namespace CKM {
// used to pass password and raw key data
-typedef std::vector<unsigned char> RawData;
+typedef std::vector<unsigned char> RawBuffer;
typedef std::string Alias;
typedef std::vector<Alias> AliasVector;
};
struct Policy {
- Policy(const RawData &pass = RawData(), bool extract = true, bool rest = false)
+ Policy(const RawBuffer &pass = RawBuffer(), bool extract = true, bool rest = false)
: password(pass)
, extractable(extract)
, restricted(rest)
{}
virtual ~Policy(){}
- RawData password; // byte array used to encrypt data inside CKM
+ RawBuffer password; // byte array used to encrypt data inside CKM
bool extractable; // if true key may be extracted from storage
bool restricted; // if true only key owner may see data
};
public:
Control();
// decrypt user key with password
- int unlockUserKey(const std::string &user, const RawData &password) const;
+ int unlockUserKey(const std::string &user, const RawBuffer &password) const;
// remove user key from memory
int lockUserKey(const std::string &user) const;
int removeUserData(const std::string &user) const;
// change password for user
- int changeUserPassword(const std::string &user, const RawData &oldPassword, const RawData &newPassword) const;
+ int changeUserPassword(const std::string &user, const RawBuffer &oldPassword, const RawBuffer &newPassword) const;
// This is work around for security-server api - resetPassword that may be called without passing oldPassword.
// This api should not be supported on tizen 3.0
// User must be already logged in and his DKEK is already loaded into memory in plain text form.
// The service will use DKEK in plain text and encrypt it in encrypted form (using new password).
- int resetUserPassword(const std::string &user, const RawData &newPassword) const;
+ int resetUserPassword(const std::string &user, const RawBuffer &newPassword) const;
virtual ~Control();
private:
};
Key();
- Key(const RawData &rawData, KeyType type, const RawData &password = RawData()); // Import key
+ Key(const RawBuffer &rawData, KeyType type, const RawBuffer &password = RawBuffer()); // Import key
Key(const Key &key);
Key& operator=(const Key &key);
virtual ~Key();
KeyType getType() const;
int getSize() const;
ECType getCurve() const;
- RawData getKey() const;
+ RawBuffer getKey() const;
KeyImpl* getImpl() const;
private:
};
Certificate();
- Certificate(const RawData &rawData, Format format);
+ Certificate(const RawBuffer &rawData, Format format);
Certificate(const Certificate &certificate);
Certificate& operator=(const Certificate &certificate);
// This function will return openssl struct X509*.
void *getX509();
- RawData getDER() const;
+ RawBuffer getDER() const;
CertificateImpl* getImpl();
// // *** standard certificate operation begin ***
-// RawData getDER() const;
+// RawBuffer getDER() const;
// bool isSignedBy(const Certificate &parent) const;
-// RawData getFingerprint(FingerprintType type) const;
+// RawBuffer getFingerprint(FingerprintType type) const;
// bool isCA() const;
// // *** standard certificate operation end ***
private:
class Pkcs12 {
public:
Pkcs12();
- Pkcs12(const RawData &rawData, const RawData &password = RawData());
+ Pkcs12(const RawBuffer &rawData, const RawBuffer &password = RawBuffer());
Pkcs12(const Pkcs12 &pkcs);
Pkcs12(Pkcs12 &&pkcs);
Pkcs12& operator=(const Pkcs12 &pkcs);
Pkcs12& operator=(Pkcs12 &&pkcs);
- Key getKey(const RawData &password = RawData());
+ Key getKey(const RawBuffer &password = RawBuffer());
Certificate getCertificate(); // this is connected with Key
// check the API in openssl and translate it 1 to 1.
int removeKey(const Alias &alias);
int removeCertificate(const Alias &alias);
- int getKey(const Alias &alias, const RawData &password, Key &key);
+ int getKey(const Alias &alias, const RawBuffer &password, Key &key);
int getCertificate(
const Alias &alias,
- const RawData &password,
+ const RawBuffer &password,
Certificate &certificate);
// This will extract list of all Keys and Certificates in Key Store
// int requestCertificateAliasVector(AliasVector &alias); // send request for list of all certs that application/user may use
// Added By Dongsun Lee
- int saveData(const Alias &alias, const RawData &data, const Policy &policy);
+ int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy);
int removeData(const Alias &alias);
- int getData(const Alias &alias, const RawData &password, RawData &data);
+ int getData(const Alias &alias, const RawBuffer &password, RawBuffer &data);
// int requestDataAliasVector(AliasVector &alias);
//
// int createKeyPairRSA(
//
// int createSignature(
// const Alias &privateKeyAlias,
-// const RawData &password, // password for private_key
-// const RawData &message,
+// const RawBuffer &password, // password for private_key
+// const RawBuffer &message,
// HashAlgorith hash,
// RSAPaddingAlgorithm padding,
-// RawData &signature);
+// RawBuffer &signature);
//
// int verifySignature(
// const Alias &publicKeyOrCertAlias,
-// const RawData &password, // password for public_key (optional)
-// const RawData &message,
-// const RawData &signature,
+// const RawBuffer &password, // password for public_key (optional)
+// const RawBuffer &message,
+// const RawBuffer &signature,
// HashAlgorithm hash,
// RSAPaddingAlgorithm padding);
//
virtual void ReceivedRemovedCertificate() {}
// Added By Dongsun Lee
- virtual void ReceivedData(RawData && data) {}
+ virtual void ReceivedData(RawBuffer && data) {}
virtual void ReceivedDataAliasVector(AliasVector && aliasVector) {}
// This callbacks will confirm successful operation
virtual void ReceivedRemovedData() {}
virtual void ReceivedCreateKeyPairRSA() {}
virtual void ReceivedCreateKeyPairECDSA() {}
- virtual void ReceivedCreateSignature(RawData && signature) {}
+ virtual void ReceivedCreateSignature(RawBuffer && signature) {}
// TODO: describe status
virtual void ReceivedVerifySignature() {}
void requestCertificateAliasVector(Observer *observer); // send request for list of all certs that application/user may use
// Added By Dongsun Lee
- void saveData(Observer *observer, const Alias &alias, const RawData &data, const Policy &policy);
+ void saveData(Observer *observer, const Alias &alias, const RawBuffer &data, const Policy &policy);
void removeData(Observer *observer, const Alias &alias);
void requestData(Observer *observer, const Alias &alias);
void requestDataAliasVector(Observer *observer); // send request for list of all data that application/user may use
void createKeyPairRSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, const int &size, const Policy &policy);
void createKeyPairECDSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, ECType type, const int &size, const Policy &policy);
- void createSignature(Observer *observer, const Alias &privateKeyAlias, const RawData &password, const RawData &message);
- void verifySignature(Observer *observer, const Alias &publicKeyOrCertAlias, const RawData &password, const RawData &message, const RawData &signature);
+ void createSignature(Observer *observer, const Alias &privateKeyAlias, const RawBuffer &password, const RawBuffer &message);
+ void verifySignature(Observer *observer, const Alias &publicKeyOrCertAlias, const RawBuffer &password, const RawBuffer &message, const RawBuffer &signature);
// Should we use also certificates stored by user in Certral Key Manager?
// Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working).
namespace CKM {
-CertificateImpl::CertificateImpl(const RawData &der, Certificate::Format format) {
+CertificateImpl::CertificateImpl(const RawBuffer &der, Certificate::Format format) {
int size;
const unsigned char *ptr;
- RawData tmp;
+ RawBuffer tmp;
if (Certificate::Format::FORM_BASE64 == format) {
Base64Decoder base64;
}
}
-RawData CertificateImpl::getDER(void) const {
+RawBuffer CertificateImpl::getDER(void) const {
unsigned char *rawDer = NULL;
int size = i2d_X509(m_x509, &rawDer);
if (!rawDer || size <= 0) {
// "i2d_X509 failed");
}
- RawData output(
+ RawBuffer output(
reinterpret_cast<char*>(rawDer),
reinterpret_cast<char*>(rawDer) + size);
OPENSSL_free(rawDer);
class CertificateImpl {
public:
CertificateImpl(){}
- CertificateImpl(const RawData &data, Certificate::Format format);
+ CertificateImpl(const RawBuffer &data, Certificate::Format format);
CertificateImpl& operator=(const CertificateImpl &) = delete;
- RawData getDER() const;
+ RawBuffer getDER() const;
bool empty() const;
~CertificateImpl();
Certificate::Certificate(){}
-Certificate::Certificate(const RawData &rawData, Format format)
+Certificate::Certificate(const RawBuffer &rawData, Format format)
: m_impl(new CertificateImpl(rawData, format))
{}
return true;
}
-RawData Certificate::getDER() const {
+RawBuffer Certificate::getDER() const {
if (m_impl)
return m_impl->getDER();
- return RawData();
+ return RawBuffer();
}
void* Certificate::getX509() {
namespace CKM {
-typedef std::vector<unsigned char> RawBuffer;
-
int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv);
/*
ControlImpl& operator=(const ControlImpl &) = delete;
ControlImpl& operator=(ControlImpl &&) = delete;
- static int unlockUserKey(const std::string &user, const RawData &password) {
+ static int unlockUserKey(const std::string &user, const RawBuffer &password) {
return try_catch([&] {
if (user.empty())
return KEY_MANAGER_API_ERROR_INPUT_PARAM;
});
}
- static int changeUserPassword(const std::string &user, const RawData &oldPassword, const RawData &newPassword) {
+ static int changeUserPassword(const std::string &user, const RawBuffer &oldPassword, const RawBuffer &newPassword) {
return try_catch([&] {
if (user.empty())
return KEY_MANAGER_API_ERROR_INPUT_PARAM;
});
}
- static int resetUserPassword(const std::string &user, const RawData &newPassword) {
+ static int resetUserPassword(const std::string &user, const RawBuffer &newPassword) {
return try_catch([&] {
if (user.empty())
return KEY_MANAGER_API_ERROR_INPUT_PARAM;
Control::~Control(){}
-int Control::unlockUserKey(const std::string &user, const RawData &password) const {
+int Control::unlockUserKey(const std::string &user, const RawBuffer &password) const {
return m_impl->unlockUserKey(user, password);
}
return m_impl->removeUserData(user);
}
-int Control::changeUserPassword(const std::string &user, const RawData &oldPassword, const RawData &newPassword) const {
+int Control::changeUserPassword(const std::string &user, const RawBuffer &oldPassword, const RawBuffer &newPassword) const {
return m_impl->changeUserPassword(user, oldPassword, newPassword);
}
-int Control::resetUserPassword(const std::string &user, const RawData &newPassword) const {
+int Control::resetUserPassword(const std::string &user, const RawBuffer &newPassword) const {
return m_impl->resetUserPassword(user, newPassword);
}
// m_type = static_cast<KeyType>(type);
//}
-KeyImpl::KeyImpl(const RawData &data, KeyType type, const RawData &password)
+KeyImpl::KeyImpl(const RawBuffer &data, KeyType type, const RawBuffer &password)
: m_type(KeyType::KEY_NONE)
{
int size = 0;
RSA *rsa = NULL;
char *pass = NULL;
- RawData passtmp(password);
+ RawBuffer passtmp(password);
if (!passtmp.empty()) {
passtmp.push_back(0);
public:
KeyImpl();
// KeyImpl(IStream &stream);
- KeyImpl(const RawData &data, KeyType type, const RawData &password);
+ KeyImpl(const RawBuffer &data, KeyType type, const RawBuffer &password);
KeyImpl(const KeyImpl &);
KeyImpl(KeyImpl &&);
KeyImpl& operator=(const KeyImpl &);
return m_type;
}
- RawData getKey() const {
+ RawBuffer getKey() const {
return m_key;
}
virtual ~KeyImpl();
private:
KeyType m_type;
- RawData m_key;
+ RawBuffer m_key;
};
} // namespace CKM
{}
Key::Key(
- const RawData &rawData,
+ const RawBuffer &rawData,
KeyType type,
- const RawData &password)
+ const RawBuffer &password)
: m_impl(new KeyImpl(rawData, type, password))
{}
return KeyType::KEY_NONE;
}
-RawData Key::getKey() const {
+RawBuffer Key::getKey() const {
if (m_impl)
return m_impl->getKey();
- return RawData();
+ return RawBuffer();
}
KeyImpl* Key::getImpl() const {
int Manager::ManagerImpl::saveBinaryData(
const Alias &alias,
DBDataType dataType,
- const RawData &rawData,
+ const RawBuffer &rawData,
const Policy &policy)
{
m_counter++;
return saveBinaryData(alias, DBDataType::CERTIFICATE, cert.getDER(), policy);
}
-int Manager::ManagerImpl::saveData(const Alias &alias, const RawData &rawData, const Policy &policy) {
+int Manager::ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
}
int Manager::ManagerImpl::getBinaryData(
const Alias &alias,
DBDataType sendDataType,
- const RawData &password,
+ const RawBuffer &password,
DBDataType &recvDataType,
- RawData &rawData)
+ RawBuffer &rawData)
{
return try_catch([&] {
if (alias.empty())
});
}
-int Manager::ManagerImpl::getKey(const Alias &alias, const RawData &password, Key &key) {
+int Manager::ManagerImpl::getKey(const Alias &alias, const RawBuffer &password, Key &key) {
DBDataType recvDataType;
- RawData rawData;
+ RawBuffer rawData;
int retCode = getBinaryData(
alias,
return KEY_MANAGER_API_SUCCESS;
}
-int Manager::ManagerImpl::getCertificate(const Alias &alias, const RawData &password, Certificate &cert)
+int Manager::ManagerImpl::getCertificate(const Alias &alias, const RawBuffer &password, Certificate &cert)
{
DBDataType recvDataType;
- RawData rawData;
+ RawBuffer rawData;
int retCode = getBinaryData(
alias,
return KEY_MANAGER_API_SUCCESS;
}
-int Manager::ManagerImpl::getData(const Alias &alias, const RawData &password, RawData &rawData)
+int Manager::ManagerImpl::getData(const Alias &alias, const RawBuffer &password, RawBuffer &rawData)
{
DBDataType recvDataType;
int saveKey(const Alias &alias, const Key &key, const Policy &policy);
int removeKey(const Alias &alias);
- int getKey(const Alias &alias, const RawData &password, Key &key);
+ int getKey(const Alias &alias, const RawBuffer &password, Key &key);
int saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy);
int removeCertificate(const Alias &alias);
- int getCertificate(const Alias &alias, const RawData &password, Certificate &cert);
+ int getCertificate(const Alias &alias, const RawBuffer &password, Certificate &cert);
- int saveData(const Alias &alias, const RawData &rawData, const Policy &policy);
+ int saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy);
int removeData(const Alias &alias);
- int getData(const Alias &alias, const RawData &password, RawData &cert);
+ int getData(const Alias &alias, const RawBuffer &password, RawBuffer &cert);
protected:
int saveBinaryData(
const Alias &alias,
DBDataType dataType,
- const RawData &rawData,
+ const RawBuffer &rawData,
const Policy &policy);
int removeBinaryData(
int getBinaryData(
const Alias &alias,
DBDataType sendDataType,
- const RawData &password,
+ const RawBuffer &password,
DBDataType &recvDataType,
- RawData &rawData);
+ RawBuffer &rawData);
int m_counter;
};
return m_impl->removeKey(alias);
}
-int Manager::getKey(const Alias &alias, const RawData &password, Key &key) {
+int Manager::getKey(const Alias &alias, const RawBuffer &password, Key &key) {
return m_impl->getKey(alias, password, key);
}
return m_impl->removeCertificate(alias);
}
-int Manager::getCertificate(const Alias &alias, const RawData &password, Certificate &cert) {
+int Manager::getCertificate(const Alias &alias, const RawBuffer &password, Certificate &cert) {
return m_impl->getCertificate(alias, password, cert);
}
-int Manager::saveData(const Alias &alias, const RawData &data, const Policy &policy) {
+int Manager::saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) {
return m_impl->saveData(alias, data, policy);
}
return m_impl->removeData(alias);
}
-int Manager::getData(const Alias &alias, const RawData &password, RawData &data) {
+int Manager::getData(const Alias &alias, const RawBuffer &password, RawBuffer &data) {
return m_impl->getData(alias, password, data);
}
{
}
-void Base64Encoder::append(const RawData &data)
+void Base64Encoder::append(const RawBuffer &data)
{
if (m_finalized) {
LogWarning("Already finalized.");
BIO_flush(m_b64);
}
-RawData Base64Encoder::get()
+RawBuffer Base64Encoder::get()
{
if (!m_finalized) {
LogWarning("Not finalized");
}
if (bptr->length > 0) {
- return RawData(bptr->data, bptr->data + bptr->length);
+ return RawBuffer(bptr->data, bptr->data + bptr->length);
}
- return RawData();
+ return RawBuffer();
}
void Base64Encoder::reset()
{
}
-void Base64Decoder::append(const RawData &data)
+void Base64Decoder::append(const RawBuffer &data)
{
if (m_finalized) {
LogWarning("Already finalized.");
BIO *b64, *bmem;
size_t len = m_input.size();
- RawData buffer(len);
+ RawBuffer buffer(len);
if (!buffer.data()) {
LogError("Error in malloc.");
ThrowMsg(Exception::InternalError, "Couldn't create BIO object.");
}
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
- RawData tmp(m_input);
+ RawBuffer tmp(m_input);
m_input.clear();
bmem = BIO_new_mem_buf(tmp.data(), len);
return status;
}
-RawData Base64Decoder::get() const
+RawBuffer Base64Decoder::get() const
{
if (!m_finalized) {
LogWarning("Not finalized.");
DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized)
};
Base64Encoder();
- void append(const RawData &data);
+ void append(const RawBuffer &data);
void finalize();
- RawData get();
+ RawBuffer get();
void reset();
~Base64Encoder();
DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized)
};
Base64Decoder();
- void append(const RawData &data);
+ void append(const RawBuffer &data);
/*
* Function will return false when BIO_read fails
* (for example: when string was not in base64 format).
*/
bool finalize();
- RawData get() const;
+ RawBuffer get() const;
void reset();
~Base64Decoder()
{
}
private:
- RawData m_input;
- RawData m_output;
+ RawBuffer m_input;
+ RawBuffer m_output;
bool m_finalized;
};
} // namespace CKM
int commandId,
DBDataType dataType,
const Alias &alias,
- const RawData &key,
+ const RawBuffer &key,
const PolicySerializable &policy)
{
(void)cred;
int commandId,
DBDataType dataType,
const Alias &alias,
- const RawData &password)
+ const RawBuffer &password)
{
(void)cred;
(void)alias;
Serialization::Serialize(response, commandId);
Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
Serialization::Serialize(response, static_cast<int>(dataType));
- Serialization::Serialize(response, RawData());
+ Serialization::Serialize(response, RawBuffer());
return response.Pop();
}
int commandId,
DBDataType dataType,
const Alias &alias,
- const RawData &key,
+ const RawBuffer &key,
const PolicySerializable &policy);
RawBuffer removeData(
int commandId,
DBDataType dataType,
const Alias &alias,
- const RawData &password);
+ const RawBuffer &password);
private:
switch(sc) {
case LogicCommand::SAVE:
{
- RawData rawData;
+ RawBuffer rawData;
PolicySerializable policy;
Deserialization::Deserialize(buffer, tmpDataType);
Deserialization::Deserialize(buffer, alias);
}
case LogicCommand::GET:
{
- RawData password;
+ RawBuffer password;
Deserialization::Deserialize(buffer, tmpDataType);
Deserialization::Deserialize(buffer, alias);
Deserialization::Deserialize(buffer, password);
namespace CKM {
-// typedef std::vector<unsigned char> RawData; // must be defined in common header.
-
// Check encryption shema in openssl
// * what about data length after decryption?
// * do we need reset EVP_CONTEXT_CTX before each decryption?
// For example KeyProvider will not know the iv, it may set only the
// key information.
KeyAES(){};
- KeyAES(const RawData &key, const RawData &iv = RawData());
+ KeyAES(const RawBuffer &key, const RawBuffer &iv = RawBuffer());
KeyAES(const KeyAES &key);
KeyAES(KeyAES &&key);
// iv must be set to perform encrypt/decrypt operation
// iv may be set in constructor or directly in encrypt/decrypt operation
- RawData encrypt(const RawData &data, const RawData &iv = RawData());
- RawData decrypt(const RawData &data, const RawData &iv = RawData());
+ RawBuffer encrypt(const RawBuffer &data, const RawBuffer &iv = RawBuffer());
+ RawBuffer decrypt(const RawBuffer &data, const RawBuffer &iv = RawBuffer());
- RawData getKey();
+ RawBuffer getKey();
virtual ~KeyAES(){}
private:
};
} // namespace CKM
+
namespace CKM {
-// typedef std::vector<unsigned char> RawData; this must be defined in common header.
-
// This is internal api so all functions should throw exception on errors.
class KeyProvider {
// if (keyInWrapForm.size() != sizeof(WrappedKeyMaterial))
// throw exception; // buffer does not have proper size to store WrappedKeyMaterial
// WrappedKeyMaterial *wkm = static_cast<WrappedKeyMaterial>(keyInWrapForm.data());
- KeyProvider(const RawData &domainKEKInWrapForm, const RawData &password);
+ KeyProvider(const RawBuffer &domainKEKInWrapForm, const RawBuffer &password);
// Returns Key used to decrypt database.
KeyAES getDomainKEK();
// Returns Key in form used to store key in file
- // Requied by Control::resetPassword(const RawData &newPassword);
+ // Requied by Control::resetPassword(const RawBuffer &newPassword);
// This api should be used only on Tizen 2.2.1
- RawData getDomainKEK(const std::string &password);
+ RawBuffer getDomainKEK(const std::string &password);
// EncryptedKey key extracted from database. Used to encrypt application data.
// This key will be used to decrypt/encrypt data in ROW
// [tak] modify method name more appropriately
// decryptDEK -> unwrapDEK
- KeyAES unwrapDEK(const RawData &DEKInWrapForm);
+ KeyAES unwrapDEK(const RawBuffer &DEKInWrapForm);
// Returns WRAPPED DEK. This will be written to datbase.
// This key will be used to encrypt all application information.
// All application are identified by smackLabel.
- RawData generateDEK(const std::string &smackLabel);
+ RawBuffer generateDEK(const std::string &smackLabel);
// used by change user password. On error -> exception
- static RawData reencrypt(const RawData &domainKEKInWrapForm, const RawData &oldPass, const RawData &newPass);
+ static RawBuffer reencrypt(const RawBuffer &domainKEKInWrapForm, const RawBuffer &oldPass, const RawBuffer &newPass);
// First run of application for some user. DomainKEK was not created yet. We must create one.
// This key will be used to encrypt user database.
- static RawData generateDomainKEK(const std::string &user, const RawData &userPassword);
+ static RawBuffer generateDomainKEK(const std::string &user, const RawBuffer &userPassword);
// This will be called by framework at the begin of the program
// [tak] need to declare return type
};
} // namespace CKM
+
projects / platform / core / security / key-manager.git / commitdiff