¯IPCä»£ç 
â”œâ”€â”€ interfaces                   # å¯¹å¤–æŽ¥å£ç›®å½•
â”œâ”€â”€ test                         # è®¾å¤‡äº’ä¿¡è®¤è¯çš„æŽ¥å£æµ‹è¯•ç”¨ä¾‹
â”œâ”€â”€ common_lib                   # Cè¯è¨€å…¬å…±åŸºç¡€åº“
â”œâ”€â”€ deps_adapter                 # ä¾èµ–ç»„ä»¶é€‚é…å™¨ä»£ç 
â”‚   â”œâ”€â”€ key_management_adapter   # å¯†é’¥åŠç®—æ³•é€‚é…å±‚
â”‚   â””â”€â”€ os_adapter               # ç³»ç»Ÿèƒ½åŠ›é€‚é…å±‚
â””â”€â”€ services                     # è®¾å¤‡äº’ä¿¡è®¤è¯æœåŠ¡å±‚ä»£ç 
    â”œâ”€â”€ frameworks               # è®¾å¤‡äº’ä¿¡è®¤è¯æ¡†æž¶å±‚ä»£ç 
    â”œâ”€â”€ data_manager             # è®¾å¤‡äº’ä¿¡ç¾¤ç»„ä¿¡æ¯ç®¡ç†æ¨¡å—
    â”œâ”€â”€ identity_manager         # è®¤è¯å‡æ®ç®¡ç†æ¨¡å—
    â”œâ”€â”€ legacy
    â”‚   â”œâ”€â”€ authenticators       # è®¤è¯æ‰§è¡Œæ¨¡å—
    â”‚   â”œâ”€â”€ group_auth           # è®¾å¤‡ç¾¤ç»„è®¤è¯æœåŠ¡
    â”‚   â”œâ”€â”€ group_manager        # è®¾å¤‡ç¾¤ç»„ç®¡ç†æœåŠ¡
    â”œâ”€â”€ creds_manager            # å‡æ®ç®¡ç†æ¨¡å—
    â”œâ”€â”€ mk_agree                 # è®¾å¤‡çº§ä¸»å¯†é’¥åå•†
    â”œâ”€â”€ cred_manager             # è´¦å·å‡æ®æ’ä»¶ç®¡ç†æ¨¡å—
    â”œâ”€â”€ key_agree_sdk            # å¯†é’¥åå•†sdk
    â”œâ”€â”€ privacy_enhancement      # éšç§å¢žå¼ºæ¨¡å—
    â”œâ”€â”€ session_manager          # ä¼šè¯ç®¡ç†æ¨¡å—
    â””â”€â”€ protocol                 # è®¤è¯åè®®åº“
```

## è¯´æ˜Ž<a name="section1312121216216"></a>

### æŽ¥å£è¯´æ˜Ž<a name="section1551164914237"></a>

è®¾å¤‡äº’ä¿¡è®¤è¯ç»„ä»¶ä¸ï¼Œè®¾å¤‡ç¾¤ç»„ç®¡ç†æœåŠ¡è´Ÿè´£å°†ä¸åŒä¸šåŠ¡å»ºç«‹çš„è®¾å¤‡é—´å¯ä¿¡å…³ç³»æŠ½è±¡æˆä¸€ä¸ªä¸ªå¯ä¿¡ç¾¤ç»„ï¼Œå¯¹å¤–æä¾›ç»Ÿä¸€çš„æŽ¥å£ï¼ŒåŒ…å«ç¾¤ç»„åˆ›å»ºã€åˆ é™¤ã€æŸ¥è¯¢ç‰åŠŸèƒ½ï¼›è®¾å¤‡ç¾¤ç»„è®¤è¯æœåŠ¡åŸºäºŽå·²ç»å»ºç«‹è¿‡å¯ä¿¡å…³ç³»çš„è®¾å¤‡ç¾¤ç»„ï¼Œæä¾›è®¾å¤‡å¯ä¿¡è®¤è¯ä¸Žç«¯åˆ°ç«¯ä¼šè¯å¯†é’¥åå•†åŠŸèƒ½ï¼›åŒæ—¶æä¾›ç¾¤ç»„æ— å…³ï¼ŒåŸºäºŽè®¤è¯å‡æ®çš„è®¾å¤‡äº’ä¿¡è®¤è¯èƒ½åŠ›ã€‚

**è¡¨ 1**  è®¾å¤‡ç¾¤ç»„ç®¡ç†æœåŠ¡æä¾›çš„APIæŽ¥å£\(DeviceGroupManager\)åŠŸèƒ½ä»‹ç»

<a name="table1731550155318"></a>
<table><thead align="left"><tr id="row4419501537"><th class="cellrowborder" valign="top" width="57.38999999999999%" id="mcps1.2.3.1.1"><p id="p54150165315"><a name="p54150165315"></a><a name="p54150165315"></a>æŽ¥å£å</p>
</th>
<th class="cellrowborder" valign="top" width="42.61%" id="mcps1.2.3.1.2"><p id="p941150145313"><a name="p941150145313"></a><a name="p941150145313"></a>æè¿°</p>
</th>
</tr>
</thead>
<tbody><tr id="row34145016535"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p1487722894416"><a name="p1487722894416"></a><a name="p1487722894416"></a>const DeviceGroupManager *GetGmInstance()</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p13562171015712"><a name="p13562171015712"></a><a name="p13562171015712"></a>èŽ·å–è®¾å¤‡ç¾¤ç»„ç®¡ç†çš„å®žä¾‹ã€‚</p>
</td>
</tr>
<tr id="row1027292610453"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p1227312634518"><a name="p1227312634518"></a><a name="p1227312634518"></a>int32_t RegCallback(const char *appId, const DeviceAuthCallback *callback)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p7488141134613"><a name="p7488141134613"></a><a name="p7488141134613"></a>æ³¨å†Œä¸šåŠ¡çš„ç›‘å¬å›žè°ƒã€‚</p>
</td>
</tr>
<tr id="row1746172917474"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p9758144610285"><a name="p9758144610285"></a><a name="p9758144610285"></a>int32_t CreateGroup(int32_t osAccountId, int64_t requestId, const char *appId, const char *createParams)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p2431455765"><a name="p2431455765"></a><a name="p2431455765"></a>åˆ›å»ºä¸€ä¸ªå¯ä¿¡è®¾å¤‡ç¾¤ç»„ã€‚</p>
</td>
</tr>
<tr id="row10992232154714"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p1310363994713"><a name="p1310363994713"></a><a name="p1310363994713"></a>int32_t DeleteGroup(int32_t osAccountId, int64_t requestId, const char *appId, const char *disbandParams)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p126575774517"><a name="p126575774517"></a><a name="p126575774517"></a>åˆ é™¤ä¸€ä¸ªå¯ä¿¡è®¾å¤‡ç¾¤ç»„ã€‚</p>
</td>
</tr>
<tr id="row1440154863415"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p19702122715481"><a name="p19702122715481"></a><a name="p19702122715481"></a>int32_t AddMemberToGroup(int32_t osAccountId, int64_t requestId, const char *appId, const char *addParams)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p240224817343"><a name="p240224817343"></a><a name="p240224817343"></a>æ·»åŠ æˆå‘˜åˆ°æŒ‡å®šç¾¤ç»„IDçš„å¯ä¿¡è®¾å¤‡ç¾¤ç»„ã€‚</p>
</td>
</tr>
<tr id="row495164812345"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p1872417515488"><a name="p1872417515488"></a><a name="p1872417515488"></a>int32_t DeleteMemberFromGroup(int32_t osAccountId, int64_t requestId, const char *appId, const char *deleteParams);</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p1995144893411"><a name="p1995144893411"></a><a name="p1995144893411"></a>ä»ŽæŒ‡å®šå¯ä¿¡è®¾å¤‡ç¾¤ç»„é‡Œåˆ é™¤å¯ä¿¡æˆå‘˜ã€‚</p>
</td>
</tr>
<tr id="row4107114933418"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p794617473016"><a name="p794617473016"></a><a name="p794617473016"></a>int32_t ProcessData(int64_t requestId, const uint8_t *data, uint32_t dataLen)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p11107849113418"><a name="p11107849113418"></a><a name="p11107849113418"></a>å¤„ç†ç»‘å®šæˆ–è€…è§£ç»‘çš„æ•°æ®ã€‚</p>
</td>
</tr>
<tr id="row3270349193419"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p179130216514"><a name="p179130216514"></a><a name="p179130216514"></a>int32_t GetGroupInfo(int32_t osAccountId, const char *appId, const char *queryParams, char **returnGroupVec, uint32_t *groupNum)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p12701049183411"><a name="p12701049183411"></a><a name="p12701049183411"></a>æŸ¥è¯¢å¯ä¿¡è®¾å¤‡ç¾¤ç»„ä¿¡æ¯ã€‚</p>
</td>
</tr>
</tbody>
</table>

**è¡¨ 2**  è®¾å¤‡ç¾¤ç»„è®¤è¯æ¨¡å—æä¾›çš„APIæŽ¥å£\(GroupAuthManager\)åŠŸèƒ½ä»‹ç»

<a name="table12330133114308"></a>
<table><thead align="left"><tr id="row15330631193013"><th class="cellrowborder" valign="top" width="57.38999999999999%" id="mcps1.2.3.1.1"><p id="p73319319302"><a name="p73319319302"></a><a name="p73319319302"></a>æŽ¥å£å</p>
</th>
<th class="cellrowborder" valign="top" width="42.61%" id="mcps1.2.3.1.2"><p id="p133312317305"><a name="p133312317305"></a><a name="p133312317305"></a>æè¿°</p>
</th>
</tr>
</thead>
<tbody><tr id="row15331183193010"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p19743328133620"><a name="p19743328133620"></a><a name="p19743328133620"></a>const GroupAuthManager *GetGaInstance()</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p16742028153611"><a name="p16742028153611"></a><a name="p16742028153611"></a>èŽ·å–è®¾å¤‡ç¾¤ç»„è®¤è¯çš„å®žä¾‹ã€‚</p>
</td>
</tr>
<tr id="row7331133163017"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p118111117133514"><a name="p118111117133514"></a><a name="p118111117133514"></a>int32_t AuthDevice(int32_t osAccountId, int64_t authReqId, const char *authParams, const DeviceAuthCallback *gaCallback)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p151481335193817"><a name="p151481335193817"></a><a name="p151481335193817"></a>è®¤è¯å¯ä¿¡è®¾å¤‡ã€‚</p>
</td>
</tr>
<tr id="row633283153012"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p12534111115352"><a name="p12534111115352"></a><a name="p12534111115352"></a>int32_t ProcessData(int64_t authReqId, const uint8_t *data, uint32_t dataLen, const DeviceAuthCallback *gaCallback)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p1633173173012"><a name="p1633173173012"></a><a name="p1633173173012"></a>å¤„ç†è®¤è¯çš„æ•°æ®ã€‚</p>
</td>
</tr>
</tbody>
</table>

**è¡¨ 3**  åŸºäºŽè®¤è¯å‡æ®çš„è®¾å¤‡äº’ä¿¡è®¤è¯èƒ½åŠ›ç›¸å…³APIæŽ¥å£åŠŸèƒ½ä»‹ç»

<a name="table12330133114309"></a>
<table><thead align="left"><tr id="row15330631193013"><th class="cellrowborder" valign="top" width="57.38999999999999%" id="mcps1.2.3.1.1"><p id="p73319319303"><a name="p73319319303"></a><a name="p73319319303"></a>æŽ¥å£å</p>
</th>
<th class="cellrowborder" valign="top" width="42.61%" id="mcps1.2.3.1.2"><p id="p133312317306"><a name="p133312317306"></a><a name="p133312317306"></a>æè¿°</p>
</th>
</tr>
</thead>
<tbody><tr id="row15331183193011"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p19743328133621"><a name="p19743328133621"></a><a name="p19743328133621"></a>int32_t StartAuthDevice(int64_t requestId, const char* authParams, const DeviceAuthCallback* callbak)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p16742028153612"><a name="p16742028153612"></a><a name="p16742028153612"></a>æŒ‡å®šè®¤è¯å‡æ®ï¼Œè§¦å‘è®¾å¤‡äº’ä¿¡è®¤è¯ã€‚</p>
</td>
</tr>
<tr id="row7331133163018"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p118111117133515"><a name="p118111117133515"></a><a name="p118111117133515"></a>int32_t ProcessAuthDevice(int64_t requestId, const char* authParams, const DeviceAuthCallback* callbak)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p151481335193818"><a name="p151481335193818"></a><a name="p151481335193818"></a>å“åº”è®¤è¯è¯·æ±‚ï¼Œå¤„ç†è®¤è¯æ•°æ®ã€‚</p>
</td>
</tr>
<tr id="row633283153013"><td class="cellrowborder" valign="top" width="57.38999999999999%" headers="mcps1.2.3.1.1 "><p id="p12534111115353"><a name="p12534111115353"></a><a name="p12534111115353"></a> int32_t CancelAuthRequest(int64_t requestId, const char* authParams)</p>
</td>
<td class="cellrowborder" valign="top" width="42.61%" headers="mcps1.2.3.1.2 "><p id="p1633173173013"><a name="p1633173173013"></a><a name="p1633173173013"></a>å–æ¶ˆè®¤è¯è¯·æ±‚ã€‚</p>
</td>
</tr>
</tbody>
</table>

## ç›¸å…³ä»“<a name="section1371113476307"></a>

**å®‰å…¨åç³»ç»Ÿ**

[security\_device\_auth](https://gitee.com/openharmony/security_device_auth)