src/manager/crypto/se-backend/internals.cpp

   1 /*
   2  *  Copyright (c) 2017-2022 Samsung Electronics Co., Ltd. All rights reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  */
  16 /*
  17  * @file       internals.cpp
  18  * @author     isaac2.lee (isaac2.lee@samsung.com)
  19  * @version    1.0
  20  */
  21
  22 #include <functional>
  23 #include <unistd.h>
  24 #include <generic-backend/exception.h>
  25 #include <generic-backend/algo-validation.h>
  26 #include <generic-backend/crypto-params.h>
  27 #include <dpl/log/log.h>
  28 #include <ckm/ckm-type.h>
  29
  30 #include <se-backend/internals.h>
  31 #include <key-manager-se-backend.h>
  32 #include <key-provider.h>
  33
  34 #ifndef UNUSED_PARAMETER
  35 #define UNUSED_PARAMETER(x) (void)(x)
  36 #endif
  37
  38 namespace CKM {
  39 namespace Crypto {
  40 namespace SE {
  41 namespace Internals {
  42
  43 RawBuffer toRawBuffer(unsigned char* buf, uint32_t buf_len)
  44 {
  45         RawBuffer output;
  46         output.assign(buf, buf + buf_len);
  47         return output;
  48 }
  49
  50 kmsb_hash_algo_e getHashType(const CryptoAlgorithm &alg)
  51 {
  52         HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
  53         switch (hash)
  54         {
  55         case HashAlgorithm::SHA1:
  56                 return KMSB_HASH_SHA1;
  57         case HashAlgorithm::SHA256:
  58                 return KMSB_HASH_SHA256;
  59         case HashAlgorithm::SHA384:
  60                 return KMSB_HASH_SHA384;
  61         case HashAlgorithm::SHA512:
  62                 return KMSB_HASH_SHA512;
  63         default:
  64                 break;
  65         }
  66         return KMSB_HASH_SHA256;
  67 }
  68
  69 kmsb_ec_type_e getEcType(const ElipticCurve ecType)
  70 {
  71         if (ecType == ElipticCurve::prime192v1)
  72                 return KMSB_EC_PRIME192V1;
  73         else if (ecType == ElipticCurve::prime256v1)
  74                 return KMSB_EC_PRIME256V1;
  75         else if (ecType == ElipticCurve::secp384r1)
  76                 return KMSB_EC_SECP384R1;
  77         return KMSB_EC_PRIME256V1;
  78 }
  79
  80 int kmsb_failure_retry(std::function<int()> func)
  81 {
  82         int result = KMSB_ERROR_NONE;
  83         for (size_t attempt = 0; attempt < 3; ++attempt) {
  84                 result = func();
  85                 if (result == KMSB_ERROR_NONE || result == KMSB_ERROR_NO_KEY)
  86                         break;
  87                 LogError("occured err inside SE(errcode:" << result << ")");
  88                 usleep(100000);
  89         }
  90         return result;
  91 }
  92
  93 void generateSKey(const CryptoAlgorithm &alg,
  94                                 const uint32_t key_idx)
  95 {
  96         UNUSED_PARAMETER(alg);
  97         UNUSED_PARAMETER(key_idx);
  98
  99         ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported");
 100 }
 101
 102 void generateAKey(const CryptoAlgorithm &alg,
 103                                 const uint32_t key_idx)
 104 {
 105         UNUSED_PARAMETER(alg);
 106         UNUSED_PARAMETER(key_idx);
 107
 108         ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported");
 109 }
 110
 111 /// @brief encrypt key data using SE api for DB metadata
 112 /// @param key: target data for encryption
 113 /// @param key_len: target data length
 114 /// @param iv: iv data
 115 /// @param iv_len: iv data length
 116 /// @return Rawbuffer encrypted output
 117 RawBuffer encryptWithDbpKey(const unsigned char* key, const uint32_t key_len,
 118                                                 const unsigned char* iv, const uint32_t iv_len)
 119 {
 120
 121         unsigned char* output_data;
 122         uint32_t output_len;
 123
 124         int ret = kmsb_failure_retry(std::bind(kmsb_encrypt_with_dbp_key,
 125                                                                 SE_BACKEND_DBP_SCHEME_VERSION,
 126                                                                 key, key_len,
 127                                                                 iv, iv_len,
 128                                                                 &output_data, &output_len));
 129         if (ret == KMSB_ERROR_NO_KEY) {
 130                 ret = kmsb_failure_retry(std::bind(kmsb_generate_dbp_key,
 131                                                                 false));
 132                 if (ret != KMSB_ERROR_NONE) {
 133                         LogError("Generate Key: SE Internal error: " << ret);
 134                         ThrowErr(Exc::Crypto::InternalError, "Generate Key: SE Internal error");
 135                 }
 136                 ret = kmsb_failure_retry(std::bind(kmsb_encrypt_with_dbp_key,
 137                                                                 SE_BACKEND_DBP_SCHEME_VERSION,
 138                                                                 key, key_len,
 139                                                                 iv, iv_len,
 140                                                                 &output_data, &output_len));
 141         }
 142         if (ret != KMSB_ERROR_NONE) {
 143                 LogError("Encrypt Key: SE Internal error: " << ret);
 144                 ThrowErr(Exc::Crypto::InternalError, "Encrypt key: SE Internal error");
 145         }
 146         return toRawBuffer(output_data, output_len);
 147 }
 148
 149 RawBuffer halAES(const uint32_t key_idx,
 150                                 const CryptoAlgorithm &alg,
 151                                 RawBuffer &data,
 152                                 const bool isEncrypt)
 153 {
 154         UNUSED_PARAMETER(key_idx);
 155         UNUSED_PARAMETER(alg);
 156         UNUSED_PARAMETER(data);
 157         UNUSED_PARAMETER(isEncrypt);
 158
 159         ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported AES yet");
 160 }
 161
 162 RawBuffer symmetricEncrypt(const uint32_t key_idx,
 163                                                 const CryptoAlgorithm &alg,
 164                                                 RawBuffer &data)
 165 {
 166         return halAES(key_idx, alg, data, true);
 167 }
 168
 169 RawBuffer symmetricDecrypt(const uint32_t key_idx,
 170                                                 const CryptoAlgorithm &alg,
 171                                                 RawBuffer &data)
 172 {
 173         return halAES(key_idx, alg, data, false);
 174 }
 175
 176 RawBuffer asymmetricEncrypt(const uint32_t key_idx,
 177                                                         const CryptoAlgorithm &alg,
 178                                                         RawBuffer &data)
 179 {
 180         UNUSED_PARAMETER(key_idx);
 181         UNUSED_PARAMETER(alg);
 182         UNUSED_PARAMETER(data);
 183
 184         ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported RSA");
 185 }
 186
 187 RawBuffer asymmetricDecrypt(const uint32_t key_idx,
 188                                                         const CryptoAlgorithm &alg,
 189                                                         RawBuffer &data)
 190 {
 191         UNUSED_PARAMETER(key_idx);
 192         UNUSED_PARAMETER(alg);
 193         UNUSED_PARAMETER(data);
 194
 195         ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported RSA");
 196 }
 197
 198 RawBuffer sign(const uint32_t key_idx,
 199                         const CryptoAlgorithm &alg,
 200                         RawBuffer &message)
 201 {
 202         UNUSED_PARAMETER(key_idx);
 203         UNUSED_PARAMETER(alg);
 204         UNUSED_PARAMETER(message);
 205
 206         ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported signing yet");
 207 }
 208
 209 int verify(const uint32_t key_idx,
 210                 const CryptoAlgorithm &alg,
 211                 RawBuffer &hash,
 212                 RawBuffer &signature)
 213 {
 214         UNUSED_PARAMETER(key_idx);
 215         UNUSED_PARAMETER(alg);
 216         UNUSED_PARAMETER(hash);
 217         UNUSED_PARAMETER(signature);
 218
 219         ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported verifying yet");
 220 }
 221
 222 } // namespace Internals
 223 } // namespace SE
 224 } // namespace Crypto
 225 } // namespace CKM