From 3f9eb4baa3bf492daf01fc836f34c2b000235a86 Mon Sep 17 00:00:00 2001 From: ding_dong_dong Date: Mon, 9 Jun 2025 19:55:59 +0800 Subject: [PATCH] modify crypto Signed-off-by: ding_dong_dong --- .../app/src/kvstore_data_service.cpp | 47 +- .../unittest/kvstore_data_service_test.cpp | 7 +- .../include/metadata/secret_key_meta_data.h | 2 + .../metadata/secret_key_meta_data.cpp | 3 + .../service/backup/include/backup_manager.h | 3 +- .../service/backup/src/backup_manager.cpp | 47 +- .../service/crypto/include/crypto_manager.h | 87 ++-- .../service/crypto/src/crypto_manager.cpp | 185 ++++--- .../data_share/common/rdb_delegate.cpp | 14 +- .../service/kvdb/kvdb_general_store.cpp | 21 +- .../service/kvdb/kvdb_service_impl.cpp | 92 +++- .../service/kvdb/kvdb_service_impl.h | 4 + .../service/rdb/rdb_general_store.cpp | 29 +- .../service/rdb/rdb_general_store.h | 2 + .../service/rdb/rdb_service_impl.cpp | 139 +++--- .../service/rdb/rdb_service_impl.h | 12 +- .../service/test/BUILD.gn | 63 +++ .../test/backup_manager_service_test.cpp | 173 ++++++- .../service/test/crypto_manager_test.cpp | 453 +++++++++++------- .../service/test/kvdb_general_store_test.cpp | 90 +++- .../service/test/kvdb_service_impl_test.cpp | 23 - .../test/kvdb_service_password_test.cpp | 200 ++++++++ .../service/test/rdb_service_impl_test.cpp | 102 ++-- 23 files changed, 1212 insertions(+), 586 deletions(-) create mode 100644 services/distributeddataservice/service/test/kvdb_service_password_test.cpp diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index b598a653a..cfb5fdad6 100644 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -559,13 +559,14 @@ std::vector KvStoreDataService::ReEncryptKey(const std::string &key, Se if (!MetaDataManager::GetInstance().LoadMeta(key, secretKeyMeta, true)) { return {}; }; - std::vector password; - if (!CryptoManager::GetInstance().Decrypt(metaData, secretKeyMeta, password)) { + CryptoManager::CryptoParams decryptParams = { .area = secretKeyMeta.area, .userId = metaData.user, + .nonce = secretKeyMeta.nonce }; + auto password = CryptoManager::GetInstance().Decrypt(secretKeyMeta.sKey, decryptParams); + if (password.empty()) { return {}; - }; - + } auto cloneKeyAlias = std::vector(CLONE_KEY_ALIAS, CLONE_KEY_ALIAS + strlen(CLONE_KEY_ALIAS)); - CryptoManager::EncryptParams encryptParams = { .keyAlias = cloneKeyAlias, .nonce = iv }; + CryptoManager::CryptoParams encryptParams = { .keyAlias = cloneKeyAlias, .nonce = iv }; auto reEncryptedKey = CryptoManager::GetInstance().Encrypt(password, encryptParams); password.assign(password.size(), 0); if (reEncryptedKey.size() == 0) { @@ -681,32 +682,38 @@ bool KvStoreDataService::ParseSecretKeyFile(MessageParcel &data, SecretKeyBackup bool KvStoreDataService::RestoreSecretKey(const SecretKeyBackupData::BackupItem &item, const std::string &userId, const std::vector &iv) { - StoreMetaData metaData; - metaData.bundleName = item.bundleName; - metaData.storeId = item.dbName; - metaData.user = item.user == "0" ? "0" : userId; - metaData.instanceId = item.instanceId; auto sKey = DistributedData::Base64::Decode(item.sKey); - std::vector rawKey; - auto cloneKeyAlias = std::vector(CLONE_KEY_ALIAS, CLONE_KEY_ALIAS + strlen(CLONE_KEY_ALIAS)); - CryptoManager::EncryptParams encryptParams = { .keyAlias = cloneKeyAlias, .nonce = iv }; - if (!CryptoManager::GetInstance().Decrypt(sKey, rawKey, encryptParams)) { + CryptoManager::CryptoParams decryptParams = { .keyAlias = cloneKeyAlias, .nonce = iv }; + auto rawKey = CryptoManager::GetInstance().Decrypt(sKey, decryptParams); + if (rawKey.empty()) { ZLOGE("Decrypt failed, bundleName:%{public}s, storeName:%{public}s, storeType:%{public}d", item.bundleName.c_str(), Anonymous::Change(item.dbName).c_str(), item.storeType); sKey.assign(sKey.size(), 0); rawKey.assign(rawKey.size(), 0); return false; } + + StoreMetaData metaData; + metaData.bundleName = item.bundleName; + metaData.storeId = item.dbName; + metaData.user = item.user == "0" ? "0" : userId; + metaData.instanceId = item.instanceId; + SecretKeyMetaData secretKey; - secretKey.storeType = item.storeType; - if (item.area < 0) { - secretKey.sKey = CryptoManager::GetInstance().Encrypt(rawKey, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - } else { - secretKey.sKey = CryptoManager::GetInstance().Encrypt(rawKey, item.area, userId); - secretKey.area = item.area; + CryptoManager::CryptoParams encryptParams = { .area = item.area, .userId = metaData.user }; + secretKey.sKey = CryptoManager::GetInstance().Encrypt(rawKey, encryptParams); + if (secretKey.sKey.empty()) { + ZLOGE("Encrypt failed, bundleName:%{public}s, storeName:%{public}s, storeType:%{public}d", + item.bundleName.c_str(), Anonymous::Change(item.dbName).c_str(), item.storeType); + sKey.assign(sKey.size(), 0); + rawKey.assign(rawKey.size(), 0); } + secretKey.storeType = item.storeType; + secretKey.nonce = encryptParams.nonce; + secretKey.area = item.area; secretKey.time = { item.time.begin(), item.time.end() }; + sKey.assign(sKey.size(), 0); rawKey.assign(rawKey.size(), 0); return MetaDataManager::GetInstance().SaveMeta(metaData.GetCloneSecretKey(), secretKey, true); diff --git a/services/distributeddataservice/app/test/unittest/kvstore_data_service_test.cpp b/services/distributeddataservice/app/test/unittest/kvstore_data_service_test.cpp index 8e761fdcb..910f3f484 100644 --- a/services/distributeddataservice/app/test/unittest/kvstore_data_service_test.cpp +++ b/services/distributeddataservice/app/test/unittest/kvstore_data_service_test.cpp @@ -988,7 +988,7 @@ HWTEST_F(KvStoreDataServiceTest, OnExtensionBackup008, TestSize.Level0) { testMeta.bundleName = "com.example.restore_test"; testMeta.storeId = "Source"; testMeta.user = "100"; - testMeta.area = DEFAULT_ENCRYPTION_LEVEL; + testMeta.area = CryptoManager::Area::EL1; testMeta.instanceId = 0; testMeta.deviceId = DeviceManagerAdapter::GetInstance().GetLocalDevice().uuid; @@ -999,9 +999,12 @@ HWTEST_F(KvStoreDataServiceTest, OnExtensionBackup008, TestSize.Level0) { 131, 104, 141, 43, 96, 119, 214, 34, 177, 129, 233, 96, 98, 164, 87, 115, 187, 170}; SecretKeyMetaData testSecret; - testSecret.sKey = CryptoManager::GetInstance().Encrypt(sKey, testMeta.area, testMeta.user); + CryptoManager::CryptoParams encryptParams = { .area = testMeta.area }; + testSecret.sKey = CryptoManager::GetInstance().Encrypt(sKey, encryptParams); testSecret.storeType = 10; testSecret.time = std::vector{233, 39, 137, 103, 0, 0, 0, 0}; + testSecret.nonce = encryptParams.nonce; + testSecret.area = encryptParams.area; EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(testMeta.GetKey(), testMeta, true), true); EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(testMeta.GetSecretKey(), testSecret, true), true); diff --git a/services/distributeddataservice/framework/include/metadata/secret_key_meta_data.h b/services/distributeddataservice/framework/include/metadata/secret_key_meta_data.h index ed7537cd8..cb546472b 100644 --- a/services/distributeddataservice/framework/include/metadata/secret_key_meta_data.h +++ b/services/distributeddataservice/framework/include/metadata/secret_key_meta_data.h @@ -21,8 +21,10 @@ namespace DistributedData { struct API_EXPORT SecretKeyMetaData final : public Serializable { std::vector time {}; std::vector sKey {}; + std::vector nonce {}; int32_t storeType = 0; int32_t area = -1; + API_EXPORT SecretKeyMetaData(); API_EXPORT ~SecretKeyMetaData(); API_EXPORT bool Marshal(json &node) const override; diff --git a/services/distributeddataservice/framework/metadata/secret_key_meta_data.cpp b/services/distributeddataservice/framework/metadata/secret_key_meta_data.cpp index 168844c45..3af423fb1 100644 --- a/services/distributeddataservice/framework/metadata/secret_key_meta_data.cpp +++ b/services/distributeddataservice/framework/metadata/secret_key_meta_data.cpp @@ -24,12 +24,14 @@ SecretKeyMetaData::SecretKeyMetaData() SecretKeyMetaData::~SecretKeyMetaData() { sKey.assign(sKey.size(), 0); + nonce.assign(nonce.size(), 0); } bool SecretKeyMetaData::Marshal(json &node) const { SetValue(node[GET_NAME(time)], time); SetValue(node[GET_NAME(sKey)], sKey); + SetValue(node[GET_NAME(nonce)], nonce); SetValue(node[GET_NAME(storeType)], storeType); SetValue(node[GET_NAME(area)], area); return true; @@ -39,6 +41,7 @@ bool SecretKeyMetaData::Unmarshal(const json &node) { GetValue(node, GET_NAME(time), time); GetValue(node, GET_NAME(sKey), sKey); + GetValue(node, GET_NAME(nonce), nonce); GetValue(node, GET_NAME(storeType), storeType); GetValue(node, GET_NAME(area), area); return true; diff --git a/services/distributeddataservice/service/backup/include/backup_manager.h b/services/distributeddataservice/service/backup/include/backup_manager.h index 1d4c38e5d..cdd6f2308 100644 --- a/services/distributeddataservice/service/backup/include/backup_manager.h +++ b/services/distributeddataservice/service/backup/include/backup_manager.h @@ -20,6 +20,7 @@ #include "metadata/secret_key_meta_data.h" #include "metadata/store_meta_data.h" #include "types.h" + namespace OHOS::DistributedData { class BackupManager { public: @@ -40,7 +41,7 @@ public: void BackSchedule(std::shared_ptr executors); void SetBackupParam(const BackupParam &backupParam); void RegisterExporter(int32_t type, Exporter exporter); - bool GetPassWord(const StoreMetaData &meta, std::vector &password); + std::vector GetPassWord(const StoreMetaData &meta); private: BackupManager(); diff --git a/services/distributeddataservice/service/backup/src/backup_manager.cpp b/services/distributeddataservice/service/backup/src/backup_manager.cpp index bec2b5d13..7688f7ac1 100644 --- a/services/distributeddataservice/service/backup/src/backup_manager.cpp +++ b/services/distributeddataservice/service/backup/src/backup_manager.cpp @@ -130,30 +130,24 @@ void BackupManager::BackSchedule(std::shared_ptr executors) void BackupManager::DoBackup(const StoreMetaData &meta) { - bool result = false; - auto key = meta.GetSecretKey(); - auto backupKey = meta.GetBackupSecretKey(); - std::vector decryptKey; - SecretKeyMetaData secretKey; - if (MetaDataManager::GetInstance().LoadMeta(key, secretKey, true)) { - CryptoManager::GetInstance().Decrypt(meta, secretKey, decryptKey); - if (secretKey.area < 0) { - MetaDataManager::GetInstance().LoadMeta(key, secretKey, true); - } + if (exporters_[meta.storeType] == nullptr) { + return; } auto backupPath = DirectoryManager::GetInstance().GetStoreBackupPath(meta); std::string backupFullPath = backupPath + "/" + AUTO_BACKUP_NAME; - KeepData(backupFullPath); - if (exporters_[meta.storeType] != nullptr) { - exporters_[meta.storeType](meta, backupFullPath + BACKUP_TMP_POSTFIX, result); - } - if (result) { - SaveData(backupFullPath, backupKey, secretKey); - } else { + bool result = false; + exporters_[meta.storeType](meta, backupFullPath + BACKUP_TMP_POSTFIX, result); + if (!result) { CleanData(backupFullPath); + return; } - decryptKey.assign(decryptKey.size(), 0); + SecretKeyMetaData secretKey; + result = MetaDataManager::GetInstance().LoadMeta(meta.GetSecretKey(), secretKey, true); + if (meta.isEncrypt && !result) { + return; + } + SaveData(backupFullPath, meta.GetBackupSecretKey(), secretKey); } bool BackupManager::CanBackup() @@ -300,13 +294,22 @@ void BackupManager::CopyFile(const std::string &oldPath, const std::string &newP fout.close(); } -bool BackupManager::GetPassWord(const StoreMetaData &meta, std::vector &password) +std::vector BackupManager::GetPassWord(const StoreMetaData &meta) { SecretKeyMetaData secretKey; - if (!MetaDataManager::GetInstance().LoadMeta(meta.GetBackupSecretKey(), secretKey, true)) { - return false; + auto metaKey = meta.GetBackupSecretKey(); + if (!MetaDataManager::GetInstance().LoadMeta(metaKey, secretKey, true) || secretKey.sKey.empty()) { + return {}; + } + CryptoManager::CryptoParams decryptParams = { .area = secretKey.area, .userId = meta.user, + .nonce = secretKey.nonce }; + auto password = CryptoManager::GetInstance().Decrypt(secretKey.sKey, decryptParams); + if (password.empty()) { + return password; } - return CryptoManager::GetInstance().Decrypt(meta, secretKey, password); + // update secret key of area or nonce + CryptoManager::GetInstance().UpdateSecretMeta(password, meta, metaKey, secretKey); + return password; } bool BackupManager::IsFileExist(const std::string &path) diff --git a/services/distributeddataservice/service/crypto/include/crypto_manager.h b/services/distributeddataservice/service/crypto/include/crypto_manager.h index dca7f96da..ec2b8c2a3 100644 --- a/services/distributeddataservice/service/crypto/include/crypto_manager.h +++ b/services/distributeddataservice/service/crypto/include/crypto_manager.h @@ -23,80 +23,71 @@ #include "visibility.h" namespace OHOS::DistributedData { -static constexpr int32_t DEFAULT_ENCRYPTION_LEVEL = 1; -static constexpr const char *DEFAULT_USER = "0"; class API_EXPORT CryptoManager { public: + static constexpr const char *DEFAULT_USER = "0"; + enum SecretKeyType { LOCAL_SECRET_KEY, CLONE_SECRET_KEY, }; - struct ParamConfig { - std::vector nonce; - uint32_t purpose; - uint32_t storageLevel; - std::string userId; - }; - struct EncryptParams { - std::vector keyAlias; - std::vector nonce; - }; + enum Area : int32_t { EL0, EL1, EL2, EL3, EL4, - EL5 + EL5, }; - static CryptoManager &GetInstance(); - int32_t GenerateRootKey(); - int32_t CheckRootKey(); - std::vector Encrypt(const std::vector &key); - std::vector Encrypt(const std::vector &key, const EncryptParams &encryptParams); - std::vector Encrypt(const std::vector &key, int32_t area, const std::string &userId); - std::vector Encrypt(const std::vector &key, - int32_t area, const std::string &userId, const EncryptParams &encryptParams - ); - bool Decrypt(std::vector &source, std::vector &key, const EncryptParams &encryptParams); - bool Decrypt(std::vector &source, std::vector &key, int32_t area, const std::string &userId); - bool Decrypt(std::vector &source, std::vector &key, - int32_t area, const std::string &userId, const EncryptParams &encryptParams - ); - bool ImportKey(const std::vector &key, const std::vector &keyAlias); - bool DeleteKey(const std::vector &keyAlias); - bool UpdateSecretKey(const StoreMetaData &meta, const std::vector &password, - SecretKeyType secretKeyType = LOCAL_SECRET_KEY); - bool Decrypt(const StoreMetaData &meta, SecretKeyMetaData &secretKeyMeta, std::vector &key, - SecretKeyType secretKeyType = LOCAL_SECRET_KEY); enum ErrCode : int32_t { SUCCESS, NOT_EXIST, ERROR, }; + + struct CryptoParams { + int32_t area = Area::EL1; + std::string userId = DEFAULT_USER; + std::vector keyAlias; + std::vector nonce; + }; + + struct ParamConfig { + uint32_t purpose; + uint32_t storageLevel; + std::string userId; + std::vector nonce; + std::vector aadValue; + }; + + static CryptoManager &GetInstance(); + + int32_t GenerateRootKey(); + int32_t CheckRootKey(); + + std::vector Encrypt(const std::vector &password, CryptoParams &encryptParams); + std::vector Decrypt(const std::vector &source, CryptoParams &decryptParams); + void UpdateSecretMeta(const std::vector &password, const StoreMetaData &metaData, + const std::string &metaKey, SecretKeyMetaData &secretKey); + + bool ImportKey(const std::vector &key, const std::vector &keyAlias); + bool DeleteKey(const std::vector &keyAlias); + private: - static constexpr const char *ROOT_KEY_ALIAS = "distributed_db_root_key"; - static constexpr const char *HKS_BLOB_TYPE_NONCE = "Z5s0Bo571KoqwIi6"; - static constexpr const char *HKS_BLOB_TYPE_AAD = "distributeddata"; - static constexpr int KEY_SIZE = 32; - static constexpr int AES_256_NONCE_SIZE = 32; - static constexpr int HOURS_PER_YEAR = (24 * 365); + CryptoManager(); + ~CryptoManager(); + uint32_t GetStorageLevel(int32_t area); int32_t GenerateRootKey(uint32_t storageLevel, const std::string &userId); int32_t CheckRootKey(uint32_t storageLevel, const std::string &userId); - uint32_t GetStorageLevel(int32_t area); int32_t PrepareRootKey(uint32_t storageLevel, const std::string &userId); - std::vector EncryptInner(const std::vector &key, const SecretKeyType type, int32_t area, - const std::string &userId); - bool DecryptInner(std::vector &source, std::vector &key, int32_t area, - const std::string &userId, std::vector &keyAlias, std::vector &nonce); - CryptoManager(); + + std::mutex mutex_; std::vector vecRootKeyAlias_{}; std::vector vecNonce_{}; std::vector vecAad_{}; - ~CryptoManager(); - std::mutex mutex_; }; } // namespace OHOS::DistributedData -#endif // OHOS_DISTRIBUTED_DATA_SERVICES_SERVICE_CRYPTO_CRYPTO_MANAGER_H +#endif // OHOS_DISTRIBUTED_DATA_SERVICES_SERVICE_CRYPTO_CRYPTO_MANAGER_H \ No newline at end of file diff --git a/services/distributeddataservice/service/crypto/src/crypto_manager.cpp b/services/distributeddataservice/service/crypto/src/crypto_manager.cpp index da532fa9f..4db5b90d5 100644 --- a/services/distributeddataservice/service/crypto/src/crypto_manager.cpp +++ b/services/distributeddataservice/service/crypto/src/crypto_manager.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ #define LOG_TAG "CryptoManager" + #include "crypto_manager.h" #include @@ -23,7 +24,13 @@ #include "log_print.h" #include "metadata/meta_data_manager.h" #include "securec.h" + namespace OHOS::DistributedData { +static constexpr int32_t NONCE_SIZE = 12; +static constexpr const char *ROOT_KEY_ALIAS = "distributed_db_root_key"; +static constexpr const char *HKS_BLOB_TYPE_NONCE = "Z5s0Bo571KoqwIi6"; +static constexpr const char *HKS_BLOB_TYPE_AAD = "distributeddata"; + using system_clock = std::chrono::system_clock; CryptoManager::CryptoManager() @@ -51,10 +58,22 @@ struct HksParam aes256Param[] = { { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_NONE }, }; -bool AddHksParams(HksParamSet *params, const CryptoManager::ParamConfig ¶mConfig, - const std::vector &vecAad) +bool AddHksParams(HksParamSet *params, CryptoManager::ParamConfig ¶mConfig) { - struct HksBlob blobAad = { uint32_t(vecAad.size()), const_cast(vecAad.data()) }; + if (paramConfig.nonce.empty()) { + uint8_t nonce[NONCE_SIZE] = {0}; + struct HksBlob blobNonce = { .size = NONCE_SIZE, .data = nonce }; + auto result = HksGenerateRandom(nullptr, &blobNonce); + if (result != HKS_SUCCESS) { + ZLOGE("HksGenerateRandom failed with error %{public}d", result); + return false; + } + std::vector nonceContent(blobNonce.data, blobNonce.data + blobNonce.size); + paramConfig.nonce = nonceContent; + } + + struct HksBlob blobAad = { uint32_t(paramConfig.aadValue.size()), + const_cast(paramConfig.aadValue.data()) }; std::vector hksParam = { { .tag = HKS_TAG_PURPOSE, .uint32Param = paramConfig.purpose }, { .tag = HKS_TAG_NONCE, @@ -62,6 +81,7 @@ bool AddHksParams(HksParamSet *params, const CryptoManager::ParamConfig ¶mCo { .tag = HKS_TAG_ASSOCIATED_DATA, .blob = blobAad }, { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = paramConfig.storageLevel }, }; + if (paramConfig.storageLevel > HKS_AUTH_STORAGE_LEVEL_DE) { hksParam.emplace_back( HksParam { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = std::atoi(paramConfig.userId.c_str()) }); @@ -201,44 +221,30 @@ int32_t CryptoManager::PrepareRootKey(uint32_t storageLevel, const std::string & userId.c_str(), status); return status; } -std::vector CryptoManager::Encrypt(const std::vector &key, int32_t area, const std::string &userId) -{ - EncryptParams encryptParams = { .keyAlias = vecRootKeyAlias_, .nonce = vecNonce_ }; - return Encrypt(key, area, userId, encryptParams); -} - -std::vector CryptoManager::Encrypt(const std::vector &key) -{ - EncryptParams encryptParams = { .keyAlias = vecRootKeyAlias_, .nonce = vecNonce_ }; - return Encrypt(key, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER, encryptParams); -} -std::vector CryptoManager::Encrypt(const std::vector &key, const EncryptParams &encryptParams) +std::vector CryptoManager::Encrypt(const std::vector &password, CryptoParams &encryptParams) { - return Encrypt(key, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER, encryptParams); -} - -std::vector CryptoManager::Encrypt(const std::vector &key, int32_t area, const std::string &userId, - const EncryptParams &encryptParams) -{ - uint32_t storageLevel = GetStorageLevel(area); - if (PrepareRootKey(storageLevel, userId) != ErrCode::SUCCESS) { + encryptParams.area = encryptParams.area < 0 ? Area::EL1 : encryptParams.area; + uint32_t storageLevel = GetStorageLevel(encryptParams.area); + if (PrepareRootKey(storageLevel, encryptParams.userId) != ErrCode::SUCCESS) { return {}; } struct HksParamSet *params = nullptr; int32_t ret = HksInitParamSet(¶ms); if (ret != HKS_SUCCESS) { - ZLOGE("HksInitParamSet() failed with error %{public}d", ret); + ZLOGE("HksInitParamSet failed with error %{public}d", ret); return {}; } + ParamConfig paramConfig = { - .nonce = encryptParams.nonce, .purpose = HKS_KEY_PURPOSE_ENCRYPT, .storageLevel = storageLevel, - .userId = userId + .userId = encryptParams.userId, + .nonce = encryptParams.nonce, + .aadValue = vecAad_ }; - if (!AddHksParams(params, paramConfig, vecAad_)) { + if (!AddHksParams(params, paramConfig)) { return {}; } ret = HksBuildParamSet(¶ms); @@ -248,12 +254,14 @@ std::vector CryptoManager::Encrypt(const std::vector &key, int return {}; } + if (encryptParams.keyAlias.empty()) { + encryptParams.keyAlias = vecRootKeyAlias_; + } + struct HksBlob keyName = { uint32_t(encryptParams.keyAlias.size()), + const_cast(encryptParams.keyAlias.data())}; + struct HksBlob plainKey = { uint32_t(password.size()), const_cast(password.data()) }; uint8_t cipherBuf[256] = { 0 }; struct HksBlob cipherText = { sizeof(cipherBuf), cipherBuf }; - struct HksBlob keyName = { - uint32_t(encryptParams.keyAlias.size()), - const_cast(encryptParams.keyAlias.data())}; - struct HksBlob plainKey = { uint32_t(key.size()), const_cast(key.data()) }; ret = HksEncrypt(&keyName, params, &plainKey, &cipherText); (void)HksFreeParamSet(¶ms); if (ret != HKS_SUCCESS) { @@ -261,110 +269,83 @@ std::vector CryptoManager::Encrypt(const std::vector &key, int return {}; } + if (encryptParams.nonce.empty()) { + encryptParams.nonce = paramConfig.nonce; + } std::vector encryptedKey(cipherText.data, cipherText.data + cipherText.size); std::fill(cipherBuf, cipherBuf + sizeof(cipherBuf), 0); return encryptedKey; } -bool CryptoManager::UpdateSecretKey(const StoreMetaData &meta, const std::vector &key, - SecretKeyType secretKeyType) -{ - if (!meta.isEncrypt) { - return false; - } - SecretKeyMetaData secretKey; - EncryptParams encryptParams = { .keyAlias = vecRootKeyAlias_, .nonce = vecNonce_ }; - secretKey.storeType = meta.storeType; - secretKey.area = meta.area; - secretKey.sKey = Encrypt(key, meta.area, meta.user, encryptParams); - auto time = system_clock::to_time_t(system_clock::now()); - secretKey.time = { reinterpret_cast(&time), reinterpret_cast(&time) + sizeof(time) }; - if (secretKeyType == LOCAL_SECRET_KEY) { - return MetaDataManager::GetInstance().SaveMeta(meta.GetSecretKey(), secretKey, true); - } else { - return MetaDataManager::GetInstance().SaveMeta(meta.GetCloneSecretKey(), secretKey, true); - } -} - -bool CryptoManager::Decrypt(const StoreMetaData &meta, SecretKeyMetaData &secretKeyMeta, std::vector &key, - SecretKeyType secretKeyType) +std::vector CryptoManager::Decrypt(const std::vector &source, CryptoParams &decryptParams) { - EncryptParams encryptParams = { .keyAlias = vecRootKeyAlias_, .nonce = vecNonce_ }; - if (secretKeyMeta.area < 0) { - ZLOGI("Decrypt old secret key"); - if (Decrypt(secretKeyMeta.sKey, key, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER, encryptParams)) { - StoreMetaData metaData; - if (MetaDataManager::GetInstance().LoadMeta(meta.GetKey(), metaData, true)) { - ZLOGI("Upgrade secret key"); - UpdateSecretKey(metaData, key, secretKeyType); - } - return true; - } - } else { - return Decrypt(secretKeyMeta.sKey, key, secretKeyMeta.area, meta.user, encryptParams); + uint32_t storageLevel = GetStorageLevel(decryptParams.area); + if (PrepareRootKey(storageLevel, decryptParams.userId) != ErrCode::SUCCESS) { + return {}; } - return false; -} - -bool CryptoManager::Decrypt(std::vector &source, std::vector &key, int32_t area, - const std::string &userId) -{ - EncryptParams encryptParams = { .keyAlias = vecRootKeyAlias_, .nonce = vecNonce_ }; - return Decrypt(source, key, area, userId, encryptParams); -} - -bool CryptoManager::Decrypt(std::vector &source, std::vector &key, const EncryptParams &encryptParams) -{ - return Decrypt(source, key, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER, encryptParams); -} -bool CryptoManager::Decrypt(std::vector &source, std::vector &key, - int32_t area, const std::string &userId, const EncryptParams &encryptParams) -{ - uint32_t storageLevel = GetStorageLevel(area); - if (PrepareRootKey(storageLevel, userId) != ErrCode::SUCCESS) { - return false; - } struct HksParamSet *params = nullptr; int32_t ret = HksInitParamSet(¶ms); if (ret != HKS_SUCCESS) { - ZLOGE("HksInitParamSet() failed with error %{public}d", ret); - return false; + ZLOGE("HksInitParamSet failed with error %{public}d", ret); + return {}; } ParamConfig paramConfig = { - .nonce = encryptParams.nonce, .purpose = HKS_KEY_PURPOSE_DECRYPT, .storageLevel = storageLevel, - .userId = userId + .userId = decryptParams.userId, + .nonce = decryptParams.nonce.empty() ? vecNonce_ : decryptParams.nonce, + .aadValue = vecAad_ }; - if (!AddHksParams(params, paramConfig, vecAad_)) { - return false; + if (!AddHksParams(params, paramConfig)) { + return {}; } - ret = HksBuildParamSet(¶ms); if (ret != HKS_SUCCESS) { ZLOGE("HksBuildParamSet failed with error %{public}d", ret); HksFreeParamSet(¶ms); - return false; + return {}; } + if (decryptParams.keyAlias.empty()) { + decryptParams.keyAlias = vecRootKeyAlias_; + } + struct HksBlob keyName = { uint32_t(decryptParams.keyAlias.size()), + const_cast(decryptParams.keyAlias.data()) }; + struct HksBlob encryptedKeyBlob = { uint32_t(source.size()), const_cast(source.data()) }; uint8_t plainBuf[256] = { 0 }; struct HksBlob plainKeyBlob = { sizeof(plainBuf), plainBuf }; - struct HksBlob encryptedKeyBlob = { uint32_t(source.size()), source.data() }; - struct HksBlob keyName = { uint32_t(encryptParams.keyAlias.size()), - const_cast(encryptParams.keyAlias.data()) }; ret = HksDecrypt(&keyName, params, &encryptedKeyBlob, &plainKeyBlob); (void)HksFreeParamSet(¶ms); if (ret != HKS_SUCCESS) { ZLOGE("HksDecrypt failed with error %{public}d", ret); - return false; + return {}; } + std::vector password(plainKeyBlob.data, plainKeyBlob.data + plainKeyBlob.size); + return password; +} - key.assign(plainKeyBlob.data, plainKeyBlob.data + plainKeyBlob.size); - std::fill(plainBuf, plainBuf + sizeof(plainBuf), 0); - return true; +void CryptoManager::UpdateSecretMeta(const std::vector &password, const StoreMetaData &metaData, + const std::string &metaKey, SecretKeyMetaData &secretKey) +{ + if (password.empty() || (!secretKey.nonce.empty() && secretKey.area >= 0)) { + return; + } + CryptoParams encryptParams = { .area = metaData.area, .userId = metaData.user, + .nonce = secretKey.nonce }; + auto encryptKey = Encrypt(password, encryptParams); + if (encryptKey.empty()) { + return; + } + secretKey.sKey = encryptKey; + secretKey.nonce = encryptParams.nonce; + secretKey.area = metaData.area; + auto time = system_clock::to_time_t(system_clock::now()); + secretKey.time = { reinterpret_cast(&time), + reinterpret_cast(&time) + sizeof(time) }; + MetaDataManager::GetInstance().SaveMeta(metaKey, secretKey, true); } bool BuildImportKeyParams(struct HksParamSet *¶ms) diff --git a/services/distributeddataservice/service/data_share/common/rdb_delegate.cpp b/services/distributeddataservice/service/data_share/common/rdb_delegate.cpp index bb0fec829..ee27afe0c 100644 --- a/services/distributeddataservice/service/data_share/common/rdb_delegate.cpp +++ b/services/distributeddataservice/service/data_share/common/rdb_delegate.cpp @@ -82,13 +82,19 @@ std::pair RdbDelegate::GetConfig(const DistributedData::Sto config.SetBundleName(meta.bundleName); if (meta.isEncrypt) { DistributedData::SecretKeyMetaData secretKeyMeta; - if (!DistributedData::MetaDataManager::GetInstance().LoadMeta(meta.GetSecretKey(), secretKeyMeta, true)) { + auto metaKey = meta.GetSecretKey(); + if (!DistributedData::MetaDataManager::GetInstance().LoadMeta(metaKey, secretKeyMeta, true) || + secretKeyMeta.sKey.empty()) { return std::make_pair(E_DB_NOT_EXIST, config); } - std::vector decryptKey; - if (!DistributedData::CryptoManager::GetInstance().Decrypt(meta, secretKeyMeta, decryptKey)) { + DistributedData::CryptoManager::CryptoParams decryptParams = { .area = secretKeyMeta.area, + .userId = meta.user, .nonce = secretKeyMeta.nonce }; + auto decryptKey = DistributedData::CryptoManager::GetInstance().Decrypt(secretKeyMeta.sKey, decryptParams); + if (decryptKey.empty()) { return std::make_pair(E_ERROR, config); - }; + } + // update secret key of area or nonce + DistributedData::CryptoManager::GetInstance().UpdateSecretMeta(decryptKey, meta, metaKey, secretKeyMeta); config.SetEncryptKey(decryptKey); std::fill(decryptKey.begin(), decryptKey.end(), 0); } diff --git a/services/distributeddataservice/service/kvdb/kvdb_general_store.cpp b/services/distributeddataservice/service/kvdb/kvdb_general_store.cpp index b2fab36ce..a41c45c59 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_general_store.cpp +++ b/services/distributeddataservice/service/kvdb/kvdb_general_store.cpp @@ -98,21 +98,26 @@ static DBSchema GetDBSchema(const Database &database) } return schema; } + KVDBGeneralStore::DBPassword KVDBGeneralStore::GetDBPassword(const StoreMetaData &data) { DBPassword dbPassword; if (!data.isEncrypt) { return dbPassword; } - SecretKeyMetaData secretKey; - secretKey.storeType = data.storeType; - auto storeKey = data.GetSecretKey(); - MetaDataManager::GetInstance().LoadMeta(storeKey, secretKey, true); - std::vector password; - StoreMetaData metaData; - MetaDataManager::GetInstance().LoadMeta(data.GetKey(), metaData, true); - CryptoManager::GetInstance().Decrypt(metaData, secretKey, password); + auto metaKey = data.GetSecretKey(); + if (!MetaDataManager::GetInstance().LoadMeta(metaKey, secretKey, true) || secretKey.sKey.empty()) { + return dbPassword; + } + CryptoManager::CryptoParams decryptParams = { .area = secretKey.area, .userId = data.user, + .nonce = secretKey.nonce }; + auto password = CryptoManager::GetInstance().Decrypt(secretKey.sKey, decryptParams); + if (password.empty()) { + return dbPassword; + } + // update secret key of area or nonce + CryptoManager::GetInstance().UpdateSecretMeta(password, data, metaKey, secretKey); dbPassword.SetValue(password.data(), password.size()); password.assign(password.size(), 0); return dbPassword; diff --git a/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp b/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp index dca251452..5928b6c98 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp +++ b/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp @@ -27,7 +27,6 @@ #include "cloud/cloud_server.h" #include "communication_provider.h" #include "communicator_context.h" -#include "crypto_manager.h" #include "device_manager_adapter.h" #include "directory/directory_manager.h" #include "dump/dump_manager.h" @@ -606,34 +605,52 @@ Status KVDBServiceImpl::Unsubscribe(const AppId &appId, const StoreId &storeId, return SUCCESS; } +std::vector KVDBServiceImpl::LoadSecretKey(const StoreMetaData &metaData, + CryptoManager::SecretKeyType secretKeyType) +{ + SecretKeyMetaData secretKey; + std::string metaKey; + if (secretKeyType == CryptoManager::SecretKeyType::LOCAL_SECRET_KEY) { + metaKey = metaData.GetSecretKey(); + } else if (secretKeyType == CryptoManager::SecretKeyType::CLONE_SECRET_KEY) { + metaKey = metaData.GetCloneSecretKey(); + } + if (!MetaDataManager::GetInstance().LoadMeta(metaKey, secretKey, true) || secretKey.sKey.empty()) { + return {}; + } + CryptoManager::CryptoParams decryptParams = { .area = secretKey.area, .userId = metaData.user, + .nonce = secretKey.nonce }; + auto password = CryptoManager::GetInstance().Decrypt(secretKey.sKey, decryptParams); + if (password.empty()) { + return {}; + } + // update secret key of area or nonce + CryptoManager::GetInstance().UpdateSecretMeta(password, metaData, metaKey, secretKey); + return password; +} + Status KVDBServiceImpl::GetBackupPassword(const AppId &appId, const StoreId &storeId, int32_t subUser, std::vector> &passwords, int32_t passwordType) { StoreMetaData metaData = GetStoreMetaData(appId, storeId, subUser); if (passwordType == KVDBService::PasswordType::BACKUP_SECRET_KEY) { - std::vector backupPwd; - bool res = BackupManager::GetInstance().GetPassWord(metaData, backupPwd); - if (res) { - passwords.emplace_back(backupPwd); + auto backupPwd = BackupManager::GetInstance().GetPassWord(metaData); + if (backupPwd.empty()) { + return ERROR; } + passwords.emplace_back(backupPwd); backupPwd.assign(backupPwd.size(), 0); - return res ? SUCCESS : ERROR; + return SUCCESS; } if (passwordType == KVDBService::PasswordType::SECRET_KEY) { passwords.reserve(SECRET_KEY_COUNT); - SecretKeyMetaData secretKey; - std::vector password; - if (MetaDataManager::GetInstance().LoadMeta(metaData.GetSecretKey(), secretKey, true) && - CryptoManager::GetInstance().Decrypt(metaData, secretKey, password)) { + auto password = LoadSecretKey(metaData, CryptoManager::SecretKeyType::LOCAL_SECRET_KEY); + if (!password.empty()) { passwords.emplace_back(password); - password.assign(password.size(), 0); } - - std::vector clonePwd; - if (MetaDataManager::GetInstance().LoadMeta(metaData.GetCloneSecretKey(), secretKey, true) && - CryptoManager::GetInstance().Decrypt(metaData, secretKey, clonePwd, CryptoManager::CLONE_SECRET_KEY)) { - passwords.emplace_back(clonePwd); - clonePwd.assign(clonePwd.size(), 0); + auto clonePassword = LoadSecretKey(metaData, CryptoManager::SecretKeyType::CLONE_SECRET_KEY); + if (!clonePassword.empty()) { + passwords.emplace_back(clonePassword); } return passwords.size() > 0 ? SUCCESS : ERROR; } @@ -717,6 +734,35 @@ Status KVDBServiceImpl::BeforeCreate(const AppId &appId, const StoreId &storeId, return dbStatus == DBStatus::OK ? SUCCESS : DB_ERROR; } +void KVDBServiceImpl::SaveSecretKeyMeta(const StoreMetaData &metaData, const std::vector &password) +{ + CryptoManager::CryptoParams encryptParams = { .area = metaData.area, .userId = metaData.user }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(password, encryptParams); + if (!encryptKey.empty() && !encryptParams.nonce.empty()) { + SecretKeyMetaData secretKey; + secretKey.storeType = metaData.storeType; + secretKey.area = metaData.area; + secretKey.sKey = encryptKey; + secretKey.nonce = encryptParams.nonce; + auto time = system_clock::to_time_t(system_clock::now()); + secretKey.time = { reinterpret_cast(&time), reinterpret_cast(&time) + sizeof(time) }; + MetaDataManager::GetInstance().SaveMeta(metaData.GetSecretKey(), secretKey, true); + } + SecretKeyMetaData cloneKey; + auto metaKey = metaData.GetCloneSecretKey(); + // update clone secret key with area + if (MetaDataManager::GetInstance().LoadMeta(metaKey, cloneKey, true) && !cloneKey.sKey.empty() && + (cloneKey.nonce.empty() || cloneKey.area < 0)) { + CryptoManager::CryptoParams decryptParams = { .area = cloneKey.area, .userId = metaData.user, + .nonce = cloneKey.nonce }; + auto clonePassword = CryptoManager::GetInstance().Decrypt(cloneKey.sKey, decryptParams); + if (!clonePassword.empty()) { + CryptoManager::GetInstance().UpdateSecretMeta(clonePassword, metaData, metaKey, cloneKey); + } + clonePassword.assign(clonePassword.size(), 0); + } +} + Status KVDBServiceImpl::AfterCreate( const AppId &appId, const StoreId &storeId, const Options &options, const std::vector &password) { @@ -755,15 +801,9 @@ Status KVDBServiceImpl::AfterCreate( appIdMeta.appId = metaData.appId; MetaDataManager::GetInstance().SaveMeta(appIdMeta.GetKey(), appIdMeta, true); SaveLocalMetaData(options, metaData); - if (metaData.isEncrypt && CryptoManager::GetInstance().UpdateSecretKey(metaData, password)) { - SecretKeyMetaData secretKey; - if (MetaDataManager::GetInstance().LoadMeta(metaData.GetCloneSecretKey(), secretKey, true) && - secretKey.area < 0) { - std::vector clonePwd; - // Update the encryption method for the key - CryptoManager::GetInstance().Decrypt(metaData, secretKey, clonePwd, CryptoManager::CLONE_SECRET_KEY); - clonePwd.assign(clonePwd.size(), 0); - } + + if (metaData.isEncrypt && !password.empty()) { + SaveSecretKeyMeta(metaData, password); } ZLOGI("appId:%{public}s storeId:%{public}s instanceId:%{public}d type:%{public}d dir:%{public}s " "isCreated:%{public}d dataType:%{public}d", appId.appId.c_str(), Anonymous::Change(storeId.storeId).c_str(), diff --git a/services/distributeddataservice/service/kvdb/kvdb_service_impl.h b/services/distributeddataservice/service/kvdb/kvdb_service_impl.h index 4604f8b56..13c509a11 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_service_impl.h +++ b/services/distributeddataservice/service/kvdb/kvdb_service_impl.h @@ -19,6 +19,7 @@ #include #include "concurrent_map.h" +#include "crypto_manager.h" #include "device_matrix.h" #include "kv_store_delegate_manager.h" #include "kv_store_nb_delegate.h" @@ -95,6 +96,7 @@ private: using DBMode = DistributedDB::SyncMode; using Action = OHOS::DistributedData::MetaDataManager::Action; using GeneralError = DistributedData::GeneralError; + using CryptoManager = DistributedData::CryptoManager; enum SyncAction { ACTION_SYNC, ACTION_SUBSCRIBE, @@ -161,6 +163,8 @@ private: bool CompareTripleIdentifier(const std::string &accountId, const std::string &identifier, const StoreMetaData &storeMeta); std::string GenerateKey(const std::string &userId, const std::string &storeId) const; + std::vector LoadSecretKey(const StoreMetaData &metaData, CryptoManager::SecretKeyType secretKeyType); + void SaveSecretKeyMeta(const StoreMetaData &metaData, const std::vector &password); static Factory factory_; ConcurrentMap syncAgents_; std::shared_ptr executors_; diff --git a/services/distributeddataservice/service/rdb/rdb_general_store.cpp b/services/distributeddataservice/service/rdb/rdb_general_store.cpp index ba0299bdd..8a04ff213 100644 --- a/services/distributeddataservice/service/rdb/rdb_general_store.cpp +++ b/services/distributeddataservice/service/rdb/rdb_general_store.cpp @@ -154,6 +154,27 @@ RelationalStoreDelegate::Option GetOption(const StoreMetaData &meta) return option; } +RdbGeneralStore::DBPassword RdbGeneralStore::GetDBPassword(const StoreMetaData &data) +{ + DBPassword dbPassword; + SecretKeyMetaData secretKey; + auto metaKey = data.GetSecretKey(); + if (!MetaDataManager::GetInstance().LoadMeta(metaKey, secretKey, true) || secretKey.sKey.empty()) { + return dbPassword; + } + CryptoManager::CryptoParams decryptParams = { .area = secretKey.area, .userId = data.user, + .nonce = secretKey.nonce }; + auto password = CryptoManager::GetInstance().Decrypt(secretKey.sKey, decryptParams); + if (password.empty()) { + return dbPassword; + } + // update secret key of area or nonce + CryptoManager::GetInstance().UpdateSecretMeta(password, data, metaKey, secretKey); + dbPassword.SetValue(password.data(), password.size()); + password.assign(password.size(), 0); + return dbPassword; +} + RdbGeneralStore::RdbGeneralStore(const StoreMetaData &meta) : manager_(meta.appId, meta.user, meta.instanceId), tasks_(std::make_shared>()) { @@ -162,13 +183,7 @@ RdbGeneralStore::RdbGeneralStore(const StoreMetaData &meta) RelationalStoreDelegate::Option option = GetOption(meta); option.observer = &observer_; if (meta.isEncrypt) { - std::string key = meta.GetSecretKey(); - SecretKeyMetaData secretKeyMeta; - MetaDataManager::GetInstance().LoadMeta(key, secretKeyMeta, true); - std::vector decryptKey; - CryptoManager::GetInstance().Decrypt(meta, secretKeyMeta, decryptKey); - option.passwd.SetValue(decryptKey.data(), decryptKey.size()); - std::fill(decryptKey.begin(), decryptKey.end(), 0); + option.passwd = GetDBPassword(meta); option.isEncryptedDb = meta.isEncrypt; option.cipher = CipherType::AES_256_GCM; for (uint32_t i = 0; i < ITERS_COUNT; ++i) { diff --git a/services/distributeddataservice/service/rdb/rdb_general_store.h b/services/distributeddataservice/service/rdb/rdb_general_store.h index dd7c60f61..83fa63ac4 100644 --- a/services/distributeddataservice/service/rdb/rdb_general_store.h +++ b/services/distributeddataservice/service/rdb/rdb_general_store.h @@ -45,6 +45,7 @@ public: using Reference = DistributedData::Reference; using Snapshot = DistributedData::Snapshot; using BindAssets = DistributedData::BindAssets; + using DBPassword = DistributedDB::CipherPassword; explicit RdbGeneralStore(const StoreMetaData &meta); ~RdbGeneralStore(); @@ -159,6 +160,7 @@ private: std::pair DoCloudSync(const Devices &devices, const DistributedDB::Query &dbQuery, const DistributedData::SyncParam &syncParam, bool isPriority, DetailAsync async); void Report(const std::string &faultType, int32_t errCode, const std::string &appendix); + DBPassword GetDBPassword(const StoreMetaData &data); ObserverProxy observer_; RdbManager manager_; diff --git a/services/distributeddataservice/service/rdb/rdb_service_impl.cpp b/services/distributeddataservice/service/rdb/rdb_service_impl.cpp index 5ac01b1e6..f8066670d 100644 --- a/services/distributeddataservice/service/rdb/rdb_service_impl.cpp +++ b/services/distributeddataservice/service/rdb/rdb_service_impl.cpp @@ -26,7 +26,6 @@ #include "cloud/make_query_event.h" #include "cloud/schema_meta.h" #include "communicator/device_manager_adapter.h" -#include "crypto_manager.h" #include "device_matrix.h" #include "directory/directory_manager.h" #include "dump/dump_manager.h" @@ -71,8 +70,8 @@ using system_clock = std::chrono::system_clock; constexpr uint32_t ITERATE_TIMES = 10000; constexpr uint32_t ALLOW_ONLINE_AUTO_SYNC = 8; -const size_t KEY_COUNT = 2; constexpr int32_t VALID_PARAM_LENGTH = 2; +const size_t KEY_COUNT = 2; namespace OHOS::DistributedRdb { __attribute__((used)) RdbServiceImpl::Factory RdbServiceImpl::factory_; RdbServiceImpl::Factory::Factory() @@ -184,7 +183,6 @@ int32_t RdbServiceImpl::ResolveAutoLaunch(const std::string &identifier, Distrib if (entry.isEncrypt) { param.option.iterateTimes = ITERATE_TIMES; param.option.cipher = DistributedDB::CipherType::AES_256_GCM; - GetDBPassword(entry, param.option.passwd); } AutoCache::GetInstance().GetStore(entry, GetWatchers(entry.tokenId, entry.storeId)); return true; @@ -927,6 +925,35 @@ void RdbServiceImpl::SaveLaunchInfo(StoreMetaData &meta) } } +void RdbServiceImpl::SaveSecretKeyMeta(const StoreMetaData &metaData, const std::vector &password) +{ + CryptoManager::CryptoParams encryptParams = { .area = metaData.area, .userId = metaData.user }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(password, encryptParams); + if (!encryptKey.empty() && !encryptParams.nonce.empty()) { + SecretKeyMetaData secretKey; + secretKey.storeType = metaData.storeType; + secretKey.area = metaData.area; + secretKey.sKey = encryptKey; + secretKey.nonce = encryptParams.nonce; + auto time = system_clock::to_time_t(system_clock::now()); + secretKey.time = { reinterpret_cast(&time), reinterpret_cast(&time) + sizeof(time) }; + MetaDataManager::GetInstance().SaveMeta(metaData.GetSecretKey(), secretKey, true); + } + SecretKeyMetaData cloneKey; + auto metaKey = metaData.GetCloneSecretKey(); + // update clone secret key with area + if (MetaDataManager::GetInstance().LoadMeta(metaKey, cloneKey, true) && !cloneKey.sKey.empty() && + (cloneKey.nonce.empty() || cloneKey.area < 0)) { + CryptoManager::CryptoParams decryptParams = { .area = cloneKey.area, .userId = metaData.user, + .nonce = cloneKey.nonce }; + auto clonePassword = CryptoManager::GetInstance().Decrypt(cloneKey.sKey, decryptParams); + if (!clonePassword.empty()) { + CryptoManager::GetInstance().UpdateSecretMeta(clonePassword, metaData, metaKey, cloneKey); + } + clonePassword.assign(clonePassword.size(), 0); + } +} + int32_t RdbServiceImpl::AfterOpen(const RdbSyncerParam ¶m) { XCollie xcollie(__FUNCTION__, XCollie::XCOLLIE_LOG | XCollie::XCOLLIE_RECOVERY); @@ -961,12 +988,7 @@ int32_t RdbServiceImpl::AfterOpen(const RdbSyncerParam ¶m) } if (param.isEncrypt_ && !param.password_.empty()) { - if (SetSecretKey(param, meta) != RDB_OK) { - ZLOGE("Set secret key failed, bundle:%{public}s store:%{public}s", - meta.bundleName.c_str(), meta.GetStoreAlias().c_str()); - return RDB_ERROR; - } - UpgradeCloneSecretKey(meta); + SaveSecretKeyMeta(meta, param.password_); } GetSchema(param); return RDB_OK; @@ -1048,33 +1070,6 @@ StoreMetaData RdbServiceImpl::GetStoreMetaData(const RdbSyncerParam ¶m) return metaData; } -int32_t RdbServiceImpl::SetSecretKey(const RdbSyncerParam ¶m, const StoreMetaData &meta) -{ - SecretKeyMetaData newSecretKey; - newSecretKey.storeType = meta.storeType; - newSecretKey.area = meta.area; - newSecretKey.sKey = CryptoManager::GetInstance().Encrypt(param.password_, meta.area, meta.user); - if (newSecretKey.sKey.empty()) { - ZLOGE("encrypt work key error."); - return RDB_ERROR; - } - auto time = system_clock::to_time_t(system_clock::now()); - newSecretKey.time = { reinterpret_cast(&time), reinterpret_cast(&time) + sizeof(time) }; - return MetaDataManager::GetInstance().SaveMeta(meta.GetSecretKey(), newSecretKey, true) ? RDB_OK : RDB_ERROR; -} - -bool RdbServiceImpl::UpgradeCloneSecretKey(const StoreMetaData &meta) -{ - SecretKeyMetaData secretKey; - if (MetaDataManager::GetInstance().LoadMeta(meta.GetCloneSecretKey(), secretKey, true) && secretKey.area < 0) { - std::vector clonePwd; - // Update the encryption method for the key - CryptoManager::GetInstance().Decrypt(meta, secretKey, clonePwd, CryptoManager::CLONE_SECRET_KEY); - clonePwd.assign(clonePwd.size(), 0); - } - return true; -} - int32_t RdbServiceImpl::Upgrade(const RdbSyncerParam ¶m, const StoreMetaData &old) { if (old.storeType == RDB_DEVICE_COLLABORATION && old.version < StoreMetaData::UUID_CHANGED_TAG) { @@ -1104,26 +1099,6 @@ Details RdbServiceImpl::HandleGenDetails(const GenDetails &details) return dbDetails; } -bool RdbServiceImpl::GetDBPassword(const StoreMetaData &metaData, DistributedDB::CipherPassword &password) -{ - if (!metaData.isEncrypt) { - return true; - } - - std::string key = metaData.GetSecretKey(); - DistributedData::SecretKeyMetaData secretKeyMeta; - MetaDataManager::GetInstance().LoadMeta(key, secretKeyMeta, true); - std::vector decryptKey; - CryptoManager::GetInstance().Decrypt(metaData, secretKeyMeta, decryptKey); - if (password.SetValue(decryptKey.data(), decryptKey.size()) != DistributedDB::CipherPassword::OK) { - std::fill(decryptKey.begin(), decryptKey.end(), 0); - ZLOGE("Set secret key value failed. len is (%{public}d)", int32_t(decryptKey.size())); - return false; - } - std::fill(decryptKey.begin(), decryptKey.end(), 0); - return true; -} - std::string RdbServiceImpl::RemoveSuffix(const std::string& name) { std::string suffix(".db"); @@ -1545,6 +1520,30 @@ int32_t RdbServiceImpl::Enable(const RdbSyncerParam ¶m) return RDB_OK; } +std::vector RdbServiceImpl::LoadSecretKey(const StoreMetaData &metaData, + CryptoManager::SecretKeyType secretKeyType) +{ + SecretKeyMetaData secretKey; + std::string metaKey; + if (secretKeyType == CryptoManager::SecretKeyType::LOCAL_SECRET_KEY) { + metaKey = metaData.GetSecretKey(); + } else if (secretKeyType == CryptoManager::SecretKeyType::CLONE_SECRET_KEY) { + metaKey = metaData.GetCloneSecretKey(); + } + if (!MetaDataManager::GetInstance().LoadMeta(metaKey, secretKey, true) || secretKey.sKey.empty()) { + return {}; + } + CryptoManager::CryptoParams decryptParams = { .area = secretKey.area, .userId = metaData.user, + .nonce = secretKey.nonce }; + auto password = CryptoManager::GetInstance().Decrypt(secretKey.sKey, decryptParams); + if (password.empty()) { + return {}; + } + // update secret key of area or nonce + CryptoManager::GetInstance().UpdateSecretMeta(password, metaData, metaKey, secretKey); + return password; +} + int32_t RdbServiceImpl::GetPassword(const RdbSyncerParam ¶m, std::vector> &password) { if (!CheckParam(param) || !CheckAccess(param.bundleName_, param.storeName_)) { @@ -1552,29 +1551,17 @@ int32_t RdbServiceImpl::GetPassword(const RdbSyncerParam ¶m, std::vector 0 ? RDB_OK : RDB_ERROR; } StoreInfo RdbServiceImpl::GetStoreInfo(const RdbSyncerParam ¶m) diff --git a/services/distributeddataservice/service/rdb/rdb_service_impl.h b/services/distributeddataservice/service/rdb/rdb_service_impl.h index 096c58c21..a2be9b016 100644 --- a/services/distributeddataservice/service/rdb/rdb_service_impl.h +++ b/services/distributeddataservice/service/rdb/rdb_service_impl.h @@ -24,6 +24,7 @@ #include "commonevent/data_change_event.h" #include "commonevent/set_searchable_event.h" #include "concurrent_map.h" +#include "crypto_manager.h" #include "feature/static_acts.h" #include "metadata/secret_key_meta_data.h" #include "metadata/store_meta_data.h" @@ -127,6 +128,7 @@ private: using DBStatus = DistributedDB::DBStatus; using SyncResult = std::pair, std::map>; using AutoCache = DistributedData::AutoCache; + using CryptoManager = DistributedData::CryptoManager; struct SyncAgent { SyncAgent() = default; explicit SyncAgent(const std::string &bundleName); @@ -208,8 +210,6 @@ private: StoreMetaData GetStoreMetaData(const Database &dataBase); - int32_t SetSecretKey(const RdbSyncerParam ¶m, const StoreMetaData &meta); - int32_t Upgrade(const RdbSyncerParam ¶m, const StoreMetaData &old); std::pair> AllocResource( @@ -224,8 +224,6 @@ private: static std::pair GetInstIndexAndUser(uint32_t tokenId, const std::string &bundleName); static std::string GetSubUser(const int32_t subUser); - - static bool GetDBPassword(const StoreMetaData &metaData, DistributedDB::CipherPassword &password); static bool SaveAppIDMeta(const StoreMetaData &meta, const StoreMetaData &old); @@ -252,12 +250,14 @@ private: DistributedData::DataChangeEvent::EventInfo &eventInfo, const std::string &storeName); void UpdateMeta(const StoreMetaData &meta, const StoreMetaData &localMeta, AutoCache::Store store); - bool UpgradeCloneSecretKey(const StoreMetaData &meta); - bool TryUpdateDeviceId(const RdbSyncerParam ¶m, const StoreMetaData &oldMeta, StoreMetaData &meta); void SaveLaunchInfo(StoreMetaData &meta); + std::vector LoadSecretKey(const StoreMetaData &metaData, CryptoManager::SecretKeyType secretKeyType); + + void SaveSecretKeyMeta(const StoreMetaData &metaData, const std::vector &password); + static Factory factory_; ConcurrentMap syncAgents_; std::shared_ptr executors_; diff --git a/services/distributeddataservice/service/test/BUILD.gn b/services/distributeddataservice/service/test/BUILD.gn index 4e0f2fb2e..4d1b092c7 100644 --- a/services/distributeddataservice/service/test/BUILD.gn +++ b/services/distributeddataservice/service/test/BUILD.gn @@ -276,10 +276,12 @@ ohos_unittest("CryptoManagerTest") { "ability_base:base", "ability_base:want", "access_token:libaccesstoken_sdk", + "access_token:libtoken_setproc", "access_token:libnativetoken", "c_utils:utils", "googletest:gtest_main", "hilog:libhilog", + "huks:libhukssdk", "ipc:ipc_core", "kv_store:distributeddata_inner", ] @@ -1045,6 +1047,66 @@ ohos_unittest("DataShareServiceImplTest") { ] } +ohos_unittest("KvdbServicePasswordTest") { + module_out_path = module_output_path + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + blocklist = "${datamgr_service_path}/cfi_blocklist.txt" + } + sources = [ + "kvdb_service_password_test.cpp", + ] + + include_dirs = [ + "${data_service_path}/app/src", + "${data_service_path}/service/kvdb", + "${data_service_path}/adapter/include/account", + "${data_service_path}/framework/include", + "${data_service_path}/framework/include/cloud", + "${data_service_path}/framework/include/eventcenter", + "${data_service_path}/service/test/mock", + "${data_service_path}/adapter/include/communicator", + ] + + configs = [ ":module_private_config" ] + + cflags = [ + "-Dprivate=public", + "-Dprotected=public", + ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken_shared", + "access_token:libtoken_setproc", + "c_utils:utils", + "dataclassification:data_transit_mgr", + "device_auth:deviceauth_sdk", + "device_manager:devicemanagersdk", + "googletest:gmock_main", + "googletest:gtest_main", + "hilog:libhilog", + "hisysevent:libhisysevent", + "ipc:ipc_core", + "kv_store:distributeddata_inner", + "kv_store:distributeddata_mgr", + "kv_store:distributeddb", + "kv_store:kvdb_inner_lite", + "relational_store:native_rdb", + "safwk:system_ability_fwk", + ] + + deps = [ + "${data_service_path}/adapter/account:distributeddata_account", + "${data_service_path}/adapter/communicator:distributeddata_communicator", + "${data_service_path}/framework:distributeddatasvcfwk", + "${data_service_path}/service/kvdb:distributeddata_kvdb", + "mock:distributeddata_mock_static", + ] +} + ohos_unittest("KvdbServiceImplTest") { module_out_path = module_output_path sanitize = { @@ -1993,6 +2055,7 @@ group("unittest") { ":KVDBGeneralStoreAbnormalTest", ":KVDBGeneralStoreTest", ":KvdbServiceImplTest", + ":KvdbServicePasswordTest", ":QueryHelperUnitTest", ":UpgradeMockTest", ":UserDelegateMockTest", diff --git a/services/distributeddataservice/service/test/backup_manager_service_test.cpp b/services/distributeddataservice/service/test/backup_manager_service_test.cpp index 56a0f27e1..cccff99d0 100644 --- a/services/distributeddataservice/service/test/backup_manager_service_test.cpp +++ b/services/distributeddataservice/service/test/backup_manager_service_test.cpp @@ -23,6 +23,8 @@ #include "crypto_manager.h" #include "device_manager_adapter.h" #include "directory/directory_manager.h" +#include "file_ex.h" +#include "ipc_skeleton.h" #include "log_print.h" #include "metadata/meta_data_manager.h" #include "kvstore_meta_manager.h" @@ -33,10 +35,17 @@ using namespace std; using namespace OHOS::DistributedData; namespace OHOS::Test { namespace DistributedDataTest { +static constexpr int32_t LOOP_NUM = 2; static constexpr uint32_t SKEY_SIZE = 32; static constexpr int MICROSEC_TO_SEC_TEST = 1000; static constexpr const char *TEST_BACKUP_BUNDLE = "test_backup_bundleName"; static constexpr const char *TEST_BACKUP_STOREID = "test_backup_storeId"; +static constexpr const char *BASE_DIR = "/data/service/el1/public/database/test_backup_bundleName"; +static constexpr const char *DATA_DIR = "/data/service/el1/public/database/test_backup_bundleName/rdb"; +static constexpr const char *BACKUP_DIR = "/data/service/el1/public/database/test_backup_bundleName/rdb/backup"; +static constexpr const char *STORE_DIR = + "/data/service/el1/public/database/test_backup_bundleName/rdb/backup/test_backup_storeId"; +static constexpr const char *AUTO_BACKUP_NAME = "/autoBackup.bak"; class BackupManagerServiceTest : public testing::Test { public: class TestRule : public BackupRuleManager::BackupRule { @@ -57,10 +66,17 @@ public: void SetUp(); void TearDown(); static std::vector Random(uint32_t len); - void InitMetaData(); - StoreMetaData metaData_; + static void InitMetaData(); + static void Exporter(const StoreMetaData &meta, const std::string &backupPath, bool &result); + static void ConfigExport(bool flag); + + static StoreMetaData metaData_; + static bool isExport_; }; +StoreMetaData BackupManagerServiceTest::metaData_; +bool BackupManagerServiceTest::isExport_ = false; + void BackupManagerServiceTest::SetUpTestCase(void) { auto executors = std::make_shared(1, 0); @@ -71,6 +87,9 @@ void BackupManagerServiceTest::SetUpTestCase(void) DistributedKv::KvStoreMetaManager::GetInstance().BindExecutor(executors); DistributedKv::KvStoreMetaManager::GetInstance().InitMetaParameter(); DistributedKv::KvStoreMetaManager::GetInstance().InitMetaListener(); + InitMetaData(); + MetaDataManager::GetInstance().DelMeta(metaData_.GetSecretKey(), true); + MetaDataManager::GetInstance().DelMeta(metaData_.GetBackupSecretKey(), true); } void BackupManagerServiceTest::TearDownTestCase() @@ -94,10 +113,11 @@ void BackupManagerServiceTest::InitMetaData() metaData_.area = OHOS::DistributedKv::EL1; metaData_.instanceId = 0; metaData_.isAutoSync = true; - metaData_.storeType = DistributedKv::KvStoreType::SINGLE_VERSION; + metaData_.storeType = StoreMetaData::StoreType::STORE_KV_BEGIN; metaData_.storeId = TEST_BACKUP_STOREID; metaData_.dataDir = "/data/service/el1/public/database/" + std::string(TEST_BACKUP_BUNDLE) + "/kvdb"; metaData_.securityLevel = OHOS::DistributedKv::SecurityLevel::S2; + metaData_.tokenId = IPCSkeleton::GetSelfTokenID(); } std::vector BackupManagerServiceTest::Random(uint32_t len) @@ -111,6 +131,21 @@ std::vector BackupManagerServiceTest::Random(uint32_t len) return key; } +void BackupManagerServiceTest::ConfigExport(bool flag) +{ + isExport_ = flag; +} + +void BackupManagerServiceTest::Exporter(const StoreMetaData &meta, const std::string &backupPath, bool &result) +{ + (void)meta; + result = isExport_; + if (isExport_) { + std::vector content(TEST_BACKUP_BUNDLE, TEST_BACKUP_BUNDLE + std::strlen(TEST_BACKUP_BUNDLE)); + result = SaveBufferToFile(backupPath, content); + } +} + /** * @tc.name: Init * @tc.desc: Init testing exception branching scenarios. @@ -297,18 +332,134 @@ HWTEST_F(BackupManagerServiceTest, GetClearType002, TestSize.Level1) } /** -* @tc.name: GetPassWord -* @tc.desc: GetPassWord testing exception branching scenarios. +* @tc.name: GetPassWordTest001 +* @tc.desc: get password fail with exception branch * @tc.type: FUNC -* @tc.require: -* @tc.author: suoqilong */ -HWTEST_F(BackupManagerServiceTest, GetPassWord, TestSize.Level1) +HWTEST_F(BackupManagerServiceTest, GetPassWordTest001, TestSize.Level1) { StoreMetaData meta; - std::vector password; - bool status = BackupManager::GetInstance().GetPassWord(meta, password); - EXPECT_FALSE(status); + auto password = BackupManager::GetInstance().GetPassWord(meta); + ASSERT_TRUE(password.empty()); + + SecretKeyMetaData secretKey; + secretKey.area = metaData_.area; + secretKey.storeType = metaData_.storeType; + auto result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetBackupSecretKey(), secretKey, true); + ASSERT_TRUE(result); + password = BackupManager::GetInstance().GetPassWord(metaData_); + ASSERT_TRUE(password.empty()); + + auto key = Random(SKEY_SIZE); + ASSERT_FALSE(key.empty()); + secretKey.sKey = key; + secretKey.nonce = key; + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetBackupSecretKey(), secretKey, true); + ASSERT_TRUE(result); + password = BackupManager::GetInstance().GetPassWord(metaData_); + ASSERT_TRUE(password.empty()); + + MetaDataManager::GetInstance().DelMeta(metaData_.GetBackupSecretKey(), true); +} + +/** +* @tc.name: GetPassWordTest002 +* @tc.desc: get backup password success +* @tc.type: FUNC +*/ +HWTEST_F(BackupManagerServiceTest, GetPassWordTest002, TestSize.Level1) +{ + auto key = Random(SKEY_SIZE); + ASSERT_FALSE(key.empty()); + CryptoManager::CryptoParams encryptParams; + auto encryptKey = CryptoManager::GetInstance().Encrypt(key, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + + SecretKeyMetaData secretKey; + secretKey.area = encryptParams.area; + secretKey.storeType = metaData_.storeType; + secretKey.sKey = encryptKey; + secretKey.nonce = encryptParams.nonce; + auto result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetBackupSecretKey(), secretKey, true); + ASSERT_TRUE(result); + + for (int32_t index = 0; index < LOOP_NUM; ++index) { + auto password = BackupManager::GetInstance().GetPassWord(metaData_); + ASSERT_FALSE(password.empty()); + ASSERT_EQ(password.size(), key.size()); + for (size_t i = 0; i < key.size(); ++i) { + ASSERT_EQ(password[i], key[i]); + } + } + + MetaDataManager::GetInstance().DelMeta(metaData_.GetBackupSecretKey(), true); +} + +/** +* @tc.name: DoBackupTest001 +* @tc.desc: do backup with every condition +* @tc.type: FUNC +*/ +HWTEST_F(BackupManagerServiceTest, DoBackupTest001, TestSize.Level1) +{ + metaData_.storeType = StoreMetaData::StoreType::STORE_RELATIONAL_BEGIN; + mkdir(BASE_DIR, (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)); + mkdir(DATA_DIR, (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)); + mkdir(BACKUP_DIR, (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)); + mkdir(STORE_DIR, (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)); + + auto backupPath = DirectoryManager::GetInstance().GetStoreBackupPath(metaData_); + ASSERT_EQ(backupPath, STORE_DIR); + + std::string backupFilePath = backupPath + AUTO_BACKUP_NAME; + + std::shared_ptr testManager = std::make_shared(); + testManager->DoBackup(metaData_); + ASSERT_NE(access(backupFilePath.c_str(), F_OK), 0); + + testManager->RegisterExporter(metaData_.storeType, Exporter); + ConfigExport(false); + testManager->DoBackup(metaData_); + ASSERT_NE(access(backupFilePath.c_str(), F_OK), 0); + + ConfigExport(true); + metaData_.isEncrypt = false; + testManager->DoBackup(metaData_); + ASSERT_EQ(access(backupFilePath.c_str(), F_OK), 0); + (void)remove(backupFilePath.c_str()); + + MetaDataManager::GetInstance().DelMeta(metaData_.GetSecretKey(), true); + SecretKeyMetaData secretKey; + auto result = MetaDataManager::GetInstance().LoadMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_FALSE(result); + + metaData_.isEncrypt = true; + testManager->DoBackup(metaData_); + ASSERT_NE(access(backupFilePath.c_str(), F_OK), 0); + + SecretKeyMetaData backupSecretKey; + result = MetaDataManager::GetInstance().LoadMeta(metaData_.GetBackupSecretKey(), backupSecretKey, true); + ASSERT_FALSE(result); + + secretKey.area = metaData_.area; + secretKey.storeType = metaData_.storeType; + auto key = Random(SKEY_SIZE); + ASSERT_FALSE(key.empty()); + secretKey.sKey = key; + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_TRUE(result); + testManager->DoBackup(metaData_); + ASSERT_EQ(access(backupFilePath.c_str(), F_OK), 0); + result = MetaDataManager::GetInstance().LoadMeta(metaData_.GetBackupSecretKey(), backupSecretKey, true); + ASSERT_TRUE(result); + + MetaDataManager::GetInstance().DelMeta(metaData_.GetSecretKey(), true); + MetaDataManager::GetInstance().DelMeta(metaData_.GetBackupSecretKey(), true); + (void)remove(backupFilePath.c_str()); + (void)remove(STORE_DIR); + (void)remove(BACKUP_DIR); + (void)remove(DATA_DIR); + (void)remove(BASE_DIR); } /** diff --git a/services/distributeddataservice/service/test/crypto_manager_test.cpp b/services/distributeddataservice/service/test/crypto_manager_test.cpp index 4b42a2cb9..bda34eb8b 100644 --- a/services/distributeddataservice/service/test/crypto_manager_test.cpp +++ b/services/distributeddataservice/service/test/crypto_manager_test.cpp @@ -17,44 +17,92 @@ #include -#include "crypto_manager.h" #include "gtest/gtest.h" -#include "metadata/secret_key_meta_data.h" -#include "metadata/store_meta_data.h" -#include "types.h" + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "hks_api.h" +#include "hks_param.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +namespace OHOS::Test { using namespace testing::ext; using namespace OHOS::DistributedData; -namespace OHOS::Test { -namespace DistributedDataTest { +using namespace OHOS::Security::AccessToken; + +static constexpr int32_t KEY_LENGTH = 32; +static constexpr int32_t NONCE_SIZE = 12; +static constexpr int32_t INVALID_AREA = -1; +static constexpr int32_t TEST_USERID_NUM = 100; +static constexpr const char *TEST_USERID = "100"; +static constexpr const char *TEST_BUNDLE_NAME = "test_application"; +static constexpr const char *TEST_STORE_NAME = "test_store"; +static constexpr const char *ROOT_KEY_ALIAS = "distributed_db_root_key"; +static constexpr const char *PROCESS_NAME = "distributeddata"; + class CryptoManagerTest : public testing::Test { public: static void SetUpTestCase(void); static void TearDownTestCase(void); - void SetUp(){}; - void TearDown(){}; - static std::vector Random(uint32_t len); + void SetUp() {} + void TearDown() {} + + static void SetNativeTokenIdFromProcess(const std::string &process); + static std::vector Random(int32_t len); + static void DeleteRootKey(int32_t area); + static uint32_t GetStorageLevel(int32_t area); -protected: static std::vector randomKey; + static std::vector vecRootKeyAlias; + static std::vector nonce; }; -static const uint32_t KEY_LENGTH = 32; -static const uint32_t ENCRYPT_KEY_LENGTH = 48; -static constexpr int32_t EL2 = 2; -static constexpr int32_t EL4 = 4; -static constexpr const char *TEST_USERID = "100"; std::vector CryptoManagerTest::randomKey; +std::vector CryptoManagerTest::vecRootKeyAlias; +std::vector CryptoManagerTest::nonce; + +void CryptoManagerTest::SetNativeTokenIdFromProcess(const std::string &process) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.processName = process; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + size_t pos = dumpInfo.find("\"tokenID\": "); + if (pos == std::string::npos) { + return; + } + pos += std::string("\"tokenID\": ").length(); + std::string numStr; + while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) { + numStr += dumpInfo[pos]; + ++pos; + } + std::istringstream iss(numStr); + AccessTokenID tokenID; + iss >> tokenID; + SetSelfTokenID(tokenID); +} + void CryptoManagerTest::SetUpTestCase(void) { + SetNativeTokenIdFromProcess(PROCESS_NAME); + randomKey = Random(KEY_LENGTH); + vecRootKeyAlias = std::vector(ROOT_KEY_ALIAS, ROOT_KEY_ALIAS + strlen(ROOT_KEY_ALIAS)); + nonce = Random(NONCE_SIZE); } void CryptoManagerTest::TearDownTestCase(void) { randomKey.assign(randomKey.size(), 0); + nonce.assign(nonce.size(), 0); + DeleteRootKey(CryptoManager::Area::EL1); + DeleteRootKey(CryptoManager::Area::EL2); + DeleteRootKey(CryptoManager::Area::EL4); } -std::vector CryptoManagerTest::Random(uint32_t len) +std::vector CryptoManagerTest::Random(int32_t len) { std::random_device randomDevice; std::uniform_int_distribution distribution(0, std::numeric_limits::max()); @@ -65,235 +113,314 @@ std::vector CryptoManagerTest::Random(uint32_t len) return key; } -/** -* @tc.name: GenerateRootKey -* @tc.desc: generate the root key -* @tc.type: FUNC -* @tc.require: -* @tc.author: zuojiangjiang -*/ -HWTEST_F(CryptoManagerTest, GenerateRootKey, TestSize.Level0) +uint32_t CryptoManagerTest::GetStorageLevel(int32_t area) { - auto errCode = CryptoManager::GetInstance().GenerateRootKey(); - EXPECT_EQ(errCode, CryptoManager::ErrCode::SUCCESS); + if (area >= CryptoManager::Area::EL4 && area <= CryptoManager::Area::EL5) { + return HKS_AUTH_STORAGE_LEVEL_ECE; + } + if (area >= CryptoManager::Area::EL2 && area <= CryptoManager::Area::EL3) { + return HKS_AUTH_STORAGE_LEVEL_CE; + } + return HKS_AUTH_STORAGE_LEVEL_DE; +} + +void CryptoManagerTest::DeleteRootKey(int32_t area) +{ + struct HksParamSet *params = nullptr; + if (HksInitParamSet(¶ms) != HKS_SUCCESS) { + return; + } + auto storageLevel = GetStorageLevel(area); + std::vector hksParam = { + { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_AES }, + { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_AES_KEY_SIZE_256 }, + { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT }, + { .tag = HKS_TAG_DIGEST, .uint32Param = 0 }, + { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_NONE }, + { .tag = HKS_TAG_BLOCK_MODE, .uint32Param = HKS_MODE_GCM }, + { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = storageLevel }, + }; + if (storageLevel > HKS_AUTH_STORAGE_LEVEL_DE) { + hksParam.emplace_back(HksParam { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = TEST_USERID_NUM }); + } + if (HksAddParams(params, hksParam.data(), hksParam.size()) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + if (HksBuildParamSet(¶ms) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + struct HksBlob keyName = { uint32_t(vecRootKeyAlias.size()), const_cast(vecRootKeyAlias.data()) }; + (void)HksDeleteKey(&keyName, params); + HksFreeParamSet(¶ms); } /** -* @tc.name: CheckRootKey -* @tc.desc: check root key exist; +* @tc.name: GenerateRootKeyTest001 +* @tc.desc: generate the root key of DE * @tc.type: FUNC -* @tc.require: -* @tc.author: zuojiangjiang */ -HWTEST_F(CryptoManagerTest, CheckRootKey, TestSize.Level0) +HWTEST_F(CryptoManagerTest, GenerateRootKeyTest001, TestSize.Level0) { - auto errCode = CryptoManager::GetInstance().CheckRootKey(); + auto errCode = CryptoManager::GetInstance().GenerateRootKey(); EXPECT_EQ(errCode, CryptoManager::ErrCode::SUCCESS); + + errCode = CryptoManager::GetInstance().CheckRootKey(); + ASSERT_EQ(errCode, CryptoManager::ErrCode::SUCCESS); } /** -* @tc.name: Encrypt001 -* @tc.desc: encrypt random key; +* @tc.name: EncryptAndDecryptTest001 +* @tc.desc: encrypt random key and decrypt with EL1 * @tc.type: FUNC -* @tc.require: -* @tc.author: zuojiangjiang */ -HWTEST_F(CryptoManagerTest, Encrypt001, TestSize.Level0) +HWTEST_F(CryptoManagerTest, EncryptAndDecryptTest001, TestSize.Level0) { - auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - EXPECT_EQ(encryptKey.size(), ENCRYPT_KEY_LENGTH); - encryptKey.assign(encryptKey.size(), 0); + auto errCode = CryptoManager::GetInstance().GenerateRootKey(); + ASSERT_EQ(errCode, CryptoManager::ErrCode::SUCCESS); + CryptoManager::CryptoParams encryptParams = { .area = CryptoManager::Area::EL1, .userId = TEST_USERID }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + ASSERT_FALSE(encryptParams.nonce.empty()); + + CryptoManager::CryptoParams decryptParams = { .area = CryptoManager::Area::EL1, .userId = TEST_USERID, + .nonce = encryptParams.nonce }; + auto decryptKey = CryptoManager::GetInstance().Decrypt(encryptKey, decryptParams); + ASSERT_FALSE(decryptKey.empty()); + for (auto i = 0; i < KEY_LENGTH; ++i) { + ASSERT_EQ(decryptKey[i], randomKey[i]); + } + decryptKey.assign(encryptKey.size(), 0); } /** -* @tc.name: Encrypt002 -* @tc.desc: encrypt empty key; +* @tc.name: EncryptAndDecryptTest002 +* @tc.desc: encrypt random key and decrypt with EL2 * @tc.type: FUNC -* @tc.require: -* @tc.author: zuojiangjiang */ -HWTEST_F(CryptoManagerTest, Encrypt002, TestSize.Level0) +HWTEST_F(CryptoManagerTest, EncryptAndDecryptTest002, TestSize.Level0) { - auto encryptKey = CryptoManager::GetInstance().Encrypt({ }, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - EXPECT_TRUE(encryptKey.empty()); + CryptoManager::CryptoParams encryptParams = { .area = CryptoManager::Area::EL2, .userId = TEST_USERID }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + ASSERT_FALSE(encryptParams.nonce.empty()); + + CryptoManager::CryptoParams decryptParams = { .area = CryptoManager::Area::EL2, .userId = TEST_USERID, + .nonce = encryptParams.nonce }; + auto decryptKey = CryptoManager::GetInstance().Decrypt(encryptKey, decryptParams); + ASSERT_FALSE(decryptKey.empty()); + for (auto i = 0; i < KEY_LENGTH; ++i) { + ASSERT_EQ(decryptKey[i], randomKey[i]); + } + decryptKey.assign(encryptKey.size(), 0); } /** -* @tc.name: Encrypt003 -* @tc.desc: Check root key fail; +* @tc.name: EncryptAndDecryptTest003 +* @tc.desc: encrypt random key and decrypt with EL3 * @tc.type: FUNC -* @tc.require: -* @tc.author: yanhui */ -HWTEST_F(CryptoManagerTest, Encrypt003, TestSize.Level0) +HWTEST_F(CryptoManagerTest, EncryptAndDecryptTest003, TestSize.Level0) { - auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, EL2, DEFAULT_USER); - EXPECT_TRUE(encryptKey.empty()); - encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, EL4, DEFAULT_USER); - EXPECT_TRUE(encryptKey.empty()); - - encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, EL2, TEST_USERID); - // check interact across local accounts permission failed - EXPECT_TRUE(encryptKey.empty()); - encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, EL4, TEST_USERID); - // check interact across local accounts permission failed - EXPECT_TRUE(encryptKey.empty()); + CryptoManager::CryptoParams encryptParams = { .area = CryptoManager::Area::EL3, .userId = TEST_USERID }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + ASSERT_FALSE(encryptParams.nonce.empty()); + + CryptoManager::CryptoParams decryptParams = { .area = CryptoManager::Area::EL3, .userId = TEST_USERID, + .nonce = encryptParams.nonce }; + auto decryptKey = CryptoManager::GetInstance().Decrypt(encryptKey, decryptParams); + ASSERT_FALSE(decryptKey.empty()); + for (auto i = 0; i < KEY_LENGTH; ++i) { + ASSERT_EQ(decryptKey[i], randomKey[i]); + } + decryptKey.assign(encryptKey.size(), 0); } /** -* @tc.name: Encrypt004 -* @tc.desc: Encrypt clone key, but root key not imported; +* @tc.name: EncryptAndDecryptTest004 +* @tc.desc: encrypt random key and decrypt with EL4 * @tc.type: FUNC -* @tc.require: -* @tc.author: yanhui */ -HWTEST_F(CryptoManagerTest, Encrypt004, TestSize.Level0) +HWTEST_F(CryptoManagerTest, EncryptAndDecryptTest004, TestSize.Level0) { - const std::string str = "distributed_db_backup_key"; - auto cloneKey = std::vector(str.begin(), str.end()); - std::vector nonce{}; - CryptoManager::EncryptParams params = { .keyAlias = cloneKey, .nonce = nonce }; - auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, params); - EXPECT_TRUE(encryptKey.empty()); - std::vector key; - - auto result = CryptoManager::GetInstance().Decrypt(encryptKey, key, params); - ASSERT_FALSE(result); + CryptoManager::CryptoParams encryptParams = { .area = CryptoManager::Area::EL4, .userId = TEST_USERID }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + ASSERT_FALSE(encryptParams.nonce.empty()); + + CryptoManager::CryptoParams decryptParams = { .area = CryptoManager::Area::EL4, .userId = TEST_USERID, + .nonce = encryptParams.nonce }; + auto decryptKey = CryptoManager::GetInstance().Decrypt(encryptKey, decryptParams); + ASSERT_FALSE(decryptKey.empty()); + for (auto i = 0; i < KEY_LENGTH; ++i) { + ASSERT_EQ(decryptKey[i], randomKey[i]); + } + decryptKey.assign(encryptKey.size(), 0); } /** -* @tc.name: DecryptKey001 -* @tc.desc: decrypt the encrypt key; +* @tc.name: EncryptAndDecryptTest005 +* @tc.desc: encrypt random key and decrypt with INVALID_AREA * @tc.type: FUNC -* @tc.require: -* @tc.author: zuojiangjiang */ -HWTEST_F(CryptoManagerTest, DecryptKey001, TestSize.Level0) +HWTEST_F(CryptoManagerTest, EncryptAndDecryptTest005, TestSize.Level0) { - auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - std::vector key; - auto result = CryptoManager::GetInstance().Decrypt(encryptKey, key, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - EXPECT_TRUE(result); - EXPECT_EQ(key.size(), KEY_LENGTH); - encryptKey.assign(encryptKey.size(), 0); + CryptoManager::CryptoParams encryptParams = { .area = INVALID_AREA, .userId = TEST_USERID }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + ASSERT_FALSE(encryptParams.nonce.empty()); + + CryptoManager::CryptoParams decryptParams = { .area = encryptParams.area, .userId = TEST_USERID, + .nonce = encryptParams.nonce }; + auto decryptKey = CryptoManager::GetInstance().Decrypt(encryptKey, decryptParams); + ASSERT_FALSE(decryptKey.empty()); + for (auto i = 0; i < KEY_LENGTH; ++i) { + ASSERT_EQ(decryptKey[i], randomKey[i]); + } + decryptKey.assign(encryptKey.size(), 0); } /** -* @tc.name: DecryptKey002 -* @tc.desc: decrypt the key, the source key is not encrypt; +* @tc.name: EncryptAndDecryptTest006 +* @tc.desc: encrypt random key and decrypt with EL1 and key alias * @tc.type: FUNC -* @tc.require: -* @tc.author: zuojiangjiang */ -HWTEST_F(CryptoManagerTest, DecryptKey002, TestSize.Level0) +HWTEST_F(CryptoManagerTest, EncryptAndDecryptTest006, TestSize.Level0) { - std::vector key; - auto result = CryptoManager::GetInstance().Decrypt(randomKey, key, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - EXPECT_FALSE(result); - EXPECT_TRUE(key.empty()); + CryptoManager::CryptoParams encryptParams = { .area = CryptoManager::Area::EL1, .userId = TEST_USERID, + .keyAlias = vecRootKeyAlias }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + ASSERT_FALSE(encryptParams.nonce.empty()); + + CryptoManager::CryptoParams decryptParams = { .area = encryptParams.area, .userId = TEST_USERID, + .keyAlias = vecRootKeyAlias, .nonce = encryptParams.nonce }; + auto decryptKey = CryptoManager::GetInstance().Decrypt(encryptKey, decryptParams); + ASSERT_FALSE(decryptKey.empty()); + for (auto i = 0; i < KEY_LENGTH; ++i) { + ASSERT_EQ(decryptKey[i], randomKey[i]); + } + decryptKey.assign(encryptKey.size(), 0); } /** -* @tc.name: DecryptKey003 -* @tc.desc: decrypt the key, the source key is empty; +* @tc.name: EncryptAndDecryptTest007 +* @tc.desc: encrypt random key and decrypt with EL1 and nonce value * @tc.type: FUNC -* @tc.require: -* @tc.author: zuojiangjiang */ -HWTEST_F(CryptoManagerTest, DecryptKey003, TestSize.Level0) +HWTEST_F(CryptoManagerTest, EncryptAndDecryptTest007, TestSize.Level0) { - std::vector srcKey {}; - std::vector key; - auto result = CryptoManager::GetInstance().Decrypt(srcKey, key, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - EXPECT_FALSE(result); - EXPECT_TRUE(key.empty()); + CryptoManager::CryptoParams encryptParams = { .area = CryptoManager::Area::EL1, .userId = TEST_USERID, + .nonce = nonce }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + + CryptoManager::CryptoParams decryptParams = { .area = encryptParams.area, .userId = TEST_USERID, + .keyAlias = vecRootKeyAlias, .nonce = encryptParams.nonce }; + auto decryptKey = CryptoManager::GetInstance().Decrypt(encryptKey, decryptParams); + ASSERT_FALSE(decryptKey.empty()); + for (auto i = 0; i < KEY_LENGTH; ++i) { + ASSERT_EQ(decryptKey[i], randomKey[i]); + } + decryptKey.assign(encryptKey.size(), 0); } /** -* @tc.name: DecryptKey004 -* @tc.desc: Check root key fail; +* @tc.name: UpdateSecretMetaTest001 +* @tc.desc: update meta with invalid params * @tc.type: FUNC -* @tc.require: -* @tc.author: yanhui */ -HWTEST_F(CryptoManagerTest, DecryptKey004, TestSize.Level0) +HWTEST_F(CryptoManagerTest, UpdateSecretMetaTest001, TestSize.Level0) { - std::vector key; - auto result = CryptoManager::GetInstance().Decrypt(randomKey, key, EL2, DEFAULT_USER); - EXPECT_FALSE(result); - EXPECT_TRUE(key.empty()); - result = CryptoManager::GetInstance().Decrypt(randomKey, key, EL4, DEFAULT_USER); - EXPECT_FALSE(result); - EXPECT_TRUE(key.empty()); + std::vector password; + StoreMetaData metaData; + SecretKeyMetaData secretKey; + CryptoManager::GetInstance().UpdateSecretMeta(password, metaData, "", secretKey); + ASSERT_TRUE(secretKey.sKey.empty()); + + secretKey.nonce = nonce; + secretKey.area = CryptoManager::Area::EL1; + CryptoManager::GetInstance().UpdateSecretMeta(randomKey, metaData, "", secretKey); + ASSERT_TRUE(secretKey.sKey.empty()); } /** -* @tc.name: Decrypt001 -* @tc.desc: SecretKeyMetaData is old. +* @tc.name: UpdateSecretMetaTest002 +* @tc.desc: update meta with area EL1 * @tc.type: FUNC -* @tc.require: -* @tc.author: yanhui */ -HWTEST_F(CryptoManagerTest, Decrypt001, TestSize.Level0) +HWTEST_F(CryptoManagerTest, UpdateSecretMetaTest002, TestSize.Level0) { - SecretKeyMetaData secretKeyMeta; + auto errCode = CryptoManager::GetInstance().GenerateRootKey(); + ASSERT_EQ(errCode, CryptoManager::ErrCode::SUCCESS); + SecretKeyMetaData secretKey; StoreMetaData metaData; - std::vector key; - secretKeyMeta.sKey = CryptoManager::GetInstance().Encrypt(randomKey, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - auto result = CryptoManager::GetInstance().Decrypt(metaData, secretKeyMeta, key); - EXPECT_TRUE(result); + metaData.bundleName = TEST_BUNDLE_NAME; + metaData.storeId = TEST_STORE_NAME; + metaData.user = TEST_USERID; + metaData.area = CryptoManager::Area::EL1; + CryptoManager::GetInstance().UpdateSecretMeta(randomKey, metaData, metaData.GetSecretKey(), secretKey); + ASSERT_FALSE(secretKey.sKey.empty()); + ASSERT_FALSE(secretKey.nonce.empty()); + ASSERT_EQ(secretKey.area, metaData.area); } /** -* @tc.name: Decrypt002 -* @tc.desc: SecretKeyMetaData is new. +* @tc.name: UpdateSecretMetaTest003 +* @tc.desc: update meta with area EL2 * @tc.type: FUNC -* @tc.require: -* @tc.author: yanhui */ -HWTEST_F(CryptoManagerTest, Decrypt002, TestSize.Level0) +HWTEST_F(CryptoManagerTest, UpdateSecretMetaTest003, TestSize.Level0) { - SecretKeyMetaData secretKeyMeta; - secretKeyMeta.area = 1; + SecretKeyMetaData secretKey; StoreMetaData metaData; - std::vector key; - secretKeyMeta.sKey = CryptoManager::GetInstance().Encrypt(randomKey, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - auto result = CryptoManager::GetInstance().Decrypt(metaData, secretKeyMeta, key); - EXPECT_TRUE(result); - for (int8_t i = 0; i < randomKey.size(); i++) { - EXPECT_EQ(randomKey[i], key[i]); - } + metaData.bundleName = TEST_BUNDLE_NAME; + metaData.storeId = TEST_STORE_NAME; + metaData.user = TEST_USERID; + metaData.area = CryptoManager::Area::EL2; + CryptoManager::GetInstance().UpdateSecretMeta(randomKey, metaData, metaData.GetSecretKey(), secretKey); + ASSERT_FALSE(secretKey.sKey.empty()); + ASSERT_FALSE(secretKey.nonce.empty()); + ASSERT_EQ(secretKey.area, metaData.area); } /** -* @tc.name: UpdatePassword001 -* @tc.desc: The data is unencrypted. +* @tc.name: UpdateSecretMetaTest004 +* @tc.desc: update meta with area EL3 * @tc.type: FUNC -* @tc.require: -* @tc.author: yanhui */ -HWTEST_F(CryptoManagerTest, UpdatePassword001, TestSize.Level0) +HWTEST_F(CryptoManagerTest, UpdateSecretMetaTest004, TestSize.Level0) { + SecretKeyMetaData secretKey; StoreMetaData metaData; - std::vector key; - EXPECT_FALSE(CryptoManager::GetInstance().UpdateSecretKey(metaData, key)); + metaData.bundleName = TEST_BUNDLE_NAME; + metaData.storeId = TEST_STORE_NAME; + metaData.user = TEST_USERID; + metaData.area = CryptoManager::Area::EL3; + CryptoManager::GetInstance().UpdateSecretMeta(randomKey, metaData, metaData.GetSecretKey(), secretKey); + ASSERT_FALSE(secretKey.sKey.empty()); + ASSERT_FALSE(secretKey.nonce.empty()); + ASSERT_EQ(secretKey.area, metaData.area); } /** -* @tc.name: UpdatePassword002 -* @tc.desc: The data is encrypted. +* @tc.name: UpdateSecretMetaTest005 +* @tc.desc: update meta with area EL4 * @tc.type: FUNC -* @tc.require: -* @tc.author: yanhui */ -HWTEST_F(CryptoManagerTest, UpdatePassword002, TestSize.Level0) +HWTEST_F(CryptoManagerTest, UpdateSecretMetaTest005, TestSize.Level0) { + SecretKeyMetaData secretKey; StoreMetaData metaData; - metaData.isEncrypt = true; - metaData.area = DEFAULT_ENCRYPTION_LEVEL; - // MetaDataManager not initialized - EXPECT_FALSE(CryptoManager::GetInstance().UpdateSecretKey(metaData, randomKey)); - EXPECT_FALSE(CryptoManager::GetInstance().UpdateSecretKey(metaData, randomKey, CryptoManager::CLONE_SECRET_KEY)); + metaData.bundleName = TEST_BUNDLE_NAME; + metaData.storeId = TEST_STORE_NAME; + metaData.user = TEST_USERID; + metaData.area = CryptoManager::Area::EL4; + CryptoManager::GetInstance().UpdateSecretMeta(randomKey, metaData, metaData.GetSecretKey(), secretKey); + ASSERT_FALSE(secretKey.sKey.empty()); + ASSERT_FALSE(secretKey.nonce.empty()); + ASSERT_EQ(secretKey.area, metaData.area); } -} // namespace DistributedDataTest -} // namespace OHOS::Test +} // namespace OHOS::Test \ No newline at end of file diff --git a/services/distributeddataservice/service/test/kvdb_general_store_test.cpp b/services/distributeddataservice/service/test/kvdb_general_store_test.cpp index 57ca2a415..4938a7384 100644 --- a/services/distributeddataservice/service/test/kvdb_general_store_test.cpp +++ b/services/distributeddataservice/service/test/kvdb_general_store_test.cpp @@ -49,6 +49,8 @@ using StoreId = OHOS::DistributedKv::StoreId; using AppId = OHOS::DistributedKv::AppId; namespace OHOS::Test { namespace DistributedDataTest { +static constexpr const char *INVALID_APPID = "invalid_kvdb_store_test"; + class KVDBGeneralStoreTest : public testing::Test { public: static void SetUpTestCase(void); @@ -67,7 +69,6 @@ protected: std::shared_ptr KVDBGeneralStoreTest::dbStoreMock_ = std::make_shared(); static const uint32_t KEY_LENGTH = 32; -static const uint32_t ENCRYPT_KEY_LENGTH = 48; void KVDBGeneralStoreTest::InitMetaData() { @@ -104,7 +105,11 @@ void KVDBGeneralStoreTest::SetUp() InitMetaData(); } -void KVDBGeneralStoreTest::TearDown() {} +void KVDBGeneralStoreTest::TearDown() +{ + MetaDataManager::GetInstance().DelMeta(metaData_.GetSecretKey(), true); + MetaDataManager::GetInstance().DelMeta(metaData_.GetKey(), true); +} class MockGeneralWatcher : public DistributedData::GeneralWatcher { public: @@ -150,14 +155,43 @@ public: /** * @tc.name: GetDBPasswordTest_001 -* @tc.desc: GetDBPassword from meta. +* @tc.desc: get password with all exception branch * @tc.type: FUNC -* @tc.require: -* @tc.author: Hollokin */ HWTEST_F(KVDBGeneralStoreTest, GetDBPasswordTest_001, TestSize.Level0) { - ZLOGI("GetDBPasswordTest start"); + metaData_.isEncrypt = false; + auto dbPassword = KVDBGeneralStore::GetDBPassword(metaData_); + ASSERT_EQ(dbPassword.GetSize(), 0); + + MetaDataManager::GetInstance().Initialize(dbStoreMock_, nullptr, ""); + + metaData_.isEncrypt = true; + dbPassword = KVDBGeneralStore::GetDBPassword(metaData_); + ASSERT_EQ(dbPassword.GetSize(), 0); + + SecretKeyMetaData secretKey; + auto result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_TRUE(result); + dbPassword = KVDBGeneralStore::GetDBPassword(metaData_); + ASSERT_EQ(dbPassword.GetSize(), 0); + + std::vector randomKey = Random(KEY_LENGTH); + ASSERT_FALSE(randomKey.empty()); + secretKey.sKey = randomKey; + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_TRUE(result); + dbPassword = KVDBGeneralStore::GetDBPassword(metaData_); + ASSERT_EQ(dbPassword.GetSize(), 0); +} + +/** +* @tc.name: GetDBPasswordTest_002 +* @tc.desc: GetDBPassword from meta. +* @tc.type: FUNC +*/ +HWTEST_F(KVDBGeneralStoreTest, GetDBPasswordTest_002, TestSize.Level0) +{ MetaDataManager::GetInstance().Initialize(dbStoreMock_, nullptr, ""); EXPECT_TRUE(MetaDataManager::GetInstance().SaveMeta(metaData_.GetKey(), metaData_, true)); EXPECT_TRUE(MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), metaData_, true)); @@ -166,13 +200,11 @@ HWTEST_F(KVDBGeneralStoreTest, GetDBPasswordTest_001, TestSize.Level0) } /** -* @tc.name: GetDBPasswordTest_002 +* @tc.name: GetDBPasswordTest_003 * @tc.desc: GetDBPassword from encrypt meta. * @tc.type: FUNC -* @tc.require: -* @tc.author: Hollokin */ -HWTEST_F(KVDBGeneralStoreTest, GetDBPasswordTest_002, TestSize.Level0) +HWTEST_F(KVDBGeneralStoreTest, GetDBPasswordTest_003, TestSize.Level0) { ZLOGI("GetDBPasswordTest_002 start"); MetaDataManager::GetInstance().Initialize(dbStoreMock_, nullptr, ""); @@ -183,10 +215,15 @@ HWTEST_F(KVDBGeneralStoreTest, GetDBPasswordTest_002, TestSize.Level0) EXPECT_EQ(errCode, CryptoManager::ErrCode::SUCCESS); std::vector randomKey = Random(KEY_LENGTH); + ASSERT_FALSE(randomKey.empty()); SecretKeyMetaData secretKey; secretKey.storeType = metaData_.storeType; - secretKey.sKey = CryptoManager::GetInstance().Encrypt(randomKey, DEFAULT_ENCRYPTION_LEVEL, DEFAULT_USER); - EXPECT_EQ(secretKey.sKey.size(), ENCRYPT_KEY_LENGTH); + CryptoManager::CryptoParams encryptParams = { .area = metaData_.area, .userId = metaData_.user }; + secretKey.sKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + ASSERT_FALSE(secretKey.sKey.empty()); + ASSERT_FALSE(encryptParams.nonce.empty()); + secretKey.area = metaData_.area; + secretKey.nonce = encryptParams.nonce; EXPECT_TRUE(MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true)); auto dbPassword = KVDBGeneralStore::GetDBPassword(metaData_); @@ -194,6 +231,35 @@ HWTEST_F(KVDBGeneralStoreTest, GetDBPasswordTest_002, TestSize.Level0) randomKey.assign(randomKey.size(), 0); } +/** +* @tc.name: GetDBPasswordTest_004 +* @tc.desc: get password with exception branch +* @tc.type: FUNC +*/ +HWTEST_F(KVDBGeneralStoreTest, GetDBPasswordTest_004, TestSize.Level0) +{ + metaData_.bundleName = INVALID_APPID; + auto dbPassword = KVDBGeneralStore::GetDBPassword(metaData_); + ASSERT_EQ(dbPassword.GetSize(), 0); + + MetaDataManager::GetInstance().Initialize(dbStoreMock_, nullptr, ""); + + SecretKeyMetaData secretKey; + auto result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_TRUE(result); + dbPassword = KVDBGeneralStore::GetDBPassword(metaData_); + ASSERT_EQ(dbPassword.GetSize(), 0); + + auto key = Random(KEY_LENGTH); + ASSERT_FALSE(key.empty()); + secretKey.sKey = key; + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_TRUE(result); + dbPassword = KVDBGeneralStore::GetDBPassword(metaData_); + ASSERT_EQ(dbPassword.GetSize(), 0); + MetaDataManager::GetInstance().DelMeta(metaData_.GetSecretKey(), true); +} + /** * @tc.name: GetDBSecurityTest * @tc.desc: GetDBSecurity diff --git a/services/distributeddataservice/service/test/kvdb_service_impl_test.cpp b/services/distributeddataservice/service/test/kvdb_service_impl_test.cpp index 1717b304f..bc4c17a96 100644 --- a/services/distributeddataservice/service/test/kvdb_service_impl_test.cpp +++ b/services/distributeddataservice/service/test/kvdb_service_impl_test.cpp @@ -965,29 +965,6 @@ HWTEST_F(KvdbServiceImplTest, UnsubscribeTest001, TestSize.Level0) ASSERT_EQ(status, Status::SUCCESS); } -/** -* @tc.name: GetBackupPasswordTest001 -* @tc.desc: GetBackupPassword test -* @tc.type: FUNC -* @tc.author: wangbin -*/ -HWTEST_F(KvdbServiceImplTest, GetBackupPasswordTest001, TestSize.Level0) -{ - auto status = manager.GetSingleKvStore(create, appId, storeId, kvStore); - ASSERT_NE(kvStore, nullptr); - ASSERT_EQ(status, Status::SUCCESS); - std::vector> password; - status = kvdbServiceImpl_->GetBackupPassword( - appId, storeId, 0, password, DistributedKv::KVDBService::PasswordType::BACKUP_SECRET_KEY); - ASSERT_EQ(status, Status::ERROR); - status = kvdbServiceImpl_->GetBackupPassword( - appId, storeId, 0, password, DistributedKv::KVDBService::PasswordType::SECRET_KEY); - ASSERT_EQ(status, Status::ERROR); - status = kvdbServiceImpl_->GetBackupPassword( - appId, storeId, 0, password, DistributedKv::KVDBService::PasswordType::BUTTON); - ASSERT_EQ(status, Status::ERROR); -} - /** * @tc.name: BeforeCreateTest001 * @tc.desc: BeforeCreate test diff --git a/services/distributeddataservice/service/test/kvdb_service_password_test.cpp b/services/distributeddataservice/service/test/kvdb_service_password_test.cpp new file mode 100644 index 000000000..0d068b1f2 --- /dev/null +++ b/services/distributeddataservice/service/test/kvdb_service_password_test.cpp @@ -0,0 +1,200 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#include "kvdb_service_impl.h" + +#include +#include + +#include "device_manager_adapter.h" +#include "ipc_skeleton.h" +#include "mock/db_store_mock.h" + +namespace OHOS::Test { +using namespace testing::ext; +using namespace OHOS::DistributedData; +using namespace OHOS::DistributedKv; + +static constexpr int32_t KEY_LENGTH = 32; +static constexpr int32_t TEST_USER_NUM = 0; +static constexpr const char *TEST_USER = "0"; +static constexpr const char *TEST_APP_ID = "KvdbServicePasswordTest"; +static constexpr const char *TEST_STORE_ID = "StoreTest"; + +class KvdbServicePasswordTest : public testing::Test { +public: + static void SetUpTestCase(void); + static void TearDownTestCase(void) {} + void SetUp() {} + void TearDown() {} + + static std::vector Random(int32_t len); + + static AppId appId_; + static StoreId storeId_; + static StoreMetaData metaData_; + static std::shared_ptr kvdbServiceImpl_; +}; + +AppId KvdbServicePasswordTest::appId_; +StoreId KvdbServicePasswordTest::storeId_; +StoreMetaData KvdbServicePasswordTest::metaData_; +std::shared_ptr KvdbServicePasswordTest::kvdbServiceImpl_; + +void KvdbServicePasswordTest::SetUpTestCase(void) +{ + appId_ = { TEST_APP_ID }; + storeId_ = { TEST_STORE_ID }; + kvdbServiceImpl_ = std::make_shared(); + metaData_.deviceId = DeviceManagerAdapter::GetInstance().GetLocalDevice().uuid; + metaData_.bundleName = TEST_APP_ID; + metaData_.appId = TEST_APP_ID; + metaData_.storeId = TEST_STORE_ID; + metaData_.user = TEST_USER; + metaData_.area = Area::EL1; + metaData_.tokenId = IPCSkeleton::GetSelfTokenID(); +} + +std::vector KvdbServicePasswordTest::Random(int32_t len) +{ + std::random_device randomDevice; + std::uniform_int_distribution distribution(0, std::numeric_limits::max()); + std::vector key(len); + for (uint32_t i = 0; i < len; i++) { + key[i] = static_cast(distribution(randomDevice)); + } + return key; +} + +/** +* @tc.name: GetBackupPasswordTest001 +* @tc.desc: get backup password with exception branch +* @tc.type: FUNC +*/ +HWTEST_F(KvdbServicePasswordTest, GetBackupPasswordTest001, TestSize.Level0) +{ + std::vector> passwords; + + auto status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::BACKUP_SECRET_KEY); + ASSERT_EQ(status, Status::ERROR); + + status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::SECRET_KEY); + ASSERT_EQ(status, Status::ERROR); + + status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::BUTTON); + ASSERT_EQ(status, Status::ERROR); + + std::shared_ptr dbStoreMock = std::make_shared(); + MetaDataManager::GetInstance().Initialize(dbStoreMock, nullptr, ""); + SecretKeyMetaData secretKey; + + auto result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_TRUE(result); + status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::SECRET_KEY); + ASSERT_EQ(status, Status::ERROR); + + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetCloneSecretKey(), secretKey, true); + ASSERT_TRUE(result); + status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::SECRET_KEY); + ASSERT_EQ(status, Status::ERROR); + + auto key = Random(KEY_LENGTH); + ASSERT_FALSE(key.empty()); + secretKey.sKey = key; + + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_TRUE(result); + status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::SECRET_KEY); + ASSERT_EQ(status, Status::ERROR); + + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetCloneSecretKey(), secretKey, true); + ASSERT_TRUE(result); + status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::SECRET_KEY); + ASSERT_EQ(status, Status::ERROR); + + MetaDataManager::GetInstance().DelMeta(metaData_.GetSecretKey(), true); + MetaDataManager::GetInstance().DelMeta(metaData_.GetCloneSecretKey(), true); +} + +/** +* @tc.name: GetBackupPasswordTest002 +* @tc.desc: get all type password success +* @tc.type: FUNC +*/ +HWTEST_F(KvdbServicePasswordTest, GetBackupPasswordTest002, TestSize.Level0) +{ + auto key = Random(KEY_LENGTH); + ASSERT_FALSE(key.empty()); + + std::shared_ptr dbStoreMock = std::make_shared(); + MetaDataManager::GetInstance().Initialize(dbStoreMock, nullptr, ""); + + CryptoManager::CryptoParams encryptParams; + auto encryptKey = CryptoManager::GetInstance().Encrypt(key, encryptParams); + ASSERT_FALSE(encryptKey.empty()); + ASSERT_FALSE(encryptParams.nonce.empty()); + + SecretKeyMetaData secretKey; + secretKey.sKey = encryptKey; + secretKey.nonce = encryptParams.nonce; + std::vector> passwords; + + // 1.get backup secret key success + auto result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetBackupSecretKey(), secretKey, true); + ASSERT_TRUE(result); + auto status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::BACKUP_SECRET_KEY); + ASSERT_EQ(status, Status::SUCCESS); + ASSERT_GT(passwords.size(), 0); + ASSERT_EQ(passwords[0].size(), key.size()); + for (auto i = 0; i < key.size(); ++i) { + ASSERT_EQ(passwords[0][i], key[i]); + } + MetaDataManager::GetInstance().DelMeta(metaData_.GetBackupSecretKey(), true); + + // 2.get secret key success + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true); + ASSERT_TRUE(result); + status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::SECRET_KEY); + ASSERT_EQ(status, Status::SUCCESS); + ASSERT_GT(passwords.size(), 0); + ASSERT_EQ(passwords[0].size(), key.size()); + for (auto i = 0; i < key.size(); ++i) { + ASSERT_EQ(passwords[0][i], key[i]); + } + MetaDataManager::GetInstance().DelMeta(metaData_.GetSecretKey(), true); + + // 3.get clone secret key success + result = MetaDataManager::GetInstance().SaveMeta(metaData_.GetCloneSecretKey(), secretKey, true); + ASSERT_TRUE(result); + status = kvdbServiceImpl_->GetBackupPassword( + appId_, storeId_, TEST_USER_NUM, passwords, DistributedKv::KVDBService::PasswordType::SECRET_KEY); + ASSERT_EQ(status, Status::SUCCESS); + ASSERT_GT(passwords.size(), 0); + ASSERT_EQ(passwords[0].size(), key.size()); + for (auto i = 0; i < key.size(); ++i) { + ASSERT_EQ(passwords[0][i], key[i]); + } + MetaDataManager::GetInstance().DelMeta(metaData_.GetCloneSecretKey(), true); +} +} // namespace OHOS::Test \ No newline at end of file diff --git a/services/distributeddataservice/service/test/rdb_service_impl_test.cpp b/services/distributeddataservice/service/test/rdb_service_impl_test.cpp index 54f25eae2..97a59da2b 100644 --- a/services/distributeddataservice/service/test/rdb_service_impl_test.cpp +++ b/services/distributeddataservice/service/test/rdb_service_impl_test.cpp @@ -13,6 +13,8 @@ * limitations under the License. */ +#include + #include "account/account_delegate.h" #include "bootstrap.h" #include "checker_mock.h" @@ -47,6 +49,7 @@ namespace DistributedRDBTest { static constexpr const char *TEST_BUNDLE = "test_rdb_service_impl_bundleName"; static constexpr const char *TEST_APPID = "test_rdb_service_impl_appid"; static constexpr const char *TEST_STORE = "test_rdb_service_impl_store"; +static constexpr int32_t KEY_LENGTH = 32; class RdbServiceImplTest : public testing::Test { public: @@ -55,6 +58,7 @@ public: static void InitMetaData(); void SetUp(); void TearDown(); + static std::vector Random(int32_t len); protected: static std::shared_ptr dbStoreMock_; static StoreMetaData metaData_; @@ -112,6 +116,17 @@ void RdbServiceImplTest::TearDown() { } +std::vector RdbServiceImplTest::Random(int32_t len) +{ + std::random_device randomDevice; + std::uniform_int_distribution distribution(0, std::numeric_limits::max()); + std::vector key(len); + for (uint32_t i = 0; i < len; i++) { + key[i] = static_cast(distribution(randomDevice)); + } + return key; +} + /** * @tc.name: OnRemoteRequest001 * @tc.desc: ResolveAutoLaunch LoadMeta Failed. @@ -821,16 +836,17 @@ HWTEST_F(RdbServiceImplTest, GetPassword001, TestSize.Level0) */ HWTEST_F(RdbServiceImplTest, GetPassword002, TestSize.Level0) { + MetaDataManager::GetInstance().Initialize(dbStoreMock_, nullptr, ""); auto meta = metaData_; meta.isEncrypt = true; - std::vector sKey{2, 249, 221, 119, 177, 216, 217, 134, 185, 139, 114, 38, 140, 64, 165, 35, - 77, 169, 0, 226, 226, 166, 37, 73, 181, 229, 42, 88, 108, 111, 131, 104, - 141, 43, 96, 119, 214, 34, 177, 129, 233, 96, 98, 164, 87, 115, 187, 170}; + auto sKey = Random(KEY_LENGTH); + ASSERT_FALSE(sKey.empty()); SecretKeyMetaData secretKey; - secretKey.sKey = CryptoManager::GetInstance().Encrypt(sKey); - secretKey.area = 0; + CryptoManager::CryptoParams encryptParams; + secretKey.sKey = CryptoManager::GetInstance().Encrypt(sKey, encryptParams); + secretKey.area = encryptParams.area; secretKey.storeType = meta.storeType; - secretKey.time = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; + secretKey.nonce = encryptParams.nonce; EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(meta.GetKey(), meta, true), true); EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(meta.GetSecretKey(), secretKey, true), true); @@ -843,8 +859,7 @@ HWTEST_F(RdbServiceImplTest, GetPassword002, TestSize.Level0) int32_t result = service.GetPassword(param, password); EXPECT_EQ(result, RDB_OK); - size_t KEY_COUNT = 2; - ASSERT_EQ(password.size(), KEY_COUNT); + ASSERT_GT(password.size(), 0); EXPECT_EQ(password.at(0), sKey); MetaDataManager::GetInstance().DelMeta(meta.GetKey(), true); MetaDataManager::GetInstance().DelMeta(meta.GetSecretKey(), true); @@ -859,22 +874,27 @@ HWTEST_F(RdbServiceImplTest, GetPassword002, TestSize.Level0) */ HWTEST_F(RdbServiceImplTest, GetPassword003, TestSize.Level0) { + MetaDataManager::GetInstance().Initialize(dbStoreMock_, nullptr, ""); + auto meta = metaData_; + meta.isEncrypt = true; + auto sKey = Random(KEY_LENGTH); + ASSERT_FALSE(sKey.empty()); SecretKeyMetaData secretKey; - secretKey.sKey = {0x01, 0x02, 0x03}; // Invalid key for decryption - EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(metaData_.GetSecretKey(), secretKey, true), true); - EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(metaData_.GetKey(), metaData_, true), true); + secretKey.sKey = sKey; // Invalid key for decryption + EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(meta.GetSecretKey(), secretKey, true), true); + EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(meta.GetKey(), meta, true), true); RdbServiceImpl service; RdbSyncerParam param; - param.bundleName_ = metaData_.bundleName; - param.storeName_ = metaData_.storeId; + param.bundleName_ = meta.bundleName; + param.storeName_ = meta.storeId; std::vector> password; int32_t result = service.GetPassword(param, password); EXPECT_EQ(result, RDB_ERROR); - EXPECT_EQ(MetaDataManager::GetInstance().DelMeta(metaData_.GetSecretKey(), true), true); - EXPECT_EQ(MetaDataManager::GetInstance().DelMeta(metaData_.GetKey(), true), true); + EXPECT_EQ(MetaDataManager::GetInstance().DelMeta(meta.GetSecretKey(), true), true); + EXPECT_EQ(MetaDataManager::GetInstance().DelMeta(meta.GetKey(), true), true); } /** @@ -886,16 +906,17 @@ HWTEST_F(RdbServiceImplTest, GetPassword003, TestSize.Level0) */ HWTEST_F(RdbServiceImplTest, GetPassword004, TestSize.Level0) { + MetaDataManager::GetInstance().Initialize(dbStoreMock_, nullptr, ""); auto meta = metaData_; meta.isEncrypt = true; - std::vector sKey{2, 249, 221, 119, 177, 216, 217, 134, 185, 139, 114, 38, 140, 64, 165, 35, - 77, 169, 0, 226, 226, 166, 37, 73, 181, 229, 42, 88, 108, 111, 131, 104, - 141, 43, 96, 119, 214, 34, 177, 129, 233, 96, 98, 164, 87, 115, 187, 170}; + auto sKey = Random(KEY_LENGTH); + ASSERT_FALSE(sKey.empty()); SecretKeyMetaData secretKey; - secretKey.sKey = CryptoManager::GetInstance().Encrypt(sKey); - secretKey.area = 0; + CryptoManager::CryptoParams encryptParams; + secretKey.sKey = CryptoManager::GetInstance().Encrypt(sKey, encryptParams); + secretKey.area = encryptParams.area; secretKey.storeType = meta.storeType; - secretKey.time = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; + secretKey.nonce = encryptParams.nonce; EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(meta.GetKey(), meta, true), true); EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(meta.GetCloneSecretKey(), secretKey, true), true); @@ -910,11 +931,10 @@ HWTEST_F(RdbServiceImplTest, GetPassword004, TestSize.Level0) int32_t result = service.GetPassword(param, password); EXPECT_EQ(result, RDB_OK); - size_t KEY_COUNT = 2; - ASSERT_EQ(password.size(), KEY_COUNT); - EXPECT_EQ(password.at(1), sKey); - MetaDataManager::GetInstance().DelMeta(metaData_.GetKey(), true); - MetaDataManager::GetInstance().DelMeta(metaData_.GetCloneSecretKey(), true); + ASSERT_GT(password.size(), 0); + EXPECT_EQ(password.at(0), sKey); + MetaDataManager::GetInstance().DelMeta(meta.GetKey(), true); + MetaDataManager::GetInstance().DelMeta(meta.GetCloneSecretKey(), true); } /** @@ -935,7 +955,7 @@ HWTEST_F(RdbServiceImplTest, GetPassword005, TestSize.Level0) int32_t result = service.GetPassword(param, password); - EXPECT_EQ(result, RDB_NO_META); + EXPECT_EQ(result, RDB_ERROR); } /** @@ -1168,34 +1188,6 @@ HWTEST_F(RdbServiceImplTest, UnSubscribe001, TestSize.Level0) EXPECT_EQ(result, RDB_ERROR); } -/** - * @tc.name: UpgradeCloneSecretKey001 - * @tc.desc: Test UpgradeCloneSecretKey when meta invalid. - * @tc.type: FUNC - * @tc.require: - * @tc.author: zhaojh - */ -HWTEST_F(RdbServiceImplTest, UpgradeCloneSecretKey001, TestSize.Level0) -{ - auto meta = metaData_; - meta.isEncrypt = true; - std::vector sKey{2, 249, 221, 119, 177, 216, 217, 134, 185, 139, 114, 38, 140, 64, 165, 35, - 77, 169, 0, 226, 226, 166, 37, 73, 181, 229, 42, 88, 108, 111, 131, 104, - 141, 43, 96, 119, 214, 34, 177, 129, 233, 96, 98, 164, 87, 115, 187, 170}; - SecretKeyMetaData secretKey; - secretKey.sKey = CryptoManager::GetInstance().Encrypt(sKey); - secretKey.area = -1; - secretKey.storeType = meta.storeType; - secretKey.time = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; - EXPECT_EQ(MetaDataManager::GetInstance().SaveMeta(meta.GetCloneSecretKey(), secretKey, true), true); - - RdbServiceImpl service; - - auto result = service.UpgradeCloneSecretKey(meta); - ASSERT_EQ(result, true); - EXPECT_EQ(MetaDataManager::GetInstance().DelMeta(meta.GetCloneSecretKey(), true), true); -} - /** * @tc.name: GetDfxInfo001 * @tc.desc: Test GetDfxInfo when CheckAccess not pass. -- Gitee