namespace CKM {
+namespace {
+
+int toBinaryData(const Crypto::Data &input, Crypto::Data &output)
+{
+ // verify the data integrity
+ if (input.type.isKey()) {
+ KeyShPtr output_key;
+
+ if (input.type.isSKey())
+ output_key = CKM::Key::createAES(input.data);
+ else
+ output_key = CKM::Key::create(input.data);
+
+ if (output_key.get() == NULL) {
+ LogDebug("provided binary data is not valid key data");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
+
+ output = std::move(Crypto::Data(input.type, output_key->getDER()));
+ } else if (input.type.isCertificate() || input.type.isChainCert()) {
+ CertificateShPtr cert = CKM::Certificate::create(input.data,
+ DataFormat::FORM_DER);
+
+ if (cert.get() == NULL) {
+ LogDebug("provided binary data is not valid certificate data");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
+
+ output = std::move(Crypto::Data(input.type, cert->getDER()));
+ } else {
+ output = input;
+ }
+
+ // TODO: add here BINARY_DATA verification, i.e: max size etc.
+ return CKM_API_SUCCESS;
+}
+
+int verifyBinaryData(Crypto::Data &input)
+{
+ Crypto::Data dummy;
+ return toBinaryData(input, dummy);
+}
+
+int readSingleRow(const Name &name,
+ const ClientId &owner,
+ DataType dataType,
+ DB::Crypto &database,
+ DB::Row &row)
+{
+ DB::Crypto::RowOptional row_optional;
+
+ if (dataType.isKey()) {
+ // read all key types
+ row_optional = database.getRow(name,
+ owner,
+ DataType::DB_KEY_FIRST,
+ DataType::DB_KEY_LAST);
+ } else {
+ // read anything else
+ row_optional = database.getRow(name,
+ owner,
+ dataType);
+ }
+
+ if (!row_optional) {
+ LogDebug("No row for given name, owner and type");
+ return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
+ } else {
+ row = *row_optional;
+ }
+
+ return CKM_API_SUCCESS;
+}
+
+int readMultiRow(const Name &name,
+ const ClientId &owner,
+ DataType dataType,
+ DB::Crypto &database,
+ DB::RowVector &output)
+{
+ if (dataType.isKey())
+ // read all key types
+ database.getRows(name,
+ owner,
+ DataType::DB_KEY_FIRST,
+ DataType::DB_KEY_LAST,
+ output);
+ else if (dataType.isChainCert())
+ // read all key types
+ database.getRows(name,
+ owner,
+ DataType::DB_CHAIN_FIRST,
+ DataType::DB_CHAIN_LAST,
+ output);
+ else
+ // read anything else
+ database.getRows(name,
+ owner,
+ dataType,
+ output);
+
+ if (!output.size()) {
+ LogDebug("No row for given name, owner and type");
+ return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
+ }
+
+ return CKM_API_SUCCESS;
+}
+
+int loadAppKey(UserData &handle, const ClientId &owner)
+{
+ if (!handle.crypto.haveKey(owner)) {
+ RawBuffer key;
+ auto key_optional = handle.database.getKey(owner);
+
+ if (!key_optional) {
+ LogError("No key for given owner in database");
+ return CKM_API_ERROR_DB_ERROR;
+ }
+
+ key = *key_optional;
+ key = handle.keyProvider.getPureDEK(key);
+ handle.crypto.pushKey(owner, key);
+ }
+
+ return CKM_API_SUCCESS;
+}
+
+} // namespace
+
const uid_t CKMLogic::SYSTEM_DB_UID = 0;
const uid_t CKMLogic::ADMIN_USER_DB_UID = 5001;
return row;
}
-int CKMLogic::verifyBinaryData(Crypto::Data &input) const
-{
- Crypto::Data dummy;
- return toBinaryData(input, dummy);
-}
-
-int CKMLogic::toBinaryData(const Crypto::Data &input,
- Crypto::Data &output) const
-{
- // verify the data integrity
- if (input.type.isKey()) {
- KeyShPtr output_key;
-
- if (input.type.isSKey())
- output_key = CKM::Key::createAES(input.data);
- else
- output_key = CKM::Key::create(input.data);
-
- if (output_key.get() == NULL) {
- LogDebug("provided binary data is not valid key data");
- return CKM_API_ERROR_INPUT_PARAM;
- }
-
- output = std::move(Crypto::Data(input.type, output_key->getDER()));
- } else if (input.type.isCertificate() || input.type.isChainCert()) {
- CertificateShPtr cert = CKM::Certificate::create(input.data,
- DataFormat::FORM_DER);
-
- if (cert.get() == NULL) {
- LogDebug("provided binary data is not valid certificate data");
- return CKM_API_ERROR_INPUT_PARAM;
- }
-
- output = std::move(Crypto::Data(input.type, cert->getDER()));
- } else {
- output = input;
- }
-
- // TODO: add here BINARY_DATA verification, i.e: max size etc.
- return CKM_API_SUCCESS;
-}
-
int CKMLogic::verifyAndSaveDataHelper(
const Credentials &cred,
const Name &name,
return SerializeMessage(msgId, retCode);
}
-int CKMLogic::readSingleRow(const Name &name,
- const ClientId &owner,
- DataType dataType,
- DB::Crypto &database,
- DB::Row &row)
-{
- DB::Crypto::RowOptional row_optional;
-
- if (dataType.isKey()) {
- // read all key types
- row_optional = database.getRow(name,
- owner,
- DataType::DB_KEY_FIRST,
- DataType::DB_KEY_LAST);
- } else {
- // read anything else
- row_optional = database.getRow(name,
- owner,
- dataType);
- }
-
- if (!row_optional) {
- LogDebug("No row for given name, owner and type");
- return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
- } else {
- row = *row_optional;
- }
-
- return CKM_API_SUCCESS;
-}
-
-
-int CKMLogic::readMultiRow(const Name &name,
- const ClientId &owner,
- DataType dataType,
- DB::Crypto &database,
- DB::RowVector &output)
-{
- if (dataType.isKey())
- // read all key types
- database.getRows(name,
- owner,
- DataType::DB_KEY_FIRST,
- DataType::DB_KEY_LAST,
- output);
- else if (dataType.isChainCert())
- // read all key types
- database.getRows(name,
- owner,
- DataType::DB_CHAIN_FIRST,
- DataType::DB_CHAIN_LAST,
- output);
- else
- // read anything else
- database.getRows(name,
- owner,
- dataType,
- output);
-
- if (!output.size()) {
- LogDebug("No row for given name, owner and type");
- return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
- }
-
- return CKM_API_SUCCESS;
-}
int CKMLogic::checkDataPermissionsHelper(const Credentials &accessorCred,
const Name &name,
return SerializeMessage(msgID, retCode);
}
-int CKMLogic::loadAppKey(UserData &handle, const ClientId &owner)
-{
- if (!handle.crypto.haveKey(owner)) {
- RawBuffer key;
- auto key_optional = handle.database.getKey(owner);
-
- if (!key_optional) {
- LogError("No key for given owner in database");
- return CKM_API_ERROR_DB_ERROR;
- }
-
- key = *key_optional;
- key = handle.keyProvider.getPureDEK(key);
- handle.crypto.pushKey(owner, key);
- }
-
- return CKM_API_SUCCESS;
-}
-
} // namespace CKM
/*
- * Copyright (c) 2014 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const OwnerNameVector &trustedCertificates,
bool useTrustedSystemCertificates);
- RawBuffer createSignature(
+ RawBuffer createSignature(
const Credentials &cred,
int msgId,
const Name &privateKeyName,
uid_t user,
const Password &password);
- int verifyBinaryData(Crypto::Data &input_data) const;
-
- int toBinaryData(
- const Crypto::Data &input_data,
- Crypto::Data &output_data) const;
-
int checkSaveConditions(
const Credentials &cred,
UserData &handler,
const Name &name,
const ClientId &explicitOwner);
- int readSingleRow(
- const Name &name,
- const ClientId &owner,
- DataType dataType,
- DB::Crypto &database,
- DB::Row &row);
-
- int readMultiRow(const Name &name,
- const ClientId &owner,
- DataType dataType,
- DB::Crypto &database,
- DB::RowVector &output);
-
int checkDataPermissionsHelper(
const Credentials &accessorCred,
const Name &name,
int resetUserPasswordHelper(uid_t user, const Password &newPassword);
- int loadAppKey(UserData &handle, const ClientId &owner);
-
void migrateSecureStorageData(bool isAdminUser);
AccessControl m_accessControl;
Crypto::Decider m_decider;
- //FileLock m_lock;
protected:
std::map<uid_t, UserData> m_userDataMap;
projects / platform / core / security / key-manager.git / commitdiff