+/*
+ * Copyright (c) 2014 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
#pragma once
#include <string.h>
#define MAX_SALT_SIZE 16
#define MAX_KEY_SIZE 32
#define MAX_WRAPPED_KEY_SIZE 32
-#define MAX_LABEL_SIZE 32
+#define MAX_CLIENT_ID_SIZE 32
#define DOMAIN_NAME_SIZE 32
-#define APP_LABEL_SIZE 32
namespace CKM {
typedef struct KeyComponentsInfo_ {
- uint32_t keyLength;
- char label[MAX_LABEL_SIZE];
- uint8_t salt[MAX_SALT_SIZE];
- uint8_t iv[MAX_IV_SIZE];
- uint8_t tag[MAX_IV_SIZE];
+ uint32_t keyLength;
+ char client[MAX_CLIENT_ID_SIZE];
+ uint8_t salt[MAX_SALT_SIZE];
+ uint8_t iv[MAX_IV_SIZE];
+ uint8_t tag[MAX_IV_SIZE];
} KeyComponentsInfo;
typedef struct KeyAndInfo_ {
- KeyComponentsInfo keyInfo;
- uint8_t key[MAX_KEY_SIZE];
+ KeyComponentsInfo keyInfo;
+ uint8_t key[MAX_KEY_SIZE];
} KeyAndInfo;
typedef struct WrappedKeyAndInfo_ {
- KeyComponentsInfo keyInfo;
- uint8_t wrappedKey[MAX_WRAPPED_KEY_SIZE];
+ KeyComponentsInfo keyInfo;
+ uint8_t wrappedKey[MAX_WRAPPED_KEY_SIZE];
} WrappedKeyAndInfo;
class WrappedKeyAndInfoContainer {
public:
- WrappedKeyAndInfoContainer();
- WrappedKeyAndInfoContainer(const unsigned char*);
- WrappedKeyAndInfo& getWrappedKeyAndInfo();
- void setKeyInfoKeyLength(const unsigned int);
- void setKeyInfoLabel(const std::string);
- void setKeyInfoSalt(const unsigned char*, const int);
- void setKeyInfo(const KeyComponentsInfo*);
- ~WrappedKeyAndInfoContainer();
+ WrappedKeyAndInfoContainer();
+ WrappedKeyAndInfoContainer(const unsigned char *);
+ WrappedKeyAndInfo &getWrappedKeyAndInfo();
+ void setKeyInfoKeyLength(const unsigned int);
+ void setKeyInfoClient(const std::string);
+ void setKeyInfoSalt(const unsigned char *, const int);
+ void setKeyInfo(const KeyComponentsInfo *);
+ ~WrappedKeyAndInfoContainer();
private:
- WrappedKeyAndInfo *wrappedKeyAndInfo;
+ WrappedKeyAndInfo wrappedKeyAndInfo;
};
class KeyAndInfoContainer {
public:
- KeyAndInfoContainer();
- KeyAndInfoContainer(const unsigned char*);
- KeyAndInfo& getKeyAndInfo();
- void setKeyInfoKeyLength(const unsigned int);
- void setKeyInfo(const KeyComponentsInfo*);
- ~KeyAndInfoContainer();
+ KeyAndInfoContainer();
+ KeyAndInfoContainer(const unsigned char *);
+ KeyAndInfo &getKeyAndInfo();
+ void setKeyInfoKeyLength(const unsigned int);
+ void setKeyInfo(const KeyComponentsInfo *);
+ ~KeyAndInfoContainer();
private:
- KeyAndInfo *keyAndInfo;
+ KeyAndInfo keyAndInfo;
};
// This is internal api so all functions should throw exception on errors.
class KeyProvider {
public:
- // To store in std containers
- KeyProvider();
- // In constructor you must check if SKMM is initialized. On error -> exception
- // keyInWrapForm should be used like this:
- // if (keyInWrapForm.size() != sizeof(WrappedKeyAndInfo))
- // throw exception; // buffer does not have proper size to store WrappedKeyAndInfo
- // WrappedKeyAndInfo *wkm = static_cast<WrappedKeyAndInfo>(keyInWrapForm.data());
- KeyProvider(const RawBuffer &domainKEKInWrapForm, const Password &password);
-
- KeyProvider(KeyProvider &&);
- KeyProvider(const KeyProvider &) = delete;
- KeyProvider& operator=(const KeyProvider &) = delete;
- KeyProvider& operator=(KeyProvider &&);
-
- bool isInitialized();
-
- // Returns Key used to decrypt database.
- RawBuffer getPureDomainKEK();
-
- // Returns Key in form used to store key in file
- // Requied by Control::resetPassword(const RawBuffer &newPassword);
- // This api should be used only on Tizen 2.2.1
- RawBuffer getWrappedDomainKEK(const Password &password);
-
- // EncryptedKey key extracted from database. Used to encrypt application data.
- // This key will be used to decrypt/encrypt data in ROW
- RawBuffer getPureDEK(const RawBuffer &DEKInWrapForm);
-
- // Returns WRAPPED DEK. This will be written to datbase.
- // This key will be used to encrypt all application information.
- // All application are identified by smackLabel.
- RawBuffer generateDEK(const std::string &smackLabel);
-
- // used by change user password. On error -> exception
- static RawBuffer reencrypt(
- const RawBuffer &domainKEKInWrapForm,
- const Password &oldPass,
- const Password &newPass);
-
- // First run of application for some user. DomainKEK was not created yet. We must create one.
- // This key will be used to encrypt user database.
- static RawBuffer generateDomainKEK(const std::string &user, const Password &userPassword);
-
- // This will be called by framework at the begin of the program
- static int initializeLibrary();
- // This will be called by framework at the end of the program
- static int closeLibrary();
-
- virtual ~KeyProvider();
+ // To store in std containers
+ KeyProvider();
+ // In constructor you must check if SKMM is initialized. On error -> exception
+ // keyInWrapForm should be used like this:
+ // if (keyInWrapForm.size() != sizeof(WrappedKeyAndInfo))
+ // throw exception; // buffer does not have proper size to store WrappedKeyAndInfo
+ // WrappedKeyAndInfo *wkm = static_cast<WrappedKeyAndInfo>(keyInWrapForm.data());
+ KeyProvider(const RawBuffer &domainKEKInWrapForm, const Password &password);
+
+ KeyProvider(KeyProvider &&);
+ KeyProvider(const KeyProvider &) = delete;
+ KeyProvider &operator=(const KeyProvider &) = delete;
+ KeyProvider &operator=(KeyProvider &&);
+
+ bool isInitialized();
+
+ // Returns Key used to decrypt database.
+ RawBuffer getPureDomainKEK();
+
+ // Returns Key in form used to store key in file
+ // Requied by Control::resetPassword(const RawBuffer &newPassword);
+ // This api should be used only on Tizen 2.2.1
+ RawBuffer getWrappedDomainKEK(const Password &password);
+
+ // EncryptedKey key extracted from database. Used to encrypt application data.
+ // This key will be used to decrypt/encrypt data in ROW
+ RawBuffer getPureDEK(const RawBuffer &DEKInWrapForm);
+
+ // Returns WRAPPED DEK. This will be written to database.
+ // This key will be used to encrypt all application information.
+ // All application are identified by client id.
+ RawBuffer generateDEK(const ClientId &client);
+
+ // used by change user password. On error -> exception
+ static RawBuffer reencrypt(
+ const RawBuffer &domainKEKInWrapForm,
+ const Password &oldPass,
+ const Password &newPass);
+
+ // First run of application for some user. DomainKEK was not created yet. We must create one.
+ // This key will be used to encrypt user database.
+ static RawBuffer generateDomainKEK(const std::string &user,
+ const Password &userPassword);
+
+ // This will be called by framework at the begin of the program
+ static int initializeLibrary();
+ // This will be called by framework at the end of the program
+ static int closeLibrary();
+
+ virtual ~KeyProvider();
private:
- // KeyAndInfoContainer class
- std::shared_ptr<KeyAndInfoContainer> m_kmcDKEK;
- bool m_isInitialized;
-
- static int encryptAes256Gcm(
- const unsigned char *plaintext,
- int plaintext_len,
- const unsigned char *key,
- const unsigned char *iv,
- unsigned char *ciphertext,
- unsigned char *tag);
-
- static int decryptAes256Gcm(
- const unsigned char *ciphertext,
- int ciphertext_len,
- unsigned char *tag,
- const unsigned char *key,
- const unsigned char *iv,
- unsigned char *plaintext);
-
- static char * concat_password_user(
- const char *user,
- const char *password);
+ // KeyAndInfoContainer class
+ std::shared_ptr<KeyAndInfoContainer> m_domainKEK;
+ bool m_isInitialized;
};
} // namespace CKM
projects / platform / core / security / key-manager.git / blobdiff