1 /*
2 * Copyright (c) 2021 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "os_account_manager.h"
17 #include "crypto/filesystem_crypto.h"
18
19 #include "storage_daemon_communication/storage_daemon_communication.h"
20 #include "storage_service_constant.h"
21 #include "storage_service_errno.h"
22 #include "storage_service_log.h"
23 #include "utils/storage_radar.h"
24
25 using namespace OHOS::StorageDaemon;
26 using namespace OHOS::AccountSA;
27 using namespace OHOS::StorageService;
28 namespace OHOS {
29 namespace StorageManager {
FileSystemCrypto()30 FileSystemCrypto::FileSystemCrypto()
31 {
32 LOGI("DEBUG FileSystemCrypto constructer");
33 }
34
~FileSystemCrypto()35 FileSystemCrypto::~FileSystemCrypto()
36 {
37 LOGI("DEBUG ~FileSystemCrypto destructer ~");
38 }
39
CheckUserIdRange(int32_t userId)40 int32_t FileSystemCrypto::CheckUserIdRange(int32_t userId)
41 {
42 if (userId < StorageService::START_USER_ID || userId > StorageService::MAX_USER_ID) {
43 LOGE("FileSystemCrypto: userId:%{public}d is out of range", userId);
44 return E_USERID_RANGE;
45 }
46 return E_OK;
47 }
48
GenerateUserKeys(uint32_t userId,uint32_t flags)49 int32_t FileSystemCrypto::GenerateUserKeys(uint32_t userId, uint32_t flags)
50 {
51 LOGI("UserId: %{public}u, flags: %{public}u", userId, flags);
52 int32_t err = CheckUserIdRange(userId);
53 if (err != E_OK) {
54 LOGE("User ID out of range");
55 return err;
56 }
57 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
58 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
59 err = sdCommunication->GenerateUserKeys(userId, flags);
60 return err;
61 }
62
DeleteUserKeys(uint32_t userId)63 int32_t FileSystemCrypto::DeleteUserKeys(uint32_t userId)
64 {
65 LOGI("UserId: %{public}u", userId);
66 int32_t err = CheckUserIdRange(userId);
67 if (err != E_OK) {
68 LOGE("User ID out of range");
69 return err;
70 }
71 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
72 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
73 err = sdCommunication->DeleteUserKeys(userId);
74 return err;
75 }
76
UpdateUserAuth(uint32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)77 int32_t FileSystemCrypto::UpdateUserAuth(uint32_t userId, uint64_t secureUid,
78 const std::vector<uint8_t> &token,
79 const std::vector<uint8_t> &oldSecret,
80 const std::vector<uint8_t> &newSecret)
81 {
82 LOGI("UserId: %{public}u", userId);
83 int32_t err = CheckUserIdRange(userId);
84 if (err != E_OK) {
85 LOGE("User ID out of range");
86 return err;
87 }
88 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
89 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
90 err = sdCommunication->UpdateUserAuth(userId, secureUid, token, oldSecret, newSecret);
91 return err;
92 }
93
UpdateUseAuthWithRecoveryKey(const std::vector<uint8_t> & authToken,const std::vector<uint8_t> & newSecret,uint64_t secureUid,uint32_t userId,const std::vector<std::vector<uint8_t>> & plainText)94 int32_t FileSystemCrypto::UpdateUseAuthWithRecoveryKey(const std::vector<uint8_t> &authToken,
95 const std::vector<uint8_t> &newSecret,
96 uint64_t secureUid,
97 uint32_t userId,
98 const std::vector<std::vector<uint8_t>> &plainText)
99 {
100 LOGI("UserId: %{public}u", userId);
101 int32_t err = CheckUserIdRange(userId);
102 if (err != E_OK) {
103 LOGE("User ID out of range");
104 return err;
105 }
106 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
107 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
108 err = sdCommunication->UpdateUseAuthWithRecoveryKey(authToken, newSecret, secureUid, userId, plainText);
109 return err;
110 }
111
ActiveUserKey(uint32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)112 int32_t FileSystemCrypto::ActiveUserKey(uint32_t userId,
113 const std::vector<uint8_t> &token,
114 const std::vector<uint8_t> &secret)
115 {
116 LOGI("UserId: %{public}u", userId);
117 int32_t err = CheckUserIdRange(userId);
118 if (err != E_OK) {
119 LOGE("User ID out of range");
120 return err;
121 }
122 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
123 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
124 err = sdCommunication->ActiveUserKey(userId, token, secret);
125 return err;
126 }
127
InactiveUserKey(uint32_t userId)128 int32_t FileSystemCrypto::InactiveUserKey(uint32_t userId)
129 {
130 LOGI("UserId: %{public}u", userId);
131 int32_t err = CheckUserIdRange(userId);
132 if (err != E_OK) {
133 LOGE("User ID out of range");
134 return err;
135 }
136 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
137 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
138 err = sdCommunication->InactiveUserKey(userId);
139 return err;
140 }
141
LockUserScreen(uint32_t userId)142 int32_t FileSystemCrypto::LockUserScreen(uint32_t userId)
143 {
144 LOGI("UserId: %{public}u", userId);
145 int32_t err = CheckUserIdRange(userId);
146 if (err != E_OK) {
147 LOGE("User ID out of range");
148 return err;
149 }
150 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
151 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
152 return sdCommunication->LockUserScreen(userId);
153 }
154
UnlockUserScreen(uint32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)155 int32_t FileSystemCrypto::UnlockUserScreen(uint32_t userId,
156 const std::vector<uint8_t> &token,
157 const std::vector<uint8_t> &secret)
158 {
159 LOGI("UserId: %{public}u", userId);
160 int32_t err = CheckUserIdRange(userId);
161 if (err != E_OK) {
162 LOGE("User ID out of range");
163 return err;
164 }
165 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
166 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
167 return sdCommunication->UnlockUserScreen(userId, token, secret);
168 }
169
GetFileEncryptStatus(uint32_t userId,bool & isEncrypted,bool needCheckDirMount)170 int32_t FileSystemCrypto::GetFileEncryptStatus(uint32_t userId, bool &isEncrypted, bool needCheckDirMount)
171 {
172 LOGI("UserId: %{public}u", userId);
173 int32_t err = CheckUserIdRange(userId);
174 if (err != E_OK) {
175 LOGE("User ID out of range");
176 return err;
177 }
178 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
179 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
180 return sdCommunication->GetFileEncryptStatus(userId, isEncrypted, needCheckDirMount);
181 }
182
GetUserNeedActiveStatus(uint32_t userId,bool & needActive)183 int32_t FileSystemCrypto::GetUserNeedActiveStatus(uint32_t userId, bool &needActive)
184 {
185 LOGI("UserId: %{public}u", userId);
186 int32_t err = CheckUserIdRange(userId);
187 if (err != E_OK) {
188 LOGE("User ID out of range");
189 return err;
190 }
191 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
192 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
193 return sdCommunication->GetUserNeedActiveStatus(userId, needActive);
194 }
195
GetLockScreenStatus(uint32_t userId,bool & lockScreenStatus)196 int32_t FileSystemCrypto::GetLockScreenStatus(uint32_t userId, bool &lockScreenStatus)
197 {
198 LOGI("UserId: %{public}u", userId);
199 int32_t err = CheckUserIdRange(userId);
200 if (err != E_OK) {
201 LOGE("User ID out of range");
202 return err;
203 }
204 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
205 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
206 return sdCommunication->GetLockScreenStatus(userId, lockScreenStatus);
207 }
208
GenerateAppkey(uint32_t hashId,uint32_t userId,std::string & keyId,bool needReSet)209 int32_t FileSystemCrypto::GenerateAppkey(uint32_t hashId, uint32_t userId, std::string &keyId, bool needReSet)
210 {
211 LOGI("UserId: %{public}u", userId);
212 int32_t err = CheckUserIdRange(userId);
213 if (err != E_OK) {
214 LOGE("User ID out of range");
215 return err;
216 }
217 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
218 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
219 return sdCommunication->GenerateAppkey(userId, hashId, keyId, needReSet);
220 }
221
DeleteAppkey(const std::string keyId)222 int32_t FileSystemCrypto::DeleteAppkey(const std::string keyId)
223 {
224 std::vector<int32_t> ids;
225 int ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(ids);
226 if (ret != 0 || ids.empty()) {
227 LOGE("Query active userid failed, ret = %{public}u", ret);
228 StorageRadar::ReportOsAccountResult("DeleteAppkey::QueryActiveOsAccountIds", ret, DEFAULT_USERID);
229 return ret;
230 }
231 int32_t userId = ids[0];
232 LOGI("UserId: %{public}u", userId);
233 int32_t err = CheckUserIdRange(userId);
234 if (err != E_OK) {
235 LOGE("User ID out of range");
236 return err;
237 }
238 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
239 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
240 return sdCommunication->DeleteAppkey(userId, keyId);
241 }
242
CreateRecoverKey(uint32_t userId,uint32_t userType,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)243 int32_t FileSystemCrypto::CreateRecoverKey(uint32_t userId,
244 uint32_t userType,
245 const std::vector<uint8_t> &token,
246 const std::vector<uint8_t> &secret)
247 {
248 LOGI("UserId: %{public}u", userId);
249 int32_t err = CheckUserIdRange(userId);
250 if (err != E_OK) {
251 LOGE("User ID out of range");
252 return err;
253 }
254 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
255 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
256 return sdCommunication->CreateRecoverKey(userId, userType, token, secret);
257 }
258
SetRecoverKey(const std::vector<uint8_t> & key)259 int32_t FileSystemCrypto::SetRecoverKey(const std::vector<uint8_t> &key)
260 {
261 std::vector<int32_t> ids;
262 int ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(ids);
263 if (ret != 0 || ids.empty()) {
264 LOGE("Query active userid failed, ret = %{public}u", ret);
265 StorageRadar::ReportOsAccountResult("SetRecoverKey::QueryActiveOsAccountIds", ret, DEFAULT_USERID);
266 return ret;
267 }
268 int32_t userId = ids[0];
269 LOGI("UserId: %{public}u", userId);
270 int32_t err = CheckUserIdRange(userId);
271 if (err != E_OK) {
272 LOGE("User ID out of range");
273 return err;
274 }
275 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
276 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
277 return sdCommunication->SetRecoverKey(key);
278 }
279
ResetSecretWithRecoveryKey(uint32_t userId,uint32_t rkType,const std::vector<uint8_t> & key)280 int32_t FileSystemCrypto::ResetSecretWithRecoveryKey(uint32_t userId, uint32_t rkType, const std::vector<uint8_t> &key)
281 {
282 LOGI("UserId: %{public}u", userId);
283 int32_t err = CheckUserIdRange(userId);
284 if (err != E_OK) {
285 LOGE("User ID out of range");
286 return err;
287 }
288 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
289 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
290 err = sdCommunication->ResetSecretWithRecoveryKey(userId, rkType, key);
291 return err;
292 }
293
UpdateKeyContext(uint32_t userId,bool needRemoveTmpKey)294 int32_t FileSystemCrypto::UpdateKeyContext(uint32_t userId, bool needRemoveTmpKey)
295 {
296 LOGI("UserId: %{public}u", userId);
297 int32_t err = CheckUserIdRange(userId);
298 if (err != E_OK) {
299 LOGE("User ID out of range");
300 return err;
301 }
302 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
303 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
304 err = sdCommunication->UpdateKeyContext(userId, needRemoveTmpKey);
305 return err;
306 }
307
InactiveUserPublicDirKey(uint32_t userId)308 int32_t FileSystemCrypto::InactiveUserPublicDirKey(uint32_t userId)
309 {
310 LOGI("UserId: %{public}u", userId);
311 int32_t err = CheckUserIdRange(userId);
312 if (err != E_OK) {
313 LOGE("User ID out of range");
314 return err;
315 }
316 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
317 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
318 err = sdCommunication->InactiveUserPublicDirKey(userId);
319 return err;
320 }
321
RegisterUeceActivationCallback(const sptr<IUeceActivationCallback> & ueceCallback)322 int32_t FileSystemCrypto::RegisterUeceActivationCallback(const sptr<IUeceActivationCallback> &ueceCallback)
323 {
324 LOGI("Enter RegisterUeceActivationCallback");
325 if (ueceCallback == nullptr) {
326 LOGE("callback is nullptr");
327 return E_PARAMS_NULLPTR_ERR;
328 }
329 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
330 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
331 return sdCommunication->RegisterUeceActivationCallback(ueceCallback);
332 }
333
UnregisterUeceActivationCallback()334 int32_t FileSystemCrypto::UnregisterUeceActivationCallback()
335 {
336 LOGI("Enter UnregisterUeceActivationCallback");
337 std::shared_ptr<StorageDaemonCommunication> sdCommunication;
338 sdCommunication = DelayedSingleton<StorageDaemonCommunication>::GetInstance();
339 return sdCommunication->UnregisterUeceActivationCallback();
340 }
341 }
342 }
343