engine/ext4-engine.cpp
engine/dmcrypt-engine.cpp
engine/ecryptfs-engine.cpp
- key-manager/keystore.cpp
+ key-manager/key-store.cpp
+ key-manager/key-manager.cpp
key-manager/key-generator.cpp
)
#include <klay/audit/logger.h>
#include "engine/ecryptfs-engine.h"
-#include "key-manager/keystore.h"
-#include "key-manager/key-generator.h"
+#include "key-manager/key-manager.h"
#include "rmi/external-encryption.h"
#include <klay/audit/logger.h>
#include "engine/dmcrypt-engine.h"
-#include "key-manager/keystore.h"
-#include "key-manager/key-generator.h"
+#include "key-manager/key-manager.h"
#include "rmi/internal-encryption.h"
namespace ode {
-KeyGenerator::KeyGenerator()
+KeyGenerator::KeyGenerator(int size) :
+ keySize(size)
{
}
class KeyGenerator final {
public:
- KeyGenerator();
+ KeyGenerator(int size);
KeyGenerator(const KeyGenerator&) = delete;
KeyGenerator(KeyGenerator&&) = delete;
~KeyGenerator();
const data AES(const data& in1, const data& in2);
const data HMAC(const data& original, const data& key);
const data RNG();
+
+private:
+ int keySize;
};
} // namespace ode
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#include "key-manager.h"
+
+namespace ode {
+
+KeyManager::KeyManager(const std::string& storeName) :
+ store(storeName), keyGen(store.getKeySize())
+{
+}
+
+KeyManager::~KeyManager()
+{
+}
+
+bool KeyManager::isInitialized()
+{
+ return store.isInitialized();
+}
+
+void KeyManager::initPassword(const KeyManager::data& password)
+{
+ data salt, edk, emk;
+ data mk, dek;
+
+ salt = keyGen.RNG();
+ mk = keyGen.PBKDF(password, salt);
+ dek = keyGen.RNG();
+
+ edk = keyGen.AES(dek, mk);
+ emk = keyGen.HMAC(mk, edk);
+
+ store.setSalt(salt);
+ store.setEDK(edk);
+ store.setEMK(emk);
+}
+
+void KeyManager::changePassword(const KeyManager::data& old_password,
+ const KeyManager::data& new_password)
+{
+ data salt, edk, emk;
+ data mk, dek;
+
+ salt = store.getSalt();
+ edk = store.getEDK();
+
+ mk = keyGen.PBKDF(old_password, salt);
+ dek = keyGen.AES(edk, mk);
+
+ salt = keyGen.RNG();
+ mk = keyGen.PBKDF(new_password, salt);
+ edk = keyGen.AES(dek, mk);
+ emk = keyGen.HMAC(mk, edk);
+
+ store.setSalt(salt);
+ store.setEDK(edk);
+ store.setEMK(emk);
+}
+
+bool KeyManager::verifyPassword(const KeyManager::data& password)
+{
+ data salt, edk, emk;
+ data mk;
+
+ salt = store.getSalt();
+ edk = store.getEDK();
+ emk = store.getEMK();
+
+ mk = keyGen.PBKDF(password, salt);
+
+ if (emk == keyGen.HMAC(mk, edk)) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+KeyManager::data KeyManager::getDEK(const KeyManager::data& password)
+{
+ data salt, edk;
+ data mk;
+
+ salt = store.getSalt();
+ edk = store.getEDK();
+
+ mk = keyGen.PBKDF(password, salt);
+
+ return keyGen.AES(edk, mk);
+}
+
+} // namespace ode
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __KEY_MANAGER_H__
+#define __KEY_MANAGER_H__
+
+#include "key-store.h"
+#include "key-generator.h"
+
+namespace ode {
+
+class KeyManager final {
+public:
+ KeyManager(const std::string& storeName);
+ KeyManager(const KeyManager&) = delete;
+ KeyManager(KeyManager&&) = delete;
+ ~KeyManager();
+
+ KeyManager& operator=(const KeyManager&) = delete;
+ KeyManager& operator=(KeyManager&&) = delete;
+
+ typedef std::vector<unsigned char> data;
+
+ bool isInitialized();
+
+ void initPassword(const data& password);
+ void changePassword(const data& old_password, const data& new_password);
+ bool verifyPassword(const data& password);
+ data getDEK(const data& password);
+
+private:
+ KeyStore store;
+ KeyGenerator keyGen;
+};
+
+} // namespace ode
+
+#endif // __KEY_MANAGER_H__
#include <klay/filesystem.h>
#include <klay/audit/logger.h>
-#include "keystore.h"
+#include "key-store.h"
+
+#define FOOTER_FILE_PATH "/opt/etc/.ode_footer"
+#define KEY_SIZE (256 / 8)
namespace ode {
KeyStore::KeyStore(const std::string& name) :
- file(name)
+ file(FOOTER_FILE_PATH)
{
}
{
}
-KeyStore::data KeyStore::getEncryptedDeviceKey()
+size_t KeyStore::getKeySize() const
+{
+ return KEY_SIZE;
+}
+
+bool KeyStore::isInitialized()
+{
+ //TODO
+
+ return false;
+}
+
+KeyStore::data KeyStore::getEDK()
{
data ret;
return ret;
}
-KeyStore::data KeyStore::getEncryptedMasterKey()
+KeyStore::data KeyStore::getEMK()
{
data ret;
return ret;
}
-void KeyStore::setEncryptedDeviceKey(const KeyStore::data& key)
+KeyStore::data KeyStore::getSalt()
+{
+ data ret;
+
+ //TODO
+
+ return ret;
+}
+
+void KeyStore::setEDK(const KeyStore::data& key)
+{
+ //TODO
+}
+
+void KeyStore::setEMK(const KeyStore::data& key)
{
//TODO
}
-void KeyStore::setEncryptedMasterKey(const KeyStore::data& key)
+void KeyStore::setSalt(const KeyStore::data& key)
{
//TODO
}
* limitations under the License
*/
-#ifndef __KEY_STORAGE_H__
-#define __KEY_STORAGE_H__
+#ifndef __KEY_STORE_H__
+#define __KEY_STORE_H__
#include <vector>
#include <string>
KeyStore& operator=(const KeyStore&) = delete;
KeyStore& operator=(KeyStore&&) = delete;
+ size_t getKeySize() const;
+
+ bool isInitialized();
+
typedef std::vector<unsigned char> data;
- data getEncryptedDeviceKey();
- data getEncryptedMasterKey();
+ data getEDK();
+ data getEMK();
+ data getSalt();
- void setEncryptedDeviceKey(const data& key);
- void setEncryptedMasterKey(const data& key);
+ void setEDK(const data& key);
+ void setEMK(const data& key);
+ void setSalt(const data& key);
private:
runtime::File file;
+ int index;
};
} // namespace ode
-#endif // __KEY_STORAGE_H__
+#endif // __KEY_STORE_H__
projects / platform / core / security / ode.git / commitdiff