1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H
16 #define OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H
17 #include <atomic>
18 
19 #include "kv_store_delegate_manager.h"
20 #include "kv_store_nb_delegate.h"
21 #include "task_executor.h"
22 #include "types.h"
23 #include "types_export.h"
24 namespace OHOS::DistributedKv {
25 class SecurityManager {
26 public:
27     struct DBPassword {
28         bool isKeyOutdated = false;
29         DistributedDB::CipherPassword password;
GetSizeOHOS::DistributedKv::SecurityManager::DBPassword30         size_t GetSize() const
31         {
32             return password.GetSize();
33         }
GetDataOHOS::DistributedKv::SecurityManager::DBPassword34         const uint8_t *GetData() const
35         {
36             return password.GetData();
37         }
SetValueOHOS::DistributedKv::SecurityManager::DBPassword38         int SetValue(const uint8_t *inputData, size_t inputSize)
39         {
40             return password.SetValue(inputData, inputSize);
41         }
IsValidOHOS::DistributedKv::SecurityManager::DBPassword42         bool IsValid()
43         {
44             return password.GetSize() != 0;
45         }
ClearOHOS::DistributedKv::SecurityManager::DBPassword46         int Clear()
47         {
48             return password.Clear();
49         }
50     };
51 
52     class KeyFiles {
53     public:
54         KeyFiles(const std::string &name, const std::string &path, bool openFile = true);
55         ~KeyFiles();
56         const std::string &GetKeyFilePath();
57         int32_t Lock();
58         int32_t UnLock();
59         int32_t DestroyLock();
60     private:
61         int32_t FileLock(int32_t lockType);
62         int32_t lockFd_ = -1;
63         std::string keyPath_;
64         std::string lockFile_;
65     };
66 
67     class KeyFilesAutoLock {
68     public:
69         explicit KeyFilesAutoLock(KeyFiles& keyFiles);
70         ~KeyFilesAutoLock();
71         KeyFilesAutoLock(const KeyFilesAutoLock&) = delete;
72         KeyFilesAutoLock& operator=(const KeyFilesAutoLock&) = delete;
73         int32_t UnLockAndDestroy();
74     private:
75         KeyFiles& keyFiles_;
76     };
77 
78     static SecurityManager &GetInstance();
79     DBPassword GetDBPassword(const std::string &name, const std::string &path, bool needCreate = false);
80     bool SaveDBPassword(const std::string &name, const std::string &path, const DistributedDB::CipherPassword &key);
81     void DelDBPassword(const std::string &name, const std::string &path);
82 
83 private:
84     static constexpr const char *ROOT_KEY_ALIAS = "distributeddb_client_root_key";
85     static constexpr const char *HKS_BLOB_TYPE_NONCE = "Z5s0Bo571KoqwIi6";
86     static constexpr const char *HKS_BLOB_TYPE_AAD = "distributeddata_client";
87     static constexpr const char *SUFFIX_KEY = ".key";
88     static constexpr const char *SUFFIX_KEY_LOCK = ".key_lock";
89     static constexpr const char *KEY_DIR = "/key";
90     static constexpr const char *SLASH = "/";
91     static constexpr int KEY_SIZE = 32;
92     static constexpr int HOURS_PER_YEAR = (24 * 365);
93 
94     SecurityManager();
95     ~SecurityManager();
96     std::vector<uint8_t> LoadKeyFromFile(const std::string &name, const std::string &path, bool &isOutdated);
97     bool SaveKeyToFile(const std::string &name, const std::string &path, std::vector<uint8_t> &key);
98     std::vector<uint8_t> Random(int32_t len);
99     bool IsKeyOutdated(const std::vector<uint8_t> &date);
100     int32_t GenerateRootKey();
101     int32_t CheckRootKey();
102     bool Retry();
103     std::vector<uint8_t> Encrypt(const std::vector<uint8_t> &key);
104     bool Decrypt(std::vector<uint8_t> &source, std::vector<uint8_t> &key);
105 
106     std::vector<uint8_t> vecRootKeyAlias_{};
107     std::vector<uint8_t> vecNonce_{};
108     std::vector<uint8_t> vecAad_{};
109     std::atomic_bool hasRootKey_ = false;
110 };
111 } // namespace OHOS::DistributedKv
112 #endif // OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H
113