From: Sungbae Yoo Date: Thu, 17 Nov 2016 02:45:06 +0000 (+0900) Subject: Refactor KeyStore X-Git-Tag: submit/tizen/20170213.020148~40 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a746fc4d4de59506b67347f65d7e5626ab01a72a;p=platform%2Fcore%2Fsecurity%2Fode.git Refactor KeyStore Change-Id: Ic419649691cc6d808c5d05b6e70e6b18117aeef5 Signed-off-by: Sungbae Yoo --- diff --git a/server/key-manager/key-manager.cpp b/server/key-manager/key-manager.cpp index a1adff2..a584197 100755 --- a/server/key-manager/key-manager.cpp +++ b/server/key-manager/key-manager.cpp @@ -46,6 +46,7 @@ void KeyManager::initPassword(const KeyManager::data& password) store.setSalt(salt); store.setEDK(edk); store.setEMK(emk); + store.flush(); } void KeyManager::changePassword(const KeyManager::data& old_password, @@ -68,6 +69,7 @@ void KeyManager::changePassword(const KeyManager::data& old_password, store.setSalt(salt); store.setEDK(edk); store.setEMK(emk); + store.flush(); } bool KeyManager::verifyPassword(const KeyManager::data& password) @@ -88,6 +90,11 @@ bool KeyManager::verifyPassword(const KeyManager::data& password) } } +void KeyManager::clearPassword() +{ + store.remove(); +} + KeyManager::data KeyManager::getDEK(const KeyManager::data& password) { data salt, edk; diff --git a/server/key-manager/key-manager.h b/server/key-manager/key-manager.h index 299de31..17db47f 100644 --- a/server/key-manager/key-manager.h +++ b/server/key-manager/key-manager.h @@ -39,6 +39,8 @@ public: void initPassword(const data& password); void changePassword(const data& old_password, const data& new_password); bool verifyPassword(const data& password); + void clearPassword(); + data getDEK(const data& password); private: diff --git a/server/key-manager/key-store.cpp b/server/key-manager/key-store.cpp index 435e5c5..896de3f 100644 --- a/server/key-manager/key-store.cpp +++ b/server/key-manager/key-store.cpp @@ -25,11 +25,7 @@ #include "key-generator.h" #include "key-store.h" -#ifndef DEBUG #define FOOTER_FILE_PATH "/opt/etc/.ode_footer" -#else -#define FOOTER_FILE_PATH "/tmp/.ode_footer" -#endif #define KEY_SIZE (256 / 8) #define KEY_ENTRY_SIZE (KEY_SIZE * 4) @@ -50,65 +46,41 @@ namespace ode { * 140h |--------------------- SALT ---------------------| */ -runtime::File file(FOOTER_FILE_PATH); -int index; -off_t offset; // Current KeyStore offset -bool isNewKeyStore; // Current KeyStore has been initialized/saved -ode::KeyStore::data HNAME(KEY_SIZE); // MD5 Hashed key entry name -ode::KeyStore::data EDK(KEY_SIZE); // Encrypted Device Encryption Key -ode::KeyStore::data EMK(KEY_SIZE); // Encrypted Master Key -ode::KeyStore::data SALT(KEY_SIZE); // Salt - -KeyStore::KeyStore(const std::string &name) +KeyStore::KeyStore(const std::string &name) : + edk(KEY_SIZE), emk(KEY_SIZE), salt(KEY_SIZE) { - isNewKeyStore = true; + runtime::File file(FOOTER_FILE_PATH); - KeyGenerator keygen(KEY_SIZE); - HNAME = keygen.MD5(data(name.begin(), name.end())); + hname = KeyGenerator(KEY_SIZE).MD5(data(name.begin(), name.end())); - if (file.exists()) { - if (file.size() % KEY_ENTRY_SIZE) - throw runtime::Exception("Footer file size couldn't be divided well"); + if (!file.exists()) { + offset = -1; + file.create(0600); + file.close(); + return; + } - file.open(O_RDONLY); + file.open(O_RDONLY); - // Try to find the keyStore using hashed store name. - // even if we couldn't find offset/index from footer file using the 'name', - // we will use final index/offset to store the new store for the given 'name'. - int keyCnt = file.size() / KEY_ENTRY_SIZE; - for (offset = 0, index = 0; index < keyCnt; offset += KEY_ENTRY_SIZE, index++) { - file.lseek(offset, SEEK_SET); + //find matched block offset + int fileSize = file.size(); + for (offset = 0; offset < fileSize; offset += KEY_ENTRY_SIZE) { + file.lseek(offset, SEEK_SET); - data CUR_HNAME(KEY_SIZE); - file.read(CUR_HNAME.data(), KEY_SIZE); + data current(KEY_SIZE); + file.read(current.data(), KEY_SIZE); - if (std::equal(HNAME.begin(), HNAME.begin() + MD5_DIGEST_LENGTH, CUR_HNAME.begin())) { - file.read(EDK.data(), KEY_SIZE); - file.read(EMK.data(), KEY_SIZE); - file.read(SALT.data(), KEY_SIZE); - isNewKeyStore = false; - break; - } + if (std::equal(hname.begin(), hname.end(), current.begin())) { + file.read(edk.data(), KEY_SIZE); + file.read(emk.data(), KEY_SIZE); + file.read(salt.data(), KEY_SIZE); + file.close(); + return; } - - file.close(); - // - } else { - file.create(0644); - index = 0; - offset = 0; } - // expand new key store area - if (isNewKeyStore) { - file.open(O_WRONLY); - file.lseek(offset, SEEK_SET); - file.write(HNAME.data(), KEY_SIZE); - file.write(EDK.data(), KEY_SIZE); - file.write(EMK.data(), KEY_SIZE); - file.write(SALT.data(), KEY_SIZE); - file.close(); - } + offset = -1; + file.close(); } KeyStore::~KeyStore() @@ -120,58 +92,92 @@ size_t KeyStore::getKeySize() const return KEY_SIZE; } -/* - * @brief When KeyStore(name) hasn't been initialized, - * User should call getKeySize() and create new keys to store using KeyManager - */ -bool KeyStore::isInitialized() +bool KeyStore::isInitialized() const { - return (isNewKeyStore != true); + return offset >= 0; } -KeyStore::data KeyStore::getEDK() +KeyStore::data KeyStore::getEDK() const { - return EDK; + if (offset < 0) { + throw runtime::Exception("Store is empty"); + } + return edk; } -KeyStore::data KeyStore::getEMK() +KeyStore::data KeyStore::getEMK() const { - return EMK; + if (offset < 0) { + throw runtime::Exception("Store is empty"); + } + return emk; } -KeyStore::data KeyStore::getSalt() +KeyStore::data KeyStore::getSalt() const { - return SALT; + if (offset < 0) { + throw runtime::Exception("Store is empty"); + } + return salt; } void KeyStore::setEDK(const KeyStore::data &key) { - EDK = key; - - file.open(O_WRONLY); - file.lseek(offset + KEY_EDK_OFFSET, SEEK_SET); - file.write(EDK.data(), KEY_SIZE); - file.close(); + edk = key; } void KeyStore::setEMK(const KeyStore::data &key) { - EMK = key; + emk = key; +} - file.open(O_WRONLY); - file.lseek(offset + KEY_EMK_OFFSET, SEEK_SET); - file.write(EMK.data(), KEY_SIZE); +void KeyStore::setSalt(const KeyStore::data &key) +{ + salt = key; +} + +void KeyStore::flush() +{ + runtime::File file(FOOTER_FILE_PATH); + + file.open(O_RDWR); + + if (offset < 0) { + //find empty block offset + int fileSize = file.size(); + data empty = KeyGenerator(KEY_SIZE).MD5(data(0)); + + for (offset = 0; offset < fileSize; offset += KEY_ENTRY_SIZE) { + file.lseek(offset, SEEK_SET); + + data current(KEY_SIZE); + file.read(current.data(), KEY_SIZE); + + if (std::equal(empty.begin(), empty.end(), current.begin())) { + break; + } + } + } + + file.lseek(offset, SEEK_SET); + file.write(hname.data(), KEY_SIZE); + file.write(edk.data(), KEY_SIZE); + file.write(emk.data(), KEY_SIZE); + file.write(salt.data(), KEY_SIZE); file.close(); } -void KeyStore::setSalt(const KeyStore::data &key) +void KeyStore::remove() { - SALT = key; + data empty = KeyGenerator(KEY_SIZE).MD5(data(0)); + runtime::File file(FOOTER_FILE_PATH); file.open(O_WRONLY); - file.lseek(offset + KEY_SALT_OFFSET, SEEK_SET); - file.write(SALT.data(), KEY_SIZE); + file.lseek(offset, SEEK_SET); + file.write(empty.data(), KEY_SIZE); file.close(); + + offset = -1; } } // namespace ode diff --git a/server/key-manager/key-store.h b/server/key-manager/key-store.h index 2673d09..ac67e85 100644 --- a/server/key-manager/key-store.h +++ b/server/key-manager/key-store.h @@ -36,17 +36,24 @@ public: size_t getKeySize() const; - bool isInitialized(); + bool isInitialized() const; typedef std::vector data; - data getEDK(); - data getEMK(); - data getSalt(); + data getEDK() const; + data getEMK() const; + data getSalt() const; void setEDK(const data &key); void setEMK(const data &key); void setSalt(const data &key); + + void flush(); + void remove(); + +private: + data hname, edk, emk, salt; + int offset; }; } // namespace ode