/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
// send request for list of all keys/certificates/data that application/user may use
int getKeyAliasVector(AliasVector &aliasVector);
+ int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getKeyEncryptionStatus(const Alias &alias, bool &status);
int getCertificateAliasVector(AliasVector &aliasVector);
+ int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getCertificateEncryptionStatus(const Alias &alias, bool &status);
int getDataAliasVector(AliasVector &aliasVector);
+ int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getDataEncryptionStatus(const Alias &alias, bool &status);
int createKeyPairRSA(
const int size, // size in bits [1024, 2048, 4096]
/*
- * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*/
typedef std::string ClientId;
typedef std::vector<Alias> AliasVector;
+typedef std::vector<std::pair<Alias, bool>> AliasPwdVector;
enum class KeyType : int {
KEY_NONE = 0,
-/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+/* Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
EXCEPTION_GUARD_END
}
+int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
+ const Alias &alias, bool &status)
+{
+ status = false;
+ if (alias.empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ int my_counter = ++m_counter;
+
+ EXCEPTION_GUARD_START_CPPAPI
+
+ MessageBuffer recv;
+ AliasSupport helper(alias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
+ my_counter,
+ static_cast<int>(sendDataType),
+ helper.getName(),
+ helper.getOwner());
+
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ int tmpDataType;
+ bool passwordProtectionStatus;
+ recv.Deserialize(command, counter, retCode, tmpDataType, passwordProtectionStatus);
+
+ if (counter != my_counter)
+ return CKM_API_ERROR_UNKNOWN;
+
+ if (retCode != CKM_API_SUCCESS) {
+ return retCode;
+ } else {
+ status = passwordProtectionStatus;
+ return CKM_API_SUCCESS;
+ }
+ EXCEPTION_GUARD_END
+}
+
int Manager::Impl::getKey(const Alias &alias, const Password &password,
KeyShPtr &key)
{
return CKM_API_SUCCESS;
}
-int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
- AliasVector &aliasVector)
+int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
+ OwnerNameVector &ownerNameVector)
{
int my_counter = ++m_counter;
- EXCEPTION_GUARD_START_CPPAPI
-
MessageBuffer recv;
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
my_counter,
int retCode = m_storageConnection.processRequest(send.Pop(), recv);
- if (CKM_API_SUCCESS != retCode)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
int command;
int counter;
int tmpDataType;
- OwnerNameVector ownerNameVector;
+
recv.Deserialize(command, counter, retCode, tmpDataType, ownerNameVector);
if ((command != static_cast<int>(LogicCommand::GET_LIST)) ||
(counter != my_counter))
return CKM_API_ERROR_UNKNOWN;
+ return CKM_API_SUCCESS;
+}
+
+int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
+ AliasVector &aliasVector)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+ OwnerNameVector ownerNameVector;
+ int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
+
+ if (retCode != CKM_API_SUCCESS)
+ return retCode;
+
for (const auto &it : ownerNameVector)
aliasVector.push_back(AliasSupport::merge(it.first, it.second));
- return retCode;
+ return CKM_API_SUCCESS;
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
+ AliasPwdVector &aliasPwdVector)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+ OwnerNameVector ownerNameVector;
+ OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
+ int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
+
+ if (retCode != CKM_API_SUCCESS)
+ return retCode;
+
+ for (const auto &it : ownerNameVector)
+ {
+ Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
+ bool status;
+ retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
+ if (retCode != CKM_API_SUCCESS)
+ return retCode;
+
+ aliasPwdVector.push_back(std::make_pair(alias, status));
+ }
+ return CKM_API_SUCCESS;
EXCEPTION_GUARD_END
}
return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
}
+int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+ return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
+}
+
+int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
+{
+ return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
+}
+
+int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+ return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
+}
+
+int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
+{
+ return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
+}
+
+int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+ return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
+}
+
+int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
+{
+ return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
+}
+
int Manager::Impl::createKeyPairRSA(
const int size,
const Alias &privateKeyAlias,
-/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+/* Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
int getKey(const Alias &alias, const Password &password, KeyShPtr &key);
int getKeyAliasVector(AliasVector &aliasVector);
+ int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getKeyEncryptionStatus(const Alias &alias, bool &status);
int saveCertificate(const Alias &alias, const CertificateShPtr &cert,
const Policy &policy);
int getCertificate(const Alias &alias, const Password &password,
CertificateShPtr &cert);
int getCertificateAliasVector(AliasVector &aliasVector);
+ int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getCertificateEncryptionStatus(const Alias &alias, bool &status);
int saveData(const Alias &alias, const RawBuffer &rawData,
const Policy &policy);
int getData(const Alias &alias, const Password &password, RawBuffer &cert);
int getDataAliasVector(AliasVector &aliasVector);
+ int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getDataEncryptionStatus(const Alias &alias, bool &status);
int savePKCS12(
const Alias &alias,
DataType &recvDataType,
RawBuffer &rawData);
+ int getBinaryDataEncryptionStatus(
+ DataType sendDataType,
+ const Alias &alias,
+ bool &status);
+
int getBinaryDataAliasVector(
DataType sendDataType,
AliasVector &aliasVector);
+ int getBinaryDataAliasVectorHelper(
+ DataType sendDataType,
+ OwnerNameVector &ownerNameVector);
+
+ int getBinaryDataAliasPwdVector(
+ DataType sendDataType,
+ AliasPwdVector &aliasPwdVector);
+
int createKeyPair(
const KeyType key_type,
const int
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
return m_impl->getKey(alias, password, key);
}
+int Manager::getKeyEncryptionStatus(const Alias &alias, bool &status)
+{
+ return m_impl->getKeyEncryptionStatus(alias, status);
+}
+
int Manager::getCertificate(
const Alias &alias,
const Password &password,
return m_impl->getCertificate(alias, password, certificate);
}
+int Manager::getCertificateEncryptionStatus(const Alias &alias, bool &status)
+{
+ return m_impl->getCertificateEncryptionStatus(alias, status);
+}
+
int Manager::getData(const Alias &alias, const Password &password,
RawBuffer &data)
{
return m_impl->getData(alias, password, data);
}
+int Manager::getDataEncryptionStatus(const Alias &alias, bool &status)
+{
+ return m_impl->getDataEncryptionStatus(alias, status);
+}
+
int Manager::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
{
return m_impl->getPKCS12(alias, pkcs);
return m_impl->getKeyAliasVector(aliasVector);
}
+int Manager::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+ return m_impl->getKeyAliasPwdVector(aliasPwdVector);
+}
+
int Manager::getCertificateAliasVector(AliasVector &aliasVector)
{
return m_impl->getCertificateAliasVector(aliasVector);
}
+int Manager::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+ return m_impl->getCertificateAliasPwdVector(aliasPwdVector);
+}
+
int Manager::getDataAliasVector(AliasVector &aliasVector)
{
return m_impl->getDataAliasVector(aliasVector);
}
+int Manager::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+ return m_impl->getDataAliasPwdVector(aliasPwdVector);
+}
+
int Manager::createKeyPairRSA(
const int size, // size in bits [1024, 2048, 4096]
const Alias &privateKeyAlias,
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
VERIFY_SIGNATURE,
SET_PERMISSION,
SAVE_PKCS12,
- GET_PKCS12
+ GET_PKCS12,
+ GET_PROTECTION_STATUS
};
enum class EncryptionCommand : int {
typedef std::string Name;
typedef std::vector<std::pair<ClientId, Name>> OwnerNameVector;
+typedef std::vector<std::tuple<ClientId, Name, bool>> OwnerNameEncryptionStatusVector;
class IStream;
/*
- * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RawBuffer tag;
unpack(token.data, scheme, id, iv, tag);
+ if (scheme & EncryptionScheme::PASSWORD && pass.empty()) {
+ ThrowErr(Exc::Crypto::AuthenticationFailed,
+ "This token is protected with password and none passed");
+ } else if (!(scheme & EncryptionScheme::PASSWORD) && !pass.empty()) {
+ ThrowErr(Exc::Crypto::AuthenticationFailed,
+ "This token is not protected with password but passed one");
+ }
// TODO AKeys
if (token.dataType.isSKey())
/*
- * Copyright (c) 2011 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2011 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <list>
#include <map>
#include <memory>
+#include <tuple>
namespace CKM {
// Abstract data stream buffer
Serialize(stream, *p);
}
+ // std::tuple non generic!
+ template <typename A, typename B, typename C>
+ static void Serialize(IStream &stream, const std::tuple<A, B, C> &p)
+ {
+ Serialize(stream, std::get<0>(p));
+ Serialize(stream, std::get<1>(p));
+ Serialize(stream, std::get<2>(p));
+ }
+ template <typename A, typename B, typename C>
+ static void Serialize(IStream &stream, const std::tuple<A, B, C> *const p)
+ {
+ Serialize(stream, *p);
+ }
+
// std::map
template <typename K, typename T>
static void Serialize(IStream &stream, const std::map<K, T> &map)
DeserializePtr(stream, p);
}
+ // std::tuple non generic!
+ template <typename A, typename B, typename C>
+ static void Deserialize(IStream &stream, std::tuple<A, B, C> &p)
+ {
+ Deserialize(stream, std::get<0>(p));
+ Deserialize(stream, std::get<1>(p));
+ Deserialize(stream, std::get<2>(p));
+ }
+ template <typename A, typename B, typename C>
+ static void Deserialize(IStream &stream, std::tuple<A, B, C> *&p)
+ {
+ p = new std::tuple<A, B, C>;
+ Deserialize(stream, *p);
+ }
+
// std::map
template <typename K, typename T>
static void Deserialize(IStream &stream, std::map<K, T> &map)
/*
- * Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
// check access rights
retCode = checkDataPermissionsHelper(cred, name, owner, row, exportFlag,
- handler.database);
+ handler.database);
if (CKM_API_SUCCESS != retCode)
return retCode;
return response.Pop();
}
+RawBuffer CKMLogic::getDataProtectionStatus(
+ const Credentials &cred,
+ int commandId,
+ DataType dataType,
+ const Name &name,
+ const ClientId &explicitOwner)
+{
+ int retCode = CKM_API_SUCCESS;
+ bool status = false;
+ DataType objDataType;
+ Password password;
+
+ try {
+ Crypto::GObjUPtr obj;
+ retCode = readDataHelper(false, cred, dataType, name, explicitOwner,
+ password, obj, objDataType);
+
+ } catch (const Exc::Exception &e) {
+ retCode = e.error();
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ }
+
+ if (retCode == CKM_API_ERROR_AUTHENTICATION_FAILED) {
+ status = true;
+ retCode = CKM_API_SUCCESS;
+ }
+
+ auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
+ commandId,
+ retCode,
+ static_cast<int>(objDataType),
+ status);
+ return response.Pop();
+}
+
int CKMLogic::getPKCS12Helper(
const Credentials &cred,
const Name &name,
/*
- * Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const ClientId &explicitOwner,
const Password &password);
+ RawBuffer getDataProtectionStatus(
+ const Credentials &cred,
+ int commandId,
+ DataType dataType,
+ const Name &name,
+ const ClientId &explicitOwner);
+
RawBuffer getPKCS12(
const Credentials &cred,
int commandId,
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
passCert);
}
+ case LogicCommand::GET_PROTECTION_STATUS: {
+ buffer.Deserialize(tmpDataType, name, explicitOwner);
+ return m_logic->getDataProtectionStatus(
+ cred,
+ msgID,
+ DataType(tmpDataType),
+ name,
+ explicitOwner);
+ }
+
case LogicCommand::GET_LIST: {
buffer.Deserialize(tmpDataType);
return m_logic->getDataList(