From 3a2c08acbcafe1b957ef00ff1f49e5377b5ec005 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Wed, 10 Oct 2018 12:00:58 +0200 Subject: [PATCH] Remove "secret" key for software backend This key was used by example software implementation of encrypted initial-values feature which has been replaced by hardware backed implementation. Change-Id: Id8358a70459fb6ddd8ebb43fc8e987dc4d586f63 --- doc/CMakeLists.txt | 4 +- doc/example_device_key.xml | 28 ------ doc/sw_key.xsd | 41 -------- src/CMakeLists.txt | 1 - src/manager/crypto/sw-backend/store.cpp | 23 ----- src/manager/crypto/sw-backend/store.h | 3 - src/manager/initial-values/SWKeyFile.cpp | 155 ------------------------------- src/manager/initial-values/SWKeyFile.h | 96 ------------------- tests/CMakeLists.txt | 1 - tools/ckm_db_tool/CMakeLists.txt | 1 - 10 files changed, 2 insertions(+), 351 deletions(-) delete mode 100644 doc/example_device_key.xml delete mode 100644 doc/sw_key.xsd delete mode 100644 src/manager/initial-values/SWKeyFile.cpp delete mode 100644 src/manager/initial-values/SWKeyFile.h diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index 9488498..ae81725 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2016-2018 Samsung Electronics Co., Ltd All Rights Reserved # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,4 +16,4 @@ # @author Kyungwook Tak (k.tak@samsung.com) # @brief # -INSTALL(FILES initial_values.xsd sw_key.xsd DESTINATION ${RO_DATA_DIR}) +INSTALL(FILES initial_values.xsd DESTINATION ${RO_DATA_DIR}) diff --git a/doc/example_device_key.xml b/doc/example_device_key.xml deleted file mode 100644 index dbf6b85..0000000 --- a/doc/example_device_key.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - - MIIEpAIBAAKCAQEAyJjUHY2pJJUBRBCrlerrgcS7aBiWlY3594dufu3m4qy48b9hsw1R/AHSNUPU - 11vzQ+kUcXkEZOby5SHRHBAXIJ1dLbTPtRwsVwgf1nmc/ZGGV/XOrOaKi7nSKgYHaglPgc9dLPuu - osRHs/EdIWh3o59MdY6rA6y+QTJrQm3axRKdT7unX3kFS3SsId02GWBkLtrw+yQVtvhCYlY/n2/T - uZBJpZN7vT2it0rJS4fQkfjcjAi8f/isZLrfUgDqxIDSWVbVyjlQOphIO+K3ABjev3ZbJMWl+w10 - pV0nbmF8lviEYft9mhERS9kUdQwzy3KIgyjyt+ewQG6hjyMJ/5y5KwIDAQABAoIBAQC3S06nIoZn - su/RLhpbhqljjkxgNfeC+JRsJghFW0UZ4xGrdGDlp0o+p7tYiH63uoFykEvp09a8DHvt+xSEO/+m - AaTe2tTgfLnXXMkaxU06Nfs37JfJTW9TdZwgYhnsPk20I7LUI7XTbN7IAY3ItRh9HlZTJOYHGZVP - Ja70qES6xUOTaVOvKIbB2W9XeiMX6cNoHTLM9rl1I8bA13Er0M0acKRtF4Rfw4z43nJKzORCYKm3 - mA3zqtQja7z+zdQBib34RHZiKgvuJDqg89p7FTLT9z+lbXONH+K/3MldaYG1O8mtgt4zv6onH199 - QBOrww158Z6keH3tBz+xsrClfIpBAoGBAPkar4ugZYLRgyuythby3uHrlMBNajmJf2gFwngvfUgO - JS45fLN2AIDrA5VYUiT8cFjVFfzEiu1xa33Juy8rfHlQuY8yOIVDnbdGJvOBYsrvlyYWY+9jEydd - cLctQKquACLb3jNYbrC9m8cBBcSZelRAVSF4O1k8HdlcdV7IIVyjAoGBAM4mY5PNLr3I/pyyNizw - 7cUmHdblU+sScwFdC/KDwfG5WOI3WorTLutD4EiEA3yQIDStuVJLiray4Pu+bqhUPAJumpRrpQJ4 - PCPxr/M98FhXvMmDWzGu/xK/6hLP5g1Ngp6qvVygnYNBkyqMzfM0rUAxQLS3qmocWk2xBKDEnjHZ - AoGBAJkWgVO52yiuQYKVbbpkv/zvnpcf/GwnyBjRkVXzOXcS2l6yDaTsnBqeU7FweespCJJPQhf5 - YbfSwFCprVOr0e9sYN1T69BaYY7EmiOEHIbC/4z0ra3soVTL4/1u3hMGpCbIIKJFcqFDpXyDcFwG - RluIvci37yFEBMQUQj1hmL8pAoGAJBHtfG/7TLO9cRdxiT2CrOs1b2Ni4o+w1b09GOra5XujxLkg - u4el/v46YRXQMlxZdj4rXe3f0IXN/d5dKFDMyzQlEfEfxyXYiAWC3tGomxyG6M92BmRzNwmjYDVG - MG+ueiqvxWRJCy1PHbPTWUmPQtsbUkOMqtJZLpzZjXO5pkkCgYA9uyQ8os9yfjALc1VDZ4HtGxaC - Uq8zy0jJEJxchRn1JUNHop/skaRA65x613lWDygfNCuakozjP5x+GA5WEIuxIE8V7JPac1zpEZW4 - 5nwmxoR1l3HUDT8kRYkLzMIo55PpLG9arNLwH9mSRh/taG8020aGg3nFSNCJNDs12x/9RA== - - - diff --git a/doc/sw_key.xsd b/doc/sw_key.xsd deleted file mode 100644 index 27f3d7e..0000000 --- a/doc/sw_key.xsd +++ /dev/null @@ -1,41 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index c24850a..ae5f83e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -71,7 +71,6 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/initial-values/InitialValueHandler.cpp ${KEY_MANAGER_PATH}/initial-values/InitialValuesFile.cpp ${KEY_MANAGER_PATH}/initial-values/NoCharactersHandler.cpp - ${KEY_MANAGER_PATH}/initial-values/SWKeyFile.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp ${KEY_MANAGER_PATH}/initial-values/initial-value-loader.cpp ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index b4fd718..0f27005 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -28,7 +28,6 @@ #include #include #include -#include #include #include @@ -152,31 +151,9 @@ RawBuffer pack(const RawBuffer &data, const Password &pass) } // namespace anonymous -namespace { -const char *const DEVICE_KEY_XSD = RO_DATA_DIR "/sw_key.xsd"; -const char *const DEVICE_KEY_SW_FILE = RW_DATA_DIR "/device_key.xml"; -} - Store::Store(CryptoBackend backendId) : GStore(backendId) { - // get the device key if present - InitialValues::SWKeyFile keyFile(DEVICE_KEY_SW_FILE); - int rc = keyFile.Validate(DEVICE_KEY_XSD); - - if (rc == XML::Parser::PARSE_SUCCESS) { - rc = keyFile.Parse(); - - if (rc == XML::Parser::PARSE_SUCCESS) - m_deviceKey = keyFile.getPrivKey(); - else - // do nothing, bypass encrypted elements - LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", parsing code: " - << rc); - } else { - LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << - ", validation code: " << rc); - } } GObjUPtr Store::getObject(const Token &token, const Password &pass) diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h index 3dc50b8..479c698 100644 --- a/src/manager/crypto/sw-backend/store.h +++ b/src/manager/crypto/sw-backend/store.h @@ -37,9 +37,6 @@ public: virtual Token generateSKey(const CryptoAlgorithm &, const Password &); virtual Token import(const Data &data, const Password &, const EncryptionParams &); virtual void destroy(const Token &) {} - -private: - Crypto::GObjShPtr m_deviceKey; }; } // namespace SW diff --git a/src/manager/initial-values/SWKeyFile.cpp b/src/manager/initial-values/SWKeyFile.cpp deleted file mode 100644 index bacad90..0000000 --- a/src/manager/initial-values/SWKeyFile.cpp +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * - * @file SWKeyFile.cpp - * @author Maciej Karpiuk (m.karpiuk2@samsung.com) - * @version 1.0 - * @brief SWKeyFile class implementation. - */ - -#include -#include -#include -#include -#include -#include - -namespace { -const int XML_SW_KEY_CURRENT_VERSION = 1; -const char *const XML_TAG_DEVICE_KEY = "DeviceKey"; -const char *const XML_TAG_RSA_KEY = "RSAPrivateKey"; -const char *const XML_TAG_PEM = "PEM"; -const char *const XML_TAG_DER = "DERBase64"; -const char *const XML_TAG_BASE64 = "Base64"; -const char *const XML_ATTR_VERSION = "version"; -} - -namespace CKM { -namespace InitialValues { - -SWKeyFile::SWKeyFile(const std::string &XML_filename) : - m_parser(XML_filename), - m_header(std::make_shared(*this)), - m_RSAKeyHandler(std::make_shared(*this)) -{ - m_parser.RegisterErrorCb(SWKeyFile::Error); - m_parser.RegisterElementCb(XML_TAG_DEVICE_KEY, - [this]() -> XML::Parser::ElementHandlerPtr { - return m_header; - }, - [this](const XML::Parser::ElementHandlerPtr &) {}); -} - -void SWKeyFile::registerElementListeners() -{ - m_parser.RegisterElementCb(XML_TAG_RSA_KEY, - [this]() -> XML::Parser::ElementHandlerPtr { - return m_RSAKeyHandler; - }, - [this](const XML::Parser::ElementHandlerPtr &) { - m_deviceKey = m_RSAKeyHandler->getPrivKey(); - }); -} - -void SWKeyFile::Error(const XML::Parser::ErrorType errorType, - const std::string &log_msg) -{ - switch (errorType) { - case XML::Parser::VALIDATION_ERROR: - LogWarning("validating error: " << log_msg); - break; - - case XML::Parser::PARSE_WARNING: - LogWarning("parsing warning: " << log_msg); - break; - - case XML::Parser::PARSE_ERROR: - LogWarning("parsing error: " << log_msg); - break; - } -} - -int SWKeyFile::Validate(const std::string &XSD_file) -{ - return m_parser.Validate(XSD_file); -} - -int SWKeyFile::Parse() -{ - int ec = m_parser.Parse(); - - if (!m_header || !m_header->isCorrectVersion()) { - LogError("bypassing XML file: " << m_filename << " - wrong file version!"); - ec = XML::Parser::ERROR_INVALID_VERSION; - } - - return ec; -} - - - -SWKeyFile::RSAKeyHandler::RSAKeyHandler(SWKeyFile &parent) - : m_parent(parent) -{ -} - -void SWKeyFile::RSAKeyHandler::Characters(const std::string &data) -{ - //m_encryptedKey.reserve(m_encryptedKey.size() + data.size()); - //m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end()); - std::copy(data.begin(), data.end(), std::back_inserter(m_encryptedKey)); -} - -void SWKeyFile::RSAKeyHandler::End() -{ - // std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end())); - - Base64Decoder base64; - base64.reset(); - base64.append(XML::removeWhiteChars(m_encryptedKey)); - base64.finalize(); - m_encryptedKey = base64.get(); -}; - -Crypto::GObjShPtr SWKeyFile::RSAKeyHandler::getPrivKey() -{ - return std::make_shared(m_encryptedKey, - DataType::KEY_RSA_PRIVATE); -} - -SWKeyFile::HeaderHandler::HeaderHandler(SWKeyFile &parent) : - m_version(-1), m_parent(parent) -{ -} - -void SWKeyFile::HeaderHandler::Start(const XML::Parser::Attributes &attr) -{ - // get key type - if (attr.find(XML_ATTR_VERSION) != attr.end()) { - m_version = atoi(attr.at(XML_ATTR_VERSION).c_str()); - - if (isCorrectVersion()) - m_parent.registerElementListeners(); - } -} - -bool SWKeyFile::HeaderHandler::isCorrectVersion() const -{ - return m_version == XML_SW_KEY_CURRENT_VERSION; -} - -} -} diff --git a/src/manager/initial-values/SWKeyFile.h b/src/manager/initial-values/SWKeyFile.h deleted file mode 100644 index e564285..0000000 --- a/src/manager/initial-values/SWKeyFile.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * - * @file SWKeyFile.h - * @author Maciej Karpiuk (m.karpiuk2@samsung.com) - * @version 1.0 - * @brief SWKeyFile class. - */ - -#ifndef SWKEYFILE_H_ -#define SWKEYFILE_H_ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace CKM { -namespace InitialValues { - -class SWKeyFile { -public: - explicit SWKeyFile(const std::string &XML_filename); - - int Validate(const std::string &XSD_file); - int Parse(); - - Crypto::GObjShPtr getPrivKey() - { - return m_deviceKey; - } - -private: - class HeaderHandler : public XML::Parser::ElementHandler { - public: - explicit HeaderHandler(SWKeyFile &parent); - virtual void Start(const XML::Parser::Attributes &attr); - virtual void Characters(const std::string &) {} - virtual void End() {} - - bool isCorrectVersion() const; - - private: - int m_version; - SWKeyFile &m_parent; - }; - - class RSAKeyHandler : public XML::Parser::ElementHandler { - public: - explicit RSAKeyHandler(SWKeyFile &parent); - virtual void Start(const XML::Parser::Attributes &) {} - virtual void Characters(const std::string &data); - virtual void End(); - - Crypto::GObjShPtr getPrivKey(); - - private: - CKM::RawBuffer m_encryptedKey; - SWKeyFile &m_parent; - }; - - std::string m_filename; - XML::Parser m_parser; - typedef std::shared_ptr HeaderHandlerPtr; - typedef std::shared_ptr RSAKeyHandlerPtr; - HeaderHandlerPtr m_header; - RSAKeyHandlerPtr m_RSAKeyHandler; - Crypto::GObjShPtr m_deviceKey; - - void registerElementListeners(); - static void Error(const XML::Parser::ErrorType errorType, - const std::string &logMsg); -}; - -} -} -#endif /* SWKEYFILE_H_ */ diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 7af494c..34fb165 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -87,7 +87,6 @@ SET(TEST_MERGED_SOURCES ${KEY_MANAGER_PATH}/dpl/log/src/log.cpp ${KEY_MANAGER_PATH}/dpl/log/src/old_style_log_provider.cpp ${KEY_MANAGER_PATH}/initial-values/parser.cpp - ${KEY_MANAGER_PATH}/initial-values/SWKeyFile.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp ${KEY_MANAGER_PATH}/service/crypto-logic.cpp ${KEY_MANAGER_PATH}/service/db-crypto.cpp diff --git a/tools/ckm_db_tool/CMakeLists.txt b/tools/ckm_db_tool/CMakeLists.txt index be82e81..33fa991 100644 --- a/tools/ckm_db_tool/CMakeLists.txt +++ b/tools/ckm_db_tool/CMakeLists.txt @@ -57,7 +57,6 @@ SET(CKM_DB_TOOLS_SOURCES ${KEY_MANAGER_PATH}/initial-values/NoCharactersHandler.cpp ${KEY_MANAGER_PATH}/initial-values/parser.cpp ${KEY_MANAGER_PATH}/initial-values/PermissionHandler.cpp - ${KEY_MANAGER_PATH}/initial-values/SWKeyFile.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp ${KEY_MANAGER_PATH}/main/cynara.cpp ${KEY_MANAGER_PATH}/main/generic-socket-manager.cpp -- 2.7.4