[Feature] Implementation of encryption/decryption service.
[Solution] API implemented
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
(TED_0040_encrypt_no_output_buffer passes, all other tests fail with
CKMC_ERROR_SOCKET)
Change-Id: Ib0ce85f031e92660713ae4f320a4fd3981a43ffc
virtual int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask) = 0;
+ virtual int encrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& plain,
+ RawBuffer& encrypted) = 0;
+
+ virtual int decrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& encrypted,
+ RawBuffer& decrypted) = 0;
static ManagerShPtr create();
// static ManagerShPtr getManager(int uid); // TODO
return start;
}
+typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm &algo,
+ const CKM::Alias &keyAlias,
+ const CKM::Password &password,
+ const CKM::RawBuffer& plain,
+ CKM::RawBuffer& encrypted);
+
+int _cryptoOperation(cryptoFn operation,
+ const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s in,
+ ckmc_raw_buffer_s **ppout)
+{
+ if(!params || !key_alias || !ppout)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ // params
+ const CKM::CryptoAlgorithm* ca = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
+
+ // password
+ CKM::Password pass;
+ if (password)
+ pass = password;
+
+ // buffers
+ CKM::RawBuffer inBuffer(in.data, in.data + in.size);
+ CKM::RawBuffer outBuffer;
+
+ // operation
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer);
+ if (ret != CKM_API_SUCCESS)
+ return to_ckmc_error(ret);
+
+ return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
+}
+
}
}
KEY_MANAGER_CAPI
-int ckmc_encrypt_data(const ckmc_param_list_s */*params*/,
- const char */*key_alias*/,
- const char */*password*/,
- const ckmc_raw_buffer_s /*decrypted*/,
- ckmc_raw_buffer_s **/*ppencrypted*/)
+int ckmc_encrypt_data(const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s decrypted,
+ ckmc_raw_buffer_s **ppencrypted)
{
- // TODO implement it
- return CKMC_ERROR_UNKNOWN;
+ return _cryptoOperation(&CKM::Manager::encrypt,
+ params,
+ key_alias,
+ password,
+ decrypted,
+ ppencrypted);
}
KEY_MANAGER_CAPI
-int ckmc_decrypt_data(const ckmc_param_list_s */*params*/,
- const char */*key_alias*/,
- const char */*password*/,
- const ckmc_raw_buffer_s /* encrypted*/,
- ckmc_raw_buffer_s **/*ppdecrypted*/)
-{
- // TODO implement it
- return CKMC_ERROR_UNKNOWN;
+int ckmc_decrypt_data(const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s encrypted,
+ ckmc_raw_buffer_s **ppdecrypted)
+{
+ return _cryptoOperation(&CKM::Manager::decrypt,
+ params,
+ key_alias,
+ password,
+ encrypted,
+ ppdecrypted);
}
} // namespace anonymous
ManagerImpl::ManagerImpl()
- : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
+ : m_counter(0),
+ m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
+ m_ocspConnection(SERVICE_SOCKET_OCSP),
+ m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
{
initCryptoLib();
}
});
}
+int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& plain,
+ RawBuffer& encrypted)
+{
+ int my_counter = ++m_counter;
+
+ return try_catch([&] {
+ MessageBuffer recv;
+ AliasSupport helper(keyAlias);
+ CryptoAlgorithmSerializable cas(algo);
+ auto send = MessageBuffer::Serialize(static_cast<int>(EncryptionCommand::ENCRYPT),
+ my_counter,
+ cas,
+ helper.getName(),
+ helper.getLabel(),
+ password,
+ plain);
+
+ int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ recv.Deserialize(command, counter, encrypted);
+
+ if (my_counter != counter) {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
+ return retCode;
+ });
+}
+
+int ManagerImpl::decrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& encrypted,
+ RawBuffer& decrypted)
+{
+ int my_counter = ++m_counter;
+
+ return try_catch([&] {
+ MessageBuffer recv;
+ AliasSupport helper(keyAlias);
+ CryptoAlgorithmSerializable cas(algo);
+ auto send = MessageBuffer::Serialize(static_cast<int>(EncryptionCommand::DECRYPT),
+ my_counter,
+ cas,
+ helper.getName(),
+ helper.getLabel(),
+ password,
+ encrypted);
+
+ int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ recv.Deserialize(command, counter, decrypted);
+
+ if (my_counter != counter) {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
+ return retCode;
+ });
+}
+
ManagerShPtr Manager::create() {
try {
return std::make_shared<ManagerImpl>();
int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask);
+ int encrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& plain,
+ RawBuffer& encrypted);
+
+ int decrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& encrypted,
+ RawBuffer& decrypted);
+
protected:
int saveBinaryData(
const Alias &alias,
int m_counter;
CKM::ServiceConnection m_storageConnection;
CKM::ServiceConnection m_ocspConnection;
+ CKM::ServiceConnection m_encryptionConnection;
};
} // namespace CKM
char const * const SERVICE_SOCKET_CKM_CONTROL = "/tmp/.central-key-manager-api-control.sock";
char const * const SERVICE_SOCKET_CKM_STORAGE = "/tmp/.central-key-manager-api-storage.sock";
char const * const SERVICE_SOCKET_OCSP = "/tmp/.central-key-manager-api-ocsp.sock";
+char const * const SERVICE_SOCKET_ENCRYPTION = "/tmp/.central-key-manager-api-encryption.sock";
char const * const LABEL_NAME_SEPARATOR = " ";
char const * const LABEL_SYSTEM_DB = "/";
COMMON_API extern char const * const SERVICE_SOCKET_CKM_CONTROL;
COMMON_API extern char const * const SERVICE_SOCKET_CKM_STORAGE;
COMMON_API extern char const * const SERVICE_SOCKET_OCSP;
+COMMON_API extern char const * const SERVICE_SOCKET_ENCRYPTION;
enum class ControlCommand : int {
UNLOCK_USER_KEY,
// for backward compatibility append new at the end
};
+enum class EncryptionCommand : int {
+ ENCRYPT,
+ DECRYPT
+};
+
// (client side) Alias = (service side) Label::Name
COMMON_API extern char const * const LABEL_NAME_SEPARATOR;
COMMON_API extern char const * const LABEL_SYSTEM_DB;