1 /* 2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef STORAGE_DAEMON_CRYPTO_BASEKEY_H 16 #define STORAGE_DAEMON_CRYPTO_BASEKEY_H 17 18 #include <string> 19 20 #include "key_blob.h" 21 #include "openssl_crypto.h" 22 23 namespace OHOS { 24 namespace StorageDaemon { 25 const uint8_t RETRIEVE_KEY = 0x0; 26 const uint8_t FIRST_CREATE_KEY = 0x6c; 27 const uint8_t USER_LOGOUT = 0x0; 28 const uint8_t USER_DESTROY = 0x1; 29 const std::string SUFFIX_NEED_UPDATE = "/need_update"; 30 class BaseKey { 31 public: 32 BaseKey() = delete; 33 BaseKey(const std::string &dir, uint8_t keyLen = CRYPTO_AES_256_XTS_KEY_SIZE); 34 ~BaseKey() = default; 35 36 /* key operations */ 37 bool InitKey(); 38 #ifdef USER_CRYPTO_MIGRATE_KEY 39 bool StoreKey(const UserAuth &auth, bool needGenerateShield = true); 40 #else 41 bool StoreKey(const UserAuth &auth); 42 #endif 43 bool UpdateKey(const std::string &keypath = ""); 44 bool RestoreKey(const UserAuth &auth); 45 virtual bool ActiveKey(uint32_t flag, const std::string &mnt = MNT_DATA) = 0; 46 virtual bool InactiveKey(uint32_t flag, const std::string &mnt = MNT_DATA) = 0; 47 virtual bool LockUserScreen(uint32_t flag, uint32_t sdpClass, const std::string &mnt = MNT_DATA) = 0; 48 virtual bool UnlockUserScreen(uint32_t flag, uint32_t sdpClass, const std::string &mnt = MNT_DATA) = 0; 49 bool ClearKey(const std::string &mnt = MNT_DATA); 50 void WipingActionDir(std::string &path); 51 bool UpgradeKeys(); 52 KeyInfo keyInfo_; GetDir()53 std::string GetDir() const 54 { 55 return dir_; 56 } 57 enum class KeyEncryptType { 58 KEY_CRYPT_HUKS, 59 KEY_CRYPT_OPENSSL 60 }; 61 62 protected: 63 static bool SaveKeyBlob(const KeyBlob &blob, const std::string &path); 64 std::string dir_ {}; 65 66 private: 67 #ifdef USER_CRYPTO_MIGRATE_KEY 68 bool DoStoreKey(const UserAuth &auth, bool needGenerateShield = true); 69 #else 70 bool DoStoreKey(const UserAuth &auth); 71 #endif 72 bool LoadAndSaveShield(const UserAuth &auth, const std::string &pathTemp, bool needGenerateShield); 73 bool DoRestoreKey(const UserAuth &auth, const std::string &keypath); 74 static bool GenerateAndSaveKeyBlob(KeyBlob &blob, const std::string &path, const uint32_t size); 75 static bool GenerateKeyBlob(KeyBlob &blob, const uint32_t size); 76 static bool LoadKeyBlob(KeyBlob &blob, const std::string &path, const uint32_t size); 77 bool Encrypt(const UserAuth &auth); 78 bool Decrypt(const UserAuth &auth); 79 bool CheckAndUpdateVersion(); 80 int GetCandidateVersion() const; 81 std::string GetCandidateDir() const; 82 std::string GetNextCandidateDir() const; 83 void SyncKeyDir() const; 84 85 KeyContext keyContext_ {}; 86 uint8_t keyLen_ {}; 87 KeyEncryptType keyEncryptType_; 88 std::string KeyEncryptTypeToString(KeyEncryptType keyEncryptType_) const; 89 }; 90 } // namespace StorageDaemon 91 } // namespace OHOS 92 93 #endif // STORAGE_DAEMON_CRYPTO_BASEKEY_H 94