#include <memory>
#include <ckm/ckm-error.h>
+#include <ckm/ckm-type.h>
// Central Key Manager namespace
namespace CKM {
{
public:
// decrypt user key with password
- virtual int unlockUserKey(uid_t user, const std::string &password) const = 0;
+ virtual int unlockUserKey(uid_t user, const Password &password) const = 0;
// remove user key from memory
virtual int lockUserKey(uid_t user) const = 0;
virtual int removeUserData(uid_t user) const = 0;
// change password for user
- virtual int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const = 0;
+ virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword) const = 0;
// This is work around for security-server api - resetPassword that may be called without passing oldPassword.
// This api should not be supported on tizen 3.0
// User must be already logged in and his DKEK is already loaded into memory in plain text form.
// The service will use DKEK in plain text and encrypt it in encrypted form (using new password).
- virtual int resetUserPassword(uid_t user, const std::string &newPassword) const = 0;
+ virtual int resetUserPassword(uid_t user, const Password &newPassword) const = 0;
virtual ~Control(){}
static KeyShPtr create(
const RawBuffer &rawBuffer,
- const std::string &password = std::string());
+ const Password &password = Password());
};
} // namespace CKM
virtual int removeCertificate(const Alias &alias) = 0;
virtual int removeData(const Alias &alias) = 0;
- virtual int getKey(const Alias &alias, const std::string &password, KeyShPtr &key) = 0;
+ virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
virtual int getCertificate(
const Alias &alias,
- const std::string &password,
+ const Password &password,
CertificateShPtr &certificate) = 0;
- virtual int getData(const Alias &alias, const std::string &password, RawBuffer &data) = 0;
+ virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
// send request for list of all keys/certificates/data that application/user may use
virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
virtual int createSignature(
const Alias &privateKeyAlias,
- const std::string &password, // password for private_key
+ const Password &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding,
virtual int verifySignature(
const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
+ const Password &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hash,
typedef std::vector<RawBuffer> RawBufferVector;
typedef std::string Alias;
typedef std::vector<Alias> AliasVector;
+typedef std::string Password;
enum class KeyType : int {
KEY_NONE,
};
struct Policy {
- Policy(const std::string &pass = std::string(), bool extract = true, bool rest = false)
+ Policy(const Password &pass = Password(), bool extract = true, bool rest = false)
: password(pass)
, extractable(extract)
, restricted(rest)
{}
virtual ~Policy(){}
- std::string password; // byte array used to encrypt data inside CKM
+ Password password; // byte array used to encrypt data inside CKM
bool extractable; // if true key may be extracted from storage
bool restricted; // if true only key owner may see data
};
#include <ckmc/ckmc-control.h>
#include <ckmc/ckmc-error.h>
#include <ckmc-type-converter.h>
+#include <ckm/ckm-type.h>
KEY_MANAGER_CAPI
int ckmc_unlock_user_key(uid_t user, const char *password)
{
auto control = CKM::Control::create();
- int ret = control->unlockUserKey(user, std::string(password));
+ int ret = control->unlockUserKey(user, CKM::Password(password));
return to_ckmc_error(ret);
}
int ckmc_change_user_password(uid_t user, const char *oldPassword, const char *newPassword)
{
auto control = CKM::Control::create();
- int ret = control->changeUserPassword(user, std::string(oldPassword), std::string(newPassword));
+ int ret = control->changeUserPassword(user, CKM::Password(oldPassword), CKM::Password(newPassword));
return to_ckmc_error(ret);
}
int ckmc_reset_user_password(uid_t user, const char *newPassword)
{
auto control = CKM::Control::create();
- int ret = control->resetUserPassword(user, std::string(newPassword));
+ int ret = control->resetUserPassword(user, CKM::Password(newPassword));
return to_ckmc_error(ret);
}
-
-
ControlImpl& operator=(const ControlImpl &) = delete;
ControlImpl& operator=(ControlImpl &&) = delete;
- virtual int unlockUserKey(uid_t user, const std::string &password) const {
+ virtual int unlockUserKey(uid_t user, const Password &password) const {
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(ControlCommand::UNLOCK_USER_KEY));
});
}
- virtual int changeUserPassword(uid_t user, const std::string &oldPassword, const std::string &newPassword) const {
+ virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword) const {
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(ControlCommand::CHANGE_USER_PASSWORD));
});
}
- virtual int resetUserPassword(uid_t user, const std::string &newPassword) const {
+ virtual int resetUserPassword(uid_t user, const Password &newPassword) const {
return try_catch([&] {
MessageBuffer send, recv;
Serialization::Serialize(send, static_cast<int>(ControlCommand::RESET_USER_PASSWORD));
}
virtual ~ControlImpl(){}
-
};
ControlShPtr Control::create() {
int ManagerImpl::getBinaryData(
const Alias &alias,
DBDataType sendDataType,
- const std::string &password,
+ const Password &password,
DBDataType &recvDataType,
RawBuffer &rawData)
{
});
}
-int ManagerImpl::getKey(const Alias &alias, const std::string &password, KeyShPtr &key) {
+int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
DBDataType recvDataType;
RawBuffer rawData;
return CKM_API_SUCCESS;
}
-int ManagerImpl::getCertificate(const Alias &alias, const std::string &password, CertificateShPtr &cert)
+int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
{
DBDataType recvDataType;
RawBuffer rawData;
return CKM_API_SUCCESS;
}
-int ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData)
+int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
{
DBDataType recvDataType;
int ManagerImpl::createSignature(
const Alias &privateKeyAlias,
- const std::string &password, // password for private_key
+ const Password &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding,
int ManagerImpl::verifySignature(
const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
+ const Password &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hash,
int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
int removeKey(const Alias &alias);
- int getKey(const Alias &alias, const std::string &password, KeyShPtr &key);
+ int getKey(const Alias &alias, const Password &password, KeyShPtr &key);
int getKeyAliasVector(AliasVector &aliasVector);
int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy);
int removeCertificate(const Alias &alias);
- int getCertificate(const Alias &alias, const std::string &password, CertificateShPtr &cert);
+ int getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert);
int getCertificateAliasVector(AliasVector &aliasVector);
int saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy);
int removeData(const Alias &alias);
- int getData(const Alias &alias, const std::string &password, RawBuffer &cert);
+ int getData(const Alias &alias, const Password &password, RawBuffer &cert);
int getDataAliasVector(AliasVector &aliasVector);
int createKeyPairRSA(
int createSignature(
const Alias &privateKeyAlias,
- const std::string &password, // password for private_key
+ const Password &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding,
int verifySignature(
const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
+ const Password &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hash,
int getBinaryData(
const Alias &alias,
DBDataType sendDataType,
- const std::string &password,
+ const Password &password,
DBDataType &recvDataType,
RawBuffer &rawData);
int passcb(char *buff, int size, int rwflag, void *userdata) {
(void) rwflag;
- std::string *ptr = static_cast<std::string*>(userdata);
+ Password *ptr = static_cast<Password*>(userdata);
if (ptr == NULL)
return 0;
if (ptr->empty())
m_type = second.m_type;
}
-GenericKey::GenericKey(const RawBuffer &buf, const std::string &pass)
+GenericKey::GenericKey(const RawBuffer &buf, const Password &password)
: m_pkey(NULL, EVP_PKEY_free)
, m_type(KeyType::KEY_NONE)
{
if (!pkey && buf[0] == '-') {
BIO_reset(bio.get());
BIO_write(bio.get(), buf.data(), buf.size());
- pkey = PEM_read_bio_PUBKEY(bio.get(), NULL, passcb, const_cast<std::string*>(&pass));
+ pkey = PEM_read_bio_PUBKEY(bio.get(), NULL, passcb, const_cast<Password*>(&password));
isPrivate = false;
LogDebug("PEM_read_bio_PUBKEY Status: " << (void*)pkey);
}
if (!pkey && buf[0] == '-') {
BIO_reset(bio.get());
BIO_write(bio.get(), buf.data(), buf.size());
- pkey = PEM_read_bio_PrivateKey(bio.get(), NULL, passcb, const_cast<std::string*>(&pass));
+ pkey = PEM_read_bio_PrivateKey(bio.get(), NULL, passcb, const_cast<Password*>(&password));
isPrivate = true;
LogDebug("PEM_read_bio_PrivateKey Status: " << (void*)pkey);
}
return RawBuffer();
}
-KeyShPtr Key::create(const RawBuffer &raw, const std::string &password) {
+KeyShPtr Key::create(const RawBuffer &raw, const Password &password) {
KeyShPtr output(new GenericKey(raw, password));
if (output->empty())
output.reset();
GenericKey();
GenericKey(const GenericKey &second);
- GenericKey(const RawBuffer& buffer, const std::string &pass = std::string());
+ GenericKey(const RawBuffer& buffer, const Password &password = Password());
GenericKey(EvpShPtr pkey, KeyType type);
virtual KeyType getType() const;
CKMLogic::~CKMLogic(){}
-RawBuffer CKMLogic::unlockUserKey(uid_t user, const std::string &password) {
+RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password) {
// TODO try catch for all errors that should be supported by error code
int retCode = CKM_API_SUCCESS;
RawBuffer CKMLogic::changeUserPassword(
uid_t user,
- const std::string &oldPassword,
- const std::string &newPassword)
+ const Password &oldPassword,
+ const Password &newPassword)
{
int retCode = CKM_API_SUCCESS;
try {
RawBuffer CKMLogic::resetUserPassword(
uid_t user,
- const std::string &newPassword)
+ const Password &newPassword)
{
int retCode = CKM_API_SUCCESS;
// TODO try-catch
Credentials &cred,
DBDataType dataType,
const Alias &alias,
- const std::string &password,
+ const Password &password,
DBRow &row)
{
int commandId,
DBDataType dataType,
const Alias &alias,
- const std::string &password)
+ const Password &password)
{
int retCode = CKM_API_SUCCESS;
DBRow row;
}
for (auto &i: aliasVector) {
- retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, std::string(), row);
+ retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Password(), row);
if (retCode != CKM_API_SUCCESS)
goto senderror;
Credentials &cred,
int commandId,
const Alias &privateKeyAlias,
- const std::string &password, // password for private_key
+ const Password &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding)
break;
}
- GenericKey keyParsed(row.data, std::string());
+ GenericKey keyParsed(row.data, Password());
if (keyParsed.empty())
retCode = CKM_API_ERROR_SERVER_ERROR;
else
Credentials &cred,
int commandId,
const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
+ const Password &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hash,
CKMLogic& operator=(CKMLogic &&) = delete;
virtual ~CKMLogic();
- RawBuffer unlockUserKey(uid_t user, const std::string &password);
+ RawBuffer unlockUserKey(uid_t user, const Password &password);
RawBuffer lockUserKey(uid_t user);
RawBuffer changeUserPassword(
uid_t user,
- const std::string &oldPassword,
- const std::string &newPassword);
+ const Password &oldPassword,
+ const Password &newPassword);
RawBuffer resetUserPassword(
uid_t user,
- const std::string &newPassword);
+ const Password &newPassword);
RawBuffer saveData(
Credentials &cred,
int commandId,
DBDataType dataType,
const Alias &alias,
- const std::string &password);
+ const Password &password);
RawBuffer getDataList(
Credentials &cred,
Credentials &cred,
int commandId,
const Alias &privateKeyAlias,
- const std::string &password, // password for private_key
+ const Password &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding);
Credentials &cred,
int commandId,
const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
+ const Password &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hash,
Credentials &cred,
DBDataType dataType,
const Alias &alias,
- const std::string &password,
+ const Password &password,
DBRow &row);
int createKeyPairRSAHelper(
int getKeyHelper(
Credentials &cred,
const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
+ const Password &password, // password for public_key (optional)
const GenericKey &genericKey);
std::map<uid_t, UserData> m_userDataMap;
int command;
uid_t user;
ControlCommand cc;
- std::string newPass, oldPass;
+ Password newPass, oldPass;
Deserialization::Deserialize(buffer, command);
Deserialization::Deserialize(buffer, user);
}
case LogicCommand::GET:
{
- std::string password;
+ Password password;
Deserialization::Deserialize(buffer, tmpDataType);
Deserialization::Deserialize(buffer, alias);
Deserialization::Deserialize(buffer, password);
case LogicCommand::CREATE_SIGNATURE:
{
Alias privateKeyAlias;
- std::string password; // password for private_key
+ Password password; // password for private_key
RawBuffer message;
int padding, hash;
Deserialization::Deserialize(buffer, privateKeyAlias);
case LogicCommand::VERIFY_SIGNATURE:
{
Alias publicKeyOrCertAlias;
- std::string password; // password for public_key (optional)
+ Password password; // password for public_key (optional)
RawBuffer message;
RawBuffer signature;
//HashAlgorithm hash;
}
RawBuffer CryptoLogic::passwordToKey(
- const std::string &password,
+ const Password &password,
const RawBuffer &salt,
size_t keySize) const
{
return civ;
}
-void CryptoLogic::encryptRow(const std::string &password, DBRow &row)
+void CryptoLogic::encryptRow(const Password &password, DBRow &row)
{
try {
DBRow crow = row;
}
}
-void CryptoLogic::decryptRow(const std::string &password, DBRow &row)
+void CryptoLogic::decryptRow(const Password &password, DBRow &row)
{
try {
DBRow crow = row;
virtual ~CryptoLogic(){}
- void decryptRow(const std::string &password, DBRow &row);
- void encryptRow(const std::string &password, DBRow &row);
+ void decryptRow(const Password &password, DBRow &row);
+ void encryptRow(const Password &password, DBRow &row);
bool haveKey(const std::string &smackLabel);
void pushKey(const std::string &smackLabel,
std::map<std::string, RawBuffer> m_keyMap;
RawBuffer generateRandIV() const;
- RawBuffer passwordToKey(const std::string &password,
+ RawBuffer passwordToKey(const Password &password,
const RawBuffer &salt,
size_t keySize) const;
// if (keyInWrapForm.size() != sizeof(WrappedKeyMaterial))
// throw exception; // buffer does not have proper size to store WrappedKeyMaterial
// WrappedKeyMaterial *wkm = static_cast<WrappedKeyMaterial>(keyInWrapForm.data());
- KeyProvider(const RawBuffer &domainKEKInWrapForm, const std::string &password);
+ KeyProvider(const RawBuffer &domainKEKInWrapForm, const Password &password);
KeyProvider(KeyProvider &&);
KeyProvider(const KeyProvider &) = delete;
// Returns Key in form used to store key in file
// Requied by Control::resetPassword(const RawBuffer &newPassword);
// This api should be used only on Tizen 2.2.1
- RawBuffer getWrappedDomainKEK(const std::string &password);
+ RawBuffer getWrappedDomainKEK(const Password &password);
// EncryptedKey key extracted from database. Used to encrypt application data.
// This key will be used to decrypt/encrypt data in ROW
// used by change user password. On error -> exception
static RawBuffer reencrypt(
const RawBuffer &domainKEKInWrapForm,
- const std::string &oldPass,
- const std::string &newPass);
+ const Password &oldPass,
+ const Password &newPass);
// First run of application for some user. DomainKEK was not created yet. We must create one.
// This key will be used to encrypt user database.
- static RawBuffer generateDomainKEK(const std::string &user, const std::string &userPassword);
+ static RawBuffer generateDomainKEK(const std::string &user, const Password &userPassword);
// This will be called by framework at the begin of the program
static int initializeLibrary();