• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H
16 #define OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H
17 #include <atomic>
18 
19 #include "kv_store_delegate_manager.h"
20 #include "kv_store_nb_delegate.h"
21 #include "task_executor.h"
22 #include "types.h"
23 #include "types_export.h"
24 namespace OHOS::DistributedKv {
25 class SecurityManager {
26 public:
27     struct SecurityContent {
28         static constexpr size_t MAGIC_NUM = 4;
29         static constexpr uint8_t MAGIC_CHAR = 0x6A;
30         static constexpr uint32_t MAGIC_NUMBER = 0x6A6A6A6A;
31         static constexpr uint8_t INVALID_VERSION = 0x00;
32         static constexpr uint8_t CURRENT_VERSION = 0x01;
33         static constexpr int32_t NONCE_SIZE = 12;
34         static constexpr int32_t KEY_SIZE = 32;
35 
36         bool isNewStyle = true;
37         uint32_t magicNum = MAGIC_NUMBER;
38         uint8_t version = INVALID_VERSION;
39         std::vector<uint8_t> time;
40         std::vector<uint8_t> nonceValue;
41         // encryptValue contains version and time and key
42         std::vector<uint8_t> encryptValue;
43         std::vector<uint8_t> fullKeyValue;
44     };
45 
46     struct DBPassword {
47         bool isKeyOutdated = false;
48         DistributedDB::CipherPassword password;
GetSizeDBPassword49         size_t GetSize() const
50         {
51             return password.GetSize();
52         }
GetDataDBPassword53         const uint8_t *GetData() const
54         {
55             return password.GetData();
56         }
SetValueDBPassword57         int SetValue(const uint8_t *inputData, size_t inputSize)
58         {
59             return password.SetValue(inputData, inputSize);
60         }
IsValidDBPassword61         bool IsValid()
62         {
63             return password.GetSize() != 0;
64         }
ClearDBPassword65         int Clear()
66         {
67             return password.Clear();
68         }
69     };
70 
71     class KeyFiles {
72     public:
73         KeyFiles(const std::string &name, const std::string &path, bool openFile = true);
74         ~KeyFiles();
75         int32_t Lock();
76         int32_t UnLock();
77         int32_t DestroyLock();
78     private:
79         int32_t FileLock(int32_t lockType);
80         int32_t lockFd_ = -1;
81         std::string lockFile_;
82     };
83 
84     class KeyFilesAutoLock {
85     public:
86         explicit KeyFilesAutoLock(KeyFiles& keyFiles);
87         ~KeyFilesAutoLock();
88         KeyFilesAutoLock(const KeyFilesAutoLock&) = delete;
89         KeyFilesAutoLock& operator=(const KeyFilesAutoLock&) = delete;
90         int32_t UnLockAndDestroy();
91     private:
92         KeyFiles& keyFiles_;
93     };
94 
95     static SecurityManager &GetInstance();
96     DBPassword GetDBPassword(const std::string &name, const std::string &path, bool needCreate = false);
97     bool SaveDBPassword(const std::string &name, const std::string &path, const DistributedDB::CipherPassword &key);
98     void DelDBPassword(const std::string &name, const std::string &path);
99 
100 private:
101     SecurityManager();
102     ~SecurityManager();
103     std::vector<uint8_t> Random(int32_t length);
104     bool LoadContent(SecurityContent &content, const std::string &path);
105     void LoadKeyFromFile(const std::string &path, SecurityContent &securityContent);
106     void LoadNewKey(const std::vector<char> &content, SecurityContent &securityContent);
107     void LoadOldKey(const std::vector<char> &content, SecurityContent &securityContent);
108     bool SaveKeyToFile(const std::string &name, const std::string &path, std::vector<uint8_t> &key);
109     bool IsKeyOutdated(const std::vector<uint8_t> &date);
110     int32_t GenerateRootKey();
111     int32_t CheckRootKey();
112     bool Retry();
113     bool Encrypt(const std::vector<uint8_t> &key, SecurityContent &content);
114     bool Decrypt(SecurityContent &content);
115 
116     std::vector<uint8_t> vecRootKeyAlias_{};
117     std::vector<uint8_t> vecNonce_{};
118     std::vector<uint8_t> vecAad_{};
119     std::atomic_bool hasRootKey_ = false;
120 };
121 } // namespace OHOS::DistributedKv
122 #endif // OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H