1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef OHOS_DISTRIBUTED_DATA_SERVICES_SERVICE_CRYPTO_CRYPTO_MANAGER_H 16 #define OHOS_DISTRIBUTED_DATA_SERVICES_SERVICE_CRYPTO_CRYPTO_MANAGER_H 17 18 #include <cstdint> 19 #include <mutex> 20 #include <vector> 21 #include "metadata/secret_key_meta_data.h" 22 #include "metadata/store_meta_data.h" 23 #include "visibility.h" 24 25 namespace OHOS::DistributedData { 26 static constexpr int32_t DEFAULT_ENCRYPTION_LEVEL = 1; 27 static constexpr const char *DEFAULT_USER = "0"; 28 class API_EXPORT CryptoManager { 29 public: 30 enum SecretKeyType { 31 LOCAL_SECRET_KEY, 32 CLONE_SECRET_KEY, 33 }; 34 struct ParamConfig { 35 std::vector<uint8_t> nonce; 36 uint32_t purpose; 37 uint32_t storageLevel; 38 std::string userId; 39 }; 40 struct EncryptParams { 41 std::vector<uint8_t> keyAlias; 42 std::vector<uint8_t> nonce; 43 }; 44 enum Area : int32_t { 45 EL0, 46 EL1, 47 EL2, 48 EL3, 49 EL4, 50 EL5 51 }; 52 static CryptoManager &GetInstance(); 53 int32_t GenerateRootKey(); 54 int32_t CheckRootKey(); 55 std::vector<uint8_t> Encrypt(const std::vector<uint8_t> &key); 56 std::vector<uint8_t> Encrypt(const std::vector<uint8_t> &key, const EncryptParams &encryptParams); 57 std::vector<uint8_t> Encrypt(const std::vector<uint8_t> &key, int32_t area, const std::string &userId); 58 std::vector<uint8_t> Encrypt(const std::vector<uint8_t> &key, 59 int32_t area, const std::string &userId, const EncryptParams &encryptParams 60 ); 61 bool Decrypt(std::vector<uint8_t> &source, std::vector<uint8_t> &key, const EncryptParams &encryptParams); 62 bool Decrypt(std::vector<uint8_t> &source, std::vector<uint8_t> &key, int32_t area, const std::string &userId); 63 bool Decrypt(std::vector<uint8_t> &source, std::vector<uint8_t> &key, 64 int32_t area, const std::string &userId, const EncryptParams &encryptParams 65 ); 66 bool ImportKey(const std::vector<uint8_t> &key, const std::vector<uint8_t> &keyAlias); 67 bool DeleteKey(const std::vector<uint8_t> &keyAlias); 68 bool UpdateSecretKey(const StoreMetaData &meta, const std::vector<uint8_t> &password, 69 SecretKeyType secretKeyType = LOCAL_SECRET_KEY); 70 bool Decrypt(const StoreMetaData &meta, SecretKeyMetaData &secretKeyMeta, std::vector<uint8_t> &key, 71 SecretKeyType secretKeyType = LOCAL_SECRET_KEY); 72 73 enum ErrCode : int32_t { 74 SUCCESS, 75 NOT_EXIST, 76 ERROR, 77 }; 78 private: 79 static constexpr const char *ROOT_KEY_ALIAS = "distributed_db_root_key"; 80 static constexpr const char *HKS_BLOB_TYPE_NONCE = "Z5s0Bo571KoqwIi6"; 81 static constexpr const char *HKS_BLOB_TYPE_AAD = "distributeddata"; 82 static constexpr int KEY_SIZE = 32; 83 static constexpr int AES_256_NONCE_SIZE = 32; 84 static constexpr int HOURS_PER_YEAR = (24 * 365); 85 86 int32_t GenerateRootKey(uint32_t storageLevel, const std::string &userId); 87 int32_t CheckRootKey(uint32_t storageLevel, const std::string &userId); 88 uint32_t GetStorageLevel(int32_t area); 89 int32_t PrepareRootKey(uint32_t storageLevel, const std::string &userId); 90 std::vector<uint8_t> EncryptInner(const std::vector<uint8_t> &key, const SecretKeyType type, int32_t area, 91 const std::string &userId); 92 bool DecryptInner(std::vector<uint8_t> &source, std::vector<uint8_t> &key, int32_t area, 93 const std::string &userId, std::vector<uint8_t> &keyAlias, std::vector<uint8_t> &nonce); 94 CryptoManager(); 95 std::vector<uint8_t> vecRootKeyAlias_{}; 96 std::vector<uint8_t> vecNonce_{}; 97 std::vector<uint8_t> vecAad_{}; 98 ~CryptoManager(); 99 std::mutex mutex_; 100 }; 101 } // namespace OHOS::DistributedData 102 #endif // OHOS_DISTRIBUTED_DATA_SERVICES_SERVICE_CRYPTO_CRYPTO_MANAGER_H 103