SET(CMAKE_POSITION_INDEPENDENT_CODE "True")
SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -pie")
-option(ENABLE_DUMMY_BACKEND "Enable dummy crypto backend" OFF)
option(ENABLE_SYSTEMD_SUPPORT "Enable support for systemd" ON)
IF(ENABLE_SYSTEMD_SUPPORT AND NOT SYSTEMD_FOUND)
include_directories(${CMAKE_CURRENT_BINARY_DIR})
include_directories(shared)
-SET(DCM_UNIX_SOCKET_PATH "/run/device-certificate-manager.socket")
+SET(DCM_UNIX_SOCKET_PATH "/run/device-certificate-manager.socket")
add_definitions(-DDCM_UNIX_SOCKET_PATH="${DCM_UNIX_SOCKET_PATH}")
-add_subdirectory(dcm-daemon)
add_subdirectory(dcm-client)
+add_subdirectory(dcm-daemon)
+add_subdirectory(pkgconfig)
+add_subdirectory(rpm)
+add_subdirectory(systemd)
add_subdirectory(tests)
add_subdirectory(tools)
-
-add_subdirectory(systemd)
INCLUDE(CheckFunctionExists)
INCLUDE(CheckIncludeFiles)
-CHECK_INCLUDE_FILE("pkix_interface.h" HAVE_PKIX_INTERFACE)
-
FIND_PACKAGE(Boost 1.54 COMPONENTS unit_test_framework)
FIND_PACKAGE(Boost 1.54
FIND_PACKAGE(PkgConfig REQUIRED)
-PKG_CHECK_MODULES(ARTIK_SECURITY artik-security)
-
-IF(ARTIK_SECURITY_FOUND)
- SET(HAVE_ARTIK_SECURITY_LIBRARY TRUE)
-ENDIF()
-
PKG_CHECK_MODULES(DLOG dlog)
-CHECK_FUNCTION_EXISTS(fork HAVE_FORK)
-
find_package(Protobuf REQUIRED)
#### Find mbedtls ####
-#cmakedefine HAVE_PKIX_INTERFACE
-#cmakedefine HAVE_ARTIK_SECURITY_LIBRARY
-#cmakedefine HAVE_FORK
-
#define PROJECT_VERSION "@PROJECT_VERSION@"
include(GenerateExportHeader)
-configure_file(device-certificate-manager.pc.in
- ${CMAKE_CURRENT_BINARY_DIR}/device-certificate-manager.pc
- @ONLY)
-
###### Include and library directories ######
IF(DLOG_FOUND)
device_certificate_manager.h
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/device-certificate-manager)
-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/device-certificate-manager.pc
- DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+install(FILES dcm_support.pb.h
+ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/device-certificate-manager-backend)
add_definitions(-DUSE_SYSTEMD_API=1)
ENDIF(ENABLE_SYSTEMD_SUPPORT)
-IF(ARTIK_SECURITY_FOUND)
- include_directories(${ARTIK_SECURITY_INCLUDE_DIRS})
- add_definitions(${ARTIK_SECURITY_CFLAGS_OTHER})
- add_definitions(-DUSE_ARTIK_SECURITY_HEADERS=1)
-ENDIF(ARTIK_SECURITY_FOUND)
-
IF(CYNARA_FOUND)
include_directories(${CYNARA_INCLUDE_DIRS})
link_directories(${CYNARA_LIBRARY_DIRS})
include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR})
-###### Crypto Backends #######
-
-add_subdirectory(dummy-backend)
-add_subdirectory(see-backend)
-add_subdirectory(konaise-backend)
-
-IF(ENABLE_DUMMY_BACKEND)
- SET(DUMMY_BACKEND_OBJECTS $<TARGET_OBJECTS:dummy_backend_objects>)
- add_definitions(-DENABLE_DUMMY_BACKEND=1)
-ENDIF(ENABLE_DUMMY_BACKEND)
-
-SET(SEE_BACKEND_OBJECTS $<TARGET_OBJECTS:see-backend>)
-SET(KSE_BACKEND_OBJECTS $<TARGET_OBJECTS:kse-backend>)
-
###### Main executable #######
add_executable(device-certificate-managerd
dcmsession.cpp
serviceadapter.cpp
../shared/protobuf_asio.cpp
- abstractcryptobackend.cpp
- abstractcryptobackendcontext.cpp
- cryptobackendroster.cpp
- dllresolver.cpp
+ soresolver.cpp
cert_utils.cpp
${PROTO_SRCS}
${PROTO_HDRS}
- ${DUMMY_BACKEND_OBJECTS}
- ${SEE_BACKEND_OBJECTS}
- ${KSE_BACKEND_OBJECTS}
)
add_dependencies(device-certificate-managerd protobuf_generated)
###### Installation #######
-install(TARGETS device-certificate-managerd
- RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+INSTALL(TARGETS device-certificate-managerd
+ RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+)
+
+INSTALL(FILES dcm-backend-api.h
+ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/device-certificate-manager-backend
+)
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "abstractcryptobackend.h"
-
-asbtract_crypto_backend::asbtract_crypto_backend() {
-}
-
-asbtract_crypto_backend::~asbtract_crypto_backend() {
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifndef DCM_DAEMON_ABSTRACTCRYPTOBACKEND_H_
-#define DCM_DAEMON_ABSTRACTCRYPTOBACKEND_H_
-
-#include <memory>
-#include <boost/noncopyable.hpp>
-#include "dcm_support.pb.h"
-
-class abstract_crypto_backend_context;
-
-class asbtract_crypto_backend : public std::enable_shared_from_this<asbtract_crypto_backend>,
- public boost::noncopyable
-{
-protected:
- asbtract_crypto_backend();
-
-public:
- virtual ~asbtract_crypto_backend();
-
- virtual float will_handle_service(const std::string& serviceName,
- const std::string& usage) = 0;
-
- virtual std::shared_ptr<abstract_crypto_backend_context> create_client_context(
- const std::string& serviceName,
- const std::string& usage,
- const std::string& key_type) = 0;
-};
-
-#endif /* DCM_DAEMON_ABSTRACTCRYPTOBACKEND_H_ */
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "abstractcryptobackendcontext.h"
-
-abstract_crypto_backend_context::abstract_crypto_backend_context() {
-}
-
-abstract_crypto_backend_context::~abstract_crypto_backend_context() {
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifndef DCM_DAEMON_ABSTRACTCRYPTOBACKENDCONTEXT_H_
-#define DCM_DAEMON_ABSTRACTCRYPTOBACKENDCONTEXT_H_
-
-#include "abstractcryptobackend.h"
-
-class abstract_crypto_backend_context : public std::enable_shared_from_this<abstract_crypto_backend_context> {
-protected:
- abstract_crypto_backend_context();
-
-public:
- virtual ~abstract_crypto_backend_context();
-
- virtual int request_certificate_chain(std::string& mutable_chain) = 0;
-
- virtual int sign_crypto_data(MessageDigestType digestType, const std::string& dataToSign,
- std::string& digestResult) = 0;
-
- virtual CryptoKeyType key_type() = 0;
-
- virtual unsigned int key_length() = 0;
-};
-
-#endif /* DCM_DAEMON_ABSTRACTCRYPTOBACKENDCONTEXT_H_ */
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 - 2018 Samsung Electronics All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "cryptobackendroster.h"
-
-crypto_backend_roster& crypto_backend_roster::instance() {
- static crypto_backend_roster sInstance;
- return sInstance;
-}
-
-void crypto_backend_roster::register_backend(std::shared_ptr<asbtract_crypto_backend> context)
-{
- std::unique_lock<std::mutex> locker(fLock);
- fBackends.push_back(context);
-}
-
-std::shared_ptr<asbtract_crypto_backend> crypto_backend_roster::choose_backend(const std::string& serviceName,
- const std::string& usage)
-{
- std::shared_ptr<asbtract_crypto_backend> best;
- float best_score = -1.0f;
-
- std::unique_lock<std::mutex> locker(fLock);
-
- for(const auto& backend : fBackends) {
- float score = backend->will_handle_service(serviceName, usage);
- if(score > best_score) {
- best_score = score;
- best = backend;
- }
- }
-
- return best;
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifndef DCM_DAEMON_CRYPTOBACKENDROSTER_H_
-#define DCM_DAEMON_CRYPTOBACKENDROSTER_H_
-
-#include <list>
-#include <mutex>
-#include "abstractcryptobackend.h"
-
-class crypto_backend_roster {
-public:
- static crypto_backend_roster& instance();
-
- void register_backend(std::shared_ptr<asbtract_crypto_backend> context);
-
- std::shared_ptr<asbtract_crypto_backend> choose_backend(const std::string& serviceName,
- const std::string& usage);
-
-private:
- std::mutex fLock;
- std::list<std::shared_ptr<asbtract_crypto_backend>> fBackends;
-};
-
-template<typename Klass> struct crypto_backend_registration {
- crypto_backend_registration() {
- crypto_backend_roster::instance().register_backend(std::make_shared<Klass>());
- }
-
- void ensure_inited() {
- }
-};
-
-#endif /* DCM_DAEMON_CRYPTOBACKENDROSTER_H_ */
--- /dev/null
+/******************************************************************
+ *
+ * Copyright 2019 Samsung Electronics All Rights Reserved.
+ *
+ * Author: Pawel Kowalski <p.kowalski2@partner.samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ******************************************************************/
+
+#ifndef DCM_BACKEND_API_H_
+#define DCM_BACKEND_API_H_
+
+#include "dcm_support.pb.h"
+
+#ifndef API_DCM_BACKEND_EXPORT
+#define API_DCM_BACKEND_EXPORT __attribute__((visibility("default")))
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct dcm_backend_context {
+ void* backend;
+};
+
+API_DCM_BACKEND_EXPORT
+void dcm_backend_create_key_context(dcm_backend_context& ctx,
+ const std::string& keyType);
+
+API_DCM_BACKEND_EXPORT
+void dcm_backend_free_key_context(dcm_backend_context& ctx);
+
+API_DCM_BACKEND_EXPORT
+int dcm_backend_request_certificate_chain(dcm_backend_context& ctx,
+ std::string& mutable_chain);
+
+API_DCM_BACKEND_EXPORT
+int dcm_backend_sign_crypto_data(dcm_backend_context& ctx,
+ MessageDigestType digestType,
+ const std::string& dataToSign,
+ std::string& digestResult);
+
+API_DCM_BACKEND_EXPORT
+CryptoKeyType dcm_backend_key_type(dcm_backend_context& ctx);
+
+API_DCM_BACKEND_EXPORT
+unsigned int dcm_backend_key_length(dcm_backend_context& ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* DCM_BACKEND_API_H_ */
/******************************************************************
*
- * Copyright 2017 Samsung Electronics All Rights Reserved.
+ * Copyright 2017 - 2019 Samsung Electronics All Rights Reserved.
*
* Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
*
#include "dcmsession.h"
#include "logging.h"
-dcm_server::dcm_server(boost::asio::io_service& io_service, boost::asio::local::stream_protocol::acceptor&& acceptor) :
+dcm_server::dcm_server(boost::asio::io_service& io_service, boost::asio::local::stream_protocol::acceptor&& acceptor, std::string lib_backend) :
fService(io_service),
fTimer(io_service),
- fAcceptor(std::move(acceptor))
+ fAcceptor(std::move(acceptor)),
+ fSoResolver(std::make_shared<so_resolver>(lib_backend))
{
BOOST_LOG_FUNCTION();
BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Construct server object";
std::shared_ptr<dcm_session> session;
try {
- session = std::make_shared<dcm_session>(fService, fTimer, shared_from_this());
+ session = std::make_shared<dcm_session>(fService, fTimer, shared_from_this(), fSoResolver);
} catch(std::bad_alloc& ex) {
BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Out of memory when trying to allocate new session";
return;
self->do_accept();
});
}
-
-std::shared_ptr<asbtract_crypto_backend> dcm_server::crypto_backend()
-{
- std::unique_lock<std::mutex> locker(this->fLock);
- return fCryptoBackend;
-}
/******************************************************************
*
- * Copyright 2017 Samsung Electronics All Rights Reserved.
+ * Copyright 2017 - 2019 Samsung Electronics All Rights Reserved.
*
* Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
*
#include <boost/noncopyable.hpp>
#include <mutex>
#include <memory>
-
-class asbtract_crypto_backend;
+#include "soresolver.h"
class dcm_server final : public boost::noncopyable, public std::enable_shared_from_this<dcm_server> {
public:
- dcm_server(boost::asio::io_service& io_service, boost::asio::local::stream_protocol::acceptor&& acceptor);
+ dcm_server(boost::asio::io_service& io_service, boost::asio::local::stream_protocol::acceptor&& acceptor, std::string lib_backend);
~dcm_server();
-
void start();
- std::shared_ptr<asbtract_crypto_backend> crypto_backend();
-
private:
void do_accept();
boost::asio::deadline_timer fTimer;
boost::asio::local::stream_protocol::acceptor fAcceptor;
std::mutex fLock;
- std::shared_ptr<asbtract_crypto_backend> fCryptoBackend;
+ std::shared_ptr<so_resolver> fSoResolver;
};
#endif /* DCM_DAEMON_DCMSERVER_H_ */
/******************************************************************
*
- * Copyright 2017 Samsung Electronics All Rights Reserved.
+ * Copyright 2017 - 2019 Samsung Electronics All Rights Reserved.
*
* Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
*
#include "logging.h"
#include "exception_translator.h"
#include "dcmserver.h"
-#include "cryptobackendroster.h"
#include "cert_utils.h"
-#include "mbedtls_wrapper.h"
+#include <mbedtls/error.h>
#include <mbedtls/md.h>
#include <mbedtls/pk.h>
#include <iostream>
unsigned int globalSessionCounter = 0;
-dcm_session::dcm_session(boost::asio::io_service& io_service, boost::asio::deadline_timer& timer, const std::shared_ptr<dcm_server>& server) :
+dcm_session::dcm_session(boost::asio::io_service& io_service,
+ boost::asio::deadline_timer& timer,
+ const std::shared_ptr<dcm_server>& server,
+ std::shared_ptr<so_resolver> soResolver) :
fService(io_service),
fTimer(timer),
fSocket(io_service),
- fServer(server)
+ fServer(server),
+ fSoResolver(soResolver)
{
BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Create new session object " << this;
globalSessionCounter++;
ResponseMessage msg;
auto * contextResponse = msg.mutable_associate_context();
- if(fCryptoContext) {
+ if(fBackendContext) {
contextResponse->set_result(EEXIST);
reply(msg);
return;
}
int error = run_with_exception_handler([&]() {
- auto backend = crypto_backend_roster::instance().choose_backend(message.service(), message.usage());
- if(!backend) {
+ bool loaded = fSoResolver->ensure_loaded();
+ if (loaded) {
+ //auto dcm_backend_context_deleter = [&resolver](dcm_backend_context *dcmBackendContext) {
+ // resolver.invoke<void, dcm_backend_context&>(
+ // nullptr,
+ // "dcm_backend_free_key_context",
+ // *dcmBackendContext
+ // );
+ //};
+ //fBackendContext = std::unique_ptr<dcm_backend_context, decltype(dcm_backend_context_deleter)>
+ // (new dcm_backend_context, dcm_backend_context_deleter);
+ fBackendContext = std::unique_ptr<dcm_backend_context>(new dcm_backend_context);
+
+ fSoResolver->invoke<void, dcm_backend_context&, const std::string&>(
+ nullptr,
+ "dcm_backend_create_key_context",
+ *fBackendContext,
+ message.key_type()
+ );
+
+ CryptoKeyType crypto_key_type = fSoResolver->invoke<CryptoKeyType, dcm_backend_context&>(
+ nullptr,
+ "dcm_backend_key_type",
+ *fBackendContext
+ );
+ contextResponse->set_key_type(crypto_key_type);
+
+ unsigned int crypto_key_length = fSoResolver->invoke<unsigned int, dcm_backend_context&>(
+ nullptr,
+ "dcm_backend_key_length",
+ *fBackendContext
+ );
+ contextResponse->set_key_length(crypto_key_length);
+ }
+ else {
BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "No crypto usable backend available";
throw std::invalid_argument("Unable to find crypto backend");
}
-
- fCryptoContext = backend->create_client_context(message.service(), message.usage(), message.key_type());
- fCookie = (uintptr_t)fCryptoContext.get();
-
- contextResponse->set_key_type(fCryptoContext->key_type());
- contextResponse->set_key_length(fCryptoContext->key_length());
+ fCookie = (uintptr_t)fBackendContext.get();
contextResponse->set_context_cookie(fCookie);
});
return;
}
- if(!fCryptoContext) {
+ if(!fBackendContext) {
BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Context not associated with connection";
certificateResponse->set_result(-EINVAL);
reply(msg);
std::string cert_chain;
x509_crt_rewriter parser;
- int error = fCryptoContext->request_certificate_chain(cert_chain);
+ int error;
+ bool loaded = fSoResolver->ensure_loaded();
+ if (loaded) {
+ error = fSoResolver->invoke<int, dcm_backend_context&, std::string&>(
+ nullptr,
+ "dcm_backend_request_certificate_chain",
+ *fBackendContext,
+ cert_chain
+ );
+ }
if(error != 0) {
certificateResponse->set_result(error);
}
if((error = parser.parse((const unsigned char *)cert_chain.c_str(), cert_chain.length())) != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Can't pase certificate : " << mbedtls_error_to_string(error);
+ char buffer[256];
+ mbedtls_strerror(error, buffer, sizeof(buffer));
+ BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Can't pase certificate : " << std::string(buffer);
throw std::runtime_error("Can't parse x509 certificate");
}
return;
}
- if(!fCryptoContext) {
+ if(!fBackendContext) {
BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Context not associated with connection";
signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
reply(msg);
}
}
- signingResponse->set_result(
- fCryptoContext->sign_crypto_data(message.digest_type(),
+ int error;
+ bool loaded = fSoResolver->ensure_loaded();
+ if (loaded) {
+ error = fSoResolver->invoke<int, dcm_backend_context&, MessageDigestType, const std::string&, std::string&>(
+ nullptr,
+ "dcm_backend_sign_crypto_data",
+ *fBackendContext,
+ message.digest_type(),
message.data_to_sign(),
- *signingResponse->mutable_signature()));
+ *signingResponse->mutable_signature()
+ );
+ }
+ signingResponse->set_result(error);
reply(msg);
}
/******************************************************************
*
- * Copyright 2017 Samsung Electronics All Rights Reserved.
+ * Copyright 2017 - 2019 Samsung Electronics All Rights Reserved.
*
* Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
*
#include <boost/asio.hpp>
#include <boost/noncopyable.hpp>
#include "dcm_support.pb.h"
-#include "abstractcryptobackendcontext.h"
#include <protobuf_asio.h>
+#include "dcm-backend-api.h"
+#include "soresolver.h"
#include <google/protobuf/io/coded_stream.h>
#include <google/protobuf/io/zero_copy_stream_impl.h>
public boost::noncopyable
{
public:
- dcm_session(boost::asio::io_service& io_service, boost::asio::deadline_timer& timer, const std::shared_ptr<dcm_server>& server);
+ dcm_session(boost::asio::io_service& io_service, boost::asio::deadline_timer& timer, const std::shared_ptr<dcm_server>& server, std::shared_ptr<so_resolver> soResolver);
~dcm_session();
void start();
protobuf_async_message_serialization fSerializer;
protobuf_async_message_deserialization fDeserializer;
std::weak_ptr<dcm_server> fServer;
- std::shared_ptr<abstract_crypto_backend_context> fCryptoContext;
+ std::shared_ptr<dcm_backend_context> fBackendContext;
+ std::shared_ptr<so_resolver> fSoResolver;
uint64_t fCookie = 0;
};
+++ /dev/null
-IF(ENABLE_DUMMY_BACKEND)
-
-find_program(OPENSSL_TOOL openssl)
-
-IF(NOT OPENSSL_TOOL)
- MESSAGE(FATAL_ERROR "openssl required to build dummy CA")
-ENDIF()
-
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key
- COMMAND ${OPENSSL_TOOL} genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key 1024)
-
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA.pem
- COMMAND ${OPENSSL_TOOL} req -x509 -new -nodes -key ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key
- -sha256 -days 1024 -out ${CMAKE_CURRENT_BINARY_DIR}/rootCA.pem
- -subj "/C=PL/ST=Test1/L=Test2/O=Dis/CN=www.example.com"
- DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key)
-
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key
- COMMAND ${OPENSSL_TOOL} ecparam -name secp521r1 -genkey -noout -out ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key)
-
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem
- COMMAND ${OPENSSL_TOOL} req -x509 -new -nodes -key ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key
- -sha256 -days 1024 -out ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem
- -subj "/C=PL/ST=Test1/L=Test2/O=Dis/CN=www.example.com"
- DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key)
-
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_key.c
- COMMAND $<TARGET_FILE:helper_bin2c> ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_key.c dummy_rootca_rsa_key
- DEPENDS helper_bin2c ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key)
-
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_cert.c
- COMMAND $<TARGET_FILE:helper_bin2c> ${CMAKE_CURRENT_BINARY_DIR}/rootCA.pem ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_cert.c dummy_rootca_rsa_cert
- DEPENDS helper_bin2c ${CMAKE_CURRENT_BINARY_DIR}/rootCA.pem)
-
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_key.c
- COMMAND $<TARGET_FILE:helper_bin2c> ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_key.c dummy_rootca_ecdsa_key
- DEPENDS helper_bin2c ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key)
-
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_cert.c
- COMMAND $<TARGET_FILE:helper_bin2c> ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_cert.c dummy_rootca_ecdsa_cert
- DEPENDS helper_bin2c ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem)
-
-add_library(dummy_backend_objects
- OBJECT
- dummycryptobackend.cpp
- dummycryptobackendcontext.cpp
- ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_key.c
- ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_cert.c
- ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_key.c
- ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_cert.c)
-
-add_dependencies(dummy_backend_objects protobuf_generated)
-
-ENDIF()
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "dummycryptobackend.h"
-#include "dummycryptobackendcontext.h"
-#include <cryptobackendroster.h>
-#include "logging.h"
-
-crypto_backend_registration<dummy_crypto_backend> dummy_crypto_backend::dummy_crypto_backend_registration;
-
-dummy_crypto_backend::dummy_crypto_backend() {
- BOOST_LOG_FUNCTION();
-}
-
-dummy_crypto_backend::~dummy_crypto_backend() {
- BOOST_LOG_FUNCTION();
-}
-
-std::shared_ptr<abstract_crypto_backend_context> dummy_crypto_backend::create_client_context(
- const std::string& serviceName,
- const std::string& usage,
- const std::string& key_type)
-{
- BOOST_LOG_FUNCTION();
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) <<
- "Create new client context for service" << serviceName <<
- " and usage " << usage <<
- " with key type " << key_type;
-
-
- return std::make_shared<dummy_crypto_backend_context>(key_type);
-}
-
-float dummy_crypto_backend::will_handle_service(const std::string&,
- const std::string&)
-{
- return 0.01f;
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifndef DCM_DAEMON_DUMMY_BACKEND_DUMMYCRYPTOBACKEND_H_
-#define DCM_DAEMON_DUMMY_BACKEND_DUMMYCRYPTOBACKEND_H_
-
-#include "abstractcryptobackend.h"
-#include "cryptobackendroster.h"
-
-class dummy_crypto_backend final : public asbtract_crypto_backend {
-public:
- dummy_crypto_backend();
- virtual ~dummy_crypto_backend();
-
- virtual std::shared_ptr<abstract_crypto_backend_context> create_client_context(
- const std::string& serviceName,
- const std::string& usage,
- const std::string& key_type) override;
-
- virtual float will_handle_service(const std::string& serviceName,
- const std::string& usage);
-
- static crypto_backend_registration<dummy_crypto_backend> dummy_crypto_backend_registration;
-};
-
-#endif /* DCM_DAEMON_DUMMY_BACKEND_DUMMYCRYPTOBACKEND_H_ */
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "dummycryptobackendcontext.h"
-#include <mbedtls/pk.h>
-#include <mbedtls/ctr_drbg.h>
-#include <iostream>
-#include "logging.h"
-
-extern "C" {
- extern size_t dummy_rootca_rsa_key_size;
- extern char dummy_rootca_rsa_key[];
- extern size_t dummy_rootca_rsa_cert_size;
- extern char dummy_rootca_rsa_cert[];
- extern size_t dummy_rootca_ecdsa_key_size;
- extern char dummy_rootca_ecdsa_key[];
- extern size_t dummy_rootca_ecdsa_cert_size;
- extern char dummy_rootca_ecdsa_cert[];
-}
-
-dummy_crypto_backend_context::dummy_crypto_backend_context(const std::string& keyType) {
- BOOST_LOG_FUNCTION();
- if(keyType.empty() || keyType == "RSA") {
- fKey = CRYPTO_KEY_TYPE_RSA;
- } else if(keyType == "ECDSA") {
- fKey = CRYPTO_KEY_TYPE_ECDSA;
- } else {
- throw std::invalid_argument("Unsupported key type");
- }
-
- mbedtls_entropy_init( &fEntropy );
- mbedtls_ctr_drbg_init( &fCtrDrbg );
-
- int ret = mbedtls_ctr_drbg_seed( &fCtrDrbg,
- mbedtls_entropy_func,
- &fEntropy,
- (const unsigned char *)this,
- sizeof(dummy_crypto_backend_context) );
-
- if(!ret) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Can't seed entropy source";
- mbedtls_ctr_drbg_free( &fCtrDrbg );
- mbedtls_entropy_free( &fEntropy );
- throw std::runtime_error("seed failure");
- }
-}
-
-dummy_crypto_backend_context::~dummy_crypto_backend_context() {
- BOOST_LOG_FUNCTION();
- mbedtls_ctr_drbg_free( &fCtrDrbg );
- mbedtls_entropy_free( &fEntropy );
-}
-
-int dummy_crypto_backend_context::request_certificate_chain(std::string& mutable_chain)
-{
- BOOST_LOG_FUNCTION();
- if(fKey == CRYPTO_KEY_TYPE_RSA) {
- mutable_chain.assign(dummy_rootca_rsa_cert, dummy_rootca_rsa_cert_size);
- } else {
- mutable_chain.assign(dummy_rootca_ecdsa_cert, dummy_rootca_ecdsa_cert_size);
- }
-
- return 0;
-}
-
-int dummy_crypto_backend_context::sign_crypto_data(MessageDigestType digestType,
- const std::string& dataToSign,
- std::string& digestResult)
-{
- BOOST_LOG_FUNCTION();
- int error;
-
- mbedtls_pk_context pk;
- mbedtls_pk_init(&pk);
-
- if(fKey == CRYPTO_KEY_TYPE_RSA) {
- error = mbedtls_pk_parse_key(&pk,
- (const unsigned char *)dummy_rootca_rsa_key,
- dummy_rootca_rsa_key_size + 1, // Include 0 byte for PEM
- nullptr, 0);
-
- } else {
- error = mbedtls_pk_parse_key(&pk,
- (const unsigned char *)dummy_rootca_ecdsa_key,
- dummy_rootca_ecdsa_key_size + 1, // Include 0 byte for PEM
- nullptr, 0);
- }
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Can't parse private key";
- mbedtls_pk_free(&pk);
- return error;
- }
-
- size_t sig_len = 0;
- digestResult.resize(MBEDTLS_MPI_MAX_SIZE);
-
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Maximum digest size is " << digestResult.size();
-
- error = mbedtls_pk_sign(&pk,
- static_cast<mbedtls_md_type_t>(digestType),
- (const unsigned char *)dataToSign.c_str(),
- dataToSign.size(),
- (unsigned char *)digestResult.c_str(),
- &sig_len,
- &mbedtls_ctr_drbg_random,
- &fCtrDrbg);
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Signature generation failed";
- } else {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Signature size is " << sig_len;
- digestResult.resize(sig_len);
- }
-
- mbedtls_pk_free(&pk);
-
- return error;
-}
-
-CryptoKeyType dummy_crypto_backend_context::dummy_crypto_backend_context::key_type()
-{
- return fKey;
-}
-
-unsigned int dummy_crypto_backend_context::key_length()
-{
- BOOST_LOG_FUNCTION();
- unsigned int keyLength = 0;
-
- mbedtls_pk_context pk;
- mbedtls_pk_init(&pk);
-
- if(fKey == CRYPTO_KEY_TYPE_RSA) {
- int error = mbedtls_pk_parse_key(&pk,
- (const unsigned char *)dummy_rootca_rsa_key,
- dummy_rootca_rsa_key_size + 1, // Include 0 byte for PEM
- nullptr, 0);
-
- assert(error == 0);
- assert(mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA);
- (void)error;
- } else {
- int error = mbedtls_pk_parse_key(&pk,
- (const unsigned char *)dummy_rootca_ecdsa_key,
- dummy_rootca_ecdsa_key_size + 1, // Include 0 byte for PEM
- nullptr, 0);
-
- assert(error == 0);
- assert(mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY);
- (void)error;
- }
-
- keyLength = mbedtls_pk_get_bitlen(&pk);
- mbedtls_pk_free(&pk);
-
- return keyLength;
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifndef DCM_DAEMON_DUMMY_BACKEND_DUMMYCRYPTOBACKENDCONTEXT_H_
-#define DCM_DAEMON_DUMMY_BACKEND_DUMMYCRYPTOBACKENDCONTEXT_H_
-
-#include "abstractcryptobackendcontext.h"
-#include <mbedtls/ctr_drbg.h>
-#include <mbedtls/entropy.h>
-
-class dummy_crypto_backend_context final : public abstract_crypto_backend_context {
-public:
- dummy_crypto_backend_context(const std::string& keyType);
- virtual ~dummy_crypto_backend_context();
-
- virtual int request_certificate_chain(std::string& mutable_chain) override;
-
- virtual int sign_crypto_data(MessageDigestType digestType, const std::string& dataToSign,
- std::string& digestResult) override;
-
- virtual CryptoKeyType key_type() override;
-
- virtual unsigned int key_length() override;
-
-private:
- CryptoKeyType fKey;
- mbedtls_entropy_context fEntropy;
- mbedtls_ctr_drbg_context fCtrDrbg;
-};
-
-#endif /* DCM_DAEMON_DUMMY_BACKEND_DUMMYCRYPTOBACKENDCONTEXT_H_ */
+++ /dev/null
-add_library(kse-backend
- OBJECT
- ksebackend.cpp
- ksebackendcontext.cpp)
-add_dependencies(kse-backend protobuf_generated)
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2019 Samsung Electronics All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifdef USE_KONAISE_HEADERS
-#include <konaise.h>
-#else
-
-#ifndef _KONAISE_SECURITY_H_
-#define _KONAISE_SECURITY_H_
-
-typedef struct _hal_init_param {
- uint32_t i2c_port;
- uint32_t gpio;
-} hal_init_param;
-
-
-typedef struct _hal_data {
- void *data;
- uint32_t data_len;
- void *priv;
-} hal_data;
-
-typedef enum {
- HAL_HASH_MD5,
- HAL_HASH_SHA1,
- HAL_HASH_SHA224,
- HAL_HASH_SHA256,
- HAL_HASH_SHA384,
- HAL_HASH_SHA512,
- HAL_HASH_UNKNOWN,
-} hal_hash_type;
-
-typedef enum {
- HAL_ECDSA_BRAINPOOL_P256R1,
- HAL_ECDSA_BRAINPOOL_P384R1,
- HAL_ECDSA_BRAINPOOL_P512R1,
- HAL_ECDSA_SEC_P256R1,
- HAL_ECDSA_SEC_P384R1,
- HAL_ECDSA_SEC_P512R1,
-} hal_ecdsa_curve;
-
-typedef struct _hal_ecdsa_mode {
- hal_ecdsa_curve curve;
- hal_hash_type hash_t;
-} hal_ecdsa_mode;
-
-
-#endif
-
-#endif
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2019 Samsung Electronics All Rights Reserved.
- *
- * Author: Dongsun Lee <ds73.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "ksebackend.h"
-#include "ksebackendcontext.h"
-#include "logging.h"
-#include <mutex>
-
-#include "konaise.h"
-
-#define KSE_LIB_NAME "libkonaise.so"
-
-crypto_backend_registration<kse_backend> kse_backend::kse_crypto_backend_registration;
-
-kse_backend::kse_backend() :
- fKseInitOK(false),
- fDllResolver(std::string(KSE_LIB_NAME))
-{
- BOOST_LOG_FUNCTION();
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Constructed KSE backend";
-}
-
-kse_backend::~kse_backend() {
- BOOST_LOG_FUNCTION();
- if(fKseInitOK) {
- try {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Deinitializing KSE backend";
- fDllResolver.invoke<void>(nullptr, "hal_deinit");
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Deinitialized KSE backend";
- } catch(...) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Exception caught when deinitializing KSE backend";
- }
- }
-}
-
-void kse_backend::initialize_kse() {
- if(fKseInitOK)
- return;
-
- BOOST_LOG_FUNCTION();
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Initializing KSE backend";
-
- std::unique_lock<std::mutex> locker(fKSEMutex);
-
- try {
- hal_init_param init_parm = {};
- int error = fDllResolver.invoke<int>(nullptr, "hal_init", &init_parm);
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "KSE framework init failure: " << error;
- fKseInitOK = false;
- } else {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "KSE framework initialized";
- fKseInitOK = true;
- }
- } catch(...) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Caught exception when initializing KSE backend";
- fKseInitOK = false;
- }
-}
-
-std::shared_ptr<abstract_crypto_backend_context> kse_backend::create_client_context(
- const std::string& serviceName,
- const std::string& usage,
- const std::string& key_type)
-{
- BOOST_LOG_FUNCTION();
- initialize_kse();
-
- if(!fKseInitOK)
- throw std::runtime_error("KSE not initialized");
-
- return std::make_shared<kse_backend_context>(std::static_pointer_cast<kse_backend>(shared_from_this()), key_type);
-}
-
-float kse_backend::will_handle_service(const std::string&,
- const std::string&)
-{
- BOOST_LOG_FUNCTION();
- if(!fDllResolver.ensure_loaded())
- return -1.0f;
-
- initialize_kse();
-
- if(!fKseInitOK)
- return -1.0f;
-
- return 1.0f;
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2019 Samsung Electronics All Rights Reserved.
- *
- * Author: Dongsun Lee <ds73.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-
-#ifndef DCM_DAEMON_KSE_BACKEND_KSEBACKEND_H_
-#define DCM_DAEMON_KSE_BACKEND_KSEBACKEND_H_
-
-#include "abstractcryptobackend.h"
-#include "cryptobackendroster.h"
-#include <dllresolver.h>
-#include <mutex>
-
-class kse_backend: public asbtract_crypto_backend
-{
-public:
- kse_backend();
- virtual ~kse_backend();
-
- virtual std::shared_ptr<abstract_crypto_backend_context> create_client_context(
- const std::string& serviceName,
- const std::string& usage,
- const std::string& key_type) override;
-
- virtual float will_handle_service(const std::string& serviceName,
- const std::string& usage);
-
- inline dll_resolver& get_dll_resolver() {
- return fDllResolver;
- }
-
- static crypto_backend_registration<kse_backend> kse_crypto_backend_registration;
-
-private:
- void initialize_kse();
-
-private:
- bool fKseInitOK = false;
- std::mutex fKSEMutex;
- dll_resolver fDllResolver;
-};
-
-#endif /* DCM_DAEMON_KSE_BACKEND_KSEBACKEND_H_ */
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2019 Samsung Electronics All Rights Reserved.
- *
- * Author: Dongsun Lee <ds73.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "ksebackendcontext.h"
-#include "logging.h"
-#include "konaise.h"
-#include "mbedtls_wrapper.h"
-#include "cert_utils.h"
-
-#include <mbedtls/pk.h>
-
-#include <mbedtls/asn1write.h>
-#include <boost/algorithm/hex.hpp>
-
-#define PRIVATE_KEY_INDEX 1
-#define SUBCA_CERT_INDEX 2
-#define LEAF_CERT_INDEX 3
-
-static int kse_get_certificate_key = 0;
-static int kse_get_ecdsa_signature_key = 1;
-
-kse_backend_context::kse_backend_context(std::shared_ptr<kse_backend> backend, const std::string& keyType) :
- fBackendPtr(backend)
-{
- BOOST_LOG_FUNCTION();
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug)
- << "Created new KSE with key " << keyType;
-
- if(keyType.empty() || keyType == "ECDSA") {
- fKeyType = CRYPTO_KEY_TYPE_ECDSA;
- } else {
- throw std::invalid_argument("Unsupported key type");
- }
-
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug)
- << "Created new KSE context at " << this;
-}
-
-kse_backend_context::~kse_backend_context()
-{
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug)
- << "Deleting KSE context " << this;
-}
-
-int kse_backend_context::get_certificate(unsigned int index, std::string& outcert)
-{
- hal_data cert = {0};
- const char *method_name = "hal_get_certificate";
-
- auto backend = fBackendPtr.lock();
- if(!backend) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error)
- << "Unable to acquire backend pointer";
- return -EINVAL;
- }
-
- auto& resolver(backend->get_dll_resolver());
- int error = resolver.invoke<int, unsigned int, hal_data *>(&kse_get_certificate_key,
- method_name, index, &cert);
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error)
- << "Failed to get certificate. error=" << error;
- return -EINVAL;
- }
-
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug)
- << "KSE: Got certificate with " << cert.data_len
- << " bytes and index " << index;
-#endif
- try {
- outcert.assign((const char *)cert.data, cert.data_len);
- } catch(...) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error)
- << "KSE: Got exception when assigning data";
- free(cert.data);
- throw;
- }
- free(cert.data);
-
- return 0;
-}
-
-int kse_backend_context::request_certificate_chain(std::string& mutable_chain)
-{
- BOOST_LOG_FUNCTION();
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug)
- << "KSE : Request certificate chain";
-#endif
-
- std::string leaf_cert;
- std::string subca_cert;
-
- int error = 0;
-
- if(error = get_certificate(LEAF_CERT_INDEX, leaf_cert))
- return error;
- if(error = get_certificate(SUBCA_CERT_INDEX, subca_cert))
- return error;
-
- x509_crt_rewriter cert_writer;
- if(error = cert_writer.parse(reinterpret_cast<const unsigned char *>(leaf_cert.c_str()),
- leaf_cert.length()+1)) {
- return error;
- }
- if(error = cert_writer.parse(reinterpret_cast<const unsigned char *>(subca_cert.c_str()),
- subca_cert.length()+1)) {
- return error;
- }
- cert_writer.sort_chain();
-
- mutable_chain.append(cert_writer.emit_pem());
-
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug)
- << "Requested certificate in " << this;
-#endif
-
- return 0;
-}
-
-int kse_backend_context::sign_crypto_data(MessageDigestType digestType, const std::string& dataToSign,
- std::string& digestResult)
-{
- BOOST_LOG_FUNCTION();
- hal_data hashed_data = { };
- hal_data signed_data = { };
-
- hashed_data.data = (void *)dataToSign.c_str();
- hashed_data.data_len = dataToSign.size();
-
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "KSE: Sign " << hashed_data.data_len << " bytes";
-
- auto backend = fBackendPtr.lock();
-
- if(!backend) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Unable to acquire backend pointer";
- return -EINVAL;
- }
-
- auto& resolver(backend->get_dll_resolver());
-
-#ifdef ENABLE_DEBUG_LODDING
- try {
- std::string hex;
- boost::algorithm::hex((const unsigned char *)hashed_data.data,
- (const unsigned char *)hashed_data.data + hashed_data.data_len,
- std::back_inserter(hex));
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Hashed data is " << hex;
- } catch(...) {
- }
-#endif
-
- const char *method_name = "hal_ecdsa_sign_md";
- hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, HAL_HASH_UNKNOWN};
-
- int error = resolver.invoke<int, hal_data *, unsigned int, hal_ecdsa_mode *, hal_data *>(
- &kse_get_ecdsa_signature_key, method_name,
- &hashed_data, PRIVATE_KEY_INDEX, &mode, &signed_data);
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
- "Unable to generate ECDSA signature in " <<
- this <<
- " (" << error << ") : " <<
- mbedtls_error_to_string(error);
-
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Signature length is " << signed_data.data_len;
-
- try {
- std::string hex;
- boost::algorithm::hex((const unsigned char *)signed_data.data,
- (const unsigned char *)signed_data.data + signed_data.data_len,
- std::back_inserter(hex));
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Hex signature is " << hex;
- } catch(...) {
- }
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "KSE: Generated ECDSA signature";
-#endif
-
- digestResult.assign((const char *)signed_data.data, signed_data.data_len);
-
- free(signed_data.data);
- return 0;
-}
-
-CryptoKeyType kse_backend_context::key_type()
-{
- return fKeyType;
-}
-
-unsigned int kse_backend_context::key_length()
-{
- return 256;
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2019 Samsung Electronics All Rights Reserved.
- *
- * Author: Dongsun Lee <ds73.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifndef DCM_DAEMON_KSE_BACKEND_KSEBACKENDCONTEXT_H_
-#define DCM_DAEMON_KSE_BACKEND_KSEBACKENDCONTEXT_H_
-
-#include "abstractcryptobackendcontext.h"
-#include "ksebackend.h"
-
-class kse_backend_context final : public abstract_crypto_backend_context {
-public:
- kse_backend_context(std::shared_ptr<kse_backend> backend, const std::string& keyType);
- virtual ~kse_backend_context();
-
- virtual int request_certificate_chain(std::string& mutable_chain) override;
-
- virtual int sign_crypto_data(MessageDigestType digestType, const std::string& dataToSign,
- std::string& digestResult) override;
-
- virtual CryptoKeyType key_type() override;
-
- virtual unsigned int key_length() override;
-
-private:
- int get_certificate(unsigned int index, std::string& cert);
-
-private:
- CryptoKeyType fKeyType;
- std::weak_ptr<kse_backend> fBackendPtr;
-};
-
-#endif /* DCM_DAEMON_KSE_BACKEND_KSEBACKENDCONTEXT_H_ */
#if defined(NDEBUG) && !defined(DEBUG)
#else
-#define ENABLE_DEBUG_LODDING 1
+#define ENABLE_DEBUG_LOGGING 1
#endif
#endif /* DCM_DAEMON_LOGGING_H_ */
sink->locked_backend()->set_severity_mapper(mapping);
sink->locked_backend()->set_log_domain(LOG_TAG);
-#ifndef ENABLE_DEBUG_LODDING
+#ifndef ENABLE_DEBUG_LOGGING
sink->set_filter(_severity >= log_severity::normal);
#endif
BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Create platform socket";
- auto server(std::make_shared<dcm_server>(io_service, serviceAdapter.create_platform_socket_acceptor(io_service)));
+ std::string lib_backend = "libdcm-backend-api.so.1.0";
+ auto server(std::make_shared<dcm_server>(io_service, serviceAdapter.create_platform_socket_acceptor(io_service), lib_backend));
boost::asio::signal_set hup_signals(io_service, SIGHUP);
+++ /dev/null
-add_library(see-backend
- OBJECT
- seebackend.cpp
- seebackendcontext.cpp)
-
-add_dependencies(see-backend protobuf_generated)
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 - 2018 Samsung Electronics All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifdef USE_ARTIK_SECURITY_HEADERS
-#include <artik/security.h>
-#else
-
-#ifndef _ARTIK_SECURITY_H_
-#define _ARTIK_SECURITY_H_
-
-typedef struct {
- void *data;
- unsigned int length;
-} see_data;
-
-typedef enum {
- ECDSA_SEC_P256R1 = 3 /**< nist curve for P256r1 */
-} see_ecdsa_curve;
-
-#endif
-
-#endif
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "seebackend.h"
-#include "seebackendcontext.h"
-#include "logging.h"
-#include <mutex>
-
-#include "artik_security.h"
-
-crypto_backend_registration<see_backend> see_backend::see_crypto_backend_registration;
-
-see_backend::see_backend() :
- fSeeInitOK(false),
- fDllResolver(std::string("libartik-security.so.0"))
-{
- BOOST_LOG_FUNCTION();
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Constructed SEE backend";
-}
-
-see_backend::~see_backend() {
- BOOST_LOG_FUNCTION();
- if(fSeeInitOK) {
- try {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Deinitializing SEE backend";
- fDllResolver.invoke<void>(nullptr, "see_deinit");
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Deinitialized SEE backend";
- } catch(...) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Exception caught when deinitializing SEE backend";
- }
- }
-}
-
-void see_backend::initialize_see() {
- if(fSeeInitOK)
- return;
-
- BOOST_LOG_FUNCTION();
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Initializing SEE backend";
-
- std::unique_lock<std::mutex> locker(fSEEMutex);
-
- try {
- int error = fDllResolver.invoke<int>(nullptr, "see_init", "TEST_ID", "TEST_PASSWORD");
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "SEE framework init failure: " << error;
- fSeeInitOK = false;
- } else {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "SEE framework initialized";
- fSeeInitOK = true;
- }
- } catch(...) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Caught exception when initializing SEE backend";
- fSeeInitOK = false;
- }
-}
-
-std::shared_ptr<abstract_crypto_backend_context> see_backend::create_client_context(
- const std::string& serviceName,
- const std::string& usage,
- const std::string& key_type)
-{
- BOOST_LOG_FUNCTION();
- initialize_see();
-
- if(!fSeeInitOK)
- throw std::runtime_error("SEE not initialized");
-
- return std::make_shared<see_backend_context>(std::static_pointer_cast<see_backend>(shared_from_this()), key_type);
-}
-
-float see_backend::will_handle_service(const std::string&,
- const std::string&)
-{
- BOOST_LOG_FUNCTION();
- if(!fDllResolver.ensure_loaded())
- return -1.0f;
-
- initialize_see();
-
- if(!fSeeInitOK)
- return -1.0f;
-
- return 1.0f;
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-
-#ifndef DCM_DAEMON_SEE_BACKEND_SEEBACKEND_H_
-#define DCM_DAEMON_SEE_BACKEND_SEEBACKEND_H_
-
-#include "abstractcryptobackend.h"
-#include "cryptobackendroster.h"
-#include <dllresolver.h>
-#include <mutex>
-
-class see_backend: public asbtract_crypto_backend
-{
-public:
- see_backend();
- virtual ~see_backend();
-
- virtual std::shared_ptr<abstract_crypto_backend_context> create_client_context(
- const std::string& serviceName,
- const std::string& usage,
- const std::string& key_type) override;
-
- virtual float will_handle_service(const std::string& serviceName,
- const std::string& usage);
-
- inline dll_resolver& get_dll_resolver() {
- return fDllResolver;
- }
-
- static crypto_backend_registration<see_backend> see_crypto_backend_registration;
-
-private:
- void initialize_see();
-
-private:
- bool fSeeInitOK = false;
- std::mutex fSEEMutex;
- dll_resolver fDllResolver;
-};
-
-#endif /* DCM_DAEMON_SEE_BACKEND_SEEBACKEND_H_ */
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include "seebackendcontext.h"
-#include "logging.h"
-#include "artik_security.h"
-#include "mbedtls_wrapper.h"
-#include "cert_utils.h"
-
-#include <mbedtls/pk.h>
-
-#include <mbedtls/asn1write.h>
-#include <boost/algorithm/hex.hpp>
-
-static int see_get_certificate_key = 0;
-static int see_get_ecdsa_signature_key;
-
-see_backend_context::see_backend_context(std::shared_ptr<see_backend> backend, const std::string& keyType) :
- fBackendPtr(backend)
-{
- BOOST_LOG_FUNCTION();
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Created new SEE with key " << keyType;
-
- if(keyType.empty() || keyType == "ECDSA") {
- fKeyType = CRYPTO_KEY_TYPE_ECDSA;
- } else {
- throw std::invalid_argument("Unsupported key type");
- }
-
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Created new SEE context at " << this;
-}
-
-see_backend_context::~see_backend_context()
-{
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Deleting SEE context " << this;
-}
-
-int see_backend_context::request_certificate_chain(std::string& mutable_chain)
-{
- BOOST_LOG_FUNCTION();
- see_data cert;
-
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "SEE : Request certificate chain";
-#endif
-
- auto backend = fBackendPtr.lock();
-
- if(!backend) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Unable to acquire backend pointer";
- return -EINVAL;
- }
-
- auto& resolver(backend->get_dll_resolver());
-
- int error = resolver.invoke<int, const char *, see_data *>(&see_get_certificate_key, "see_get_certificate", "ARTIK/0", &cert);
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Can't invoke get certificate function";
- return -EINVAL;
- }
-
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "SEE: Got certificate with " << cert.length << " bytes";
-#endif
-
- try {
- mutable_chain.assign((const char *)cert.data, cert.length);
- } catch(...) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "SEE: Got exception when assigning data";
- free(cert.data);
- throw;
- }
-
- free(cert.data);
-
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Requested certificate in " << this;
-#endif
-
- return 0;
-}
-
-static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
- unsigned char *sig, size_t *slen )
-{
- int ret;
- unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
- unsigned char *p = buf + sizeof( buf );
- size_t len = 0;
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) );
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
- memcpy( sig, p, len );
- *slen = len;
-
- return 0;
-}
-
-int see_backend_context::sign_crypto_data(MessageDigestType digestType, const std::string& dataToSign,
- std::string& digestResult)
-{
- BOOST_LOG_FUNCTION();
- see_data hashed_data = { };
- see_data signed_data = { };
-
- hashed_data.data = (void *)dataToSign.c_str();
- hashed_data.length = dataToSign.size();
-
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "SEE: Sign " << hashed_data.length << " bytes";
-
- auto backend = fBackendPtr.lock();
-
- if(!backend) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Unable to acquire backend pointer";
- return -EINVAL;
- }
-
- auto& resolver(backend->get_dll_resolver());
-
-#ifdef ENABLE_DEBUG_LODDING
- try {
- std::string hex;
- boost::algorithm::hex((const unsigned char *)hashed_data.data,
- (const unsigned char *)hashed_data.data + hashed_data.length,
- std::back_inserter(hex));
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Hashed data is " << hex;
- } catch(...) {
- }
-#endif
-
- int error = resolver.invoke<int, see_ecdsa_curve, const char *, see_data, see_data *>(
- &see_get_ecdsa_signature_key,
- "see_get_ecdsa_signature",
- ECDSA_SEC_P256R1,
- "ARTIK/0",
- hashed_data,
- &signed_data);
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
- "Unable to generate ECDSA signature in " <<
- this <<
- " (" << error << ") : " <<
- mbedtls_error_to_string(error);
-
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Signature length is " << signed_data.length;
-
- try {
- std::string hex;
- boost::algorithm::hex((const unsigned char *)signed_data.data,
- (const unsigned char *)signed_data.data + signed_data.length,
- std::back_inserter(hex));
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Hex signature is " << hex;
- } catch(...) {
- }
-#endif
-
- if(signed_data.length != 64) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
- "Incorrect length of signed data " <<
- signed_data.length <<
- " but should be 64";
-
- free(signed_data.data);
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
-#ifdef ENABLE_DEBUG_LODDING
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "SEE: Generated ECDSA signature";
-#endif
-
- size_t sig_len = 0;
- unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
- mbedtls_mpi_wrapper r, s;
-
- error = r.read_binary((const unsigned char *)signed_data.data, 32);
-
- if(error == 0) {
- error = s.read_binary(((const unsigned char *)signed_data.data) + 32, 32);
- }
-
- free(signed_data.data);
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
- "Unable to unserialize binary numbers : " <<
- mbedtls_error_to_string(error);
- return error;
- }
-
- error = ecdsa_signature_to_asn1(&r, &s, sig, &sig_len);
-
- if(error != 0) {
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
- "Unable to convert ECDSA signature : " <<
- mbedtls_error_to_string(error);
- return error;
- }
-
-#ifdef ENABLE_DEBUG_LODDING
- try {
- std::string hex;
- boost::algorithm::hex(sig, sig + sig_len, std::back_inserter(hex));
- BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Final signature is " << hex;
- } catch(...) {
- }
-#endif
-
- digestResult.assign((const char *)sig, sig_len);
- return 0;
-}
-
-CryptoKeyType see_backend_context::key_type()
-{
- return fKeyType;
-}
-
-unsigned int see_backend_context::key_length()
-{
- return 256;
-}
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2017 Samsung Electronics All Rights Reserved.
- *
- * Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#ifndef DCM_DAEMON_SEE_BACKEND_SEEBACKENDCONTEXT_H_
-#define DCM_DAEMON_SEE_BACKEND_SEEBACKENDCONTEXT_H_
-
-#include "abstractcryptobackendcontext.h"
-#include "seebackend.h"
-
-class see_backend_context final : public abstract_crypto_backend_context {
-public:
- see_backend_context(std::shared_ptr<see_backend> backend, const std::string& keyType);
- virtual ~see_backend_context();
-
- virtual int request_certificate_chain(std::string& mutable_chain) override;
-
- virtual int sign_crypto_data(MessageDigestType digestType, const std::string& dataToSign,
- std::string& digestResult) override;
-
- virtual CryptoKeyType key_type() override;
-
- virtual unsigned int key_length() override;
-
-private:
- void fix_certificate_chain(std::string& cert_chain);
-
-private:
- CryptoKeyType fKeyType;
- std::weak_ptr<see_backend> fBackendPtr;
-};
-
-#endif /* DCM_DAEMON_SEE_BACKEND_SEEBACKENDCONTEXT_H_ */
/******************************************************************
*
- * Copyright 2017 Samsung Electronics All Rights Reserved.
+ * Copyright 2017 - 2019 Samsung Electronics All Rights Reserved.
*
* Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
*
*
******************************************************************/
-#include "dllresolver.h"
+#include "soresolver.h"
#include "logging.h"
#include <dlfcn.h>
-dll_resolver::dll_resolver(const std::string& libraryName) :
+so_resolver::so_resolver(const std::string& libraryName) :
fLibraryName(libraryName),
fLibraryHandle(nullptr)
{
}
-dll_resolver::~dll_resolver()
+so_resolver::~so_resolver()
{
if(fLibraryHandle.load(std::memory_order_relaxed)) {
BOOST_LOG_SEV(dcm_logger::get(), log_severity::debug) << "Unloading library " << fLibraryName;
}
}
-void * dll_resolver::resolve_function(const int * key_ptr, const char * name) noexcept
+void * so_resolver::resolve_function(const int * key_ptr, const char * name) noexcept
{
BOOST_LOG_FUNCTION();
return nullptr;
}
-bool dll_resolver::ensure_loaded() noexcept
+bool so_resolver::ensure_loaded() noexcept
{
BOOST_LOG_FUNCTION();
/******************************************************************
*
- * Copyright 2017 Samsung Electronics All Rights Reserved.
+ * Copyright 2017 - 2019 Samsung Electronics All Rights Reserved.
*
* Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
*
*
******************************************************************/
-#ifndef DCM_DAEMON_DLLRESOLVER_H_
-#define DCM_DAEMON_DLLRESOLVER_H_
+#ifndef DCM_DAEMON_SORESOLVER_H_
+#define DCM_DAEMON_SORESOLVER_H_
#include <boost/noncopyable.hpp>
#include <string>
#include <map>
#include <mutex>
-class dll_resolver : public boost::noncopyable {
+class so_resolver : public boost::noncopyable {
public:
- dll_resolver(const std::string& libraryName);
- ~dll_resolver();
+ so_resolver(const std::string& libraryName);
+ ~so_resolver();
bool ensure_loaded() noexcept;
void * resolve_function(const int * key_ptr, const char * name) noexcept;
std::map<const int *, void *> fCache;
};
-#endif /* DCM_DAEMON_DLLRESOLVER_H_ */
+#endif /* DCM_DAEMON_SORESOLVER_H_ */
BuildRequires: cmake
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(libsystemd-daemon)
-BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: pkgconfig(iotivity)
BuildRequires: pkgconfig(protobuf)
BuildRequires: pkgconfig(cynara-client)
BuildRequires: pkgconfig(cynara-creds-socket)
BuildRequires: pkgconfig(cynara-session)
BuildRequires: boost-devel
-BuildRequires: openssl
Summary: Device Certificate Manager
Group: Security/Libraries
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
-Requires: protobuf
Requires: boost-chrono
Requires: boost-date-time
Requires: boost-log
%description -n device-certificate-manager-devel
Device Certificate Manager development headers and libraries
+%package -n device-certificate-manager-backend-devel
+Summary: Device Certificate Manager backend (development)
+Group: Security/Development
+
+%description -n device-certificate-manager-backend-devel
+Device Certificate Manager backend development header
+
%package -n device-certificate-manager-tests
Summary: Internal tests for Device Certificate Manager
Group: Security/Testing
+BuildRequires: openssl
Requires: device-certificate-manager = %{version}-%{release}
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
-DSYSTEMD_UNIT_DIR=%{_unitdir} \
-DUSER_NAME=%{user_name} \
-DGROUP_NAME=%{group_name} \
- -DSMACK_DOMAIN_NAME=%{smack_domain_name}
+ -DSMACK_DOMAIN_NAME=%{smack_domain_name} \
+ -DRPM_DIR=%{_sysconfdir}/rpm
make %{?jobs:-j%jobs}
%manifest %{name}.manifest
%license LICENSE
%{_libdir}/libdevice-certificate-manager.so
-%{_includedir}/device-certificate-manager/*.h
-%{_libdir}/pkgconfig/*.pc
+%{_includedir}/device-certificate-manager/device_certificate_manager_export.h
+%{_includedir}/device-certificate-manager/dcm_client.h
+%{_includedir}/device-certificate-manager/device_certificate_manager.h
+%{_libdir}/pkgconfig/device-certificate-manager.pc
+
+%files backend-devel
+%manifest %{name}.manifest
+%license LICENSE
+%{_includedir}/device-certificate-manager-backend/dcm-backend-api.h
+%{_includedir}/device-certificate-manager-backend/dcm_support.pb.h
+%{_libdir}/pkgconfig/device-certificate-manager-backend.pc
+%{_sysconfdir}/rpm/macros.dcm-backend-api
%files tests
%manifest %{name}.manifest
%license LICENSE
-%{_bindir}/dcm_example_client
-%{_bindir}/dcm_example_capi
%{_bindir}/dcm_api_test
+%{_bindir}/dcm_example_capi
+%{_bindir}/dcm_example_client
%{_bindir}/dcm_test_cert_rewriter
-%{_bindir}/dcm_konaise_tool
--- /dev/null
+# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file pkgconfig/CMakeLists.txt
+# @author Pawel Kowalski <p.kowalski2@partner.samsung.com>
+#
+
+CONFIGURE_FILE(device-certificate-manager.pc.in
+ ${CMAKE_CURRENT_BINARY_DIR}/device-certificate-manager.pc
+ @ONLY
+)
+
+CONFIGURE_FILE(device-certificate-manager-backend.pc.in
+ ${CMAKE_CURRENT_BINARY_DIR}/device-certificate-manager-backend.pc
+ @ONLY
+)
+
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/device-certificate-manager.pc
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig
+)
+
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/device-certificate-manager-backend.pc
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig
+)
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=${prefix}/include
+
+Name: device-certificate-manager-backend
+Description: Device Certificate Manager Backend Package
+Version: @VERSION@
+Requires: iotivity
+Cflags: -I${includedir}/device-certificate-manager-backend
--- /dev/null
+# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file rpm/CMakeLists.txt
+# @author Pawel Kowalski (p.kowalski2@partner.samsung.com)
+#
+
+CONFIGURE_FILE(macros.dcm-backend-api.in
+ ${CMAKE_CURRENT_BINARY_DIR}/macros.dcm-backend-api
+ @ONLY
+)
+
+INSTALL(FILES macros.dcm-backend-api
+ DESTINATION ${RPM_DIR}
+)
--- /dev/null
+# RPM macros for package device-certificate-manager
+
+%dcm_backend_api() %(echo dcm-backend-api)
/******************************************************************
*
- * Copyright 2017 Samsung Electronics All Rights Reserved.
+ * Copyright 2017 - 2019 Samsung Electronics All Rights Reserved.
*
* Author: Jaroslaw Pelczar <j.pelczar@samsung.com>
*
#define BOOST_TEST_MODULE Cert Parser
#include <boost/test/unit_test.hpp>
-#include <mbedtls_wrapper.h>
+#include "mbedtls_wrapper.h"
#include <mbedtls/pem.h>
#include <cert_utils.h>
#include <cstdio>
add_executable(helper_bin2c
bin2c.c)
-
-#######################################################################################
-# For SE_KONAI
-ADD_DEFINITIONS(-DBOOST_LOG_DYN_LINK)
-include_directories(${Boost_INCLUDE_DIRS})
-link_directories(${Boost_LIBRARY_DIRS})
-
-include_directories(../dcm-daemon ../dcm-daemon/konaise-backend)
-
-add_executable(dcm_konaise_tool
- ../dcm-daemon/dllresolver.cpp
- konaise_tool.cpp)
-target_link_libraries(dcm_konaise_tool
- ${Boost_LOG_LIBRARY}
- device-certificate-manager
- dl)
-install(TARGETS dcm_konaise_tool RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
-#######################################################################################
-
+++ /dev/null
-/******************************************************************
- *
- * Copyright 2019 Samsung Electronics All Rights Reserved.
- *
- * Author: Dongsun Lee <ds73.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- ******************************************************************/
-
-#include <iostream>
-#include <fstream>
-#include <vector>
-#include <dllresolver.h>
-#include "konaise.h"
-
-#define KSE_LIB_NAME "libkonaise.so"
-
-static int kse_cert_get = 0x00;
-static int kse_cert_add = 0x01;
-static int kse_cert_del = 0x02;
-static int kse_key_get = 0x10;
-static int kse_key_add = 0x11;
-static int kse_key_del = 0x12;
-static int kse_ec_sign = 0x21;
-static int kse_ec_verify= 0x22;
-
-
-typedef enum {
- /* AES */
- HAL_KEY_AES_128,// 128 bits aes algorithm
- HAL_KEY_AES_192, // 192 bits aes algorithm
- HAL_KEY_AES_256, // 256 bits aes algorithm
- /* RSA */
- HAL_KEY_RSA_1024, // 1024 bits rsa algorithm
- HAL_KEY_RSA_2048, // 2048 bits rsa algorithm
- HAL_KEY_RSA_3072, // 3072 bits rsa algorithm
- HAL_KEY_RSA_4096,
- /* ECC: it doesn't support whole algorithm that mbedTLS support. it's have to be added*/
- HAL_KEY_ECC_BRAINPOOL_P256R1, // ecc brainpool curve for p256r1
- HAL_KEY_ECC_BRAINPOOL_P384R1, // ecc brainpool curve for p384r1
- HAL_KEY_ECC_BRAINPOOL_P512R1, // ecc brainpool curve for p512r1
- HAL_KEY_ECC_SEC_P256R1, // nist curve for p256r1
- HAL_KEY_ECC_SEC_P384R1, // nist curve for p384r1
- HAL_KEY_ECC_SEC_P512R1, // nist curve for p512r1
- /* Hmac */
- HAL_KEY_HMAC_MD5, // hmac with md5
- HAL_KEY_HMAC_SHA1, // hmac with sha1
- HAL_KEY_HMAC_SHA224, // hmac with sha224
- HAL_KEY_HMAC_SHA256, // hmac with sha256
- HAL_KEY_HMAC_SHA384, // hmac with sha384
- HAL_KEY_HMAC_SHA512, // hmac with sha512
- /* DH */
- HAL_KEY_DH_1024,
- HAL_KEY_DH_2048,
- HAL_KEY_UNKNOWN,
-} hal_key_type;
-
-
-class SEKonai {
-public:
- SEKonai(const std::string& libraryName) :
- fDllResolver(libraryName)
- {
- loaded = fDllResolver.ensure_loaded();
- }
-
- ~SEKonai(){
- }
-
- bool is_loaded() {
- return loaded;
- }
-
- void get_cert(int idx, const std::string& fileName){
- hal_data cert = {0};
-
- const char *method_name = "hal_get_certificate";
- int error = fDllResolver.invoke<int, unsigned int, hal_data *>(&kse_cert_get,
- method_name, idx, &cert);
- if(error == 0) {
- write_file(fileName, cert);
- std::cout << "SUCCEEDED in " << method_name << "." << std::endl;
- } else {
- std::cout << "FAILED in " << method_name << ". ERROR=" << error << std::endl;
- }
- }
-
- void get_key(hal_key_type key_type, int idx, const std::string& fileName) {
- hal_data data = {0};
- const char *method_name = "hal_get_key";
- int error = fDllResolver.invoke<int, hal_key_type, unsigned int, hal_data *>(&kse_key_get,
- method_name, key_type, idx, &data);
- if(error == 0) {
- write_file(fileName, data);
- std::cout << "SUCCEEDED in " << method_name << "." << std::endl;
- } else {
- std::cout << "FAILED in " << method_name << ". ERROR=" << error << std::endl;
- }
- }
-
- void add_cert(const std::string& fileName, int idx) {
- hal_data *data = read_file(fileName);
- const char *method_name = "hal_set_certificate";
- int error = fDllResolver.invoke<int, unsigned int, hal_data *>(&kse_cert_add,
- method_name, idx, data);
- if(error == 0) {
- std::cout << "SUCCEEDED in " << method_name << "." << std::endl;
- } else {
- std::cout << "FAILED in " << method_name << ". ERROR=" << error << std::endl;
- }
- free_hal_data(data);
- }
-
- void add_key(const std::string& fileName, hal_key_type key_type, int idx,
- const std::string& privFileName) {
- hal_data *key = read_file(fileName);
- hal_data *priKey = {0};
- if(privFileName.size() != 0)
- priKey = read_file(privFileName);
- const char *method_name = "hal_set_key";
- int error = fDllResolver.invoke<int, hal_key_type, unsigned int, hal_data *, hal_data *>(
- &kse_key_add, method_name, key_type, idx, key, priKey);
- if(error == 0) {
- std::cout << "SUCCEEDED in " << method_name << "." << std::endl;
- } else {
- std::cout << "FAILED in " << method_name << ". ERROR=" << error << std::endl;
- }
- free_hal_data(key);
- free_hal_data(priKey);
- }
-
- void del_cert(int idx) {
- const char *method_name = "hal_remove_certificate";
- int error = fDllResolver.invoke<int, unsigned int>(&kse_key_del, method_name, idx);
- if(error == 0) {
- std::cout << "SUCCEEDED in " << method_name << "." << std::endl;
- } else {
- std::cout << "FAILED in " << method_name << ". ERROR=" << error << std::endl;
- }
- }
-
- void del_key(hal_key_type key_type, int idx) {
- const char *method_name = "hal_remove_key";
- int error = fDllResolver.invoke<int, hal_key_type, unsigned int>(&kse_key_del, method_name,
- key_type, idx);
- if(error == 0) {
- std::cout << "SUCCEEDED in " << method_name << "." << std::endl;
- } else {
- std::cout << "FAILED in " << method_name << ". ERROR=" << error << std::endl;
- }
- }
-
- void ec_sec_p256r1_sign(std::string hash_file, int key_idx, std::string sig_file) {
- hal_data *hashed_data = read_file(hash_file);
- hal_data signed_data = {0};
-
- const char *method_name = "hal_ecdsa_sign_md";
- hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, HAL_HASH_UNKNOWN};
- int error = fDllResolver.invoke<int, hal_data *,
- unsigned int, hal_ecdsa_mode *, hal_data *>(
- &kse_ec_sign, method_name,
- hashed_data, key_idx, &mode, &signed_data);
- if(error == 0) {
- write_file(sig_file, signed_data);
- std::cout << "SUCCEEDED in " << method_name << "." << std::endl;
- } else {
- std::cout << "FAILED in " << method_name << ". ERROR=" << error << std::endl;
- }
- free_hal_data(hashed_data);
- free(signed_data.data);
- }
-
- void ec_sec_p256r1_verify(std::string hash_file, int key_idx, std::string sig_file) {
- // ec_sign hash_file key_index key_type sigfile(out)
- hal_data *hashed_data = read_file(hash_file);
- hal_data *signed_data = read_file(sig_file);
-
- const char *method_name = "hal_ecdsa_verify_md";
- hal_ecdsa_mode mode = {HAL_ECDSA_SEC_P256R1, HAL_HASH_UNKNOWN};
- int error = fDllResolver.invoke<int, hal_ecdsa_mode, hal_data *, hal_data *,
- unsigned int>(
- &kse_ec_verify, method_name,
- mode, hashed_data, signed_data, key_idx);
- if(error == 0) {
- std::cout << "SUCCEEDED in " << method_name << "." << std::endl;
- } else {
- std::cout << "FAILED in " << method_name << ". ERROR=" << error << std::endl;
- }
- free_hal_data(hashed_data);
- free_hal_data(signed_data);
- }
-
- hal_key_type get_key_type(const std::string& keyType) {
- if(keyType.compare("HAL_KEY_AES_128") == 0) return HAL_KEY_AES_128;
- if(keyType.compare("HAL_KEY_AES_192") == 0) return HAL_KEY_AES_192;
- if(keyType.compare("HAL_KEY_AES_256") == 0) return HAL_KEY_AES_256;
- if(keyType.compare("HAL_KEY_RSA_1024") == 0) return HAL_KEY_RSA_1024;
- if(keyType.compare("HAL_KEY_RSA_2048") == 0) return HAL_KEY_RSA_2048;
- if(keyType.compare("HAL_KEY_RSA_3072") == 0) return HAL_KEY_RSA_3072;
- if(keyType.compare("HAL_KEY_RSA_4096") == 0) return HAL_KEY_RSA_4096;
- if(keyType.compare("HAL_KEY_ECC_BRAINPOOL_P256R1") == 0) return HAL_KEY_ECC_BRAINPOOL_P256R1;
- if(keyType.compare("HAL_KEY_ECC_BRAINPOOL_P384R1") == 0) return HAL_KEY_ECC_BRAINPOOL_P384R1;
- if(keyType.compare("HAL_KEY_ECC_BRAINPOOL_P512R1") == 0) return HAL_KEY_ECC_BRAINPOOL_P512R1;
- if(keyType.compare("HAL_KEY_ECC_SEC_P256R1") == 0) return HAL_KEY_ECC_SEC_P256R1;
- if(keyType.compare("HAL_KEY_ECC_SEC_P384R1") == 0) return HAL_KEY_ECC_SEC_P384R1;
- if(keyType.compare("HAL_KEY_ECC_SEC_P512R1") == 0) return HAL_KEY_ECC_SEC_P512R1;
- if(keyType.compare("HAL_KEY_HMAC_MD5") == 0) return HAL_KEY_HMAC_MD5;
- if(keyType.compare("HAL_KEY_HMAC_SHA1") == 0) return HAL_KEY_HMAC_SHA1;
- if(keyType.compare("HAL_KEY_HMAC_SHA224") == 0) return HAL_KEY_HMAC_SHA224;
- if(keyType.compare("HAL_KEY_HMAC_SHA256") == 0) return HAL_KEY_HMAC_SHA256;
- if(keyType.compare("HAL_KEY_HMAC_SHA384") == 0) return HAL_KEY_HMAC_SHA384;
- if(keyType.compare("HAL_KEY_HMAC_SHA512") == 0) return HAL_KEY_HMAC_SHA512;
- if(keyType.compare("HAL_KEY_DH_1024") == 0) return HAL_KEY_DH_1024;
- if(keyType.compare("HAL_KEY_DH_2048") == 0) return HAL_KEY_DH_2048;
- return HAL_KEY_UNKNOWN;
- }
-
- std::string get_key_type_str(hal_key_type keyType) {
- switch(keyType) {
- case HAL_KEY_AES_128: return std::string("HAL_KEY_AES_128");
- case HAL_KEY_AES_192: return std::string("HAL_KEY_AES_192");
- case HAL_KEY_AES_256: return std::string("HAL_KEY_AES_256");
- case HAL_KEY_RSA_1024: return std::string("HAL_KEY_RSA_1024");
- case HAL_KEY_RSA_2048: return std::string("HAL_KEY_RSA_2048");
- case HAL_KEY_RSA_3072: return std::string("HAL_KEY_RSA_3072");
- case HAL_KEY_RSA_4096: return std::string("HAL_KEY_RSA_4096");
- case HAL_KEY_ECC_BRAINPOOL_P256R1: return std::string("HAL_KEY_ECC_BRAINPOOL_P256R1");
- case HAL_KEY_ECC_BRAINPOOL_P384R1: return std::string("HAL_KEY_ECC_BRAINPOOL_P384R1");
- case HAL_KEY_ECC_BRAINPOOL_P512R1: return std::string("HAL_KEY_ECC_BRAINPOOL_P512R1");
- case HAL_KEY_ECC_SEC_P256R1: return std::string("HAL_KEY_ECC_SEC_P256R1");
- case HAL_KEY_ECC_SEC_P384R1: return std::string("HAL_KEY_ECC_SEC_P384R1");
- case HAL_KEY_ECC_SEC_P512R1: return std::string("HAL_KEY_ECC_SEC_P512R1");
- case HAL_KEY_HMAC_MD5: return std::string("HAL_KEY_HMAC_MD5");
- case HAL_KEY_HMAC_SHA1: return std::string("HAL_KEY_HMAC_SHA1");
- case HAL_KEY_HMAC_SHA224: return std::string("HAL_KEY_HMAC_SHA224");
- case HAL_KEY_HMAC_SHA256: return std::string("HAL_KEY_HMAC_SHA256");
- case HAL_KEY_HMAC_SHA384: return std::string("HAL_KEY_HMAC_SHA384");
- case HAL_KEY_HMAC_SHA512: return std::string("HAL_KEY_HMAC_SHA512");
- case HAL_KEY_DH_1024: return std::string("HAL_KEY_DH_1024");
- case HAL_KEY_DH_2048: return std::string("HAL_KEY_DH_2048");
- default: return std::string("HAL_KEY_UNKNOWN");
- }
- }
-
-private:
- dll_resolver fDllResolver;
- bool loaded;
-
- void free_hal_data(hal_data *data) {
- if(data == NULL)
- return;
- if(data->data != NULL)
- free(data->data);
- free(data);
- }
-
- void write_file(const std::string& fileName, hal_data in) {
- std::fstream outfile;
- outfile = std::fstream(fileName, std::ios::out | std::ios::binary);
- outfile.write((char*)in.data, in.data_len);
- outfile.close();
- }
-
- hal_data* read_file(const std::string& fileName) {
- if(fileName.size() == 0)
- return NULL;
- std::ifstream input(fileName, std::ios::binary);
- std::vector<unsigned char> buffer(std::istreambuf_iterator<char>(input), {});
- unsigned char* data = (unsigned char*) malloc(buffer.size());
- for(int i = 0; i < buffer.size(); i++)
- data[i] = buffer[i];
- hal_data *ret = (hal_data *) malloc(sizeof(hal_data));
- ret->data = data;
- ret->data_len = buffer.size();
- ret->priv = NULL;
- return ret;
- }
-};
-
-void print_usage(char *prog_name) {
- std::cout << prog_name << " command opt1 opt2 . . . " << std::endl;
- std::cout << " example: " << prog_name << " get_cert index outfile" << std::endl;
- std::cout << " example: " << prog_name << " add_cert infile index" << std::endl;
- std::cout << " example: " << prog_name << " del_cert index" << std::endl;
- std::cout << " example: " << prog_name << " get_key key_type index outfile" << std::endl;
- std::cout << " example: " << prog_name << " add_key infile key_type index in_privfile"<<std::endl;
- std::cout << " example: " << prog_name << " del_key key_type index" << std::endl;
- std::cout << " example: " << prog_name << " ec_sec_p256r1_sign hash_file key_idx sigfile(out)" << std::endl;
- std::cout << " example: " << prog_name << " ec_sec_p256r1_verify hash_file key_idx sigfile(in)" << std::endl;
-}
-
-int main(int argc, char ** argv)
-{
- if(argc < 2) {
- print_usage(argv[0]);
- return -1;
- }
-
- SEKonai se(KSE_LIB_NAME);
- if(!se.is_loaded()) {
- std::cout << "LIBRARY WAS NOT LOADED!!" << std::endl;
- return -1;
- }
- std::string cmd(argv[1]);
-
- if((cmd.compare("get_cert") == 0) && argc > 3) {
- se.get_cert(std::stoi(argv[2]), std::string(argv[3]));
- }else if((cmd.compare("add_cert") == 0) && argc > 3) {
- se.add_cert(std::string(argv[2]), std::stoi(argv[3]));
- }else if((cmd.compare("del_cert") == 0) && argc > 2) {
- se.del_cert(std::stoi(argv[2]));
- }else if((cmd.compare("get_key") == 0) && argc > 4) {
- se.get_key(se.get_key_type(std::string(argv[2])),
- std::stoi(argv[3]), std::string(argv[4]));
- }else if((cmd.compare("add_key") == 0) && argc >= 5) {
- char * priv_file = nullptr;
- if(argc > 5)
- priv_file = argv[5];
- se.add_key(std::string(argv[2]), se.get_key_type(std::string(argv[3])),
- std::stoi(argv[4]), std::string(priv_file));
- }else if((cmd.compare("del_key") == 0) && argc > 3) {
- se.del_key(se.get_key_type(std::string(argv[2])), std::stoi(argv[3]));
- }else if((cmd.compare("ec_sec_p256r1_sign") == 0) && argc > 4) {
- se.ec_sec_p256r1_sign(std::string(argv[2]), std::stoi(argv[3]),
- std::string(argv[4]));
- }else if((cmd.compare("ec_sec_p256r1_verify") == 0) && argc > 4) {
- se.ec_sec_p256r1_verify(std::string(argv[2]), std::stoi(argv[3]),
- std::string(argv[4]));
- }else {
- print_usage(argv[0]);
- return -1;
- }
-
- return 0;
-}
projects / platform / core / security / device-certificate-manager.git / commitdiff