1 /* 2 * Copyright (C) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef OHOS_VPN_ENCRYPTION_UTIL_H 16 #define OHOS_VPN_ENCRYPTION_UTIL_H 17 #include <string> 18 #include <vector> 19 #include "hks_api.h" 20 #include "hks_type.h" 21 #include "hks_param.h" 22 23 namespace OHOS { 24 namespace NetManagerStandard { 25 constexpr const char *ENCRYT_KEY_FILENAME = "SysVpn"; 26 constexpr const char *ENCRYT_SPLIT_SEP = ","; 27 constexpr uint32_t AES_COMMON_SIZE = 2048 + 16; // 2048 for AES-256, 16 for IV 28 constexpr uint32_t AAD_SIZE = 16; 29 constexpr uint32_t NONCE_SIZE = 16; 30 constexpr uint32_t AEAD_SIZE = 16; 31 constexpr uint32_t AES_256_NONCE_SIZE = 32; 32 constexpr uint32_t MAX_UPDATE_SIZE = 64 * 1024; 33 34 const uint8_t AAD[AAD_SIZE] = {0}; 35 36 class EncryptedData final { 37 public: 38 std::string encryptedData_ = ""; 39 std::string iv_ = ""; EncryptedData(const std::string data,const std::string inputIv)40 EncryptedData(const std::string data, const std::string inputIv) 41 { 42 encryptedData_ = data; 43 iv_ = inputIv; 44 } EncryptedData()45 EncryptedData() {} ~EncryptedData()46 ~EncryptedData() {} 47 }; 48 49 class VpnEncryptionInfo { 50 public: 51 int32_t userId = -1; 52 std::string fileName; 53 static constexpr char SYSVPN_ENCRY_KEY[] = "EncryHksAes"; 54 struct HksBlob keyAlias = { fileName.length(), (uint8_t *)&fileName[0] }; SetFile(const std::string file,int32_t id)55 void SetFile(const std::string file, int32_t id) 56 { 57 fileName = SYSVPN_ENCRY_KEY + file; 58 keyAlias = { fileName.length(), (uint8_t *)&fileName[0] }; 59 userId = id; 60 } VpnEncryptionInfo(const std::string file,int32_t id)61 explicit VpnEncryptionInfo(const std::string file, int32_t id) 62 { 63 SetFile(file, id); 64 } VpnEncryptionInfo()65 VpnEncryptionInfo() {} ~VpnEncryptionInfo()66 ~VpnEncryptionInfo() {} 67 }; 68 69 /** 70 * @Description Set up Huks service 71 * @return HKS_SUCCESS setup success, others setup failed 72 */ 73 int32_t SetUpHks(); 74 75 /** 76 * @Description Generate new or get existed GCM-AES key based on input encryptionInfo and genParamSet 77 * @param keyAlias keyAlias info 78 * @param genParamSet generate params 79 * @return HKS_SUCCESS find key, others find key failed 80 */ 81 int32_t GetKeyByAlias(struct HksBlob *keyAlias, const struct HksParamSet *genParamSet); 82 83 /** 84 * @Description Encrypt inputString using GCM-AES based on input encryptionInfo 85 * @param VpnEncryptionInfo keyAlias info 86 * @param inputString plaint string that needs to be encrypted 87 * @param encryptedData encrypted result with encrypted string and IV value 88 * @return HKS_SUCCESS encryption success, others encryption failed 89 */ 90 int32_t VpnEncryption(const VpnEncryptionInfo &vpnEncryptionInfo, const std::string &inputString, 91 EncryptedData &encryptedData); 92 93 /** 94 * @Description Decrypt encryptedData using GCM-AES based on input encryptionInfo 95 * @param VpnEncryptionInfo keyAlias info 96 * @param encryptedData encrypted result with encrypted string and IV value 97 * @param decryptedData string after decryption 98 * @return HKS_SUCCESS decryption success, others decryption failed 99 */ 100 int32_t VpnDecryption(const VpnEncryptionInfo &vpnEncryptionInfo, const EncryptedData &encryptedData, 101 std::string &decryptedData); 102 103 /** 104 * @Description Encrypt string using GCM-AES based on input encryptionInfo 105 * @param VpnEncryptionInfo keyAlias info 106 * @param data Encrypt string 107 * @return HKS_SUCCESS encryption success, others - encryption failed 108 */ 109 int32_t VpnEncryptData(const VpnEncryptionInfo &vpnEncryptionInfo, std::string &data); 110 111 /** 112 * @Description Decrypt string using GCM-AES based on input encryptionInfo 113 * @param VpnEncryptionInfo keyAlias info 114 * @param data Decrypt string 115 * @return HKS_SUCCESS decryption success, others decryption failed 116 */ 117 int32_t VpnDecryptData(const VpnEncryptionInfo &vpnEncryptionInfo, std::string &data); 118 119 } // namespace NetManagerStandard 120 } // namespace OHOS 121 122 #endif // OHOS_VPN_ENCRYPTION_UTIL_H