Add option to list aliases with password protection statuses

Change-Id: I045174602edd51dc7efcc8d79eb1beed76215b10
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>

diff --git a/src/include/ckm/ckm-manager.h b/src/include/ckm/ckm-manager.h
index 22ec9a5..001f72f 100644 (file)
--- a/src/include/ckm/ckm-manager.h
+++ b/src/include/ckm/ckm-manager.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -78,8 +78,14 @@ public:
 
        // send request for list of all keys/certificates/data that application/user may use
        int getKeyAliasVector(AliasVector &aliasVector);
+       int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector);
+       int getKeyEncryptionStatus(const Alias &alias, bool &status);
        int getCertificateAliasVector(AliasVector &aliasVector);
+       int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector);
+       int getCertificateEncryptionStatus(const Alias &alias, bool &status);
        int getDataAliasVector(AliasVector &aliasVector);
+       int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector);
+       int getDataEncryptionStatus(const Alias &alias, bool &status);
 
        int createKeyPairRSA(
                const int size,              // size in bits [1024, 2048, 4096]

diff --git a/src/include/ckm/ckm-type.h b/src/include/ckm/ckm-type.h
index 5021f26..43a7de7 100644 (file)
--- a/src/include/ckm/ckm-type.h
+++ b/src/include/ckm/ckm-type.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -51,6 +51,7 @@ typedef std::string Alias;
  */
 typedef std::string ClientId;
 typedef std::vector<Alias> AliasVector;
+typedef std::vector<std::pair<Alias, bool>> AliasPwdVector;
 
 enum class KeyType : int {
        KEY_NONE = 0,

diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index 7a81943..6afc377 100644 (file)
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+/* Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -336,6 +336,48 @@ int Manager::Impl::getBinaryData(
        EXCEPTION_GUARD_END
 }
 
+int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
+                                               const Alias &alias, bool &status)
+{
+       status = false;
+       if (alias.empty())
+               return CKM_API_ERROR_INPUT_PARAM;
+
+       int my_counter = ++m_counter;
+
+       EXCEPTION_GUARD_START_CPPAPI
+
+       MessageBuffer recv;
+       AliasSupport helper(alias);
+       auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
+                                                                                my_counter,
+                                                                                static_cast<int>(sendDataType),
+                                                                                helper.getName(),
+                                                                                helper.getOwner());
+
+       int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+
+       if (CKM_API_SUCCESS != retCode)
+               return retCode;
+
+       int command;
+       int counter;
+       int tmpDataType;
+       bool passwordProtectionStatus;
+       recv.Deserialize(command, counter, retCode, tmpDataType, passwordProtectionStatus);
+
+       if (counter != my_counter)
+               return CKM_API_ERROR_UNKNOWN;
+
+       if (retCode != CKM_API_SUCCESS) {
+               return retCode;
+       } else {
+               status = passwordProtectionStatus;
+               return CKM_API_SUCCESS;
+       }
+       EXCEPTION_GUARD_END
+}
+
 int Manager::Impl::getKey(const Alias &alias, const Password &password,
                                                  KeyShPtr &key)
 {
@@ -419,13 +461,11 @@ int Manager::Impl::getData(const Alias &alias, const Password &password,
        return CKM_API_SUCCESS;
 }
 
-int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
-               AliasVector &aliasVector)
+int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
+               OwnerNameVector &ownerNameVector)
 {
        int my_counter = ++m_counter;
 
-       EXCEPTION_GUARD_START_CPPAPI
-
        MessageBuffer recv;
        auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
                                                                                 my_counter,
@@ -433,24 +473,62 @@ int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
 
        int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 
-       if (CKM_API_SUCCESS != retCode)
+       if (retCode != CKM_API_SUCCESS)
                return retCode;
 
        int command;
        int counter;
        int tmpDataType;
-       OwnerNameVector ownerNameVector;
+
        recv.Deserialize(command, counter, retCode, tmpDataType, ownerNameVector);
 
        if ((command != static_cast<int>(LogicCommand::GET_LIST)) ||
                        (counter != my_counter))
                return CKM_API_ERROR_UNKNOWN;
 
+       return CKM_API_SUCCESS;
+}
+
+int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
+               AliasVector &aliasVector)
+{
+       EXCEPTION_GUARD_START_CPPAPI
+       OwnerNameVector ownerNameVector;
+       int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
+
+       if (retCode != CKM_API_SUCCESS)
+               return retCode;
+
        for (const auto &it : ownerNameVector)
                aliasVector.push_back(AliasSupport::merge(it.first, it.second));
 
-       return retCode;
+       return CKM_API_SUCCESS;
+       EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
+               AliasPwdVector &aliasPwdVector)
+{
+       EXCEPTION_GUARD_START_CPPAPI
+       OwnerNameVector ownerNameVector;
+       OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
+       int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
+
+       if (retCode != CKM_API_SUCCESS)
+               return retCode;
+
+       for (const auto &it : ownerNameVector)
+       {
+               Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
+               bool status;
+               retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
 
+               if (retCode != CKM_API_SUCCESS)
+                       return retCode;
+
+               aliasPwdVector.push_back(std::make_pair(alias, status));
+       }
+       return CKM_API_SUCCESS;
        EXCEPTION_GUARD_END
 }
 
@@ -471,6 +549,36 @@ int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
        return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
 }
 
+int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+       return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
+}
+
+int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
+{
+       return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
+}
+
+int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+       return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
+}
+
+int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
+{
+       return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
+}
+
+int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+       return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
+}
+
+int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
+{
+       return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
+}
+
 int Manager::Impl::createKeyPairRSA(
        const int size,
        const Alias &privateKeyAlias,

diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h
index caaf669..9b4ca25 100644 (file)
--- a/src/manager/client/client-manager-impl.h
+++ b/src/manager/client/client-manager-impl.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+/* Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -36,17 +36,23 @@ public:
        int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
        int getKey(const Alias &alias, const Password &password, KeyShPtr &key);
        int getKeyAliasVector(AliasVector &aliasVector);
+       int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector);
+       int getKeyEncryptionStatus(const Alias &alias, bool &status);
 
        int saveCertificate(const Alias &alias, const CertificateShPtr &cert,
                                                const Policy &policy);
        int getCertificate(const Alias &alias, const Password &password,
                                           CertificateShPtr &cert);
        int getCertificateAliasVector(AliasVector &aliasVector);
+       int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector);
+       int getCertificateEncryptionStatus(const Alias &alias, bool &status);
 
        int saveData(const Alias &alias, const RawBuffer &rawData,
                                 const Policy &policy);
        int getData(const Alias &alias, const Password &password, RawBuffer &cert);
        int getDataAliasVector(AliasVector &aliasVector);
+       int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector);
+       int getDataEncryptionStatus(const Alias &alias, bool &status);
 
        int savePKCS12(
                const Alias &alias,
@@ -144,10 +150,23 @@ protected:
                DataType &recvDataType,
                RawBuffer &rawData);
 
+       int getBinaryDataEncryptionStatus(
+               DataType sendDataType,
+               const Alias &alias,
+               bool &status);
+
        int getBinaryDataAliasVector(
                DataType sendDataType,
                AliasVector &aliasVector);
 
+       int getBinaryDataAliasVectorHelper(
+               DataType sendDataType,
+               OwnerNameVector &ownerNameVector);
+
+       int getBinaryDataAliasPwdVector(
+               DataType sendDataType,
+               AliasPwdVector &aliasPwdVector);
+
        int createKeyPair(
                const KeyType key_type,
                const int

diff --git a/src/manager/client/client-manager.cpp b/src/manager/client/client-manager.cpp
index 073f829..7155ea9 100644 (file)
--- a/src/manager/client/client-manager.cpp
+++ b/src/manager/client/client-manager.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -69,6 +69,11 @@ int Manager::getKey(const Alias &alias, const Password &password, KeyShPtr &key)
        return m_impl->getKey(alias, password, key);
 }
 
+int Manager::getKeyEncryptionStatus(const Alias &alias, bool &status)
+{
+       return m_impl->getKeyEncryptionStatus(alias, status);
+}
+
 int Manager::getCertificate(
        const Alias &alias,
        const Password &password,
@@ -77,12 +82,22 @@ int Manager::getCertificate(
        return m_impl->getCertificate(alias, password, certificate);
 }
 
+int Manager::getCertificateEncryptionStatus(const Alias &alias, bool &status)
+{
+       return m_impl->getCertificateEncryptionStatus(alias, status);
+}
+
 int Manager::getData(const Alias &alias, const Password &password,
                                         RawBuffer &data)
 {
        return m_impl->getData(alias, password, data);
 }
 
+int Manager::getDataEncryptionStatus(const Alias &alias, bool &status)
+{
+       return m_impl->getDataEncryptionStatus(alias, status);
+}
+
 int Manager::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
 {
        return m_impl->getPKCS12(alias, pkcs);
@@ -102,16 +117,31 @@ int Manager::getKeyAliasVector(AliasVector &aliasVector)
        return m_impl->getKeyAliasVector(aliasVector);
 }
 
+int Manager::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+       return m_impl->getKeyAliasPwdVector(aliasPwdVector);
+}
+
 int Manager::getCertificateAliasVector(AliasVector &aliasVector)
 {
        return m_impl->getCertificateAliasVector(aliasVector);
 }
 
+int Manager::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+       return m_impl->getCertificateAliasPwdVector(aliasPwdVector);
+}
+
 int Manager::getDataAliasVector(AliasVector &aliasVector)
 {
        return m_impl->getDataAliasVector(aliasVector);
 }
 
+int Manager::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
+{
+       return m_impl->getDataAliasPwdVector(aliasPwdVector);
+}
+
 int Manager::createKeyPairRSA(
        const int size,              // size in bits [1024, 2048, 4096]
        const Alias &privateKeyAlias,

diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h
index 8f7ec0e..8802578 100644 (file)
--- a/src/manager/common/protocols.h
+++ b/src/manager/common/protocols.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -65,7 +65,8 @@ enum class LogicCommand : int {
        VERIFY_SIGNATURE,
        SET_PERMISSION,
        SAVE_PKCS12,
-       GET_PKCS12
+       GET_PKCS12,
+       GET_PROTECTION_STATUS
 };
 
 enum class EncryptionCommand : int {
@@ -80,6 +81,7 @@ COMMON_API extern char const *const CLIENT_ID_ADMIN_USER;
 
 typedef std::string Name;
 typedef std::vector<std::pair<ClientId, Name>> OwnerNameVector;
+typedef std::vector<std::tuple<ClientId, Name, bool>> OwnerNameEncryptionStatusVector;
 
 class IStream;
 

diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp
index 166ae74..9549693 100644 (file)
--- a/src/manager/crypto/tz-backend/store.cpp
+++ b/src/manager/crypto/tz-backend/store.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -106,6 +106,13 @@ GObjUPtr Store::getObject(const Token &token, const Password &pass)
        RawBuffer tag;
        unpack(token.data, scheme, id, iv, tag);
 
+       if (scheme & EncryptionScheme::PASSWORD && pass.empty()) {
+               ThrowErr(Exc::Crypto::AuthenticationFailed,
+                                "This token is protected with password and none passed");
+       } else if (!(scheme & EncryptionScheme::PASSWORD) && !pass.empty()) {
+               ThrowErr(Exc::Crypto::AuthenticationFailed,
+                                "This token is not protected with password but passed one");
+       }
        // TODO AKeys
 
        if (token.dataType.isSKey())

diff --git a/src/manager/dpl/core/include/dpl/serialization.h b/src/manager/dpl/core/include/dpl/serialization.h
index 4448923..0559c42 100644 (file)
--- a/src/manager/dpl/core/include/dpl/serialization.h
+++ b/src/manager/dpl/core/include/dpl/serialization.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2011 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@
 #include <list>
 #include <map>
 #include <memory>
+#include <tuple>
 
 namespace CKM {
 // Abstract data stream buffer
@@ -216,6 +217,20 @@ struct Serialization {
                Serialize(stream, *p);
        }
 
+       // std::tuple non generic!
+       template <typename A, typename B, typename C>
+       static void Serialize(IStream &stream, const std::tuple<A, B, C> &p)
+       {
+               Serialize(stream, std::get<0>(p));
+               Serialize(stream, std::get<1>(p));
+               Serialize(stream, std::get<2>(p));
+       }
+       template <typename A, typename B, typename C>
+       static void Serialize(IStream &stream, const std::tuple<A, B, C> *const p)
+       {
+               Serialize(stream, *p);
+       }
+
        // std::map
        template <typename K, typename T>
        static void Serialize(IStream &stream, const std::map<K, T> &map)
@@ -430,6 +445,21 @@ struct Deserialization {
                DeserializePtr(stream, p);
        }
 
+       // std::tuple non generic!
+       template <typename A, typename B, typename C>
+       static void Deserialize(IStream &stream, std::tuple<A, B, C> &p)
+       {
+               Deserialize(stream, std::get<0>(p));
+               Deserialize(stream, std::get<1>(p));
+               Deserialize(stream, std::get<2>(p));
+       }
+       template <typename A, typename B, typename C>
+       static void Deserialize(IStream &stream, std::tuple<A, B, C> *&p)
+       {
+               p = new std::tuple<A, B, C>;
+               Deserialize(stream, *p);
+       }
+
        // std::map
        template <typename K, typename T>
        static void Deserialize(IStream &stream, std::map<K, T> &map)

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 6a10ad7..c54b9a4 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2014 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -917,7 +917,7 @@ int CKMLogic::readDataHelper(
 
        // check access rights
        retCode = checkDataPermissionsHelper(cred, name, owner, row, exportFlag,
-                                                                                handler.database);
+                                                                                handler.database);
 
        if (CKM_API_SUCCESS != retCode)
                return retCode;
@@ -972,6 +972,43 @@ RawBuffer CKMLogic::getData(
        return response.Pop();
 }
 
+RawBuffer CKMLogic::getDataProtectionStatus(
+               const Credentials &cred,
+               int commandId,
+               DataType dataType,
+               const Name &name,
+               const ClientId &explicitOwner)
+{
+       int retCode = CKM_API_SUCCESS;
+       bool status = false;
+       DataType objDataType;
+       Password password;
+
+       try {
+               Crypto::GObjUPtr obj;
+               retCode = readDataHelper(false, cred, dataType, name, explicitOwner,
+                                                                password, obj, objDataType);
+
+       } catch (const Exc::Exception &e) {
+               retCode = e.error();
+       } catch (const CKM::Exception &e) {
+               LogError("CKM::Exception: " << e.GetMessage());
+               retCode = CKM_API_ERROR_SERVER_ERROR;
+       }
+
+       if (retCode == CKM_API_ERROR_AUTHENTICATION_FAILED) {
+               status = true;
+               retCode = CKM_API_SUCCESS;
+       }
+
+       auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
+                                       commandId,
+                                       retCode,
+                                       static_cast<int>(objDataType),
+                                       status);
+       return response.Pop();
+}
+
 int CKMLogic::getPKCS12Helper(
        const Credentials &cred,
        const Name &name,

diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 7f9b5f0..8a849f8 100644 (file)
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2014 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -107,6 +107,13 @@ public:
                const ClientId &explicitOwner,
                const Password &password);
 
+       RawBuffer getDataProtectionStatus(
+               const Credentials &cred,
+               int commandId,
+               DataType dataType,
+               const Name &name,
+               const ClientId &explicitOwner);
+
        RawBuffer getPKCS12(
                const Credentials &cred,
                int commandId,

diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp
index 127e0a8..7d29ca8 100644 (file)
--- a/src/manager/service/ckm-service.cpp
+++ b/src/manager/service/ckm-service.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -300,6 +300,16 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
                                   passCert);
        }
 
+       case LogicCommand::GET_PROTECTION_STATUS: {
+               buffer.Deserialize(tmpDataType, name, explicitOwner);
+               return m_logic->getDataProtectionStatus(
+                                       cred,
+                                       msgID,
+                                       DataType(tmpDataType),
+                                       name,
+                                       explicitOwner);
+       }
+
        case LogicCommand::GET_LIST: {
                buffer.Deserialize(tmpDataType);
                return m_logic->getDataList(