1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "fscrypt_key_v1_ext.h"
17
18 #include <vector>
19
20 #include "fbex.h"
21 #include "storage_service_log.h"
22 #include "string_ex.h"
23
24 namespace OHOS {
25 namespace StorageDaemon {
ActiveKeyExt(uint32_t flag,uint8_t * iv,uint32_t size)26 bool FscryptKeyV1Ext::ActiveKeyExt(uint32_t flag, uint8_t *iv, uint32_t size)
27 {
28 if (!FBEX::IsFBEXSupported()) {
29 return true;
30 }
31
32 LOGD("enter");
33 // iv buffer returns derived keys
34 if (FBEX::InstallKeyToKernel(userId_, type_, iv, size, static_cast<uint8_t>(flag)) != 0) {
35 LOGE("InstallKeyToKernel failed, userId %{public}d, type %{public}d, flag %{public}u", userId_, type_, flag);
36 return false;
37 }
38
39 return true;
40 }
41
InactiveKeyExt(uint32_t flag)42 bool FscryptKeyV1Ext::InactiveKeyExt(uint32_t flag)
43 {
44 if (!FBEX::IsFBEXSupported()) {
45 return true;
46 }
47
48 LOGD("enter");
49 bool destroy = !!flag;
50 if ((type_ != TYPE_EL2) && !destroy) {
51 LOGD("not el2, no need to inactive");
52 return true;
53 }
54 uint8_t buf[FBEX_IV_SIZE] = {0};
55 buf[0] = 0xfb; // fitst byte const to kernel
56 buf[1] = 0x30; // second byte const to kernel
57
58 if (FBEX::UninstallOrLockUserKeyToKernel(userId_, type_, buf, FBEX_IV_SIZE, destroy) != 0) {
59 LOGE("UninstallOrLockUserKeyToKernel failed, userId %{public}d, type %{public}d, destroy %{public}u", userId_,
60 type_, destroy);
61 return false;
62 }
63 return true;
64 }
65
GetUserIdFromDir()66 uint32_t FscryptKeyV1Ext::GetUserIdFromDir()
67 {
68 int userId = USERID_GLOBAL_EL1; // default to global el1
69
70 // fscrypt key dir is like `/data/foo/bar/el1/100`
71 auto slashIndex = dir_.rfind('/');
72 if (slashIndex != std::string::npos) {
73 std::string last = dir_.substr(slashIndex + 1);
74 (void)OHOS::StrToInt(last, userId);
75 }
76
77 LOGI("dir_: %{public}s, get userId is %{public}d", dir_.c_str(), userId);
78 return static_cast<uint32_t>(userId);
79 }
80
GetTypeFromDir()81 uint32_t FscryptKeyV1Ext::GetTypeFromDir()
82 {
83 static const std::vector<std::pair<std::string, uint32_t>> typeStrs = {
84 {"el1", TYPE_EL1},
85 {"el2", TYPE_EL2},
86 {"el3", TYPE_EL3},
87 {"el4", TYPE_EL4},
88 };
89 uint32_t type = TYPE_GLOBAL_EL1; // default to global el1
90
91 // fscrypt key dir is like `/data/foo/bar/el1/100`
92 auto slashIndex = dir_.rfind('/');
93 if (slashIndex == std::string::npos) {
94 LOGE("bad dir %{public}s", dir_.c_str());
95 return type;
96 }
97 slashIndex = dir_.rfind('/', slashIndex - 1);
98 if (slashIndex == std::string::npos) {
99 LOGE("bad dir %{public}s", dir_.c_str());
100 return type;
101 }
102
103 std::string el = dir_.substr(slashIndex + 1); // el string is like `el1/100`
104 for (const auto &it : typeStrs) {
105 if (el.find(it.first) != std::string::npos) {
106 type = it.second;
107 break;
108 }
109 }
110 LOGI("el string is %{public}s, parse type %{public}d", el.c_str(), type);
111 return type;
112 }
113 } // namespace StorageDaemon
114 } // namespace OHOS