return CKM::RawBuffer();
}
+int cleanMemory(void *targetPtr, size_t targetSize)
+{
+ char *ptr = reinterpret_cast<char *>(targetPtr);
+
+ // overwrite ptr
+ for (size_t size = 0; size < targetSize; ++size)
+ ptr[size] = 0;
+
+ // verification
+ for (size_t size = 0; size < targetSize; ++size) {
+ if (0 != ptr[size]) {
+ return -1; // fail
+ }
+ }
+ return 0; // success
+}
+
} // anonymous namespace
using namespace CKM;
memset(wrappedKeyAndInfo, 0, sizeof(WrappedKeyAndInfo));
}
+WrappedKeyAndInfoContainer::WrappedKeyAndInfoContainer(const WrappedKeyAndInfoContainer &second)
+{
+ wrappedKeyAndInfo = new WrappedKeyAndInfo;
+ memcpy(wrappedKeyAndInfo, second.wrappedKeyAndInfo, sizeof(WrappedKeyAndInfo));
+}
+
+WrappedKeyAndInfoContainer &WrappedKeyAndInfoContainer::operator=(const WrappedKeyAndInfoContainer &second)
+{
+ if (this == &second)
+ return *this;
+
+ if (wrappedKeyAndInfo)
+ delete wrappedKeyAndInfo;
+
+ wrappedKeyAndInfo = new WrappedKeyAndInfo;
+ memcpy(wrappedKeyAndInfo, second.wrappedKeyAndInfo, sizeof(WrappedKeyAndInfo));
+ return *this;
+}
+
WrappedKeyAndInfoContainer::WrappedKeyAndInfoContainer(const unsigned char *data)
{
wrappedKeyAndInfo = new WrappedKeyAndInfo;
memset(keyAndInfo, 0, sizeof(KeyAndInfo));
}
+KeyAndInfoContainer::KeyAndInfoContainer(const KeyAndInfoContainer &second)
+{
+ keyAndInfo = new KeyAndInfo;
+ memcpy(keyAndInfo, second.keyAndInfo, sizeof(KeyAndInfo));
+}
+
+KeyAndInfoContainer &KeyAndInfoContainer::operator=(const KeyAndInfoContainer &second)
+{
+ if (this == &second)
+ return *this;
+
+ if (keyAndInfo) {
+ if (cleanMemory(keyAndInfo, sizeof(KeyAndInfo))) {
+ delete keyAndInfo;
+ ThrowMsg(Exception::Base,
+ "KeyAndInfo in KeyAndInfoContainer was not destroyed!");
+ }
+ delete keyAndInfo;
+ }
+
+ keyAndInfo = new KeyAndInfo;
+ memcpy(keyAndInfo, second.keyAndInfo, sizeof(KeyAndInfo));
+ return *this;
+}
+
KeyAndInfoContainer::KeyAndInfoContainer(const unsigned char *data)
{
keyAndInfo = new KeyAndInfo;
KeyAndInfoContainer::~KeyAndInfoContainer()
{
- // overwrite key
- char *ptr = reinterpret_cast<char*>(keyAndInfo);
- for (size_t size = 0; size < sizeof(KeyAndInfo); ++size)
- ptr[size] = 0;
- // verification
- for (size_t size = 0; size < sizeof(KeyAndInfo); ++size) {
- if (0 != ptr[size]) {
- delete keyAndInfo;
- ThrowMsg(Exception::Base, "KeyAndInfo in KeyAndInfoContainer "
- "was not destroyed!");
- }
+ if (cleanMemory(keyAndInfo, sizeof(KeyAndInfo))) {
+ // destroy verification failed.
+ delete keyAndInfo;
+ ThrowMsg(Exception::Base,
+ "KeyAndInfo in KeyAndInfoContainer was not destroyed!");
}
+
delete keyAndInfo;
}
, m_isInitialized(true)
{
if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
- LogError("input size:" << domainKEKInWrapForm.size()
- << " Expected: " << sizeof(WrappedKeyAndInfo));
- ThrowMsg(Exception::InputParamError, "buffer doesn't have proper size to store WrappedKeyAndInfo in KeyProvider Constructor");
+ ThrowMsg(Exception::InputParamError,
+ "domainKEKInWrapForm "
+ "input size:" << domainKEKInWrapForm.size() <<
+ " Expected:" << sizeof(WrappedKeyAndInfo));
}
- WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer(domainKEKInWrapForm.data());
+ WrappedKeyAndInfoContainer wkmcDKEK(domainKEKInWrapForm.data());
char *concat_user_pass = NULL;
uint8_t PKEK1[MAX_KEY_SIZE];
concat_user_pass = concat_password_user(
wkmcDKEK.getWrappedKeyAndInfo().keyInfo.label,
- password.c_str());
+ getConvertedStr(password));
if (!PKCS5_PBKDF2_HMAC_SHA1(
concat_user_pass,
wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv,
m_kmcDKEK->getKeyAndInfo().key))) {
- ThrowMsg(Exception::PassWordError, "VerifyDomainKEK failed in KeyProvider Constructor");
+ ThrowMsg(Exception::PassWordError,
+ "VerifyDomainKEK failed in KeyProvider Constructor");
}
m_kmcDKEK->setKeyInfo(&(wkmcDKEK.getWrappedKeyAndInfo().keyInfo));
ThrowMsg(Exception::InitFailed, "Object not initialized!");
}
- return RawBuffer(m_kmcDKEK->getKeyAndInfo().key, (m_kmcDKEK->getKeyAndInfo().key) + m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength);
+ return RawBuffer(m_kmcDKEK->getKeyAndInfo().key,
+ (m_kmcDKEK->getKeyAndInfo().key)
+ + m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength);
}
RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
ThrowMsg(Exception::InitFailed, "Object not initialized!");
}
- WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer();
+ WrappedKeyAndInfoContainer wkmcDKEK;
char *concat_user_pass = NULL;
uint8_t PKEK1[MAX_KEY_SIZE];
concat_user_pass = concat_password_user(
m_kmcDKEK->getKeyAndInfo().keyInfo.label,
- password.c_str());
+ getConvertedStr(password));
if (!PKCS5_PBKDF2_HMAC_SHA1(
concat_user_pass,
}
if (DEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)){
- LogError("input size:" << DEKInWrapForm.size()
- << " Expected: " << sizeof(WrappedKeyAndInfo));
ThrowMsg(Exception::InputParamError,
- "buffer doesn't have proper size to store "
- "WrappedKeyAndInfo in KeyProvider::getPureDEK");
+ "DEKInWrapForm "
+ "input size:" << DEKInWrapForm.size() <<
+ " Expected:" << sizeof(WrappedKeyAndInfo));
}
- KeyAndInfoContainer kmcDEK = KeyAndInfoContainer();
- WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer(DEKInWrapForm.data());
+ KeyAndInfoContainer kmcDEK;
+ WrappedKeyAndInfoContainer wkmcDEK(DEKInWrapForm.data());
uint8_t PKEK2[MAX_KEY_SIZE];
int keyLength;
LogDebug("getPureDEK SUCCESS");
return RawBuffer(
kmcDEK.getKeyAndInfo().key,
- (kmcDEK.getKeyAndInfo().key) + kmcDEK.getKeyAndInfo().keyInfo.keyLength);
+ (kmcDEK.getKeyAndInfo().key)
+ + kmcDEK.getKeyAndInfo().keyInfo.keyLength);
}
RawBuffer KeyProvider::generateDEK(const std::string &smackLabel)
"Object not initialized!");
}
- WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer();
+ WrappedKeyAndInfoContainer wkmcDEK;
std::string resized_smackLabel;
if (smackLabel.length() < APP_LABEL_SIZE)
const Password &newPass)
{
if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
- LogError("input size:" << domainKEKInWrapForm.size()
- << " Expected: " << sizeof(WrappedKeyAndInfo));
ThrowMsg(Exception::InputParamError,
- "buffer doesn't have proper size to store "
- "WrappedKeyAndInfo in KeyProvider::reencrypt");
+ "domainKEKInWrapForm "
+ "input size:" << domainKEKInWrapForm.size() <<
+ " Expected:" << sizeof(WrappedKeyAndInfo));
}
- WrappedKeyAndInfoContainer wkmcOldDKEK = WrappedKeyAndInfoContainer(domainKEKInWrapForm.data());
- WrappedKeyAndInfoContainer wkmcNewDKEK = WrappedKeyAndInfoContainer();
- KeyAndInfoContainer kmcDKEK = KeyAndInfoContainer();
+ WrappedKeyAndInfoContainer wkmcOldDKEK(domainKEKInWrapForm.data());
+ WrappedKeyAndInfoContainer wkmcNewDKEK;
+ KeyAndInfoContainer kmcDKEK;
char *concat_user_pass = NULL;
uint8_t PKEK1[MAX_KEY_SIZE];
concat_user_pass = concat_password_user(
wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.label,
- oldPass.c_str());
+ getConvertedStr(oldPass));
if (!PKCS5_PBKDF2_HMAC_SHA1(
concat_user_pass,
concat_user_pass = concat_password_user(
kmcDKEK.getKeyAndInfo().keyInfo.label,
- newPass.c_str());
+ getConvertedStr(newPass));
if (!PKCS5_PBKDF2_HMAC_SHA1(
concat_user_pass,
const std::string &user,
const Password &userPassword)
{
- WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer();
+ WrappedKeyAndInfoContainer wkmcDKEK;
uint8_t key[MAX_KEY_SIZE], PKEK1[MAX_KEY_SIZE];
if (!RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, MAX_SALT_SIZE) ||
int wrappedKeyLength;
char *concat_user_pass = NULL;
- concat_user_pass = concat_password_user(user.c_str(), userPassword.c_str());
+ concat_user_pass = concat_password_user(user.c_str(), getConvertedStr(userPassword));
if (!PKCS5_PBKDF2_HMAC_SHA1(
concat_user_pass,
strlen(concat_user_pass),
LogDebug("KeyProvider Destructor");
}
-int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext, int plaintext_len, const unsigned char *key, const unsigned char *iv, unsigned char *ciphertext, unsigned char *tag)
+int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext,
+ int plaintext_len,
+ const unsigned char *key,
+ const unsigned char *iv,
+ unsigned char *ciphertext,
+ unsigned char *tag)
{
EVP_CIPHER_CTX *ctx;
return ciphertext_len;
}
-int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, const unsigned char *key, const unsigned char *iv, unsigned char *plaintext)
+int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext,
+ int ciphertext_len,
+ unsigned char *tag,
+ const unsigned char *key,
+ const unsigned char *iv,
+ unsigned char *plaintext)
{
EVP_CIPHER_CTX *ctx;
memset(concat_user_pass, '\0', concat_user_pass_len);
memcpy(concat_user_pass, password, strlen(password));
- memcpy(&(concat_user_pass[strlen(password)]), user, strlen(user));
+ memcpy(&(concat_user_pass[strlen(password)]), resized_user, strlen(resized_user));
concat_user_pass[strlen(resized_user) + strlen(password)] = '\0';
delete[] resized_user;
return concat_user_pass;
}
+
+const char* KeyProvider::getConvertedStr(const Password &password)
+{
+ return password.c_str();
+}
projects / framework / security / key-manager.git / blobdiff