class KEY_MANAGER_API Certificate {
public:
-
virtual bool empty() const = 0;
// This function will return openssl struct X509*.
// Memory will be freed in ~Certificate.
virtual X509 *getX509() const = 0;
virtual RawBuffer getDER() const = 0;
- virtual ~Certificate(){}
+ virtual ~Certificate() {}
static CertificateShPtr create(const RawBuffer &rawBuffer, DataFormat format);
};
typedef std::shared_ptr<Control> ControlShPtr;
// used by login manager to unlock user data with global password
-class KEY_MANAGER_API Control
-{
+class KEY_MANAGER_API Control {
public:
// decrypt user key with password
virtual int unlockUserKey(uid_t user, const Password &password) = 0;
const Label &accessor,
PermissionMask permissionMask) = 0;
- virtual ~Control(){}
+ virtual ~Control() {}
static ControlShPtr create();
};
virtual KeyType getType() const = 0;
virtual int getSize() const = 0;
virtual RawBuffer getDER() const = 0;
- virtual ~Key(){}
+ virtual ~Key() {}
static KeyShPtr create(
const RawBuffer &rawBuffer,
virtual bool empty() const = 0;
- virtual ~PKCS12(){}
+ virtual ~PKCS12() {}
static PKCS12ShPtr create(const RawBuffer &rawData, const Password &password = Password());
};
namespace CKM {
template <typename T>
-struct std_erase_on_dealloc
-{
+struct std_erase_on_dealloc {
// MJK: if re-factoring, remember not to inherit from the std::allocator !
// MJK: to be replaced with much shorter version once std::allocator_traits
// becomes supported in STL containers (i.e. list, vector and string)
template <typename U>
std_erase_on_dealloc(const std_erase_on_dealloc<U>&) {}
- T* allocate(std::size_t n) {
+ T* allocate(std::size_t n)
+ {
return static_cast<T*>(::operator new(n*sizeof(T)));
}
- void deallocate(T* ptr, std::size_t n) {
+ void deallocate(T* ptr, std::size_t n)
+ {
// clear the memory before deleting
- memset(ptr, 0 ,n * sizeof(T));
+ memset(ptr, 0 , n * sizeof(T));
::operator delete(ptr);
}
template<typename _Tp1>
- struct rebind
- {
+ struct rebind {
typedef std_erase_on_dealloc<_Tp1> other;
};
- void construct(pointer p, const T& val) {
+ void construct(pointer p, const T& val)
+ {
new (p) T(val);
}
- void destroy(pointer p) {
+ void destroy(pointer p)
+ {
p->~T();
}
- size_type max_size() const {
+ size_type max_size() const
+ {
return size_type(-1);
}
};
template <typename T, typename U>
-inline bool operator == (const std_erase_on_dealloc<T>&, const std_erase_on_dealloc<U>&) {
+inline bool operator == (const std_erase_on_dealloc<T>&, const std_erase_on_dealloc<U>&)
+{
return true;
}
template <typename T, typename U>
-inline bool operator != (const std_erase_on_dealloc<T>& a, const std_erase_on_dealloc<U>& b) {
+inline bool operator != (const std_erase_on_dealloc<T>& a, const std_erase_on_dealloc<U>& b)
+{
return !(a == b);
}
: password(pass)
, extractable(extract)
{}
- virtual ~Policy(){}
+ virtual ~Policy() {}
Password password; // byte array used to encrypt data inside CKM
bool extractable; // if true key may be extracted from storage
};
};
template <typename T>
-bool CryptoAlgorithm::getParam(ParamName name, T& value) const {
+bool CryptoAlgorithm::getParam(ParamName name, T& value) const
+{
auto param = m_params.find(name);
if (param == m_params.end())
return false;
bool CryptoAlgorithm::getParam(ParamName name, RawBuffer& value) const;
template <typename T>
-bool CryptoAlgorithm::setParam(ParamName name, const T& value) {
+bool CryptoAlgorithm::setParam(ParamName name, const T& value)
+{
if (name < ParamName::FIRST || name > ParamName::LAST)
return false;
m_params[name] = IntParam::create(static_cast<uint64_t>(value));
* @since_tizen 2.3
*/
typedef enum {
- CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */
- CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */
- CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */
- CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */
- CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/
+ CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */
+ CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */
+ CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */
+ CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */
+ CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/
- CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */
- CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */
- CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */
- CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */
- CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */
- CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Authentication between client and manager failed */
- CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */
- CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */
- CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */
- CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */
- CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */
- CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */
- CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */
- CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */
- CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */
- CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< Key is not exportable. It could not be returned to client */
- CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */
- CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */
+ CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */
+ CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */
+ CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */
+ CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */
+ CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */
+ CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Authentication between client and manager failed */
+ CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */
+ CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */
+ CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */
+ CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */
+ CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */
+ CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */
+ CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */
+ CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */
+ CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */
+ CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< Key is not exportable. It could not be returned to client */
+ CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */
+ CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */
} key_manager_error_e;
/**
* @since_tizen 2.3
*/
typedef enum __ckmc_ec_type {
- CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended
+ CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended
elliptic curve domain */
- CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */
- CKMC_EC_SECP384R1 /**< NIST curve P-384 (covers "secp384r1", the elliptic curve domain
- listed in See SEC 2 */
+ CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */
+ CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain
+ listed in See SEC 2 */
} ckmc_ec_type_e;
/**
* @brief Enumeration for database access rights.
* @since_tizen 2.3
*/
-typedef enum __ckmc_access_right{
+typedef enum __ckmc_access_right {
CKMC_AR_READ = 0, /**< Access right for read*/
CKMC_AR_READ_REMOVE /**< Access right for read and remove*/
} ckmc_access_right_e;
* @brief Enumeration for permissions to access/modify alias.
* @since_tizen 2.4
*/
-typedef enum __ckmc_permission{
+typedef enum __ckmc_permission {
CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */
CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */
CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */
if (eventType != PACKAGE_MANAGER_EVENT_TYPE_UNINSTALL ||
eventState != PACKAGE_MANAGER_EVENT_STATE_STARTED ||
package == NULL)
- return;
+ return;
SLOGD("PackageUninstalled Callback. Uninstalation of: %s", package);
namespace CKM {
-struct AsyncRequest
-{
+struct AsyncRequest {
typedef std::map<int, AsyncRequest> Map;
typedef std::queue<AsyncRequest, std::list<AsyncRequest> > Queue;
#include <client-manager-async-impl.h>
namespace CKM {
-
int ManagerAsync::Impl::m_counter = 0;
ManagerAsync::Impl::Impl()
PKCS12Serializable(*pkcs.get()),
PolicySerializable(keyPolicy),
PolicySerializable(certPolicy));
-
}, [&observer](int error){ observer->ReceivedError(error); } );
}
password,
message,
CryptoAlgorithmSerializable(cAlg));
- }, [&observer](int error) {observer->ReceivedError(error);});
+ }, [&observer](int error) {observer->ReceivedError(error);} );
}
void ManagerAsync::Impl::verifySignature(const ObserverPtr& observer,
try_catch_async([&] {
RawBufferVector rawCertChain;
for (auto &e: certificateChainVector) {
- if(!e || e->empty())
+ if (!e || e->empty())
return observer->ReceivedError(CKM_API_ERROR_INPUT_PARAM);
rawCertChain.push_back(e->getDER());
}
}
// input type check
CryptoAlgorithm keyGenAlgorithm;
- switch(key_type)
- {
+ switch (key_type) {
case KeyType::KEY_RSA_PUBLIC:
case KeyType::KEY_RSA_PRIVATE:
keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
void ManagerAsync::Impl::observerCheck(const ManagerAsync::ObserverPtr& observer)
{
- if(!observer)
+ if (!observer)
throw std::invalid_argument("Empty observer");
}
untrusted,
trusted,
useSystemTrustedCertificates);
- }, [&observer](int error){ observer->ReceivedError(error); } );
+ }, [&observer](int error){ observer->ReceivedError(error);});
}
void crypt(
bool encryption);
private:
-
template <typename... Args>
void sendToStorage(const ManagerAsync::ObserverPtr& observer, const Args&... args)
{
RawBufferVector toRawBufferVector(const CertificateShPtrVector& certificates)
{
RawBufferVector rawBufferVector;
- for (auto &e: certificates) {
+ for (auto &e: certificates)
rawBufferVector.push_back(e->getDER());
- }
+
return rawBufferVector;
}
void ConnectionThread::Pipe::notify()
{
- if (-1 == TEMP_FAILURE_RETRY(write(m_pipe[1],"j",1)))
+ if (-1 == TEMP_FAILURE_RETRY(write(m_pipe[1], "j", 1)))
ThrowMsg(PipeError, "Writing pipe failed " << GetErrnoString(errno));
}
{
}
-ConnectionThread::~ConnectionThread() {
+ConnectionThread::~ConnectionThread()
+{
m_join = true;
m_pipe.notify();
m_thread.join();
}
-void ConnectionThread::run() {
+void ConnectionThread::run()
+{
m_thread = std::thread(&ConnectionThread::threadLoop, this);
}
-void ConnectionThread::sendMessage(AsyncRequest&& req) {
+void ConnectionThread::sendMessage(AsyncRequest&& req)
+{
std::unique_lock<std::mutex> lock(m_mutex);
m_waitingReqs.push(std::move(req));
lock.unlock();
}
// cleanup services
- for(auto& it: m_services)
+ for (auto& it: m_services)
it.second.serviceError(CKM_API_ERROR_UNKNOWN);
m_services.clear();
// remove waiting requests and notify about error
std::unique_lock<std::mutex> lock(m_mutex);
- while(!m_waitingReqs.empty()) {
+ while (!m_waitingReqs.empty()) {
m_waitingReqs.front().observer->ReceivedError(CKM_API_ERROR_UNKNOWN);
m_waitingReqs.pop();
}
if ((revents & POLLIN) == 0)
ThrowMsg(PipeError, "Unexpected event: " << revents << "!=" << POLLIN);
- if(1 != TEMP_FAILURE_RETRY(read(pipe,buffer, 1))) {
+ if (1 != TEMP_FAILURE_RETRY(read(pipe, buffer, 1))) {
int err = errno;
ThrowMsg(PipeError, "Failed to read pipe: " << GetErrnoString(err));
}
// create new service, insert it and return
return m_services.insert(
- std::make_pair(interface,Service(m_descriptors, interface))).first->second;
+ std::make_pair(interface, Service(m_descriptors, interface))).first->second;
}
void ConnectionThread::newRequest(int pipe, short revents)
std::unique_lock<std::mutex> lock(m_mutex);
// nothing to do?
- if(m_waitingReqs.empty()) {
+ if (m_waitingReqs.empty()) {
LogWarning("Empty request queue. Are we exiting?");
return;
}
namespace CKM {
-DescriptorSet::DescriptorSet() : m_dirty(true), m_fds(NULL) {
+DescriptorSet::DescriptorSet() : m_dirty(true), m_fds(NULL)
+{
}
-DescriptorSet::~DescriptorSet() {
+DescriptorSet::~DescriptorSet()
+{
purge();
}
-void DescriptorSet::purge() {
- for(auto it:m_descriptors)
+void DescriptorSet::purge()
+{
+ for (auto it:m_descriptors)
close(it.first);
m_descriptors.clear();
}
-void DescriptorSet::add(int fd, short events, Callback&& callback) {
+void DescriptorSet::add(int fd, short events, Callback&& callback)
+{
// map operator[] requires empty DescriptorData constructor
auto it = m_descriptors.find(fd);
if (it == m_descriptors.end()) {
- m_descriptors.insert(std::make_pair(fd,DescriptorData(events, std::move(callback))));
+ m_descriptors.insert(std::make_pair(fd, DescriptorData(events, std::move(callback))));
} else {
it->second.events = events;
it->second.callback = std::move(callback);
m_dirty = true;
}
-void DescriptorSet::remove(int fd, bool close_fd) {
+void DescriptorSet::remove(int fd, bool close_fd)
+{
if (0 != m_descriptors.erase(fd)) {
if (close_fd)
close(fd);
}
}
-void DescriptorSet::wait(int timeout_ms) {
- if(!rebuildPollfd())
+void DescriptorSet::wait(int timeout_ms)
+{
+ if (!rebuildPollfd())
return;
// wait
notify(ret);
}
-bool DescriptorSet::rebuildPollfd() {
+bool DescriptorSet::rebuildPollfd()
+{
if (m_dirty) {
delete[] m_fds;
m_fds = NULL;
m_fds = new pollfd[m_descriptors.size()];
size_t idx = 0;
- for(const auto& it : m_descriptors) {
+ for (const auto& it : m_descriptors) {
m_fds[idx].fd = it.first;
m_fds[idx].events = it.second.events;
idx++;
return true;
}
-void DescriptorSet::notify(int descCount) {
+void DescriptorSet::notify(int descCount)
+{
size_t size = m_descriptors.size();
- for(size_t idx = 0;idx < size;++idx) {
+ for (size_t idx = 0;idx < size;++idx) {
const pollfd& pfd = m_fds[idx];
if (pfd.revents == 0)
continue;
namespace CKM {
-class IDescriptorSet
-{
+class IDescriptorSet {
public:
// int is for descriptor, short is for revents,
typedef std::function<void(int, short)> Callback;
/**
* @brief Wrapper for poll()
*/
-class DescriptorSet : public IDescriptorSet
-{
+class DescriptorSet : public IDescriptorSet {
public:
DescriptorSet();
virtual ~DescriptorSet();
bool rebuildPollfd();
void notify(int descCount);
- struct DescriptorData
- {
+ struct DescriptorData {
DescriptorData(short e, Callback&& c) : events(e), callback(std::move(c)) {}
short events;
void Service::addRequest(AsyncRequest&& req)
{
- if(!m_socket) {
+ if (!m_socket) {
m_socket.reset(new SockRAII());
int ret;
if (CKM_API_SUCCESS != (ret = m_socket->connect(m_interface.c_str()))) {
void Service::serviceError(int error)
{
- if (m_socket)
- {
+ if (m_socket) {
// stop listening on socket
m_descriptors.remove(m_socket->get(), false);
// close the socket
}
// notify observers waiting for response
- for(const auto& it: m_responseMap) {
+ for (const auto& it: m_responseMap)
it.second.observer->ReceivedError(error);
- }
+
m_responseMap.clear();
// notify observers waiting for send
- while(!m_sendQueue.empty()) {
+ while (!m_sendQueue.empty()) {
m_sendQueue.front().observer->ReceivedError(error);
m_sendQueue.pop();
}
req.written += temp;
// finished? -> move request to response map
- if(req.written == req.buffer.size()) {
+ if (req.written == req.buffer.size()) {
AsyncRequest finished = std::move(m_sendQueue.front());
m_sendQueue.pop();
// update poll flags if necessary
- if(m_sendQueue.empty() || m_responseMap.empty())
+ if (m_sendQueue.empty() || m_responseMap.empty())
watch((m_sendQueue.empty()? 0 : POLLOUT) | POLLIN);
- m_responseMap.insert(std::make_pair(finished.id,finished));
+ m_responseMap.insert(std::make_pair(finished.id, finished));
}
}
}
{
char buffer[RECV_BUFFER_SIZE];
- ssize_t temp = TEMP_FAILURE_RETRY(::recv(m_socket->get(), buffer, RECV_BUFFER_SIZE,0));
+ ssize_t temp = TEMP_FAILURE_RETRY(::recv(m_socket->get(), buffer, RECV_BUFFER_SIZE, 0));
if (-1 == temp) {
int err = errno;
LogError("Error in recv: " << GetErrnoString(err));
m_responseBuffer->Push(raw);
// parse while you can
- while(m_responseBuffer->Ready())
- {
+ while (m_responseBuffer->Ready()) {
std::unique_ptr<IReceiver> receiver;
if (m_interface == SERVICE_SOCKET_CKM_STORAGE)
receiver.reset(new StorageReceiver(*m_responseBuffer, m_responseMap));
}
AliasVector aliasVector;
- for(const auto &it : labelNameVector)
- aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
+ for (const auto &it : labelNameVector)
+ aliasVector.push_back(AliasSupport::merge(it.first, it.second));
DataType type(dataType);
KEY_MANAGER_CAPI
int ckmc_allow_access_by_adm(uid_t user, const char* owner, const char *alias, const char *accessor, ckmc_access_right_e granted)
{
- if(!owner || !alias)
+ if (!owner || !alias)
return CKMC_ERROR_INVALID_PARAMETER;
int ec, permissionMask;
ec = access_to_permission_mask(granted, permissionMask);
- if(ec != CKMC_ERROR_NONE)
+ if (ec != CKMC_ERROR_NONE)
return ec;
// if label given twice, service will return an error
KEY_MANAGER_CAPI
int ckmc_deny_access_by_adm(uid_t user, const char* owner, const char *alias, const char *accessor)
{
- if(!owner || !alias)
+ if (!owner || !alias)
return CKMC_ERROR_INVALID_PARAMETER;
// if label given twice, service will return an error
#include <ckmc-type-converter.h>
KEY_MANAGER_CAPI
-const char * ckmc_error_to_string(int error) {
- return CKM::ErrorToString(to_ckm_error(error));
+const char * ckmc_error_to_string(int error)
+{
+ return CKM::ErrorToString(to_ckm_error(error));
}
#include <iostream>
#include <string.h>
-namespace
-{
+namespace {
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
CKM::Password _tostring(const char *str)
{
- if(str == NULL)
+ if (str == NULL)
return CKM::Password();
return CKM::Password(str);
}
CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
{
- if(key)
- {
+ if (key) {
CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
return CKM::Key::create(buffer, _tostring(key->password));
}
CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
{
- if(cert)
- {
+ if (cert) {
CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
return CKM::Certificate::create(buffer, dataFormat);
{
CKM::CertificateShPtrVector certs;
ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
- while (current != NULL)
- {
+ while (current != NULL) {
if (current->cert != NULL)
certs.push_back(_toCkmCertificate(current->cert));
current = current->next;
{
CKM::AliasVector aliases;
ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
- while (current != NULL)
- {
+ while (current != NULL) {
if (current->alias != NULL)
aliases.push_back(CKM::Alias(current->alias));
current = current->next;
int ret;
ckmc_cert_list_s *start = NULL;
ckmc_cert_list_s *plist = NULL;
- for(const auto &e : certVector) {
+ for (const auto &e : certVector) {
CKM::RawBuffer rawBuffer = e->getDER();
ckmc_cert_s *pcert = NULL;
ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert);
- if(pcert == NULL) {
+ if (pcert == NULL) {
ckmc_cert_list_all_free(start);
return NULL;
}
- if(plist == NULL) {
+ if (plist == NULL) {
ret = ckmc_cert_list_new(pcert, &plist);
start = plist; // save the pointer of the first element
- }else {
+ } else {
ret = ckmc_cert_list_add(plist, pcert, &plist);
}
- if(ret != CKMC_ERROR_NONE) {
+ if (ret != CKMC_ERROR_NONE) {
ckmc_cert_list_all_free(start);
return NULL;
}
const ckmc_raw_buffer_s in,
ckmc_raw_buffer_s **ppout)
{
- if(!params || !key_alias || !ppout)
+ if (!params || !key_alias || !ppout)
return CKMC_ERROR_INVALID_PARAMETER;
// params
return try_catch_enclosure([&]()->int {
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if(alias == NULL) {
+ if (alias == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
+
CKM::Alias ckmAlias(alias);
- if(key.raw_key == NULL || key.key_size <= 0) {
+ if (key.raw_key == NULL || key.key_size <= 0)
return CKMC_ERROR_INVALID_PARAMETER;
- }
+
CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
CKM::KeyShPtr ckmKey;
- if(key.key_type == CKMC_KEY_AES)
- {
- if(key.password)
+ if (key.key_type == CKMC_KEY_AES) {
+ if (key.password)
return CKMC_ERROR_INVALID_PARAMETER;
ckmKey = CKM::Key::createAES(buffer);
- }
- else
+ } else {
ckmKey = CKM::Key::create(buffer, _tostring(key.password));
- if(ckmKey.get() == NULL) {
- return CKMC_ERROR_INVALID_FORMAT;
}
+ if (ckmKey.get() == NULL)
+ return CKMC_ERROR_INVALID_FORMAT;
+
CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
int ret;
CKM::KeyShPtr ckmKey;
- if(alias == NULL || key == NULL) {
+ if (alias == NULL || key == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
+ if ((ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
CKM::RawBuffer buffer = ckmKey->getDER();
ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
- ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key);
+ ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, key);
return to_ckmc_error(ret);
});
return try_catch_enclosure([&]()->int {
int ret;
- if (alias_list == NULL) {
+ if (alias_list == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::AliasVector aliasVector;
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
+ if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
ckmc_alias_list_s *plist = NULL;
}
}
- if(plist == NULL) { // if the alias_list size is zero
+ if (plist == NULL) // if the alias_list size is zero
return CKMC_ERROR_DB_ALIAS_UNKNOWN;
- }
return CKMC_ERROR_NONE;
});
int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
{
return try_catch_enclosure([&]()->int {
- if(alias == NULL) {
+ if (alias == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
+
CKM::Alias ckmAlias(alias);
- if(cert.raw_cert == NULL || cert.cert_size <= 0) {
+ if (cert.raw_cert == NULL || cert.cert_size <= 0)
return CKMC_ERROR_INVALID_PARAMETER;
- }
+
CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
- if(ckmCert.get() == NULL) {
+ if (ckmCert.get() == NULL)
return CKMC_ERROR_INVALID_FORMAT;
- }
CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
CKM::CertificateShPtr ckmCert;
int ret;
- if(alias == NULL || cert == NULL) {
+ if (alias == NULL || cert == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
+ if ((ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
CKM::RawBuffer buffer = ckmCert->getDER();
- ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
+ ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
return ret;
});
}
KEY_MANAGER_CAPI
-int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
+int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list)
+{
return try_catch_enclosure([&]()->int {
int ret;
- if (alias_list == NULL) {
+ if (alias_list == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
*alias_list = NULL;
CKM::AliasVector aliasVector;
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
+ if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
ckmc_alias_list_s *plist = NULL;
}
}
- if(plist == NULL) { // if the alias_list size is zero
+ if (plist == NULL) // if the alias_list size is zero
return CKMC_ERROR_DB_ALIAS_UNKNOWN;
- }
return CKMC_ERROR_NONE;
});
CKM::CertificateShPtr cert;
CKM::CertificateShPtrVector ca_cert_list;
- if(alias==NULL || ppkcs==NULL) {
+ if (alias == NULL || ppkcs == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
+
CKM::Alias ckmAlias(alias);
private_key = _toCkmKey(ppkcs->priv_key);
cert = _toCkmCertificate(ppkcs->cert);
ckmc_cert_s *cert = NULL;
ckmc_cert_list_s *ca_cert_list = 0;
- if(!alias || !pkcs12) {
+ if (!alias || !pkcs12)
return CKMC_ERROR_INVALID_PARAMETER;
- }
if (key_password)
keyPass = key_password;
auto mgr = CKM::Manager::create();
- if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
+ if ((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
- if(!pkcs)
+ if (!pkcs)
return CKMC_ERROR_BAD_RESPONSE;
auto pkcsKey = pkcs->getKey();
- if(pkcsKey)
- {
+ if (pkcsKey) {
CKM::RawBuffer buffer = pkcsKey->getDER();
ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
- if(ret != CKMC_ERROR_NONE)
+ if (ret != CKMC_ERROR_NONE)
return ret;
}
auto pkcsCert = pkcs->getCertificate();
- if(pkcsCert)
- {
+ if (pkcsCert) {
CKM::RawBuffer buffer = pkcsCert->getDER();
ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
- if(ret != CKMC_ERROR_NONE) {
+ if (ret != CKMC_ERROR_NONE) {
ckmc_key_free(private_key);
return ret;
}
ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
- if(ret != CKMC_ERROR_NONE)
- {
+ if (ret != CKMC_ERROR_NONE) {
ckmc_key_free(private_key);
ckmc_cert_free(cert);
ckmc_cert_list_free(ca_cert_list);
int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
{
return try_catch_enclosure([&]()->int {
- if(alias == NULL) {
+ if (alias == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
+
CKM::Alias ckmAlias(alias);
- if(data.data == NULL || data.size <= 0) {
+ if (data.data == NULL || data.size <= 0)
return CKMC_ERROR_INVALID_PARAMETER;
- }
+
CKM::RawBuffer buffer(data.data, data.data + data.size);
CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
CKM::RawBuffer ckmBuff;
int ret;
- if(alias == NULL || data == NULL) {
+ if (alias == NULL || data == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
+ if ((ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
}
KEY_MANAGER_CAPI
-int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
+int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list)
+{
return try_catch_enclosure([&]()->int {
int ret;
- if(alias_list == NULL) {
+ if (alias_list == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
*alias_list = NULL;
CKM::AliasVector aliasVector;
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
+ if ((ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
ckmc_alias_list_s *plist = NULL;
}
}
- if(plist == NULL) { // if the alias_list size is zero
+ if (plist == NULL) // if the alias_list size is zero
return CKMC_ERROR_DB_ALIAS_UNKNOWN;
- }
return CKMC_ERROR_NONE;
});
int ret;
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if(private_key_alias == NULL || public_key_alias == NULL) {
+ if (private_key_alias == NULL || public_key_alias == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
CKM::Alias ckmPublicKeyAlias(public_key_alias);
int ret;
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if(private_key_alias == NULL || public_key_alias == NULL) {
+ if (private_key_alias == NULL || public_key_alias == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
CKM::Alias ckmPublicKeyAlias(public_key_alias);
return try_catch_enclosure([&]()->int {
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if(private_key_alias == NULL || public_key_alias == NULL) {
+ if (private_key_alias == NULL || public_key_alias == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
return try_catch_enclosure([&]()->int {
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if(key_alias == NULL)
+ if (key_alias == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
CKM::Alias ckmKeyAlias(key_alias);
CKM::ManagerShPtr mgr = CKM::Manager::create();
CKM::RawBuffer ckmSignature;
- if(private_key_alias == NULL || signature == NULL) {
+ if (private_key_alias == NULL || signature == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
- if( (ret = mgr->createSignature(
+ if ((ret = mgr->createSignature(
ckmPrivakeKeyAlias,
_tostring(password),
ckmMessage,
ckmHashAlgo,
ckmPadding,
- ckmSignature)) != CKM_API_SUCCESS) {
+ ckmSignature)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
- ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature);
+ ret = ckmc_buffer_new(ckmSignature.data(), ckmSignature.size(), signature);
return ret;
});
int ret;
CKM::ManagerShPtr mgr = CKM::Manager::create();
- if(public_key_alias == NULL) {
+ if (public_key_alias == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::Alias ckmPublicKeyAlias(public_key_alias);
CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
- if( (ret = mgr->verifySignature(
+ if ((ret = mgr->verifySignature(
ckmPublicKeyAlias,
_tostring(password),
ckmMessage,
ckmSignature,
ckmHashAlgo,
- ckmPadding)) != CKM_API_SUCCESS) {
+ ckmPadding)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
return CKMC_ERROR_NONE;
});
CKM::ManagerShPtr mgr = CKM::Manager::create();
CKM::CertificateShPtrVector ckmCertChain;
- if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
+ if (cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
- if( ret != CKM_API_SUCCESS) {
+ if (ret != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
*cert_chain_list = _toNewCkmCertList(ckmCertChain);
CKM::CertificateShPtrVector ckmCertChain;
- if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
+ if (cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
- if(ckmCert.get() == NULL) {
+ if (ckmCert.get() == NULL)
return CKMC_ERROR_INVALID_FORMAT;
- }
CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
- if( ret != CKM_API_SUCCESS) {
+ if (ret != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
*cert_chain_list = _toNewCkmCertList(ckmCertChain);
CKM::ManagerShPtr mgr = CKM::Manager::create();
CKM::CertificateShPtrVector ckm_cert_chain;
- if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
+ if (cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
- if(ckm_cert.get() == NULL) {
+ if (ckm_cert.get() == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
- if( ret != CKM_API_SUCCESS) {
+ if (ret != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- }
*ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
|| pcert_chain_list->cert == NULL
|| pcert_chain_list->cert->raw_cert == NULL
|| pcert_chain_list->cert->cert_size <= 0
- || ocsp_status == NULL) {
+ || ocsp_status == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
int tmpOcspStatus = -1;
CKM::ManagerShPtr mgr = CKM::Manager::create();
return try_catch_enclosure([&]()->int {
int ec, permissionMask;
ec = access_to_permission_mask(granted, permissionMask);
- if(ec != CKMC_ERROR_NONE)
+ if (ec != CKMC_ERROR_NONE)
return ec;
return ckmc_set_permission(alias, accessor, permissionMask);
int ckmc_remove_alias(const char *alias)
{
return try_catch_enclosure([&]()->int {
- if(!alias)
+ if (!alias)
return CKMC_ERROR_INVALID_PARAMETER;
CKM::ManagerShPtr mgr = CKM::Manager::create();
#include <ckmc/ckmc-type.h>
#include <ckmc-type-converter.h>
-int to_ckm_error(int ckmc_error) {
- switch(ckmc_error) {
+int to_ckm_error(int ckmc_error)
+{
+ switch (ckmc_error) {
case CKMC_ERROR_NONE: return CKM_API_SUCCESS;
case CKMC_ERROR_SOCKET: return CKM_API_ERROR_SOCKET;
case CKMC_ERROR_BAD_REQUEST: return CKM_API_ERROR_BAD_REQUEST;
return CKMC_ERROR_UNKNOWN;
}
-int to_ckmc_error(int ckm_error) {
- switch(ckm_error) {
+int to_ckmc_error(int ckm_error)
+{
+ switch (ckm_error) {
case CKM_API_SUCCESS: return CKMC_ERROR_NONE;
case CKM_API_ERROR_SOCKET: return CKMC_ERROR_SOCKET;
case CKM_API_ERROR_BAD_REQUEST: return CKMC_ERROR_BAD_REQUEST;
return CKMC_ERROR_UNKNOWN;
}
-ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status) {
- switch(ckm_ocsp_status) {
+ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status)
+{
+ switch (ckm_ocsp_status) {
case CKM_API_OCSP_STATUS_GOOD: return CKMC_OCSP_STATUS_GOOD;
case CKM_API_OCSP_STATUS_UNSUPPORTED: return CKMC_OCSP_ERROR_UNSUPPORTED;
case CKM_API_OCSP_STATUS_REVOKED: return CKMC_OCSP_STATUS_REVOKED;
int access_to_permission_mask(ckmc_access_right_e ar, int & permissionMask)
{
- switch(ar)
- {
+ switch (ar) {
case CKMC_AR_READ:
permissionMask = CKMC_PERMISSION_READ;
break;
int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert)
{
- if(xCert == NULL) {
+ if (xCert == NULL)
return CKMC_ERROR_INVALID_FORMAT;
- }
BIO *bcert = BIO_new(BIO_s_mem());
CKM::RawBuffer output(8196);
int size = BIO_read(bcert, output.data(), output.size());
BIO_free_all(bcert);
- if (size <= 0) {
+ if (size <= 0)
return CKMC_ERROR_INVALID_FORMAT;
- }
+
output.resize(size);
return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert);
{
ckmc_key_s *pkey;
- if(raw_key == NULL || key_size == 0 || ppkey == NULL) {
+ if (raw_key == NULL || key_size == 0 || ppkey == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
pkey = static_cast<ckmc_key_s*>(malloc(sizeof(ckmc_key_s)));
- if(pkey == NULL) {
+ if (pkey == NULL)
return CKMC_ERROR_OUT_OF_MEMORY;
- }
+
pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
- if(pkey->raw_key == NULL) {
+ if (pkey->raw_key == NULL) {
free(pkey);
return CKMC_ERROR_OUT_OF_MEMORY;
}
pkey->key_size = key_size;
pkey->key_type = key_type;
- if(password != NULL) {
+ if (password != NULL) {
pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
- if(pkey->password == NULL) {
+ if (pkey->password == NULL) {
free(pkey->raw_key);
free(pkey);
return CKMC_ERROR_OUT_OF_MEMORY;
}
memset(pkey->password, 0, strlen(password) +1);
strncpy(pkey->password, password, strlen(password));
- }else {
+ } else {
pkey->password = NULL;
}
KEY_MANAGER_CAPI
void ckmc_key_free(ckmc_key_s *key)
{
- if(key == NULL)
+ if (key == NULL)
return;
- if(key->password != NULL)
+ if (key->password != NULL)
free(key->password);
- if(key->raw_key != NULL) {
+ if (key->raw_key != NULL) {
memset(key->raw_key, 0, key->key_size);
free(key->raw_key);
}
}
KEY_MANAGER_CAPI
-int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer)
+int ckmc_buffer_new(unsigned char *data, size_t size, ckmc_raw_buffer_s **ppbuffer)
{
ckmc_raw_buffer_s *pbuff;
- if(data == NULL || size == 0 || ppbuffer == NULL) {
+ if (data == NULL || size == 0 || ppbuffer == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
pbuff = static_cast<ckmc_raw_buffer_s*>(malloc(sizeof(ckmc_raw_buffer_s)));
- if(pbuff == NULL)
+ if (pbuff == NULL)
return CKMC_ERROR_OUT_OF_MEMORY;
pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
- if(pbuff->data == NULL) {
+ if (pbuff->data == NULL) {
free(pbuff);
return CKMC_ERROR_OUT_OF_MEMORY;
}
KEY_MANAGER_CAPI
void ckmc_buffer_free(ckmc_raw_buffer_s *buffer)
{
- if(buffer == NULL)
+ if (buffer == NULL)
return;
- if(buffer->data != NULL) {
+ if (buffer->data != NULL) {
memset(buffer->data, 0, buffer->size);
free(buffer->data);
}
{
ckmc_cert_s *pcert;
- if(raw_cert == NULL || cert_size == 0 || ppcert == NULL) {
+ if (raw_cert == NULL || cert_size == 0 || ppcert == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
pcert = static_cast<ckmc_cert_s*>(malloc(sizeof(ckmc_cert_s)));
- if(pcert == NULL) {
+ if (pcert == NULL)
return CKMC_ERROR_OUT_OF_MEMORY;
- }
+
pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
- if(pcert->raw_cert == NULL) {
+ if (pcert->raw_cert == NULL) {
free(pcert);
return CKMC_ERROR_OUT_OF_MEMORY;
}
CKM::initOpenSslOnce();
FILE *fp = fopen(file_path, "r");
- if(fp == NULL)
+ if (fp == NULL)
return CKMC_ERROR_FILE_ACCESS_DENIED;
X509 *pcert = NULL;
- if(!(pcert = d2i_X509_fp(fp, NULL))) {
+ if (!(pcert = d2i_X509_fp(fp, NULL))) {
fseek(fp, 0, SEEK_SET);
pcert = PEM_read_X509(fp, NULL, NULL, NULL);
}
fclose(fp);
- if(pcert == NULL) {
+ if (pcert == NULL)
return CKMC_ERROR_INVALID_FORMAT;
- }
int ret = _ckmc_load_cert_from_x509(pcert, cert);
- if(ret != CKMC_ERROR_NONE) {
+ if (ret != CKMC_ERROR_NONE)
X509_free(pcert);
- }
+
return ret;
}
KEY_MANAGER_CAPI
void ckmc_cert_free(ckmc_cert_s *cert)
{
- if(cert == NULL)
+ if (cert == NULL)
return;
- if(cert->raw_cert != NULL) {
+ if (cert->raw_cert != NULL) {
memset(cert->raw_cert, 0, cert->cert_size);
free(cert->raw_cert);
}
{
ckmc_pkcs12_s *pkcs12;
- if(!pkcs12_bundle ||
- (private_key==NULL && cert==NULL && (ca_cert_list==NULL || ca_cert_list->cert==NULL))) {
+ if (!pkcs12_bundle ||
+ (private_key == NULL && cert == NULL && (ca_cert_list == NULL || ca_cert_list->cert == NULL)))
return CKMC_ERROR_INVALID_PARAMETER;
- }
pkcs12 = static_cast<ckmc_pkcs12_s*>(malloc(sizeof(ckmc_pkcs12_s)));
- if(pkcs12 == NULL) {
+ if (pkcs12 == NULL)
return CKMC_ERROR_OUT_OF_MEMORY;
- }
+
// ownership is transferred into pkcs12 - mentioned in the docs
pkcs12->priv_key = private_key;
pkcs12->cert = cert;
STACK_OF(X509)* ca;
int ret;
+
public:
ckmc_key_s *retPrivateKey;
ckmc_cert_s *retCkmCert;
ckmc_cert_list_s *retCaCertList;
- Pkcs12Converter(){
+ Pkcs12Converter()
+ {
fp_in = NULL;
p12 = NULL;
pkey = NULL;
retCkmCert = NULL;
retCaCertList = NULL;
};
- ~Pkcs12Converter(){
- if(fp_in != NULL)
+ ~Pkcs12Converter()
+ {
+ if (fp_in != NULL)
fclose(fp_in);
- if(p12 != NULL)
+ if (p12 != NULL)
PKCS12_free(p12);
- if(x509Cert != NULL)
+ if (x509Cert != NULL)
X509_free(x509Cert);
- if(pkey != NULL)
+ if (pkey != NULL)
EVP_PKEY_free(pkey);
- if(ca != NULL)
+ if (ca != NULL)
sk_X509_pop_free(ca, X509_free);
- if(ret != CKMC_ERROR_NONE) {
- if(retPrivateKey != NULL){
+ if (ret != CKMC_ERROR_NONE) {
+ if (retPrivateKey != NULL) {
ckmc_key_free(retPrivateKey);
retPrivateKey = NULL;
}
- if(retCkmCert != NULL) {
+ if (retCkmCert != NULL) {
ckmc_cert_free(retCkmCert);
retCkmCert = NULL;
}
- if(retCaCertList != NULL) {
+ if (retCaCertList != NULL) {
ckmc_cert_list_all_free(retCaCertList);
retCaCertList = NULL;
}
}
};
- int parsePkcs12(const char *filePath, const char *pass) {
+ int parsePkcs12(const char *filePath, const char *pass)
+ {
fp_in = NULL;
- if(!(fp_in = fopen(filePath, "rb"))) {
+ if (!(fp_in = fopen(filePath, "rb")))
return CKMC_ERROR_FILE_ACCESS_DENIED;
- }
- if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
+ if (!(p12 = d2i_PKCS12_fp(fp_in, NULL)))
return CKMC_ERROR_INVALID_FORMAT;
- }
/* parse PKCS#12 certificate */
- if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
+ if ((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1)
return CKMC_ERROR_INVALID_FORMAT;
- }
+
return CKMC_ERROR_NONE;
}
- int toCkmCert() {
- if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_ERROR_NONE) {
+ int toCkmCert()
+ {
+ if ((ret = _ckmc_load_cert_from_x509(x509Cert, &retCkmCert)) != CKMC_ERROR_NONE)
return ret;
- }
+
return CKMC_ERROR_NONE;
}
- int toCkmKey() {
+ int toCkmKey()
+ {
BIO *bkey = BIO_new(BIO_s_mem());
i2d_PrivateKey_bio(bkey, pkey);
CKM::RawBuffer output(8196);
int size = BIO_read(bkey, output.data(), output.size());
BIO_free_all(bkey);
- if (size <= 0) {
+ if (size <= 0)
return CKMC_ERROR_INVALID_FORMAT;
- }
+
output.resize(size);
int type = EVP_PKEY_type(pkey->type);
ckmc_key_type_e key_type = CKMC_KEY_NONE;
- switch(type) {
+ switch (type) {
case EVP_PKEY_RSA :
key_type = CKMC_KEY_RSA_PRIVATE;
break;
key_type = CKMC_KEY_ECDSA_PRIVATE;
break;
}
- if(key_type == CKMC_KEY_NONE) {
+ if (key_type == CKMC_KEY_NONE)
return CKMC_ERROR_INVALID_FORMAT;
- }
char *nullPassword = NULL;
return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey);
}
- int toCaCkmCertList() {
+ int toCaCkmCertList()
+ {
int tmpRet;
X509* popedCert = NULL;
ckmc_cert_s *popedCkmCert = NULL;
ckmc_cert_list_s *tmpCertList = NULL;
- while((popedCert = sk_X509_pop(ca)) != NULL) {
- if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) {
+ while ((popedCert = sk_X509_pop(ca)) != NULL) {
+ if ((tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE)
return CKMC_ERROR_OUT_OF_MEMORY;
- }
- if(tmpCertList == NULL) { // first
+
+ if (tmpCertList == NULL) { // first
tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList);
retCaCertList = tmpCertList;
- }else {
+ } else {
tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList);
}
- if(tmpRet != CKMC_ERROR_NONE) {
+ if (tmpRet != CKMC_ERROR_NONE) {
ckmc_cert_list_all_free(retCaCertList);
retCaCertList = NULL;
return tmpRet;
}
return CKMC_ERROR_NONE;
}
-
};
CKM::initOpenSslOnce();
int ret = CKMC_ERROR_NONE;
Pkcs12Converter converter;
- if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) {
+ if ((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE)
return ret;
- }
- if((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) {
+
+ if ((ret = converter.toCkmCert()) != CKMC_ERROR_NONE)
return ret;
- }
- if((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) {
+
+ if ((ret = converter.toCkmKey()) != CKMC_ERROR_NONE)
return ret;
- }
- if((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) {
+
+ if ((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE)
return ret;
- }
*private_key = converter.retPrivateKey;
*ckmcert = converter.retCkmCert;
ckmc_cert_s *cert = 0;
ckmc_cert_list_s *ca_cert_list = 0;
- if(!file_path || !pkcs12_bundle)
+ if (!file_path || !pkcs12_bundle)
return CKMC_ERROR_INVALID_PARAMETER;
ec = ckmc_load_from_pkcs12_file(file_path, passphrase, &private_key, &cert, &ca_cert_list);
- if(ec != CKMC_ERROR_NONE)
+ if (ec != CKMC_ERROR_NONE)
return ec;
ec = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12_bundle);
- if(ec != CKMC_ERROR_NONE)
- {
+ if (ec != CKMC_ERROR_NONE) {
ckmc_key_free(private_key);
ckmc_cert_free(cert);
ckmc_cert_list_free(ca_cert_list);
KEY_MANAGER_CAPI
void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12)
{
- if(pkcs12 == NULL)
+ if (pkcs12 == NULL)
return;
ckmc_key_free(pkcs12->priv_key);
{
ckmc_alias_list_s *plist;
- if(alias == NULL || pplast == NULL) {
+ if (alias == NULL || pplast == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
plist = static_cast<ckmc_alias_list_s*>(malloc(sizeof(ckmc_alias_list_s)));
- if(plist == NULL) {
+ if (plist == NULL)
return CKMC_ERROR_OUT_OF_MEMORY;
- }
plist->alias = alias;
plist->next = NULL;
- if(previous != NULL) {
+ if (previous != NULL)
previous->next = plist;
- }
+
*pplast = plist;
return CKMC_ERROR_NONE;
{
ckmc_cert_list_s *plist;
- if(cert == NULL || pplast == NULL) {
+ if (cert == NULL || pplast == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
- }
plist = static_cast<ckmc_cert_list_s*>(malloc(sizeof(ckmc_cert_list_s)));
- if(plist == NULL) {
+ if (plist == NULL)
return CKMC_ERROR_OUT_OF_MEMORY;
- }
+
plist->cert = cert;
plist->next = NULL;
- if(previous != NULL) {
+ if (previous != NULL)
previous->next = plist;
- }
*pplast = plist;
const CKM::CryptoAlgorithm* algo = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
CKM::RawBuffer value;
- if (!algo->getParam(static_cast<CKM::ParamName>(name),value))
+ if (!algo->getParam(static_cast<CKM::ParamName>(name), value))
return CKMC_ERROR_INVALID_PARAMETER;
return ckmc_buffer_new(value.data(), value.size(), ppbuffer);
return CKM_API_SUCCESS;
}
-int SockRAII::connectWrapper(int sock, const char *interface) {
+int SockRAII::connectWrapper(int sock, const char *interface)
+{
int flags;
// we need to be sure that socket is in blocking mode
int retval = TEMP_FAILURE_RETRY(::connect(sock, (struct sockaddr*)&clientAddr, SUN_LEN(&clientAddr)));
// we don't need to support EINPROGRESS because the socket is in blocking mode
- if(-1 == retval)
- {
+ if (-1 == retval) {
if (errno == EACCES) {
LogError("Access denied to interface: " << interface);
return CKM_API_ERROR_ACCESS_DENIED;
return CKM_API_SUCCESS;
}
-bool SockRAII::isConnected() const {
+bool SockRAII::isConnected() const
+{
return (m_sock > -1);
}
-void SockRAII::disconnect() {
+void SockRAII::disconnect()
+{
if (isConnected())
close(m_sock);
m_sock = -1;
desc[0].fd = m_sock;
desc[0].events = event;
- while((-1 == (retval = poll(desc, 1, timeout))) && (errno == EINTR)) {
+ while ((-1 == (retval = poll(desc, 1, timeout))) && (errno == EINTR)) {
timeout >>= 1;
errno = 0;
}
- if (0 == retval) {
+ if (0 == retval)
LogDebug("Poll timeout");
- } else if(-1 == retval) {
+ else if (-1 == retval)
LogError("Error in poll: " << CKM::GetErrnoString(errno));
- }
+
return retval;
}
-int SockRAII::get() const {
+int SockRAII::get() const
+{
return m_sock;
}
-} // namespace anonymous
-
-namespace CKM {
-
AliasSupport::AliasSupport(const Alias &alias)
{
std::size_t separator_pos = alias.rfind(CKM::LABEL_NAME_SEPARATOR);
- if(separator_pos == Alias::npos)
- {
+ if (separator_pos == Alias::npos) {
m_label.clear();
m_name = alias;
} else {
Alias AliasSupport::merge(const Label &label, const Name &name)
{
- if(label.empty())
+ if (label.empty())
return name;
std::stringstream output;
return output.str();
}
-const Name & AliasSupport::getName() const {
+const Name & AliasSupport::getName() const
+{
return m_name;
}
-const Label & AliasSupport::getLabel() const {
+const Label & AliasSupport::getLabel() const
+{
return m_label;
}
-bool AliasSupport::isLabelEmpty() const {
+bool AliasSupport::isLabelEmpty() const
+{
return m_label.empty();
}
-ServiceConnection::ServiceConnection(const char *service_interface) {
- if(service_interface)
+ServiceConnection::ServiceConnection(const char *service_interface)
+{
+ if (service_interface)
m_serviceInterface = std::string(service_interface);
}
CKM::MessageBuffer &recv_buf)
{
int ec;
- if(CKM_API_SUCCESS != (ec = send(send_buf)))
+ if (CKM_API_SUCCESS != (ec = send(send_buf)))
return ec;
return receive(recv_buf);
int ServiceConnection::receive(CKM::MessageBuffer &recv_buf)
{
- if (!m_socket.isConnected())
- {
+ if (!m_socket.isConnected()) {
LogError("Not connected!");
return CKM_API_ERROR_SOCKET;
}
int ec = CKM_API_SUCCESS;
const size_t c_recv_buf_len = 2048;
char buffer[c_recv_buf_len];
- do
- {
- if( 0 >= m_socket.waitForSocket(POLLIN, POLL_TIMEOUT)) {
+ do {
+ if (0 >= m_socket.waitForSocket(POLLIN, POLL_TIMEOUT)) {
LogError("Error in WaitForSocket.");
ec = CKM_API_ERROR_SOCKET;
break;
buffer,
sizeof(buffer),
0));
- if(-1 == temp) {
+ if (-1 == temp) {
LogError("Error in read: " << CKM::GetErrnoString(errno));
ec = CKM_API_ERROR_SOCKET;
break;
CKM::RawBuffer raw(buffer, buffer+temp);
recv_buf.Push(raw);
- }
- while(!recv_buf.Ready());
+ } while (!recv_buf.Ready());
- if(ec != CKM_API_SUCCESS)
+ if (ec != CKM_API_SUCCESS)
m_socket.disconnect();
return ec;
return retval;
}
-void try_catch_async(const std::function<void()>& func, const std::function<void(int)>& error)
+void try_catch_async(const std::function<void()>& func,
+ const std::function<void(int)>& error)
{
try {
func();
} // namespace CKM
-static void init_lib(void) __attribute__ ((constructor));
+static void init_lib(void) __attribute__((constructor));
static void init_lib(void)
{
CKM::SetupClientLogSystem();
}
-static void fini_lib(void) __attribute__ ((destructor));
+static void fini_lib(void) __attribute__((destructor));
static void fini_lib(void)
{
-
}
namespace CKM {
-class AliasSupport
-{
+class AliasSupport {
public:
AliasSupport(const Alias &alias);
bool isLabelEmpty() const;
static Alias merge(const Label &label, const Name &alias);
+
private:
Name m_name;
Label m_label;
int receive(CKM::MessageBuffer &recv_buf);
virtual ~ServiceConnection();
+
protected:
int prepareConnection();
ControlImpl& operator=(const ControlImpl &) = delete;
ControlImpl& operator=(ControlImpl &&) = delete;
- virtual int unlockUserKey(uid_t user, const Password &password) {
+ virtual int unlockUserKey(uid_t user, const Password &password)
+ {
return try_catch([&] {
- if((int)user < 0) {
+ if ((int)user < 0)
return CKM_API_ERROR_INPUT_PARAM;
- }
MessageBuffer recv;
auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::UNLOCK_USER_KEY),
});
}
- virtual int lockUserKey(uid_t user) {
+ virtual int lockUserKey(uid_t user)
+ {
return try_catch([&] {
- if((int)user < 0) {
+ if ((int)user < 0)
return CKM_API_ERROR_INPUT_PARAM;
- }
MessageBuffer recv;
auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::LOCK_USER_KEY), user);
});
}
- virtual int removeUserData(uid_t user) {
+ virtual int removeUserData(uid_t user)
+ {
return try_catch([&] {
- if((int)user < 0) {
+ if ((int)user < 0)
return CKM_API_ERROR_INPUT_PARAM;
- }
MessageBuffer recv;
auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::REMOVE_USER_DATA), user);
});
}
- virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword) {
+ virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword)
+ {
return try_catch([&] {
- if((int)user < 0) {
+ if ((int)user < 0)
return CKM_API_ERROR_INPUT_PARAM;
- }
MessageBuffer recv;
auto send = MessageBuffer::Serialize(
});
}
- virtual int resetUserPassword(uid_t user, const Password &newPassword) {
+ virtual int resetUserPassword(uid_t user, const Password &newPassword)
+ {
return try_catch([&] {
- if((int)user < 0) {
+ if ((int)user < 0)
return CKM_API_ERROR_INPUT_PARAM;
- }
MessageBuffer recv;
auto send = MessageBuffer::Serialize(
});
}
- virtual int removeApplicationData(const Label &smackLabel) {
+ virtual int removeApplicationData(const Label &smackLabel)
+ {
return try_catch([&] {
- if (smackLabel.empty()) {
+ if (smackLabel.empty())
return CKM_API_ERROR_INPUT_PARAM;
- }
MessageBuffer recv;
auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::REMOVE_APP_DATA), smackLabel);
});
}
- virtual int updateCCMode() {
+ virtual int updateCCMode()
+ {
return try_catch([&] {
MessageBuffer recv;
auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::UPDATE_CC_MODE));
});
}
- virtual ~ControlImpl(){}
+ virtual ~ControlImpl()
+ {
+ }
+
private:
CKM::ServiceConnection m_controlConnection;
};
-ControlShPtr Control::create() {
+ControlShPtr Control::create()
+{
try {
return std::make_shared<ControlImpl>();
} catch (const std::bad_alloc &) {
#define ERRORDESCRIBE(name) case name: return #name
namespace CKM {
-__attribute__ ((visibility ("default")))
-const char * ErrorToString(int error) {
- switch(error) {
+__attribute__((visibility("default")))
+
+const char * ErrorToString(int error)
+{
+ switch (error) {
ERRORDESCRIBE(CKM_API_SUCCESS);
ERRORDESCRIBE(CKM_API_ERROR_SOCKET);
ERRORDESCRIBE(CKM_API_ERROR_BAD_REQUEST);
CertificateShPtrVector &certificateChainVector)
{
return try_catch([&] {
-
MessageBuffer recv;
auto send = MessageBuffer::Serialize(static_cast<int>(command),
counter,
RawBufferVector rawBufferVector;
recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
- if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
+ if ((counter != retCounter) || (static_cast<int>(command) != retCommand))
return CKM_API_ERROR_UNKNOWN;
- }
- if (retCode != CKM_API_SUCCESS) {
+ if (retCode != CKM_API_SUCCESS)
return retCode;
- }
for (auto &e: rawBufferVector) {
CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
});
}
-int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
+int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy)
+{
if (key.get() == NULL)
return CKM_API_ERROR_INPUT_PARAM;
Try {
return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
- } Catch (DataType::Exception::Base) {
+ } Catch(DataType::Exception::Base) {
LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
}
return CKM_API_ERROR_INPUT_PARAM;
return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
}
-int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
+int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy)
+{
if (!policy.extractable)
return CKM_API_ERROR_INPUT_PARAM;
return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
const Policy &keyPolicy,
const Policy &certPolicy)
{
- if (alias.empty() || pkcs.get()==NULL)
+ if (alias.empty() || pkcs.get() == NULL)
return CKM_API_ERROR_INPUT_PARAM;
int my_counter = ++m_counter;
});
}
-int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
+int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr &key)
+{
DataType recvDataType;
RawBuffer rawData;
return retCode;
KeyShPtr keyParsed;
- if(DataType::KEY_AES == recvDataType)
+ if (DataType::KEY_AES == recvDataType)
keyParsed = KeyShPtr(new KeyAESImpl(rawData));
else
keyParsed = KeyShPtr(new KeyImpl(rawData));
int tmpDataType;
LabelNameVector labelNameVector;
recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
- if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) {
+ if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter))
return CKM_API_ERROR_UNKNOWN;
- }
- for(const auto &it : labelNameVector)
- aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
+ for (const auto &it : labelNameVector)
+ aliasVector.push_back(AliasSupport::merge(it.first, it.second));
return retCode;
});
}
-int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector) {
+int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
+{
// in fact datatype has no meaning here - if not certificate or binary data
// then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
}
-int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector) {
+int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
+{
return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
}
-int Manager::Impl::getDataAliasVector(AliasVector &aliasVector) {
+int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
+{
return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
}
int my_counter = ++m_counter;
return try_catch([&] {
-
MessageBuffer recv;
AliasSupport aliasHelper(keyAlias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
int command;
int counter;
recv.Deserialize(command, counter, retCode);
- if (counter != my_counter) {
+ if (counter != my_counter)
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
{
// input type check
CryptoAlgorithm keyGenAlgorithm;
- switch(key_type)
- {
+ switch (key_type) {
case KeyType::KEY_RSA_PUBLIC:
case KeyType::KEY_RSA_PRIVATE:
keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
int my_counter = ++m_counter;
return try_catch([&] {
-
MessageBuffer recv;
AliasSupport privateHelper(privateKeyAlias);
AliasSupport publicHelper(publicKeyAlias);
int command;
int counter;
recv.Deserialize(command, counter, retCode);
- if (counter != my_counter) {
+ if (counter != my_counter)
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
RawBufferVector untrustedVector;
RawBufferVector trustedVector;
- if(!certificate || certificate->empty())
+ if (!certificate || certificate->empty())
return CKM_API_ERROR_INPUT_PARAM;
- for (auto &e: untrustedCertificates) {
+ for (auto &e: untrustedCertificates)
untrustedVector.push_back(e->getDER());
- }
- for (auto &e: trustedCertificates) {
+
+ for (auto &e: trustedCertificates)
trustedVector.push_back(e->getDER());
- }
return getCertChain(
m_storageConnection,
LabelNameVector untrustedVector;
LabelNameVector trustedVector;
- if(!certificate || certificate->empty())
+ if (!certificate || certificate->empty())
return CKM_API_ERROR_INPUT_PARAM;
for (auto &e: untrustedCertificates) {
int my_counter = ++m_counter;
return try_catch([&] {
-
MessageBuffer recv;
AliasSupport helper(privateKeyAlias);
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
|| (counter != my_counter))
- {
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
|| (counter != my_counter))
- {
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
int counter;
recv.Deserialize(counter, retCode, ocspStatus);
- if (my_counter != counter) {
+ if (my_counter != counter)
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
int counter;
recv.Deserialize(command, counter, retCode);
- if (my_counter != counter) {
+ if (my_counter != counter)
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
int counter;
recv.Deserialize(retCommand, counter, retCode, output);
- if (my_counter != counter || retCommand != static_cast<int>(command)) {
+ if (my_counter != counter || retCommand != static_cast<int>(command))
return CKM_API_ERROR_UNKNOWN;
- }
return retCode;
});
class Manager::Impl {
public:
Impl();
- virtual ~Impl(){}
+ virtual ~Impl() {}
int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
int getKey(const Alias &alias, const Password &password, KeyShPtr &key);
: m_impl(new Impl())
{}
-Manager::~Manager(){}
+Manager::~Manager() {}
-int Manager::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
+int Manager::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy)
+{
return m_impl->saveKey(alias, key, policy);
}
-int Manager::saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) {
+int Manager::saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy)
+{
return m_impl->saveCertificate(alias, cert, policy);
}
return m_impl->savePKCS12(alias, pkcs, keyPolicy, certPolicy);
}
-int Manager::saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) {
+int Manager::saveData(const Alias &alias, const RawBuffer &data, const Policy &policy)
+{
return m_impl->saveData(alias, data, policy);
}
-int Manager::removeAlias(const Alias &alias) {
+int Manager::removeAlias(const Alias &alias)
+{
return m_impl->removeAlias(alias);
}
-int Manager::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
+int Manager::getKey(const Alias &alias, const Password &password, KeyShPtr &key)
+{
return m_impl->getKey(alias, password, key);
}
return m_impl->getCertificate(alias, password, certificate);
}
-int Manager::getData(const Alias &alias, const Password &password, RawBuffer &data) {
+int Manager::getData(const Alias &alias, const Password &password, RawBuffer &data)
+{
return m_impl->getData(alias, password, data);
}
-int Manager::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) {
+int Manager::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
+{
return m_impl->getPKCS12(alias, pkcs);
}
return m_impl->getPKCS12(alias, keyPass, certPass, pkcs);
}
-int Manager::getKeyAliasVector(AliasVector &aliasVector) {
+int Manager::getKeyAliasVector(AliasVector &aliasVector)
+{
return m_impl->getKeyAliasVector(aliasVector);
}
-int Manager::getCertificateAliasVector(AliasVector &aliasVector) {
+int Manager::getCertificateAliasVector(AliasVector &aliasVector)
+{
return m_impl->getCertificateAliasVector(aliasVector);
}
-int Manager::getDataAliasVector(AliasVector &aliasVector) {
+int Manager::getDataAliasVector(AliasVector &aliasVector)
+{
return m_impl->getDataAliasVector(aliasVector);
}
cAlg);
}
-int Manager::ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) {
+int Manager::ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus)
+{
return m_impl->ocspCheck(certificateChainVector, ocspStatus);
}
return m_impl->decrypt(algo, keyAlias, password, encrypted, decrypted);
}
-ManagerShPtr Manager::create() {
+ManagerShPtr Manager::create()
+{
try {
return std::make_shared<Manager>();
} catch (...) {
#include <ckm/ckm-type.h>
#include <cassert>
-namespace CKM
-{
+namespace CKM {
bool CryptoAlgorithm::BufferParam::getBuffer(RawBuffer& buffer) const
{
ThrowMsg(Exception::AlreadyFinalized, "Already finalized");
}
- if (!m_b64) {
+ if (!m_b64)
reset();
- }
+
BIO_write(m_b64, data.data(), data.size());
}
ThrowMsg(Exception::InternalError, "Bio internal error");
}
- if (bptr->length > 0) {
+ if (bptr->length > 0)
return RawBuffer(bptr->data, bptr->data + bptr->length);
- }
+
return RawBuffer();
}
whiteCharacter),
m_input.end());
- for (size_t i = 0; i<m_input.size(); ++i) {
+ for (size_t i = 0; i < m_input.size(); ++i) {
if (isalnum(m_input[i])
|| m_input[i] == '+'
|| m_input[i] == '/'
|| m_input[i] == '=')
- {
continue;
- }
+
LogError("Base64 input contains illegal chars: " << m_input[i]);
return false;
}
namespace CKM {
-class COMMON_API Base64Encoder
-{
+class COMMON_API Base64Encoder {
public:
NONCOPYABLE(Base64Encoder)
- class Exception
- {
+ class Exception {
public:
DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, InternalError)
bool m_finalized;
};
-class COMMON_API Base64Decoder
-{
+class COMMON_API Base64Decoder {
public:
NONCOPYABLE(Base64Decoder)
- class Exception
- {
+ class Exception {
public:
DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, InternalError)
if (!m_x509) {
// TODO
LogError("Certificate could not be parsed.");
-// ThrowMsg(Exception::OpensslInternalError,
-// "Internal Openssl error in d2i_X509 function.");
+// ThrowMsg(Exception::OpensslInternalError,
+// "Internal Openssl error in d2i_X509 function.");
}
}
m_x509 = x509;
}
-CertificateImpl::CertificateImpl(const CertificateImpl &second){
+CertificateImpl::CertificateImpl(const CertificateImpl &second)
+{
m_x509 = X509_dup(second.m_x509);
}
-CertificateImpl::CertificateImpl(CertificateImpl &&second) {
+CertificateImpl::CertificateImpl(CertificateImpl &&second)
+{
m_x509 = second.m_x509;
second.m_x509 = NULL;
LogDebug("Certificate moved: " << (void*)m_x509);
}
-CertificateImpl& CertificateImpl::operator=(CertificateImpl &&second) {
+CertificateImpl& CertificateImpl::operator=(CertificateImpl &&second)
+{
if (this == &second)
return *this;
- if(m_x509)
+ if (m_x509)
X509_free(m_x509);
m_x509 = second.m_x509;
second.m_x509 = NULL;
return *this;
}
-CertificateImpl& CertificateImpl::operator=(const CertificateImpl &second) {
+CertificateImpl& CertificateImpl::operator=(const CertificateImpl &second)
+{
if (this == &second)
return *this;
- if(m_x509)
+ if (m_x509)
X509_free(m_x509);
m_x509 = X509_dup(second.m_x509);
return *this;
}
-X509* CertificateImpl::getX509() const {
+X509* CertificateImpl::getX509() const
+{
return m_x509;
}
-RawBuffer CertificateImpl::getDER(void) const {
+RawBuffer CertificateImpl::getDER(void) const
+{
unsigned char *rawDer = NULL;
int size = i2d_X509(m_x509, &rawDer);
if (!rawDer || size <= 0) {
return output;
}
-bool CertificateImpl::empty() const {
+bool CertificateImpl::empty() const
+{
return m_x509 == NULL;
}
-KeyImpl::EvpShPtr CertificateImpl::getEvpShPtr() const {
+KeyImpl::EvpShPtr CertificateImpl::getEvpShPtr() const
+{
return KeyImpl::EvpShPtr(X509_get_pubkey(m_x509), EVP_PKEY_free);
}
-KeyImpl CertificateImpl::getKeyImpl() const {
+KeyImpl CertificateImpl::getKeyImpl() const
+{
KeyImpl::EvpShPtr evp(X509_get_pubkey(m_x509), EVP_PKEY_free);
- switch(EVP_PKEY_type(evp->type))
- {
+ switch (EVP_PKEY_type(evp->type)) {
case EVP_PKEY_RSA:
return KeyImpl(evp, KeyType::KEY_RSA_PUBLIC);
case EVP_PKEY_DSA:
return KeyImpl();
}
-X509_NAME *getX509Name(X509 *x509, CertificateFieldId type) {
+X509_NAME *getX509Name(X509 *x509, CertificateFieldId type)
+{
if (!x509)
return NULL;
return std::string(buffer);
}
-std::string CertificateImpl::getField(CertificateFieldId type, int fieldNid) const {
+std::string CertificateImpl::getField(CertificateFieldId type, int fieldNid) const
+{
X509_NAME *subjectName = getX509Name(m_x509, type);
X509_NAME_ENTRY *subjectEntry = NULL;
for (int i = 0; i < entryCount; ++i) {
subjectEntry = X509_NAME_get_entry(subjectName, i);
- if (!subjectEntry) {
+ if (!subjectEntry)
continue;
- }
int nid = OBJ_obj2nid(
static_cast<ASN1_OBJECT*>(
X509_NAME_ENTRY_get_object(subjectEntry)));
- if (nid != fieldNid) {
+ if (nid != fieldNid)
continue;
- }
ASN1_STRING* pASN1Str = subjectEntry->value;
return std::string();
}
-std::string CertificateImpl::getCommonName(CertificateFieldId type) const {
+std::string CertificateImpl::getCommonName(CertificateFieldId type) const
+{
return getField(type, NID_commonName);
}
-std::string CertificateImpl::getCountryName(CertificateFieldId type) const {
+std::string CertificateImpl::getCountryName(CertificateFieldId type) const
+{
return getField(type, NID_countryName);
}
-std::string CertificateImpl::getStateOrProvinceName(CertificateFieldId type) const {
+std::string CertificateImpl::getStateOrProvinceName(CertificateFieldId type) const
+{
return getField(type, NID_stateOrProvinceName);
}
-std::string CertificateImpl::getLocalityName(CertificateFieldId type) const {
+std::string CertificateImpl::getLocalityName(CertificateFieldId type) const
+{
return getField(type, NID_localityName);
}
-std::string CertificateImpl::getOrganizationName(CertificateFieldId type) const {
+std::string CertificateImpl::getOrganizationName(CertificateFieldId type) const
+{
return getField(type, NID_organizationName);
}
-std::string CertificateImpl::getOrganizationalUnitName(CertificateFieldId type) const {
+std::string CertificateImpl::getOrganizationalUnitName(CertificateFieldId type) const
+{
return getField(type, NID_organizationalUnitName);
}
-std::string CertificateImpl::getEmailAddres(CertificateFieldId type) const {
+std::string CertificateImpl::getEmailAddres(CertificateFieldId type) const
+{
return getField(type, NID_pkcs9_emailAddress);
}
-std::string CertificateImpl::getOCSPURL() const {
+std::string CertificateImpl::getOCSPURL() const
+{
if (!m_x509)
return std::string();
return result;
}
-CertificateImpl::~CertificateImpl() {
- if(m_x509)
+CertificateImpl::~CertificateImpl()
+{
+ if (m_x509)
X509_free(m_x509);
}
-CertificateShPtr Certificate::create(const RawBuffer &rawBuffer, DataFormat format) {
+CertificateShPtr Certificate::create(const RawBuffer &rawBuffer, DataFormat format)
+{
try {
CertificateShPtr output = std::make_shared<CertificateImpl>(rawBuffer, format);
if (output->empty())
std::string getOCSPURL() const;
virtual ~CertificateImpl();
+
protected:
X509* m_x509;
};
#include <generic-socket-manager.h>
#include <message-buffer.h>
-namespace CKM
-{
+namespace CKM {
struct ConnectionInfo {
InterfaceID interfaceID;
MessageBuffer buffer;
void lockingCallback(int mode, int type, const char*, int)
{
- if(!g_mutexes) {
+ if (!g_mutexes) {
LogError("Openssl mutexes do not exist");
return;
}
g_mutexes[type].unlock();
}
-unsigned long threadIdCallback() {
+unsigned long threadIdCallback()
+{
std::hash<std::thread::id> hasher;
return hasher(std::this_thread::get_id());
}
} // namespace anonymous
-void initOpenSsl() {
+void initOpenSsl()
+{
// Loads all error strings (crypto and ssl)
SSL_load_error_strings();
OPENSSL_config(NULL);
// enable FIPS mode by default
- if(0 == FIPS_mode_set(1)) {
+ if (0 == FIPS_mode_set(1))
LogWarning("Failed to set FIPS mode. Key-manager will be operated in non FIPS mode.");
- }
/*
* Initialize entropy
int ret = 0;
std::ifstream ifile(DEV_HW_RANDOM_FILE);
- if(ifile.is_open())
- ret= RAND_load_file(DEV_HW_RANDOM_FILE, RANDOM_BUFFER_LEN);
+ if (ifile.is_open())
+ ret = RAND_load_file(DEV_HW_RANDOM_FILE, RANDOM_BUFFER_LEN);
- if(ret != RANDOM_BUFFER_LEN ){
+ if (ret != RANDOM_BUFFER_LEN) {
LogWarning("Error in HW_RAND file load");
ret = RAND_load_file(DEV_URANDOM_FILE, RANDOM_BUFFER_LEN);
- if(ret != RANDOM_BUFFER_LEN)
+ if (ret != RANDOM_BUFFER_LEN)
LogError("Error in U_RAND_file_load");
}
opensslInstallLocks();
}
-void deinitOpenSsl() {
+void deinitOpenSsl()
+{
opensslUninstallLocks();
CONF_modules_unload(1);
EVP_cleanup();
deinitOpenSslThread();
}
-void deinitOpenSslThread() {
+void deinitOpenSslThread()
+{
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
}
typedef void(*initFnPtr)();
// has to be atomic as storing function pointer is not an atomic operation on armv7l
-std::atomic<initFnPtr> initFn (&initOpenSslAndDetach);
+std::atomic<initFnPtr> initFn(&initOpenSslAndDetach);
void initEmpty() {}
-void initOpenSslAndDetach() {
+void initOpenSslAndDetach()
+{
// DCLP
std::lock_guard<std::mutex> lock(cryptoInitMutex);
/*
* We don't care about memory ordering here. Current thread will order it correctly and for
* other threads only store matters. Also only one thread can be here at once because of lock.
*/
- if(initFn.load(std::memory_order_relaxed) != &initEmpty)
- {
+ if (initFn.load(std::memory_order_relaxed) != &initEmpty) {
initOpenSsl();
/*
} // namespace anonymous
-void initOpenSslOnce() {
+void initOpenSslOnce()
+{
/*
* Synchronizes with store. Everything that happened before store in another thread will be
* visible in this thread after load.
#include <data-type.h>
-namespace CKM
-{
+namespace CKM {
-DataType::DataType()
- : m_dataType(BINARY_DATA)
-{}
+DataType::DataType() :
+ m_dataType(BINARY_DATA)
+{
+}
DataType::DataType(Type data)
: m_dataType(data)
}
DataType::DataType(KeyType key) {
- switch(key) {
+ switch (key) {
case KeyType::KEY_RSA_PUBLIC: m_dataType = DataType::KEY_RSA_PUBLIC; break;
case KeyType::KEY_RSA_PRIVATE: m_dataType = DataType::KEY_RSA_PRIVATE; break;
case KeyType::KEY_DSA_PUBLIC: m_dataType = DataType::KEY_DSA_PUBLIC; break;
}
}
-DataType::DataType(AlgoType algorithmType) {
- switch(algorithmType) {
+DataType::DataType(AlgoType algorithmType)
+{
+ switch (algorithmType) {
case AlgoType::AES_CTR:
case AlgoType::AES_CBC:
case AlgoType::AES_GCM:
}
}
-DataType::DataType(int data)
- : m_dataType(static_cast<Type>(data))
+DataType::DataType(int data) :
+ m_dataType(static_cast<Type>(data))
{
if (!isInRange(data))
ThrowMsg(Exception::OutOfRange, "Invalid conversion from int=" << data << " to DBDataType");
}
-DataType::operator int () const {
+DataType::operator int () const
+{
return static_cast<int>(m_dataType);
}
-DataType::operator KeyType () const {
- switch(m_dataType) {
+DataType::operator KeyType () const
+{
+ switch (m_dataType) {
case DataType::KEY_RSA_PUBLIC: return KeyType::KEY_RSA_PUBLIC;
case DataType::KEY_RSA_PRIVATE: return KeyType::KEY_RSA_PRIVATE;
case DataType::KEY_DSA_PUBLIC: return KeyType::KEY_DSA_PUBLIC;
default:
ThrowMsg(Exception::OutOfRange,
"Invalid conversion from DBDataType=" << static_cast<int>(m_dataType) <<
- " to KeyType" );
+ " to KeyType");
}
}
-bool DataType::operator==(const DataType &second) const {
+bool DataType::operator==(const DataType &second) const
+{
return m_dataType == second.m_dataType;
}
-bool DataType::isKey() const {
+bool DataType::isKey() const
+{
if (DB_KEY_FIRST <= m_dataType && DB_KEY_LAST >= m_dataType)
return true;
return false;
}
-bool DataType::isSKey() const {
+bool DataType::isSKey() const
+{
return (KEY_AES == m_dataType);
}
-bool DataType::isChainCert() const {
+bool DataType::isChainCert() const
+{
if (DB_CHAIN_FIRST <= m_dataType && DB_CHAIN_LAST >= m_dataType)
return true;
return false;
}
-bool DataType::isKeyPrivate() const {
+bool DataType::isKeyPrivate() const
+{
switch (m_dataType) {
case KEY_RSA_PRIVATE:
case KEY_DSA_PRIVATE:
}
}
-bool DataType::isKeyPublic() const {
+bool DataType::isKeyPublic() const
+{
switch (m_dataType) {
case KEY_RSA_PUBLIC:
case KEY_DSA_PUBLIC:
}
}
-bool DataType::isCertificate() const {
+bool DataType::isCertificate() const
+{
return m_dataType == CERTIFICATE;
}
-bool DataType::isBinaryData() const {
+bool DataType::isBinaryData() const
+{
return m_dataType == BINARY_DATA;
}
-bool DataType::isInRange(int data) {
+bool DataType::isInRange(int data)
+{
if (data < static_cast<int>(DB_FIRST))
return false;
if (data > static_cast<int>(DB_LAST))
static DataType getChainDatatype(unsigned int index);
// it's not virtual for a reason!
- ~DataType(){}
+ ~DataType() {}
private:
Type m_dataType;
virtual ~Exception() noexcept {}
- virtual const char *what(void) const noexcept {
+ virtual const char *what(void) const noexcept
+ {
return m_message.c_str();
}
- virtual std::string message(void) const {
+ virtual std::string message(void) const
+ {
std::ostringstream msg;
msg << "[" << m_path << ":" << m_line << " " << m_function << "()] " << m_message;
return msg.str();
DefineException(const char *path, const char *function, int line, const Args&... args)
: Exception(path, function, line, Stringify::Merge(args...))
{
- Before(m_path, m_function, m_line, DefineException<Error,Stringify,Before,After>::error(), m_message);
+ Before(m_path, m_function, m_line, DefineException<Error, Stringify, Before, After>::error(), m_message);
}
- ~DefineException() noexcept {
- After(m_path, m_function, m_line, DefineException<Error,Stringify,Before,After>::error(), m_message);
+ ~DefineException() noexcept
+ {
+ After(m_path, m_function, m_line, DefineException<Error, Stringify, Before, After>::error(), m_message);
}
- virtual int error(void) const {
+ virtual int error(void) const
+ {
return Error;
}
};
KeyAESImpl::KeyAESImpl(const RawBuffer &buf) : m_key(buf)
{
// buf stores bytes -> compare the bit sizes
- switch(buf.size() * 8)
- {
- case 128:
- case 192:
- case 256:
- break;
+ switch (buf.size() * 8) {
+ case 128:
+ case 192:
+ case 256:
+ break;
- default:
- throw std::invalid_argument("invalid AES key size");
+ default:
+ throw std::invalid_argument("invalid AES key size");
}
}
-bool KeyAESImpl::empty() const {
+bool KeyAESImpl::empty() const
+{
return (getSize() == 0);
}
-KeyType KeyAESImpl::getType() const {
+KeyType KeyAESImpl::getType() const
+{
return KeyType::KEY_AES;
}
-RawBuffer KeyAESImpl::getDER() const {
+RawBuffer KeyAESImpl::getDER() const
+{
return m_key;
}
-int KeyAESImpl::getSize() const {
+int KeyAESImpl::getSize() const
+{
return m_key.size();
}
-KeyShPtr Key::createAES(const RawBuffer &raw) {
+KeyShPtr Key::createAES(const RawBuffer &raw)
+{
try {
KeyShPtr output = std::make_shared<KeyAESImpl>(raw);
if (output->empty())
typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr;
-int passcb(char *buff, int size, int rwflag, void *userdata) {
+int passcb(char *buff, int size, int rwflag, void *userdata)
+{
(void) rwflag;
Password *ptr = static_cast<Password*>(userdata);
if (ptr == NULL)
typedef int(*I2D_CONV)(BIO*, EVP_PKEY*);
-CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) {
+CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey)
+{
BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
if (NULL == pkey) {
KeyImpl::KeyImpl()
: m_pkey(NULL, EVP_PKEY_free)
, m_type(KeyType::KEY_NONE)
-{}
+{
+}
-KeyImpl::KeyImpl(const KeyImpl &second) {
+KeyImpl::KeyImpl(const KeyImpl &second)
+{
m_pkey = second.m_pkey;
m_type = second.m_type;
}
-KeyImpl::KeyImpl(const RawBuffer &buf, const Password &password)
- : m_pkey(NULL, EVP_PKEY_free)
- , m_type(KeyType::KEY_NONE)
+KeyImpl::KeyImpl(const RawBuffer &buf, const Password &password) :
+ m_pkey(NULL, EVP_PKEY_free),
+ m_type(KeyType::KEY_NONE)
{
bool isPrivate = false;
EVP_PKEY *pkey = NULL;
m_pkey.reset(pkey, EVP_PKEY_free);
- switch(EVP_PKEY_type(pkey->type))
- {
+ switch (EVP_PKEY_type(pkey->type)) {
case EVP_PKEY_RSA:
m_type = isPrivate ? KeyType::KEY_RSA_PRIVATE : KeyType::KEY_RSA_PUBLIC;
break;
LogDebug("KeyType is: " << (int)m_type << " isPrivate: " << isPrivate);
}
-KeyImpl::KeyImpl(EvpShPtr pkey, KeyType type) : m_pkey(pkey), m_type(type)
+KeyImpl::KeyImpl(EvpShPtr pkey, KeyType type) :
+ m_pkey(pkey),
+ m_type(type)
{
int expected_type = EVP_PKEY_NONE;
- switch(type)
- {
+ switch (type) {
case KeyType::KEY_RSA_PRIVATE:
case KeyType::KEY_RSA_PUBLIC:
expected_type = EVP_PKEY_RSA;
// verify if actual key type matches the expected tpe
int given_key_type = EVP_PKEY_type(pkey->type);
- if(given_key_type==EVP_PKEY_NONE || expected_type!=given_key_type)
- {
+ if (given_key_type == EVP_PKEY_NONE || expected_type != given_key_type) {
m_pkey.reset();
m_type = KeyType::KEY_NONE;
}
}
-bool KeyImpl::empty() const {
+bool KeyImpl::empty() const
+{
return m_pkey.get() == NULL;
}
-KeyImpl::EvpShPtr KeyImpl::getEvpShPtr() const {
+KeyImpl::EvpShPtr KeyImpl::getEvpShPtr() const
+{
return m_pkey;
}
-KeyType KeyImpl::getType() const {
+KeyType KeyImpl::getType() const
+{
return m_type;
}
-RawBuffer KeyImpl::getDERPRV() const {
+RawBuffer KeyImpl::getDERPRV() const
+{
return i2d(i2d_PrivateKey_bio, m_pkey.get());
}
-RawBuffer KeyImpl::getDERPUB() const {
+RawBuffer KeyImpl::getDERPUB() const
+{
return i2d(i2d_PUBKEY_bio, m_pkey.get());
}
-RawBuffer KeyImpl::getDER() const {
- switch(m_type)
- {
+RawBuffer KeyImpl::getDER() const
+{
+ switch (m_type) {
case KeyType::KEY_RSA_PRIVATE:
case KeyType::KEY_DSA_PRIVATE:
case KeyType::KEY_ECDSA_PRIVATE:
return RawBuffer();
}
-KeyShPtr Key::create(const RawBuffer &raw, const Password &password) {
+KeyShPtr Key::create(const RawBuffer &raw, const Password &password)
+{
try {
KeyShPtr output = std::make_shared<KeyImpl>(raw, password);
if (output->empty())
virtual RawBuffer getDERPUB() const;
virtual RawBuffer getDERPRV() const;
virtual EvpShPtr getEvpShPtr() const;
- virtual ElipticCurve getCurve() const {
+ virtual ElipticCurve getCurve() const
+ {
// TODO
return ElipticCurve::prime192v1;
}
- virtual int getSize() const {
+ virtual int getSize() const
+ {
// TODO
return 0;
}
virtual bool empty() const;
- virtual ~KeyImpl(){}
+ virtual ~KeyImpl() {}
+
protected:
EvpShPtr m_pkey;
KeyType m_type;
* Reads central-key-manager service environment file. This configuration may be later applied to
* client so that it uses the same logging method.
*/
-class EnvFileParser
-{
+class EnvFileParser {
public:
EnvFileParser();
virtual ~EnvFileParser() {}
std::ifstream is(SYSTEMD_ENV_FILE);
LogDebug("Reading env file: " SYSTEMD_ENV_FILE);
- while(is.good()) {
+ while (is.good()) {
std::string line;
std::getline(is, line);
if (0 == line.compare(0, PROVIDER_MATCH.size(), PROVIDER_MATCH)) {
m_provider = line.substr(PROVIDER_MATCH.size());
LogDebug("Log provider: " << m_provider);
- }
- else if (0 == line.compare(0, LEVEL_MATCH.size(), LEVEL_MATCH)) {
+ } else if (0 == line.compare(0, LEVEL_MATCH.size(), LEVEL_MATCH)) {
m_level = line.substr(LEVEL_MATCH.size());
LogDebug("Log level: " << m_level);
}
namespace CKM {
-void MessageBuffer::Push(const RawBuffer &data) {
+void MessageBuffer::Push(const RawBuffer &data)
+{
m_buffer.AppendCopy(&data[0], data.size());
}
-RawBuffer MessageBuffer::Pop() {
+RawBuffer MessageBuffer::Pop()
+{
size_t size = m_buffer.Size();
RawBuffer buffer;
buffer.resize(size + sizeof(size_t));
return buffer;
}
-bool MessageBuffer::Ready() {
+bool MessageBuffer::Ready()
+{
CountBytesLeft();
if (m_bytesLeft == 0)
return false;
return true;
}
-void MessageBuffer::Read(size_t num, void *bytes) {
+void MessageBuffer::Read(size_t num, void *bytes)
+{
CountBytesLeft();
if (num > m_bytesLeft) {
LogDebug("Protocol broken. OutOfData. Asked for: " << num << " Ready: " << m_bytesLeft << " Buffer.size(): " << m_buffer.Size());
m_bytesLeft -= num;
}
-void MessageBuffer::Write(size_t num, const void *bytes) {
+void MessageBuffer::Write(size_t num, const void *bytes)
+{
m_buffer.AppendCopy(bytes, num);
}
class COMMON_API MessageBuffer : public CKM::IStream {
public:
- class Exception
- {
+ class Exception {
public:
DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, OutOfData)
};
- MessageBuffer()
- : m_bytesLeft(0)
- {}
+ MessageBuffer() :
+ m_bytesLeft(0)
+ {
+ }
MessageBuffer(MessageBuffer&&) = default;
MessageBuffer& operator=(MessageBuffer&&) = default;
// generic serialization
template <typename... Args>
- static MessageBuffer Serialize( const Args&... args) {
+ static MessageBuffer Serialize(const Args&... args)
+ {
MessageBuffer buffer;
Serializer<Args...>::Serialize(buffer, args...);
return buffer;
// generic deserialization
template <typename... Args>
- void Deserialize(Args&... args) {
+ void Deserialize(Args&... args)
+ {
Deserializer<Args...>::Deserialize(*this, args...);
}
protected:
-
- inline void CountBytesLeft() {
+ inline void CountBytesLeft()
+ {
if (m_bytesLeft > 0)
return; // we already counted m_bytesLeft nothing to do
typedef std::unique_ptr<X509_STORE_CTX, void(*)(X509_STORE_CTX*)> X509_STORE_CTX_PTR;
typedef std::unique_ptr<STACK_OF(X509), void(*)(STACK_OF(X509)*)> X509_STACK_PTR;
-inline X509_STACK_PTR create_x509_stack() {
+inline X509_STACK_PTR create_x509_stack()
+{
return X509_STACK_PTR(sk_X509_new_null(), [](STACK_OF(X509)* stack) { sk_X509_free(stack); });
}
-inline X509_STORE_CTX_PTR create_x509_store_ctx() {
- return X509_STORE_CTX_PTR(X509_STORE_CTX_new(),X509_STORE_CTX_free);
+inline X509_STORE_CTX_PTR create_x509_store_ctx()
+{
+ return X509_STORE_CTX_PTR(X509_STORE_CTX_new(), X509_STORE_CTX_free);
}
} // namespace CKM
-
if (pkey) {
KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free);
- switch(EVP_PKEY_type(pkey->type))
- {
+ switch (EVP_PKEY_type(pkey->type)) {
case EVP_PKEY_RSA:
m_pkey = std::make_shared<KeyImpl>(ptr, KeyType::KEY_RSA_PRIVATE);
break;
}
}
- if (cert) {
+ if (cert)
m_cert = std::make_shared<CertificateImpl>(cert, false);
- }
if (ca) {
while (sk_X509_num(ca) > 0) {
}
}
-PKCS12Impl::PKCS12Impl(const PKCS12 &other)
- : m_pkey(other.getKey()),
- m_cert(other.getCertificate()),
- m_ca(other.getCaCertificateShPtrVector())
+PKCS12Impl::PKCS12Impl(const PKCS12 &other) :
+ m_pkey(other.getKey()),
+ m_cert(other.getCertificate()),
+ m_ca(other.getCaCertificateShPtrVector())
{
}
-PKCS12Impl::PKCS12Impl(PKCS12Impl &&other)
- : m_pkey(std::move(other.m_pkey)),
- m_cert(std::move(other.m_cert)),
- m_ca(std::move(other.m_ca))
+PKCS12Impl::PKCS12Impl(PKCS12Impl &&other) :
+ m_pkey(std::move(other.m_pkey)),
+ m_cert(std::move(other.m_cert)),
+ m_ca(std::move(other.m_ca))
{
}
-PKCS12Impl::PKCS12Impl(const PKCS12Impl &other)
- : m_pkey(other.getKey()),
- m_cert(other.getCertificate()),
- m_ca(other.getCaCertificateShPtrVector())
+PKCS12Impl::PKCS12Impl(const PKCS12Impl &other) :
+ m_pkey(other.getKey()),
+ m_cert(other.getCertificate()),
+ m_ca(other.getCaCertificateShPtrVector())
{
}
PKCS12Impl& PKCS12Impl::operator=(const PKCS12Impl &other)
{
- if(this != &other)
- {
+ if (this != &other) {
m_pkey = other.getKey();
m_cert = other.getCertificate();
m_ca = other.getCaCertificateShPtrVector();
return *this;
}
-KeyShPtr PKCS12Impl::getKey() const {
+KeyShPtr PKCS12Impl::getKey() const
+{
return m_pkey;
}
-CertificateShPtr PKCS12Impl::getCertificate() const {
+CertificateShPtr PKCS12Impl::getCertificate() const
+{
return m_cert;
}
-CertificateShPtrVector PKCS12Impl::getCaCertificateShPtrVector() const {
+CertificateShPtrVector PKCS12Impl::getCaCertificateShPtrVector() const
+{
return m_ca;
}
-bool PKCS12Impl::empty() const {
+bool PKCS12Impl::empty() const
+{
return m_pkey.get() == NULL && m_cert.get() == NULL && m_ca.empty();
}
PKCS12Impl::~PKCS12Impl()
-{}
+{
+}
-PKCS12ShPtr PKCS12::create(const RawBuffer &rawBuffer, const Password &password) {
+PKCS12ShPtr PKCS12::create(const RawBuffer &rawBuffer, const Password &password)
+{
try {
auto output = std::make_shared<PKCS12Impl>(rawBuffer, password);
if (output->empty())
char const * const LABEL_NAME_SEPARATOR = " ";
char const * const OWNER_ID_SYSTEM = "/System";
-PKCS12Serializable::PKCS12Serializable() {}
+PKCS12Serializable::PKCS12Serializable()
+{
+}
+
PKCS12Serializable::PKCS12Serializable(const PKCS12 &pkcs)
: PKCS12Impl(pkcs)
-{}
+{
+}
PKCS12Serializable::PKCS12Serializable(IStream &stream)
{
// key
size_t numKeys;
Deserialization::Deserialize(stream, numKeys);
- if(numKeys > 0) {
+ if (numKeys > 0) {
int keyType;
RawBuffer keyData;
Deserialization::Deserialize(stream, keyType);
// cert
size_t numCerts;
Deserialization::Deserialize(stream, numCerts);
- if(numCerts > 0) {
+ if (numCerts > 0) {
RawBuffer certData;
Deserialization::Deserialize(stream, certData);
m_cert = CKM::Certificate::create(certData, DataFormat::FORM_DER);
// CA chain
size_t num_CA;
Deserialization::Deserialize(stream, num_CA);
- for(size_t i=0; i<num_CA; i++)
- {
+ for (size_t i=0; i < num_CA; i++) {
RawBuffer CAcertData;
Deserialization::Deserialize(stream, CAcertData);
m_ca.push_back(CKM::Certificate::create(CAcertData, DataFormat::FORM_DER));
}
}
+
PKCS12Serializable::PKCS12Serializable(const KeyShPtr &privKey, const CertificateShPtr &cert, const CertificateShPtrVector &chainCerts)
{
m_pkey = privKey;
{
// key
Key *keyPtr = getKey().get();
- bool isAnyKeyPresent = (getKey().get()!=NULL);
+ bool isAnyKeyPresent = (getKey().get() != NULL);
// logics if PKCS is correct or not is on the service side.
// sending number of keys and certificates to allow proper parsing on the service side.
// (what if no key or cert present? attempt to deserialize a not present key/cert would
// throw an error and close the connection).
Serialization::Serialize(stream, static_cast<size_t>(isAnyKeyPresent?1:0));
- if(keyPtr) {
+ if (keyPtr) {
Serialization::Serialize(stream, DataType(keyPtr->getType()));
Serialization::Serialize(stream, keyPtr->getDER());
}
- bool isAnyCertPresent = (getCertificate().get()!=NULL);
+ bool isAnyCertPresent = (getCertificate().get() != NULL);
Serialization::Serialize(stream, static_cast<size_t>(isAnyCertPresent?1:0));
- if(isAnyCertPresent) {
+ if (isAnyCertPresent)
Serialization::Serialize(stream, getCertificate().get()->getDER());
- }
// CA chain
Serialization::Serialize(stream, getCaCertificateShPtrVector().size());
- for(auto it : getCaCertificateShPtrVector())
+ for (auto it : getCaCertificateShPtrVector())
Serialization::Serialize(stream, it->getDER());
};
-CryptoAlgorithmSerializable::CryptoAlgorithmSerializable() {}
+CryptoAlgorithmSerializable::CryptoAlgorithmSerializable()
+{
+}
+
CryptoAlgorithmSerializable::CryptoAlgorithmSerializable(const CryptoAlgorithm &algo) :
- CryptoAlgorithm(algo)
+ CryptoAlgorithm(algo)
{
}
{
size_t plen = 0;
Deserializer<size_t>::Deserialize(stream, plen);
- while(plen) {
+ while (plen) {
ParamName name;
uint64_t integer;
RawBuffer buffer;
void CryptoAlgorithmSerializable::Serialize(IStream &stream) const
{
Serializer<size_t>::Serialize(stream, m_params.size());
- for(const auto& it : m_params) {
+ for (const auto& it : m_params) {
Serializer<int>::Serialize(stream, static_cast<int>(it.first));
uint64_t integer;
RawBuffer buffer;
else
ThrowMsg(UnsupportedParam, "Unsupported param type");
}
-
}
} // namespace CKM
struct COMMON_API PolicySerializable : public Policy, ISerializable {
PolicySerializable() {};
- explicit PolicySerializable(const Policy &policy) : Policy(policy) {}
- explicit PolicySerializable(IStream &stream) {
+ explicit PolicySerializable(const Policy &policy) : Policy(policy)
+ {
+ }
+
+ explicit PolicySerializable(IStream &stream)
+ {
Deserialization::Deserialize(stream, password);
Deserialization::Deserialize(stream, extractable);
}
- void Serialize(IStream &stream) const {
+
+ void Serialize(IStream &stream) const
+ {
Serialization::Serialize(stream, password);
Serialization::Serialize(stream, extractable);
}
class StringifyBasic<false> {
StringifyBasic() = delete;
public:
- static std::string Merge() {
+ static std::string Merge()
+ {
return std::string();
}
template <typename... Args>
- static std::string Merge(const Args&...){
+ static std::string Merge(const Args&...)
+ {
return std::string();
}
};
class StringifyBasic<true> {
StringifyBasic() = delete;
- static void Concatenate(std::ostringstream&) {}
+ static void Concatenate(std::ostringstream&)
+ {
+ }
template <typename t, typename... Args>
- static void Concatenate(std::ostringstream& stream, const t& arg1, const Args&... args) {
+ static void Concatenate(std::ostringstream& stream, const t& arg1, const Args&... args)
+ {
stream << arg1;
Concatenate(stream, args...);
}
+
public:
- static std::string Merge() {
+ static std::string Merge()
+ {
return std::string();
}
template <typename T, typename... Args>
- static std::string Merge(const T& arg1, const Args&... args) {
+ static std::string Merge(const T& arg1, const Args&... args)
+ {
std::ostringstream stream;
Concatenate(stream, arg1, args...);
return stream.str();
ParamName paramName)
{
T result;
- if (!alg.getParam(paramName, result)) {
+ if (!alg.getParam(paramName, result))
ThrowErr(Exc::Crypto::InputParam, "Wrong input param");
- }
+
return result;
}
template <T First>
struct Equals<First> {
public:
- static bool Check(const T& value) {
+ static bool Check(const T& value)
+ {
return First == value;
}
- static void Why(std::ostringstream& os) {
+
+ static void Why(std::ostringstream& os)
+ {
os << "doesn't match " << static_cast<int>(First);
}
};
template <T First, T ...Args>
struct Equals<First, Args...> : public Equals<First>, public Equals<Args...> {
public:
- static bool Check(const T& value) {
+ static bool Check(const T& value)
+ {
return Equals<First>::Check(value) || Equals<Args...>::Check(value);
}
- static void Why(std::ostringstream& os) {
+
+ static void Why(std::ostringstream& os)
+ {
Equals<First>::Why(os);
os << ", ";
Equals<Args...>::Why(os);
////////// ErrorHandlers //////////////
struct ThrowingHandler {
- static void Handle(std::string message) {
+ static void Handle(std::string message)
+ {
ThrowErr(Exc::Crypto::InputParam, message);
}
};
template <>
struct VBuilder<> {
-static ValidatorVector Build() {
+ static ValidatorVector Build()
+ {
return ValidatorVector();
}
};
template <typename First>
struct VBuilder<First> {
-static ValidatorVector Build() {
+ static ValidatorVector Build()
+ {
ValidatorVector validators;
Add(validators);
return validators;
}
protected:
- static void Add(ValidatorVector& validators) {
+ static void Add(ValidatorVector& validators)
+ {
validators.emplace_back(new First);
}
};
template <typename First, typename ...Args>
struct VBuilder<First, Args...> : public VBuilder<First>, public VBuilder<Args...> {
- static ValidatorVector Build() {
+ static ValidatorVector Build()
+ {
ValidatorVector validators;
Add(validators);
return validators;
}
+
protected:
- static void Add(ValidatorVector& validators) {
+ static void Add(ValidatorVector& validators)
+ {
VBuilder<First>::Add(validators);
VBuilder<Args...>::Add(validators);
}
typename Getter = DefaultGetter<Type>,
typename ErrorHandler = ThrowingHandler>
struct ParamCheck : public ParamCheckBase {
- void Check(const CryptoAlgorithm& ca) const {
+ void Check(const CryptoAlgorithm& ca) const
+ {
Type value;
std::ostringstream os;
// check existence
- if(!ca.getParam(Name,value)) {
+ if (!ca.getParam(Name, value)) {
if (Mandatory) {
os << "Mandatory parameter " << static_cast<int>(Name) << " doesn't exist";
ErrorHandler::Handle(os.str());
return;
}
// validate
- if(!Validator::Check(Getter::Get(value))) {
+ if (!Validator::Check(Getter::Get(value))) {
os << "The ";
Getter::What(os);
os << " of param '" << static_cast<int>(Name) << "'=";
class GObj {
protected:
- GObj(){}
+ GObj() {}
+
public:
- virtual RawBuffer getBinary() const {
+ virtual RawBuffer getBinary() const
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &) {
+ virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &) {
+ virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual RawBuffer sign(const CryptoAlgorithm &, const RawBuffer &) {
+ virtual RawBuffer sign(const CryptoAlgorithm &, const RawBuffer &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual int verify(const CryptoAlgorithm &, const RawBuffer &, const RawBuffer &) {
+ virtual int verify(const CryptoAlgorithm &, const RawBuffer &, const RawBuffer &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual ~GObj () {}
+ virtual ~GObj()
+ {
+ }
};
typedef std::unique_ptr<GObj> GObjUPtr;
class GStore {
public:
- virtual GObjUPtr getObject(const Token &, const Password &) {
+ virtual GObjUPtr getObject(const Token &, const Password &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &, const Password &) {
+ virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &, const Password &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual Token generateSKey(const CryptoAlgorithm &, const Password &) {
+ virtual Token generateSKey(const CryptoAlgorithm &, const Password &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual Token import(const Data &, const Password &) {
+ virtual Token import(const Data &, const Password &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &) {
+ virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
- virtual void destroy(const Token &) {
+ virtual void destroy(const Token &)
+ {
ThrowErr(Exc::Crypto::OperationNotSupported);
}
virtual ~GStore() {}
protected:
- explicit GStore(CryptoBackend backendId) : m_backendId(backendId) {}
+ explicit GStore(CryptoBackend backendId) :
+ m_backendId(backendId)
+ {
+ }
CryptoBackend m_backendId;
};
namespace Crypto {
namespace {
-CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encrypted) {
+CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encrypted)
+{
// Only software backend supports device encyption key
if (encrypted)
return CryptoBackend::OpenSSL;
Decider::Decider()
: m_swStore(new SW::Store(CryptoBackend::OpenSSL))
, m_tzStore(new TZ::Store(CryptoBackend::TrustZone))
-{}
+{
+}
-GStore& Decider::getStore(const Token &token) const {
+GStore& Decider::getStore(const Token &token) const
+{
return getStore(token.backendId);
};
-GStore& Decider::getStore(CryptoBackend cryptoBackend) const {
+GStore& Decider::getStore(CryptoBackend cryptoBackend) const
+{
GStore *gStore = NULL;
if (cryptoBackend == CryptoBackend::OpenSSL)
gStore = m_swStore.get();
"Backend not available. BackendId: ", (int)cryptoBackend);
}
-GStore& Decider::getStore(DataType data, bool exportable, bool encrypted) const {
+GStore& Decider::getStore(DataType data, bool exportable, bool encrypted) const
+{
return getStore(chooseCryptoBackend(data, exportable, encrypted));
}
GStore& getStore(const Token &token) const;
GStore& getStore(DataType data, bool exportable, bool encrypted = false) const;
- virtual ~Decider(){}
+ virtual ~Decider() {}
+
protected:
GStore& getStore(CryptoBackend id) const;
// Low level api.
// Allows various cipher specific parameters to be determined and set.
- int Control(int type, int arg, void *ptr) {
+ int Control(int type, int arg, void *ptr)
+ {
return EVP_CIPHER_CTX_ctrl(m_ctx, type, arg, ptr);
}
virtual void AppendAAD(const T&) = 0;
virtual T Append(const T&) = 0;
virtual T Finalize() = 0;
- virtual ~Base(){
+ virtual ~Base()
+ {
EVP_CIPHER_CTX_free(m_ctx);
}
+
protected:
EVP_CIPHER_CTX *m_ctx;
};
EvpCipherWrapper(const EVP_CIPHER *type, const T &key, const T &iv, bool encryption)
{
- if (static_cast<int>(key.size()) != EVP_CIPHER_key_length(type)) {
- ThrowErr(Exc::Crypto::InternalError, "Wrong key size! Expected: ", EVP_CIPHER_key_length(type) ," Get: ", key.size());
- }
+ if (static_cast<int>(key.size()) != EVP_CIPHER_key_length(type))
+ ThrowErr(Exc::Crypto::InternalError, "Wrong key size! Expected: ", EVP_CIPHER_key_length(type), " Get: ", key.size());
- if (static_cast<int>(iv.size()) < EVP_CIPHER_iv_length(type)) {
- ThrowErr(Exc::Crypto::InternalError, "Wrong iv size! Expected: ", EVP_CIPHER_iv_length(type) , " Get: ", iv.size());
- }
+ if (static_cast<int>(iv.size()) < EVP_CIPHER_iv_length(type))
+ ThrowErr(Exc::Crypto::InternalError, "Wrong iv size! Expected: ", EVP_CIPHER_iv_length(type), " Get: ", iv.size());
- if (1 != EVP_CipherInit_ex(m_ctx, type, NULL, key.data(), iv.data(), encryption ? 1 : 0)) {
+ if (1 != EVP_CipherInit_ex(m_ctx, type, NULL, key.data(), iv.data(), encryption ? 1 : 0))
ThrowErr(Exc::Crypto::InternalError, "Failed in EVP_CipherInit");
- }
EVP_CIPHER_CTX_set_padding(m_ctx, 1);
}
- void AppendAAD(const T& data) {
+ void AppendAAD(const T& data)
+ {
static_assert(sizeof(typename T::value_type) == 1, "Unsupported type inside container.");
int bytesLen;
- if (1 != EVP_CipherUpdate(m_ctx, NULL, &bytesLen, data.data(), data.size())) {
+ if (1 != EVP_CipherUpdate(m_ctx, NULL, &bytesLen, data.data(), data.size()))
ThrowErr(Exc::Crypto::InternalError, "AppendAAD(): Failed in EVP_CipherUpdate");
- }
}
- T Append(const T& data) {
+ T Append(const T& data)
+ {
static_assert(sizeof(typename T::value_type) == 1, "Unsupported type inside container.");
int bytesLen = static_cast<int>(data.size() + EVP_CIPHER_CTX_block_size(m_ctx));
T output(bytesLen);
- if (1 != EVP_CipherUpdate(m_ctx, output.data(), &bytesLen, data.data(), data.size())) {
+ if (1 != EVP_CipherUpdate(m_ctx, output.data(), &bytesLen, data.data(), data.size()))
ThrowErr(Exc::Crypto::InternalError, "Append(): Failed in EVP_CipherUpdate");
- }
+
output.resize(bytesLen);
return output;
}
- T Finalize() {
+ T Finalize()
+ {
int bytesLen = EVP_CIPHER_CTX_block_size(m_ctx);
T output(bytesLen);
- if (1 != EVP_CipherFinal_ex(m_ctx, output.data(), &bytesLen)) {
+ if (1 != EVP_CipherFinal_ex(m_ctx, output.data(), &bytesLen))
ThrowErr(Exc::Crypto::InternalError, "Failed in EVP_CipherFinal");
- }
+
output.resize(bytesLen);
return output;
}
const size_t DEFAULT_AES_GCM_TAG_LEN = 128; // tag length in bits according to W3C Crypto API
const size_t DEFAULT_AES_IV_LEN = 16; // default iv size in bytes for AES
-RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) {
+RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey)
+{
BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- if (NULL == pkey) {
+ if (NULL == pkey)
ThrowErr(Exc::Crypto::InternalError, "attempt to parse an empty key!");
- }
- if (NULL == bio.get()) {
+ if (NULL == bio.get())
ThrowErr(Exc::Crypto::InternalError, "Error in memory allocation! Function: BIO_new.");
- }
- if (1 != fun(bio.get(), pkey)) {
+ if (1 != fun(bio.get(), pkey))
ThrowErr(Exc::Crypto::InternalError, "Error in conversion EVP_PKEY to DER");
- }
RawBuffer output(8196);
int size = BIO_read(bio.get(), output.data(), output.size());
- if (size <= 0) {
+ if (size <= 0)
ThrowErr(Exc::Crypto::InternalError, "Error in BIO_read: ", size);
- }
output.resize(size);
return output;
ElipticCurve::secp384r1>> EcdsaEcCheck;
typedef std::map<AlgoType, ValidatorVector> ValidatorMap;
-ValidatorMap initValidators() {
+ValidatorMap initValidators()
+{
ValidatorMap validators;
validators.emplace(AlgoType::RSA_SV, VBuilder<HashAlgoCheck, RsaPaddingCheck>::Build());
validators.emplace(AlgoType::RSA_SV, VBuilder<HashAlgoCheck, RsaPaddingCheck>::Build());
validators.emplace(AlgoType::RSA_OAEP, VBuilder<RsaLabelCheck>::Build());
return validators;
};
+
ValidatorMap g_validators = initValidators();
template <typename TypeCheck>
AlgoType at = unpack<AlgoType>(ca, ParamName::ALGO_TYPE);
try {
- for(const auto& validator : g_validators.at(at))
+ for (const auto& validator : g_validators.at(at))
validator->Check(ca);
- } catch(const std::out_of_range&) {
+ } catch (const std::out_of_range&) {
ThrowErr(Exc::Crypto::InputParam, "Unsupported algorithm ", static_cast<int>(at));
}
}
} // anonymous namespace
-const EVP_MD *getMdAlgo(const HashAlgorithm hashAlgo) {
- const EVP_MD *md_algo=NULL;
- switch(hashAlgo) {
+const EVP_MD *getMdAlgo(const HashAlgorithm hashAlgo)
+{
+ const EVP_MD *md_algo = NULL;
+ switch (hashAlgo) {
case HashAlgorithm::NONE:
md_algo = NULL;
break;
return md_algo;
}
-int getRsaPadding(const RSAPaddingAlgorithm padAlgo) {
+int getRsaPadding(const RSAPaddingAlgorithm padAlgo)
+{
int rsa_padding = -1;
- switch(padAlgo) {
+ switch (padAlgo) {
case RSAPaddingAlgorithm::NONE:
rsa_padding = RSA_NO_PADDING;
break;
EvpPkeyUPtr pkey;
// check the parameters of functions
- if(size!=1024 && size!=2048 && size!=4096) {
+ if (size != 1024 && size != 2048 && size != 4096)
ThrowErr(Exc::Crypto::InputParam, "Error in RSA input size");
- }
EvpPkeyCtxUPtr ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL), EVP_PKEY_CTX_free);
- if(!ctx) {
+ if (!ctx)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new_id function !!");
- }
- if(EVP_PKEY_keygen_init(ctx.get()) <= 0) {
+ if (EVP_PKEY_keygen_init(ctx.get()) <= 0)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen_init function !!");
- }
- if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx.get(), size) <= 0) {
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx.get(), size) <= 0)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
- }
EVP_PKEY *pkeyTmp = NULL;
- if(!EVP_PKEY_keygen(ctx.get(), &pkeyTmp)) {
+ if (!EVP_PKEY_keygen(ctx.get(), &pkeyTmp))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen function !!");
- }
pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free);
return std::make_pair<Data, Data>(
EvpPkeyUPtr pparam;
// check the parameters of functions
- if(size!=1024 && size!=2048 && size!=3072 && size!=4096) {
+ if (size != 1024 && size != 2048 && size != 3072 && size != 4096)
ThrowErr(Exc::Crypto::InputParam, "Error in DSA input size");
- }
/* Create the context for generating the parameters */
EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL), EVP_PKEY_CTX_free);
- if(!pctx) {
+ if (!pctx)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new_id function");
- }
- if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) {
+ if (EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get()))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_paramgen_init function");
- }
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx.get(), size)) {
+ if (EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx.get(), size))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(", size, ") function");
- }
/* Generate parameters */
EVP_PKEY *pparamTmp = NULL;
- if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) {
+ if (EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_paramgen function");
- }
+
pparam = EvpPkeyUPtr(pparamTmp, EVP_PKEY_free);
// Start to generate key
EvpPkeyCtxUPtr kctx(EVP_PKEY_CTX_new(pparam.get(), NULL), EVP_PKEY_CTX_free);
- if(!kctx) {
+ if (!kctx)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function");
- }
- if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) {
+ if (EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get()))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen_init function");
- }
/* Generate the key */
EVP_PKEY *pkeyTmp = NULL;
- if(!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) {
+ if (!EVP_PKEY_keygen(kctx.get(), &pkeyTmp))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen function !!");
- }
+
pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free);
return std::make_pair<Data, Data>(
EvpPkeyUPtr pkey;
EvpPkeyUPtr pparam;
- switch(type) {
+ switch (type) {
case ElipticCurve::prime192v1:
ecCurve = NID_X9_62_prime192v1;
break;
/* Create the context for generating the parameters */
EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL), EVP_PKEY_CTX_free);
- if(!pctx) {
+ if (!pctx)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new_id function");
- }
- if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) {
+ if (EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get()))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_paramgen_init function");
- }
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx.get(), ecCurve)) {
+ if (EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx.get(), ecCurve))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
- }
/* Generate parameters */
EVP_PKEY *pparamTmp = NULL;
- if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) {
+ if (EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_paramgen function");
- }
+
pparam = EvpPkeyUPtr(pparamTmp, EVP_PKEY_free);
// Start to generate key
EvpPkeyCtxUPtr kctx(EVP_PKEY_CTX_new(pparam.get(), NULL), EVP_PKEY_CTX_free);
- if(!kctx) {
+ if (!kctx)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function");
- }
- if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) {
+ if (EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get()))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen_init function");
- }
/* Generate the key */
EVP_PKEY *pkeyTmp = NULL;
- if(!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) {
+ if (!EVP_PKEY_keygen(kctx.get(), &pkeyTmp))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen function !!");
- }
+
pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free);
return std::make_pair<Data, Data>(
Data createKeyAES(const int sizeBits)
{
// check the parameters of functions
- if(sizeBits!=128 && sizeBits!=192 && sizeBits!=256) {
+ if (sizeBits != 128 && sizeBits != 192 && sizeBits != 256) {
LogError("Error in AES input size");
ThrowMsg(Exc::Crypto::InputParam, "Error in AES input size");
}
validateParams<IsAsymGeneration>(algorithm);
AlgoType keyType = unpack<AlgoType>(algorithm, ParamName::ALGO_TYPE);
- if(keyType == AlgoType::RSA_GEN || keyType == AlgoType::DSA_GEN)
- {
+ if (keyType == AlgoType::RSA_GEN || keyType == AlgoType::DSA_GEN) {
int keyLength = unpack<int>(algorithm, ParamName::GEN_KEY_LEN);
- if(keyType == AlgoType::RSA_GEN)
+ if (keyType == AlgoType::RSA_GEN)
return createKeyPairRSA(keyLength);
else
return createKeyPairDSA(keyLength);
- }
- else // AlgoType::ECDSA_GEN
- {
+ } else { // AlgoType::ECDSA_GEN
ElipticCurve ecType = unpack<ElipticCurve>(algorithm, ParamName::GEN_EC);
return createKeyPairECDSA(ecType);
}
RawBuffer result = enc->Append(data);
RawBuffer tmp = enc->Finalize();
std::copy(tmp.begin(), tmp.end(), std::back_inserter(result));
- if (0 == enc->Control(EVP_CTRL_GCM_GET_TAG, tagSize, tag.data())) {
+ if (0 == enc->Control(EVP_CTRL_GCM_GET_TAG, tagSize, tag.data()))
ThrowErr(Exc::Crypto::InternalError, "Error in AES control function. Get tag failed.");
- }
+
return std::make_pair(result, tag);
}
EvpCipherPtr dec;
selectCipher(AlgoType::AES_GCM, key.size(), false)(dec, key, iv);
void *ptr = (void*)tag.data();
- if (0 == dec->Control(EVP_CTRL_GCM_SET_TAG, tag.size(), ptr)) {
- ThrowErr(Exc::Crypto::InternalError,
- "Error in AES control function. Set tag failed.");
- }
+ if (0 == dec->Control(EVP_CTRL_GCM_SET_TAG, tag.size(), ptr))
+ ThrowErr(Exc::Crypto::InternalError, "Error in AES control function. Set tag failed.");
+
if (!aad.empty())
dec->AppendAAD(aad);
validateParams<IsSymEncryption>(alg);
AlgoType keyType = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
- switch(keyType)
+ switch (keyType) {
+ case AlgoType::AES_CBC:
+ case AlgoType::AES_CTR:
+ case AlgoType::AES_CFB:
+ return encryptDataAes(keyType, key, data, unpack<RawBuffer>(alg, ParamName::ED_IV));
+ case AlgoType::AES_GCM:
{
- case AlgoType::AES_CBC:
- case AlgoType::AES_CTR:
- case AlgoType::AES_CFB:
- return encryptDataAes(keyType, key, data, unpack<RawBuffer>(alg, ParamName::ED_IV));
- case AlgoType::AES_GCM:
- {
- int tagLenBits = DEFAULT_AES_GCM_TAG_LEN;
- alg.getParam(ParamName::ED_TAG_LEN, tagLenBits);
- RawBuffer aad;
- alg.getParam(ParamName::ED_AAD, aad);
- return encryptDataAesGcmPacked(key,
- data,
- unpack<RawBuffer>(alg, ParamName::ED_IV),
- tagLenBits/8,
- aad);
- }
- default:
- break;
+ int tagLenBits = DEFAULT_AES_GCM_TAG_LEN;
+ alg.getParam(ParamName::ED_TAG_LEN, tagLenBits);
+ RawBuffer aad;
+ alg.getParam(ParamName::ED_AAD, aad);
+ return encryptDataAesGcmPacked(key,
+ data,
+ unpack<RawBuffer>(alg, ParamName::ED_IV),
+ tagLenBits/8,
+ aad);
+ }
+ default:
+ break;
}
ThrowErr(Exc::Crypto::OperationNotSupported, "symmetric enc: algorithm not recognized");
}
validateParams<IsSymEncryption>(alg);
AlgoType keyType = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
- switch(keyType)
+ switch (keyType) {
+ case AlgoType::AES_CBC:
+ case AlgoType::AES_CTR:
+ case AlgoType::AES_CFB:
+ return decryptDataAes(keyType, key, data, unpack<RawBuffer>(alg, ParamName::ED_IV));
+ case AlgoType::AES_GCM:
{
- case AlgoType::AES_CBC:
- case AlgoType::AES_CTR:
- case AlgoType::AES_CFB:
- return decryptDataAes(keyType, key, data, unpack<RawBuffer>(alg, ParamName::ED_IV));
- case AlgoType::AES_GCM:
- {
- int tagLenBits = DEFAULT_AES_GCM_TAG_LEN;
- alg.getParam(ParamName::ED_TAG_LEN, tagLenBits);
- RawBuffer aad;
- alg.getParam(ParamName::ED_AAD, aad);
- return decryptDataAesGcmPacked(key,
- data,
- unpack<RawBuffer>(alg, ParamName::ED_IV),
- tagLenBits/8,
- aad);
- }
- default:
- break;
+ int tagLenBits = DEFAULT_AES_GCM_TAG_LEN;
+ alg.getParam(ParamName::ED_TAG_LEN, tagLenBits);
+ RawBuffer aad;
+ alg.getParam(ParamName::ED_AAD, aad);
+ return decryptDataAesGcmPacked(key,
+ data,
+ unpack<RawBuffer>(alg, ParamName::ED_IV),
+ tagLenBits/8,
+ aad);
+ }
+ default:
+ break;
}
ThrowErr(Exc::Crypto::InputParam, "symmetric dec: algorithm not recognized");
}
int rsa_padding = getRsaPadding(rsaPad);
//
-// if((privateKey.getType() != KeyType::KEY_RSA_PRIVATE) &&
+// if ((privateKey.getType() != KeyType::KEY_RSA_PRIVATE) &&
// (privateKey.getType() != KeyType::KEY_DSA_PRIVATE) &&
// (privateKey.getType() != KeyType::KEY_ECDSA_PRIVATE))
// {
// ThrowErr(CryptoService::Exception::Crypto_internal, "Error in private key type");
// }
//
-// if(privateKey.getType()==KeyType::KEY_RSA_PRIVATE) {
+// if (privateKey.getType()==KeyType::KEY_RSA_PRIVATE) {
// rsa_padding = getRsaPadding(padAlgo);
// }
- if (NULL == pkey) {
+ if (NULL == pkey)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen function");
- }
- if(md_algo == NULL) {
+ if (md_algo == NULL)
return signMessage(pkey, message, rsa_padding);
- }
- return digestSignMessage(pkey,message, md_algo, rsa_padding);
+ return digestSignMessage(pkey, message, md_algo, rsa_padding);
}
RawBuffer signMessage(EVP_PKEY *privKey,
{
EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(privKey, NULL), EVP_PKEY_CTX_free);
- if(!pctx.get()) {
+ if (!pctx.get())
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function");
- }
- if(EVP_PKEY_sign_init(pctx.get()) != EVP_SUCCESS) {
+ if (EVP_PKEY_sign_init(pctx.get()) != EVP_SUCCESS)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_sign_init function");
- }
/* Set padding algorithm */
- if(EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) {
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) {
+ if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA)
+ if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding))
ThrowErr(Exc::Crypto::InternalError,
"Error in EVP_PKEY_CTX_set_rsa_padding function");
- }
- }
/* Finalize the Sign operation */
/* First call EVP_PKEY_sign with a NULL sig parameter to obtain the length of the
* signature. Length is returned in slen */
size_t slen;
- if(EVP_SUCCESS != EVP_PKEY_sign(pctx.get(), NULL, &slen, message.data(), message.size())) {
+ if (EVP_SUCCESS != EVP_PKEY_sign(pctx.get(), NULL, &slen, message.data(), message.size()))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_sign function");
- }
/* Allocate memory for the signature based on size in slen */
RawBuffer sig(slen);
- if(EVP_SUCCESS == EVP_PKEY_sign(pctx.get(),
+ if (EVP_SUCCESS == EVP_PKEY_sign(pctx.get(),
sig.data(),
&slen,
message.data(),
- message.size()))
- {
+ message.size())) {
// Set value to return RawData
sig.resize(slen);
return sig;
EVP_PKEY_CTX *pctx = NULL;
// Create the Message Digest Context
- if(!mdctx.get()) {
+ if (!mdctx.get())
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_MD_CTX_create function");
- }
- if(EVP_SUCCESS != EVP_DigestSignInit(mdctx.get(), &pctx, md_algo, NULL, privKey)) {
+ if (EVP_SUCCESS != EVP_DigestSignInit(mdctx.get(), &pctx, md_algo, NULL, privKey))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestSignInit function");
- }
/* Set padding algorithm */
- if(EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) {
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
+ if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA)
+ if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
- }
- }
/* Call update with the message */
- if(EVP_SUCCESS != EVP_DigestSignUpdate(mdctx.get(), message.data(), message.size())) {
+ if (EVP_SUCCESS != EVP_DigestSignUpdate(mdctx.get(), message.data(), message.size()))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestSignUpdate function");
- }
/* Finalize the DigestSign operation */
/* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the
* signature. Length is returned in slen */
size_t slen;
- if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx.get(), NULL, &slen)) {
+ if (EVP_SUCCESS != EVP_DigestSignFinal(mdctx.get(), NULL, &slen))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestSignFinal function");
- }
/* Allocate memory for the signature based on size in slen */
RawBuffer sig(slen);
/* Obtain the signature */
- if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx.get(), sig.data(), &slen)) {
+ if (EVP_SUCCESS != EVP_DigestSignFinal(mdctx.get(), sig.data(), &slen))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestSignFinal function");
- }
// Set value to return RawData
sig.resize(slen);
rsa_padding = getRsaPadding(rsaPad);
//
-// if((publicKey.getType() != KeyType::KEY_RSA_PUBLIC) &&
+// if ((publicKey.getType() != KeyType::KEY_RSA_PUBLIC) &&
// (publicKey.getType() != KeyType::KEY_DSA_PUBLIC) &&
// (publicKey.getType() != KeyType::KEY_ECDSA_PUBLIC))
// {
// ThrowErr(CryptoService::Exception::Crypto_internal, "Error in private key type");
// }
//
-// if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
+// if (publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
// rsa_padding = getRsaPadding(padAlgo);
// }
// auto shrPKey = publicKey.getEvpShPtr();
- if (NULL == pkey) {
+ if (NULL == pkey)
ThrowErr(Exc::Crypto::InternalError, "Error in getEvpShPtr function");
- }
- if (md_algo == NULL) {
+ if (md_algo == NULL)
return verifyMessage(pkey, message, signature, rsa_padding);
- }
return digestVerifyMessage(pkey, message, signature, md_algo, rsa_padding);
}
{
EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(pubKey, NULL), EVP_PKEY_CTX_free);
- if(!pctx.get()) {
+ if (!pctx.get())
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function");
- }
- if(EVP_PKEY_verify_init(pctx.get()) != EVP_SUCCESS) {
+ if (EVP_PKEY_verify_init(pctx.get()) != EVP_SUCCESS)
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_verify_init function");
- }
/* Set padding algorithm */
- if(EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) {
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) {
+ if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA)
+ if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
- }
- }
- if(EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), signature.size(), message.data(), message.size())) {
+ if (EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), signature.size(), message.data(), message.size()))
return CKM_API_SUCCESS;
- }
LogError("EVP_PKEY_verify Failed");
return CKM_API_ERROR_VERIFICATION_FAILED;
EVP_PKEY_CTX *pctx = NULL;
/* Create the Message Digest Context */
- if(!mdctx.get()) {
+ if (!mdctx.get())
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_MD_CTX_create function");
- }
- if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx.get(), &pctx, md_algo, NULL, pubKey)) {
+ if (EVP_SUCCESS != EVP_DigestVerifyInit(mdctx.get(), &pctx, md_algo, NULL, pubKey))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestVerifyInit function");
- }
- if(EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) {
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
+ if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA)
+ if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
- }
- }
- if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), message.size()) ) {
+ if (EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), message.size()))
ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestVerifyUpdate function");
- }
- if(EVP_SUCCESS == EVP_DigestVerifyFinal(mdctx.get(), const_cast<unsigned char*>(signature.data()), signature.size()) ) {
+ if (EVP_SUCCESS == EVP_DigestVerifyFinal(mdctx.get(), const_cast<unsigned char*>(signature.data()), signature.size()))
return CKM_API_SUCCESS;
- }
LogError("EVP_PKEY_verify Failed");
return CKM_API_ERROR_VERIFICATION_FAILED;
{
if (dataType.isSKey()) {
switch (buffer.size()) {
- default:
- LogError("AES key have wrong size.");
- return false;
- case 128:
- case 192:
- case 256:
- LogDebug("AES key verified.");
- return true;
+ case 128:
+ case 192:
+ case 256:
+ LogDebug("AES key verified.");
+ return true;
+ default:
+ LogError("AES key have wrong size.");
+ return false;
}
}
return false;
}
- if (dataType.isCertificate() || dataType.isChainCert())
- {
+ if (dataType.isCertificate() || dataType.isChainCert()) {
const unsigned char *ptr = reinterpret_cast<const unsigned char*>(buffer.data());
int size = static_cast<int>(buffer.size());
X509 *x509 = d2i_X509(NULL, &ptr, size);
#include <openssl/evp.h>
#include <sw-backend/obj.h>
-#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
-#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
+#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
+#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
#define CKM_CRYPTO_INIT_SUCCESS 1
#define CKM_CRYPTO_CREATEKEY_SUCCESS 2
RawBuffer buffer;
};
-typedef std::pair<Data,Data> DataPair;
+typedef std::pair<Data, Data> DataPair;
DataPair createKeyPairRSA(const int size);
DataPair createKeyPairDSA(const int size);
DataPair generateAKey(const CryptoAlgorithm &algorithm);
Data generateSKey(const CryptoAlgorithm &algorithm);
-RawBuffer symmetricEncrypt(const RawBuffer &key,
- const CryptoAlgorithm &alg,
- const RawBuffer &data);
-RawBuffer symmetricDecrypt(const RawBuffer &key,
- const CryptoAlgorithm &alg,
- const RawBuffer &cipher);
-RawBuffer asymmetricEncrypt(const EvpShPtr &key,
- const CryptoAlgorithm &alg,
- const RawBuffer &data);
-RawBuffer asymmetricDecrypt(const EvpShPtr &key,
- const CryptoAlgorithm &alg,
- const RawBuffer &data);
-
-std::pair<RawBuffer, RawBuffer> encryptDataAesGcm(const RawBuffer &key,
+RawBuffer symmetricEncrypt(
+ const RawBuffer &key,
+ const CryptoAlgorithm &alg,
+ const RawBuffer &data);
+RawBuffer symmetricDecrypt(
+ const RawBuffer &key,
+ const CryptoAlgorithm &alg,
+ const RawBuffer &cipher);
+RawBuffer asymmetricEncrypt(
+ const EvpShPtr &key,
+ const CryptoAlgorithm &alg,
+ const RawBuffer &data);
+RawBuffer asymmetricDecrypt(
+ const EvpShPtr &key,
+ const CryptoAlgorithm &alg,
+ const RawBuffer &data);
+
+std::pair<RawBuffer, RawBuffer> encryptDataAesGcm(
+ const RawBuffer &key,
const RawBuffer &data,
const RawBuffer &iv,
int tagSize,
const RawBuffer &aad = RawBuffer());
-RawBuffer decryptDataAesGcm(const RawBuffer &key,
+RawBuffer decryptDataAesGcm(
+ const RawBuffer &key,
const RawBuffer &data,
const RawBuffer &iv,
const RawBuffer &tag,
#include <sw-backend/obj.h>
#include <sw-backend/internals.h>
-#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
-#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
+#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
+#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
namespace CKM {
namespace Crypto {
namespace {
-AlgoType key2algo(DataType type) {
- switch(static_cast<int>(type)) {
+AlgoType key2algo(DataType type)
+{
+ switch (static_cast<int>(type)) {
case DataType::Type::KEY_RSA_PRIVATE:
case DataType::Type::KEY_RSA_PUBLIC:
return AlgoType::RSA_SV;
return Internals::sign(getEvpShPtr().get(), algWithType, message);
}
-int AKey::verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign) {
+int AKey::verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign)
+{
CryptoAlgorithm algWithType(alg);
EVP_PKEY* evp = getEvpShPtr().get();
AlgoType type;
// setup algorithm type basing on evp key type if it doesn't exist
- if(!algWithType.getParam(ParamName::ALGO_TYPE, type)) {
+ if (!algWithType.getParam(ParamName::ALGO_TYPE, type)) {
int subType = EVP_PKEY_type(evp->type);
- switch(subType) {
+ switch (subType) {
case EVP_PKEY_RSA:
type = AlgoType::RSA_SV; break;
case EVP_PKEY_DSA:
return Internals::asymmetricDecrypt(getEvpShPtr(), alg, data);
}
-EvpShPtr AKey::getEvpShPtr() {
+EvpShPtr AKey::getEvpShPtr()
+{
if (m_evp)
return m_evp;
LogDebug("Trying d2i_PUBKEY_bio Status: " << (void*)pkey);
}
- if (!pkey) {
+ if (!pkey)
ThrowErr(Exc::Crypto::InternalError, "Failed to parse key");
- }
m_evp.reset(pkey, EVP_PKEY_free);
return m_evp;
}
-EvpShPtr Cert::getEvpShPtr() {
+EvpShPtr Cert::getEvpShPtr()
+{
if (m_evp)
return m_evp;
X509 *x509 = d2i_X509(NULL, &ptr, size);
- if (!x509) {
+ if (!x509)
ThrowErr(Exc::Crypto::InternalError, "Failed to parse certificate.");
- }
m_evp.reset(X509_get_pubkey(x509), EVP_PKEY_free);
X509_free(x509);
} // namespace SW
} // namespace Crypto
} // namespace CKM
-
namespace Crypto {
namespace SW {
-typedef std::unique_ptr<EVP_PKEY_CTX,std::function<void(EVP_PKEY_CTX*)>> ContextUPtr;
+typedef std::unique_ptr<EVP_PKEY_CTX, std::function<void(EVP_PKEY_CTX*)>> ContextUPtr;
typedef std::shared_ptr<EVP_PKEY> EvpShPtr;
class BData : public GObj {
BData(RawBuffer buffer, DataType keyType)
: m_raw(std::move(buffer))
, m_type(keyType)
- {}
+ {
+ }
virtual RawBuffer getBinary() const { return m_raw; }
protected:
class SKey : public BData {
public:
SKey(RawBuffer buffer, DataType keyType) : BData(std::move(buffer), keyType)
- {}
+ {
+ }
virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &);
virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &);
class AKey : public BData {
public:
AKey(RawBuffer buffer, DataType dataType) : BData(std::move(buffer), dataType)
- {}
+ {
+ }
virtual RawBuffer sign(const CryptoAlgorithm &alg, const RawBuffer &message);
virtual int verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign);
virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &);
virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &);
- virtual ~AKey(){}
+ virtual ~AKey() {}
+
protected:
virtual EvpShPtr getEvpShPtr();
public:
Cert(RawBuffer buffer, DataType dataType)
: AKey(std::move(buffer), dataType)
- {}
- virtual ~Cert(){}
+ {
+ }
+ virtual ~Cert() {}
protected:
virtual EvpShPtr getEvpShPtr();
};
};
template <typename T, typename ...Args>
-std::unique_ptr<T> make_unique(Args&& ...args) {
+std::unique_ptr<T> make_unique(Args&& ...args)
+{
return std::unique_ptr<T>(new T(std::forward<Args>(args)...));
}
-RawBuffer generateRandIV() {
+RawBuffer generateRandIV()
+{
RawBuffer civ(EVP_MAX_IV_LENGTH);
if (1 != RAND_bytes(civ.data(), civ.size()))
ITERATIONS,
result.size(),
result.data()))
- {
ThrowErr(Exc::InternalError, "PCKS5_PKKDF2_HMAC_SHA1 failed.");
- }
return result;
}
// get the device key if present
InitialValues::SWKeyFile keyFile(DEVICE_KEY_SW_FILE);
int rc = keyFile.Validate(DEVICE_KEY_XSD);
- if(rc == XML::Parser::PARSE_SUCCESS)
- {
+ if (rc == XML::Parser::PARSE_SUCCESS) {
rc = keyFile.Parse();
- if(rc == XML::Parser::PARSE_SUCCESS)
+ if (rc == XML::Parser::PARSE_SUCCESS)
m_deviceKey = keyFile.getPrivKey();
else
- {
// do nothing, bypass encrypted elements
LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", parsing code: " << rc);
- }
- }
- else
+ } else {
LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", validation code: " << rc);
+ }
}
-GObjUPtr Store::getObject(const Token &token, const Password &pass) {
- if (token.backendId != m_backendId) {
+GObjUPtr Store::getObject(const Token &token, const Password &pass)
+{
+ if (token.backendId != m_backendId)
ThrowErr(Exc::Crypto::WrongBackend, "Decider choose wrong backend!");
- }
RawBuffer data = unpack(token.data, pass);
- if (token.dataType.isKeyPrivate() || token.dataType.isKeyPublic()) {
+ if (token.dataType.isKeyPrivate() || token.dataType.isKeyPublic())
return make_unique<AKey>(data, token.dataType);
- }
- if (token.dataType == DataType(DataType::KEY_AES)) {
+ if (token.dataType == DataType(DataType::KEY_AES))
return make_unique<SKey>(data, token.dataType);
- }
- if (token.dataType.isCertificate() || token.dataType.isChainCert()) {
+ if (token.dataType.isCertificate() || token.dataType.isChainCert())
return make_unique<Cert>(data, token.dataType);
- }
- if (token.dataType.isBinaryData()) {
+ if (token.dataType.isBinaryData())
return make_unique<BData>(data, token.dataType);
- }
ThrowErr(Exc::Crypto::DataTypeNotSupported,
"This type of data is not supported by openssl backend: ", (int)token.dataType);
const Password &pubPass)
{
Internals::DataPair ret = Internals::generateAKey(algorithm);
- return std::make_pair<Token,Token>(
+ return std::make_pair<Token, Token>(
Token(m_backendId, ret.first.type, pack(ret.first.buffer, prvPass)),
Token(m_backendId, ret.second.type, pack(ret.second.buffer, pubPass)));
}
return Token(m_backendId, ret.type, pack(ret.buffer, pass));
}
-Token Store::import(const Data &data, const Password &pass) {
+Token Store::import(const Data &data, const Password &pass)
+{
return Token(m_backendId, data.type, pack(data.data, pass));
}
-Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc) {
- if(!m_deviceKey)
+Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc)
+{
+ if (!m_deviceKey)
ThrowErr(Exc::Crypto::InternalError, "No device key present");
// decrypt the AES key using device key
virtual Token generateSKey(const CryptoAlgorithm &, const Password &);
virtual Token import(const Data &data, const Password &);
virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &);
- virtual void destroy(const Token &){}
+ virtual void destroy(const Token &) {}
private:
Crypto::GObjShPtr m_deviceKey;
class SKey : public GObj {
public:
- SKey(){}
- virtual ~SKey(){}
+ SKey() {}
+ virtual ~SKey() {}
+
protected:
};
class AKey : public GObj {
public:
- AKey(){}
- virtual ~AKey(){}
+ AKey() {}
+ virtual ~AKey() {}
+
protected:
};
namespace Crypto {
namespace TZ {
-Store::Store(CryptoBackend backendId)
- : GStore(backendId)
-{}
+Store::Store(CryptoBackend backendId) :
+ GStore(backendId)
+{
+}
-GObjUPtr Store::getObject(const Token &, const Password &) {
+GObjUPtr Store::getObject(const Token &, const Password &)
+{
ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!");
}
-TokenPair Store::generateAKey(const CryptoAlgorithm &, const Password &, const Password &) {
+TokenPair Store::generateAKey(const CryptoAlgorithm &, const Password &, const Password &)
+{
ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!");
}
-Token Store::import(const Data &, const Password &) {
+Token Store::import(const Data &, const Password &)
+{
ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!");
}
-Token Store::importEncrypted(const Data &, const Password &, const DataEncryption &) {
+Token Store::importEncrypted(const Data &, const Password &, const DataEncryption &)
+{
ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!");
}
*
* @todo Add optimized implementation for FlattenConsume
*/
-class COMMON_API BinaryQueue
+class COMMON_API BinaryQueue {
// : public AbstractInputOutput
-{
- public:
- class Exception
- {
- public:
+public:
+ class Exception {
+ public:
DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, OutOfData)
};
size_t bufferSize,
void *userParam);
- class BucketVisitor
- {
- public:
+ class BucketVisitor {
+ public:
/**
* Destructor
*/
virtual void OnVisitBucket(const void *buffer, size_t bufferSize) = 0;
};
- private:
- struct Bucket
- {
+private:
+ struct Bucket {
NONCOPYABLE(Bucket);
const void *buffer;
static void DeleteBucket(Bucket *bucket);
- class BucketVisitorCall
- {
- private:
+ class BucketVisitorCall {
+ private:
BucketVisitor *m_visitor;
- public:
+ public:
BucketVisitorCall(BucketVisitor *visitor);
virtual ~BucketVisitorCall();
static void AddRef(Exception* exception)
{
- if (!m_exceptionCount) {
+ if (!m_exceptionCount)
m_terminateHandler = std::set_terminate(&TerminateHandler);
- }
++m_exceptionCount;
m_lastException = exception;
static void UnRef(Exception* e)
{
- if (m_lastException == e) {
+ if (m_lastException == e)
m_lastException = NULL;
- }
--m_exceptionCount;
Exception(const Exception &other)
{
// Deep copy
- if (other.m_reason != NULL) {
+ if (other.m_reason != NULL)
m_reason = new Exception(*other.m_reason);
- } else {
+ else
m_reason = NULL;
- }
m_message = other.m_message;
m_path = other.m_path;
const Exception &operator =(const Exception &other)
{
- if (this == &other) {
+ if (this == &other)
return *this;
- }
// Deep copy
- if (other.m_reason != NULL) {
+ if (other.m_reason != NULL)
m_reason = new Exception(*other.m_reason);
- } else {
+ else
m_reason = NULL;
- }
m_message = other.m_message;
m_path = other.m_path;
void Dump() const
{
// Show reason first
- if (m_reason != NULL) {
+ if (m_reason != NULL)
m_reason->Dump();
- }
// Afterward, dump exception
const char *file = strchr(m_path.c_str(), '/');
- if (file == NULL) {
+ if (file == NULL)
file = m_path.c_str();
- } else {
+ else
++file;
- }
printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n",
file, m_line,
std::string DumpToString() const
{
std::string ret;
- if (m_reason != NULL) {
+ if (m_reason != NULL)
ret = m_reason->DumpToString();
- }
const char *file = strchr(m_path.c_str(), '/');
- if (file == NULL) {
+ if (file == NULL)
file = m_path.c_str();
- } else {
+ else
++file;
- }
char buf[1024];
snprintf(buf,
throw ClassName(__FILE__, __FUNCTION__, __LINE__)
#define ThrowMsg(ClassName, Message) \
- do \
- { \
+ do { \
std::ostringstream dplLoggingStream; \
dplLoggingStream << Message; \
throw ClassName(__FILE__, __FUNCTION__, __LINE__, dplLoggingStream.str()); \
class FstreamAccessors : T::__filebuf_type {
typedef FstreamAccessors<T> MyType;
public:
- static int GetFd(T &strm) {
+ static int GetFd(T &strm)
+ {
return static_cast<MyType *>(strm.rdbuf())->_M_file.fd();
}
};
namespace CKM {
struct free_deleter{
- void operator()(char *p) {
+ void operator()(char *p)
+ {
free(p);
}
};
namespace CKM {
// Abstract data stream buffer
-class IStream
-{
+class IStream {
public:
virtual void Read(size_t num, void * bytes) = 0;
virtual void Write(size_t num, const void * bytes) = 0;
};
// Serializable interface
-class ISerializable
-{
+class ISerializable {
public:
/* ISerializable(){};
* ISerializable(IStream&){}; */
// std::string
template <typename T, typename R, typename A>
- static void Serialize(IStream& stream, const std::basic_string<T,R,A>& str)
+ static void Serialize(IStream& stream, const std::basic_string<T, R, A>& str)
{
int length = str.size();
stream.Write(sizeof(length), &length);
}
template<typename T, typename R, typename A>
- static void Serialize(IStream& stream, const std::basic_string<T,R,A>* const str)
+ static void Serialize(IStream& stream, const std::basic_string<T, R, A>* const str)
{
int length = str->size();
stream.Write(sizeof(length), &length);
stream.Write(sizeof(length), &length);
for (typename std::list<T>::const_iterator list_iter = list.begin();
list_iter != list.end(); list_iter++)
- {
Serialize(stream, *list_iter);
- }
}
template <typename T>
static void Serialize(IStream& stream, const std::list<T>* const list)
int length = vec.size();
stream.Write(sizeof(length), &length);
for (const auto &i : vec)
- {
Serialize(stream, i);
- }
}
template <typename T, typename A>
static void Serialize(IStream& stream, const std::vector<T, A>* const vec)
{
Serialize(stream, *p);
}
-
}; // struct Serialization
struct Deserialization {
}
template <typename T, typename R, typename A>
- static void Deserialize(IStream& stream, std::basic_string<T,R,A>& str)
+ static void Deserialize(IStream& stream, std::basic_string<T, R, A>& str)
{
int length;
stream.Read(sizeof(length), &length);
std::vector<T> buf(length);
stream.Read(length*sizeof(T), buf.data());
- str = std::basic_string<T,R,A>(buf.data(), buf.data()+length);
+ str = std::basic_string<T, R, A>(buf.data(), buf.data() + length);
}
template <typename T, typename R, typename A>
- static void Deserialize(IStream& stream, std::basic_string<T,R,A>*& str)
+ static void Deserialize(IStream& stream, std::basic_string<T, R, A>*& str)
{
int length;
stream.Read(sizeof(length), &length);
std::vector<T> buf(length);
stream.Read(length*sizeof(T), buf.data());
- str = new std::basic_string<T,R,A>(buf.data(), buf.data()+length);
+ str = new std::basic_string<T, R, A>(buf.data(), buf.data() + length);
}
// STL templates
template <typename A>
static void Deserialize(IStream& stream, std::vector<unsigned char, A>*& vec)
{
- vec = new std::vector<unsigned char,A>;
+ vec = new std::vector<unsigned char, A>;
Deserialize(stream, *vec);
}
// std::vector
template <typename T, typename A>
- static void Deserialize(IStream& stream, std::vector<T,A>& vec)
+ static void Deserialize(IStream& stream, std::vector<T, A>& vec)
{
int length;
stream.Read(sizeof(length), &length);
}
}
template <typename T, typename A>
- static void Deserialize(IStream& stream, std::vector<T,A>*& vec)
+ static void Deserialize(IStream& stream, std::vector<T, A>*& vec)
{
- vec = new std::vector<T,A>;
+ vec = new std::vector<T, A>;
Deserialize(stream, *vec);
}
template <typename First, typename... Args>
struct Serializer<First, Args...> : public Serializer<Args...> {
- static void Serialize(IStream& stream, const First& f, const Args&... args) {
+ static void Serialize(IStream& stream, const First& f, const Args&... args)
+ {
Serialization::Serialize(stream, f);
Serializer<Args...>::Serialize(stream, args...);
}
// end of recursion
template <>
struct Serializer<> {
- static void Serialize(IStream&) {
+ static void Serialize(IStream&)
+ {
return;
}
};
template <typename First, typename... Args>
struct Deserializer<First, Args...> : public Deserializer<Args...> {
- static void Deserialize(IStream& stream, First& f, Args&... args) {
+ static void Deserialize(IStream& stream, First& f, Args&... args)
+ {
Deserialization::Deserialize(stream, f);
Deserializer<Args...>::Deserialize(stream, args...);
}
// end of recursion
template <>
struct Deserializer<> {
- static void Deserialize(IStream&) {
+ static void Deserialize(IStream&)
+ {
return;
}
};
const char *function)
{
#define INTERNAL_LOG(message) \
- do \
- { \
+ do { \
std::ostringstream platformLog; \
platformLog << message; \
CKM::Log::LogSystemSingleton::Instance().Log( \
CKM::Log::AbstractLogProvider::LogLevel::Pedantic, \
platformLog.str().c_str(), \
__FILE__, __LINE__, __FUNCTION__); \
- } \
- while (0)
+ } while (0)
// Try to log failed assertion to log system
- Try
- {
+ Try {
INTERNAL_LOG(
"################################################################################");
INTERNAL_LOG(
// To speed things up, always copy as one bucket
void *bufferCopy = malloc(other.m_size);
- if (bufferCopy == NULL) {
+ if (bufferCopy == NULL)
throw std::bad_alloc();
- }
try {
other.Flatten(bufferCopy, other.m_size);
void *bufferCopy = malloc(bufferSize);
// Check if allocation succeded
- if (bufferCopy == NULL) {
+ if (bufferCopy == NULL)
throw std::bad_alloc();
- }
// Copy user data
memcpy(bufferCopy, buffer, bufferSize);
void BinaryQueue::Consume(size_t size)
{
// Check parameters
- if (size > m_size) {
+ if (size > m_size)
Throw(Exception::OutOfData);
- }
size_t bytesLeft = size;
void BinaryQueue::Flatten(void *buffer, size_t bufferSize) const
{
// Check parameters
- if (bufferSize == 0) {
+ if (bufferSize == 0)
return;
- }
- if (bufferSize > m_size) {
+ if (bufferSize > m_size)
Throw(Exception::OutOfData);
- }
size_t bytesLeft = bufferSize;
void *ptr = buffer;
}
BinaryQueue::BucketVisitor::~BucketVisitor()
-{}
+{
+}
BinaryQueue::BucketVisitorCall::BucketVisitorCall(BucketVisitor *visitor) :
m_visitor(visitor)
-{}
+{
+}
BinaryQueue::BucketVisitorCall::~BucketVisitorCall()
-{}
+{
+}
void BinaryQueue::BucketVisitorCall::operator()(Bucket *bucket) const
{
std::unique_ptr<void, std::function<void(void*)>>
bufferCopy(malloc(available), free);
- if (!bufferCopy.get()) {
+ if (!bufferCopy.get())
throw std::bad_alloc();
- }
BinaryQueueAutoPtr result(new BinaryQueue());
#include <memory>
namespace CKM {
-namespace // anonymous
-{
+namespace { // anonymous
const size_t DEFAULT_ERRNO_STRING_SIZE = 32;
} // namespace anonymous
/**
* SQL connection class
*/
-class SqlConnection
-{
+class SqlConnection {
public:
/**
* SQL Exception classes
*/
- class Exception
- {
+ class Exception {
public:
DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
DECLARE_EXCEPTION_TYPE(Base, SyntaxError)
typedef std::vector<std::string> Row;
typedef std::vector<Row> Rows;
- static int Callback(void*,int,char**,char**);
+ static int Callback(void*, int, char**, char**);
const Row& GetNames() const { return m_names; }
const Rows& GetValues() const { return m_values; }
private:
/*
* SQL processed data command
*/
- class DataCommand
- {
+ class DataCommand {
private:
SqlConnection *m_masterConnection;
sqlcipher3_stmt *m_stmt;
typedef std::unique_ptr<DataCommand> DataCommandUniquePtr;
// Open flags
- class Flag
- {
+ class Flag {
public:
- enum Option
- {
+ enum Option {
RO = SQLCIPHER_OPEN_NOMUTEX | SQLCIPHER_OPEN_READONLY,
- RW = SQLCIPHER_OPEN_NOMUTEX | SQLCIPHER_OPEN_READWRITE,
+ RW = SQLCIPHER_OPEN_NOMUTEX | SQLCIPHER_OPEN_READWRITE,
CRW = RW | SQLCIPHER_OPEN_CREATE
};
};
* Synchronization object used to synchronize SQL connection
* to the same database across different threads and processes
*/
- class SynchronizationObject
- {
+ class SynchronizationObject {
public:
virtual ~SynchronizationObject() {}
timespec remainingTime;
for (;;) {
- if (nanosleep(&requestedTime, &remainingTime) == 0) {
+ if (nanosleep(&requestedTime, &remainingTime) == 0)
break;
- }
int error = errno;
Assert(error == EINTR);
namespace CKM {
namespace DB {
-namespace // anonymous
-{
+namespace { // anonymous
class ScopedNotifyAll
{
private:
explicit ScopedNotifyAll(
SqlConnection::SynchronizationObject *synchronizationObject) :
m_synchronizationObject(synchronizationObject)
- {}
+ {
+ }
~ScopedNotifyAll()
{
- if (!m_synchronizationObject) {
+ if (!m_synchronizationObject)
return;
- }
LogPedantic("Notifying after successful synchronize");
m_synchronizationObject->NotifyAll();
{
LogPedantic("SQL data command finalizing");
- if (sqlcipher3_finalize(m_stmt) != SQLCIPHER_OK) {
+ if (sqlcipher3_finalize(m_stmt) != SQLCIPHER_OK)
LogError("Failed to finalize data command");
- }
// Decrement stored data command count
--m_masterConnection->m_dataCommandsCount;
SqlConnection::ArgumentIndex position,
const boost::optional<int> &value)
{
- if (!value) {
+ if (!value)
BindNull(position);
- } else {
+ else
BindInteger(position, *value);
- }
}
void SqlConnection::DataCommand::BindInt8(
SqlConnection::ArgumentIndex position,
const boost::optional<int8_t> &value)
{
- if (!value) {
+ if (!value)
BindNull(position);
- } else {
+ else
BindInt8(position, *value);
- }
}
void SqlConnection::DataCommand::BindInt16(
SqlConnection::ArgumentIndex position,
const boost::optional<int16_t> &value)
{
- if (!value) {
+ if (!value)
BindNull(position);
- } else {
+ else
BindInt16(position, *value);
- }
}
void SqlConnection::DataCommand::BindInt32(
SqlConnection::ArgumentIndex position,
const boost::optional<int32_t> &value)
{
- if (!value) {
+ if (!value)
BindNull(position);
- } else {
+ else
BindInt32(position, *value);
- }
}
void SqlConnection::DataCommand::BindInt64(
SqlConnection::ArgumentIndex position,
const boost::optional<int64_t> &value)
{
- if (!value) {
+ if (!value)
BindNull(position);
- } else {
+ else
BindInt64(position, *value);
- }
}
void SqlConnection::DataCommand::BindFloat(
SqlConnection::ArgumentIndex position,
const boost::optional<float> &value)
{
- if (!value) {
+ if (!value)
BindNull(position);
- } else {
+ else
BindFloat(position, *value);
- }
}
void SqlConnection::DataCommand::BindDouble(
SqlConnection::ArgumentIndex position,
const boost::optional<double> &value)
{
- if (!value) {
+ if (!value)
BindNull(position);
- } else {
+ else
BindDouble(position, *value);
- }
}
void SqlConnection::DataCommand::BindBlob(
SqlConnection::ArgumentIndex position,
const boost::optional<RawBuffer> &value)
{
- if (!!value) {
+ if (!!value)
BindBlob(position, *value);
- } else {
+ else
BindNull(position);
- }
}
bool SqlConnection::DataCommand::Step()
void SqlConnection::DataCommand::CheckColumnIndex(
SqlConnection::ColumnIndex column)
{
- if (column < 0 || column >= sqlcipher3_column_count(m_stmt)) {
+ if (column < 0 || column >= sqlcipher3_column_count(m_stmt))
ThrowMsg(Exception::InvalidColumn, "Column index is out of bounds");
- }
}
bool SqlConnection::DataCommand::IsColumnNull(
LogPedantic("Value: " << (value ? value : "NULL"));
- if (value == NULL) {
+ if (value == NULL)
return std::string();
- }
return std::string(value);
}
const unsigned char *value = reinterpret_cast<const unsigned char*>(
sqlcipher3_column_blob(m_stmt, column));
- if (value == NULL) {
+ if (value == NULL)
return RawBuffer();
- }
int length = sqlcipher3_column_bytes(m_stmt, column);
LogPedantic("Got blob of length: " << length);
LogPedantic("SQL data command get column optional integer: ["
<< column << "]");
CheckColumnIndex(column);
- if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) {
+ if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL)
return boost::optional<int>();
- }
+
int value = sqlcipher3_column_int(m_stmt, column);
LogPedantic(" Value: " << value);
return boost::optional<int>(value);
LogPedantic("SQL data command get column optional int8: ["
<< column << "]");
CheckColumnIndex(column);
- if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) {
+ if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL)
return boost::optional<int8_t>();
- }
+
int8_t value = static_cast<int8_t>(sqlcipher3_column_int(m_stmt, column));
LogPedantic(" Value: " << value);
return boost::optional<int8_t>(value);
LogPedantic("SQL data command get column optional int16: ["
<< column << "]");
CheckColumnIndex(column);
- if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) {
+ if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL)
return boost::optional<int16_t>();
- }
+
int16_t value = static_cast<int16_t>(sqlcipher3_column_int(m_stmt, column));
LogPedantic(" Value: " << value);
return boost::optional<int16_t>(value);
LogPedantic("SQL data command get column optional int32: ["
<< column << "]");
CheckColumnIndex(column);
- if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) {
+ if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL)
return boost::optional<int32_t>();
- }
+
int32_t value = static_cast<int32_t>(sqlcipher3_column_int(m_stmt, column));
LogPedantic(" Value: " << value);
return boost::optional<int32_t>(value);
LogPedantic("SQL data command get column optional int64: ["
<< column << "]");
CheckColumnIndex(column);
- if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) {
+ if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL)
return boost::optional<int64_t>();
- }
+
int64_t value = static_cast<int64_t>(sqlcipher3_column_int64(m_stmt, column));
LogPedantic(" Value: " << value);
return boost::optional<int64_t>(value);
LogPedantic("SQL data command get column optional float: ["
<< column << "]");
CheckColumnIndex(column);
- if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) {
+ if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL)
return boost::optional<float>();
- }
+
float value = static_cast<float>(sqlcipher3_column_double(m_stmt, column));
LogPedantic(" Value: " << value);
return boost::optional<float>(value);
LogPedantic("SQL data command get column optional double: ["
<< column << "]");
CheckColumnIndex(column);
- if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) {
+ if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL)
return boost::optional<double>();
- }
+
double value = sqlcipher3_column_double(m_stmt, column);
LogPedantic(" Value: " << value);
return boost::optional<double>(value);
LogPedantic("SQL data command get column blog: [" << column << "]");
CheckColumnIndex(column);
- if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) {
+ if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL)
return boost::optional<RawBuffer>();
- }
+
const unsigned char *value = reinterpret_cast<const unsigned char*>(
sqlcipher3_column_blob(m_stmt, column));
TurnOnForeignKeys();
}
-const std::string SQLCIPHER_RAW_PREFIX="x'";
-const std::string SQLCIPHER_RAW_SUFIX="'";
+const std::string SQLCIPHER_RAW_PREFIX = "x'";
+const std::string SQLCIPHER_RAW_SUFIX = "'";
const std::size_t SQLCIPHER_RAW_DATA_SIZE = 32;
RawBuffer rawToHexString(const RawBuffer &raw)
{
RawBuffer output;
- for(auto &e: raw) {
+ for (auto &e: raw) {
char result[3];
snprintf(result, sizeof(result), "%02X", static_cast<unsigned int>(e));
output.push_back(static_cast<unsigned char>(result[0]));
return output;
}
-RawBuffer createHexPass(const RawBuffer &rawPass){
+RawBuffer createHexPass(const RawBuffer &rawPass)
+{
// We are required to pass 64byte long hex password made out of 32byte raw
// binary data
RawBuffer output;
}
AssertMsg(rawPassOld.size() == SQLCIPHER_RAW_DATA_SIZE &&
rawPassNew.size() == SQLCIPHER_RAW_DATA_SIZE,
- "Binary data for raw password should be 32 bytes long."
- );
+ "Binary data for raw password should be 32 bytes long.");
// sqlcipher3_rekey requires for key to be already set
if (!m_isKeySet)
SetKey(rawPassOld);
// Connect to DB
SqlConnection::Connect(address, option);
- if (!m_synchronizationObject) {
+ if (!m_synchronizationObject)
LogPedantic("No synchronization object defined");
- }
}
SqlConnection::~SqlConnection()
int SqlConnection::Output::Callback(void* param, int columns, char** values, char** names)
{
- if(param)
+ if (param)
static_cast<Output*>(param)->SetResults(columns, values, names);
return 0;
}
void SqlConnection::Output::SetResults(int columns, char** values, char** names)
{
if (m_names.empty()) {
- for (int i=0;i<columns;i++)
+ for (int i=0; i < columns; i++)
m_names.push_back(names[i] ? names[i] : "NULL");
}
Row row;
- for (int i=0;i<columns;i++)
+ for (int i=0; i < columns; i++)
row.push_back(values[i] ? values[i] : "NULL");
m_values.push_back(std::move(row));
}
sqlcipher3_free(errorBuffer);
}
- if (ret == SQLCIPHER_OK) {
+ if (ret == SQLCIPHER_OK)
return;
- }
if (ret == SQLCIPHER_BUSY) {
LogPedantic("Collision occurred while executing SQL command");
va_list args;
va_start(args, format);
- if (vasprintf(&rawBuffer, format, args) == -1) {
+ if (vasprintf(&rawBuffer, format, args) == -1)
rawBuffer = NULL;
- }
va_end(args);
namespace CKM {
namespace Log {
-class AbstractLogProvider
-{
+class AbstractLogProvider {
public:
enum class LogLevel {
None,
namespace CKM {
namespace Log {
-class DLOGLogProvider : public AbstractLogProvider
-{
+class DLOGLogProvider : public AbstractLogProvider {
public:
DLOGLogProvider();
virtual ~DLOGLogProvider();
namespace CKM {
namespace Log {
-class JournalLogProvider: public AbstractLogProvider
-{
+class JournalLogProvider: public AbstractLogProvider {
public:
JournalLogProvider();
virtual ~JournalLogProvider();
/**
* CKM log system
*/
-class COMMON_API LogSystem
-{
+class COMMON_API LogSystem {
public:
NONCOPYABLE(LogSystem)
/*
* Replacement low overhead null logging class
*/
-class NullStream
-{
+class NullStream {
public:
NullStream() {}
} while (0)
#define DPL_MACRO_FOR_LOGGING(message, level) \
-do \
-{ \
+do { \
if (level > CKM::Log::AbstractLogProvider::LogLevel::None && \
- CKM::Log::LogSystemSingleton::Instance().GetLogLevel() >= level) \
- { \
+ CKM::Log::LogSystemSingleton::Instance().GetLogLevel() >= level) { \
std::ostringstream platformLog; \
platformLog << message; \
CKM::Log::LogSystemSingleton::Instance().Log(level, \
} while (0)
#define DPL_MACRO_FOR_LOGGING_POSITION(message, level, file, line, function) \
-do \
-{ \
+do { \
if (level > CKM::Log::AbstractLogProvider::LogLevel::None && \
- CKM::Log::LogSystemSingleton::Instance().GetLogLevel() >= level) \
- { \
+ CKM::Log::LogSystemSingleton::Instance().GetLogLevel() >= level) { \
std::ostringstream platformLog; \
platformLog << message; \
CKM::Log::LogSystemSingleton::Instance().Log(level, \
do { \
(void) file; (void) line; (void) function; \
DPL_MACRO_DUMMY_LOGGING(message, CKM::Log::AbstractLogProvider::LogLevel::Debug); \
- } while(0)
+ } while (0)
#endif // BUILD_TYPE_DEBUG
#endif // CENT_KEY_LOG_H
namespace CKM {
namespace Log {
-class OldStyleLogProvider : public AbstractLogProvider
-{
+class OldStyleLogProvider : public AbstractLogProvider {
public:
OldStyleLogProvider();
virtual ~OldStyleLogProvider() {}
typedef void (*dlogMacro)(const char*, const char*);
// I can't map LOG_ values because SLOG uses token concatenation
-void error(const char* tag, const char* msg) {
+void error(const char* tag, const char* msg)
+{
SLOG(LOG_ERROR, tag, "%s", msg);
}
-void warning(const char* tag, const char* msg) {
+void warning(const char* tag, const char* msg)
+{
SLOG(LOG_WARN, tag, "%s", msg);
}
-void info(const char* tag, const char* msg) {
+void info(const char* tag, const char* msg)
+{
SLOG(LOG_INFO, tag, "%s", msg);
}
-void debug(const char* tag, const char* msg) {
+void debug(const char* tag, const char* msg)
+{
SLOG(LOG_DEBUG, tag, "%s", msg);
}
-void pedantic(const char* tag, const char* msg) {
+void pedantic(const char* tag, const char* msg)
+{
SLOG(LOG_VERBOSE, tag, "%s", msg);
}
std::map<AbstractLogProvider::LogLevel, dlogMacro> dlogMacros = {
DLOGLogProvider::DLOGLogProvider()
-{}
+{
+}
DLOGLogProvider::~DLOGLogProvider()
-{}
+{
+}
void DLOGLogProvider::SetTag(const char *tag)
{
} // namespace anonymous
JournalLogProvider::JournalLogProvider()
-{}
+{
+}
JournalLogProvider::~JournalLogProvider()
-{}
+{
+}
void JournalLogProvider::Log(AbstractLogProvider::LogLevel level,
const char *message,
namespace CKM {
namespace Log {
-namespace // anonymous
-{
+namespace { // anonymous
/*
* Set these variables to desired values in /etc/sysconfig/central-key-manager and restart
* central-key-manager service to use them.
const char * const JOURNALD = "JOURNALD";
} // namespace anonymous
-LogSystem::LogSystem() : m_providerCtor({
+LogSystem::LogSystem() :
+ m_providerCtor({
#ifdef BUILD_TYPE_DEBUG
{ CONSOLE, []{ return static_cast<AbstractLogProvider*>(new OldStyleLogProvider()); } },
#endif // BUILD_TYPE_DEBUG
namespace CKM {
namespace Log {
-namespace // anonymous
-{
+namespace { // anonymous
+
using namespace CKM::Colors::Text;
const char *DEBUG_BEGIN = GREEN_BEGIN;
const char *DEBUG_END = GREEN_END;
} // namespace anonymous
OldStyleLogProvider::OldStyleLogProvider()
-{}
+{
+}
void OldStyleLogProvider::Log(AbstractLogProvider::LogLevel level,
const char *message,
} catch (const std::out_of_range&) {
fprintf(stdout, "Unsupported log level: %d\n", level);
}
-
}
}
#include <xml-utils.h>
#include <base64.h>
-namespace
-{
+namespace {
const char * const XML_ATTR_IV = "IV";
}
void BufferHandler::Start(const XML::Parser::Attributes &attr)
{
// get key type
- if(attr.find(XML_ATTR_IV) != attr.end()) {
+ if (attr.find(XML_ATTR_IV) != attr.end()) {
std::string IVstring = attr.at(XML_ATTR_IV);
Base64Decoder base64;
base64.reset();
void BufferHandler::End()
{
// decoding section
- switch(m_encoding)
+ switch (m_encoding) {
+ // PEM requires that "----- END" section comes right after "\n" character
+ case PEM:
{
- // PEM requires that "----- END" section comes right after "\n" character
- case PEM:
- {
- std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end()));
- m_data = RawBuffer(trimmed.begin(), trimmed.end());
- break;
- }
+ std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end()));
+ m_data = RawBuffer(trimmed.begin(), trimmed.end());
+ break;
+ }
- // Base64 decoder also does not accept any whitespaces
- case DER:
- case BASE64:
- case ENCRYPTED:
- {
- std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end()));
- Base64Decoder base64;
- base64.reset();
- base64.append(RawBuffer(trimmed.begin(), trimmed.end()));
- base64.finalize();
- m_data = base64.get();
- break;
- }
+ // Base64 decoder also does not accept any whitespaces
+ case DER:
+ case BASE64:
+ case ENCRYPTED:
+ {
+ std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end()));
+ Base64Decoder base64;
+ base64.reset();
+ base64.append(RawBuffer(trimmed.begin(), trimmed.end()));
+ base64.finalize();
+ m_data = base64.get();
+ break;
+ }
- default:
- break;
+ default:
+ break;
}
}
namespace CKM {
namespace InitialValues {
-class BufferHandler : public XML::Parser::ElementHandler
-{
+class BufferHandler : public XML::Parser::ElementHandler {
public:
typedef std::shared_ptr<BufferHandler> BufferHandlerPtr;
virtual void Characters(const std::string & data);
virtual void End();
- const RawBuffer & getData() const {
+ const RawBuffer & getData() const
+ {
return m_data;
}
- bool isEncrypted() const {
- if(m_encoding == EncodingType::ENCRYPTED)
+ bool isEncrypted() const
+ {
+ if (m_encoding == EncodingType::ENCRYPTED)
return true;
return false;
}
- const RawBuffer & getIV() const {
+ const RawBuffer & getIV() const
+ {
return m_IV;
}
+
private:
EncodingType m_encoding;
RawBuffer m_IV;
namespace CKM {
namespace InitialValues {
-class CertHandler : public InitialValueHandler
-{
+class CertHandler : public InitialValueHandler {
public:
explicit CertHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey)
: InitialValueHandler(db_logic, encryptedKey) {}
namespace CKM {
namespace InitialValues {
-class DataHandler : public InitialValueHandler
-{
+class DataHandler : public InitialValueHandler {
public:
- explicit DataHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey)
- : InitialValueHandler(db_logic, encryptedKey) {}
+ explicit DataHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) :
+ InitialValueHandler(db_logic, encryptedKey) {}
virtual ~DataHandler();
virtual DataType getDataType() const;
#include <EncodingType.h>
#include <ckm/ckm-type.h>
-namespace
-{
+namespace {
const char * const XML_ATTR_NAME = "name";
const char * const XML_ATTR_PASSWORD = "password";
const char * const XML_ATTR_EXPORTABLE = "exportable";
void InitialValueHandler::Start(const XML::Parser::Attributes &attr)
{
// get name
- if(attr.find(XML_ATTR_NAME) != attr.end())
+ if (attr.find(XML_ATTR_NAME) != attr.end())
m_name = Alias(attr.at(XML_ATTR_NAME));
// get password
- if(attr.find(XML_ATTR_PASSWORD) != attr.end())
+ if (attr.find(XML_ATTR_PASSWORD) != attr.end())
m_password = Password(attr.at(XML_ATTR_PASSWORD).c_str());
// get exportable
- if(attr.find(XML_ATTR_EXPORTABLE) != attr.end())
- {
+ if (attr.find(XML_ATTR_EXPORTABLE) != attr.end()) {
std::string flagVal = attr.at(XML_ATTR_EXPORTABLE);
std::transform(flagVal.begin(), flagVal.end(), flagVal.begin(), ::tolower);
std::istringstream is(flagVal);
LogError("Invalid data with name: " << m_name << ", reason: no key data!");
return;
}
-
// save data
Policy policy(m_password, m_exportable);
Crypto::DataEncryption de;
- if(m_bufferHandler->isEncrypted()) {
+ if (m_bufferHandler->isEncrypted()) {
de.encryptedKey = m_encryptedKey;
de.iv = m_bufferHandler->getIV();
}
de,
policy);
- if(CKM_API_SUCCESS != ec) {
+ if (CKM_API_SUCCESS != ec) {
LogError("Saving type: " << getDataType() << " with params: name(" <<
m_name << "), exportable(" << m_exportable<< ") failed, code: " << ec);
return;
}
// save permissions
- for(const auto & permission : m_permissions)
- {
+ for (const auto & permission : m_permissions) {
ec = m_db_logic.setPermissionHelper(
Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM),
m_name,
") failed, code: " << ec);
}
}
-}
-
+}
BufferHandler::BufferHandlerPtr InitialValueHandler::CreateBufferHandler(EncodingType type)
{
namespace CKM {
namespace InitialValues {
-class InitialValueHandler : public NoCharactersHandler
-{
+class InitialValueHandler : public NoCharactersHandler {
public:
typedef std::shared_ptr<InitialValueHandler> InitialValueHandlerPtr;
explicit InitialValueHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey)
: m_exportable(false), m_db_logic(db_logic), m_encryptedKey(encryptedKey) {}
- virtual ~InitialValueHandler() {};
+ virtual ~InitialValueHandler() {}
BufferHandler::BufferHandlerPtr CreateBufferHandler(EncodingType type);
PermissionHandler::PermissionHandlerPtr CreatePermissionHandler();
void InitialValuesFile::Error(const XML::Parser::ErrorType errorType,
const std::string & log_msg)
{
- switch(errorType)
- {
- case XML::Parser::VALIDATION_ERROR:
- LogWarning("validating error: " << log_msg);
- break;
- case XML::Parser::PARSE_WARNING:
- LogWarning("parsing warning: " << log_msg);
- break;
- case XML::Parser::PARSE_ERROR:
- LogWarning("parsing error: " << log_msg);
- break;
+ switch (errorType) {
+ case XML::Parser::VALIDATION_ERROR:
+ LogWarning("validating error: " << log_msg);
+ break;
+ case XML::Parser::PARSE_WARNING:
+ LogWarning("parsing warning: " << log_msg);
+ break;
+ case XML::Parser::PARSE_ERROR:
+ LogWarning("parsing error: " << log_msg);
+ break;
}
}
int InitialValuesFile::Parse()
{
int ec = m_parser.Parse();
- if(!m_header || !m_header->isCorrectVersion()) {
+ if (!m_header || !m_header->isCorrectVersion()) {
LogError("bypassing XML file: " << m_filename << " - wrong file version!");
ec = XML::Parser::ERROR_INVALID_VERSION;
}
XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type,
const CKM::RawBuffer &encryptedKey)
{
- switch(type)
- {
- case KEY:
- m_currentHandler = std::make_shared<KeyHandler>(m_db_logic, encryptedKey);
- break;
+ switch (type) {
+ case KEY:
+ m_currentHandler = std::make_shared<KeyHandler>(m_db_logic, encryptedKey);
+ break;
- case CERT:
- m_currentHandler = std::make_shared<CertHandler>(m_db_logic, encryptedKey);
- break;
+ case CERT:
+ m_currentHandler = std::make_shared<CertHandler>(m_db_logic, encryptedKey);
+ break;
- case DATA:
- m_currentHandler = std::make_shared<DataHandler>(m_db_logic, encryptedKey);
- break;
+ case DATA:
+ m_currentHandler = std::make_shared<DataHandler>(m_db_logic, encryptedKey);
+ break;
- default:
- m_currentHandler.reset();
- break;
+ default:
+ m_currentHandler.reset();
+ break;
}
return m_currentHandler;
XML::Parser::ElementHandlerPtr InitialValuesFile::GetBufferHandler(EncodingType type)
{
- if( !m_currentHandler )
+ if ( !m_currentHandler )
return XML::Parser::ElementHandlerPtr();
return m_currentHandler->CreateBufferHandler(type);
XML::Parser::ElementHandlerPtr InitialValuesFile::GetPermissionHandler()
{
- if( !m_currentHandler )
+ if ( !m_currentHandler )
return XML::Parser::ElementHandlerPtr();
return m_currentHandler->CreatePermissionHandler();
InitialValuesFile::EncryptionKeyHandler::EncryptionKeyHandler(InitialValuesFile & parent) : m_parent(parent) {}
-void InitialValuesFile::EncryptionKeyHandler::Characters(const std::string &data) {
+void InitialValuesFile::EncryptionKeyHandler::Characters(const std::string &data)
+{
m_encryptedKey.reserve(m_encryptedKey.size() + data.size());
m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end());
};
-void InitialValuesFile::EncryptionKeyHandler::End() {
+
+void InitialValuesFile::EncryptionKeyHandler::End()
+{
std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end()));
Base64Decoder base64;
base64.reset();
m_encryptedKey = base64.get();
};
-CKM::RawBuffer InitialValuesFile::EncryptionKeyHandler::getEncryptedKey() const {
+CKM::RawBuffer InitialValuesFile::EncryptionKeyHandler::getEncryptedKey() const
+{
return m_encryptedKey;
}
-InitialValuesFile::HeaderHandler::HeaderHandler(InitialValuesFile & parent)
- : m_version(-1), m_parent(parent) {}
+InitialValuesFile::HeaderHandler::HeaderHandler(InitialValuesFile & parent) :
+ m_version(-1), m_parent(parent)
+{
+}
+
void InitialValuesFile::HeaderHandler::Start(const XML::Parser::Attributes & attr)
{
// get key type
- if(attr.find(XML_ATTR_VERSION) != attr.end())
- {
+ if (attr.find(XML_ATTR_VERSION) != attr.end()) {
m_version = atoi(attr.at(XML_ATTR_VERSION).c_str());
- if(isCorrectVersion())
+ if (isCorrectVersion())
m_parent.registerElementListeners();
}
}
-bool InitialValuesFile::HeaderHandler::isCorrectVersion() const {
+bool InitialValuesFile::HeaderHandler::isCorrectVersion() const
+{
return m_version == XML_CURRENT_VERSION;
}
namespace InitialValues {
-class InitialValuesFile
-{
+class InitialValuesFile {
public:
InitialValuesFile(const std::string &XML_filename,
CKMLogic & db_logic);
void ReleasePermissionHandler();
private:
- class HeaderHandler : public XML::Parser::ElementHandler
- {
+ class HeaderHandler : public XML::Parser::ElementHandler {
public:
explicit HeaderHandler(InitialValuesFile & parent);
virtual void Start(const XML::Parser::Attributes & attr);
- virtual void Characters(const std::string &) {};
- virtual void End() {};
+ virtual void Characters(const std::string &) {}
+ virtual void End() {}
bool isCorrectVersion() const;
InitialValuesFile & m_parent;
};
- class EncryptionKeyHandler : public XML::Parser::ElementHandler
- {
+ class EncryptionKeyHandler : public XML::Parser::ElementHandler {
public:
explicit EncryptionKeyHandler(InitialValuesFile & parent);
- virtual void Start(const XML::Parser::Attributes &) {};
+ virtual void Start(const XML::Parser::Attributes &) {}
virtual void Characters(const std::string &data);
virtual void End();
CKM::RawBuffer getEncryptedKey() const;
+
private:
CKM::RawBuffer m_encryptedKey;
InitialValuesFile & m_parent;
void registerElementListeners();
static void Error(const XML::Parser::ErrorType errorType,
const std::string & logMsg);
-
};
}
#include <InitialValueHandler.h>
#include <ckm/ckm-type.h>
-namespace
-{
+namespace {
const char * const XML_ATTR_TYPE = "type";
const char * const XML_ATTR_TYPE_VAL_RSA_PRV = "RSA_PRV";
const char * const XML_ATTR_TYPE_VAL_RSA_PUB = "RSA_PUB";
InitialValueHandler::Start(attr);
// get key type
- if(attr.find(XML_ATTR_TYPE) != attr.end())
+ if (attr.find(XML_ATTR_TYPE) != attr.end())
m_keyType = KeyHandler::parseType(attr.at(XML_ATTR_TYPE));
}
KeyType KeyHandler::parseType(const std::string & typeStr)
{
- if (typeStr == XML_ATTR_TYPE_VAL_RSA_PRV) return KeyType::KEY_RSA_PRIVATE;
- else if(typeStr == XML_ATTR_TYPE_VAL_RSA_PUB) return KeyType::KEY_RSA_PUBLIC;
- else if(typeStr == XML_ATTR_TYPE_VAL_DSA_PRV) return KeyType::KEY_DSA_PRIVATE;
- else if(typeStr == XML_ATTR_TYPE_VAL_DSA_PUB) return KeyType::KEY_DSA_PUBLIC;
- else if(typeStr == XML_ATTR_TYPE_VAL_ECDSA_PRV) return KeyType::KEY_ECDSA_PRIVATE;
- else if(typeStr == XML_ATTR_TYPE_VAL_ECDSA_PUB) return KeyType::KEY_ECDSA_PUBLIC;
- else if(typeStr == XML_ATTR_TYPE_VAL_AES) return KeyType::KEY_AES;
+ if (typeStr == XML_ATTR_TYPE_VAL_RSA_PRV) return KeyType::KEY_RSA_PRIVATE;
+ else if (typeStr == XML_ATTR_TYPE_VAL_RSA_PUB) return KeyType::KEY_RSA_PUBLIC;
+ else if (typeStr == XML_ATTR_TYPE_VAL_DSA_PRV) return KeyType::KEY_DSA_PRIVATE;
+ else if (typeStr == XML_ATTR_TYPE_VAL_DSA_PUB) return KeyType::KEY_DSA_PUBLIC;
+ else if (typeStr == XML_ATTR_TYPE_VAL_ECDSA_PRV) return KeyType::KEY_ECDSA_PRIVATE;
+ else if (typeStr == XML_ATTR_TYPE_VAL_ECDSA_PUB) return KeyType::KEY_ECDSA_PUBLIC;
+ else if (typeStr == XML_ATTR_TYPE_VAL_AES) return KeyType::KEY_AES;
else // should not happen
throw std::runtime_error("error: invalid value discovered as key type");
}
namespace CKM {
namespace InitialValues {
-class KeyHandler : public InitialValueHandler
-{
+class KeyHandler : public InitialValueHandler {
public:
- explicit KeyHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey)
- : InitialValueHandler(db_logic, encryptedKey), m_keyType(KeyType::KEY_NONE) {}
+ explicit KeyHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) :
+ InitialValueHandler(db_logic, encryptedKey), m_keyType(KeyType::KEY_NONE) {}
virtual ~KeyHandler();
virtual void Start(const XML::Parser::Attributes &);
virtual DataType getDataType() const;
+
protected:
static KeyType parseType(const std::string & typeStr);
void NoCharactersHandler::Characters(const std::string & data)
{
auto f = find_if(data.begin(), data.end(), [](char c){ return std::isspace(c) == 0;});
- if(f != data.end())
+ if (f != data.end())
throw std::runtime_error(
"error: value handler detected raw data outside data-specific tag");
}
namespace CKM {
namespace InitialValues {
-class NoCharactersHandler : public XML::Parser::ElementHandler
-{
+class NoCharactersHandler : public XML::Parser::ElementHandler {
public:
void Characters(const std::string & data);
#include <ckm/ckm-type.h>
#include <PermissionHandler.h>
-namespace
-{
+namespace {
const char * const XML_ATTR_ACCESSOR = "accessor";
}
void PermissionHandler::Start(const XML::Parser::Attributes & attr)
{
// get accessor label
- if(attr.find(XML_ATTR_ACCESSOR) != attr.end())
+ if (attr.find(XML_ATTR_ACCESSOR) != attr.end())
m_accessor = Label(attr.at(XML_ATTR_ACCESSOR));
}
namespace CKM {
namespace InitialValues {
-class PermissionHandler : public NoCharactersHandler
-{
+class PermissionHandler : public NoCharactersHandler {
public:
typedef std::shared_ptr<PermissionHandler> PermissionHandlerPtr;
virtual void Start(const XML::Parser::Attributes &);
virtual void End();
- const Label & getAccessor() const {
+ const Label & getAccessor() const
+ {
return m_accessor;
}
+
private:
Label m_accessor;
};
namespace CKM {
namespace InitialValues {
-SWKeyFile::SWKeyFile(const std::string &XML_filename)
- : m_parser(XML_filename),
- m_header(std::make_shared<HeaderHandler>(*this)),
- m_RSAKeyHandler(std::make_shared<RSAKeyHandler>(*this))
+SWKeyFile::SWKeyFile(const std::string &XML_filename) :
+ m_parser(XML_filename),
+ m_header(std::make_shared<HeaderHandler>(*this)),
+ m_RSAKeyHandler(std::make_shared<RSAKeyHandler>(*this))
{
m_parser.RegisterErrorCb(SWKeyFile::Error);
m_parser.RegisterElementCb(XML_TAG_DEVICE_KEY,
void SWKeyFile::Error(const XML::Parser::ErrorType errorType,
const std::string & log_msg)
{
- switch(errorType)
- {
- case XML::Parser::VALIDATION_ERROR:
- LogWarning("validating error: " << log_msg);
- break;
- case XML::Parser::PARSE_WARNING:
- LogWarning("parsing warning: " << log_msg);
- break;
- case XML::Parser::PARSE_ERROR:
- LogWarning("parsing error: " << log_msg);
- break;
+ switch (errorType) {
+ case XML::Parser::VALIDATION_ERROR:
+ LogWarning("validating error: " << log_msg);
+ break;
+ case XML::Parser::PARSE_WARNING:
+ LogWarning("parsing warning: " << log_msg);
+ break;
+ case XML::Parser::PARSE_ERROR:
+ LogWarning("parsing error: " << log_msg);
+ break;
}
}
int SWKeyFile::Parse()
{
int ec = m_parser.Parse();
- if(!m_header || !m_header->isCorrectVersion()) {
+ if (!m_header || !m_header->isCorrectVersion()) {
LogError("bypassing XML file: " << m_filename << " - wrong file version!");
ec = XML::Parser::ERROR_INVALID_VERSION;
}
SWKeyFile::RSAKeyHandler::RSAKeyHandler(SWKeyFile & parent)
: m_parent(parent)
-{}
+{
+}
-void SWKeyFile::RSAKeyHandler::Characters(const std::string &data) {
+void SWKeyFile::RSAKeyHandler::Characters(const std::string &data)
+{
//m_encryptedKey.reserve(m_encryptedKey.size() + data.size());
//m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end());
std::copy(data.begin(), data.end(), std::back_inserter(m_encryptedKey));
}
-void SWKeyFile::RSAKeyHandler::End() {
+void SWKeyFile::RSAKeyHandler::End()
+{
// std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end()));
Base64Decoder base64;
m_encryptedKey = base64.get();
};
-Crypto::GObjShPtr SWKeyFile::RSAKeyHandler::getPrivKey() {
+Crypto::GObjShPtr SWKeyFile::RSAKeyHandler::getPrivKey()
+{
return std::make_shared<Crypto::SW::AKey>(m_encryptedKey, DataType::KEY_RSA_PRIVATE);
}
-SWKeyFile::HeaderHandler::HeaderHandler(SWKeyFile & parent)
- : m_version(-1), m_parent(parent) {}
+SWKeyFile::HeaderHandler::HeaderHandler(SWKeyFile & parent) :
+ m_version(-1), m_parent(parent)
+{
+}
+
void SWKeyFile::HeaderHandler::Start(const XML::Parser::Attributes & attr)
{
// get key type
- if(attr.find(XML_ATTR_VERSION) != attr.end())
- {
+ if (attr.find(XML_ATTR_VERSION) != attr.end()) {
m_version = atoi(attr.at(XML_ATTR_VERSION).c_str());
- if(isCorrectVersion())
+ if (isCorrectVersion())
m_parent.registerElementListeners();
}
}
-bool SWKeyFile::HeaderHandler::isCorrectVersion() const {
+
+bool SWKeyFile::HeaderHandler::isCorrectVersion() const
+{
return m_version == XML_SW_KEY_CURRENT_VERSION;
}
namespace InitialValues {
-class SWKeyFile
-{
+class SWKeyFile {
public:
explicit SWKeyFile(const std::string &XML_filename);
int Validate(const std::string &XSD_file);
int Parse();
- Crypto::GObjShPtr getPrivKey() {
+ Crypto::GObjShPtr getPrivKey()
+ {
return m_deviceKey;
}
private:
- class HeaderHandler : public XML::Parser::ElementHandler
- {
+ class HeaderHandler : public XML::Parser::ElementHandler {
public:
explicit HeaderHandler(SWKeyFile & parent);
virtual void Start(const XML::Parser::Attributes & attr);
- virtual void Characters(const std::string &) {};
- virtual void End() {};
+ virtual void Characters(const std::string &) {}
+ virtual void End() {}
bool isCorrectVersion() const;
SWKeyFile & m_parent;
};
- class RSAKeyHandler : public XML::Parser::ElementHandler
- {
+ class RSAKeyHandler : public XML::Parser::ElementHandler {
public:
explicit RSAKeyHandler(SWKeyFile & parent);
- virtual void Start(const XML::Parser::Attributes &) {};
+ virtual void Start(const XML::Parser::Attributes &) {}
virtual void Characters(const std::string &data);
virtual void End();
Crypto::GObjShPtr getPrivKey();
+
private:
CKM::RawBuffer m_encryptedKey;
SWKeyFile & m_parent;
void registerElementListeners();
static void Error(const XML::Parser::ErrorType errorType,
const std::string & logMsg);
-
};
}
namespace CKM {
namespace InitialValues {
-void LoadFiles(CKMLogic &logic) {
+void LoadFiles(CKMLogic &logic)
+{
try {
std::vector<std::string> filesToParse;
DIR *dp = opendir(INIT_VALUES_DIR);
- if(dp)
- {
+ if (dp) {
struct dirent *entry;
- while ((entry = readdir(dp)))
- {
+ while ((entry = readdir(dp))) {
std::string filename = std::string(entry->d_name);
// check if XML file
std::string lowercaseFilename = filename;
std::transform(lowercaseFilename.begin(), lowercaseFilename.end(), lowercaseFilename.begin(), ::tolower);
- if(lowercaseFilename.find(INIT_VALUES_FILE_SUFFIX) == std::string::npos)
+
+ if (lowercaseFilename.find(INIT_VALUES_FILE_SUFFIX) == std::string::npos)
continue;
filesToParse.push_back(std::string(INIT_VALUES_DIR) + filename);
}
// parse
- for(const auto & file : filesToParse)
- {
+ for (const auto & file : filesToParse) {
InitialValues::InitialValuesFile xmlFile(file.c_str(), logic);
int rc = xmlFile.Validate(INIT_VALUES_XSD);
- if(rc == XML::Parser::PARSE_SUCCESS)
- {
+ if (rc == XML::Parser::PARSE_SUCCESS) {
rc = xmlFile.Parse();
- if(rc != XML::Parser::PARSE_SUCCESS)
+ if (rc != XML::Parser::PARSE_SUCCESS)
LogError("invalid initial values file: " << file << ", parsing code: " << rc);
- }
- else
+ } else {
LogError("invalid initial values file: " << file << ", validation code: " << rc);
+ }
unlink(file.c_str());
}
} catch (...) {
} // namespace anonymous
-Parser::Parser(const std::string &XML_filename)
- : m_errorCb(0)
+Parser::Parser(const std::string &XML_filename) :
+ m_errorCb(0)
{
m_XMLfile = XML_filename;
memset(&m_saxHandler, 0, sizeof(m_saxHandler));
int Parser::Validate(const std::string &XSD_schema)
{
- if(XSD_schema.empty()) {
+ if (XSD_schema.empty()) {
LogError("no XSD file path given");
return ERROR_INVALID_ARGUMENT;
}
std::unique_ptr<xmlSchemaParserCtxt, void(*)(xmlSchemaParserCtxtPtr)>
parserCtxt(xmlSchemaNewParserCtxt(XSD_schema.c_str()),
[](xmlSchemaParserCtxtPtr ctx){ xmlSchemaFreeParserCtxt(ctx); });
- if(!parserCtxt) {
+ if (!parserCtxt) {
LogError("XSD file path is invalid");
return ERROR_INVALID_ARGUMENT;
}
std::unique_ptr<xmlSchema, void(*)(xmlSchemaPtr)>
schema(xmlSchemaParse(parserCtxt.get()),
[](xmlSchemaPtr schemaPtr){ xmlSchemaFree(schemaPtr); });
- if(!schema) {
+ if (!schema) {
LogError("Parsing XSD file failed");
return ERROR_XSD_PARSE_FAILED;
}
std::unique_ptr<xmlSchemaValidCtxt, void(*)(xmlSchemaValidCtxtPtr)>
validCtxt(xmlSchemaNewValidCtxt(schema.get()),
[](xmlSchemaValidCtxtPtr validCtxPtr){ xmlSchemaFreeValidCtxt(validCtxPtr); });
- if(!validCtxt) {
+ if (!validCtxt) {
LogError("Internal parser error");
return ERROR_INTERNAL;
}
xmlThrDefSetGenericErrorFunc(this, &Parser::ErrorValidate);
retCode = xmlSchemaValidateFile(validCtxt.get(), m_XMLfile.c_str(), 0);
- if(0 != retCode) {
+ if (0 != retCode) {
LogWarning("Validating XML file failed, ec: " << retCode);
retCode = ERROR_XML_VALIDATION_FAILED;
- }
- else
+ } else {
retCode = PARSE_SUCCESS;
+ }
return retCode;
}
int Parser::Parse()
{
- if(m_elementListenerMap.empty()) {
+ if (m_elementListenerMap.empty()) {
LogError("Can not parse XML file: no registered element callbacks.");
return ERROR_INVALID_ARGUMENT;
}
int retCode = xmlSAXUserParseFile(&m_saxHandler, this, m_XMLfile.c_str());
- if(0 != retCode) {
+ if (0 != retCode) {
LogWarning("Parsing XML file failed, ec: " << retCode);
return ERROR_XML_PARSE_FAILED;
}
// if error detected while parsing
- if(m_elementListenerMap.empty()) {
+ if (m_elementListenerMap.empty()) {
LogError("Critical error detected while parsing.");
return ERROR_INTERNAL;
}
int Parser::RegisterErrorCb(const ErrorCb newCb)
{
- if(m_errorCb) {
+ if (m_errorCb) {
LogError("Callback already registered!");
return ERROR_CALLBACK_PRESENT;
}
const StartCb startCb,
const EndCb endCb)
{
- if(!elementName)
+ if (!elementName)
return ERROR_INVALID_ARGUMENT;
std::string key(elementName);
- if(m_elementListenerMap.find(elementName) != m_elementListenerMap.end()) {
+ if (m_elementListenerMap.find(elementName) != m_elementListenerMap.end()) {
LogError("Callback for element " << elementName << " already registered!");
return ERROR_CALLBACK_PRESENT;
}
const xmlChar **attrs)
{
std::string key(reinterpret_cast<const char*>(name));
- if(m_elementListenerMap.find(key) == m_elementListenerMap.end())
+ if (m_elementListenerMap.find(key) == m_elementListenerMap.end())
return;
ElementHandlerPtr newHandler;
const ElementListener & current = m_elementListenerMap[key];
- if(current.startCb)
- {
+ if (current.startCb) {
Attributes attribs;
{
size_t numAttrs = 0;
std::string key;
- while(attrs && attrs[numAttrs])
- {
+ while (attrs && attrs[numAttrs]) {
const char *attrChr = reinterpret_cast<const char*>(attrs[numAttrs]);
- if((numAttrs%2)==0)
+ if ((numAttrs%2) == 0)
key = std::string(attrChr);
else
attribs[key] = std::string(attrChr);
- numAttrs ++;
+ numAttrs++;
}
}
newHandler = current.startCb();
- if(newHandler)
+ if (newHandler)
newHandler->Start(attribs);
}
// always put a handler, even if it's empty. This will not break
void Parser::EndElement(const xmlChar *name)
{
std::string key(reinterpret_cast<const char*>(name));
- if(m_elementListenerMap.find(key) == m_elementListenerMap.end())
+ if (m_elementListenerMap.find(key) == m_elementListenerMap.end())
return;
// this should never ever happen
- if( m_elementHandlerStack.empty() )
+ if (m_elementHandlerStack.empty())
throw std::runtime_error("internal error: element queue desynchronized!");
ElementHandlerPtr ¤tHandler = m_elementHandlerStack.top();
- if(currentHandler)
+ if (currentHandler)
currentHandler->End();
const ElementListener & current = m_elementListenerMap[key];
- if(current.endCb)
+ if (current.endCb)
current.endCb(currentHandler);
m_elementHandlerStack.pop();
void Parser::Characters(const xmlChar *ch, size_t chLen)
{
std::string chars(reinterpret_cast<const char*>(ch), chLen);
- if(chars.empty())
+ if (chars.empty())
return;
- if( !m_elementHandlerStack.empty() )
- {
+ if (!m_elementHandlerStack.empty()) {
ElementHandlerPtr ¤tHandler = m_elementHandlerStack.top();
- if(currentHandler)
+ if (currentHandler)
currentHandler->Characters(chars);
}
}
void Parser::Error(const ErrorType errorType, const char *msg, va_list &args)
{
- if(!m_errorCb)
+ if (!m_errorCb)
return;
va_list args2;
- try
- {
+ try {
va_copy(args2, args);
std::vector<char> buf(1 + std::vsnprintf(NULL, 0, msg, args));
std::vsnprintf(buf.data(), buf.size(), msg, args2);
m_errorCb(errorType, trim(std::string(buf.begin(), buf.end())));
- }
- catch(...) {
+ } catch (...) {
LogError("Error callback throwed an exception.");
// if an error handler throwed exception,
// do not call further callbacks
//
// -------------------------- start of static wrappers --------------------------
//
-void Parser::CallbackHelper(std::function<void (void)> func)
+void Parser::CallbackHelper(std::function<void(void)> func)
{
- try
- {
+ try {
func();
return;
- }
- catch(const std::exception &e) {
+ } catch (const std::exception &e) {
LogError("parser error: " << e.what());
- if(m_errorCb)
+ if (m_errorCb)
m_errorCb(PARSE_ERROR, e.what());
- }
- catch(...) {
+ } catch (...) {
LogError("unknown parser error");
- if(m_errorCb)
+ if (m_errorCb)
m_errorCb(PARSE_ERROR, "unknown parser error");
}
// raise error flag - unregister listeners
namespace CKM {
namespace XML {
-class Parser
-{
+class Parser {
public:
enum ErrorCode {
PARSE_SUCCESS = 0,
int RegisterErrorCb(const ErrorCb newCb);
typedef std::map<std::string, std::string> Attributes;
- class ElementHandler
- {
- public:
- virtual ~ElementHandler() {}
-
- // methods below may throw std::exception to invalidate the parsing process
- // and remove all element listeners.
- // In this case, parsing error code returned to the user after std::exception.
- virtual void Start(const Attributes &) = 0;
- virtual void Characters(const std::string & data) = 0;
- virtual void End() = 0;
+ class ElementHandler {
+ public:
+ virtual ~ElementHandler() {}
+
+ // methods below may throw std::exception to invalidate the parsing process
+ // and remove all element listeners.
+ // In this case, parsing error code returned to the user after std::exception.
+ virtual void Start(const Attributes &) = 0;
+ virtual void Characters(const std::string & data) = 0;
+ virtual void End() = 0;
};
typedef std::shared_ptr<ElementHandler> ElementHandlerPtr;
std::string m_XMLfile;
ErrorCb m_errorCb;
- struct ElementListener
- {
+ struct ElementListener {
StartCb startCb;
EndCb endCb;
};
std::map<std::string, ElementListener> m_elementListenerMap;
std::stack<ElementHandlerPtr> m_elementHandlerStack;
- void CallbackHelper(std::function<void (void)> func);
+ void CallbackHelper(std::function<void(void)> func);
};
}
#include <algorithm>
#include <xml-utils.h>
-namespace
-{
+namespace {
const char * const WHITESPACE = " \n\r\t\v";
const char * const LINE_WHITESPACE = " \r\t\v";
return out;
}
-RawBuffer removeWhiteChars(const RawBuffer &buffer) {
+RawBuffer removeWhiteChars(const RawBuffer &buffer)
+{
return removeChars(buffer, WHITESPACE);
}
-std::string trimEachLine(const std::string& input) {
+std::string trimEachLine(const std::string& input)
+{
std::stringstream ss(input);
std::stringstream output;
std::string line;
- while(std::getline(ss, line, '\n')) {
+ while (std::getline(ss, line, '\n')) {
auto afterTrim = ::trim(line, LINE_WHITESPACE);
if (!afterTrim.empty())
output << afterTrim << std::endl;
return output.str();
}
-std::string trim(const std::string &s) {
+std::string trim(const std::string &s)
+{
return removeChars(s, WHITESPACE);
}
#include <string>
#include <ckm/ckm-raw-buffer.h>
namespace CKM {
-namespace XML
-{
+namespace XML {
RawBuffer removeWhiteChars(const RawBuffer &buffer);
std::string trim(const std::string& s);
* class responsible for keeping a list of listeners for given M type of message and notifying them
*/
template <typename M>
-class MessageManager
-{
+class MessageManager {
public:
NONCOPYABLE(MessageManager);
// Returns the number of listeners called
size_t SendMessage(const M& msg) const
{
- for(auto& it : m_listeners)
+ for (auto& it : m_listeners)
it(msg);
return m_listeners.size();
}
+
protected:
MessageManager() {}
// No one is going to destroy this class directly (only via inherited class). Hence no 'virtual'
*/
template <typename First, typename... Args>
struct CommunicationManager<First, Args...> :
- public MessageManager<First>, public CommunicationManager<Args...>
-{
+ public MessageManager<First>, public CommunicationManager<Args...> {
public:
CommunicationManager() {}
NONCOPYABLE(CommunicationManager);
namespace CKM {
-Cynara::Cynara(GenericSocketManager *socketManager)
- : m_socketManager(socketManager)
- , m_cynara(nullptr)
-{}
+Cynara::Cynara(GenericSocketManager *socketManager) :
+ m_socketManager(socketManager),
+ m_cynara(nullptr)
+{
+}
void Cynara::Request(
const std::string &,
void Cynara::ProcessSocket() {}
-Cynara::~Cynara(){}
+Cynara::~Cynara() {}
void Cynara::ChangeStatus(
int,
int,
cynara_async_status)
-{}
+{
+}
void Cynara::ProcessResponse(
cynara_check_id,
cynara_async_call_cause,
int)
-{}
+{
+}
void Cynara::SendRequest(
const std::string &,
const std::string &,
const std::string &,
StatusCallback)
-{}
+{
+}
void Cynara::ChangeStatusCallback(
int,
int,
cynara_async_status,
void *)
-{}
+{
+}
void Cynara::ProcessResponseCallback(
cynara_check_id,
cynara_async_call_cause,
int,
void *)
-{}
+{
+}
bool Cynara::GetUserFromSocket(
int,
: m_socketManager(socketManager)
, m_cynara(nullptr)
{
- if (CYNARA_API_SUCCESS != cynara_async_initialize(&m_cynara, NULL, ChangeStatusCallback, this))
- {
+ if (CYNARA_API_SUCCESS != cynara_async_initialize(&m_cynara, NULL, ChangeStatusCallback, this)) {
LogError("Cynara initialization failed.");
throw std::runtime_error("Cynara initialization failed.");
}
user.c_str(),
privilege.c_str());
- switch(ret) {
+ switch (ret) {
default:
case CYNARA_API_ACCESS_DENIED:
callback(false);
}
}
-void Cynara::ProcessSocket() {
- if (CYNARA_API_SUCCESS != cynara_async_process(m_cynara)) {
+void Cynara::ProcessSocket()
+{
+ if (CYNARA_API_SUCCESS != cynara_async_process(m_cynara))
LogError("Function: cynara_async_process failed.");
- }
}
-Cynara::~Cynara(){
+Cynara::~Cynara()
+{
cynara_async_finish(m_cynara);
}
-void Cynara::ChangeStatus(int oldFd, int newFd, cynara_async_status status) {
+void Cynara::ChangeStatus(int oldFd, int newFd, cynara_async_status status)
+{
m_socketManager->CynaraSocket(oldFd, newFd, status == CYNARA_STATUS_FOR_RW);
}
static_cast<Cynara*>(ptr)->ProcessResponse(checkId, cause, response);
}
-bool Cynara::GetUserFromSocket(int socket, std::string &user) {
+bool Cynara::GetUserFromSocket(int socket, std::string &user)
+{
char *ptr;
if (CYNARA_API_SUCCESS != cynara_creds_socket_get_user(socket, USER_METHOD_DEFAULT, &ptr))
return false;
return true;
}
-bool Cynara::GetClientFromSocket(int socket, std::string &client) {
+bool Cynara::GetClientFromSocket(int socket, std::string &client)
+{
char *ptr;
- if (CYNARA_API_SUCCESS!=cynara_creds_socket_get_client(socket, CLIENT_METHOD_DEFAULT, &ptr))
+ if (CYNARA_API_SUCCESS != cynara_creds_socket_get_client(socket, CLIENT_METHOD_DEFAULT, &ptr))
return false;
client = ptr;
free(ptr);
bool allowed;
};
- virtual void SetSocketManager(GenericSocketManager *manager) {
+ virtual void SetSocketManager(GenericSocketManager *manager)
+ {
m_serviceManager = manager;
}
- virtual void SetCommManager(CommMgr *manager) {
+
+ virtual void SetCommManager(CommMgr *manager)
+ {
m_commMgr = manager;
}
virtual void Stop() = 0;
GenericSocketService() : m_serviceManager(NULL), m_commMgr(NULL) {}
- virtual ~GenericSocketService(){}
+ virtual ~GenericSocketService() {}
+
protected:
GenericSocketManager *m_serviceManager;
CommMgr *m_commMgr;
delete service;
}
-int main(void) {
+int main(void)
+{
UNHANDLED_EXCEPTION_HANDLER_BEGIN
{
CKM::Singleton<CKM::Log::LogSystem>::Instance().SetTag("CKM");
CKM::KeyProvider::closeLibrary();
CKM::deinitOpenSsl();
- }
- catch (const std::runtime_error& e)
- {
+ } catch (const std::runtime_error& e) {
LogError(e.what());
}
UNHANDLED_EXCEPTION_HANDLER_END
// aggregating template
template <typename Msg, typename ...Msgs>
-class MessageService<Msg, Msgs...> : public MessageService<Msg>, public MessageService<Msgs...>
-{
+class MessageService<Msg, Msgs...> : public MessageService<Msg>, public MessageService<Msgs...> {
protected:
// RECEIVER THREAD
template <typename Mgr>
- void Register(Mgr& mgr) {
+ void Register(Mgr& mgr)
+ {
MessageService<Msg>::Register(mgr);
MessageService<Msgs...>::Register(mgr);
}
+
// RECEIVER THREAD
- void CheckMessages() {
+ void CheckMessages()
+ {
MessageService<Msg>::CheckMessages();
MessageService<Msgs...>::CheckMessages();
}
// single Message type (Msg) handler
template <typename Msg>
-class MessageService<Msg>
-{
+class MessageService<Msg> {
public:
MessageService() {}
virtual ~MessageService() {}
template <typename Msg>
void MessageService<Msg>::CheckMessages()
{
- while(true) {
+ while (true) {
m_messagesMutex.lock();
if (m_messages.empty()) {
m_messagesMutex.unlock();
// thread based service with messages support
template <typename ...Msgs>
-class ThreadMessageService : public ThreadService, public MessageService<Msgs...>
-{
+class ThreadMessageService : public ThreadService, public MessageService<Msgs...> {
public:
ThreadMessageService() {}
virtual ~ThreadMessageService() {}
// RECEIVER THREAD: register as a listener of all supported messages
template <typename Mgr>
- void Register(Mgr& mgr) {
+ void Register(Mgr& mgr)
+ {
MessageService<Msgs...>::Register(mgr);
}
private:
// SENDER THREAD: adds callback to RECEIVER THREAD event queue and wakes it
- virtual void Notify() {
+ virtual void Notify()
+ {
CreateEvent([this]() { this->CheckMessages(); });
}
// RECEIVER THREAD
- void CheckMessages() {
+ void CheckMessages()
+ {
MessageService<Msgs...>::CheckMessages();
}
};
namespace CKM {
// inter-service communication message base class
-struct MsgBase
-{
+struct MsgBase {
explicit MsgBase(int id) : id(id) {}
virtual ~MsgBase() {}
};
// key request
-struct MsgKeyRequest : public MsgBase
-{
+struct MsgKeyRequest : public MsgBase {
MsgKeyRequest(int id,
const Credentials& cred,
const Name& name,
name(name),
label(label),
password(password)
- {}
+ {
+ }
+
Credentials cred;
Name name;
Label label;
};
// key response
-struct MsgKeyResponse : public MsgBase
-{
+struct MsgKeyResponse : public MsgBase {
MsgKeyResponse(int id, const Crypto::GObjShPtr& key, int errorCode = CKM_API_SUCCESS) :
MsgBase(id),
key(key),
error(errorCode)
- {}
+ {
+ }
+
Crypto::GObjShPtr key;
int error;
};
ServiceThread()
: m_state(State::NoThread)
, m_quit(false)
- {}
+ {
+ }
- void Create() {
+ void Create()
+ {
assert(m_state == State::NoThread);
m_thread = std::thread(ThreadLoopStatic, this);
m_state = State::Work;
}
- void Join() {
+ void Join()
+ {
assert(m_state != State::NoThread);
{
std::lock_guard<std::mutex> lock(m_eventQueueMutex);
m_waitCondition.notify_one();
}
- static void ThreadLoopStatic(ServiceThread *ptr) {
+ static void ThreadLoopStatic(ServiceThread *ptr)
+ {
ptr->ThreadLoop();
// cleanup openssl in every thread
deinitOpenSslThread();
}
- void ThreadLoop(){
+ void ThreadLoop()
+ {
for (;;) {
EventDescription description;
{
namespace CKM {
-int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) {
+int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId)
+{
static const std::string SMACK_PREFIX_APPID = "User::App::";
if (smack.empty()) {
return 0;
}
-int Socket2Id::translate(int sock, std::string &result) {
+int Socket2Id::translate(int sock, std::string &result)
+{
std::string smack;
std::string pkgId;
- if (0 > getCredentialsFromSocket(sock, smack)) {
+ if (0 > getCredentialsFromSocket(sock, smack))
return -1;
- }
- if (0 > getPkgIdFromSmack(smack, pkgId)) {
+ if (0 > getPkgIdFromSmack(smack, pkgId))
return -1;
- }
result = std::move(pkgId);
return 0;
namespace CKM {
-int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) {
+int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId)
+{
// TODO
// Conversion from smack label to pkgId should be done
// by security-manager. Current version of security-manager
return 0;
}
-int Socket2Id::translate(int sock, std::string &result) {
+int Socket2Id::translate(int sock, std::string &result)
+{
std::string smack;
- if (0 > getCredentialsFromSocket(sock, smack)) {
+ if (0 > getCredentialsFromSocket(sock, smack))
return -1;
- }
StringMap::iterator it = m_stringMap.find(smack);
}
std::string pkgId;
- if (0 > getPkgIdFromSmack(smack, pkgId)) {
+ if (0 > getPkgIdFromSmack(smack, pkgId))
return -1;
- }
result = pkgId;
m_stringMap.emplace(std::move(smack), std::move(pkgId));
namespace {
-int assignToString(std::vector<char> &vec, socklen_t len, std::string &res) {
+int assignToString(std::vector<char> &vec, socklen_t len, std::string &res)
+{
if (vec.size() <= len)
return -1;
vec[len] = 0; // old implementation getsockopt returns cstring without 0
- if (vec[len-1] == 0) {
+
+ if (vec[len-1] == 0)
--len; // new implementation of getsockopt returns cstring size+1
- }
res.assign(vec.data(), len);
return 0;
} // namespace anonymous
-int Socket2Id::getCredentialsFromSocket(int sock, std::string &res) {
+int Socket2Id::getCredentialsFromSocket(int sock, std::string &res)
+{
std::vector<char> result(SMACK_LABEL_LEN+1);
socklen_t length = SMACK_LABEL_LEN;
- if (0 == getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) {
+ if (0 == getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length))
return assignToString(result, length, res);
- }
if (errno != ERANGE) {
LogError("getsockopt failed");
return assignToString(result, length, res);
}
-void Socket2Id::resetCache() {
+void Socket2Id::resetCache()
+{
m_stringMap.clear();
}
void resetCache();
virtual ~Socket2Id() {}
+
private:
int getCredentialsFromSocket(int sock, std::string &res);
int getPkgIdFromSmack(const std::string &smack, std::string &pkgId);
const time_t SOCKET_TIMEOUT = 1000;
-int getCredentialsFromSocket(int sock, CKM::Credentials &cred) {
+int getCredentialsFromSocket(int sock, CKM::Credentials &cred)
+{
static CKM::Socket2Id sock2id;
std::string ownerId;
- if (0 > sock2id.translate(sock, ownerId)) {
+ if (0 > sock2id.translate(sock, ownerId))
return -1;
- }
ucred peerCred;
socklen_t length = sizeof(ucred);
namespace CKM {
struct DummyService : public GenericSocketService {
- ServiceDescriptionVector GetServiceDescription() {
+ ServiceDescriptionVector GetServiceDescription()
+ {
return ServiceDescriptionVector();
}
};
struct SignalService : public GenericSocketService {
- int GetDescriptor() {
+ int GetDescriptor()
+ {
LogInfo("set up");
sigset_t mask;
sigemptyset(&mask);
return signalfd(-1, &mask, 0);
}
- ServiceDescriptionVector GetServiceDescription() {
+ ServiceDescriptionVector GetServiceDescription()
+ {
return ServiceDescriptionVector();
}
void Event(const CloseEvent &) {} // not supported
void Event(const SecurityEvent &) {} // not supported
- void Event(const ReadEvent &event) {
+ void Event(const ReadEvent &event)
+ {
LogDebug("Get signal information");
- if(sizeof(struct signalfd_siginfo) != event.rawBuffer.size()) {
+ if (sizeof(struct signalfd_siginfo) != event.rawBuffer.size()) {
LogError("Wrong size of signalfd_siginfo struct. Expected: "
<< sizeof(signalfd_siginfo) << " Get: "
<< event.rawBuffer.size());
return desc;
}
-SocketManager::SocketManager()
- : m_maxDesc(0)
- , m_counter(0)
+SocketManager::SocketManager() :
+ m_maxDesc(0),
+ m_counter(0)
{
FD_ZERO(&m_readSet);
FD_ZERO(&m_writeSet);
+
if (-1 == pipe(m_notifyMe)) {
int err = errno;
ThrowMsg(Exception::InitFailed, "Error in pipe: " << GetErrnoString(err));
}
+
LogInfo("Pipe: Read desc: " << m_notifyMe[0] << " Write desc: " << m_notifyMe[1]);
auto &desc = CreateDefaultReadSocketDescription(m_notifyMe[0], false);
auto *signalService = new SignalService;
signalService->SetSocketManager(this);
int filefd = signalService->GetDescriptor();
+
if (-1 == filefd) {
LogError("Error in SignalService.GetDescriptor()");
delete signalService;
m_cynara.reset(new Cynara(this));
}
-SocketManager::~SocketManager() {
+SocketManager::~SocketManager()
+{
m_cynara.reset(nullptr);
std::set<GenericSocketService*> serviceMap;
close(m_notifyMe[1]);
}
-void SocketManager::ReadyForAccept(int sock) {
+void SocketManager::ReadyForAccept(int sock)
+{
struct sockaddr_un clientAddr;
unsigned int clientLen = sizeof(clientAddr);
int client = accept4(sock, (struct sockaddr*) &clientAddr, &clientLen, SOCK_NONBLOCK);
+
if (-1 == client) {
int err = errno;
LogDebug("Error in accept: " << GetErrnoString(err));
if (0 > getCredentialsFromSocket(client, peerCred)
|| !Cynara::GetUserFromSocket(client, user)
- || !Cynara::GetClientFromSocket(client, smack))
- {
+ || !Cynara::GetClientFromSocket(client, smack)) {
LogDebug("Error in getting credentials from socket.");
TEMP_FAILURE_RETRY(close(client));
return;
desc.service->Event(event);
}
-void SocketManager::SecurityStatus(int sock, int counter, bool allowed) {
+void SocketManager::SecurityStatus(int sock, int counter, bool allowed)
+{
auto &desc = m_socketDescriptionVector[sock];
if (!desc.isOpen()) {
LogDebug("Client from socket " << sock <<
desc.service->Event(event);
}
-void SocketManager::ReadyForRead(int sock) {
+void SocketManager::ReadyForRead(int sock)
+{
if (m_socketDescriptionVector[sock].isListen()) {
ReadyForAccept(sock);
return;
desc.service->Event(event);
} else if (size == -1) {
int err = errno;
- switch(err) {
- case EAGAIN:
- case EINTR:
- break;
- default:
- LogDebug("Reading sock error: " << GetErrnoString(err));
- CloseSocket(sock);
+ switch (err) {
+ case EAGAIN:
+ case EINTR:
+ break;
+ default:
+ LogDebug("Reading sock error: " << GetErrnoString(err));
+ CloseSocket(sock);
}
}
}
-void SocketManager::ReadyForWrite(int sock) {
+void SocketManager::ReadyForWrite(int sock)
+{
if (m_socketDescriptionVector[sock].isCynara()) {
m_cynara->ProcessSocket();
return;
auto &desc = m_socketDescriptionVector[sock];
size_t size = desc.rawBuffer.size();
ssize_t result = write(sock, &desc.rawBuffer[0], size);
+
if (result == -1) {
int err = errno;
- switch(err) {
+ switch (err) {
case EAGAIN:
case EINTR:
// select will trigger write once again, nothing to do
desc.service->Event(event);
}
-void SocketManager::MainLoop() {
+void SocketManager::MainLoop()
+{
// remove evironment values passed by systemd
sd_listen_fds(1);
sd_notify(0, "READY=1");
m_working = true;
- while(m_working) {
+ while (m_working) {
fd_set readSet = m_readSet;
fd_set writeSet = m_writeSet;
// I need to extract timeout from priority_queue.
// Timeout in priority_queue may be deprecated.
// I need to find some actual one.
- while(!m_timeoutQueue.empty()) {
+ while (!m_timeoutQueue.empty()) {
auto &top = m_timeoutQueue.top();
auto &desc = m_socketDescriptionVector[top.sock];
}
if (-1 == ret) {
- switch(errno) {
+ switch (errno) {
case EINTR:
LogDebug("EINTR in select");
break;
}
continue;
}
- for(int i = 0; i<m_maxDesc+1 && ret; ++i) {
+ for (int i = 0; i < m_maxDesc+1 && ret; ++i) {
if (FD_ISSET(i, &readSet)) {
ReadyForRead(i);
--ret;
ThrowMsg(Exception::InitFailed, "Error in sd_listend_fds");
}
- for(fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) {
+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) {
if (0 < sd_is_socket_unix(fd, SOCK_STREAM, 1,
- desc.serviceHandlerPath.c_str(), 0))
- {
+ desc.serviceHandlerPath.c_str(), 0)) {
LogInfo("Useable socket " << desc.serviceHandlerPath <<
" was passed by SystemD under descriptor " << fd);
return fd;
{
int sockfd;
- if(desc.serviceHandlerPath.size()*sizeof(decltype(desc.serviceHandlerPath)::value_type) >=
- sizeof(static_cast<sockaddr_un*>(0)->sun_path))
- {
+ if (desc.serviceHandlerPath.size()*sizeof(decltype(desc.serviceHandlerPath)::value_type) >=
+ sizeof(static_cast<sockaddr_un*>(0)->sun_path)) {
LogError("Service handler path too long: " << desc.serviceHandlerPath.size());
ThrowMsg(Exception::InitFailed,
"Service handler path too long: " << desc.serviceHandlerPath.size());
" Handler: " << desc.serviceHandlerPath.c_str());
}
-void SocketManager::RegisterSocketService(GenericSocketService *service) {
+void SocketManager::RegisterSocketService(GenericSocketService *service)
+{
service->SetSocketManager(this);
service->SetCommManager(&m_commMgr);
auto serviceVector = service->GetServiceDescription();
Try {
for (auto iter = serviceVector.begin(); iter != serviceVector.end(); ++iter)
CreateDomainSocket(service, *iter);
- } Catch (Exception::Base) {
- for (int i =0; i < (int)m_socketDescriptionVector.size(); ++i)
- {
+ } Catch(Exception::Base) {
+ for (int i =0; i < (int)m_socketDescriptionVector.size(); ++i) {
auto &desc = m_socketDescriptionVector[i];
if (desc.service == service && desc.isOpen()) {
close(i);
}
}
-void SocketManager::Close(ConnectionID connectionID) {
+void SocketManager::Close(ConnectionID connectionID)
+{
CloseEvent event;
event.sock = connectionID.sock;
event.counter = connectionID.counter;
AddEvent(event);
}
-void SocketManager::Write(ConnectionID connectionID, const RawBuffer &rawBuffer) {
+void SocketManager::Write(ConnectionID connectionID, const RawBuffer &rawBuffer)
+{
WriteEvent event{connectionID, rawBuffer};
AddEvent(event);
}
-void SocketManager::SecurityCheck(ConnectionID connectionID) {
+void SocketManager::SecurityCheck(ConnectionID connectionID)
+{
SecurityEvent event;
event.sock = connectionID.sock;
event.counter = connectionID.counter;
AddEvent(event);
}
-void SocketManager::CreateEvent(EventFunction fun) {
+void SocketManager::CreateEvent(EventFunction fun)
+{
{
std::lock_guard<std::mutex> ulock(m_eventQueueMutex);
m_eventQueue.push(std::move(fun));
NotifyMe();
}
-void SocketManager::NotifyMe() {
+void SocketManager::NotifyMe()
+{
TEMP_FAILURE_RETRY(write(m_notifyMe[1], "You have message ;-)", 1));
}
-void SocketManager::ProcessQueue() {
- while(1) {
+void SocketManager::ProcessQueue()
+{
+ while (1) {
EventFunction fun;
{
std::lock_guard<std::mutex> ulock(m_eventQueueMutex);
}
}
-void SocketManager::Handle(const WriteEvent &event) {
+void SocketManager::Handle(const WriteEvent &event)
+{
auto &desc = m_socketDescriptionVector[event.connectionID.sock];
if (!desc.isOpen()) {
return;
}
- if (desc.counter != event.connectionID.counter)
- {
+ if (desc.counter != event.connectionID.counter) {
LogDebug("Received packet for write but counter is broken. Packet ignored!");
return;
}
FD_SET(event.connectionID.sock, &m_writeSet);
}
-void SocketManager::Handle(const CloseEvent &event) {
+void SocketManager::Handle(const CloseEvent &event)
+{
if (!m_socketDescriptionVector[event.sock].isOpen())
return;
CloseSocket(event.sock);
}
-void SocketManager::Handle(const SecurityEvent &event) {
+void SocketManager::Handle(const SecurityEvent &event)
+{
auto& desc = m_socketDescriptionVector[event.sock];
if (!desc.isOpen())
return;
});
}
-void SocketManager::CloseSocket(int sock) {
+void SocketManager::CloseSocket(int sock)
+{
auto &desc = m_socketDescriptionVector[sock];
if (!(desc.isOpen())) {
FD_CLR(sock, &m_writeSet);
}
-void SocketManager::CynaraSocket(int oldFd, int newFd, bool isRW) {
+void SocketManager::CynaraSocket(int oldFd, int newFd, bool isRW)
+{
if (newFd != oldFd) {
if (newFd >= 0) {
auto &desc = CreateDefaultReadSocketDescription(newFd, false);
DECLARE_EXCEPTION_TYPE(Base, InitFailed)
};
-
SocketManager();
virtual ~SocketManager();
virtual void MainLoop();
: interfaceID(-1)
, service(NULL)
, m_flags(0)
- {}
+ {
+ }
+
private:
static const char LISTEN = 1 << 0;
static const char OPEN = 1 << 1;
// support for generic event Queue
typedef std::function<void(void)> EventFunction;
template <typename E>
- void AddEvent(E event) {
+ void AddEvent(E event)
+ {
CreateEvent([this, event]() {this->Handle(event);});
}
void CreateEvent(EventFunction fun);
struct Timeout {
time_t time;
int sock;
- bool operator<(const Timeout &second) const {
+ bool operator<(const Timeout &second) const
+ {
return time > second.time; // mininum first!
}
};
{
}
-void ThreadService::Handle(const AcceptEvent &event) {
+void ThreadService::Handle(const AcceptEvent &event)
+{
LogDebug("Accept event");
auto &info = m_connectionInfoMap[event.connectionID.counter];
info.interfaceID = event.interfaceID;
info.credentials = event.credentials;
}
-void ThreadService::Handle(const WriteEvent &event) {
+void ThreadService::Handle(const WriteEvent &event)
+{
LogDebug("Write event (" << event.size << " bytes )");
}
-void ThreadService::Handle(const ReadEvent &event) {
+void ThreadService::Handle(const ReadEvent &event)
+{
LogDebug("Read event");
auto &info = m_connectionInfoMap[event.connectionID.counter];
info.buffer.Push(event.rawBuffer);
m_serviceManager->SecurityCheck(event.connectionID);
}
-void ThreadService::Handle(const CloseEvent &event) {
+void ThreadService::Handle(const CloseEvent &event)
+{
LogDebug("Close event");
m_connectionInfoMap.erase(event.connectionID.counter);
}
-void ThreadService::Handle(const SecurityEvent &event) {
+void ThreadService::Handle(const SecurityEvent &event)
+{
LogDebug("Security event");
auto it = m_connectionInfoMap.find(event.connectionID.counter);
namespace CKM {
-class ThreadService: public GenericSocketService, public ServiceThread
-{
+class ThreadService: public GenericSocketService, public ServiceThread {
public:
ThreadService();
virtual ~ThreadService();
bool allowed) = 0;
template <typename E>
- void ThreadEvent(const E& event) {
+ void ThreadEvent(const E& event)
+ {
CreateEvent([this, event]() { this->Handle(event); });
}
const CKM::Credentials &accessorCred,
const Label & ownerLabel) const
{
- if(isSystemService(accessorCred))
+ if (isSystemService(accessorCred))
return CKM_API_SUCCESS;
- if(ownerLabel != accessorCred.smackLabel)
+ if (ownerLabel != accessorCred.smackLabel)
return CKM_API_ERROR_ACCESS_DENIED;
return CKM_API_SUCCESS;
const CKM::Credentials &accessorCred,
const PermissionForLabel & permissionLabel) const
{
- if(isSystemService(accessorCred))
+ if (isSystemService(accessorCred))
return CKM_API_SUCCESS;
- if(permissionLabel & Permission::READ)
+ if (permissionLabel & Permission::READ)
return CKM_API_SUCCESS;
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
const PermissionForLabel & permissionLabel) const
{
int ec;
- if(CKM_API_SUCCESS != (ec = canRead(accessorCred, permissionLabel)))
+ if (CKM_API_SUCCESS != (ec = canRead(accessorCred, permissionLabel)))
return ec;
// check if can export
- if(row.exportable == 0)
+ if (row.exportable == 0)
return CKM_API_ERROR_NOT_EXPORTABLE;
// prevent extracting private keys during cc-mode on
const CKM::Credentials &accessorCred,
const PermissionForLabel & permissionLabel) const
{
- if(isSystemService(accessorCred))
+ if (isSystemService(accessorCred))
return CKM_API_SUCCESS;
- if(permissionLabel & Permission::REMOVE)
+ if (permissionLabel & Permission::REMOVE)
return CKM_API_SUCCESS;
- if(permissionLabel & Permission::READ)
+ if (permissionLabel & Permission::READ)
return CKM_API_ERROR_ACCESS_DENIED;
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
namespace CKM {
-class AccessControl
-{
+class AccessControl {
public:
/**
* return true if client uid is from the system services uid space
void updateCCMode();
bool isCCMode() const;
+
private:
bool m_ccMode;
};
namespace CKM {
-class CertificateConfig
-{
+class CertificateConfig {
public:
- static void addSystemCertificateDir(const std::string& dir) { m_sysCertDirs.insert(dir); }
- static void addSystemCertificateFile(const std::string& file) { m_sysCertFiles.insert(file); }
+ static void addSystemCertificateDir(const std::string& dir)
+ {
+ m_sysCertDirs.insert(dir);
+ }
+ static void addSystemCertificateFile(const std::string& file)
+ {
+ m_sysCertFiles.insert(file);
+ }
typedef std::set<std::string> PathSet;
- static const PathSet& getSystemCertificateDirs() { return m_sysCertDirs; }
- static const PathSet& getSystemCertificateFiles() { return m_sysCertFiles; }
+ static const PathSet& getSystemCertificateDirs()
+ {
+ return m_sysCertDirs;
+ }
+ static const PathSet& getSystemCertificateFiles()
+ {
+ return m_sysCertFiles;
+ }
private:
CertificateConfig();
namespace CKM {
-CertificateStore::CertificateStore() : m_store(X509_STORE_new())
+CertificateStore::CertificateStore() :
+ m_store(X509_STORE_new())
{
if (!m_store) {
LogError("Failed to create store");
trustedVector.size() << "trusted certificates" << " and system certificates set to: "
<< useTrustedSystemCertificates);
- X509_STORE_CTX_PTR csc= create_x509_store_ctx();
+ X509_STORE_CTX_PTR csc = create_x509_store_ctx();
if (!csc) {
LogError("failed to create csc");
return CKM_API_ERROR_UNKNOWN;
return CKM_API_ERROR_UNKNOWN;
}
- if(stateCCMode) {
+ if (stateCCMode)
X509_VERIFY_PARAM_set_flags(csc->param, X509_V_FLAG_X509_STRICT);
- }
int result = X509_verify_cert(csc.get()); // 1 == ok; 0 == fail; -1 == error
LogError("Error in X509_STORE_add_lookup");
return CKM_API_ERROR_UNKNOWN;
}
- for(const auto& i: dirs) {
+
+ for (const auto& i : dirs) {
if (!X509_LOOKUP_add_dir(dir_lookup, i.c_str(), X509_FILETYPE_PEM)) {
LogError("Error in X509_LOOKUP_add_dir");
return CKM_API_ERROR_UNKNOWN;
}
}
+
return CKM_API_SUCCESS;
}
return CKM_API_ERROR_UNKNOWN;
}
- for(const auto& i:files) {
+ for (const auto& i : files) {
if (!X509_LOOKUP_load_file(file_lookup, i.c_str(), X509_FILETYPE_PEM)) {
LogError("Error in X509_LOOKUP_load_file");
return CKM_API_ERROR_UNKNOWN;
{
// add trusted certificates to store
for (const auto& i:trustedVector) {
- if(1 != X509_STORE_add_cert(m_store, i.getX509())) {
+ if (1 != X509_STORE_add_cert(m_store, i.getX509())) {
LogError("failed to add certificate to the store");
return CKM_API_ERROR_UNKNOWN;
}
const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs";
const char * const SYSTEM_DB_PASSWD = "cAtRugU7";
-bool isLabelValid(const CKM::Label &label) {
+bool isLabelValid(const CKM::Label &label)
+{
// TODO: copy code from libprivilege control (for check smack label)
if (label.find(CKM::LABEL_NAME_SEPARATOR) != CKM::Label::npos)
return false;
return true;
}
-bool isNameValid(const CKM::Name &name) {
+bool isNameValid(const CKM::Name &name)
+{
if (name.find(CKM::LABEL_NAME_SEPARATOR) != CKM::Name::npos)
return false;
return true;
}
+
} // anonymous namespace
namespace CKM {
m_accessControl.updateCCMode();
}
-CKMLogic::~CKMLogic(){}
+CKMLogic::~CKMLogic() {}
-void CKMLogic::loadDKEKFile(uid_t user, const Password &password) {
+void CKMLogic::loadDKEKFile(uid_t user, const Password &password)
+{
auto &handle = m_userDataMap[user];
FileSystem fs(user);
handle.keyProvider = KeyProvider(wrappedDKEK, password);
}
-void CKMLogic::saveDKEKFile(uid_t user, const Password &password) {
+void CKMLogic::saveDKEKFile(uid_t user, const Password &password)
+{
auto &handle = m_userDataMap[user];
FileSystem fs(user);
int CKMLogic::unlockDatabase(uid_t user, const Password & password)
{
- if (0<m_userDataMap.count(user) && m_userDataMap[user].keyProvider.isInitialized())
+ if (0 < m_userDataMap.count(user) && m_userDataMap[user].keyProvider.isInitialized())
return CKM_API_SUCCESS;
int retCode = CKM_API_SUCCESS;
- try
- {
+ try {
auto &handle = m_userDataMap[user];
FileSystem fs(user);
handle.database = DB::Crypto(fs.getDBPath(), key);
handle.crypto = CryptoLogic();
- if ( !m_accessControl.isSystemService(user) )
- {
+ if (!m_accessControl.isSystemService(user)) {
// remove data of removed apps during locked state
AppLabelVector removedApps = fs.clearRemovedsApps();
- for(auto& appSmackLabel : removedApps) {
+ for (auto& appSmackLabel : removedApps) {
handle.crypto.removeKey(appSmackLabel);
handle.database.deleteKey(appSmackLabel);
}
// * if user database is unlocked [mandatory]
// * if not - proceed with regular user database
// * if explicit system database label given -> switch to system DB
- if ( !m_accessControl.isSystemService(cred) )
- {
+ if (!m_accessControl.isSystemService(cred)) {
if (0 == m_userDataMap.count(cred.clientUid))
ThrowErr(Exc::DatabaseLocked, "database with UID: ", cred.clientUid, " locked");
// system database selected, modify the label
if (CKM_API_SUCCESS != unlockSystemDB() )
ThrowErr(Exc::DatabaseLocked, "can not unlock system database");
+
return m_userDataMap[SYSTEM_DB_UID];
}
{
int retCode = CKM_API_SUCCESS;
- if( !m_accessControl.isSystemService(user) )
- {
+ if (!m_accessControl.isSystemService(user))
retCode = unlockDatabase(user, password);
- }
- else
- {
- // do not allow lock/unlock operations for system users
+ else // do not allow lock/unlock operations for system users
retCode = CKM_API_ERROR_INPUT_PARAM;
- }
return MessageBuffer::Serialize(retCode).Pop();
}
-RawBuffer CKMLogic::updateCCMode() {
+RawBuffer CKMLogic::updateCCMode()
+{
m_accessControl.updateCCMode();
return MessageBuffer::Serialize(CKM_API_SUCCESS).Pop();
}
RawBuffer CKMLogic::lockUserKey(uid_t user)
{
int retCode = CKM_API_SUCCESS;
- if( !m_accessControl.isSystemService(user) )
- {
+ if (!m_accessControl.isSystemService(user))
m_userDataMap.erase(user);
- }
- else
- {
- // do not allow lock/unlock operations for system users
+ else // do not allow lock/unlock operations for system users
retCode = CKM_API_ERROR_INPUT_PARAM;
- }
return MessageBuffer::Serialize(retCode).Pop();
-
}
-RawBuffer CKMLogic::removeUserData(uid_t user) {
+RawBuffer CKMLogic::removeUserData(uid_t user)
+{
int retCode = CKM_API_SUCCESS;
if (m_accessControl.isSystemService(user))
const Password &newPassword)
{
// do not allow to change system database password
- if( m_accessControl.isSystemService(user) )
+ if (m_accessControl.isSystemService(user))
return CKM_API_ERROR_INPUT_PARAM;
loadDKEKFile(user, oldPassword);
const Password &newPassword)
{
int retCode = CKM_API_SUCCESS;
- try
- {
+ try {
retCode = changeUserPasswordHelper(user, oldPassword, newPassword);
} catch (const Exc::Exception &e) {
retCode = e.error();
const Password &newPassword)
{
// do not allow to reset system database password
- if( m_accessControl.isSystemService(user) )
+ if (m_accessControl.isSystemService(user))
return CKM_API_ERROR_INPUT_PARAM;
int retCode = CKM_API_SUCCESS;
- if (0 == m_userDataMap.count(user))
- {
+ if (0 == m_userDataMap.count(user)) {
// Check if key exists. If exists we must return error
FileSystem fs(user);
auto wrappedDKEKMain = fs.getDKEK();
return MessageBuffer::Serialize(retCode).Pop();
}
-RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel) {
+RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel)
+{
int retCode = CKM_API_SUCCESS;
try {
-
if (smackLabel.empty()) {
retCode = CKM_API_ERROR_INPUT_PARAM;
} else {
}
}
}
-
} catch (const Exc::Exception &e) {
retCode = e.error();
} catch (const CKM::Exception &e) {
// check if allowed to save using ownerLabel
int access_ec = m_accessControl.canSave(cred, ownerLabel);
- if( access_ec != CKM_API_SUCCESS)
- {
+ if (access_ec != CKM_API_SUCCESS) {
LogDebug("label " << cred.smackLabel << " can not save rows using label " << ownerLabel);
return access_ec;
}
// check if not a duplicate
- if( handler.database.isNameLabelPresent(name, ownerLabel))
+ if (handler.database.isNameLabelPresent(name, ownerLabel))
return CKM_API_ERROR_DB_ALIAS_EXISTS;
// encryption section
- if (!handler.crypto.haveKey(ownerLabel))
- {
+ if (!handler.crypto.haveKey(ownerLabel)) {
RawBuffer got_key;
auto key_optional = handler.database.getKey(ownerLabel);
- if(!key_optional) {
+ if (!key_optional) {
LogDebug("No Key in database found. Generating new one for label: " << ownerLabel);
got_key = handler.keyProvider.generateDEK(ownerLabel);
handler.database.saveKey(ownerLabel, got_key);
int CKMLogic::toBinaryData(const Crypto::Data &input, Crypto::Data &output) const
{
// verify the data integrity
- if (input.type.isKey())
- {
+ if (input.type.isKey()) {
KeyShPtr output_key;
- if(input.type.isSKey())
+ if (input.type.isSKey())
output_key = CKM::Key::createAES(input.data);
else
output_key = CKM::Key::create(input.data);
- if(output_key.get() == NULL)
- {
+
+ if (output_key.get() == NULL) {
LogDebug("provided binary data is not valid key data");
return CKM_API_ERROR_INPUT_PARAM;
}
output = std::move(Crypto::Data(input.type, output_key->getDER()));
- }
- else if (input.type.isCertificate() || input.type.isChainCert())
- {
+ } else if (input.type.isCertificate() || input.type.isChainCert()) {
CertificateShPtr cert = CKM::Certificate::create(input.data, DataFormat::FORM_DER);
- if(cert.get() == NULL)
- {
+ if (cert.get() == NULL) {
LogDebug("provided binary data is not valid certificate data");
return CKM_API_ERROR_INPUT_PARAM;
}
output = std::move(Crypto::Data(input.type, cert->getDER()));
- }
- else
+ } else {
output = input;
+ }
// TODO: add here BINARY_DATA verification, i.e: max size etc.
return CKM_API_SUCCESS;
}
// check if data is correct
Crypto::Data binaryData;
retCode = toBinaryData(data, binaryData);
- if(retCode == CKM_API_SUCCESS)
- {
+ if (retCode == CKM_API_SUCCESS)
retCode = saveDataHelper(cred, name, label, binaryData, policy);
- }
} catch (const Exc::Exception &e) {
retCode = e.error();
} catch (const CKM::Exception &e) {
DB::RowVector &output) const
{
// private key is mandatory
- if( !pkcs.getKey() )
+ if (!pkcs.getKey())
return CKM_API_ERROR_INVALID_FORMAT;
Key* keyPtr = pkcs.getKey().get();
Crypto::Data keyData(DataType(keyPtr->getType()), keyPtr->getDER());
int retCode = verifyBinaryData(keyData);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
output.push_back(createEncryptedRow(crypto, name, ownerLabel, keyData, keyPolicy));
// certificate is mandatory
- if( !pkcs.getCertificate() )
+ if (!pkcs.getCertificate())
return CKM_API_ERROR_INVALID_FORMAT;
Crypto::Data certData(DataType::CERTIFICATE, pkcs.getCertificate().get()->getDER());
retCode = verifyBinaryData(certData);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
output.push_back(createEncryptedRow(crypto, name, ownerLabel, certData, certPolicy));
// CA cert chain
unsigned int cert_index = 0;
- for(const auto & ca : pkcs.getCaCertificateShPtrVector())
- {
+ for (const auto & ca : pkcs.getCaCertificateShPtrVector()) {
Crypto::Data caCertData(DataType::getChainDatatype(cert_index ++), ca->getDER());
int retCode = verifyBinaryData(caCertData);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
output.push_back(createEncryptedRow(crypto, name, ownerLabel, caCertData, certPolicy));
handler.database.getPermissionRow(name, ownerLabel, cred.smackLabel);
int retCode = m_accessControl.canDelete(cred,
PermissionForLabel(cred.smackLabel, permissionRowOpt));
- if(retCode != CKM_API_SUCCESS)
- {
+ if (retCode != CKM_API_SUCCESS) {
LogWarning("access control check result: " << retCode);
return retCode;
}
// load app key if needed
retCode = loadAppKey(handler, rows.front().ownerLabel);
- if(CKM_API_SUCCESS != retCode)
+ if (CKM_API_SUCCESS != retCode)
return retCode;
// destroy it in store
- for(auto& r : rows) {
+ for (auto& r : rows) {
try {
handler.crypto.decryptRow(Password(), r);
m_decider.getStore(r).destroy(r);
{
int retCode = CKM_API_ERROR_UNKNOWN;
- try
- {
+ try {
retCode = removeDataHelper(cred, name, label);
- }
- catch (const Exc::Exception &e)
- {
+ } catch (const Exc::Exception &e) {
retCode = e.error();
- }
- catch (const CKM::Exception &e)
- {
+ } catch (const CKM::Exception &e) {
LogError("Error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
}
DB::Row &row)
{
DB::Crypto::RowOptional row_optional;
- if (dataType.isKey())
- {
+ if (dataType.isKey()) {
// read all key types
row_optional = database.getRow(name,
ownerLabel,
dataType);
}
- if(!row_optional) {
+ if (!row_optional) {
LogDebug("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
} else {
DB::RowVector &output)
{
if (dataType.isKey())
- {
// read all key types
database.getRows(name,
ownerLabel,
DataType::DB_KEY_FIRST,
DataType::DB_KEY_LAST,
output);
- }
else if (dataType.isChainCert())
- {
// read all key types
database.getRows(name,
ownerLabel,
DataType::DB_CHAIN_FIRST,
DataType::DB_CHAIN_LAST,
output);
- }
else
- {
// read anything else
database.getRows(name,
ownerLabel,
dataType,
output);
- }
- if(!output.size()) {
+ if (!output.size()) {
LogDebug("No row for given name, label and type");
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
PermissionMaskOptional permissionRowOpt =
database.getPermissionRow(name, ownerLabel, accessorLabel);
- if(exportFlag)
+ if (exportFlag)
return m_accessControl.canExport(cred, row, PermissionForLabel(accessorLabel, permissionRowOpt));
return m_accessControl.canRead(cred, PermissionForLabel(accessorLabel, permissionRowOpt));
}
// decrypt row
Crypto::GObjUPtr obj;
- if(CryptoLogic::getSchemeVersion(row.encryptionScheme) == CryptoLogic::ENCRYPTION_V2) {
+ if (CryptoLogic::getSchemeVersion(row.encryptionScheme) == CryptoLogic::ENCRYPTION_V2) {
handler.crypto.decryptRow(Password(), row);
obj = store.getObject(row, pass);
DB::Crypto::Transaction transaction(&handler.database);
DB::RowVector rows;
int retCode = readMultiRow(name, ownerLabel, dataType, handler.database, rows);
- if(CKM_API_SUCCESS != retCode)
+ if (CKM_API_SUCCESS != retCode)
return retCode;
// all read rows belong to the same owner
// check access rights
retCode = checkDataPermissionsHelper(cred, name, ownerLabel, cred.smackLabel, firstRow, exportFlag, handler.database);
- if(CKM_API_SUCCESS != retCode)
+ if (CKM_API_SUCCESS != retCode)
return retCode;
// load app key if needed
retCode = loadAppKey(handler, firstRow.ownerLabel);
- if(CKM_API_SUCCESS != retCode)
+ if (CKM_API_SUCCESS != retCode)
return retCode;
// decrypt row
- for(auto &row : rows)
+ for (auto &row : rows)
objs.push_back(rowToObject(handler, std::move(row), password));
// rowToObject may modify db
transaction.commit();
DB::Crypto::Transaction transaction(&handler.database);
DB::Row row;
int retCode = readSingleRow(name, ownerLabel, dataType, handler.database, row);
- if(CKM_API_SUCCESS != retCode)
+ if (CKM_API_SUCCESS != retCode)
return retCode;
objDataType = row.dataType;
// check access rights
retCode = checkDataPermissionsHelper(cred, name, ownerLabel, cred.smackLabel, row, exportFlag, handler.database);
- if(CKM_API_SUCCESS != retCode)
+ if (CKM_API_SUCCESS != retCode)
return retCode;
// load app key if needed
retCode = loadAppKey(handler, row.ownerLabel);
- if(CKM_API_SUCCESS != retCode)
+ if (CKM_API_SUCCESS != retCode)
return retCode;
obj = rowToObject(handler, std::move(row), password);
try {
Crypto::GObjUPtr obj;
retCode = readDataHelper(true, cred, dataType, name, label, password, obj, objDataType);
- if(retCode == CKM_API_SUCCESS)
+ if (retCode == CKM_API_SUCCESS)
row.data = std::move(obj->getBinary());
} catch (const Exc::Exception &e) {
retCode = e.error();
// read private key (mandatory)
Crypto::GObjUPtr keyObj;
retCode = readDataHelper(true, cred, DataType::DB_KEY_FIRST, name, label, keyPassword, keyObj);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
privKey = CKM::Key::create(keyObj->getBinary());
// read certificate (mandatory)
Crypto::GObjUPtr certObj;
retCode = readDataHelper(true, cred, DataType::CERTIFICATE, name, label, certPassword, certObj);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
cert = CKM::Certificate::create(certObj->getBinary(), DataFormat::FORM_DER);
// read CA cert chain (optional)
Crypto::GObjUPtrVector caChainObjs;
retCode = readDataHelper(true, cred, DataType::DB_CHAIN_FIRST, name, label, certPassword, caChainObjs);
- if(retCode != CKM_API_SUCCESS &&
+ if (retCode != CKM_API_SUCCESS &&
retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN)
return retCode;
- for(auto &caCertObj : caChainObjs)
+ for (auto &caCertObj : caChainObjs)
caChain.push_back(CKM::Certificate::create(caCertObj->getBinary(), DataFormat::FORM_DER));
// if anything found, return it
- if(privKey || cert || caChain.size()>0)
+ if (privKey || cert || caChain.size() > 0)
retCode = CKM_API_SUCCESS;
return retCode;
retCode = getPKCS12Helper(cred, name, label, keyPassword, certPassword, privKey, cert, caChain);
// prepare response
- if(retCode == CKM_API_SUCCESS)
+ if (retCode == CKM_API_SUCCESS)
output = PKCS12Serializable(privKey, cert, caChain);
} catch (const Exc::Exception &e) {
retCode = e.error();
LabelNameVector &labelNameVector)
{
int retCode = CKM_API_ERROR_DB_LOCKED;
- if (0 < m_userDataMap.count(cred.clientUid))
- {
+ if (0 < m_userDataMap.count(cred.clientUid)) {
auto &database = m_userDataMap[cred.clientUid].database;
try {
LabelNameVector labelNameVector;
int retCode = unlockSystemDB();
- if (CKM_API_SUCCESS == retCode)
- {
+ if (CKM_API_SUCCESS == retCode) {
// system database
- if (m_accessControl.isSystemService(cred))
- {
+ if (m_accessControl.isSystemService(cred)) {
// lookup system DB
retCode = getDataListHelper(Credentials(SYSTEM_DB_UID,
OWNER_ID_SYSTEM),
dataType,
systemVector);
- }
- else
- {
+ } else {
// user - lookup system, then client DB
retCode = getDataListHelper(Credentials(SYSTEM_DB_UID,
cred.smackLabel),
systemVector);
// private database
- if(retCode == CKM_API_SUCCESS)
- {
+ if (retCode == CKM_API_SUCCESS) {
retCode = getDataListHelper(cred,
dataType,
userVector);
}
}
- if(retCode == CKM_API_SUCCESS)
- {
+ if (retCode == CKM_API_SUCCESS) {
labelNameVector.insert(labelNameVector.end(), systemVector.begin(), systemVector.end());
labelNameVector.insert(labelNameVector.end(), userVector.begin(), userVector.end());
}
+
auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
commandId,
retCode,
{
try {
// Inital values are always imported with root credentials. Label is not important.
- Credentials rootCred(0,"");
+ Credentials rootCred(0, "");
auto &handler = selectDatabase(rootCred, OWNER_ID_SYSTEM);
// check if save is possible
DB::Crypto::Transaction transaction(&handler.database);
int retCode = checkSaveConditions(rootCred, handler, name, OWNER_ID_SYSTEM);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
Crypto::GStore& store =
- m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty());
+ m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty());
Token token;
// use client label if not explicitly provided
const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
- if( m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM)!=0)
+ if (m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM) != 0)
return CKM_API_ERROR_INPUT_PARAM;
// check if save is possible
DB::Crypto::Transaction transaction(&handler.database);
int retCode = checkSaveConditions(cred, handler, name, ownerLabel);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
// save the data
// use client label if not explicitly provided
const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
- if( m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM)!=0)
+ if (m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM) != 0)
return CKM_API_ERROR_INPUT_PARAM;
// check if save is possible
DB::Crypto::Transaction transaction(&handler.database);
int retCode = checkSaveConditions(cred, handler, name, ownerLabel);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
// extract and encrypt the data
DB::RowVector encryptedRows;
retCode = extractPKCS12Data(handler.crypto, name, ownerLabel, pkcs, keyPolicy, certPolicy, encryptedRows);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
// save the data
// use client label if not explicitly provided
const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
- if( m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM)!=0)
+ if (m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM) != 0)
return CKM_API_ERROR_INPUT_PARAM;
// check if save is possible
DB::Crypto::Transaction transaction(&handler.database);
int retCode = checkSaveConditions(cred, handler, name, ownerLabel);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
// create key in store
auto &handlerPub = selectDatabase(cred, labelPublic);
AlgoType keyType = AlgoType::RSA_GEN;
- if(!keyGenParams.getParam(ParamName::ALGO_TYPE, keyType))
+ if (!keyGenParams.getParam(ParamName::ALGO_TYPE, keyType))
ThrowErr(Exc::InputParam, "Error, parameter ALGO_TYPE not found.");
+
DataType dt(keyType);
- if(!dt.isKey())
+ if (!dt.isKey())
ThrowErr(Exc::InputParam, "Error, parameter ALGO_TYPE with wrong value.");
// use client label if not explicitly provided
const Label &ownerLabelPrv = labelPrivate.empty() ? cred.smackLabel : labelPrivate;
- if( m_accessControl.isSystemService(cred) && ownerLabelPrv.compare(OWNER_ID_SYSTEM)!=0)
+ if (m_accessControl.isSystemService(cred) && ownerLabelPrv.compare(OWNER_ID_SYSTEM) != 0)
return CKM_API_ERROR_INPUT_PARAM;
+
const Label &ownerLabelPub = labelPublic.empty() ? cred.smackLabel : labelPublic;
- if( m_accessControl.isSystemService(cred) && ownerLabelPub.compare(OWNER_ID_SYSTEM)!=0)
+ if (m_accessControl.isSystemService(cred) && ownerLabelPub.compare(OWNER_ID_SYSTEM) != 0)
return CKM_API_ERROR_INPUT_PARAM;
bool exportable = policyPrivate.extractable || policyPublic.extractable;
i.first,
CKM::Password(),
caChainObjs);
- if(ec != CKM_API_SUCCESS && ec != CKM_API_ERROR_DB_ALIAS_UNKNOWN)
+ if (ec != CKM_API_SUCCESS && ec != CKM_API_ERROR_DB_ALIAS_UNKNOWN)
return ec;
- for(auto &caCertObj : caChainObjs)
+ for (auto &caCertObj : caChainObjs)
certVector.emplace_back(caCertObj->getBinary(), DataFormat::FORM_DER);
}
return CKM_API_SUCCESS;
for (auto &e: untrustedCertificates) {
CertificateImpl c(e, DataFormat::FORM_DER);
- if(c.empty())
+ if (c.empty())
return CKM_API_ERROR_INPUT_PARAM;
untrustedCertVector.push_back(std::move(c));
}
for (auto &e: trustedCertificates) {
CertificateImpl c(e, DataFormat::FORM_DER);
- if(c.empty())
+ if (c.empty())
return CKM_API_ERROR_INPUT_PARAM;
trustedCertVector.push_back(std::move(c));
}
try {
Crypto::GObjUPtr obj;
retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, privateKeyName, ownerLabel, password, obj);
- if(retCode == CKM_API_SUCCESS) {
+ if (retCode == CKM_API_SUCCESS)
signature = obj->sign(cryptoAlg, message);
- }
} catch (const Exc::Exception &e) {
retCode = e.error();
} catch (const CKM::Exception &e) {
// rather than private key from the same PKCS.
Crypto::GObjUPtr obj;
retCode = readDataHelper(false, cred, DataType::CERTIFICATE, publicKeyOrCertName, ownerLabel, password, obj);
- if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
+ if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN)
retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, publicKeyOrCertName, ownerLabel, password, obj);
- }
- if (retCode == CKM_API_SUCCESS) {
+ if (retCode == CKM_API_SUCCESS)
retCode = obj->verify(params, message, signature);
- }
} catch (const Exc::Exception &e) {
retCode = e.error();
} catch (const CKM::Exception &e) {
return CKM_API_ERROR_INPUT_PARAM;
// currently we don't support modification of owner's permissions to his own rows
- if (ownerLabel==accessorLabel)
+ if (ownerLabel == accessorLabel)
return CKM_API_ERROR_INPUT_PARAM;
// system database does not support write/remove permissions
// can the client modify permissions to owner's row?
int retCode = m_accessControl.canModify(cred, ownerLabel);
- if(retCode != CKM_API_SUCCESS)
+ if (retCode != CKM_API_SUCCESS)
return retCode;
DB::Crypto::Transaction transaction(&handler.database);
- if( !handler.database.isNameLabelPresent(name, ownerLabel) )
+ if (!handler.database.isNameLabelPresent(name, ownerLabel))
return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
// removing non-existing permissions: fail
- if(permissionMask == Permission::NONE)
- {
- if(!handler.database.getPermissionRow(name, ownerLabel, accessorLabel))
+ if (permissionMask == Permission::NONE) {
+ if (!handler.database.getPermissionRow(name, ownerLabel, accessorLabel))
return CKM_API_ERROR_INPUT_PARAM;
}
if (!handle.crypto.haveKey(appLabel)) {
RawBuffer key;
auto key_optional = handle.database.getKey(appLabel);
- if(!key_optional) {
+ if (!key_optional) {
LogError("No key for given label in database");
return CKM_API_ERROR_DB_ERROR;
}
int unlockSystemDB();
private:
-
// select private/system database depending on asking uid and owner label.
// output: database handler and effective label
UserData & selectDatabase(const Credentials &incoming_cred,
namespace CKM {
-CKMService::CKMService()
- : m_logic(new CKMLogic)
+CKMService::CKMService() :
+ m_logic(new CKMLogic)
{
InitialValues::LoadFiles(*m_logic);
}
-CKMService::~CKMService() {
+CKMService::~CKMService()
+{
delete m_logic;
}
-void CKMService::Start() {
+void CKMService::Start()
+{
Create();
}
-void CKMService::Stop() {
+void CKMService::Stop()
+{
Join();
}
ConnectionInfo &info,
bool /*allowed*/)
{
- LogDebug ("process One");
+ LogDebug("process One");
RawBuffer response;
Try {
m_serviceManager->Write(conn, response);
return true;
- } Catch (MessageBuffer::Exception::Base) {
+ } Catch(MessageBuffer::Exception::Base) {
LogError("Broken protocol. Closing socket.");
- } Catch (Exception::BrokenProtocol) {
+ } Catch(Exception::BrokenProtocol) {
LogError("Broken protocol. Closing socket.");
} catch (const DataType::Exception::Base &e) {
LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
return false;
}
-RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
+RawBuffer CKMService::ProcessControl(MessageBuffer &buffer)
+{
int command = 0;
uid_t user = 0;
ControlCommand cc;
cc = static_cast<ControlCommand>(command);
- switch(cc) {
+ switch (cc) {
case ControlCommand::UNLOCK_USER_KEY:
buffer.Deserialize(user, newPass);
return m_logic->unlockUserKey(user, newPass);
LogDebug("Process storage. Command: " << command);
- switch(static_cast<LogicCommand>(command)) {
- case LogicCommand::SAVE:
- {
- RawBuffer rawData;
- PolicySerializable policy;
- buffer.Deserialize(tmpDataType, name, label, rawData, policy);
- return m_logic->saveData(
- cred,
- msgID,
- name,
- label,
- Crypto::Data(DataType(tmpDataType), std::move(rawData)),
- policy);
- }
- case LogicCommand::SAVE_PKCS12:
- {
- RawBuffer rawData;
- PKCS12Serializable pkcs;
- PolicySerializable keyPolicy, certPolicy;
- buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
- return m_logic->savePKCS12(
- cred,
- msgID,
- name,
- label,
- pkcs,
- keyPolicy,
- certPolicy);
- }
- case LogicCommand::REMOVE:
- {
- buffer.Deserialize(name, label);
- return m_logic->removeData(
- cred,
- msgID,
- name,
- label);
- }
- case LogicCommand::GET:
- {
- Password password;
- buffer.Deserialize(tmpDataType, name, label, password);
- return m_logic->getData(
- cred,
- msgID,
- DataType(tmpDataType),
- name,
- label,
- password);
- }
- case LogicCommand::GET_PKCS12:
- {
- Password passKey;
- Password passCert;
- buffer.Deserialize(name,
- label,
- passKey,
- passCert);
- return m_logic->getPKCS12(
- cred,
- msgID,
- name,
- label,
- passKey,
- passCert);
- }
- case LogicCommand::GET_LIST:
- {
- buffer.Deserialize(tmpDataType);
- return m_logic->getDataList(
- cred,
- msgID,
- DataType(tmpDataType));
- }
- case LogicCommand::CREATE_KEY_AES:
- {
- int size = 0;
- Name keyName;
- Label keyLabel;
- PolicySerializable policyKey;
- buffer.Deserialize(size,
- policyKey,
- keyName,
- keyLabel);
- return m_logic->createKeyAES(
- cred,
- msgID,
- size,
- keyName,
- keyLabel,
- policyKey);
- }
- case LogicCommand::CREATE_KEY_PAIR:
- {
- CryptoAlgorithmSerializable keyGenAlgorithm;
- Name privateKeyName;
- Label privateKeyLabel;
- Name publicKeyName;
- Label publicKeyLabel;
- PolicySerializable policyPrivateKey;
- PolicySerializable policyPublicKey;
- buffer.Deserialize(keyGenAlgorithm,
- policyPrivateKey,
- policyPublicKey,
- privateKeyName,
- privateKeyLabel,
- publicKeyName,
- publicKeyLabel);
- return m_logic->createKeyPair(
- cred,
- msgID,
- keyGenAlgorithm,
- privateKeyName,
- privateKeyLabel,
- publicKeyName,
- publicKeyLabel,
- policyPrivateKey,
- policyPublicKey);
- }
- case LogicCommand::GET_CHAIN_CERT:
- {
- RawBuffer certificate;
- RawBufferVector untrustedVector;
- RawBufferVector trustedVector;
- bool systemCerts = false;
- buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
- return m_logic->getCertificateChain(
- cred,
- msgID,
- certificate,
- untrustedVector,
- trustedVector,
- systemCerts);
- }
- case LogicCommand::GET_CHAIN_ALIAS:
- {
- RawBuffer certificate;
- LabelNameVector untrustedVector;
- LabelNameVector trustedVector;
- bool systemCerts = false;
- buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
- return m_logic->getCertificateChain(
- cred,
- msgID,
- certificate,
- untrustedVector,
- trustedVector,
- systemCerts);
- }
- case LogicCommand::CREATE_SIGNATURE:
- {
- Password password; // password for private_key
- RawBuffer message;
-
- CryptoAlgorithmSerializable cAlgorithm;
- buffer.Deserialize(name, label, password, message, cAlgorithm);
-
- return m_logic->createSignature(
- cred,
- msgID,
- name,
- label,
- password, // password for private_key
- message,
- cAlgorithm);
- }
- case LogicCommand::VERIFY_SIGNATURE:
- {
- Password password; // password for public_key (optional)
- RawBuffer message;
- RawBuffer signature;
- CryptoAlgorithmSerializable cAlg;
-
- buffer.Deserialize(name,
- label,
- password,
- message,
- signature,
- cAlg);
-
- return m_logic->verifySignature(
- cred,
- msgID,
- name,
- label,
- password, // password for public_key (optional)
- message,
- signature,
- cAlg);
- }
- case LogicCommand::SET_PERMISSION:
- {
- PermissionMask permissionMask = 0;
- buffer.Deserialize(name, label, accessorLabel, permissionMask);
- return m_logic->setPermission(
- cred,
- command,
- msgID,
- name,
- label,
- accessorLabel,
- permissionMask);
- }
- default:
- Throw(Exception::BrokenProtocol);
+ switch (static_cast<LogicCommand>(command)) {
+ case LogicCommand::SAVE:
+ {
+ RawBuffer rawData;
+ PolicySerializable policy;
+ buffer.Deserialize(tmpDataType, name, label, rawData, policy);
+ return m_logic->saveData(
+ cred,
+ msgID,
+ name,
+ label,
+ Crypto::Data(DataType(tmpDataType), std::move(rawData)),
+ policy);
+ }
+ case LogicCommand::SAVE_PKCS12:
+ {
+ RawBuffer rawData;
+ PKCS12Serializable pkcs;
+ PolicySerializable keyPolicy, certPolicy;
+ buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
+ return m_logic->savePKCS12(
+ cred,
+ msgID,
+ name,
+ label,
+ pkcs,
+ keyPolicy,
+ certPolicy);
+ }
+ case LogicCommand::REMOVE:
+ {
+ buffer.Deserialize(name, label);
+ return m_logic->removeData(
+ cred,
+ msgID,
+ name,
+ label);
+ }
+ case LogicCommand::GET:
+ {
+ Password password;
+ buffer.Deserialize(tmpDataType, name, label, password);
+ return m_logic->getData(
+ cred,
+ msgID,
+ DataType(tmpDataType),
+ name,
+ label,
+ password);
+ }
+ case LogicCommand::GET_PKCS12:
+ {
+ Password passKey;
+ Password passCert;
+ buffer.Deserialize(
+ name,
+ label,
+ passKey,
+ passCert);
+ return m_logic->getPKCS12(
+ cred,
+ msgID,
+ name,
+ label,
+ passKey,
+ passCert);
+ }
+ case LogicCommand::GET_LIST:
+ {
+ buffer.Deserialize(tmpDataType);
+ return m_logic->getDataList(
+ cred,
+ msgID,
+ DataType(tmpDataType));
+ }
+ case LogicCommand::CREATE_KEY_AES:
+ {
+ int size = 0;
+ Name keyName;
+ Label keyLabel;
+ PolicySerializable policyKey;
+ buffer.Deserialize(
+ size,
+ policyKey,
+ keyName,
+ keyLabel);
+ return m_logic->createKeyAES(
+ cred,
+ msgID,
+ size,
+ keyName,
+ keyLabel,
+ policyKey);
+ }
+ case LogicCommand::CREATE_KEY_PAIR:
+ {
+ CryptoAlgorithmSerializable keyGenAlgorithm;
+ Name privateKeyName;
+ Label privateKeyLabel;
+ Name publicKeyName;
+ Label publicKeyLabel;
+ PolicySerializable policyPrivateKey;
+ PolicySerializable policyPublicKey;
+ buffer.Deserialize(keyGenAlgorithm,
+ policyPrivateKey,
+ policyPublicKey,
+ privateKeyName,
+ privateKeyLabel,
+ publicKeyName,
+ publicKeyLabel);
+ return m_logic->createKeyPair(
+ cred,
+ msgID,
+ keyGenAlgorithm,
+ privateKeyName,
+ privateKeyLabel,
+ publicKeyName,
+ publicKeyLabel,
+ policyPrivateKey,
+ policyPublicKey);
+ }
+ case LogicCommand::GET_CHAIN_CERT:
+ {
+ RawBuffer certificate;
+ RawBufferVector untrustedVector;
+ RawBufferVector trustedVector;
+ bool systemCerts = false;
+ buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
+ return m_logic->getCertificateChain(
+ cred,
+ msgID,
+ certificate,
+ untrustedVector,
+ trustedVector,
+ systemCerts);
+ }
+ case LogicCommand::GET_CHAIN_ALIAS:
+ {
+ RawBuffer certificate;
+ LabelNameVector untrustedVector;
+ LabelNameVector trustedVector;
+ bool systemCerts = false;
+ buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
+ return m_logic->getCertificateChain(
+ cred,
+ msgID,
+ certificate,
+ untrustedVector,
+ trustedVector,
+ systemCerts);
+ }
+ case LogicCommand::CREATE_SIGNATURE:
+ {
+ Password password; // password for private_key
+ RawBuffer message;
+
+ CryptoAlgorithmSerializable cAlgorithm;
+ buffer.Deserialize(name, label, password, message, cAlgorithm);
+
+ return m_logic->createSignature(
+ cred,
+ msgID,
+ name,
+ label,
+ password, // password for private_key
+ message,
+ cAlgorithm);
+ }
+ case LogicCommand::VERIFY_SIGNATURE:
+ {
+ Password password; // password for public_key (optional)
+ RawBuffer message;
+ RawBuffer signature;
+ CryptoAlgorithmSerializable cAlg;
+
+ buffer.Deserialize(name,
+ label,
+ password,
+ message,
+ signature,
+ cAlg);
+
+ return m_logic->verifySignature(
+ cred,
+ msgID,
+ name,
+ label,
+ password, // password for public_key (optional)
+ message,
+ signature,
+ cAlg);
+ }
+ case LogicCommand::SET_PERMISSION:
+ {
+ PermissionMask permissionMask = 0;
+ buffer.Deserialize(name, label, accessorLabel, permissionMask);
+ return m_logic->setPermission(
+ cred,
+ command,
+ msgID,
+ name,
+ label,
+ accessorLabel,
+ permissionMask);
+ }
+ default:
+ Throw(Exception::BrokenProtocol);
}
}
}
}
-void CKMService::CustomHandle(const ReadEvent &event) {
+void CKMService::CustomHandle(const ReadEvent &event)
+{
LogDebug("Read event");
auto &info = m_connectionInfoMap[event.connectionID.counter];
info.buffer.Push(event.rawBuffer);
- while(ProcessOne(event.connectionID, info, true));
+ while (ProcessOne(event.connectionID, info, true));
}
-void CKMService::CustomHandle(const SecurityEvent & /*event*/) {
+void CKMService::CustomHandle(const SecurityEvent & /*event*/)
+{
LogError("This should not happend! SecurityEvent was called on CKMService!");
}
class CKMLogic;
-class CKMService : public ThreadMessageService<MsgKeyRequest>
-{
+class CKMService : public ThreadMessageService<MsgKeyRequest> {
public:
CKMService();
CKMService(const CKMService &) = delete;
// Custom add custom support for ReadEvent and SecurityEvent
// because we want to bypass security check in CKMService
- virtual void Event(const ReadEvent &event) {
+ virtual void Event(const ReadEvent &event)
+ {
CreateEvent([this, event]() { this->CustomHandle(event); });
}
- virtual void Event(const SecurityEvent &event) {
+ virtual void Event(const SecurityEvent &event)
+ {
CreateEvent([this, event]() { this->CustomHandle(event); });
}
CryptoLogic::CryptoLogic() {}
-CryptoLogic::CryptoLogic(CryptoLogic &&second) {
+CryptoLogic::CryptoLogic(CryptoLogic &&second)
+{
m_keyMap = std::move(second.m_keyMap);
}
-CryptoLogic& CryptoLogic::operator=(CryptoLogic &&second) {
+CryptoLogic& CryptoLogic::operator=(CryptoLogic &&second)
+{
if (this == &second)
return *this;
m_keyMap = std::move(second.m_keyMap);
void CryptoLogic::pushKey(const Label &smackLabel,
const RawBuffer &applicationKey)
{
- if (smackLabel.length() == 0) {
+ if (smackLabel.length() == 0)
ThrowErr(Exc::InternalError, "Empty smack label.");
- }
- if (applicationKey.size() == 0) {
+
+ if (applicationKey.size() == 0)
ThrowErr(Exc::InternalError, "Empty application key.");
- }
- if (haveKey(smackLabel)) {
+
+ if (haveKey(smackLabel))
ThrowErr(Exc::InternalError, "Application key for ", smackLabel,
"label already exists.");
- }
m_keyMap[smackLabel] = applicationKey;
}
1024,
result.size(),
result.data()))
- {
ThrowErr(Exc::InternalError, "PCKS5_PKKDF_HMAC_SHA1 failed.");
- }
return result;
}
-RawBuffer CryptoLogic::generateRandIV() const {
+RawBuffer CryptoLogic::generateRandIV() const
+{
RawBuffer civ(EVP_MAX_IV_LENGTH);
- if (1 != RAND_bytes(civ.data(), civ.size())) {
+ if (1 != RAND_bytes(civ.data(), civ.size()))
ThrowErr(Exc::InternalError, "RAND_bytes failed to generate IV.");
- }
return civ;
}
crow.algorithmType = DBCMAlgType::AES_GCM_256;
crow.dataSize = crow.data.size();
- if (crow.dataSize <= 0) {
+ if (crow.dataSize <= 0)
ThrowErr(Exc::InternalError, "Invalid dataSize.");
- }
- if (!haveKey(row.ownerLabel)) {
+ if (!haveKey(row.ownerLabel))
ThrowErr(Exc::InternalError, "Missing application key for ",
row.ownerLabel, " label.");
- }
- if (crow.iv.empty()) {
+ if (crow.iv.empty())
crow.iv = generateRandIV();
- }
key = m_keyMap[row.ownerLabel];
crow.encryptionScheme = ENCR_APPKEY;
RawBuffer key;
RawBuffer digest, dataDigest;
- if (row.algorithmType != DBCMAlgType::AES_GCM_256) {
+ if (row.algorithmType != DBCMAlgType::AES_GCM_256)
ThrowErr(Exc::AuthenticationFailed, "Invalid algorithm type.");
- }
- if ((row.encryptionScheme & ENCR_PASSWORD) && password.empty()) {
+ if ((row.encryptionScheme & ENCR_PASSWORD) && password.empty())
ThrowErr(Exc::AuthenticationFailed,
"DB row is password protected, but given password is empty.");
- }
- if(!(row.encryptionScheme & ENCR_PASSWORD) && !password.empty()) {
+ if (!(row.encryptionScheme & ENCR_PASSWORD) && !password.empty())
ThrowErr(Exc::AuthenticationFailed,
"DB row is not password protected, but given password is not empty.");
- }
- if ((row.encryptionScheme & ENCR_APPKEY) && !haveKey(row.ownerLabel)) {
+ if ((row.encryptionScheme & ENCR_APPKEY) && !haveKey(row.ownerLabel))
ThrowErr(Exc::AuthenticationFailed,
"Missing application key for ",
row.ownerLabel,
" label.");
- }
decBase64(crow.iv);
- if (crow.encryptionScheme & ENCR_BASE64) {
+ if (crow.encryptionScheme & ENCR_BASE64)
decBase64(crow.data);
- }
- if((crow.encryptionScheme >> ENCR_ORDER_OFFSET) == ENCR_ORDER_V2) {
+ if ((crow.encryptionScheme >> ENCR_ORDER_OFFSET) == ENCR_ORDER_V2) {
if (crow.encryptionScheme & ENCR_APPKEY) {
key = m_keyMap[crow.ownerLabel];
crow.data = Crypto::SW::Internals::decryptDataAesGcm(key, crow.data, crow.iv, crow.tag);
crow.data = Crypto::SW::Internals::decryptDataAesGcm(key, crow.data, crow.iv, crow.tag);
}
}
- if (static_cast<int>(crow.data.size()) < crow.dataSize) {
+
+ if (static_cast<int>(crow.data.size()) < crow.dataSize)
ThrowErr(Exc::AuthenticationFailed, "Decrypted row size mismatch");
- }
- if (static_cast<int>(crow.data.size()) > crow.dataSize) {
+ if (static_cast<int>(crow.data.size()) > crow.dataSize)
crow.data.resize(crow.dataSize);
- }
row = std::move(crow);
} catch(const CKM::Base64Encoder::Exception::Base &e) {
benc.finalize();
encdata = benc.get();
- if (encdata.size() == 0) {
+ if (encdata.size() == 0)
ThrowErr(Exc::InternalError, "Base64Encoder returned empty data.");
- }
data = std::move(encdata);
}
bdec.reset();
bdec.append(data);
- if (!bdec.finalize()) {
+ if (!bdec.finalize())
ThrowErr(Exc::InternalError, "Failed in Base64Decoder.finalize.");
- }
decdata = bdec.get();
- if (decdata.size() == 0) {
+ if (decdata.size() == 0)
ThrowErr(Exc::InternalError, "Base64Decoder returned empty data.");
- }
data = std::move(decdata);
}
CryptoLogic& operator=(CryptoLogic &&second);
CryptoLogic& operator=(const CryptoLogic &second) = delete;
- virtual ~CryptoLogic(){}
+ virtual ~CryptoLogic() {}
void decryptRow(const Password &password, DB::Row &row);
void encryptRow(DB::Row &row);
namespace CKM {
-struct CryptoRequest
-{
+struct CryptoRequest {
ConnectionID conn;
Credentials cred;
EncryptionCommand command;
other.m_inUserTransaction = false;
}
- Crypto::~Crypto() {
+ Crypto::~Crypto()
+ {
delete m_connection;
}
- Crypto& Crypto::operator=(Crypto&& other) {
+ Crypto& Crypto::operator=(Crypto&& other)
+ {
if (this == &other)
return *this;
delete m_connection;
bool Crypto::getDBVersion(int & schemaVersion)
{
SchemaInfo SchemaInfo(this);
- if(SchemaInfo.getVersionInfo(schemaVersion)) {
+ if (SchemaInfo.getVersionInfo(schemaVersion)) {
LogDebug("Current DB version: " << schemaVersion);
return true;
- }
- else
- {
+ } else {
LogDebug("No DB version known or DB not present");
// special case: old CKM_TABLE exists
- if(m_connection->CheckTableExist("CKM_TABLE")) {
+ if (m_connection->CheckTableExist("CKM_TABLE")) {
schemaVersion = DB_VERSION_1;
return true;
}
// special case: new scheme exists, but no SCHEMA_INFO table present
- else if(m_connection->CheckTableExist("NAME_TABLE")) {
+ else if (m_connection->CheckTableExist("NAME_TABLE")) {
schemaVersion = DB_VERSION_2;
return true;
}
{
// run migration if old database is present
int schemaVersion;
- if( getDBVersion(schemaVersion)==false || // DB empty or corrupted
- schemaVersion > DB_VERSION_CURRENT) // or too new scheme
- {
+ if ( getDBVersion(schemaVersion) == false || // DB empty or corrupted
+ schemaVersion > DB_VERSION_CURRENT) { // or too new scheme
LogDebug("no database or database corrupted, initializing the DB");
resetDB();
- }
- else
- {
+ } else {
// migration needed
LogDebug("DB migration from version " << schemaVersion << " to version " << DB_VERSION_CURRENT << " started.");
Transaction transaction(this);
- for(int vi=schemaVersion; vi<DB_VERSION_CURRENT; vi++)
- {
+ for (int vi = schemaVersion; vi < DB_VERSION_CURRENT; vi++) {
ScriptOptional script = getMigrationScript(vi);
- if(!script)
- {
+ if (!script) {
LogError("Error, script to migrate database from version: " << vi <<
" to version: " << vi+1 << " not available, resetting the DB");
resetDB();
{
std::string scriptPath = SCRIPTS_PATH + scriptName + std::string(".sql");
std::ifstream is(scriptPath);
- if(is.fail()) {
+ if (is.fail()) {
LogError("Script " << scriptPath << " not found!");
return ScriptOptional();
}
-
- std::istreambuf_iterator<char> begin(is),end;
+ std::istreambuf_iterator<char> begin(is), end;
return ScriptOptional(std::string(begin, end));
}
return getScript(scriptPath);
}
- void Crypto::createDBSchema() {
+ void Crypto::createDBSchema()
+ {
Transaction transaction(this);
ScriptOptional script = getScript(SCRIPT_CREATE_SCHEMA);
- if(!script)
- {
+
+ if (!script)
ThrowErr(Exc::DatabaseFailed, "Can not create the database schema: no initialization script");
- }
m_connection->ExecCommand((*script).c_str());
SchemaInfo SchemaInfo(this);
transaction.commit();
}
- void Crypto::resetDB() {
+ void Crypto::resetDB()
+ {
Transaction transaction(this);
ScriptOptional script = getScript(SCRIPT_DROP_ALL_ITEMS);
- if(!script)
- {
+ if (!script)
ThrowErr(Exc::DatabaseFailed, "Can not clear the database: no clearing script");
- }
m_connection->ExecCommand((*script).c_str());
createDBSchema();
transaction.commit();
}
- bool Crypto::isNameLabelPresent(const Name &name, const Label &owner) const {
+ bool Crypto::isNameLabelPresent(const Name &name, const Label &owner) const
+ {
Try {
NameTable nameTable(this->m_connection);
return nameTable.isPresent(name, owner);
ThrowErr(Exc::DatabaseFailed, "Couldn't save Row");
}
- void Crypto::saveRow(const Row &row) {
+ void Crypto::saveRow(const Row &row)
+ {
Try {
// transaction is present in the layer above
NameTable nameTable(this->m_connection);
ThrowErr(Exc::DatabaseFailed, "Couldn't save Row");
}
- void Crypto::updateRow(const Row &row) {
+ void Crypto::updateRow(const Row &row)
+ {
Try {
// transaction is present in the layer above
ObjectTable objectTable(this->m_connection);
Try {
// transaction is present in the layer above
NameTable nameTable(this->m_connection);
- if(nameTable.isPresent(name, ownerLabel))
- {
+ if (nameTable.isPresent(name, ownerLabel)) {
nameTable.deleteRow(name, ownerLabel);
return true;
}
return false;
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare delete statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute delete statement");
}
ThrowErr(Exc::DatabaseFailed,
}
Row Crypto::getRow(
- const SqlConnection::DataCommandUniquePtr &selectCommand) const {
+ const SqlConnection::DataCommandUniquePtr &selectCommand) const
+ {
Row row;
row.name = selectCommand->GetColumnString(0);
row.ownerLabel = selectCommand->GetColumnString(1);
Try {
PermissionTable permissionTable(this->m_connection);
return permissionTable.getPermissionRow(name, ownerLabel, accessorLabel);
- } Catch (SqlConnection::Exception::InvalidColumn) {
+ } Catch(SqlConnection::Exception::InvalidColumn) {
LogError("Select statement invalid column error");
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare select statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute select statement");
}
return PermissionMaskOptional();
selectCommand->BindInteger(2, typeRangeStop);
// name table reference
- selectCommand->BindString (101, name.c_str());
- selectCommand->BindString (102, ownerLabel.c_str());
+ selectCommand->BindString(101, name.c_str());
+ selectCommand->BindString(102, ownerLabel.c_str());
- if(selectCommand->Step())
- {
+ if (selectCommand->Step()) {
// extract data
Row current_row = getRow(selectCommand);
} else {
return RowOptional();
}
- } Catch (SqlConnection::Exception::InvalidColumn) {
+ } Catch(SqlConnection::Exception::InvalidColumn) {
LogError("Select statement invalid column error");
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare select statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute select statement");
}
ThrowErr(Exc::DatabaseFailed,
selectCommand->BindInteger(2, typeRangeStop);
// name table reference
- selectCommand->BindString (101, name.c_str());
- selectCommand->BindString (102, ownerLabel.c_str());
+ selectCommand->BindString(101, name.c_str());
+ selectCommand->BindString(102, ownerLabel.c_str());
- while(selectCommand->Step())
- {
+ while (selectCommand->Step()) {
// extract data
output.push_back(getRow(selectCommand));
}
return;
- } Catch (SqlConnection::Exception::InvalidColumn) {
+ } Catch(SqlConnection::Exception::InvalidColumn) {
LogError("Select statement invalid column error");
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare select statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute select statement");
}
ThrowErr(Exc::DatabaseFailed,
DataType typeRangeStart,
DataType typeRangeStop)
{
- Try{
+ Try {
Transaction transaction(this);
SqlConnection::DataCommandUniquePtr selectCommand =
m_connection->PrepareDataCommand(DB_CMD_NAME_SELECT_BY_TYPE_AND_PERMISSION);
selectCommand->BindString(104, smackLabel.c_str());
selectCommand->BindInteger(4, static_cast<int>(Permission::READ | Permission::REMOVE));
- while(selectCommand->Step()) {
+ while (selectCommand->Step()) {
Label ownerLabel = selectCommand->GetColumnString(0);
Name name = selectCommand->GetColumnString(1);
labelNameVector.push_back(std::make_pair(ownerLabel, name));
}
return;
- } Catch (SqlConnection::Exception::InvalidColumn) {
+ } Catch(SqlConnection::Exception::InvalidColumn) {
LogError("Select statement invalid column error");
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare select statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute select statement");
}
ThrowErr(Exc::DatabaseFailed,
" accessible to client label ", smackLabel);
}
-
-
void Crypto::saveKey(
const Label& label,
const RawBuffer &key)
insertCommand->BindBlob(2, key);
insertCommand->Step();
return;
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare insert key statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute insert statement");
}
ThrowErr(Exc::DatabaseFailed, "Couldn't save key for label ", label);
m_connection->PrepareDataCommand(DB_CMD_KEY_SELECT);
selectCommand->BindString(1, label.c_str());
- if (selectCommand->Step()) {
+ if (selectCommand->Step())
return RawBufferOptional(
selectCommand->GetColumnBlob(0));
- } else {
+ else
return RawBufferOptional();
- }
-
- } Catch (SqlConnection::Exception::InvalidColumn) {
+ } Catch(SqlConnection::Exception::InvalidColumn) {
LogError("Select statement invalid column error");
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare insert key statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute insert statement");
}
ThrowErr(Exc::DatabaseFailed, "Couldn't get key for label ", label);
}
- void Crypto::deleteKey(const Label& label) {
+ void Crypto::deleteKey(const Label& label)
+ {
Try {
Transaction transaction(this);
transaction.commit();
return;
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare insert key statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute insert statement");
}
ThrowErr(Exc::DatabaseFailed, "Couldn't delete key for label ", label);
PermissionTable permissionTable(this->m_connection);
permissionTable.setPermission(name, ownerLabel, accessorLabel, permissionMask);
return;
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare set statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute set statement");
}
ThrowErr(Exc::DatabaseFailed, "Couldn't set permissions for name ", name);
}
-
- void Crypto::SchemaInfo::setVersionInfo() {
+ void Crypto::SchemaInfo::setVersionInfo()
+ {
SqlConnection::DataCommandUniquePtr insertContextCommand =
m_db->m_connection->PrepareDataCommand(DB_CMD_SCHEMA_SET);
insertContextCommand->BindString(101, DB_SCHEMA_VERSION_FIELD);
m_db->m_connection->PrepareDataCommand(DB_CMD_SCHEMA_GET);
selectCommand->BindString(101, DB_SCHEMA_VERSION_FIELD);
- if(selectCommand->Step()) {
+ if (selectCommand->Step()) {
version = static_cast<int>(atoi(selectCommand->GetColumnString(1).c_str()));
return true;
}
- } Catch (SqlConnection::Exception::InvalidColumn) {
+ } Catch(SqlConnection::Exception::InvalidColumn) {
LogError("Select statement invalid column error");
- } Catch (SqlConnection::Exception::SyntaxError) {
+ } Catch(SqlConnection::Exception::SyntaxError) {
LogError("Couldn't prepare select statement");
- } Catch (SqlConnection::Exception::InternalError) {
+ } Catch(SqlConnection::Exception::InternalError) {
LogError("Couldn't execute select statement");
}
return false;
const Label& accessorLabel,
const PermissionMask permissionMask)
{
- if(permissionMask == Permission::NONE)
- {
+ if (permissionMask == Permission::NONE) {
// clear permissions
SqlConnection::DataCommandUniquePtr deletePermissionCommand =
m_connection->PrepareDataCommand(DB_CMD_PERMISSION_DELETE);
deletePermissionCommand->BindString(101, name.c_str());
deletePermissionCommand->BindString(102, ownerLabel.c_str());
deletePermissionCommand->Step();
- }
- else
- {
+ } else {
// add new permissions
SqlConnection::DataCommandUniquePtr setPermissionCommand =
m_connection->PrepareDataCommand(DB_CMD_PERMISSION_SET);
selectCommand->BindString(101, name.c_str());
selectCommand->BindString(102, ownerLabel.c_str());
- if(selectCommand->Step())
- {
+ if (selectCommand->Step()) {
// there is entry for the <name, ownerLabel> pair
return PermissionMaskOptional(PermissionMask(selectCommand->GetColumnInteger(0)));
}
// insert NAMES item
SqlConnection::DataCommandUniquePtr insertNameCommand =
m_connection->PrepareDataCommand(DB_CMD_NAME_INSERT);
- insertNameCommand->BindString (101, name.c_str());
- insertNameCommand->BindString (102, ownerLabel.c_str());
+ insertNameCommand->BindString(101, name.c_str());
+ insertNameCommand->BindString(102, ownerLabel.c_str());
insertNameCommand->Step();
}
m_connection->PrepareDataCommand(DB_CMD_NAME_COUNT_ROWS);
checkCmd->BindString(101, name.c_str());
checkCmd->BindString(102, ownerLabel.c_str());
- if(checkCmd->Step()) {
+ if (checkCmd->Step()) {
int element_count = checkCmd->GetColumnInteger(0);
LogDebug("Item name: " << name << " ownerLabel: " << ownerLabel <<
" hit count: " << element_count);
- if(element_count > 0)
+ if (element_count > 0)
return true;
}
return false;
insertObjectCommand->BindInteger(2, static_cast<int>(row.dataType));
insertObjectCommand->BindInteger(3, static_cast<int>(row.algorithmType));
insertObjectCommand->BindInteger(4, row.encryptionScheme);
- insertObjectCommand->BindBlob (5, row.iv);
+ insertObjectCommand->BindBlob(5, row.iv);
insertObjectCommand->BindInteger(6, row.dataSize);
- insertObjectCommand->BindBlob (7, row.data);
- insertObjectCommand->BindBlob (8, row.tag);
+ insertObjectCommand->BindBlob(7, row.data);
+ insertObjectCommand->BindBlob(8, row.tag);
insertObjectCommand->BindInteger(9, static_cast<int>(row.backendId));
// name table reference
- insertObjectCommand->BindString (101, row.name.c_str());
- insertObjectCommand->BindString (102, row.ownerLabel.c_str());
+ insertObjectCommand->BindString(101, row.name.c_str());
+ insertObjectCommand->BindString(102, row.ownerLabel.c_str());
insertObjectCommand->Step();
}
updateObjectCommand->BindInteger(2, static_cast<int>(row.dataType));
updateObjectCommand->BindInteger(3, static_cast<int>(row.algorithmType));
updateObjectCommand->BindInteger(4, row.encryptionScheme);
- updateObjectCommand->BindBlob (5, row.iv);
+ updateObjectCommand->BindBlob(5, row.iv);
updateObjectCommand->BindInteger(6, row.dataSize);
- updateObjectCommand->BindBlob (7, row.data);
- updateObjectCommand->BindBlob (8, row.tag);
+ updateObjectCommand->BindBlob(7, row.data);
+ updateObjectCommand->BindBlob(8, row.tag);
// name table reference
- updateObjectCommand->BindString (101, row.name.c_str());
- updateObjectCommand->BindString (102, row.ownerLabel.c_str());
+ updateObjectCommand->BindString(101, row.name.c_str());
+ updateObjectCommand->BindString(102, row.ownerLabel.c_str());
updateObjectCommand->Step();
}
namespace CKM {
namespace DB {
- class Crypto {
- public:
- typedef boost::optional<Row> RowOptional;
- typedef boost::optional<RawBuffer> RawBufferOptional;
- Crypto() :
- m_connection(NULL),
- m_inUserTransaction(false)
- {};
- // user name instead of path?
- Crypto(const std::string &path, const RawBuffer &rawPass);
- Crypto(const Crypto &other) = delete;
- Crypto(Crypto &&other);
-
- Crypto& operator=(const Crypto& ) = delete;
- Crypto& operator=(Crypto&& other);
-
- virtual ~Crypto();
-
- void saveRow(
- const Row &row);
-
- void saveRows(
- const Name &name,
- const Label &owner,
- const RowVector &rows);
-
- void updateRow(
- const Row &row);
-
- bool isNameLabelPresent(
- const Name &name,
- const Label &owner) const;
-
- RowOptional getRow(
- const Name &name,
- const Label &ownerLabel,
- DataType type);
-
- RowOptional getRow(
- const Name &name,
- const Label &ownerLabel,
- DataType typeRangeStart,
- DataType typeRangeStop);
-
- void getRows(
- const Name &name,
- const Label &ownerLabel,
- DataType type,
- RowVector &output);
-
- void getRows(
- const Name &name,
- const Label &ownerLabel,
- DataType typeRangeStart,
- DataType typeRangeStop,
- RowVector &output);
-
- void listNames(
- const Label &smackLabel,
- LabelNameVector& labelNameVector,
- DataType type);
-
- void listNames(
- const Label &smackLabel,
- LabelNameVector& labelNameVector,
- DataType typeRangeStart,
- DataType typeRangeStop);
-
- bool deleteRow(
- const Name &name,
- const Label &ownerLabel);
-
- // keys
- void saveKey(const Label& label, const RawBuffer &key);
- RawBufferOptional getKey(const Label& label);
- void deleteKey(const Label& label);
-
-
- // permissions
- void setPermission(
- const Name &name,
- const Label &ownerLabel,
- const Label &accessorLabel,
- const PermissionMask permissionMask);
-
- PermissionMaskOptional getPermissionRow(
- const Name &name,
- const Label &ownerLabel,
- const Label &accessorLabel) const;
-
-
- // transactions
- int beginTransaction();
- int commitTransaction();
- int rollbackTransaction();
-
- class Transaction {
- public:
- Transaction(Crypto *db)
- : m_db(db),
- m_inTransaction(false) {
- if(!m_db->m_inUserTransaction) {
- Try {
- m_db->m_connection->ExecCommand("BEGIN EXCLUSIVE");
- m_db->m_inUserTransaction = true;
- m_inTransaction = true;
- } Catch (SqlConnection::Exception::InternalError) {
- ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state");
- } Catch (SqlConnection::Exception::Base) {
- ThrowErr(Exc::TransactionFailed, "Couldn't begin transaction");
- }
- }
+class Crypto {
+public:
+ typedef boost::optional<Row> RowOptional;
+ typedef boost::optional<RawBuffer> RawBufferOptional;
+ Crypto() :
+ m_connection(NULL),
+ m_inUserTransaction(false)
+ {
+ }
+ // user name instead of path?
+ Crypto(const std::string &path, const RawBuffer &rawPass);
+ Crypto(const Crypto &other) = delete;
+ Crypto(Crypto &&other);
+
+ Crypto& operator=(const Crypto& ) = delete;
+ Crypto& operator=(Crypto&& other);
+
+ virtual ~Crypto();
+
+ void saveRow(
+ const Row &row);
+
+ void saveRows(
+ const Name &name,
+ const Label &owner,
+ const RowVector &rows);
+
+ void updateRow(
+ const Row &row);
+
+ bool isNameLabelPresent(
+ const Name &name,
+ const Label &owner) const;
+
+ RowOptional getRow(
+ const Name &name,
+ const Label &ownerLabel,
+ DataType type);
+
+ RowOptional getRow(
+ const Name &name,
+ const Label &ownerLabel,
+ DataType typeRangeStart,
+ DataType typeRangeStop);
+
+ void getRows(
+ const Name &name,
+ const Label &ownerLabel,
+ DataType type,
+ RowVector &output);
+
+ void getRows(
+ const Name &name,
+ const Label &ownerLabel,
+ DataType typeRangeStart,
+ DataType typeRangeStop,
+ RowVector &output);
+
+ void listNames(
+ const Label &smackLabel,
+ LabelNameVector& labelNameVector,
+ DataType type);
+
+ void listNames(
+ const Label &smackLabel,
+ LabelNameVector& labelNameVector,
+ DataType typeRangeStart,
+ DataType typeRangeStop);
+
+ bool deleteRow(
+ const Name &name,
+ const Label &ownerLabel);
+
+ // keys
+ void saveKey(const Label& label, const RawBuffer &key);
+ RawBufferOptional getKey(const Label& label);
+ void deleteKey(const Label& label);
+
+
+ // permissions
+ void setPermission(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &accessorLabel,
+ const PermissionMask permissionMask);
+
+ PermissionMaskOptional getPermissionRow(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &accessorLabel) const;
+
+
+ // transactions
+ int beginTransaction();
+ int commitTransaction();
+ int rollbackTransaction();
+
+ class Transaction {
+ public:
+ Transaction(Crypto *db) :
+ m_db(db),
+ m_inTransaction(false)
+ {
+ if (!m_db->m_inUserTransaction) {
+ Try {
+ m_db->m_connection->ExecCommand("BEGIN EXCLUSIVE");
+ m_db->m_inUserTransaction = true;
+ m_inTransaction = true;
+ } Catch(SqlConnection::Exception::InternalError) {
+ ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state");
+ } Catch(SqlConnection::Exception::Base) {
+ ThrowErr(Exc::TransactionFailed, "Couldn't begin transaction");
}
- void commit() {
- if(m_inTransaction) {
- Try {
- m_db->m_connection->CommitTransaction();
- m_db->m_inUserTransaction = false;
- m_inTransaction = false;
- } Catch (SqlConnection::Exception::InternalError) {
- ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state");
- } Catch (SqlConnection::Exception::Base) {
- ThrowErr(Exc::TransactionFailed, "Couldn't commit transaction");
- }
- }
+ }
+ }
+ void commit()
+ {
+ if (m_inTransaction) {
+ Try {
+ m_db->m_connection->CommitTransaction();
+ m_db->m_inUserTransaction = false;
+ m_inTransaction = false;
+ } Catch(SqlConnection::Exception::InternalError) {
+ ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state");
+ } Catch(SqlConnection::Exception::Base) {
+ ThrowErr(Exc::TransactionFailed, "Couldn't commit transaction");
}
- void rollback() {
- if(m_inTransaction) {
- Try {
- m_db->m_connection->RollbackTransaction();
- m_db->m_inUserTransaction = false;
- m_inTransaction = false;
- } Catch (SqlConnection::Exception::InternalError) {
- ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state");
- } Catch (SqlConnection::Exception::Base) {
- ThrowErr(Exc::TransactionFailed, "Couldn't rollback transaction");
- }
- }
+ }
+ }
+ void rollback()
+ {
+ if (m_inTransaction) {
+ Try {
+ m_db->m_connection->RollbackTransaction();
+ m_db->m_inUserTransaction = false;
+ m_inTransaction = false;
+ } Catch(SqlConnection::Exception::InternalError) {
+ ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state");
+ } Catch(SqlConnection::Exception::Base) {
+ ThrowErr(Exc::TransactionFailed, "Couldn't rollback transaction");
}
- ~Transaction() {
- Try {
- if(m_inTransaction) {
- m_db->m_inUserTransaction = false;
- m_db->m_connection->RollbackTransaction();
- }
- } Catch (SqlConnection::Exception::InternalError) {
- ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state");
- } Catch (SqlConnection::Exception::Base) {
- LogError("Transaction rollback failed!");
- }
+ }
+ }
+ ~Transaction()
+ {
+ Try {
+ if (m_inTransaction) {
+ m_db->m_inUserTransaction = false;
+ m_db->m_connection->RollbackTransaction();
}
- private:
- Crypto *m_db;
- bool m_inTransaction;
- };
-
- protected:
- SqlConnection* m_connection;
- private:
- bool m_inUserTransaction;
-
- void resetDB();
- void initDatabase();
- void createDBSchema();
- /**
- * return current database version
- *
- * @param[out] schemaVersion if success, will contain DB schema version code
- *
- * @return false on DB empty or corrupted, true if information read
- */
- bool getDBVersion(int & schemaVersion);
- typedef boost::optional<std::string> ScriptOptional;
- ScriptOptional getScript(const std::string &scriptName) const;
- ScriptOptional getMigrationScript(int db_version) const;
-
- Row getRow(
- const SqlConnection::DataCommandUniquePtr &selectCommand) const;
-
- void createTable(
- const char *create_cmd,
- const char *table_name);
-
- void createView(
- const char* create_cmd);
-
- class SchemaInfo {
- public:
- explicit SchemaInfo(const Crypto *db) : m_db(db) {}
-
- void setVersionInfo();
- bool getVersionInfo(int & version) const;
-
- private:
- const Crypto *m_db;
- };
-
- public:
- class NameTable {
- public:
- explicit NameTable(SqlConnection* connection) : m_connection(connection) {}
-
- void addRow(
- const Name &name,
- const Label &ownerLabel);
-
- void deleteRow(
- const Name &name,
- const Label &ownerLabel);
-
- void deleteAllRows(
- const Label &ownerLabel);
-
- bool isPresent(
- const Name &name,
- const Label &ownerLabel) const;
-
- private:
- SqlConnection* m_connection;
- };
-
- class ObjectTable {
- public:
- explicit ObjectTable(SqlConnection* connection) : m_connection(connection) {}
-
- void addRow(
- const Row &row);
- void updateRow(
- const Row &row);
-
- private:
- SqlConnection* m_connection;
- };
-
- class PermissionTable {
- public:
- explicit PermissionTable(SqlConnection* connection) : m_connection(connection) {}
-
- void setPermission(
- const Name &name,
- const Label &ownerLabel,
- const Label &accessorLabel,
- const PermissionMask permissionMask);
-
- PermissionMaskOptional getPermissionRow(
- const Name &name,
- const Label &ownerLabel,
- const Label &accessorLabel) const;
-
- private:
- SqlConnection* m_connection;
- };
+ } Catch(SqlConnection::Exception::InternalError) {
+ ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state");
+ } Catch(SqlConnection::Exception::Base) {
+ LogError("Transaction rollback failed!");
+ }
+ }
+
+ private:
+ Crypto *m_db;
+ bool m_inTransaction;
};
+
+protected:
+ SqlConnection* m_connection;
+
+private:
+ bool m_inUserTransaction;
+
+ void resetDB();
+ void initDatabase();
+ void createDBSchema();
+ /**
+ * return current database version
+ *
+ * @param[out] schemaVersion if success, will contain DB schema version code
+ *
+ * @return false on DB empty or corrupted, true if information read
+ */
+ bool getDBVersion(int & schemaVersion);
+ typedef boost::optional<std::string> ScriptOptional;
+ ScriptOptional getScript(const std::string &scriptName) const;
+ ScriptOptional getMigrationScript(int db_version) const;
+
+ Row getRow(
+ const SqlConnection::DataCommandUniquePtr &selectCommand) const;
+
+ void createTable(
+ const char *create_cmd,
+ const char *table_name);
+
+ void createView(
+ const char* create_cmd);
+
+ class SchemaInfo {
+ public:
+ explicit SchemaInfo(const Crypto *db) : m_db(db) {}
+
+ void setVersionInfo();
+ bool getVersionInfo(int & version) const;
+
+ private:
+ const Crypto *m_db;
+ };
+
+public:
+ class NameTable {
+ public:
+ explicit NameTable(SqlConnection* connection) : m_connection(connection) {}
+
+ void addRow(
+ const Name &name,
+ const Label &ownerLabel);
+
+ void deleteRow(
+ const Name &name,
+ const Label &ownerLabel);
+
+ void deleteAllRows(
+ const Label &ownerLabel);
+
+ bool isPresent(
+ const Name &name,
+ const Label &ownerLabel) const;
+
+ private:
+ SqlConnection* m_connection;
+ };
+
+ class ObjectTable {
+ public:
+ explicit ObjectTable(SqlConnection* connection) : m_connection(connection) {}
+
+ void addRow(
+ const Row &row);
+ void updateRow(
+ const Row &row);
+
+ private:
+ SqlConnection* m_connection;
+ };
+
+ class PermissionTable {
+ public:
+ explicit PermissionTable(SqlConnection* connection) : m_connection(connection) {}
+
+ void setPermission(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &accessorLabel,
+ const PermissionMask permissionMask);
+
+ PermissionMaskOptional getPermissionRow(
+ const Name &name,
+ const Label &ownerLabel,
+ const Label &accessorLabel) const;
+
+ private:
+ SqlConnection* m_connection;
+ };
+};
} // namespace DB
} // namespace CKM
, algorithmType(DBCMAlgType::NONE)
, encryptionScheme(0)
, dataSize(data.size())
- {}
+ {
+ }
Name name;
Label ownerLabel;
void EncryptionLogic::Crypt(const CryptoRequest& request)
{
// check arguments
- if(request.input.empty()) {
+ if (request.input.empty()) {
LogError("No input data");
m_service.RespondToClient(request, CKM_API_ERROR_INPUT_PARAM);
return;
namespace CKM {
-class EncryptionLogic
-{
+class EncryptionLogic {
public:
EncryptionLogic(IEncryptionService& service) : m_service(service) {}
virtual ~EncryptionLogic() {}
void Crypt(const CryptoRequest& request);
void KeyRetrieved(MsgKeyResponse response);
+
private:
IEncryptionService& m_service;
namespace CKM {
-EncryptionService::EncryptionService() : m_logic(*this)
+EncryptionService::EncryptionService() :
+ m_logic(*this)
{
}
{
MsgKeyRequest kReq(request.msgId, request.cred, request.name, request.label, request.password);
if (!m_commMgr->SendMessage(kReq))
- throw std::runtime_error("No listener found"); // TODO
+ throw std::runtime_error("No listener found");// TODO
}
GenericSocketService::ServiceDescriptionVector EncryptionService::GetServiceDescription()
};
}
-void EncryptionService::Start() {
+void EncryptionService::Start()
+{
Create();
}
-void EncryptionService::Stop() {
+void EncryptionService::Stop()
+{
Join();
}
ConnectionInfo &info,
bool /*allowed*/)
{
- LogDebug ("process One");
+ LogDebug("process One");
try {
if (!info.buffer.Ready())
return false;
m_logic.Crypt(req);
}
-void EncryptionService::CustomHandle(const ReadEvent &event) {
+void EncryptionService::CustomHandle(const ReadEvent &event)
+{
LogDebug("Read event");
auto &info = m_connectionInfoMap[event.connectionID.counter];
info.buffer.Push(event.rawBuffer);
- while(ProcessOne(event.connectionID, info, true));
+ while (ProcessOne(event.connectionID, info, true));
}
-void EncryptionService::CustomHandle(const SecurityEvent &/*event*/) {
+void EncryptionService::CustomHandle(const SecurityEvent &/*event*/)
+{
LogError("This should not happend! SecurityEvent was called on EncryptionService!");
}
namespace CKM {
-class EncryptionService : public ThreadMessageService<MsgKeyResponse>, public IEncryptionService
-{
+class EncryptionService : public ThreadMessageService<MsgKeyResponse>, public IEncryptionService {
public:
EncryptionService();
virtual ~EncryptionService();
// Custom add custom support for ReadEvent and SecurityEvent
// because we want to bypass security check in EncryptionService
- virtual void Event(const ReadEvent &event) {
+ virtual void Event(const ReadEvent &event)
+ {
CreateEvent([this, event]() { this->CustomHandle(event); });
}
- virtual void Event(const SecurityEvent &event) {
+ virtual void Event(const SecurityEvent &event)
+ {
CreateEvent([this, event]() { this->CustomHandle(event); });
}
{
// Open lock file
m_lockFd = TEMP_FAILURE_RETRY(creat(file, 0644));
- if (m_lockFd == -1) {
+ if (m_lockFd == -1)
throw io_exception("Cannot open lock file. Errno: ", strerror(errno));
- }
if (-1 == lockf(m_lockFd, F_TLOCK, 0)) {
if (errno == EACCES || errno == EAGAIN)
int ret = fsync(m_lockFd);
if (-1 == ret)
- throw io_exception("Fsync failed. Errno: ",strerror(errno));
+ throw io_exception("Fsync failed. Errno: ", strerror(errno));
}
FileLock::~FileLock()
namespace CKM {
-class FileLock
-{
+class FileLock {
public:
explicit FileLock(const char* const file);
~FileLock();
FileSystem::FileSystem(uid_t uid)
: m_uid(uid)
-{}
+{
+}
std::string FileSystem::getDBPath() const
{
return ss.str();
}
-std::string FileSystem::getDKEKPath() const {
+std::string FileSystem::getDKEKPath() const
+{
std::stringstream ss;
ss << CKM_DATA_PATH << CKM_KEY_PREFIX << m_uid;
return ss.str();
}
-std::string FileSystem::getDBDEKPath() const {
+std::string FileSystem::getDBDEKPath() const
+{
std::stringstream ss;
ss << CKM_DATA_PATH << CKM_DB_KEY_PREFIX << m_uid;
return ss.str();
}
-std::string FileSystem::getRemovedAppsPath() const {
+std::string FileSystem::getRemovedAppsPath() const
+{
std::stringstream ss;
ss << CKM_DATA_PATH << CKM_REMOVED_APP_PREFIX << m_uid;
return ss.str();
}
-RawBuffer FileSystem::loadFile(const std::string &path) const {
+RawBuffer FileSystem::loadFile(const std::string &path) const
+{
std::ifstream is(path);
if (is.fail() && ENOENT == errno)
"Error opening file: ", path, " Reason: ", description);
}
- std::istreambuf_iterator<char> begin(is),end;
- std::vector<char> buff(begin,end); // This trick does not work with boost vector
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end); // This trick does not work with boost vector
RawBuffer buffer(buff.size());
memcpy(buffer.data(), buff.data(), buff.size());
return loadFile(getDBDEKPath());
}
-void FileSystem::saveFile(const std::string &path, const RawBuffer &buffer) const {
+void FileSystem::saveFile(const std::string &path, const RawBuffer &buffer) const
+{
std::ofstream os(path, std::ios::out | std::ofstream::binary | std::ofstream::trunc);
std::copy(buffer.begin(), buffer.end(), std::ostreambuf_iterator<char>(os));
ThrowErr(Exc::FileSystemFailed, "Failed to save file: ", path);
}
-void FileSystem::saveDKEK(const RawBuffer &buffer) const {
+void FileSystem::saveDKEK(const RawBuffer &buffer) const
+{
saveFile(getDKEKPath(), buffer);
}
-void FileSystem::saveDBDEK(const RawBuffer &buffer) const {
+void FileSystem::saveDBDEK(const RawBuffer &buffer) const
+{
saveFile(getDBDEKPath(), buffer);
}
std::string line;
std::ifstream removedAppsFile(getRemovedAppsPath());
if (removedAppsFile.is_open()) {
- while (! removedAppsFile.eof() ) {
- getline (removedAppsFile,line);
- if(line.size() > 0)
+ while (!removedAppsFile.eof()) {
+ getline(removedAppsFile, line);
+ if (line.size() > 0)
removedApps.push_back(line);
}
removedAppsFile.close();
return removedApps;
}
-int FileSystem::init() {
+int FileSystem::init()
+{
errno = 0;
if ((mkdir(CKM_DATA_PATH.c_str(), 0700)) && (errno != EEXIST)) {
int err = errno;
return 0;
}
-UidVector FileSystem::getUIDsFromDBFile() {
+UidVector FileSystem::getUIDsFromDBFile()
+{
UidVector uids;
std::unique_ptr<DIR, std::function<int(DIR*)>>
dirp(::opendir(CKM_DATA_PATH.c_str()), ::closedir);
while ( (!readdir_r(dirp.get(), pEntry.get(), &pDirEntry)) && pDirEntry ) {
// Ignore files with diffrent prefix
- if (strncmp(pDirEntry->d_name, CKM_KEY_PREFIX.c_str(), CKM_KEY_PREFIX.size())) {
+ if (strncmp(pDirEntry->d_name, CKM_KEY_PREFIX.c_str(), CKM_KEY_PREFIX.size()))
continue;
- }
// We find database. Let's extract user id.
try {
return uids;
}
-int FileSystem::removeUserData() const {
+int FileSystem::removeUserData() const
+{
int err, retCode = 0;
if (unlink(getDBPath().c_str())) {
static UidVector getUIDsFromDBFile();
static FileLock lock();
- virtual ~FileSystem(){}
+ virtual ~FileSystem() {}
+
protected:
std::string getDKEKPath() const;
std::string getDBDEKPath() const;
return *wrappedKeyAndInfo;
}
-void WrappedKeyAndInfoContainer::setKeyInfoKeyLength(const unsigned int length){
+void WrappedKeyAndInfoContainer::setKeyInfoKeyLength(const unsigned int length)
+{
wrappedKeyAndInfo->keyInfo.keyLength = length;
}
memset(ptr, 0, sizeof(KeyAndInfo));
// verification
for (size_t size = 0; size < sizeof(KeyAndInfo); ++size) {
- if (ptr[size]) {
+ if (ptr[size])
LogError("Write momory error! Memory used by key was not owerwritten.");
- }
}
delete keyAndInfo;
}
-KeyProvider::KeyProvider()
- : m_kmcDKEK(NULL)
- , m_isInitialized(false)
+KeyProvider::KeyProvider() :
+ m_kmcDKEK(NULL),
+ m_isInitialized(false)
{
LogDebug("Created empty KeyProvider");
}
KeyProvider::KeyProvider(
const RawBuffer &domainKEKInWrapForm,
- const Password &password)
- : m_kmcDKEK(new KeyAndInfoContainer())
- , m_isInitialized(true)
+ const Password &password) :
+ m_kmcDKEK(new KeyAndInfoContainer()),
+ m_isInitialized(true)
{
- if (!m_isInitialized) {
+ if (!m_isInitialized)
ThrowErr(Exc::InternalError, "Object not initialized!. Should not happened");
- }
+
if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
LogError("input size:" << domainKEKInWrapForm.size()
<< " Expected: " << sizeof(WrappedKeyAndInfo));
PBKDF2_ITERATIONS,
MAX_KEY_SIZE,
PKEK1)) {
-
delete[] concat_user_pass;
ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
}
PKEK1,
wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv,
m_kmcDKEK->getKeyAndInfo().key))) {
-
ThrowErr(Exc::AuthenticationFailed, "VerifyDomainKEK failed in KeyProvider Constructor");
}
RawBuffer KeyProvider::getPureDomainKEK()
{
- if (!m_isInitialized) {
+ if (!m_isInitialized)
ThrowErr(Exc::InternalError, "Object not initialized!");
- }
// TODO secure
return RawBuffer(m_kmcDKEK->getKeyAndInfo().key, (m_kmcDKEK->getKeyAndInfo().key) + m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength);
RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
{
- if (!m_isInitialized) {
+ if (!m_isInitialized)
ThrowErr(Exc::InternalError, "Object not initialized!");
- }
WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer();
PBKDF2_ITERATIONS,
MAX_KEY_SIZE,
PKEK1)) {
-
delete[] concat_user_pass;
ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
}
int wrappedKeyLength;
if (0 > (wrappedKeyLength = encryptAes256Gcm(
- m_kmcDKEK->getKeyAndInfo().key,
- m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength,
- PKEK1,
- m_kmcDKEK->getKeyAndInfo().keyInfo.iv,
- wkmcDKEK.getWrappedKeyAndInfo().wrappedKey,
- wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag))) {
-
+ m_kmcDKEK->getKeyAndInfo().key,
+ m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength,
+ PKEK1,
+ m_kmcDKEK->getKeyAndInfo().keyInfo.iv,
+ wkmcDKEK.getWrappedKeyAndInfo().wrappedKey,
+ wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag)))
ThrowErr(Exc::InternalError, "WrapDKEK Failed in KeyProvider::getDomainKEK");
- }
wkmcDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm)
{
- if (!m_isInitialized) {
+ if (!m_isInitialized)
ThrowErr(Exc::InternalError, "Object not initialized!");
- }
- if (DEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)){
+ if (DEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
LogError("input size:" << DEKInWrapForm.size()
<< " Expected: " << sizeof(WrappedKeyAndInfo));
ThrowErr(Exc::InternalError,
int keyLength;
if (!PKCS5_PBKDF2_HMAC_SHA1(
- wkmcDEK.getWrappedKeyAndInfo().keyInfo.label,
- strlen(wkmcDEK.getWrappedKeyAndInfo().keyInfo.label),
- m_kmcDKEK->getKeyAndInfo().key,
- MAX_SALT_SIZE,
- PBKDF2_ITERATIONS,
- MAX_KEY_SIZE,
- PKEK2)) {
-
+ wkmcDEK.getWrappedKeyAndInfo().keyInfo.label,
+ strlen(wkmcDEK.getWrappedKeyAndInfo().keyInfo.label),
+ m_kmcDKEK->getKeyAndInfo().key,
+ MAX_SALT_SIZE,
+ PBKDF2_ITERATIONS,
+ MAX_KEY_SIZE,
+ PKEK2))
ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
- }
if (0 > (keyLength = decryptAes256Gcm(
- wkmcDEK.getWrappedKeyAndInfo().wrappedKey,
- wkmcDEK.getWrappedKeyAndInfo().keyInfo.keyLength,
- wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag,
- PKEK2,
- wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv,
- kmcDEK.getKeyAndInfo().key))) {
-
+ wkmcDEK.getWrappedKeyAndInfo().wrappedKey,
+ wkmcDEK.getWrappedKeyAndInfo().keyInfo.keyLength,
+ wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag,
+ PKEK2,
+ wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv,
+ kmcDEK.getKeyAndInfo().key)))
ThrowErr(Exc::InternalError,
"UnwrapDEK Failed in KeyProvider::getPureDEK");
- }
kmcDEK.setKeyInfoKeyLength((unsigned int)keyLength);
RawBuffer KeyProvider::generateDEK(const std::string &smackLabel)
{
- if (!m_isInitialized) {
+ if (!m_isInitialized)
ThrowErr(Exc::InternalError, "Object not initialized!");
- }
WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer();
std::string resized_smackLabel;
uint8_t key[MAX_KEY_SIZE], PKEK2[MAX_KEY_SIZE];
if (!RAND_bytes(key, m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength) ||
- !RAND_bytes(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE)) {
-
+ !RAND_bytes(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE))
ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
- }
if (!PKCS5_PBKDF2_HMAC_SHA1(
- resized_smackLabel.c_str(),
- strlen(resized_smackLabel.c_str()),
- m_kmcDKEK->getKeyAndInfo().key,
- MAX_SALT_SIZE,
- PBKDF2_ITERATIONS,
- MAX_KEY_SIZE,
- PKEK2)) {
-
+ resized_smackLabel.c_str(),
+ strlen(resized_smackLabel.c_str()),
+ m_kmcDKEK->getKeyAndInfo().key,
+ MAX_SALT_SIZE,
+ PBKDF2_ITERATIONS,
+ MAX_KEY_SIZE,
+ PKEK2))
ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
- }
int wrappedKeyLength;
if (0 > (wrappedKeyLength = encryptAes256Gcm(
- key,
- m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength,
- PKEK2,
- wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv,
- wkmcDEK.getWrappedKeyAndInfo().wrappedKey,
- wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag))) {
-
+ key,
+ m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength,
+ PKEK2,
+ wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv,
+ wkmcDEK.getWrappedKeyAndInfo().wrappedKey,
+ wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag)))
ThrowErr(Exc::InternalError, "GenerateDEK Failed in KeyProvider::generateDEK");
- }
wkmcDEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
wkmcDEK.setKeyInfoSalt(m_kmcDKEK->getKeyAndInfo().key, MAX_SALT_SIZE);
PBKDF2_ITERATIONS,
MAX_KEY_SIZE,
PKEK1)) {
-
delete[] concat_user_pass;
ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
}
delete[] concat_user_pass;
if (0 > (keyLength = decryptAes256Gcm(
- wkmcOldDKEK.getWrappedKeyAndInfo().wrappedKey,
- wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.keyLength,
- wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.tag,
- PKEK1,
- wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.iv,
- kmcDKEK.getKeyAndInfo().key))) {
-
+ wkmcOldDKEK.getWrappedKeyAndInfo().wrappedKey,
+ wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.keyLength,
+ wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.tag,
+ PKEK1,
+ wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.iv,
+ kmcDKEK.getKeyAndInfo().key)))
ThrowErr(Exc::AuthenticationFailed, "Incorrect Old Password ");
- }
kmcDKEK.setKeyInfo(&(wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo));
kmcDKEK.setKeyInfoKeyLength((unsigned int)keyLength);
newPass.c_str());
if (!PKCS5_PBKDF2_HMAC_SHA1(
- concat_user_pass,
- strlen(concat_user_pass),
- kmcDKEK.getKeyAndInfo().keyInfo.salt,
- MAX_SALT_SIZE,
- PBKDF2_ITERATIONS,
- MAX_KEY_SIZE,
- PKEK1)) {
-
+ concat_user_pass,
+ strlen(concat_user_pass),
+ kmcDKEK.getKeyAndInfo().keyInfo.salt,
+ MAX_SALT_SIZE,
+ PBKDF2_ITERATIONS,
+ MAX_KEY_SIZE,
+ PKEK1)) {
delete[] concat_user_pass;
ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
}
wkmcNewDKEK.setKeyInfo(&(kmcDKEK.getKeyAndInfo().keyInfo));
if (0 > (wrappedKeyLength = encryptAes256Gcm(
- kmcDKEK.getKeyAndInfo().key,
- kmcDKEK.getKeyAndInfo().keyInfo.keyLength,
- PKEK1,
- kmcDKEK.getKeyAndInfo().keyInfo.iv,
- wkmcNewDKEK.getWrappedKeyAndInfo().wrappedKey,
- wkmcNewDKEK.getWrappedKeyAndInfo().keyInfo.tag))) {
-
+ kmcDKEK.getKeyAndInfo().key,
+ kmcDKEK.getKeyAndInfo().keyInfo.keyLength,
+ PKEK1,
+ kmcDKEK.getKeyAndInfo().keyInfo.iv,
+ wkmcNewDKEK.getWrappedKeyAndInfo().wrappedKey,
+ wkmcNewDKEK.getWrappedKeyAndInfo().keyInfo.tag)))
ThrowErr(Exc::InternalError, "UpdateDomainKEK in KeyProvider::reencrypt Failed");
- }
wkmcNewDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
uint8_t key[MAX_KEY_SIZE], PKEK1[MAX_KEY_SIZE];
if (!RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, MAX_SALT_SIZE) ||
- !RAND_bytes(key, MAX_KEY_SIZE) ||
- !RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE))
+ !RAND_bytes(key, MAX_KEY_SIZE) ||
+ !RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE))
ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
int wrappedKeyLength;
char *concat_user_pass = NULL;
concat_user_pass = concat_password_user(user.c_str(), userPassword.c_str());
if (!PKCS5_PBKDF2_HMAC_SHA1(
- concat_user_pass,
- strlen(concat_user_pass),
- wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt,
- MAX_SALT_SIZE,
- PBKDF2_ITERATIONS,
- MAX_KEY_SIZE,
- PKEK1)) {
-
+ concat_user_pass,
+ strlen(concat_user_pass),
+ wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt,
+ MAX_SALT_SIZE,
+ PBKDF2_ITERATIONS,
+ MAX_KEY_SIZE,
+ PKEK1)) {
delete[] concat_user_pass;
ThrowErr(Exc::InternalError, "OPENSSL_ENGINED_ERROR");
}
delete[] concat_user_pass;
if (0 > (wrappedKeyLength = encryptAes256Gcm(
- key,
- MAX_KEY_SIZE,
- PKEK1,
- wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv,
- wkmcDKEK.getWrappedKeyAndInfo().wrappedKey,
- wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag))) {
-
+ key,
+ MAX_KEY_SIZE,
+ PKEK1,
+ wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv,
+ wkmcDKEK.getWrappedKeyAndInfo().wrappedKey,
+ wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag)))
ThrowErr(Exc::InternalError,
"GenerateDomainKEK Failed in KeyProvider::generateDomainKEK");
- }
wkmcDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
wkmcDKEK.setKeyInfoLabel(user);
int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext, int plaintext_len, const unsigned char *key, const unsigned char *iv, unsigned char *ciphertext, unsigned char *tag)
{
-
EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len = 0;
- if (!(ctx = EVP_CIPHER_CTX_new())) {
+ if (!(ctx = EVP_CIPHER_CTX_new()))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
+ if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
+ if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) {
+ if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
return OPENSSL_ENGINE_ERROR;
- }
+
ciphertext_len = len;
- if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) {
+ if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
return OPENSSL_ENGINE_ERROR;
- }
+
ciphertext_len += len;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag)) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
return OPENSSL_ENGINE_ERROR;
- }
EVP_CIPHER_CTX_free(ctx);
int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, const unsigned char *key, const unsigned char *iv, unsigned char *plaintext)
{
-
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
int ret;
- if (!(ctx = EVP_CIPHER_CTX_new())) {
+ if (!(ctx = EVP_CIPHER_CTX_new()))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) {
+
+ if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag)) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
return OPENSSL_ENGINE_ERROR;
- }
- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) {
+ if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
return OPENSSL_ENGINE_ERROR;
- }
+
plaintext_len = len;
- if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len))) {
+ if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
return OPENSSL_ENGINE_ERROR;
- }
EVP_CIPHER_CTX_free(ctx);
if (ret > 0) {
plaintext_len += len;
return plaintext_len;
- }
- else {
+ } else {
return -1;
}
}
resized_user = new char[MAX_LABEL_SIZE];
memcpy(resized_user, user, MAX_LABEL_SIZE-1);
resized_user[MAX_LABEL_SIZE-1] = '\0';
- }
- else {
+ } else {
resized_user = new char[strlen(user)+1];
memcpy(resized_user, user, strlen(user));
resized_user[strlen(user)] = '\0';
}
+
concat_user_pass_len = strlen(resized_user) + strlen(password) + 1;
concat_user_pass = new char[concat_user_pass_len];
uint8_t wrappedKey[MAX_WRAPPED_KEY_SIZE];
} WrappedKeyAndInfo;
-class WrappedKeyAndInfoContainer{
+class WrappedKeyAndInfoContainer {
public:
WrappedKeyAndInfoContainer();
WrappedKeyAndInfoContainer(const unsigned char*);
void setKeyInfoSalt(const unsigned char*, const int);
void setKeyInfo(const KeyComponentsInfo*);
~WrappedKeyAndInfoContainer();
+
private:
WrappedKeyAndInfo *wrappedKeyAndInfo;
};
-class KeyAndInfoContainer{
+class KeyAndInfoContainer {
public:
KeyAndInfoContainer();
KeyAndInfoContainer(const unsigned char*);
void setKeyInfoKeyLength(const unsigned int);
void setKeyInfo(const KeyComponentsInfo*);
~KeyAndInfoContainer();
+
private:
KeyAndInfo *keyAndInfo;
};
static int closeLibrary();
virtual ~KeyProvider();
+
private:
// KeyAndInfoContainer class
std::shared_ptr<KeyAndInfoContainer> m_kmcDKEK;
static char * concat_password_user(
const char *user,
const char *password);
-
};
} // namespace CKM
m_isNetAvailable = false;
}
-RawBuffer OCSPLogic::ocspCheck(int commandId, const RawBufferVector &rawChain, bool allowed) {
+RawBuffer OCSPLogic::ocspCheck(int commandId, const RawBufferVector &rawChain, bool allowed)
+{
CertificateImplVector certChain;
OCSPModule ocsp;
int retCode = CKM_API_SUCCESS;
retCode = CKM_API_ERROR_NOT_SUPPORTED;
} else if (!allowed) {
retCode = CKM_API_ERROR_ACCESS_DENIED;
- } else if(rawChain.size() < 2) {
+ } else if (rawChain.size() < 2) {
LogError("Certificate chain should contain at least 2 certificates");
retCode = CKM_API_ERROR_INPUT_PARAM;
} else {
OCSPLogic& operator=(OCSPLogic &&) = delete;
RawBuffer ocspCheck(int commandId, const RawBufferVector &rawChain, bool allowed);
- virtual ~OCSPLogic(){}
+ virtual ~OCSPLogic() {}
+
private:
void setNetAvailable();
bool m_isNetAvailable;
};
-
-
-
} // namespace CKM
OCSPService::OCSPService()
: m_logic(new OCSPLogic())
-{}
+{
+}
-OCSPService::~OCSPService() {
+OCSPService::~OCSPService()
+{
delete m_logic;
}
-void OCSPService::Start() {
+void OCSPService::Start()
+{
Create();
}
-void OCSPService::Stop() {
+void OCSPService::Stop()
+{
Join();
}
ConnectionInfo &info,
bool allowed)
{
- LogDebug ("process One");
+ LogDebug("process One");
Try {
if (!info.buffer.Ready())
m_serviceManager->Write(conn, response);
return true;
- } Catch (MessageBuffer::Exception::Base) {
+ } Catch(MessageBuffer::Exception::Base) {
LogError("Broken protocol. Closing socket.");
} catch (const std::string &e) {
LogError("String exception(" << e << "). Closing socket");
class OCSPLogic;
-class OCSPService : public CKM::ThreadService
-{
+class OCSPService : public CKM::ThreadService {
public:
OCSPService();
OCSPService(const OCSPService &) = delete;
namespace {
typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr;
-void BIO_write_and_free(BIO* bio) {
+void BIO_write_and_free(BIO* bio)
+{
if (!bio)
return;
} // namespace anonymous
-OCSPModule::OCSPModule() {
+OCSPModule::OCSPModule()
+{
// Do nothing.
}
-OCSPModule::~OCSPModule(){
+OCSPModule::~OCSPModule()
+{
// Do nothing.
}
-int OCSPModule::verify(const CertificateImplVector &certificateChain) {
+int OCSPModule::verify(const CertificateImplVector &certificateChain)
+{
bool unsupported = false; // ocsp is unsupported in certificate in chain (except root CA)
// create trusted store
X509_STACK_PTR trustedCerts = create_x509_stack();
// skip first 2 certificates
- for (auto it=certificateChain.cbegin()+2; it < certificateChain.cend(); it++)
- {
+ for (auto it = certificateChain.cbegin() + 2; it < certificateChain.cend(); it++) {
if (it->empty()) {
LogError("Error. Broken certificate chain.");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
sk_X509_push(trustedCerts.get(), it->getX509());
}
- for (int i=0; i < static_cast<int>(certificateChain.size())-1; i++) {// except root certificate
+ for (int i = 0; i < static_cast<int>(certificateChain.size()) - 1; i++) {// except root certificate
if (certificateChain[i].empty() || certificateChain[i+1].empty()) {
LogError("Error. Broken certificate chain.");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
// remove first element from trustedCerts store
sk_X509_delete(trustedCerts.get(), 0);
- if(result != CKM_API_OCSP_STATUS_GOOD) {
+ if (result != CKM_API_OCSP_STATUS_GOOD) {
LogError("Fail to OCSP certification check. Errorcode=[" << result <<
"], on certChain[" << i << "]");
return result;
return CKM_API_OCSP_STATUS_GOOD;
}
-int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCerts, const std::string &constUrl) {
+int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCerts, const std::string &constUrl)
+{
OCSP_REQUEST *req = NULL;
OCSP_RESPONSE *resp = NULL;
OCSP_BASICRESP *bs = NULL;
char subj_buf[256];
int reason = 0;
// const char *reason_str = NULL;0
- X509_STORE *trustedStore=NULL;
+ X509_STORE *trustedStore = NULL;
BioUniquePtr bioLogger(BIO_new(BIO_s_mem()), BIO_write_and_free);
std::vector<char> url(constUrl.begin(), constUrl.end());
url.push_back(0);
- if (!OCSP_parse_url(url.data(), &host, &port, &path, &use_ssl)) {
+ if (!OCSP_parse_url(url.data(), &host, &port, &path, &use_ssl))
/* report error */
return CKM_API_OCSP_STATUS_INVALID_URL;
- }
LogDebug("Host: " << host);
LogDebug("Port: " << port);
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
- if (port != NULL) {
- BIO_set_conn_port(cbio, port);
- }
+ if (port != NULL)
+ BIO_set_conn_port(cbio, port);
if (use_ssl == 1) {
BIO *sbio = NULL;
/* report error */
/* free stuff */
- if (host != NULL) {
+ if (host != NULL)
OPENSSL_free(host);
- }
- if (port != NULL) {
+ if (port != NULL)
OPENSSL_free(port);
- }
- if (path != NULL) {
+ if (path != NULL)
OPENSSL_free(path);
- }
+
host = port = path = NULL;
- if (use_ssl && use_ssl_ctx) {
+ if (use_ssl && use_ssl_ctx)
SSL_CTX_free(use_ssl_ctx);
- }
+
use_ssl_ctx = NULL;
- if (cbio != NULL) {
+ if (cbio != NULL)
BIO_free_all(cbio);
- }
+
cbio = NULL;
return CKM_API_OCSP_STATUS_NET_ERROR;
}
req = OCSP_REQUEST_new();
-
- if(req == NULL) {
+ if (req == NULL) {
LogDebug("Error in OCPS_REQUEST_new");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
+
certid = OCSP_cert_to_id(NULL, cert, issuer);
- if(certid == NULL) {
+ if (certid == NULL) {
LogDebug("Error in OCSP_cert_to_id");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
- if(OCSP_request_add0_id(req, certid) == NULL) {
+ if (OCSP_request_add0_id(req, certid) == NULL) {
LogDebug("Error in OCSP_request_add0_id");
return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
}
resp = OCSP_sendreq_bio(cbio, path, req);
-
/* free some stuff we no longer need */
- if (host != NULL) {
+ if (host != NULL)
OPENSSL_free(host);
- }
- if (port != NULL) {
+ if (port != NULL)
OPENSSL_free(port);
- }
- if (path != NULL) {
+ if (path != NULL)
OPENSSL_free(path);
- }
+
host = port = path = NULL;
- if (use_ssl && use_ssl_ctx) {
+ if (use_ssl && use_ssl_ctx)
SSL_CTX_free(use_ssl_ctx);
- }
+
use_ssl_ctx = NULL;
- if (cbio != NULL) {
+ if (cbio != NULL)
BIO_free_all(cbio);
- }
+
cbio = NULL;
if (!resp) {
return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
}
- if(trustedCerts != NULL) {
+ if (trustedCerts != NULL) {
trustedStore = X509_STORE_new();
- for(int tmpIdx=0; tmpIdx<sk_X509_num(trustedCerts); tmpIdx++) {
+
+ for (int tmpIdx = 0; tmpIdx < sk_X509_num(trustedCerts); tmpIdx++)
X509_STORE_add_cert(trustedStore, sk_X509_value(trustedCerts, tmpIdx));
- }
+
X509_STORE_add_cert(trustedStore, issuer);
}
}
(void)X509_NAME_oneline(X509_get_subject_name(cert), subj_buf, 255);
- if(!OCSP_resp_find_status(bs, certid, &ocspStatus, &reason,
+ if (!OCSP_resp_find_status(bs, certid, &ocspStatus, &reason,
&rev, &thisupd, &nextupd)) {
/* report error */
ERR_print_errors(bioLogger.get());
bs = NULL;
}
- if(trustedStore != NULL) {
+ if (trustedStore != NULL) {
X509_STORE_free(trustedStore);
trustedStore = NULL;
}
- switch(ocspStatus) {
+ switch (ocspStatus) {
case V_OCSP_CERTSTATUS_GOOD:
return CKM_API_OCSP_STATUS_GOOD;
case V_OCSP_CERTSTATUS_REVOKED:
// all error code from project will be defined in public client api
// OK, UNKNOWN, REVOKED, NO_NETWORK, TIMEOUT
int verify(const CertificateImplVector &certificateChain);
+
private:
int ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCerts, const std::string &url);
};
PermissionForLabel(const Label & accessor, const PermissionMaskOptional mask)
{
accessorLabel = accessor;
- if(mask)
+ if (mask)
permissionMask = *mask;
else
permissionMask = Permission::NONE;
}
- int operator&(const Permission &bit) const {
+ int operator&(const Permission &bit) const
+ {
return permissionMask & bit;
}
};
namespace CKM {
struct Token {
- Token()
- : backendId(CryptoBackend::None)
- {}
- Token(CryptoBackend pBackendId, DataType pDataType, const RawBuffer &pData)
- : backendId(pBackendId)
- , dataType(pDataType)
- , data(pData)
- {}
+ Token() :
+ backendId(CryptoBackend::None)
+ {
+ }
+
+ Token(CryptoBackend pBackendId, DataType pDataType, const RawBuffer &pData) :
+ backendId(pBackendId),
+ dataType(pDataType),
+ data(pData)
+ {
+ }
CryptoBackend backendId;
DataType dataType;
RawBuffer data;
};
-typedef std::pair<Token,Token> TokenPair;
+typedef std::pair<Token, Token> TokenPair;
} // namespace CKM
#include <shadow.h>
#include <ckm/ckm-control.h>
-namespace
-{
+namespace {
#define PASSWORD_SHADOWED "x"
std::string old_password;
struct passwd *pwd;
if ((pwd = getpwnam(user)) == NULL)
return true;
- if(strcmp(pwd->pw_passwd, PASSWORD_SHADOWED)==0)
- {
+ if (strcmp(pwd->pw_passwd, PASSWORD_SHADOWED) == 0) {
struct spwd *pwd_sh;
if ((pwd_sh = getspnam(user)) == NULL)
return true;
passwd = std::string(pwd_sh->sp_pwdp);
- }
- else
+ } else {
passwd = std::string(pwd->pw_passwd);
+ }
uid = pwd->pw_uid;
return false;
}
// identify user
uid_t uid = -1;
std::string passwd;
- if(identify_user_pwd(pamh, uid, passwd))
+ if (identify_user_pwd(pamh, uid, passwd))
return PAM_SESSION_ERR;
auto control = CKM::Control::create();
int ec = control->unlockUserKey(uid, passwd.c_str());
- if(ec == CKM_API_SUCCESS)
+ if (ec == CKM_API_SUCCESS)
return PAM_SUCCESS;
- if(ec == CKM_API_ERROR_AUTHENTICATION_FAILED)
- {
+ if (ec == CKM_API_ERROR_AUTHENTICATION_FAILED) {
pam_syslog(pamh, LOG_ERR, "key-manager and system password desynchronized,"
"removing key-manager database for user: %d\n", uid);
// key-manager<->system password desync
// remove the user content
ec = control->removeUserData(uid);
- if(ec == CKM_API_SUCCESS) {
+ if (ec == CKM_API_SUCCESS) {
ec = CKM::Control::create()->unlockUserKey(uid, passwd.c_str());
- if(ec == CKM_API_SUCCESS)
+ if (ec == CKM_API_SUCCESS)
return PAM_SUCCESS;
pam_syslog(pamh, LOG_ERR, "key-manager and system password desynchronized,"
"attempt to create new database failed: %d\n", ec);
// identify user
uid_t uid = -1;
std::string passwd;
- if(identify_user_pwd(pamh, uid, passwd))
+ if (identify_user_pwd(pamh, uid, passwd))
return PAM_SESSION_ERR;
- if(CKM::Control::create()->lockUserKey(uid) == CKM_API_SUCCESS)
+ if (CKM::Control::create()->lockUserKey(uid) == CKM_API_SUCCESS)
return PAM_SUCCESS;
return PAM_SESSION_ERR;
COMMON_API PAM_EXTERN int
pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
- if(argc==0) {
+ if (argc == 0) {
pam_syslog(pamh, LOG_ERR, "key-manager plugin called with inappropriate arguments\n");
return PAM_SERVICE_ERR;
}
// identify user
uid_t uid = -1;
std::string passwd;
- if(identify_user_pwd(pamh, uid, passwd))
+ if (identify_user_pwd(pamh, uid, passwd))
return PAM_USER_UNKNOWN;
// attention: argv[0] is the argument, not the binary/so name
// args are in arg_name=value format
- if(strstr(argv[0], "change_step"))
- {
- if(strstr(argv[0], "before"))
- {
- if( ! (flags & PAM_PRELIM_CHECK))
+ if (strstr(argv[0], "change_step")) {
+ if (strstr(argv[0], "before")) {
+ if (!(flags & PAM_PRELIM_CHECK))
old_password = passwd;
return PAM_SUCCESS;
- }
- else if(strstr(argv[0], "after"))
- {
- if(flags & PAM_PRELIM_CHECK)
+ } else if (strstr(argv[0], "after")) {
+ if (flags & PAM_PRELIM_CHECK)
return PAM_SUCCESS;
- if(old_password.size() == 0) {
+ if (old_password.size() == 0) {
pam_syslog(pamh, LOG_ERR, "attempt to change key-manager password w/o old password\n");
return PAM_SERVICE_ERR;
}
projects / platform / core / security / key-manager.git / commitdiff