1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "fscrypt_key_v2.h"
17 
18 #include "libfscrypt/key_control.h"
19 #include "storage_service_log.h"
20 
21 namespace OHOS {
22 namespace StorageDaemon {
23 #ifdef SUPPORT_FSCRYPT_V2
ActiveKey(uint32_t flag,const std::string & mnt)24 bool FscryptKeyV2::ActiveKey(uint32_t flag, const std::string &mnt)
25 {
26     LOGD("enter");
27     if (keyInfo_.key.IsEmpty()) {
28         LOGE("rawkey is null");
29         return false;
30     }
31 
32     auto buf = std::make_unique<char[]>(sizeof(fscrypt_add_key_arg) + FSCRYPT_MAX_KEY_SIZE);
33     auto arg = reinterpret_cast<fscrypt_add_key_arg *>(buf.get());
34     (void)memset_s(arg, sizeof(fscrypt_add_key_arg) + FSCRYPT_MAX_KEY_SIZE, 0, sizeof(fscrypt_add_key_arg) +
35         FSCRYPT_MAX_KEY_SIZE);
36     arg->key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
37     arg->raw_size = keyInfo_.key.size;
38     auto err = memcpy_s(arg->raw, FSCRYPT_MAX_KEY_SIZE, keyInfo_.key.data.get(), keyInfo_.key.size);
39     if (err != EOK) {
40         LOGE("memcpy failed ret %{public}d", err);
41         return false;
42     }
43 
44     if (!KeyCtrlInstallKey(mnt.c_str(), arg)) {
45         LOGE("InstallKey failed");
46         return false;
47     }
48     keyInfo_.keyId.Alloc(FSCRYPT_KEY_IDENTIFIER_SIZE);
49     auto ret = memcpy_s(keyInfo_.keyId.data.get(), keyInfo_.keyId.size, arg->key_spec.u.identifier,
50         FSCRYPT_KEY_IDENTIFIER_SIZE);
51     if (ret != EOK) {
52         LOGE("memcpy_s failed ret %{public}d", ret);
53         return false;
54     }
55 
56     LOGD("success. key_id len:%{public}d, data(hex):%{private}s", keyInfo_.keyId.size,
57         keyInfo_.keyId.ToString().c_str());
58     if (!SaveKeyBlob(keyInfo_.keyId, dir_ + PATH_KEYID)) {
59         return false;
60     }
61     keyInfo_.key.Clear();
62     LOGD("success");
63     return true;
64 }
65 
InactiveKey(uint32_t flag,const std::string & mnt)66 bool FscryptKeyV2::InactiveKey(uint32_t flag, const std::string &mnt)
67 {
68     LOGD("enter");
69     if (keyInfo_.keyId.size == 0) {
70         LOGE("keyId size is 0");
71         return true;
72     }
73     if (keyInfo_.keyId.size != FSCRYPT_KEY_IDENTIFIER_SIZE) {
74         LOGE("keyId is invalid, %{public}u", keyInfo_.keyId.size);
75         return false;
76     }
77 
78     fscrypt_remove_key_arg arg;
79     (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
80     arg.key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
81     auto ret = memcpy_s(arg.key_spec.u.identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, keyInfo_.keyId.data.get(),
82         keyInfo_.keyId.size);
83     if (ret != EOK) {
84         LOGE("memcpy_s failed ret %{public}d", ret);
85         return false;
86     }
87 
88     if (!KeyCtrlRemoveKey(mnt.c_str(), &arg)) {
89         return false;
90     }
91     if (arg.removal_status_flags & FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS) {
92         LOGE("Other users still have this key added");
93     } else if (arg.removal_status_flags & FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY) {
94         LOGE("Some files using this key are still in-use");
95     }
96 
97     LOGD("success");
98     keyInfo_.keyId.Clear();
99     return true;
100 }
101 
102 #else
103 bool FscryptKeyV2::ActiveKey(uint32_t flag, const std::string &mnt)
104 {
105     (void)mnt;
106     (void)flag;
107     LOGI("Unsupported fscrypt v2");
108     return false;
109 }
110 
111 bool FscryptKeyV2::InactiveKey(uint32_t flag, const std::string &mnt)
112 {
113     (void)mnt;
114     (void)flag;
115     LOGI("Unsupported fscrypt v2");
116     return false;
117 }
118 #endif
119 
LockUserScreen(uint32_t flag,uint32_t sdpClass,const std::string & mnt)120 bool FscryptKeyV2::LockUserScreen(uint32_t flag, uint32_t sdpClass, const std::string &mnt)
121 {
122     (void)mnt;
123     (void)flag;
124     LOGI("Unsupported fscrypt v2");
125     return true;
126 }
127 
LockUece(bool & isFbeSupport)128 bool FscryptKeyV2::LockUece(bool &isFbeSupport)
129 {
130     isFbeSupport = false;
131     LOGI("Unsupported fscrypt v2");
132     return true;
133 }
134 
UnlockUserScreen(uint32_t flag,uint32_t sdpClass,const std::string & mnt)135 bool FscryptKeyV2::UnlockUserScreen(uint32_t flag, uint32_t sdpClass, const std::string &mnt)
136 {
137     (void)mnt;
138     (void)flag;
139     LOGI("Unsupported fscrypt v2");
140     return true;
141 }
142 
GenerateAppkey(uint32_t userId,uint32_t hashId,std::string & keyId)143 bool FscryptKeyV2::GenerateAppkey(uint32_t userId, uint32_t hashId, std::string &keyId)
144 {
145     LOGI("Unsupported fscrypt v2");
146     return false;
147 }
148 
DeleteAppkey(const std::string KeyId)149 bool FscryptKeyV2::DeleteAppkey(const std::string KeyId)
150 {
151     LOGI("Unsupported fscrypt v2");
152     return false;
153 }
154 
AddClassE(bool & isNeedEncryptClassE,bool & isSupport,uint32_t status)155 bool FscryptKeyV2::AddClassE(bool &isNeedEncryptClassE, bool &isSupport, uint32_t status)
156 {
157     (void)isNeedEncryptClassE;
158     (void)status;
159     (void)isSupport;
160     LOGI("Unsupported fscrypt v2");
161     return true;
162 }
163 
DeleteClassEPinCode(uint32_t user)164 bool FscryptKeyV2::DeleteClassEPinCode(uint32_t user)
165 {
166     (void)user;
167     LOGI("Unsupported fscrypt v2");
168     return true;
169 }
170 
ChangePinCodeClassE(bool & isFbeSupport,uint32_t userId)171 bool FscryptKeyV2::ChangePinCodeClassE(bool &isFbeSupport, uint32_t userId)
172 {
173     (void)userId;
174     isFbeSupport = false;
175     LOGI("Unsupported fscrypt v2");
176     return true;
177 }
178 
DecryptClassE(const UserAuth & auth,bool & isSupport,bool & eBufferStatue,uint32_t user,bool needSyncCandidate)179 bool FscryptKeyV2::DecryptClassE(const UserAuth &auth, bool &isSupport,
180                                  bool &eBufferStatue, uint32_t user, bool needSyncCandidate)
181 {
182     (void)auth;
183     (void)user;
184     (void)needSyncCandidate;
185     isSupport = false;
186     eBufferStatue = false;
187     LOGI("Unsupported fscrypt v2");
188     return true;
189 }
190 
EncryptClassE(const UserAuth & auth,bool & isSupport,uint32_t user,uint32_t status)191 bool FscryptKeyV2::EncryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user, uint32_t status)
192 {
193     (void)auth;
194     (void)user;
195     (void)status;
196     isSupport = false;
197     LOGI("Unsupported fscrypt v2");
198     return true;
199 }
200 } // namespace StorageDaemon
201 } // namespace OHOS
202