1 /* 2 * Copyright (c) 2021-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef STORAGE_DAEMON_CRYPTO_KEYMANAGER_H 17 #define STORAGE_DAEMON_CRYPTO_KEYMANAGER_H 18 19 #include "base_key.h" 20 #include "crypto_delay_handler.h" 21 #include "ipc/storage_daemon.h" 22 #include "utils/file_utils.h" 23 24 namespace OHOS { 25 namespace StorageDaemon { 26 27 constexpr const char *USER_EL1_DIR = "/data/service/el1/public/storage_daemon/sd/el1"; 28 constexpr const char *USER_EL2_DIR = "/data/service/el1/public/storage_daemon/sd/el2"; 29 constexpr const char *USER_EL3_DIR = "/data/service/el1/public/storage_daemon/sd/el3"; 30 constexpr const char *USER_EL4_DIR = "/data/service/el1/public/storage_daemon/sd/el4"; 31 constexpr const char *USER_EL5_DIR = "/data/service/el1/public/storage_daemon/sd/el5"; 32 constexpr const char *UECE_DIR = "data/app/el5"; 33 constexpr const char *RESTORE_DIR = "/latest/need_restore"; 34 constexpr const char *FSCRYPT_VERSION_DIR = "/fscrypt_version"; 35 36 constexpr const char *NATO_EL2_DIR = "/data/service/el1/public/storage_daemon/sd/el2_NATO"; 37 constexpr const char *NATO_EL3_DIR = "/data/service/el1/public/storage_daemon/sd/el3_NATO"; 38 constexpr const char *NATO_EL4_DIR = "/data/service/el1/public/storage_daemon/sd/el4_NATO"; 39 40 class KeyManager { 41 public: GetInstance(void)42 static KeyManager *GetInstance(void) 43 { 44 static KeyManager instance; 45 return &instance; 46 } 47 int InitGlobalDeviceKey(void); 48 int InitGlobalUserKeys(void); 49 int GenerateUserKeys(unsigned int user, uint32_t flags); 50 int DeleteUserKeys(unsigned int user); 51 52 #ifdef USER_CRYPTO_MIGRATE_KEY 53 int UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret, 54 bool needGenerateShield = true); 55 int UpdateCeEceSeceUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret, 56 KeyType type, bool needGenerateShield); 57 #else 58 int UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret); 59 std::string CheckSecretStatus(struct UserTokenSecret &userTokenSecret); 60 void HandleEl2Error(int ret, unsigned int user, const std::string &secretInfo, 61 const std::string &reportPrefix, const std::string &level); 62 int UpdateCeEceSeceUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret, 63 KeyType type); 64 65 #endif 66 int UpdateUseAuthWithRecoveryKey(const std::vector<uint8_t> &authToken, 67 const std::vector<uint8_t> &newSecret, 68 uint64_t secureUid, 69 uint32_t userId, 70 std::vector<std::vector<uint8_t>> &plainText); 71 int ActiveCeSceSeceUserKey(unsigned int user, KeyType type, const std::vector<uint8_t> &token, 72 const std::vector<uint8_t> &secret); 73 int InActiveUserKey(unsigned int user); 74 int SetDirectoryElPolicy(unsigned int user, KeyType type, 75 const std::vector<FileList> &vec); 76 int UpdateKeyContext(uint32_t userId, bool needRemoveTmpKey = false); 77 int UpdateCeEceSeceKeyContext(uint32_t userId, KeyType type); 78 int getElxKeyPath(unsigned int user, KeyType type, std::string &elxKeyPath); 79 int LockUserScreen(uint32_t user); 80 int UnlockUserScreen(uint32_t user, const std::vector<uint8_t> &token, 81 const std::vector<uint8_t> &secret); 82 int GetLockScreenStatus(uint32_t user, bool &lockScreenStatus); 83 int GenerateAppkey(uint32_t user, uint32_t hashId, std::string &keyId); 84 int DeleteAppkey(uint32_t user, const std::string keyId); 85 int UnlockUserAppKeys(uint32_t userId, bool needGetAllAppKey); 86 int GetFileEncryptStatus(uint32_t userId, bool &isEncrypted, bool needCheckDirMount = false); 87 int CreateRecoverKey(uint32_t userId, uint32_t userType, const std::vector<uint8_t> &token, 88 const std::vector<uint8_t> &secret); 89 int SetRecoverKey(const std::vector<uint8_t> &key); 90 #ifdef USER_CRYPTO_MIGRATE_KEY 91 int RestoreUserKey(uint32_t userId, KeyType type); 92 int32_t ClearAppCloneUserNeedRestore(unsigned int userId, std::string elNeedRestorePath); 93 #endif 94 std::string GetKeyDirByUserAndType(unsigned int user, KeyType type); 95 std::string GetKeyDirByType(KeyType type); 96 int GenerateUserKeyByType(unsigned int user, KeyType type, 97 const std::vector<uint8_t> &token, 98 const std::vector<uint8_t> &secret); 99 int TryToFixUserCeEceSeceKey(unsigned int userId, KeyType type, 100 const std::vector<uint8_t> &token, 101 const std::vector<uint8_t> &secret); 102 int TryToFixUeceKey(unsigned int userId, 103 const std::vector<uint8_t> &token, 104 const std::vector<uint8_t> &secret); 105 int ActiveElxUserKey4Nato(unsigned int user, KeyType type); 106 std::string GetNatoNeedRestorePath(uint32_t userId, KeyType type); 107 108 private: KeyManager()109 KeyManager() 110 { 111 hasGlobalDeviceKey_ = false; 112 } ~KeyManager()113 ~KeyManager() {} 114 int GenerateAndInstallDeviceKey(const std::string &dir); 115 int RestoreDeviceKey(const std::string &dir); 116 int GenerateAndInstallUserKey(uint32_t userId, const std::string &dir, const UserAuth &auth, KeyType type); 117 int GenerateAndInstallEl5Key(uint32_t userId, const std::string &dir, const UserAuth &auth); 118 int RestoreUserKey(uint32_t userId, const std::string &dir, const UserAuth &auth, KeyType type); 119 int LoadAllUsersEl1Key(void); 120 int InitUserElkeyStorageDir(void); 121 bool HasElkey(uint32_t userId, KeyType type); 122 int DoDeleteUserKeys(unsigned int user); 123 int DoDeleteUserCeEceSeceKeys(unsigned int user, const std::string userDir, 124 std::map<unsigned int, std::shared_ptr<BaseKey>> &userElKey_); 125 int UpgradeKeys(const std::vector<FileList> &dirInfo); 126 int UpdateESecret(unsigned int user, struct UserTokenSecret &tokenSecret); 127 bool ResetESecret(unsigned int user, std::shared_ptr<BaseKey> &elKey); 128 std::shared_ptr<BaseKey> GetBaseKey(const std::string& dir); 129 std::shared_ptr<BaseKey> GetUserElKey(unsigned int user, KeyType type); 130 void SaveUserElKey(unsigned int user, KeyType type, std::shared_ptr<BaseKey> elKey); 131 bool IsNeedClearKeyFile(std::string file); 132 bool CheckDir(KeyType type, std::string keyDir, unsigned int user); 133 int ActiveUece(unsigned int user, 134 std::shared_ptr<BaseKey> elKey, 135 const std::vector<uint8_t> &token, 136 const std::vector<uint8_t> &secret); 137 void ProcUpgradeKey(const std::vector<FileList> &dirInfo); 138 int GenerateElxAndInstallUserKey(unsigned int user); 139 int ActiveUeceUserKey(unsigned int user, 140 const std::vector<uint8_t> &token, 141 const std::vector<uint8_t> &secret, std::shared_ptr<BaseKey> elKey); 142 int ActiveElXUserKey(unsigned int user, 143 const std::vector<uint8_t> &token, KeyType keyType, 144 const std::vector<uint8_t> &secret, std::shared_ptr<BaseKey> elKey); 145 int InactiveUserElKey(unsigned int user, std::map<unsigned int, std::shared_ptr<BaseKey>> &userElxKey_); 146 int CheckAndDeleteEmptyEl5Directory(std::string keyDir, unsigned int user); 147 bool GetUserDelayHandler(uint32_t userId, std::shared_ptr<DelayHandler> &delayHandler); 148 bool IsUeceSupport(); 149 int IsUeceSupportWithErrno(); 150 bool IsUserCeDecrypt(uint32_t userId); 151 int32_t UnlockEceSece(uint32_t user, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret); 152 int32_t UnlockUece(uint32_t user, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret); 153 int CheckUserPinProtect(unsigned int userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret); 154 bool IsWorkDirExist(std::string type, int32_t userId); 155 int GenerateIntegrityDirs(int32_t userId, KeyType type); 156 int CheckAndFixUserKeyDirectory(unsigned int user); 157 bool HashElxActived(unsigned int user, KeyType type); 158 bool HasElxDesc(std::map<unsigned int, std::shared_ptr<BaseKey>> &userElKey_, KeyType type, unsigned int user); 159 bool IsAppCloneUser(unsigned int user); 160 int CheckNeedRestoreVersion(unsigned int user, KeyType type); 161 #ifdef EL5_FILEKEY_MANAGER 162 int GenerateAndLoadAppKeyInfo(uint32_t userId, const std::vector<std::pair<int, std::string>> &keyInfo); 163 #endif 164 165 std::map<unsigned int, std::shared_ptr<BaseKey>> userEl1Key_; 166 std::map<unsigned int, std::shared_ptr<BaseKey>> userEl2Key_; 167 std::map<unsigned int, std::shared_ptr<BaseKey>> userEl3Key_; 168 std::map<unsigned int, std::shared_ptr<BaseKey>> userEl4Key_; 169 std::map<unsigned int, std::shared_ptr<BaseKey>> userEl5Key_; 170 std::map<unsigned int, std::shared_ptr<DelayHandler>> userLockScreenTask_; 171 std::shared_ptr<BaseKey> globalEl1Key_ { nullptr }; 172 std::map<unsigned int, bool> userPinProtect; 173 std::map<unsigned int, bool> saveLockScreenStatus; 174 std::map<unsigned int, bool> saveESecretStatus; 175 std::mutex keyMutex_; 176 bool hasGlobalDeviceKey_; 177 }; 178 } // namespace StorageDaemon 179 } // namespace OHOS 180 181 #endif // STORAGE_DAEMON_CRYPTO_KEYMANAGER_H 182