1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef STORAGE_DAEMON_CRYPTO_FBEX_X 17 #define STORAGE_DAEMON_CRYPTO_FBEX_X 18 19 #include <string> 20 21 #include "key_blob.h" 22 23 namespace OHOS { 24 namespace StorageDaemon { 25 constexpr uint32_t USERID_GLOBAL_EL1 = 0; 26 constexpr uint32_t TYPE_EL1 = 0; 27 constexpr uint32_t TYPE_EL2 = 1; 28 constexpr uint32_t TYPE_EL3 = 3; 29 constexpr uint32_t TYPE_EL4 = 2; 30 constexpr uint32_t TYPE_EL5 = 6; 31 constexpr uint32_t TYPE_GLOBAL_EL1 = 4; 32 33 constexpr uint32_t FBEX_IV_SIZE = 64; 34 constexpr uint32_t FBEX_KEYID_SIZE = 64; 35 constexpr int STORAGE_UNSUPPORT_CODE = 0; 36 constexpr int SINGLE_ID_INDEX = 0; 37 constexpr int DOUBLE_ID_INDEX = 1; 38 constexpr int USER_ID_SIZE = 2; 39 40 struct UserIdToFbeStr { 41 uint32_t userIds[USER_ID_SIZE]; 42 int size = USER_ID_SIZE; 43 }; 44 45 class FBEX { 46 public: 47 static bool IsFBEXSupported(); 48 static int InstallKeyToKernel(uint32_t userId, uint32_t type, KeyBlob &iv, uint8_t flag, const KeyBlob &authToken); 49 static int InstallDoubleDeKeyToKernel(UserIdToFbeStr &userIdToFbe, KeyBlob &iv, 50 uint8_t flag, const KeyBlob &authToken); 51 static int UninstallOrLockUserKeyToKernel(uint32_t userId, uint32_t type, uint8_t *iv, uint32_t size, bool destroy); 52 static int LockScreenToKernel(uint32_t userId); 53 static int UnlockScreenToKernel(uint32_t userId, uint32_t type, 54 uint8_t *iv, uint32_t size, const KeyBlob &authToken); 55 static int ReadESecretToKernel(UserIdToFbeStr &userIdToFbe, uint32_t status, 56 KeyBlob &eBuffer, const KeyBlob &authToken, bool &isFbeSupport); 57 static int WriteESecretToKernel(UserIdToFbeStr &userIdToFbe, uint32_t status, uint8_t *eBuffer, uint32_t length); 58 static bool IsMspReady(); 59 static int GetStatus(); 60 static int UnlockSendSecret(uint32_t status, uint32_t bufferSize, uint32_t length, 61 std::unique_ptr<uint8_t[]> &eBuffer, uint8_t *opseBuffer); 62 static int InstallEL5KeyToKernel(uint32_t userIdSingle, uint32_t userIdDouble, uint8_t flag, 63 bool &isSupport, bool &isNeedEncryptClassE); 64 static int DeleteClassEPinCode(uint32_t userIdSingle, uint32_t userIdDouble); 65 static int ChangePinCodeClassE(uint32_t userIdSingle, uint32_t userIdDouble, bool &isFbeSupport); 66 static int UpdateClassEBackUp(uint32_t userIdSingle, uint32_t userIdDouble); 67 static int GenerateAppkey(UserIdToFbeStr &userIdToFbe, uint32_t hashId, std::unique_ptr<uint8_t[]> &keyId, 68 uint32_t size); 69 static int LockUece(uint32_t userIdSingle, uint32_t userIdDouble, bool &isFbeSupport); 70 static bool CheckPreconditions(UserIdToFbeStr &userIdToFbe, uint32_t status, std::unique_ptr<uint8_t[]> &eBuffer, 71 uint32_t length, bool &isFbeSupport); 72 static void HandleIoctlError(int ret, int errnoVal, const std::string &cmd, uint32_t userIdSingle, 73 uint32_t userIdDouble); 74 }; 75 } // namespace StorageDaemon 76 } // namespace OHOS 77 78 #endif // STORAGE_DAEMON_CRYPTO_FBEX_X 79