Version 1 of xml with initial values is not supported from now.
From now software backend will not support encrypted data.
Allow parser to accept xml version 2.
Initial values files will contain information about
type of backend that should be used to store data.
Change-Id: Ib3a73b14148a2476ab288ca364fffe9289400ebd
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
RawBuffer data; // buffer will be better?
};
-// Too generic. The name does not say anything aobut content.
-struct DataEncryption {
- DataEncryption() {}
- DataEncryption(RawBuffer encKey, RawBuffer ivector)
- : encryptedKey(std::move(encKey))
- , iv(std::move(ivector))
- {
- }
- RawBuffer encryptedKey;
- RawBuffer iv;
-};
-
class GStore {
public:
virtual GObjUPtr getObject(const Token &, const Password &)
{
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &,
- const Password &)
+ virtual TokenPair generateAKey(const CryptoAlgorithm &,
+ const Password &,
+ const Password &)
{
ThrowErr(Exc::Crypto::OperationNotSupported);
}
{
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual Token importEncrypted(const Data &, const Password &,
- const DataEncryption &)
+ virtual Token importEncrypted(const Data &,
+ const Password &,
+ const RawBuffer & /* iv */)
{
ThrowErr(Exc::Crypto::OperationNotSupported);
}
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
return Token(m_backendId, data.type, pack(data.data, pass));
}
-Token Store::importEncrypted(const Data &data, const Password &pass,
- const DataEncryption &enc)
-{
- if (!m_deviceKey)
- ThrowErr(Exc::Crypto::InternalError, "No device key present");
-
- // decrypt the AES key using device key
- CryptoAlgorithm algorithmRSAOAEP;
- algorithmRSAOAEP.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP);
- Crypto::SW::SKey aesKey(m_deviceKey->decrypt(algorithmRSAOAEP,
- enc.encryptedKey), DataType::KEY_AES);
-
- // decrypt the buffer using AES key
- CryptoAlgorithm algorithmAESCBC;
- algorithmAESCBC.setParam(ParamName::ALGO_TYPE, AlgoType::AES_CBC);
- algorithmAESCBC.setParam(ParamName::ED_IV, enc.iv);
- RawBuffer rawData = aesKey.decrypt(algorithmAESCBC, data.data);
-
- if (!Internals::verifyBinaryData(data.type, rawData))
- ThrowErr(Exc::Crypto::InputParam,
- "Verification failed. Data could not be imported!");
-
- return Token(m_backendId, data.type, pack(rawData, pass));
-}
-
} // namespace SW
} // namespace Crypto
} // namespace CKM
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const Password &);
virtual Token generateSKey(const CryptoAlgorithm &, const Password &);
virtual Token import(const Data &data, const Password &);
- virtual Token importEncrypted(const Data &, const Password &,
- const DataEncryption &);
virtual void destroy(const Token &) {}
private:
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
return Token(m_backendId, data.type, pack(keyId, pass, iv, tag));
}
-Token Store::importEncrypted(const Data &, const Password &,
- const DataEncryption &)
+Token Store::importEncrypted(const Data &,
+ const Password &,
+ const RawBuffer &)
{
ThrowErr(Exc::Crypto::OperationNotSupported,
"Encrypted import is not yet supported on TrustZone backend!");
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const Password &);
virtual Token generateSKey(const CryptoAlgorithm &, const Password &);
virtual Token import(const Data &, const Password &);
- virtual Token importEncrypted(const Data &, const Password &,
- const DataEncryption &);
+ virtual Token importEncrypted(const Data &,
+ const Password &,
+ const RawBuffer &);
virtual void destroy(const Token &);
// TODO device key ID is needed here to support importEncrypted
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const char *const XML_ATTR_NAME = "name";
const char *const XML_ATTR_PASSWORD = "password";
const char *const XML_ATTR_EXPORTABLE = "exportable";
+const char *const XML_ATTR_BACKEND = "backend";
+const char *const XML_ATTR_BACKEND_SW = "software";
+const char *const XML_ATTR_BACKEND_HW = "hardware";
}
namespace CKM {
std::istringstream is(flagVal);
is >> std::boolalpha >> m_exportable;
}
+
+ // get backend
+ if (attr.find(XML_ATTR_BACKEND) != attr.end()) {
+ std::string value = attr.at(XML_ATTR_BACKEND);
+ if (value == XML_ATTR_BACKEND_SW)
+ m_backend = PolicyBackend::FORCE_SOFTWARE;
+ else if (value == XML_ATTR_BACKEND_HW)
+ m_backend = PolicyBackend::FORCE_HARDWARE;
+ }
}
void InitialValueHandler::End()
}
// save data
- Policy policy(m_password, m_exportable);
+ Policy policy(m_password, m_exportable, m_backend);
- Crypto::DataEncryption de;
+ RawBuffer iv;
- if (m_bufferHandler->isEncrypted()) {
- de.encryptedKey = m_encryptedKey;
- de.iv = m_bufferHandler->getIV();
- }
+ if (m_bufferHandler->isEncrypted())
+ iv = m_bufferHandler->getIV();
int ec = m_db_logic.importInitialData(m_name,
- Crypto::Data(getDataType(), m_bufferHandler->getData()),
- de,
- policy);
+ Crypto::Data(getDataType(), m_bufferHandler->getData()),
+ iv,
+ policy);
if (CKM_API_SUCCESS != ec) {
LogError("Saving type: " << getDataType() << " with params: name(" <<
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
public:
typedef std::shared_ptr<InitialValueHandler> InitialValueHandlerPtr;
- explicit InitialValueHandler(CKMLogic &db_logic,
- const CKM::RawBuffer &encryptedKey)
- : m_exportable(false), m_db_logic(db_logic), m_encryptedKey(encryptedKey) {}
+ explicit InitialValueHandler(CKMLogic &db_logic, const CKM::RawBuffer &encryptedKey) :
+ m_exportable(false),
+ m_backend(PolicyBackend::DEFAULT),
+ m_db_logic(db_logic),
+ m_encryptedKey(encryptedKey)
+ {}
+
virtual ~InitialValueHandler() {}
BufferHandler::BufferHandlerPtr CreateBufferHandler(EncodingType type);
protected:
virtual DataType getDataType() const = 0;
- Alias m_name;
- Password m_password;
- bool m_exportable;
+ Alias m_name;
+ Password m_password;
+ bool m_exportable;
+ PolicyBackend m_backend;
+
CKMLogic &m_db_logic;
const CKM::RawBuffer &m_encryptedKey;
#include <dpl/log/log.h>
namespace {
-const int XML_CURRENT_VERSION = 1;
+const int XML_CURRENT_VERSION = 2;
const char *const XML_TAG_INITIAL_VALUES = "InitialValues";
-const char *const XML_TAG_ENCRYPTION_KEY = "EncryptionKey";
const char *const XML_TAG_KEY = "Key";
const char *const XML_TAG_DATA = "Data";
const char *const XML_TAG_CERT = "Cert";
InitialValuesFile::InitialValuesFile(const std::string &XML_filename,
CKMLogic &db_logic)
: m_parser(XML_filename), m_db_logic(db_logic),
- m_header(std::make_shared<HeaderHandler>(*this)),
- m_encryptionKeyHandler(std::make_shared<EncryptionKeyHandler>(*this))
+ m_header(std::make_shared<HeaderHandler>(*this))
{
m_parser.RegisterErrorCb(InitialValuesFile::Error);
m_parser.RegisterElementCb(XML_TAG_INITIAL_VALUES,
return m_header;
},
[this](const XML::Parser::ElementHandlerPtr &) {});
- m_parser.RegisterElementCb(XML_TAG_ENCRYPTION_KEY,
- [this]() -> XML::Parser::ElementHandlerPtr {
- return m_encryptionKeyHandler;
- },
- [this](const XML::Parser::ElementHandlerPtr &) {
- m_encryptedAESkey = m_encryptionKeyHandler->getEncryptedKey();
- });
}
void InitialValuesFile::registerElementListeners()
m_parent.registerElementListeners();
}
}
+
bool InitialValuesFile::HeaderHandler::isCorrectVersion() const
{
- return m_version == XML_CURRENT_VERSION;
+ return XML_CURRENT_VERSION == m_version;
}
}
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
typedef std::shared_ptr<HeaderHandler> HeaderHandlerPtr;
typedef std::shared_ptr<EncryptionKeyHandler> EncryptionKeyHandlerPtr;
HeaderHandlerPtr m_header;
- EncryptionKeyHandlerPtr m_encryptionKeyHandler;
CKM::RawBuffer m_encryptedAESkey;
void registerElementListeners();
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
int CKMLogic::importInitialData(
const Name &name,
const Crypto::Data &data,
- const Crypto::DataEncryption &enc,
+ const RawBuffer &iv,
const Policy &policy)
{
try {
if (retCode != CKM_API_SUCCESS)
return retCode;
- Crypto::GStore &store = m_decider.getStore(data.type, policy, !enc.encryptedKey.empty());
+ Crypto::GStore &store = m_decider.getStore(data.type, policy, !iv.empty());
Token token;
- if (enc.encryptedKey.empty()) {
+ if (iv.empty()) {
Crypto::Data binaryData;
if (CKM_API_SUCCESS != (retCode = toBinaryData(data, binaryData)))
return retCode;
token = store.import(binaryData,
- m_accessControl.isCCMode() ? "" : policy.password);
+ m_accessControl.isCCMode() ? "" : policy.password);
} else {
token = store.importEncrypted(data,
- m_accessControl.isCCMode() ? "" : policy.password, enc);
+ m_accessControl.isCCMode() ? "" : policy.password,
+ iv);
}
DB::Row row(std::move(token), name, CLIENT_ID_SYSTEM,
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
int importInitialData(
const Name &name,
const Crypto::Data &data,
- const Crypto::DataEncryption &enc,
+ const RawBuffer &iv,
const Policy &policy);
int unlockSystemDB();
/*
- * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
BOOST_REQUIRE_THROW(store.import(Crypto::Data(), Password()),
Exc::Crypto::OperationNotSupported);
BOOST_REQUIRE_THROW(store.importEncrypted(Crypto::Data(), Password(),
- Crypto::DataEncryption()),
+ RawBuffer()),
Exc::Crypto::OperationNotSupported);
BOOST_REQUIRE_THROW(store.destroy(Token()),
Exc::Crypto::OperationNotSupported);
/*
- * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Exc::Crypto::OperationNotSupported);
BOOST_REQUIRE_THROW(store.import(Data(), Password()),
Exc::Crypto::OperationNotSupported);
- BOOST_REQUIRE_THROW(store.importEncrypted(Data(), Password(), DataEncryption()),
+ BOOST_REQUIRE_THROW(store.importEncrypted(Data(), Password(), RawBuffer()),
Exc::Crypto::OperationNotSupported);
BOOST_REQUIRE_NO_THROW(store.destroy(Token()));
}