2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com)
23 #include <openssl/rand.h>
24 #include <openssl/evp.h>
26 #include <generic-backend/exception.h>
27 #include <sw-backend/obj.h>
28 #include <sw-backend/store.h>
29 #include <sw-backend/internals.h>
31 #include <message-buffer.h>
39 const int ITERATIONS = 1024;
40 const int KEY_LENGTH = 16; // length of AES key derived from password
41 const int STORE_AES_GCM_TAG_SIZE = 16; // length of AES GCM tag
43 // internal SW encryption scheme flags
44 enum EncryptionScheme {
49 template <typename T, typename ...Args>
50 std::unique_ptr<T> make_unique(Args&& ...args) {
51 return std::unique_ptr<T>(new T(std::forward<Args>(args)...));
54 RawBuffer generateRandIV() {
55 RawBuffer civ(EVP_MAX_IV_LENGTH);
57 if (1 != RAND_bytes(civ.data(), civ.size()))
58 ThrowErr(Exc::Crypto::InternalError, "RAND_bytes failed to generate IV.");
62 RawBuffer passwordToKey(const Password &password, const RawBuffer &salt, size_t keySize)
64 RawBuffer result(keySize);
66 if (1 != PKCS5_PBKDF2_HMAC_SHA1(
75 ThrowErr(Exc::InternalError, "PCKS5_PKKDF2_HMAC_SHA1 failed.");
81 RawBuffer unpack(const RawBuffer& packed, const Password& pass)
85 int encryptionScheme = 0;
87 buffer.Deserialize(encryptionScheme, data);
89 if (encryptionScheme == 0)
92 MessageBuffer internalBuffer;
93 internalBuffer.Push(data);
98 // serialization exceptions will be catched as CKM::Exception and will cause
99 // CKM_API_ERROR_SERVER_ERROR
100 internalBuffer.Deserialize(encrypted, iv, tag);
103 * AES GCM will check data integrity and handle cases where:
104 * - wrong password is used
105 * - password is empty when it shouldn't be
106 * - password is not empty when it should be
108 RawBuffer key = passwordToKey(pass, iv, KEY_LENGTH);
112 ret = Crypto::SW::Internals::decryptDataAesGcm(key, encrypted, iv, tag);
113 } catch( const Exc::Crypto::InternalError& e) {
114 ThrowErr(Exc::AuthenticationFailed, "Decryption with custom password failed");
119 RawBuffer pack(const RawBuffer& data, const Password& pass)
121 int scheme = EncryptionScheme::NONE;
122 RawBuffer packed = data;
124 RawBuffer iv = generateRandIV();
125 RawBuffer key = passwordToKey(pass, iv, KEY_LENGTH);
127 std::pair<RawBuffer, RawBuffer> ret;
129 ret = Crypto::SW::Internals::encryptDataAesGcm(key, data, iv, STORE_AES_GCM_TAG_SIZE);
130 } catch( const Exc::Crypto::InternalError& e) {
131 ThrowErr(Exc::AuthenticationFailed, "Encryption with custom password failed");
133 scheme |= EncryptionScheme::PASSWORD;
135 // serialization exceptions will be catched as CKM::Exception and will cause
136 // CKM_API_ERROR_SERVER_ERROR
137 packed = MessageBuffer::Serialize(ret.first, iv, ret.second).Pop();
139 // encryption scheme + internal buffer
140 return MessageBuffer::Serialize(scheme, packed).Pop();
143 } // namespace anonymous
145 Store::Store(CryptoBackend backendId)
150 GObjUPtr Store::getObject(const Token &token, const Password &pass) {
151 if (token.backendId != m_backendId) {
152 ThrowErr(Exc::Crypto::WrongBackend, "Decider choose wrong backend!");
155 RawBuffer data = unpack(token.data, pass);
157 if (token.dataType.isKeyPrivate() || token.dataType.isKeyPublic()) {
158 return make_unique<AKey>(data, token.dataType);
161 if (token.dataType == DataType(DataType::KEY_AES)) {
162 return make_unique<SKey>(data, token.dataType);
165 if (token.dataType.isCertificate() || token.dataType.isChainCert()) {
166 return make_unique<Cert>(data, token.dataType);
169 if (token.dataType.isBinaryData()) {
170 return make_unique<BData>(data, token.dataType);
173 ThrowErr(Exc::Crypto::DataTypeNotSupported,
174 "This type of data is not supported by openssl backend: ", (int)token.dataType);
177 TokenPair Store::generateAKey(const CryptoAlgorithm &algorithm,
178 const Password &prvPass,
179 const Password &pubPass)
181 Internals::DataPair ret = Internals::generateAKey(algorithm);
182 return std::make_pair<Token,Token>(
183 Token(m_backendId, ret.first.type, pack(ret.first.buffer, prvPass)),
184 Token(m_backendId, ret.second.type, pack(ret.second.buffer, pubPass)));
187 Token Store::generateSKey(const CryptoAlgorithm &algorithm, const Password &pass)
189 Internals::Data ret = Internals::generateSKey(algorithm);
190 return Token(m_backendId, ret.type, pack(ret.buffer, pass));
193 Token Store::import(DataType dataType, const RawBuffer &input, const Password &pass) {
195 RawBuffer data = pack(input, pass);
196 return Token(m_backendId, dataType, std::move(data));
200 } // namespace Crypto