• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef STORAGE_DAEMON_CRYPTO_KEYMANAGER_H
17 #define STORAGE_DAEMON_CRYPTO_KEYMANAGER_H
18 
19 #include "base_key.h"
20 #include "crypto_delay_handler.h"
21 #include "ipc/storage_daemon.h"
22 #include "utils/file_utils.h"
23 
24 namespace OHOS {
25 namespace StorageDaemon {
26 constexpr const char *USER_EL1_DIR = "/data/service/el1/public/storage_daemon/sd/el1";
27 constexpr const char *USER_EL2_DIR = "/data/service/el1/public/storage_daemon/sd/el2";
28 constexpr const char *USER_EL3_DIR = "/data/service/el1/public/storage_daemon/sd/el3";
29 constexpr const char *USER_EL4_DIR = "/data/service/el1/public/storage_daemon/sd/el4";
30 constexpr const char *USER_EL5_DIR = "/data/service/el1/public/storage_daemon/sd/el5";
31 constexpr const char *UECE_DIR = "data/app/el5";
32 constexpr const char *RESTORE_DIR = "/latest/need_restore";
33 constexpr const char *FSCRYPT_VERSION_DIR = "/fscrypt_version";
34 
35 constexpr const char *NATO_EL2_DIR = "/data/service/el1/public/storage_daemon/sd/el2_NATO";
36 constexpr const char *NATO_EL3_DIR = "/data/service/el1/public/storage_daemon/sd/el3_NATO";
37 constexpr const char *NATO_EL4_DIR = "/data/service/el1/public/storage_daemon/sd/el4_NATO";
38 
39 constexpr const char *MAINTAIN_USER_EL1_DIR = "/mnt/data_old/service/el1/public/storage_daemon/sd/el1";
40 constexpr const char *MAINTAIN_USER_EL2_DIR = "/mnt/data_old/service/el1/public/storage_daemon/sd/el2";
41 constexpr const char *MAINTAIN_USER_EL3_DIR = "/mnt/data_old/service/el1/public/storage_daemon/sd/el3";
42 constexpr const char *MAINTAIN_USER_EL4_DIR = "/mnt/data_old/service/el1/public/storage_daemon/sd/el4";
43 constexpr const char *MAINTAIN_USER_EL5_DIR = "/mnt/data_old/service/el1/public/storage_daemon/sd/el5";
44 
45 class KeyManager {
46 public:
GetInstance(void)47     static KeyManager &GetInstance(void)
48     {
49         static KeyManager instance;
50         return instance;
51     }
52     int InitGlobalDeviceKey(void);
53     int InitGlobalUserKeys(void);
54     int GenerateUserKeys(unsigned int user, uint32_t flags);
55     int DeleteUserKeys(unsigned int user);
56 
57 #ifdef USER_CRYPTO_MIGRATE_KEY
58     int UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret,
59                        bool needGenerateShield = true);
60     int UpdateCeEceSeceUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret,
61                                 KeyType type, bool needGenerateShield);
62 #else
63     int UpdateUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret);
64     std::string CheckSecretStatus(struct UserTokenSecret &userTokenSecret);
65     void HandleEl2Error(int ret, unsigned int user, const std::string &secretInfo,
66                         const std::string &reportPrefix, const std::string &level);
67     int UpdateCeEceSeceUserAuth(unsigned int user, struct UserTokenSecret &userTokenSecret,
68                                 KeyType type);
69 
70 #endif
71     int UpdateUseAuthWithRecoveryKey(const std::vector<uint8_t> &authToken,
72                                      const std::vector<uint8_t> &newSecret,
73                                      uint64_t secureUid,
74                                      uint32_t userId,
75                                      const std::vector<std::vector<uint8_t>> &plainText);
76     int ActiveCeSceSeceUserKey(unsigned int user, KeyType type, const std::vector<uint8_t> &token,
77                                const std::vector<uint8_t> &secret);
78     int InActiveUserKey(unsigned int user);
79     int SetDirectoryElPolicy(unsigned int user, KeyType type,
80                              const std::vector<FileList> &vec);
81     int UpdateKeyContext(uint32_t userId, bool needRemoveTmpKey = false);
82     int UpdateCeEceSeceKeyContext(uint32_t userId, KeyType type);
83     int UpdateClassEBackUp(uint32_t userId);
84     int getElxKeyPath(unsigned int user, KeyType type, std::string &elxKeyPath);
85     int LockUserScreen(uint32_t user);
86     int UnlockUserScreen(uint32_t user, const std::vector<uint8_t> &token,
87                          const std::vector<uint8_t> &secret);
88     int GetLockScreenStatus(uint32_t user, bool &lockScreenStatus);
89     int GenerateAppkey(uint32_t user, uint32_t hashId, std::string &keyId, bool needReSet = false);
90     int DeleteAppkey(uint32_t user, const std::string keyId);
91     int UnlockUserAppKeys(uint32_t userId, bool needGetAllAppKey);
92     int GetFileEncryptStatus(uint32_t userId, bool &isEncrypted, bool needCheckDirMount = false);
93     int CreateRecoverKey(uint32_t userId, uint32_t userType, const std::vector<uint8_t> &token,
94                          const std::vector<uint8_t> &secret);
95     int SetRecoverKey(const std::vector<uint8_t> &key);
96     int32_t ResetSecretWithRecoveryKey(uint32_t userId, uint32_t rkType, const std::vector<uint8_t> &key);
97 #ifdef EL5_FILEKEY_MANAGER
98     int RegisterUeceActivationCallback(const sptr<StorageManager::IUeceActivationCallback> &ueceCallback);
99     int UnregisterUeceActivationCallback();
100 #endif
101     int NotifyUeceActivation(uint32_t userId, int32_t resultCode, bool needGetAllAppKey);
102 #ifdef USER_CRYPTO_MIGRATE_KEY
103     int RestoreUserKey(uint32_t userId, KeyType type);
104     int32_t ClearAppCloneUserNeedRestore(unsigned int userId, std::string elNeedRestorePath);
105 #endif
106     std::string GetKeyDirByUserAndType(unsigned int user, KeyType type);
107     std::string GetKeyDirByType(KeyType type);
108     int GenerateUserKeyByType(unsigned int user, KeyType type,
109                               const std::vector<uint8_t> &token,
110                               const std::vector<uint8_t> &secret);
111     int TryToFixUserCeEceSeceKey(unsigned int userId, KeyType type,
112                                  const std::vector<uint8_t> &token,
113                                  const std::vector<uint8_t> &secret);
114     int TryToFixUeceKey(unsigned int userId,
115                         const std::vector<uint8_t> &token,
116                         const std::vector<uint8_t> &secret);
117     int ActiveElxUserKey4Nato(unsigned int user, KeyType type, const KeyBlob &authToken);
118     std::string GetNatoNeedRestorePath(uint32_t userId, KeyType type);
119     // userElKeys_ function
120     void SaveUserElKey(unsigned int user, KeyType type, std::shared_ptr<BaseKey> elKey);
121     void DeleteElKey(unsigned int user, KeyType type);
122     bool HasElkey(uint32_t userId, KeyType type);
123     friend class KeyManagerExt;
124 private:
KeyManager()125     KeyManager()
126     {
127         hasGlobalDeviceKey_ = false;
128         getLockStatusTime_[0] = 0;
129         getLockStatusTime_[1] = 0;
130     }
~KeyManager()131     ~KeyManager() {}
132     KeyManager(const KeyManager &) = delete;
133     KeyManager& operator= (const KeyManager &) = delete;
134     KeyManager(KeyManager &&) = delete;
135     KeyManager& operator= (KeyManager &&) = delete;
136     int GenerateAndInstallDeviceKey(const std::string &dir);
137     int RestoreDeviceKey(const std::string &dir);
138     int GenerateAndInstallUserKey(uint32_t userId, const std::string &dir, const UserAuth &auth, KeyType type);
139     int GenerateAndInstallEl5Key(uint32_t userId, const std::string &dir, const UserAuth &auth);
140     int RestoreUserKey(uint32_t userId, const std::string &dir, const UserAuth &auth, KeyType type);
141     int LoadAllUsersEl1Key(void);
142     int InitUserElkeyStorageDir(void);
143     int DoDeleteUserKeys(unsigned int user);
144     int DoDeleteUserCeEceSeceKeys(unsigned int user, const std::string userDir, KeyType type);
145     int UpgradeKeys(const std::vector<FileList> &dirInfo);
146     int UpdateESecret(unsigned int user, struct UserTokenSecret &tokenSecret);
147     bool ResetESecret(unsigned int user, std::shared_ptr<BaseKey> &elKey);
148     std::shared_ptr<BaseKey> GetBaseKey(const std::string& dir);
149     std::shared_ptr<BaseKey> GetUserElKey(unsigned int user, KeyType type);
150     bool IsNeedClearKeyFile(std::string file);
151     bool CheckDir(KeyType type, std::string keyDir, unsigned int user);
152     int ActiveUece(unsigned int user,
153                    std::shared_ptr<BaseKey> elKey,
154                    const std::vector<uint8_t> &token,
155                    const std::vector<uint8_t> &secret);
156     void ProcUpgradeKey(const std::vector<FileList> &dirInfo);
157     int GenerateElxAndInstallUserKey(unsigned int user);
158     int ActiveUeceUserKey(unsigned int user,
159                           const std::vector<uint8_t> &token,
160                           const std::vector<uint8_t> &secret, std::shared_ptr<BaseKey> elKey);
161     int ActiveElXUserKey(unsigned int user,
162                          const std::vector<uint8_t> &token, KeyType keyType,
163                          const std::vector<uint8_t> &secret, std::shared_ptr<BaseKey> elKey);
164     int InactiveUserElKey(unsigned int user, KeyType type);
165     int CheckAndDeleteEmptyEl5Directory(std::string keyDir, unsigned int user);
166     bool GetUserDelayHandler(uint32_t userId, std::shared_ptr<DelayHandler> &delayHandler);
167     bool IsUeceSupport();
168     int IsUeceSupportWithErrno();
169     bool IsUserCeDecrypt(uint32_t userId);
170     int32_t UnlockEceSece(uint32_t user, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret);
171     int32_t UnlockUece(uint32_t user, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret);
172     int CheckUserPinProtect(unsigned int userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret);
173     bool IsWorkDirExist(std::string type, int32_t userId);
174     int GenerateIntegrityDirs(int32_t userId, KeyType type);
175     int CheckAndFixUserKeyDirectory(unsigned int user);
176     int DoChangerPinCodeClassE(unsigned int user, std::shared_ptr<BaseKey> &el5Key);
177     bool HashElxActived(unsigned int user, KeyType type);
178     bool IsAppCloneUser(unsigned int user);
179     int CheckNeedRestoreVersion(unsigned int user, KeyType type);
180     int GenerateAppkeyWithRecover(uint32_t userId, uint32_t hashId, std::string &keyId);
181 
182 #ifdef EL5_FILEKEY_MANAGER
183     int GenerateAndLoadAppKeyInfo(uint32_t userId, const std::vector<std::pair<int, std::string>> &keyInfo);
184 #endif
185     using KeyMap = std::map<KeyType, std::shared_ptr<BaseKey>>;
186     std::map<unsigned int, KeyMap> userElKeys_;
187     std::map<unsigned int, std::shared_ptr<DelayHandler>> userLockScreenTask_;
188     std::shared_ptr<BaseKey> globalEl1Key_ { nullptr };
189     std::map<unsigned int, bool> userPinProtect;
190     std::map<unsigned int, bool> saveLockScreenStatus;
191     std::map<unsigned int, bool> saveESecretStatus;
192     std::mutex keyMutex_;
193     int64_t getLockStatusTime_[2];
194     bool hasGlobalDeviceKey_;
195 
196 #ifdef EL5_FILEKEY_MANAGER
197     std::mutex ueceMutex_;
198     sptr<StorageManager::IUeceActivationCallback> ueceCallback_ = nullptr;
199 #endif
200 };
201 } // namespace StorageDaemon
202 } // namespace OHOS
203 
204 #endif // STORAGE_DAEMON_CRYPTO_KEYMANAGER_H
205