1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "fscrypt_key_v1.h"
17
18 #include <fcntl.h>
19 #include <openssl/sha.h>
20 #include <unistd.h>
21
22 #include "file_ex.h"
23 #include "key_backup.h"
24 #include "libfscrypt/key_control.h"
25 #include "storage_service_log.h"
26 #include "utils/file_utils.h"
27
28 namespace OHOS {
29 namespace StorageDaemon {
30 static const std::string CRYPTO_NAME_PREFIXES[] = {"ext4", "f2fs", "fscrypt"};
31
ActiveKey(uint32_t flag,const std::string & mnt)32 bool FscryptKeyV1::ActiveKey(uint32_t flag, const std::string &mnt)
33 {
34 uint32_t elType;
35 (void)mnt;
36 LOGI("enter");
37 if (!GenerateKeyDesc()) {
38 keyInfo_.key.Clear();
39 LOGE("GenerateKeyDesc failed");
40 return false;
41 }
42 LOGE("ActiveKey key is empty: %{public}u", keyInfo_.key.IsEmpty());
43 if (!fscryptV1Ext.ActiveKeyExt(flag, keyInfo_.key.data.get(), keyInfo_.key.size, elType)) {
44 keyInfo_.key.Clear();
45 LOGE("fscryptV1Ext ActiveKeyExtfailed");
46 return false;
47 }
48 if (elType == TYPE_EL3 || elType == TYPE_EL4) {
49 uint32_t sdpClass;
50 if (elType == TYPE_EL3) {
51 sdpClass = FSCRYPT_SDP_SECE_CLASS;
52 } else {
53 sdpClass = FSCRYPT_SDP_ECE_CLASS;
54 }
55 if (!InstallEceSeceKeyToKeyring(sdpClass)) {
56 keyInfo_.key.Clear();
57 LOGE("InstallEceSeceKeyToKeyring failed");
58 return false;
59 }
60 } else {
61 if (!InstallKeyToKeyring()) {
62 keyInfo_.key.Clear();
63 LOGE("InstallKeyToKeyring failed");
64 return false;
65 }
66 }
67 keyInfo_.key.Clear();
68 LOGI("success");
69 return true;
70 }
71
GenerateAppkey(uint32_t userId,uint32_t hashId,std::string & keyDesc)72 bool FscryptKeyV1::GenerateAppkey(uint32_t userId, uint32_t hashId, std::string &keyDesc)
73 {
74 KeyBlob appKey(FBEX_KEYID_SIZE);
75 if (!fscryptV1Ext.GenerateAppkey(userId, hashId, appKey.data, appKey.size)) {
76 LOGE("fscryptV1Ext GenerateAppkey failed");
77 return false;
78 }
79 // The ioctl does not support EL5, return empty character string
80 if (appKey.data.get() == nullptr) {
81 LOGE("appKey.data.get() is nullptr");
82 keyDesc = "";
83 return true;
84 }
85 if (!GenerateAppKeyDesc(appKey)) {
86 LOGE("GenerateAppKeyDesc failed");
87 return false;
88 }
89 if (!InstallKeyForAppKeyToKeyring(appKey)) {
90 LOGE("InstallKeyForAppKeyToKeyring failed");
91 return false;
92 }
93 appKey.Clear();
94 keyDesc = keyInfo_.keyDesc.ToString();
95 keyInfo_.keyDesc.Clear();
96 LOGI("success");
97 return true;
98 }
99
InstallKeyForAppKeyToKeyring(KeyBlob & appKey)100 bool FscryptKeyV1::InstallKeyForAppKeyToKeyring(KeyBlob &appKey)
101 {
102 LOGI("InstallKeyForAppKeyToKeyring enter");
103 EncryptAsdpKey fskey;
104 fskey.size = appKey.size;
105 fskey.version = 0;
106 auto err = memcpy_s(fskey.raw, FSCRYPT_MAX_KEY_SIZE, appKey.data.get(), appKey.size);
107 if (err != EOK) {
108 LOGE("memcpy failed ret %{public}d", err);
109 return false;
110 }
111 key_serial_t krid = KeyCtrlSearch(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
112 if (krid < 0) {
113 LOGI("no session keyring for fscrypt");
114 krid = KeyCtrlAddKey("keyring", "fscrypt", KEY_SPEC_SESSION_KEYRING);
115 if (krid < 0) {
116 LOGE("failed to add session keyring");
117 return false;
118 }
119 }
120 for (auto prefix : CRYPTO_NAME_PREFIXES) {
121 std::string keyref = prefix + ":" + keyInfo_.keyDesc.ToString();
122 key_serial_t ks =
123 KeyCtrlAddAppAsdpKey("logon", keyref.c_str(), &fskey, krid);
124 if (ks < 0) {
125 // Addkey failed, need to process the error
126 LOGE("Failed to AddKey into keyring, errno %{public}d", errno);
127 }
128 }
129 LOGI("success");
130 return true;
131 }
132
DeleteAppkey(const std::string KeyId)133 bool FscryptKeyV1::DeleteAppkey(const std::string KeyId)
134 {
135 LOGI("DeleteAppkey enter");
136 if (!UninstallKeyForAppKeyToKeyring(KeyId)) {
137 LOGE("FscryptKeyV1 Delete Appkey2 failed");
138 return false;
139 }
140 LOGI("success");
141 return true;
142 }
143
UninstallKeyForAppKeyToKeyring(const std::string keyId)144 bool FscryptKeyV1::UninstallKeyForAppKeyToKeyring(const std::string keyId)
145 {
146 LOGI("UninstallKeyForAppKeyToKeyring enter");
147 if (keyId.length() == 0) {
148 LOGE("keyId is null, does not need to be installed?");
149 return false;
150 }
151 key_serial_t krid = KeyCtrlSearch(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
152 if (krid == -1) {
153 LOGE("Error searching session keyring for fscrypt-provisioning key for fscrypt");
154 return false;
155 }
156 for (auto prefix : CRYPTO_NAME_PREFIXES) {
157 std::string keyref = prefix + ":" + keyId;
158 key_serial_t ks = KeyCtrlSearch(krid, "logon", keyref.c_str(), 0);
159 if (KeyCtrlUnlink(ks, krid) != 0) {
160 LOGE("Failed to unlink key !");
161 }
162 }
163 LOGI("success");
164 return true;
165 }
166
UnlockUserScreen(uint32_t flag,uint32_t sdpClass,const std::string & mnt)167 bool FscryptKeyV1::UnlockUserScreen(uint32_t flag, uint32_t sdpClass, const std::string &mnt)
168 {
169 (void)mnt;
170 LOGI("enter");
171 if (!GenerateKeyDesc()) {
172 keyInfo_.key.Clear();
173 LOGE("GenerateKeyDesc failed");
174 return false;
175 }
176 LOGI("keyInfo empty: %{public}u:", keyInfo_.key.IsEmpty());
177 if (!fscryptV1Ext.UnlockUserScreenExt(flag, keyInfo_.key.data.get(), keyInfo_.key.size)) {
178 keyInfo_.key.Clear();
179 LOGE("fscryptV1Ext UnlockUserScreenExtfailed");
180 return false;
181 }
182 if (sdpClass == FSCRYPT_SDP_ECE_CLASS) {
183 if (!InstallEceSeceKeyToKeyring(sdpClass)) {
184 keyInfo_.key.Clear();
185 LOGE("UnlockUserScreen InstallKeyToKeyring failed");
186 return false;
187 }
188 }
189 keyInfo_.key.Clear();
190 LOGI("success");
191 return true;
192 }
193
AddClassE(bool & isNeedEncryptClassE,bool & isSupport,uint32_t status)194 bool FscryptKeyV1::AddClassE(bool &isNeedEncryptClassE, bool &isSupport, uint32_t status)
195 {
196 LOGI("AddClassE enter");
197 if (!fscryptV1Ext.AddClassE(isNeedEncryptClassE, isSupport, status)) {
198 LOGE("fscryptV1Ext AddClassE failed");
199 return false;
200 }
201 LOGW("AddClassE finish");
202 return true;
203 }
204
DeleteClassEPinCode(uint32_t userId)205 bool FscryptKeyV1::DeleteClassEPinCode(uint32_t userId)
206 {
207 LOGI("DeleteClassE enter");
208 if (!fscryptV1Ext.DeleteClassEPinCode(userId)) {
209 LOGE("fscryptV1Ext DeleteClassE failed");
210 return false;
211 }
212 LOGW("DeleteClassE finish");
213 return true;
214 }
215
ChangePinCodeClassE(bool & isFbeSupport,uint32_t userId)216 bool FscryptKeyV1::ChangePinCodeClassE(bool &isFbeSupport, uint32_t userId)
217 {
218 LOGI("ChangePinCodeClassE enter, userId: %{public}d", userId);
219 if (!fscryptV1Ext.ChangePinCodeClassE(userId, isFbeSupport)) {
220 LOGE("fscryptV1Ext ChangePinCodeClassE failed");
221 return false;
222 }
223 LOGW("ChangePinCodeClassE finish");
224 return true;
225 }
226
DoDecryptClassE(const UserAuth & auth,KeyBlob & eSecretFBE,KeyBlob & decryptedKey,bool needSyncCandidate)227 bool FscryptKeyV1::DoDecryptClassE(const UserAuth &auth, KeyBlob &eSecretFBE, KeyBlob &decryptedKey,
228 bool needSyncCandidate)
229 {
230 LOGI("enter");
231 auto candidate = GetCandidateDir();
232 if (candidate.empty()) {
233 // no candidate dir, just restore from the latest
234 return KeyBackup::GetInstance().TryRestoreUeceKey(shared_from_this(), auth, eSecretFBE, decryptedKey) == 0;
235 }
236
237 if (DecryptKeyBlob(auth, candidate, eSecretFBE, decryptedKey)) {
238 //update the latest with the candidate
239 UpdateKey("", needSyncCandidate);
240 return true;
241 }
242
243 LOGE("DoRestoreKey with %{public}s failed", candidate.c_str());
244 // try to restore from other versions
245 std::vector<std::string> files;
246 GetSubDirs(dir_, files);
247 std::sort(files.begin(), files.end(), [&](const std::string &a, const std::string &b) {
248 if (a.length() != b.length() ||
249 a.length() < PATH_KEY_VERSION.length() ||
250 b.length() < PATH_KEY_VERSION.length()) {
251 return a.length() > b.length();
252 }
253 // make sure a.length() >= PATH_KEY_VERSION.length() && b.length() >= PATH_KEY_VERSION.length()
254 return std::stoi(a.substr(PATH_KEY_VERSION.size() - 1)) >std::stoi(b.substr(PATH_KEY_VERSION.size() - 1));
255 });
256 for (const auto &it: files) {
257 if (it != candidate) {
258 if (DecryptKeyBlob(auth, dir_ + "/" + it, eSecretFBE, decryptedKey)) {
259 UpdateKey(it, needSyncCandidate);
260 return true;
261 }
262 }
263 }
264 return false;
265 }
266
DecryptClassE(const UserAuth & auth,bool & isSupport,bool & eBufferStatue,uint32_t user,bool needSyncCandidate)267 bool FscryptKeyV1::DecryptClassE(const UserAuth &auth, bool &isSupport, bool &eBufferStatue,
268 uint32_t user, bool needSyncCandidate)
269 {
270 LOGI("enter");
271 KeyBlob eSecretFBE(AES_256_HASH_RANDOM_SIZE + GCM_MAC_BYTES + GCM_NONCE_BYTES);
272 bool isFbeSupport = true;
273 if (!fscryptV1Ext.ReadClassE(USER_UNLOCK, eSecretFBE.data, eSecretFBE.size, isFbeSupport)) {
274 LOGE("fscryptV1Ext ReadClassE failed");
275 return false;
276 }
277 if ((auth.token.IsEmpty() && auth.secret.IsEmpty()) || eSecretFBE.IsEmpty()) {
278 LOGE("Token and secret is invalid, do not deal.");
279 eBufferStatue = eSecretFBE.IsEmpty();
280 eSecretFBE.Clear();
281 return true;
282 }
283 if (!isFbeSupport) {
284 LOGE("fbe not support uece, skip!");
285 isSupport = false;
286 return true;
287 }
288 LOGI("Decrypt keyPath is %{public}s", (dir_ + PATH_LATEST).c_str());
289 KeyBlob decryptedKey(AES_256_HASH_RANDOM_SIZE);
290 if (!DoDecryptClassE(auth, eSecretFBE, decryptedKey, needSyncCandidate) != 0) {
291 LOGE("DecryptKeyBlob Decrypt failed");
292 eSecretFBE.Clear();
293 return false;
294 }
295 eSecretFBE.Clear();
296 LOGI("Decrypt end!");
297 if (!fscryptV1Ext.WriteClassE(USER_UNLOCK, decryptedKey.data.get(), decryptedKey.size)) {
298 LOGE("fscryptV1Ext WriteClassE failed");
299 return false;
300 }
301 decryptedKey.Clear();
302 LOGI("finish");
303 return true;
304 }
305
EncryptClassE(const UserAuth & auth,bool & isSupport,uint32_t user,uint32_t status)306 bool FscryptKeyV1::EncryptClassE(const UserAuth &auth, bool &isSupport, uint32_t user, uint32_t status)
307 {
308 LOGI("enter");
309 KeyBlob eSecretFBE(AES_256_HASH_RANDOM_SIZE);
310 bool isFbeSupport = true;
311 if (!fscryptV1Ext.ReadClassE(status, eSecretFBE.data, eSecretFBE.size, isFbeSupport)) {
312 LOGE("fscryptV1Ext ReadClassE failed");
313 return false;
314 }
315 if (!isFbeSupport) {
316 LOGE("fbe not support E type, skip!");
317 isSupport = false;
318 return true;
319 }
320 KeyBlob encryptedKey(AES_256_HASH_RANDOM_SIZE + GCM_MAC_BYTES + GCM_NONCE_BYTES);
321 if (!EncryptKeyBlob(auth, dir_ + PATH_LATEST, eSecretFBE, encryptedKey)) {
322 LOGE("EncryptKeyBlob Decrypt failed");
323 eSecretFBE.Clear();
324 return false;
325 }
326 eSecretFBE.Clear();
327 if (!RenameKeyPath(dir_ + PATH_LATEST)) {
328 LOGE("RenameKeyPath failed");
329 return false;
330 }
331 LOGI("encrypt end");
332 if (!fscryptV1Ext.WriteClassE(status, encryptedKey.data.get(), encryptedKey.size)) {
333 LOGE("fscryptV1Ext WriteClassE failed");
334 return false;
335 }
336 encryptedKey.Clear();
337 LOGI("finish");
338 return true;
339 }
340
InstallKeyToKeyring()341 bool FscryptKeyV1::InstallKeyToKeyring()
342 {
343 fscrypt_key fskey;
344 fskey.mode = FS_ENCRYPTION_MODE_AES_256_XTS;
345 fskey.size = keyInfo_.key.size;
346 auto err = memcpy_s(fskey.raw, FS_MAX_KEY_SIZE, keyInfo_.key.data.get(), keyInfo_.key.size);
347 if (err != EOK) {
348 LOGE("memcpy failed ret %{public}d", err);
349 return false;
350 }
351
352 key_serial_t krid = KeyCtrlSearch(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
353 if (krid == -1) {
354 LOGI("no session keyring for fscrypt");
355 krid = KeyCtrlAddKey("keyring", "fscrypt", KEY_SPEC_SESSION_KEYRING);
356 if (krid == -1) {
357 LOGE("failed to add session keyring");
358 return false;
359 }
360 }
361 for (auto prefix : CRYPTO_NAME_PREFIXES) {
362 std::string keyref = prefix + ":" + keyInfo_.keyDesc.ToString();
363 key_serial_t ks =
364 KeyCtrlAddKeyEx("logon", keyref.c_str(), &fskey, krid);
365 if (ks == -1) {
366 // Addkey failed, need to process the error
367 LOGE("Failed to AddKey into keyring, errno %{public}d", errno);
368 }
369 }
370 if (!SaveKeyBlob(keyInfo_.keyDesc, dir_ + PATH_KEYDESC)) {
371 return false;
372 }
373 keyInfo_.key.Clear();
374 LOGW("success");
375 return true;
376 }
377
InstallEceSeceKeyToKeyring(uint32_t sdpClass)378 bool FscryptKeyV1::InstallEceSeceKeyToKeyring(uint32_t sdpClass)
379 {
380 EncryptionKeySdp fskey;
381 if (keyInfo_.key.size != sizeof(fskey.raw)) {
382 LOGE("Wrong key size is %{public}d", keyInfo_.key.size);
383 return false;
384 }
385 fskey.mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
386 auto err = memcpy_s(fskey.raw, sizeof(fskey.raw), keyInfo_.key.data.get(), keyInfo_.key.size);
387 if (err != EOK) {
388 LOGE("memcpy failed ret %{public}d", err);
389 return false;
390 }
391 fskey.size = EXT4_AES_256_XTS_KEY_SIZE_TO_KEYRING;
392 fskey.sdpClass = sdpClass;
393 fskey.version = 0;
394 key_serial_t krid = KeyCtrlSearch(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
395 if (krid == -1) {
396 LOGI("no session keyring for fscrypt");
397 krid = KeyCtrlAddKey("keyring", "fscrypt", KEY_SPEC_SESSION_KEYRING);
398 if (krid == -1) {
399 LOGE("failed to add session keyring");
400 return false;
401 }
402 }
403 for (auto prefix : CRYPTO_NAME_PREFIXES) {
404 std::string keyref = prefix + ":" + keyInfo_.keyDesc.ToString();
405 key_serial_t ks =
406 KeyCtrlAddKeySdp("logon", keyref.c_str(), &fskey, krid);
407 if (ks == -1) {
408 // Addkey failed, need to process the error
409 LOGE("Failed to AddKey into keyring, errno %{public}d", errno);
410 }
411 }
412 if (!SaveKeyBlob(keyInfo_.keyDesc, dir_ + PATH_KEYDESC)) {
413 return false;
414 }
415 LOGW("success");
416 return true;
417 }
418
InactiveKey(uint32_t flag,const std::string & mnt)419 bool FscryptKeyV1::InactiveKey(uint32_t flag, const std::string &mnt)
420 {
421 (void)mnt;
422 LOGI("enter");
423 bool ret = true;
424
425 if (!keyInfo_.keyDesc.IsEmpty() && !UninstallKeyToKeyring()) {
426 LOGE("UninstallKeyToKeyring failed");
427 ret = false;
428 }
429 if (!fscryptV1Ext.InactiveKeyExt(flag)) {
430 LOGE("fscryptV1Ext InactiveKeyExt failed");
431 ret = false;
432 }
433 DropCachesIfNeed();
434 LOGI("finish");
435 return ret;
436 }
437
DropCachesIfNeed()438 void FscryptKeyV1::DropCachesIfNeed()
439 {
440 int fd = open(MNT_DATA.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC);
441 if (fd < 0 || syncfs(fd)) {
442 sync();
443 }
444 LOGI("drop cache start.");
445 if (!SaveStringToFile("/proc/sys/vm/drop_caches", "2")) {
446 LOGE("Failed to drop cache during key eviction");
447 }
448 (void)close(fd);
449 LOGI("drop cache success");
450 }
451
LockUserScreen(uint32_t flag,uint32_t sdpClass,const std::string & mnt)452 bool FscryptKeyV1::LockUserScreen(uint32_t flag, uint32_t sdpClass, const std::string &mnt)
453 {
454 uint32_t elType;
455 (void)mnt;
456 LOGI("enter");
457 bool ret = true;
458 if (!fscryptV1Ext.LockUserScreenExt(flag, elType)) {
459 LOGE("fscryptV1Ext InactiveKeyExt failed");
460 ret = false;
461 }
462 if (elType == TYPE_EL4) {
463 if (!UninstallKeyToKeyring()) {
464 LOGE("UninstallKeyToKeyring failed");
465 ret = false;
466 }
467 }
468 LOGI("finish");
469 return ret;
470 }
471
LockUece(bool & isFbeSupport)472 bool FscryptKeyV1::LockUece(bool &isFbeSupport)
473 {
474 LOGI("enter");
475 bool ret = true;
476 if (!fscryptV1Ext.LockUeceExt(isFbeSupport)) {
477 LOGE("fscryptV1Ext InactiveKeyExt failed");
478 ret = false;
479 }
480 LOGI("finish");
481 return ret;
482 }
483
UninstallKeyToKeyring()484 bool FscryptKeyV1::UninstallKeyToKeyring()
485 {
486 if (keyInfo_.keyDesc.IsEmpty()) {
487 LOGE("keyDesc is null, key not installed?");
488 return false;
489 }
490
491 key_serial_t krid = KeyCtrlSearch(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
492 if (krid == -1) {
493 LOGE("Error searching session keyring for fscrypt-provisioning key for fscrypt");
494 return false;
495 }
496 for (auto prefix : CRYPTO_NAME_PREFIXES) {
497 std::string keyref = prefix + ":" + keyInfo_.keyDesc.ToString();
498 key_serial_t ks = KeyCtrlSearch(krid, "logon", keyref.c_str(), 0);
499 if (KeyCtrlUnlink(ks, krid) != 0) {
500 LOGE("Failed to unlink key !");
501 }
502 }
503 LOGW("success");
504 return true;
505 }
506
GenerateKeyDesc()507 bool FscryptKeyV1::GenerateKeyDesc()
508 {
509 if (keyInfo_.key.IsEmpty()) {
510 LOGE("key is empty");
511 return false;
512 }
513 SHA512_CTX c;
514
515 SHA512_Init(&c);
516 SHA512_Update(&c, keyInfo_.key.data.get(), keyInfo_.key.size);
517 uint8_t keyRef1[SHA512_DIGEST_LENGTH] = { 0 };
518 SHA512_Final(keyRef1, &c);
519
520 SHA512_Init(&c);
521 SHA512_Update(&c, keyRef1, SHA512_DIGEST_LENGTH);
522 uint8_t keyRef2[SHA512_DIGEST_LENGTH] = { 0 };
523 SHA512_Final(keyRef2, &c);
524
525 static_assert(SHA512_DIGEST_LENGTH >= CRYPTO_KEY_DESC_SIZE, "Hash too short for descriptor");
526 keyInfo_.keyDesc.Alloc(CRYPTO_KEY_DESC_SIZE);
527 auto err = memcpy_s(keyInfo_.keyDesc.data.get(), keyInfo_.keyDesc.size, keyRef2, CRYPTO_KEY_DESC_SIZE);
528 if (err != EOK) {
529 LOGE("memcpy failed ret %{public}d", err);
530 return false;
531 }
532 return true;
533 }
534
GenerateAppKeyDesc(KeyBlob appKey)535 bool FscryptKeyV1::GenerateAppKeyDesc(KeyBlob appKey)
536 {
537 if (appKey.IsEmpty()) {
538 LOGE("key is empty");
539 return false;
540 }
541 SHA512_CTX c;
542 SHA512_Init(&c);
543 SHA512_Update(&c, appKey.data.get(), appKey.size - 1);
544 uint8_t keyRef1[SHA512_DIGEST_LENGTH] = { 0 };
545 SHA512_Final(keyRef1, &c);
546
547 SHA512_Init(&c);
548 SHA512_Update(&c, keyRef1, SHA512_DIGEST_LENGTH);
549 uint8_t keyRef2[SHA512_DIGEST_LENGTH] = { 0 };
550 SHA512_Final(keyRef2, &c);
551
552 static_assert(SHA512_DIGEST_LENGTH >= CRYPTO_KEY_DESC_SIZE, "Hash too short for descriptor");
553 keyInfo_.keyDesc.Alloc(CRYPTO_KEY_DESC_SIZE);
554 auto err = memcpy_s(keyInfo_.keyDesc.data.get(), keyInfo_.keyDesc.size, keyRef2, CRYPTO_KEY_DESC_SIZE);
555 if (err != EOK) {
556 LOGE("memcpy failed ret %{public}d", err);
557 return false;
558 }
559 LOGE("GenerateAppKeyDesc keyDesc : %{private}s", keyInfo_.keyDesc.ToString().c_str());
560 return true;
561 }
562 } // namespace StorageDaemon
563 } // namespace OHOS
564