From: Krzysztof Jackiewicz Date: Tue, 7 Nov 2017 16:08:07 +0000 (+0100) Subject: Master key storage plugin API X-Git-Tag: submit/tizen/20171201.152910~15 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=40a311a88519cd9a89fb34d951ff95a58c31ed9e;p=platform%2Fcore%2Fsecurity%2Fode.git Master key storage plugin API Change-Id: I81d8cc6376350df9797ebe11134a646b3614744c --- diff --git a/CMakeLists.txt b/CMakeLists.txt index f0e4e94..229f1e6 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -28,10 +28,11 @@ IF(NOT CMAKE_BUILD_TYPE) SET(CMAKE_BUILD_TYPE "DEBUG") ENDIF(NOT CMAKE_BUILD_TYPE) -SET(ODE_LIB ${PROJECT_SOURCE_DIR}/lib) -SET(ODE_SERVER ${PROJECT_SOURCE_DIR}/server) -SET(ODE_TOOLS ${PROJECT_SOURCE_DIR}/tools) -SET(ODE_TESTS ${PROJECT_SOURCE_DIR}/tests) +SET(ODE_LIB ${PROJECT_SOURCE_DIR}/lib) +SET(ODE_KEY_STORAGE_PLUGIN ${PROJECT_SOURCE_DIR}/ode-key-storage-plugin) +SET(ODE_SERVER ${PROJECT_SOURCE_DIR}/server) +SET(ODE_TOOLS ${PROJECT_SOURCE_DIR}/tools) +SET(ODE_TESTS ${PROJECT_SOURCE_DIR}/tests) IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU" AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7) SET(CXX_STD "c++0x") @@ -88,6 +89,7 @@ ENDIF(NOT DEFINED SYSTEMD_UNIT_DIR) ADD_DEFINITIONS(-DUG_WAYLAND) ADD_SUBDIRECTORY(${ODE_LIB}) +ADD_SUBDIRECTORY(${ODE_KEY_STORAGE_PLUGIN}) ADD_SUBDIRECTORY(${ODE_SERVER}) ADD_SUBDIRECTORY(${ODE_TOOLS}) ADD_SUBDIRECTORY(${ODE_TESTS}) diff --git a/ode-key-storage-plugin/CMakeLists.txt b/ode-key-storage-plugin/CMakeLists.txt new file mode 100755 index 0000000..297ff17 --- /dev/null +++ b/ode-key-storage-plugin/CMakeLists.txt @@ -0,0 +1,24 @@ +# +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +SET(PC_FILE "${PROJECT_NAME}-key-storage-plugin.pc") + +CONFIGURE_FILE(${PC_FILE}.in ${CMAKE_BINARY_DIR}/${PC_FILE} @ONLY) + +INSTALL(FILES ${CMAKE_BINARY_DIR}/${PC_FILE} DESTINATION ${LIB_INSTALL_DIR}/pkgconfig) + +INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/ode-key-storage-plugin.h + DESTINATION ${INCLUDE_INSTALL_DIR}/ode-key-storage-plugin) diff --git a/ode-key-storage-plugin/ode-key-storage-plugin.h b/ode-key-storage-plugin/ode-key-storage-plugin.h new file mode 100644 index 0000000..1182cf2 --- /dev/null +++ b/ode-key-storage-plugin/ode-key-storage-plugin.h @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file ode-key-storage-plugin.h + * @brief This file provides APIs to be implemented by plugins responsible for + * master key storage for the purpose of system upgrade. + */ + +#ifndef __CAPI_ODE_KEY_STORAGE_PLUGIN_H__ +#define __CAPI_ODE_KEY_STORAGE_PLUGIN_H__ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef ODE_KSP_API +#define ODE_KSP_API __attribute__((visibility("default"))) +#endif + +/** + * @brief Enumeration of key storage plugin API errors + * @since_tizen 4.0 + */ +typedef enum { + ODE_KSP_ERROR_NONE = TIZEN_ERROR_NONE, /**< The operation was successful */ + ODE_KSP_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid parameter */ + ODE_KSP_ERROR_NO_SUCH_FILE = TIZEN_ERROR_NO_SUCH_FILE, /**< No such file or directory */ + ODE_KSP_ERROR_UNKNOWN = TIZEN_ERROR_UNKNOWN /**< Unknown error */ +} ode_ksp_error_type_e; + + +/** + * @brief Store the master encryption key + * + * @details This plugin function will be called when the master key has to be + * stored for the purpose of system upgrade. The function should + * return data that is necessary to load the key. + * + * @since_tizen 4.0 + * + * @param[in] key Master key to store + * @param[in] key_len Length of the master key + * @param[out] token Token returned by plugin needed to load the stored + * key. Caller is responsible for freeing it with free() + * @param[out] token_len Length of the @a token + * + * @return #ODE_KSP_ERROR_NONE on success, otherwise a negative value + * + * @retval #ODE_KSP_ERROR_NONE Successful + * @retval #ODE_KSP_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_KSP_ERROR_UNKNOWN Unknown error + * + * @see ode_ksp_load() + * @see ode_ksp_remove() + */ +ODE_KSP_API int ode_ksp_store(const unsigned char* key, size_t key_len, + unsigned char** token, size_t* token_len); + +/** + * @brief Load the master encryption key + * + * @details This plugin function will be called during system upgrade to load + * the master key previously stored with ode_ksp_store(). The + * function should return the master key. + * + * @since_tizen 4.0 + * + * @param[in] token Token returned by ode_ksp_store() + * @param[in] token_len Length of the token + * @param[out] key Loaded master key. Caller is responsible for freeing + * it with free() + * @param[out] key_len Length of the @a key + * + * @return #ODE_KSP_ERROR_NONE on success, otherwise a negative value + * + * @retval #ODE_KSP_ERROR_NONE Successful + * @retval #ODE_KSP_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_KSP_ERROR_NO_SUCH_FILE No key matching the given token exists + * @retval #ODE_KSP_ERROR_UNKNOWN Unknown error + * + * @see ode_ksp_store() + * @see ode_ksp_remove() + */ +ODE_KSP_API int ode_ksp_load(const unsigned char* token, size_t token_len, + unsigned char** key, size_t* key_len); + +/** + * @brief Remove master key data + * + * @details This plugin function will be called when the master key is not + * needed anymore. Plugin can erase all internal data associated + * with given token in this function. + * + * @since_tizen 4.0 + * + * @param[in] token Token returned by ode_ksp_store() + * @param[in] token_len Length of the token + * + * @return #ODE_KSP_ERROR_NONE on success, otherwise a negative value + * + * @retval #ODE_KSP_ERROR_NONE Successful + * @retval #ODE_KSP_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_KSP_ERROR_NO_SUCH_FILE No key matching the given token exists + * @retval #ODE_KSP_ERROR_UNKNOWN Unknown error + * + * @see ode_ksp_store() + */ +ODE_KSP_API int ode_ksp_remove(const unsigned char* token, size_t token_len); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_ODE_KEY_STORAGE_PLUGIN_H__ */ diff --git a/ode-key-storage-plugin/ode-key-storage-plugin.pc.in b/ode-key-storage-plugin/ode-key-storage-plugin.pc.in new file mode 100644 index 0000000..5a506c1 --- /dev/null +++ b/ode-key-storage-plugin/ode-key-storage-plugin.pc.in @@ -0,0 +1,7 @@ +# Package Information for pkg-config + +Name: @PROJECT_NAME@-key-storage-plugin +Description: Tizen @PROJECT_NAME@ key storage plugin headers +Version: @VERSION@ + +Cflags: -I@INCLUDE_INSTALL_DIR@/@PROJECT_NAME@-key-storage-plugin \ No newline at end of file diff --git a/packaging/ode.spec b/packaging/ode.spec index 495b557..75340c0 100755 --- a/packaging/ode.spec +++ b/packaging/ode.spec @@ -119,6 +119,21 @@ developing device encryption client program. %{_includedir}/ode %{_libdir}/pkgconfig/ode.pc +## Plugin Devel Package ############################################################## +%package ksp-devel +Summary: Header files for key storage plugin development +Group: Development/Libraries + +%description ksp-devel +The ode-ksp-devel package includes header files necessary for key storage +plugin development + +%files ksp-devel +%manifest ode.manifest +%defattr(644,root,root,755) +%{_includedir}/ode-key-storage-plugin +%{_libdir}/pkgconfig/ode-key-storage-plugin.pc + ## Unittest Package ########################################################### %package unit-tests Summary: Unit tests to verify components of device encryption