1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H
16 #define OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H
17 #include <atomic>
18 
19 #include "kv_store_delegate_manager.h"
20 #include "kv_store_nb_delegate.h"
21 #include "task_executor.h"
22 #include "types.h"
23 #include "types_export.h"
24 namespace OHOS::DistributedKv {
25 class SecurityManager {
26 public:
27     struct DBPassword {
28         bool isKeyOutdated = false;
29         DistributedDB::CipherPassword password;
GetSizeDBPassword30         size_t GetSize() const
31         {
32             return password.GetSize();
33         }
GetDataDBPassword34         const uint8_t *GetData() const
35         {
36             return password.GetData();
37         }
SetValueDBPassword38         int SetValue(const uint8_t *inputData, size_t inputSize)
39         {
40             return password.SetValue(inputData, inputSize);
41         }
IsValidDBPassword42         bool IsValid()
43         {
44             return password.GetSize() != 0;
45         }
ClearDBPassword46         int Clear()
47         {
48             return password.Clear();
49         }
50     };
51 
52     static SecurityManager &GetInstance();
53     DBPassword GetDBPassword(const std::string &name, const std::string &path, bool needCreate = false);
54     bool SaveDBPassword(const std::string &name, const std::string &path, const DistributedDB::CipherPassword &key);
55     void DelDBPassword(const std::string &name, const std::string &path);
56 
57 private:
58     static constexpr const char *ROOT_KEY_ALIAS = "distributeddb_client_root_key";
59     static constexpr const char *HKS_BLOB_TYPE_NONCE = "Z5s0Bo571KoqwIi6";
60     static constexpr const char *HKS_BLOB_TYPE_AAD = "distributeddata_client";
61     static constexpr int KEY_SIZE = 32;
62     static constexpr int HOURS_PER_YEAR = (24 * 365);
63 
64     SecurityManager();
65     ~SecurityManager();
66     std::vector<uint8_t> LoadKeyFromFile(const std::string &name, const std::string &path, bool &isOutdated);
67     bool SaveKeyToFile(const std::string &name, const std::string &path, std::vector<uint8_t> &key);
68     std::vector<uint8_t> Random(int32_t len);
69     bool IsKeyOutdated(const std::vector<uint8_t> &date);
70     int32_t GenerateRootKey();
71     int32_t CheckRootKey();
72     bool Retry();
73     std::vector<uint8_t> Encrypt(const std::vector<uint8_t> &key);
74     bool Decrypt(std::vector<uint8_t> &source, std::vector<uint8_t> &key);
75 
76     std::vector<uint8_t> vecRootKeyAlias_{};
77     std::vector<uint8_t> vecNonce_{};
78     std::vector<uint8_t> vecAad_{};
79     std::atomic_bool hasRootKey_ = false;
80 };
81 } // namespace OHOS::DistributedKv
82 #endif // OHOS_DISTRIBUTED_DATA_FRAMEWORKS_KVDB_SECURITY_MANAGER_H
83