1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_auth_plugin_proxy.h"
17 #include "account_related_group_auth.h"
18 #include "alg_defs.h"
19 #include "alg_loader.h"
20 #include "cert_operation.h"
21 #include "group_auth_data_operation.h"
22 #include "group_operation_common.h"
23 #include "hc_log.h"
24 #include "identity_manager.h"
25
GetAccountRelatedCandidateGroups(int32_t osAccountId,const CJson * in,bool isDeviceLevel,GroupEntryVec * vec)26 static int32_t GetAccountRelatedCandidateGroups(
27 int32_t osAccountId, const CJson *in, bool isDeviceLevel, GroupEntryVec *vec)
28 {
29 BaseGroupAuth *groupAuth = GetAccountRelatedGroupAuth();
30 if (groupAuth == NULL) {
31 return HC_ERR_NULL_PTR;
32 }
33 QueryGroupParams queryParams = InitQueryGroupParams();
34 if (!isDeviceLevel) {
35 queryParams.groupVisibility = GROUP_VISIBILITY_PUBLIC;
36 }
37 ((AccountRelatedGroupAuth *)groupAuth)->getAccountCandidateGroup(osAccountId, in, &queryParams, vec);
38 // All return success, only notify the plugin.
39 if (HasAccountAuthPlugin() == HC_SUCCESS && vec->size(vec) == 0) {
40 CJson *input = CreateJson();
41 if (input == NULL) {
42 return HC_SUCCESS;
43 }
44 CJson *output = CreateJson();
45 if (output == NULL) {
46 FreeJson(input);
47 return HC_SUCCESS;
48 }
49 int32_t ret = ExcuteCredMgrCmd(osAccountId, QUERY_SELF_CREDENTIAL_INFO, input, output);
50 if (ret != HC_SUCCESS) {
51 LOGE("Account cred is empty.");
52 }
53 FreeJson(input);
54 FreeJson(output);
55 }
56 return HC_SUCCESS;
57 }
58
GetAccountUnrelatedCandidateGroups(int32_t osAccountId,bool isDeviceLevel,GroupEntryVec * vec)59 static int32_t GetAccountUnrelatedCandidateGroups(int32_t osAccountId, bool isDeviceLevel, GroupEntryVec *vec)
60 {
61 QueryGroupParams queryParams = InitQueryGroupParams();
62 queryParams.groupType = PEER_TO_PEER_GROUP;
63 if (!isDeviceLevel) {
64 queryParams.groupVisibility = GROUP_VISIBILITY_PUBLIC;
65 }
66 return QueryGroups(osAccountId, &queryParams, vec);
67 }
68
GetGroupInfoByGroupId(int32_t osAccountId,const char * groupId,GroupEntryVec * groupEntryVec)69 static void GetGroupInfoByGroupId(int32_t osAccountId, const char *groupId, GroupEntryVec *groupEntryVec)
70 {
71 QueryGroupParams queryParams = InitQueryGroupParams();
72 queryParams.groupId = groupId;
73 int32_t ret = QueryGroups(osAccountId, &queryParams, groupEntryVec);
74 if (ret != HC_SUCCESS) {
75 LOGE("Failed to query groups for groupId: %s!", groupId);
76 }
77 }
78
GetCandidateGroups(int32_t osAccountId,const CJson * in,GroupEntryVec * groupEntryVec)79 static void GetCandidateGroups(int32_t osAccountId, const CJson *in, GroupEntryVec *groupEntryVec)
80 {
81 bool isDeviceLevel = false;
82 (void)GetBoolFromJson(in, FIELD_IS_DEVICE_LEVEL, &isDeviceLevel);
83
84 int32_t ret = GetAccountRelatedCandidateGroups(osAccountId, in, isDeviceLevel, groupEntryVec);
85 if (ret != HC_SUCCESS) {
86 LOGE("Failed to get account related groups!");
87 }
88
89 ret = GetAccountUnrelatedCandidateGroups(osAccountId, isDeviceLevel, groupEntryVec);
90 if (ret != HC_SUCCESS) {
91 LOGE("Failed to get p2p groups!");
92 }
93 }
94
IsDeviceInGroup(int32_t osAccountId,int32_t groupType,const char * deviceId,const char * groupId,bool isUdid)95 static bool IsDeviceInGroup(
96 int32_t osAccountId, int32_t groupType, const char *deviceId, const char *groupId, bool isUdid)
97 {
98 if (isUdid) {
99 return GaIsDeviceInGroup(groupType, osAccountId, deviceId, NULL, groupId);
100 } else {
101 return GaIsDeviceInGroup(groupType, osAccountId, NULL, deviceId, groupId);
102 }
103 }
104
SetProtocolsToIdentityInfo(int32_t keyType,IdentityInfo * info)105 static int32_t SetProtocolsToIdentityInfo(int32_t keyType, IdentityInfo *info)
106 {
107 if (keyType == KEY_TYPE_ASYM) {
108 #ifdef ENABLE_P2P_AUTH_EC_SPEKE
109 ProtocolEntity *entity = (ProtocolEntity *)HcMalloc(sizeof(ProtocolEntity), 0);
110 if (entity == NULL) {
111 LOGE("Failed to alloc memory for entity!");
112 return HC_ERR_ALLOC_MEMORY;
113 }
114 entity->protocolType = ALG_EC_SPEKE;
115 info->protocolVec.pushBack(&info->protocolVec, (const ProtocolEntity **)&entity);
116 #else
117 (void)info;
118 #endif
119 } else {
120 #ifdef ENABLE_P2P_AUTH_ISO
121 ProtocolEntity *entity = (ProtocolEntity *)HcMalloc(sizeof(ProtocolEntity), 0);
122 if (entity == NULL) {
123 LOGE("Failed to alloc memory for entity!");
124 return HC_ERR_ALLOC_MEMORY;
125 }
126 entity->protocolType = ALG_ISO;
127 info->protocolVec.pushBack(&info->protocolVec, (const ProtocolEntity **)&entity);
128 #else
129 (void)info;
130 #endif
131 }
132
133 return HC_SUCCESS;
134 }
135
IsP2pAuthTokenExist(int32_t osAccountId,const TrustedDeviceEntry * deviceEntry)136 static bool IsP2pAuthTokenExist(int32_t osAccountId, const TrustedDeviceEntry *deviceEntry)
137 {
138 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
139
140 const char *serviceType = StringGet(&deviceEntry->serviceType);
141 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) };
142
143 const char *peerAuthId = StringGet(&deviceEntry->authId);
144 Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) };
145
146 uint8_t keyAliasVal[ISO_KEY_ALIAS_LEN] = { 0 };
147 Uint8Buff keyAlias = { keyAliasVal, ISO_KEY_ALIAS_LEN };
148 int32_t ret =
149 GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, KEY_ALIAS_AUTH_TOKEN, &peerAuthIdBuff, &keyAlias);
150 if (ret != HC_SUCCESS) {
151 LOGE("Failed to generate key alias!");
152 return false;
153 }
154
155 ret = GetLoaderInstance()->checkKeyExist(&keyAlias, false, osAccountId);
156 if (ret != HC_SUCCESS) {
157 LOGE("auth token not exist!");
158 return false;
159 }
160 return true;
161 }
162
GetAccountUnrelatedIdentityInfo(int32_t osAccountId,const char * groupId,const char * deviceId,bool isUdid,IdentityInfo * info)163 static int32_t GetAccountUnrelatedIdentityInfo(
164 int32_t osAccountId, const char *groupId, const char *deviceId, bool isUdid, IdentityInfo *info)
165 {
166 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
167 if (deviceEntry == NULL) {
168 LOGE("Failed to create deviceEntry!");
169 return HC_ERR_ALLOC_MEMORY;
170 }
171 int32_t ret = GaGetTrustedDeviceEntryById(osAccountId, deviceId, isUdid, groupId, deviceEntry);
172 if (ret != HC_SUCCESS) {
173 LOGE("Failed to get device entry!");
174 DestroyDeviceEntry(deviceEntry);
175 return ret;
176 }
177
178 int32_t keyType = IsP2pAuthTokenExist(osAccountId, deviceEntry) ? KEY_TYPE_SYM : KEY_TYPE_ASYM;
179 DestroyDeviceEntry(deviceEntry);
180 CJson *urlJson = CreateCredUrlJson(PRE_SHARED, keyType, TRUST_TYPE_P2P);
181
182 if (!urlJson) {
183 LOGE("Failed to create CredUrlJson info!");
184 return HC_ERR_ALLOC_MEMORY;
185 }
186 if (AddStringToJson(urlJson, FIELD_GROUP_ID, groupId) != HC_SUCCESS) {
187 LOGE("Failed to add group id!");
188 FreeJson(urlJson);
189 return HC_ERR_JSON_ADD;
190 }
191
192 char *urlStr = PackJsonToString(urlJson);
193 FreeJson(urlJson);
194 if (urlStr == NULL) {
195 LOGE("Failed to pack url json to string!");
196 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
197 }
198
199 ret = SetPreSharedUrlForProof(urlStr, &info->proof.preSharedUrl);
200 FreeJsonString(urlStr);
201 if (ret != HC_SUCCESS) {
202 LOGE("Failed to set preSharedUrl of proof!");
203 return ret;
204 }
205
206 ret = SetProtocolsToIdentityInfo(keyType, info);
207 if (ret != HC_SUCCESS) {
208 LOGE("Failed to set protocols!");
209 return ret;
210 }
211
212 info->proofType = PRE_SHARED;
213 if (ret != HC_SUCCESS) {
214 LOGE("Failed to get p2p identity by key type!");
215 }
216 return ret;
217 }
218
GetIdentityInfo(int32_t osAccountId,const TrustedGroupEntry * groupEntry,const char * deviceId,bool isUdid,IdentityInfo ** returnInfo)219 static int32_t GetIdentityInfo(int32_t osAccountId, const TrustedGroupEntry *groupEntry, const char *deviceId,
220 bool isUdid, IdentityInfo **returnInfo)
221 {
222 IdentityInfo *info = CreateIdentityInfo();
223 if (info == NULL) {
224 LOGE("Failed to create identity info!");
225 return HC_ERR_ALLOC_MEMORY;
226 }
227 int32_t ret;
228 const char *groupId = StringGet(&groupEntry->id);
229 if (groupEntry->type == PEER_TO_PEER_GROUP) {
230 ret = GetAccountUnrelatedIdentityInfo(osAccountId, groupId, deviceId, isUdid, info);
231 } else {
232 ret = GetAccountRelatedCredInfo(osAccountId, groupId, deviceId, isUdid, info);
233 }
234 if (ret != HC_SUCCESS) {
235 LOGE("Failed to get identity info!");
236 DestroyIdentityInfo(info);
237 return ret;
238 }
239 *returnInfo = info;
240 return HC_SUCCESS;
241 }
242
AddNoPseudonymIdentityInfo(int32_t osAccountId,const TrustedGroupEntry * groupEntry,const char * deviceId,bool isUdid,IdentityInfoVec * identityInfoVec)243 static void AddNoPseudonymIdentityInfo(int32_t osAccountId, const TrustedGroupEntry *groupEntry,
244 const char *deviceId, bool isUdid, IdentityInfoVec *identityInfoVec)
245 {
246 IdentityInfo *info = NULL;
247 if (GetIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, &info) != HC_SUCCESS) {
248 return;
249 }
250 info->proof.certInfo.isPseudonym = false;
251 identityInfoVec->pushBack(identityInfoVec, (const IdentityInfo **)&info);
252 }
253
GetIdentityInfos(int32_t osAccountId,const CJson * in,const GroupEntryVec * groupEntryVec,IdentityInfoVec * identityInfoVec)254 static int32_t GetIdentityInfos(
255 int32_t osAccountId, const CJson *in, const GroupEntryVec *groupEntryVec, IdentityInfoVec *identityInfoVec)
256 {
257 const char *pkgName = GetStringFromJson(in, FIELD_SERVICE_PKG_NAME);
258 if (pkgName == NULL) {
259 LOGE("Failed to get service package name!");
260 return HC_ERR_JSON_GET;
261 }
262 bool isUdid = false;
263 const char *deviceId = GetPeerDevIdFromJson(in, &isUdid);
264 if (deviceId == NULL) {
265 LOGE("Failed to get peer device id!");
266 return HC_ERR_JSON_GET;
267 }
268 uint32_t index;
269 TrustedGroupEntry **ptr = NULL;
270 FOR_EACH_HC_VECTOR(*groupEntryVec, index, ptr)
271 {
272 const TrustedGroupEntry *groupEntry = (TrustedGroupEntry *)(*ptr);
273 const char *groupId = StringGet(&(groupEntry->id));
274 if (groupId == NULL) {
275 continue;
276 }
277 if (!GaIsGroupAccessible(osAccountId, groupId, pkgName)) {
278 continue;
279 }
280 if (!IsDeviceInGroup(osAccountId, groupEntry->type, deviceId, groupId, isUdid)) {
281 continue;
282 }
283 IdentityInfo *info = NULL;
284 if (GetIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, &info) != HC_SUCCESS) {
285 continue;
286 }
287 if (info->proofType == CERTIFICATED) {
288 info->proof.certInfo.isPseudonym = true;
289 }
290 identityInfoVec->pushBack(identityInfoVec, (const IdentityInfo **)&info);
291 if (info->proofType == CERTIFICATED) {
292 AddNoPseudonymIdentityInfo(osAccountId, groupEntry, deviceId, isUdid, identityInfoVec);
293 }
294 }
295 LOGI("The identity info size is: %u", identityInfoVec->size(identityInfoVec));
296 return HC_SUCCESS;
297 }
298
GetCredInfosByPeerIdentity(const CJson * in,IdentityInfoVec * identityInfoVec)299 static int32_t GetCredInfosByPeerIdentity(const CJson *in, IdentityInfoVec *identityInfoVec)
300 {
301 int32_t osAccountId = INVALID_OS_ACCOUNT;
302 int32_t ret;
303 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
304 LOGE("Failed to get osAccountId!");
305 return HC_ERR_JSON_GET;
306 }
307 const char *groupId = GetStringFromJson(in, FIELD_GROUP_ID);
308 if (groupId == NULL) {
309 groupId = GetStringFromJson(in, FIELD_SERVICE_TYPE);
310 }
311 GroupEntryVec groupEntryVec = CreateGroupEntryVec();
312 if (groupId == NULL) {
313 GetCandidateGroups(osAccountId, in, &groupEntryVec);
314 } else {
315 GetGroupInfoByGroupId(osAccountId, groupId, &groupEntryVec);
316 }
317
318 bool isDeviceLevel = false;
319 (void)GetBoolFromJson(in, FIELD_IS_DEVICE_LEVEL, &isDeviceLevel);
320 if (groupEntryVec.size(&groupEntryVec) == 0) {
321 if (isDeviceLevel) {
322 // device level auth still has the chance to try p2p direct auth
323 // so, do not report error here.
324 LOGI("No satisfied candidate group!");
325 } else {
326 LOGE("No satisfied candidate group!");
327 }
328 ClearGroupEntryVec(&groupEntryVec);
329 return HC_ERR_NO_CANDIDATE_GROUP;
330 }
331 ret = GetIdentityInfos(osAccountId, in, &groupEntryVec, identityInfoVec);
332 ClearGroupEntryVec(&groupEntryVec);
333 return ret;
334 }
335
SetIdentityInfoByUrl(const CJson * urlJson,IdentityInfo * info)336 static int32_t SetIdentityInfoByUrl(const CJson *urlJson, IdentityInfo *info)
337 {
338 if (urlJson == NULL || info == NULL) {
339 LOGE("Need urlJson and IdentityInfo is not NULL!");
340 return HC_ERR_INVALID_PARAMS;
341 }
342
343 int32_t keyType = 0;
344 if (GetIntFromJson(urlJson, PRESHARED_URL_KEY_TYPE, &keyType) != HC_SUCCESS) {
345 LOGE("Failed to get trust type!");
346 return HC_ERR_JSON_GET;
347 }
348
349 char *urlStr = PackJsonToString(urlJson);
350 if (urlStr == NULL) {
351 LOGE("Failed to pack url json to string!");
352 return HC_ERR_PACKAGE_JSON_TO_STRING_FAIL;
353 }
354 int32_t ret = SetPreSharedUrlForProof(urlStr, &info->proof.preSharedUrl);
355 FreeJsonString(urlStr);
356 if (ret != HC_SUCCESS) {
357 LOGE("Failed to set preSharedUrl of proof!");
358 return ret;
359 }
360
361 ret = SetProtocolsToIdentityInfo(keyType, info);
362 if (ret != HC_SUCCESS) {
363 LOGE("Failed to set protocols!");
364 return ret;
365 }
366
367 info->proofType = PRE_SHARED;
368 return ret;
369 }
370
CheckAndGetP2pCredInfo(const CJson * in,const CJson * urlJson,IdentityInfo * info)371 static int32_t CheckAndGetP2pCredInfo(const CJson *in, const CJson *urlJson, IdentityInfo *info)
372 {
373 int32_t osAccountId = INVALID_OS_ACCOUNT;
374 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
375 LOGE("Failed to get osAccountId!");
376 return HC_ERR_JSON_GET;
377 }
378
379 const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID);
380 if (groupId == NULL) {
381 LOGE("Failed to get groupId!");
382 return HC_ERR_JSON_GET;
383 }
384 int32_t ret = CheckGroupExist(osAccountId, groupId);
385 if (ret != HC_SUCCESS) {
386 LOGE("group not exist!");
387 return ret;
388 }
389 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
390 if (deviceEntry == NULL) {
391 LOGE("Failed to create device entry!");
392 return HC_ERR_ALLOC_MEMORY;
393 }
394 ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
395 DestroyDeviceEntry(deviceEntry);
396 if (ret != HC_SUCCESS) {
397 LOGE("peer device not found!");
398 return ret;
399 }
400
401 ret = SetIdentityInfoByUrl(urlJson, info);
402 if (ret != HC_SUCCESS) {
403 LOGE("Failed to get p2p identity info by key type!");
404 }
405 return ret;
406 }
407
GetCredInfoByPeerUrl(const CJson * in,const Uint8Buff * presharedUrl,IdentityInfo ** returnInfo)408 static int32_t GetCredInfoByPeerUrl(const CJson *in, const Uint8Buff *presharedUrl, IdentityInfo **returnInfo)
409 {
410 if (in == NULL || presharedUrl == NULL || returnInfo == NULL) {
411 LOGE("Invalid input params!");
412 return HC_ERR_INVALID_PARAMS;
413 }
414
415 CJson *urlJson = CreateJsonFromString((const char *)presharedUrl->val);
416 if (urlJson == NULL) {
417 LOGE("Failed to create url json!");
418 return HC_ERR_JSON_CREATE;
419 }
420
421 int32_t trustType = 0;
422 if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) {
423 LOGE("Failed to get trust type!");
424 FreeJson(urlJson);
425 return HC_ERR_JSON_GET;
426 }
427
428 IdentityInfo *info = CreateIdentityInfo();
429 if (info == NULL) {
430 LOGE("Failed to create identity info!");
431 FreeJson(urlJson);
432 return HC_ERR_ALLOC_MEMORY;
433 }
434 int32_t ret;
435 switch (trustType) {
436 case TRUST_TYPE_UID:
437 ret = GetAccountSymCredInfoByPeerUrl(in, urlJson, info);
438 break;
439 case TRUST_TYPE_P2P:
440 ret = CheckAndGetP2pCredInfo(in, urlJson, info);
441 break;
442 default:
443 LOGE("Invalid trust type!");
444 ret = HC_ERR_INVALID_PARAMS;
445 break;
446 }
447 FreeJson(urlJson);
448
449 *returnInfo = info;
450 return ret;
451 }
452
GenerateKeyAliasForIso(const TrustedDeviceEntry * deviceEntry,Uint8Buff * keyAliasBuff)453 static int32_t GenerateKeyAliasForIso(const TrustedDeviceEntry *deviceEntry, Uint8Buff *keyAliasBuff)
454 {
455 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, (uint32_t)HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
456 const char *serviceType = StringGet(&deviceEntry->serviceType);
457 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, (uint32_t)HcStrlen(serviceType) };
458 const char *peerAuthId = StringGet(&deviceEntry->authId);
459 Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, (uint32_t)HcStrlen(peerAuthId) };
460 KeyAliasType keyType = KEY_ALIAS_AUTH_TOKEN;
461 if (deviceEntry->upgradeFlag == 1) {
462 keyType = deviceEntry->devType;
463 }
464 int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, &peerAuthIdBuff, keyAliasBuff);
465 if (ret != HC_SUCCESS) {
466 LOGE("Failed to generate key alias for iso!");
467 return ret;
468 }
469 if (deviceEntry->upgradeFlag == 1) {
470 ret = ToLowerCase(keyAliasBuff);
471 if (ret != HC_SUCCESS) {
472 LOGE("Failed to convert psk alias to lower case!");
473 return ret;
474 }
475 }
476 return HC_SUCCESS;
477 }
478
AuthGeneratePsk(const CJson * in,const char * groupId,const Uint8Buff * seed,Uint8Buff * sharedSecret)479 static int32_t AuthGeneratePsk(const CJson *in, const char *groupId, const Uint8Buff *seed, Uint8Buff *sharedSecret)
480 {
481 int32_t osAccountId = INVALID_OS_ACCOUNT;
482 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
483 LOGE("Failed to get osAccountId!");
484 return HC_ERR_JSON_GET;
485 }
486 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
487 if (deviceEntry == NULL) {
488 LOGE("Failed to create device entry!");
489 return HC_ERR_ALLOC_MEMORY;
490 }
491 int32_t ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
492 if (ret != HC_SUCCESS) {
493 LOGE("Failed to get peer device entry!");
494 DestroyDeviceEntry(deviceEntry);
495 return ret;
496 }
497 uint8_t keyAlias[ISO_KEY_ALIAS_LEN] = { 0 };
498 uint8_t upgradeKeyAlias[ISO_UPGRADE_KEY_ALIAS_LEN] = { 0 };
499 Uint8Buff keyAliasBuf = { keyAlias, ISO_KEY_ALIAS_LEN };
500 if (deviceEntry->upgradeFlag == 1) {
501 keyAliasBuf.val = upgradeKeyAlias;
502 keyAliasBuf.length = ISO_UPGRADE_KEY_ALIAS_LEN;
503 }
504 ret = GenerateKeyAliasForIso(deviceEntry, &keyAliasBuf);
505 if (ret != HC_SUCCESS) {
506 LOGE("Failed to generate key alias in iso!");
507 DestroyDeviceEntry(deviceEntry);
508 return ret;
509 }
510 if (deviceEntry->upgradeFlag == 1) {
511 KeyParams keyAliasParams = { { keyAliasBuf.val, keyAliasBuf.length, true }, true, osAccountId };
512 ret = GetLoaderInstance()->computeHmacWithThreeStage(&keyAliasParams, seed, sharedSecret);
513 } else {
514 KeyParams keyAliasParams = { { keyAliasBuf.val, keyAliasBuf.length, true }, false, osAccountId };
515 ret = GetLoaderInstance()->computeHmac(&keyAliasParams, seed, sharedSecret);
516 }
517 DestroyDeviceEntry(deviceEntry);
518 return ret;
519 }
520
GetSharedSecretForP2pInIso(const CJson * in,const char * groupId,Uint8Buff * sharedSecret)521 static int32_t GetSharedSecretForP2pInIso(const CJson *in, const char *groupId, Uint8Buff *sharedSecret)
522 {
523 uint8_t *seedVal = (uint8_t *)HcMalloc(SEED_LEN, 0);
524 if (seedVal == NULL) {
525 LOGE("Failed to alloc memory for seed!");
526 return HC_ERR_ALLOC_MEMORY;
527 }
528 Uint8Buff seedBuff = { seedVal, SEED_LEN };
529 int32_t ret = GetByteFromJson(in, FIELD_SEED, seedBuff.val, seedBuff.length);
530 if (ret != HC_SUCCESS) {
531 LOGE("Failed to get seed!");
532 HcFree(seedVal);
533 return HC_ERR_JSON_GET;
534 }
535 uint8_t *pskVal = (uint8_t *)HcMalloc(ISO_PSK_LEN, 0);
536 if (pskVal == NULL) {
537 LOGE("Failed to alloc memory for psk!");
538 HcFree(seedVal);
539 return HC_ERR_ALLOC_MEMORY;
540 }
541 sharedSecret->val = pskVal;
542 sharedSecret->length = ISO_PSK_LEN;
543 ret = AuthGeneratePsk(in, groupId, &seedBuff, sharedSecret);
544 HcFree(seedVal);
545 if (ret != HC_SUCCESS) {
546 LOGE("Failed to generate psk!");
547 FreeBuffData(sharedSecret);
548 }
549 return ret;
550 }
551
GetSelfAuthIdAndUserType(int32_t osAccountId,const char * groupId,Uint8Buff * authIdBuff,int32_t * userType,int32_t * upgradeFlag)552 static int32_t GetSelfAuthIdAndUserType(
553 int32_t osAccountId, const char *groupId, Uint8Buff *authIdBuff, int32_t *userType, int32_t *upgradeFlag)
554 {
555 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
556 if (deviceEntry == NULL) {
557 LOGE("Failed to create device entry!");
558 return HC_ERR_ALLOC_MEMORY;
559 }
560 int32_t ret = GetSelfDeviceEntry(osAccountId, groupId, deviceEntry);
561 if (ret != HC_SUCCESS) {
562 LOGE("Failed to get self device entry!");
563 DestroyDeviceEntry(deviceEntry);
564 return ret;
565 }
566 const char *selfAuthId = StringGet(&deviceEntry->authId);
567 uint32_t authIdLen = HcStrlen(selfAuthId);
568 authIdBuff->val = (uint8_t *)HcMalloc(authIdLen + 1, 0);
569 if (authIdBuff->val == NULL) {
570 LOGE("Failed to alloc memory for authId!");
571 DestroyDeviceEntry(deviceEntry);
572 return HC_ERR_ALLOC_MEMORY;
573 }
574 if (memcpy_s(authIdBuff->val, authIdLen + 1, selfAuthId, authIdLen) != EOK) {
575 LOGE("Failed to copy authId!");
576 HcFree(authIdBuff->val);
577 authIdBuff->val = NULL;
578 DestroyDeviceEntry(deviceEntry);
579 return HC_ERR_MEMORY_COPY;
580 }
581 authIdBuff->length = authIdLen;
582 *userType = deviceEntry->devType;
583 *upgradeFlag = deviceEntry->upgradeFlag;
584 DestroyDeviceEntry(deviceEntry);
585 return HC_SUCCESS;
586 }
587
GenerateSelfKeyAlias(const char * serviceType,int32_t selfUserType,const Uint8Buff * selfAuthIdBuff,bool isSelfFromUpgrade,Uint8Buff * selfKeyAlias)588 static int32_t GenerateSelfKeyAlias(const char *serviceType, int32_t selfUserType, const Uint8Buff *selfAuthIdBuff,
589 bool isSelfFromUpgrade, Uint8Buff *selfKeyAlias)
590 {
591 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
592 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) };
593 KeyAliasType keyType = (KeyAliasType)selfUserType;
594 if (isSelfFromUpgrade) {
595 keyType = KEY_ALIAS_LT_KEY_PAIR;
596 }
597 int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyType, selfAuthIdBuff, selfKeyAlias);
598 if (ret != HC_SUCCESS) {
599 LOGE("Failed to generate self key alias!");
600 return ret;
601 }
602 if (isSelfFromUpgrade) {
603 ret = ToLowerCase(selfKeyAlias);
604 if (ret != HC_SUCCESS) {
605 LOGE("Failed to convert self key alias to lower case!");
606 return ret;
607 }
608 }
609 return HC_SUCCESS;
610 }
611
GeneratePeerKeyAlias(const TrustedDeviceEntry * peerDeviceEntry,Uint8Buff * peerKeyAlias)612 static int32_t GeneratePeerKeyAlias(const TrustedDeviceEntry *peerDeviceEntry, Uint8Buff *peerKeyAlias)
613 {
614 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
615 const char *serviceType = StringGet(&peerDeviceEntry->serviceType);
616 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) };
617 #ifdef DEV_AUTH_FUNC_TEST
618 KeyAliasType keyTypePeer = KEY_ALIAS_LT_KEY_PAIR;
619 #else
620 KeyAliasType keyTypePeer = (KeyAliasType)peerDeviceEntry->devType;
621 #endif
622 const char *peerAuthId = StringGet(&peerDeviceEntry->authId);
623 Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) };
624 int32_t ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, keyTypePeer, &peerAuthIdBuff, peerKeyAlias);
625 if (ret != HC_SUCCESS) {
626 LOGE("Failed to generate peer key alias!");
627 return ret;
628 }
629 if (peerDeviceEntry->upgradeFlag == 1) {
630 ret = ToLowerCase(peerKeyAlias);
631 if (ret != HC_SUCCESS) {
632 LOGE("Failed to convert peer key alias to lower case!");
633 return ret;
634 }
635 }
636 return HC_SUCCESS;
637 }
638
CheckSelfKeyAlias(const Uint8Buff * selfKeyAlias,bool isSelfFromUpgrade,int32_t osAccountId,const char * groupId)639 static int32_t CheckSelfKeyAlias(const Uint8Buff *selfKeyAlias, bool isSelfFromUpgrade, int32_t osAccountId,
640 const char *groupId)
641 {
642 int32_t ret = GetLoaderInstance()->checkKeyExist(selfKeyAlias, isSelfFromUpgrade, osAccountId);
643 if (ret != HC_SUCCESS) {
644 LOGE("self auth keyPair not exist, need to delete group and devices!");
645 if (DelGroupFromDb(osAccountId, groupId) != HC_SUCCESS) {
646 LOGW("delete group from db failed!");
647 return ret;
648 }
649 LOGI("self auth keyPair not exist, delete group from db successfully!");
650 }
651 return ret;
652 }
653
CheckPeerKeyAlias(const Uint8Buff * peerKeyAlias,bool isPeerFromUpgrade,int32_t osAccountId,const char * groupId,const TrustedDeviceEntry * peerDeviceEntry)654 static int32_t CheckPeerKeyAlias(const Uint8Buff *peerKeyAlias, bool isPeerFromUpgrade, int32_t osAccountId,
655 const char *groupId, const TrustedDeviceEntry *peerDeviceEntry)
656 {
657 int32_t ret = GetLoaderInstance()->checkKeyExist(peerKeyAlias, isPeerFromUpgrade, osAccountId);
658 if (ret != HC_SUCCESS) {
659 LOGE("peer auth pubKey not exist, need to delete peer device!");
660 if (DelDeviceFromDb(osAccountId, groupId, peerDeviceEntry) != HC_SUCCESS) {
661 LOGW("delete peer device from db failed!");
662 return ret;
663 }
664 LOGI("peer auth pubKey not exist, delete peer device from db successfully!");
665 }
666 return ret;
667 }
668
ComputeAndSavePsk(int32_t osAccountId,const char * groupId,const TrustedDeviceEntry * peerDeviceEntry,const Uint8Buff * sharedKeyAlias)669 static int32_t ComputeAndSavePsk(int32_t osAccountId, const char *groupId,
670 const TrustedDeviceEntry *peerDeviceEntry, const Uint8Buff *sharedKeyAlias)
671 {
672 Uint8Buff selfAuthIdBuff = { NULL, 0 };
673 int32_t selfUserType = 0;
674 int32_t selfUpgradeFlag = 0;
675 int32_t ret = GetSelfAuthIdAndUserType(osAccountId, groupId, &selfAuthIdBuff, &selfUserType, &selfUpgradeFlag);
676 if (ret != HC_SUCCESS) {
677 LOGE("Failed to get self auth id and user type!");
678 return ret;
679 }
680 const char *serviceType = StringGet(&peerDeviceEntry->serviceType);
681 bool isSelfFromUpgrade = selfUpgradeFlag == 1;
682 uint8_t selfKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
683 Uint8Buff selfKeyAlias = { selfKeyAliasVal, PAKE_KEY_ALIAS_LEN };
684 ret = GenerateSelfKeyAlias(serviceType, selfUserType, &selfAuthIdBuff, isSelfFromUpgrade, &selfKeyAlias);
685 HcFree(selfAuthIdBuff.val);
686 if (ret != HC_SUCCESS) {
687 LOGE("Failed to generate self key alias!");
688 return ret;
689 }
690
691 uint8_t peerKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
692 Uint8Buff peerKeyAlias = { peerKeyAliasVal, PAKE_KEY_ALIAS_LEN };
693 ret = GeneratePeerKeyAlias(peerDeviceEntry, &peerKeyAlias);
694 if (ret != HC_SUCCESS) {
695 LOGE("Failed to generate peer key alias!");
696 return ret;
697 }
698
699 ret = CheckSelfKeyAlias(&selfKeyAlias, isSelfFromUpgrade, osAccountId, groupId);
700 if (ret != HC_SUCCESS) {
701 return ret;
702 }
703 bool isPeerFromUpgrade = peerDeviceEntry->upgradeFlag == 1;
704 ret = CheckPeerKeyAlias(&peerKeyAlias, isPeerFromUpgrade, osAccountId, groupId, peerDeviceEntry);
705 if (ret != HC_SUCCESS) {
706 return ret;
707 }
708 uint8_t peerPubKeyVal[PAKE_ED25519_KEY_PAIR_LEN] = { 0 };
709 Uint8Buff peerPubKeyBuff = { peerPubKeyVal, PAKE_ED25519_KEY_PAIR_LEN };
710 KeyParams peerKeyParams = { { peerKeyAlias.val, peerKeyAlias.length, true }, isPeerFromUpgrade, osAccountId };
711 ret = GetLoaderInstance()->exportPublicKey(&peerKeyParams, &peerPubKeyBuff);
712 if (ret != HC_SUCCESS) {
713 LOGE("Failed to export peer public key!");
714 return ret;
715 }
716 KeyParams selfKeyAliasParams = { { selfKeyAlias.val, selfKeyAlias.length, true }, isSelfFromUpgrade, osAccountId };
717 KeyBuff peerKeyBuff = { peerPubKeyBuff.val, peerPubKeyBuff.length, false };
718 return GetLoaderInstance()->agreeSharedSecretWithStorage(
719 &selfKeyAliasParams, &peerKeyBuff, ED25519, PAKE_PSK_LEN, sharedKeyAlias);
720 }
721
GeneratePskAliasAndCheckExist(const CJson * in,const char * groupId,Uint8Buff * pskKeyAlias)722 static int32_t GeneratePskAliasAndCheckExist(const CJson *in, const char *groupId, Uint8Buff *pskKeyAlias)
723 {
724 int32_t osAccountId = INVALID_OS_ACCOUNT;
725 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
726 LOGE("Failed to get osAccountId!");
727 return HC_ERR_JSON_GET;
728 }
729 TrustedDeviceEntry *deviceEntry = CreateDeviceEntry();
730 if (deviceEntry == NULL) {
731 LOGE("Failed to create device entry!");
732 return HC_ERR_ALLOC_MEMORY;
733 }
734 int32_t ret = GetPeerDeviceEntry(osAccountId, in, groupId, deviceEntry);
735 if (ret != HC_SUCCESS) {
736 LOGE("Failed to get peer device entry!");
737 DestroyDeviceEntry(deviceEntry);
738 return ret;
739 }
740 Uint8Buff pkgNameBuff = { (uint8_t *)GROUP_MANAGER_PACKAGE_NAME, HcStrlen(GROUP_MANAGER_PACKAGE_NAME) };
741 const char *serviceType = StringGet(&deviceEntry->serviceType);
742 Uint8Buff serviceTypeBuff = { (uint8_t *)serviceType, HcStrlen(serviceType) };
743 const char *peerAuthId = StringGet(&deviceEntry->authId);
744 Uint8Buff peerAuthIdBuff = { (uint8_t *)peerAuthId, HcStrlen(peerAuthId) };
745 ret = GenerateKeyAlias(&pkgNameBuff, &serviceTypeBuff, KEY_ALIAS_PSK, &peerAuthIdBuff, pskKeyAlias);
746 if (ret != HC_SUCCESS) {
747 LOGE("Failed to generate psk key alias!");
748 DestroyDeviceEntry(deviceEntry);
749 return ret;
750 }
751 bool isPeerFromUpgrade = deviceEntry->upgradeFlag == 1;
752 if (isPeerFromUpgrade) {
753 ret = ToLowerCase(pskKeyAlias);
754 if (ret != HC_SUCCESS) {
755 LOGE("Failed to convert psk alias to lower case!");
756 DestroyDeviceEntry(deviceEntry);
757 return ret;
758 }
759 }
760 LOGI("psk alias: %x %x %x %x****.", pskKeyAlias->val[DEV_AUTH_ZERO], pskKeyAlias->val[DEV_AUTH_ONE],
761 pskKeyAlias->val[DEV_AUTH_TWO], pskKeyAlias->val[DEV_AUTH_THREE]);
762 if (GetLoaderInstance()->checkKeyExist(pskKeyAlias, isPeerFromUpgrade, osAccountId) != HC_SUCCESS) {
763 ret = ComputeAndSavePsk(osAccountId, groupId, deviceEntry, pskKeyAlias);
764 }
765 DestroyDeviceEntry(deviceEntry);
766 return ret;
767 }
768
GetSharedSecretForP2pInPake(const CJson * in,const char * groupId,Uint8Buff * sharedSecret)769 static int32_t GetSharedSecretForP2pInPake(const CJson *in, const char *groupId, Uint8Buff *sharedSecret)
770 {
771 int32_t osAccountId;
772 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
773 LOGE("Failed to get osAccountId!");
774 return HC_ERR_JSON_GET;
775 }
776 uint8_t pskKeyAliasVal[PAKE_KEY_ALIAS_LEN] = { 0 };
777 Uint8Buff pskKeyAlias = { pskKeyAliasVal, PAKE_KEY_ALIAS_LEN };
778 int32_t ret = GeneratePskAliasAndCheckExist(in, groupId, &pskKeyAlias);
779 if (ret != HC_SUCCESS) {
780 LOGE("Failed to generate key alias for psk!");
781 return ret;
782 }
783 uint8_t *pskVal = (uint8_t *)HcMalloc(PAKE_PSK_LEN, 0);
784 if (pskVal == NULL) {
785 LOGE("Failed to alloc memory for psk!");
786 return HC_ERR_ALLOC_MEMORY;
787 }
788 Uint8Buff pskBuff = { pskVal, PAKE_PSK_LEN };
789 uint8_t *nonceVal = (uint8_t *)HcMalloc(PAKE_NONCE_LEN, 0);
790 if (nonceVal == NULL) {
791 LOGE("Failed to alloc memory for nonce!");
792 HcFree(pskVal);
793 return HC_ERR_ALLOC_MEMORY;
794 }
795 Uint8Buff nonceBuff = { nonceVal, PAKE_NONCE_LEN };
796 ret = GetByteFromJson(in, FIELD_NONCE, nonceBuff.val, nonceBuff.length);
797 if (ret != HC_SUCCESS) {
798 LOGE("Failed to get nonce!");
799 HcFree(pskVal);
800 HcFree(nonceVal);
801 return HC_ERR_JSON_GET;
802 }
803 Uint8Buff keyInfo = { (uint8_t *)TMP_AUTH_KEY_FACTOR, HcStrlen(TMP_AUTH_KEY_FACTOR) };
804 KeyParams keyAliasParams = { { pskKeyAlias.val, pskKeyAlias.length, true }, false, osAccountId };
805 ret = GetLoaderInstance()->computeHkdf(&keyAliasParams, &nonceBuff, &keyInfo, &pskBuff);
806 HcFree(nonceVal);
807 if (ret != HC_SUCCESS) {
808 LOGE("Failed to compute hkdf for psk!");
809 HcFree(pskVal);
810 return ret;
811 }
812
813 ret = ConvertPsk(&pskBuff, sharedSecret);
814 HcFree(pskVal);
815 if (ret != HC_SUCCESS) {
816 LOGE("Failed to convert psk!");
817 }
818 return ret;
819 }
820
GetSharedSecretForP2p(const CJson * in,const CJson * urlJson,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)821 static int32_t GetSharedSecretForP2p(
822 const CJson *in, const CJson *urlJson, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
823 {
824 const char *groupId = GetStringFromJson(urlJson, FIELD_GROUP_ID);
825 if (groupId == NULL) {
826 LOGE("Failed to get groupId!");
827 return HC_ERR_JSON_GET;
828 }
829 int32_t ret;
830 if (protocolType == ALG_ISO) {
831 ret = GetSharedSecretForP2pInIso(in, groupId, sharedSecret);
832 LOGI("get shared secret for p2p in iso result: %d", ret);
833 } else {
834 ret = GetSharedSecretForP2pInPake(in, groupId, sharedSecret);
835 LOGI("get shared secret for p2p in pake result: %d", ret);
836 }
837 return ret;
838 }
839
GetSharedSecretByUrl(const CJson * in,const Uint8Buff * presharedUrl,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)840 static int32_t GetSharedSecretByUrl(
841 const CJson *in, const Uint8Buff *presharedUrl, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
842 {
843 if (in == NULL || presharedUrl == NULL || sharedSecret == NULL) {
844 LOGE("Invalid input params!");
845 return HC_ERR_INVALID_PARAMS;
846 }
847
848 CJson *urlJson = CreateJsonFromString((const char *)presharedUrl->val);
849 if (urlJson == NULL) {
850 LOGE("Failed to create url json!");
851 return HC_ERR_JSON_CREATE;
852 }
853
854 int32_t trustType = 0;
855 if (GetIntFromJson(urlJson, PRESHARED_URL_TRUST_TYPE, &trustType) != HC_SUCCESS) {
856 LOGE("Failed to get trust type!");
857 FreeJson(urlJson);
858 return HC_ERR_JSON_GET;
859 }
860
861 int32_t ret;
862 switch (trustType) {
863 case TRUST_TYPE_P2P:
864 ret = GetSharedSecretForP2p(in, urlJson, protocolType, sharedSecret);
865 break;
866 case TRUST_TYPE_UID:
867 if (protocolType != ALG_ISO) {
868 LOGE("protocol type is not iso, not supported!");
869 ret = HC_ERR_INVALID_PARAMS;
870 } else {
871 ret = GetAccountSymSharedSecret(in, urlJson, sharedSecret);
872 }
873 break;
874 default:
875 LOGE("Invalid trust type!");
876 ret = HC_ERR_INVALID_PARAMS;
877 break;
878 }
879 FreeJson(urlJson);
880
881 return ret;
882 }
883
GetCredInfoByPeerCert(const CJson * in,const CertInfo * certInfo,IdentityInfo ** returnInfo)884 static int32_t GetCredInfoByPeerCert(const CJson *in, const CertInfo *certInfo, IdentityInfo **returnInfo)
885 {
886 if (in == NULL || certInfo == NULL || returnInfo == NULL) {
887 LOGE("Invalid input params!");
888 return HC_ERR_INVALID_PARAMS;
889 }
890 int32_t osAccountId = INVALID_OS_ACCOUNT;
891 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
892 LOGE("Failed to get osAccountId!");
893 return HC_ERR_JSON_GET;
894 }
895 int32_t res = GetAccountAsymCredInfo(osAccountId, certInfo, returnInfo);
896 if (res != HC_SUCCESS) {
897 LOGE("Failed to get account asym cred info!");
898 return res;
899 }
900 if (certInfo->isPseudonym) {
901 (*returnInfo)->proof.certInfo.isPseudonym = true;
902 } else {
903 (*returnInfo)->proof.certInfo.isPseudonym = false;
904 }
905 return HC_SUCCESS;
906 }
907
GetSharedSecretByPeerCert(const CJson * in,const CertInfo * peerCertInfo,ProtocolAlgType protocolType,Uint8Buff * sharedSecret)908 static int32_t GetSharedSecretByPeerCert(
909 const CJson *in, const CertInfo *peerCertInfo, ProtocolAlgType protocolType, Uint8Buff *sharedSecret)
910 {
911 if (in == NULL || peerCertInfo == NULL || sharedSecret == NULL) {
912 LOGE("Invalid input params!");
913 return HC_ERR_INVALID_PARAMS;
914 }
915 if (protocolType != ALG_EC_SPEKE) {
916 LOGE("protocol type is not ec speke, not support!");
917 return HC_ERR_INVALID_PARAMS;
918 }
919 int32_t osAccountId = INVALID_OS_ACCOUNT;
920 if (GetIntFromJson(in, FIELD_OS_ACCOUNT_ID, &osAccountId) != HC_SUCCESS) {
921 LOGE("Failed to get osAccountId!");
922 return HC_ERR_JSON_GET;
923 }
924 const char *peerUserId = GetStringFromJson(in, FIELD_PEER_USER_ID);
925 if (peerUserId != NULL) {
926 LOGE("peerUserId exists.");
927 }
928 return GetAccountAsymSharedSecret(osAccountId, peerUserId, peerCertInfo, sharedSecret);
929 }
930
931 static const AuthIdentity g_authIdentity = {
932 .getCredInfosByPeerIdentity = GetCredInfosByPeerIdentity,
933 .getCredInfoByPeerUrl = GetCredInfoByPeerUrl,
934 .getSharedSecretByUrl = GetSharedSecretByUrl,
935 .getCredInfoByPeerCert = GetCredInfoByPeerCert,
936 .getSharedSecretByPeerCert = GetSharedSecretByPeerCert,
937 };
938
GetGroupAuthIdentity(void)939 const AuthIdentity *GetGroupAuthIdentity(void)
940 {
941 return &g_authIdentity;
942 }