1 /* 2 * Copyright (c) 2021-2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef STORAGE_DAEMON_CRYPTO_BASEKEY_H 16 #define STORAGE_DAEMON_CRYPTO_BASEKEY_H 17 18 #include "openssl_crypto.h" 19 #include "storage_service_constant.h" 20 21 namespace OHOS { 22 namespace StorageDaemon { 23 constexpr const char *SUFFIX_NEED_UPDATE = "/need_update"; 24 constexpr const char *SUFFIX_NEED_RESTORE = "/need_restore"; 25 constexpr const char *PATH_KEY_VERSION = "/version_"; 26 enum UpdateVersion { 27 UPDATE_V2 = 2, 28 UPDATE_V4 = 4 29 }; 30 31 class BaseKey : public std::enable_shared_from_this<BaseKey> { 32 public: 33 BaseKey() = delete; 34 BaseKey(const std::string &dir, uint8_t keyLen = CRYPTO_AES_256_XTS_KEY_SIZE); 35 ~BaseKey() = default; 36 37 /* key operations */ 38 bool InitKey(bool needGenerateKey); 39 #ifdef USER_CRYPTO_MIGRATE_KEY 40 int32_t StoreKey(const UserAuth &auth, bool needGenerateShield = true); 41 #else 42 int32_t StoreKey(const UserAuth &auth); 43 #endif 44 int32_t UpdateKey(const std::string &keypath = "", bool needSyncCandidate = true); 45 int32_t RestoreKey(const UserAuth &auth, bool needSyncCandidate = true); 46 int32_t RestoreKey4Nato(const std::string &keyDir, KeyType type); 47 virtual int32_t ActiveKey(uint32_t flag, const std::string &mnt = std::string(MNT_DATA)) = 0; 48 virtual int32_t InactiveKey(uint32_t flag, const std::string &mnt = std::string(MNT_DATA)) = 0; 49 virtual int32_t LockUserScreen(uint32_t flag, uint32_t sdpClass, 50 const std::string &mnt = std::string(MNT_DATA)) = 0; 51 virtual int32_t UnlockUserScreen(uint32_t flag, uint32_t sdpClass, 52 const std::string &mnt = std::string(MNT_DATA)) = 0; 53 virtual int32_t GenerateAppkey(uint32_t userId, uint32_t hashId, std::string &keyId) = 0; 54 virtual int32_t DeleteAppkey(const std::string keyId) = 0; 55 virtual int32_t AddClassE(bool &isNeedEncryptClassE, bool &isSupport, uint32_t status) = 0; 56 virtual int32_t DeleteClassEPinCode(uint32_t userId) = 0; 57 virtual int32_t DecryptClassE(const UserAuth &auth, bool &isSupport, bool &eBufferStatue, uint32_t user, 58 bool needSyncCandidate) = 0; 59 virtual int32_t EncryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user, uint32_t status) = 0; 60 virtual int32_t ChangePinCodeClassE(bool &isFbeSupport, uint32_t userId) = 0; 61 virtual int32_t LockUece(bool &isFbeSupport) = 0; 62 int32_t DoRestoreKey(const UserAuth &auth, const std::string &keypath); 63 int32_t EncryptKeyBlob(const UserAuth &auth, const std::string &keyPath, KeyBlob &planKey, KeyBlob &encryptedKey); 64 int32_t DecryptKeyBlob(const UserAuth &auth, const std::string &keyPath, KeyBlob &planKey, KeyBlob &decryptedKey); 65 bool RenameKeyPath(const std::string &keyPath); 66 bool ClearKey(const std::string &mnt = std::string(MNT_DATA)); 67 void WipingActionDir(std::string &path); 68 bool UpgradeKeys(); 69 bool GetOriginKey(KeyBlob &originKey); 70 void SetOriginKey(KeyBlob &originKey); 71 bool KeyDescIsEmpty(); 72 std::string GetKeyDir(); 73 74 KeyInfo keyInfo_; GetDir()75 std::string GetDir() const 76 { 77 return dir_; 78 } 79 enum class KeyEncryptType { 80 KEY_CRYPT_HUKS, 81 KEY_CRYPT_OPENSSL, 82 KEY_CRYPT_HUKS_OPENSSL 83 }; 84 85 protected: 86 static bool SaveKeyBlob(const KeyBlob &blob, const std::string &path); 87 static bool LoadKeyBlob(KeyBlob &blob, const std::string &path, const uint32_t size = 0); 88 std::string GetCandidateDir() const; 89 std::string dir_ {}; 90 91 private: 92 #ifdef USER_CRYPTO_MIGRATE_KEY 93 int32_t DoStoreKey(const UserAuth &auth, bool needGenerateShield = true); 94 #else 95 int32_t DoStoreKey(const UserAuth &auth); 96 #endif 97 int32_t LoadAndSaveShield(const UserAuth &auth, const std::string &pathShield, bool needGenerateShield, 98 KeyContext &keyCtx); 99 bool SaveAndCleanKeyBuff(const std::string &keyPath, KeyContext &keyCtx); 100 int32_t DoRestoreKeyCeEceSece(const UserAuth &auth, const std::string &path, const uint32_t keyType); 101 int32_t DoRestoreKeyDe(const UserAuth &auth, const std::string &path); 102 int32_t DoRestoreKeyOld(const UserAuth &auth, const std::string &keypath); 103 int32_t DoUpdateRestore(const UserAuth &auth, const std::string &keyPath); 104 int32_t DoUpdateRestoreVx(const UserAuth &auth, const std::string &KeyPath, UpdateVersion update_version); 105 static bool GenerateAndSaveKeyBlob(KeyBlob &blob, const std::string &path, const uint32_t size); 106 static bool GenerateKeyBlob(KeyBlob &blob, const uint32_t size); 107 int32_t EncryptDe(const UserAuth &auth, const std::string &path); 108 int32_t EncryptEceSece(const UserAuth &auth, const uint32_t keyType, KeyContext &keyCtx); 109 int32_t Decrypt(const UserAuth &auth); 110 int32_t DecryptReal(const UserAuth &auth, const uint32_t keyType, KeyContext &keyCtx); 111 bool CheckAndUpdateVersion(); 112 bool CombKeyCtx(const KeyBlob &nonce, const KeyBlob &rndEnc, const KeyBlob &aad, KeyBlob &keyOut); 113 bool SplitKeyCtx(const KeyBlob &keyIn, KeyBlob &nonce, KeyBlob &rndEnc, KeyBlob &aad); 114 void CombKeyBlob(const KeyBlob &encAad, const KeyBlob &end, KeyBlob &keyOut); 115 void SplitKeyBlob(const KeyBlob &keyIn, KeyBlob &encAad, KeyBlob &nonce, uint32_t start); 116 void ClearKeyContext(KeyContext &keyCtx); 117 int32_t InitKeyContext(const UserAuth &auth, const std::string &keyPath, KeyContext &keyCtx); 118 int GetCandidateVersion() const; 119 std::string GetNextCandidateDir() const; 120 void SyncKeyDir() const; 121 void DoLatestBackUp() const; 122 uint32_t GetTypeFromDir(); 123 uint32_t GetIdFromDir(); 124 125 KeyContext keyContext_ {}; 126 uint8_t keyLen_ {}; 127 KeyEncryptType keyEncryptType_; 128 std::string KeyEncryptTypeToString(KeyEncryptType keyEncryptType_) const; 129 }; 130 } // namespace StorageDaemon 131 } // namespace OHOS 132 133 #endif // STORAGE_DAEMON_CRYPTO_BASEKEY_H 134