From 6d6ddcc74076f556a810f4ced007c26d302d9446 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Wed, 23 Jul 2014 10:53:20 +0200 Subject: [PATCH] Use SafeBuffer in C++ api. Rename SafeBuffer to RawBuffer. Change-Id: I99a880490552ab8ed3cc50b9a60adca8a8b62d97 --- packaging/key-manager.spec | 1 + src/CMakeLists.txt | 1 + .../safe-buffer.h => include/ckm/ckm-raw-buffer.h} | 11 +- src/include/ckm/ckm-type.h | 5 +- src/manager/client/client-certificate.cpp | 67 --------- src/manager/client/client-common.cpp | 4 +- src/manager/client/client-common.h | 2 +- src/manager/client/client-key.cpp | 81 ----------- src/manager/client/client-manager-impl.cpp | 41 +++--- src/manager/client/client-manager-impl.h | 5 +- src/manager/client/client-manager.cpp | 157 --------------------- src/manager/common/base64.cpp | 16 +-- src/manager/common/base64.h | 15 +- src/manager/common/buffer-conversion.h | 23 --- src/manager/common/certificate-impl.cpp | 58 +------- src/manager/common/certificate-impl.h | 3 - src/manager/common/crypto.h | 7 +- src/manager/common/digest.cpp | 8 +- src/manager/common/digest.h | 9 +- src/manager/common/generic-key.cpp | 38 ++--- src/manager/common/generic-key.h | 13 +- src/manager/common/message-buffer.cpp | 6 +- src/manager/common/message-buffer.h | 8 +- src/manager/dpl/core/include/dpl/raw-buffer.h | 23 +++ src/manager/dpl/core/include/dpl/serialization.h | 12 +- src/manager/dpl/db/include/dpl/db/sql_connection.h | 19 ++- src/manager/dpl/db/src/sql_connection.cpp | 31 ++-- src/manager/main/generic-socket-manager.h | 7 +- src/manager/main/key-manager-util.cpp | 4 +- src/manager/main/key-manager-util.h | 5 +- src/manager/main/socket-manager.cpp | 2 +- src/manager/main/socket-manager.h | 6 +- src/manager/service/CryptoService.cpp | 22 +-- src/manager/service/CryptoService.h | 8 +- src/manager/service/ckm-logic.cpp | 72 +++++----- src/manager/service/ckm-logic.h | 46 +++--- src/manager/service/ckm-service.cpp | 20 +-- src/manager/service/ckm-service.h | 4 +- src/manager/service/crypto-logic.cpp | 62 ++++---- src/manager/service/crypto-logic.h | 36 ++--- src/manager/service/db-crypto.cpp | 12 +- src/manager/service/db-crypto.h | 8 +- src/manager/service/db-row.h | 6 +- src/manager/service/file-system.cpp | 14 +- src/manager/service/file-system.h | 4 +- src/manager/service/key-provider.h | 20 ++- src/manager/service/ocsp-logic.cpp | 2 +- src/manager/service/ocsp-logic.h | 2 +- src/manager/service/ocsp-service.cpp | 4 +- tests/test-key-provider.cpp | 26 ++-- tests/test_common.cpp | 17 ++- tests/test_common.h | 16 +-- tests/test_db_crypto.cpp | 6 +- tests/test_sql.cpp | 8 +- 54 files changed, 350 insertions(+), 753 deletions(-) rename src/{manager/common/safe-buffer.h => include/ckm/ckm-raw-buffer.h} (90%) delete mode 100644 src/manager/client/client-certificate.cpp delete mode 100644 src/manager/client/client-key.cpp delete mode 100644 src/manager/client/client-manager.cpp delete mode 100644 src/manager/common/buffer-conversion.h create mode 100644 src/manager/dpl/core/include/dpl/raw-buffer.h diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 8d8828e..a76b398 100755 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -169,6 +169,7 @@ fi %{_includedir}/ckm/ckm/ckm-error.h %{_includedir}/ckm/ckm/ckm-echo.h %{_includedir}/ckm/ckm/ckm-key.h +%{_includedir}/ckm/ckm/ckm-raw-buffer.h %{_includedir}/ckm/ckm/ckm-type.h %{_includedir}/ckm/ckmc/ckmc-manager.h %{_includedir}/ckm/ckmc/ckmc-control.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 1aedb90..48e9a63 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -147,6 +147,7 @@ INSTALL(FILES ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-error.h ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-echo.h ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-key.h + ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-raw-buffer.h ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-type.h DESTINATION /usr/include/ckm/ckm ) diff --git a/src/manager/common/safe-buffer.h b/src/include/ckm/ckm-raw-buffer.h similarity index 90% rename from src/manager/common/safe-buffer.h rename to src/include/ckm/ckm-raw-buffer.h index 720012d..75335c8 100644 --- a/src/manager/common/safe-buffer.h +++ b/src/include/ckm/ckm-raw-buffer.h @@ -22,10 +22,6 @@ #ifndef _SAFE_BUFFER_H_ #define _SAFE_BUFFER_H_ -#include - -#include - #include namespace CKM { @@ -70,19 +66,18 @@ constexpr bool operator!= (const erase_on_dealloc&, const erase_on_dealloc * template * using SafeBuffer = std::vector>; * - * typedef SafeBuffer SafeBuffer + * typedef SafeBuffer RawBuffer * * when gcc 4.7/4.8 is available. Also replace boost::vector with std::vector * in other parts of code */ template -struct SafeBufferT { +struct SafeBuffer { typedef boost::container::vector> Type; }; // used to pass password and raw key data -typedef SafeBufferT::Type SafeBuffer; -typedef std::vector SafeBufferVector; +typedef SafeBuffer::Type RawBuffer; } // namespace CKM diff --git a/src/include/ckm/ckm-type.h b/src/include/ckm/ckm-type.h index 90d59b0..f034f61 100644 --- a/src/include/ckm/ckm-type.h +++ b/src/include/ckm/ckm-type.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co. + * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,10 +24,11 @@ #include #include +#include + namespace CKM { // used to pass password and raw key data -typedef std::vector RawBuffer; typedef std::vector RawBufferVector; typedef std::string Alias; typedef std::vector AliasVector; diff --git a/src/manager/client/client-certificate.cpp b/src/manager/client/client-certificate.cpp deleted file mode 100644 index 187c772..0000000 --- a/src/manager/client/client-certificate.cpp +++ /dev/null @@ -1,67 +0,0 @@ -/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * - * @file client-certificate.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Certificate class implementation. - */ - -#include - -#include -#include - -namespace CKM { - -Certificate::Certificate(){} - -Certificate::Certificate(const RawBuffer &rawData, DataFormat format) - : m_impl(new CertificateImpl(toSafeBuffer(rawData), format)) -{} - -Certificate::Certificate(const Certificate &second) { - m_impl = second.m_impl; -} - -Certificate& Certificate::operator=(const Certificate &second) { - m_impl = second.m_impl; - return *this; -} - -bool Certificate::empty() const { - if (m_impl) - return m_impl->empty(); - return true; -} - -RawBuffer Certificate::getDER() const { - if (m_impl) - return toRawBuffer(m_impl->getDER()); - return RawBuffer(); -} - -void* Certificate::getX509() const { - if (m_impl) - return m_impl->getX509(); - return NULL; -} - -CertificateImpl* Certificate::getImpl() const { - return m_impl.get(); -} - -} // namespace CKM - diff --git a/src/manager/client/client-common.cpp b/src/manager/client/client-common.cpp index 3c137cb..1679923 100644 --- a/src/manager/client/client-common.cpp +++ b/src/manager/client/client-common.cpp @@ -166,7 +166,7 @@ private: namespace CKM { -int sendToServer(char const * const interface, const SafeBuffer &send, MessageBuffer &recv) { +int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv) { int ret; SockRAII sock; ssize_t done = 0; @@ -208,7 +208,7 @@ int sendToServer(char const * const interface, const SafeBuffer &send, MessageBu return CKM_API_ERROR_SOCKET; } - SafeBuffer raw(buffer, buffer+temp); + RawBuffer raw(buffer, buffer+temp); recv.Push(raw); } while(!recv.Ready()); return CKM_API_SUCCESS; diff --git a/src/manager/client/client-common.h b/src/manager/client/client-common.h index 93a1ce3..b8eddd4 100644 --- a/src/manager/client/client-common.h +++ b/src/manager/client/client-common.h @@ -39,7 +39,7 @@ extern "C" { namespace CKM { -int sendToServer(char const * const interface, const SafeBuffer &send, MessageBuffer &recv); +int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv); /* * Decorator function that performs frequently repeated exception handling in diff --git a/src/manager/client/client-key.cpp b/src/manager/client/client-key.cpp deleted file mode 100644 index 269667e..0000000 --- a/src/manager/client/client-key.cpp +++ /dev/null @@ -1,81 +0,0 @@ -/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * - * @file client-key.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Key - api implementation. - */ -#include -#include - -#include - -#include - -#include - -namespace CKM { - -Key::Key() - : m_impl(NULL) -{} - -Key::Key( - const RawBuffer &rawData, - const std::string &password, - KeyType type) -{ - (void)type; - m_impl.reset(new GenericKey(toSafeBuffer(rawData), password)); -} - -Key::Key(const Key &second) { - m_impl = second.m_impl; -} - -Key& Key::operator=(const Key &second) { - m_impl = second.m_impl; - return *this; -} - -Key::~Key(){} - -bool Key::empty() const { - if (m_impl) - return m_impl->empty(); - return true; -} - -KeyType Key::getType() const { - if (m_impl) - return m_impl->getType(); - return KeyType::KEY_NONE; -} - -RawBuffer Key::getDER() const { - if (m_impl) - return toRawBuffer(m_impl->getDER()); - return RawBuffer(); -} - -GenericKey* Key::getImpl() const { - if (m_impl) - return m_impl.get(); - return NULL; -}; - -} // namespace CKM - diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index b393d5f..ffd08ab 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -25,7 +25,6 @@ #include #include -#include #include #include #include @@ -60,7 +59,7 @@ ManagerImpl::ManagerImpl() int ManagerImpl::saveBinaryData( const Alias &alias, DBDataType dataType, - const SafeBuffer &rawData, + const RawBuffer &rawData, const Policy &policy) { m_counter++; @@ -105,7 +104,7 @@ int ManagerImpl::saveBinaryData( int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) { if (key.get() == NULL) return CKM_API_ERROR_INPUT_PARAM; - return saveBinaryData(alias, toDBDataType(key->getType()), toSafeBuffer(key->getDER()), policy); + return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy); } int ManagerImpl::saveCertificate( @@ -115,13 +114,13 @@ int ManagerImpl::saveCertificate( { if (cert.get() == NULL) return CKM_API_ERROR_INPUT_PARAM; - return saveBinaryData(alias, DBDataType::CERTIFICATE, toSafeBuffer(cert->getDER()), policy); + return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy); } int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) { if (!policy.extractable) return CKM_API_ERROR_INPUT_PARAM; - return saveBinaryData(alias, DBDataType::BINARY_DATA, toSafeBuffer(rawData), policy); + return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy); } int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType) @@ -178,7 +177,7 @@ int ManagerImpl::getBinaryData( DBDataType sendDataType, const std::string &password, DBDataType &recvDataType, - SafeBuffer &rawData) + RawBuffer &rawData) { return try_catch([&] { if (alias.empty()) @@ -220,7 +219,7 @@ int ManagerImpl::getBinaryData( int ManagerImpl::getKey(const Alias &alias, const std::string &password, KeyShPtr &key) { DBDataType recvDataType; - SafeBuffer rawData; + RawBuffer rawData; int retCode = getBinaryData( alias, @@ -247,7 +246,7 @@ int ManagerImpl::getKey(const Alias &alias, const std::string &password, KeyShPt int ManagerImpl::getCertificate(const Alias &alias, const std::string &password, CertificateShPtr &cert) { DBDataType recvDataType; - SafeBuffer rawData; + RawBuffer rawData; int retCode = getBinaryData( alias, @@ -275,16 +274,13 @@ int ManagerImpl::getCertificate(const Alias &alias, const std::string &password, int ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData) { DBDataType recvDataType; - SafeBuffer safeData; int retCode = getBinaryData( alias, DBDataType::BINARY_DATA, password, recvDataType, - safeData); - - rawData = toRawBuffer(safeData); + rawData); if (retCode != CKM_API_SUCCESS) return retCode; @@ -455,7 +451,7 @@ int getCertChain( int retCommand; int retCounter; - SafeBufferVector rawBufferVector; + RawBufferVector rawBufferVector; Deserialization::Deserialize(recv, retCommand); Deserialization::Deserialize(recv, retCounter); @@ -487,10 +483,10 @@ int ManagerImpl::getCertificateChain( const CertificateShPtrVector &untrustedCertificates, CertificateShPtrVector &certificateChainVector) { - SafeBufferVector rawBufferVector; + RawBufferVector rawBufferVector; for (auto &e: untrustedCertificates) { - rawBufferVector.push_back(toSafeBuffer(e->getDER())); + rawBufferVector.push_back(e->getDER()); } return getCertChain( @@ -531,7 +527,7 @@ int ManagerImpl::createSignature( Serialization::Serialize(send, my_counter); Serialization::Serialize(send, privateKeyAlias); Serialization::Serialize(send, password); - Serialization::Serialize(send, toSafeBuffer(message)); + Serialization::Serialize(send, message); Serialization::Serialize(send, static_cast(hash)); Serialization::Serialize(send, static_cast(padding)); @@ -546,14 +542,11 @@ int ManagerImpl::createSignature( int command; int counter; - SafeBuffer safeData; Deserialization::Deserialize(recv, command); Deserialization::Deserialize(recv, counter); Deserialization::Deserialize(recv, retCode); - Deserialization::Deserialize(recv, safeData); - - signature = toRawBuffer(safeData); + Deserialization::Deserialize(recv, signature); if ((command != static_cast(LogicCommand::CREATE_SIGNATURE)) || (counter != my_counter)) @@ -582,8 +575,8 @@ int ManagerImpl::verifySignature( Serialization::Serialize(send, my_counter); Serialization::Serialize(send, publicKeyOrCertAlias); Serialization::Serialize(send, password); - Serialization::Serialize(send, toSafeBuffer(message)); - Serialization::Serialize(send, toSafeBuffer(signature)); + Serialization::Serialize(send, message); + Serialization::Serialize(send, signature); Serialization::Serialize(send, static_cast(hash)); Serialization::Serialize(send, static_cast(padding)); @@ -619,9 +612,9 @@ int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspSta int my_counter = ++m_counter; MessageBuffer send, recv; - SafeBufferVector rawCertChain; + RawBufferVector rawCertChain; for (auto &e: certChain) { - rawCertChain.push_back(toSafeBuffer(e->getDER())); + rawCertChain.push_back(e->getDER()); } Serialization::Serialize(send, my_counter); diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h index dfec4b1..9e8d638 100644 --- a/src/manager/client/client-manager-impl.h +++ b/src/manager/client/client-manager-impl.h @@ -21,7 +21,6 @@ #pragma once #include -#include #include #include @@ -95,7 +94,7 @@ protected: int saveBinaryData( const Alias &alias, DBDataType dataType, - const SafeBuffer &rawData, + const RawBuffer &rawData, const Policy &policy); int removeBinaryData( @@ -107,7 +106,7 @@ protected: DBDataType sendDataType, const std::string &password, DBDataType &recvDataType, - SafeBuffer &rawData); + RawBuffer &rawData); int getBinaryDataAliasVector( DBDataType sendDataType, diff --git a/src/manager/client/client-manager.cpp b/src/manager/client/client-manager.cpp deleted file mode 100644 index e1cc443..0000000 --- a/src/manager/client/client-manager.cpp +++ /dev/null @@ -1,157 +0,0 @@ -/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - * - * - * @file client-manager.cpp - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief Client Manager implementation. - */ -#include - -#include -#include -#include - -namespace CKM { - -Manager::Manager() - : m_impl(new ManagerImpl) -{} - -Manager::~Manager(){} - -int Manager::saveKey(const Alias &alias, const Key &key, const Policy &policy) { - return m_impl->saveKey(alias, key, policy); -} - -int Manager::removeKey(const Alias &alias) { - return m_impl->removeKey(alias); -} - -int Manager::getKey(const Alias &alias, const std::string &password, Key &key) { - return m_impl->getKey(alias, password, key); -} - -int Manager::saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy) { - if (cert.empty() || alias.empty()) - return CKM_API_ERROR_INPUT_PARAM; - return m_impl->saveCertificate(alias, cert, policy); -} - -int Manager::removeCertificate(const Alias &alias) { - if (alias.empty()) - return CKM_API_ERROR_INPUT_PARAM; - return m_impl->removeCertificate(alias); -} - -int Manager::getCertificate(const Alias &alias, const std::string &password, Certificate &cert) { - return m_impl->getCertificate(alias, password, cert); -} - -int Manager::saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) { - return m_impl->saveData(alias, toSafeBuffer(data), policy); -} - -int Manager::removeData(const Alias &alias) { - return m_impl->removeData(alias); -} - -int Manager::getData(const Alias &alias, const std::string &password, RawBuffer &data) { - SafeBuffer safeBuffer; - int status = m_impl->getData(alias, password, safeBuffer); - data = toRawBuffer(safeBuffer); - return status; -} - -int Manager::getKeyAliasVector(AliasVector &av) { - return m_impl->getKeyAliasVector(av); -} - -int Manager::getCertificateAliasVector(AliasVector &av) { - return m_impl->getCertificateAliasVector(av); -} - -int Manager::getDataAliasVector(AliasVector &av) { - return m_impl->getDataAliasVector(av); -} - -int Manager::createKeyPairRSA( - const int size, // size in bits [1024, 2048, 4096] - const Alias &privateKeyAlias, - const Alias &publicKeyAlias, - const Policy &policyPrivateKey, - const Policy &policyPublicKey) -{ - return m_impl->createKeyPairRSA(size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey); -} - -int Manager::createKeyPairECDSA( - ElipticCurve type, - const Alias &privateKeyAlias, - const Alias &publicKeyAlias, - const Policy &policyPrivateKey, - const Policy &policyPublicKey) -{ - return m_impl->createKeyPairECDSA(type, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey); -} - -int Manager::getCertificateChain( - const Certificate &certificate, - const CertificateVector &untrustedCertificates, - CertificateVector &certificateChainVector) -{ - return m_impl->getCertificateChain(certificate, untrustedCertificates, certificateChainVector); -} - -int Manager::getCertificateChain( - const Certificate &certificate, - const AliasVector &untrustedCertificates, - CertificateVector &certificateChainVector) -{ - return m_impl->getCertificateChain(certificate, untrustedCertificates, certificateChainVector); -} - -int Manager::createSignature( - const Alias &privateKeyAlias, - const std::string &password, // password for private_key - const RawBuffer &message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding, - RawBuffer &signature) -{ - SafeBuffer safeBuffer; - int status = m_impl->createSignature(privateKeyAlias, password, toSafeBuffer(message), hash, padding, safeBuffer); - signature = toRawBuffer(safeBuffer); - return status; -} - -int Manager::verifySignature( - const Alias &publicKeyOrCertAlias, - const std::string &password, // password for public_key (optional) - const RawBuffer &message, - const RawBuffer &signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding) -{ - return m_impl->verifySignature(publicKeyOrCertAlias, password, toSafeBuffer(message), toSafeBuffer(signature), hash, padding); -} - -int Manager::ocspCheck(const CertificateVector &certificateChainVector, int &ocspStatus) -{ - return m_impl->ocspCheck(certificateChainVector, ocspStatus); -} - -} // namespace CKM - diff --git a/src/manager/common/base64.cpp b/src/manager/common/base64.cpp index 9ca17b9..1be549b 100644 --- a/src/manager/common/base64.cpp +++ b/src/manager/common/base64.cpp @@ -34,7 +34,7 @@ Base64Encoder::Base64Encoder() : { } -void Base64Encoder::append(const SafeBuffer &data) +void Base64Encoder::append(const RawBuffer &data) { if (m_finalized) { LogWarning("Already finalized."); @@ -57,7 +57,7 @@ void Base64Encoder::finalize() BIO_flush(m_b64); } -SafeBuffer Base64Encoder::get() +RawBuffer Base64Encoder::get() { if (!m_finalized) { LogWarning("Not finalized"); @@ -71,9 +71,9 @@ SafeBuffer Base64Encoder::get() } if (bptr->length > 0) { - return SafeBuffer(bptr->data, bptr->data + bptr->length); + return RawBuffer(bptr->data, bptr->data + bptr->length); } - return SafeBuffer(); + return RawBuffer(); } void Base64Encoder::reset() @@ -101,7 +101,7 @@ Base64Decoder::Base64Decoder() : { } -void Base64Decoder::append(const SafeBuffer &data) +void Base64Decoder::append(const RawBuffer &data) { if (m_finalized) { LogWarning("Already finalized."); @@ -144,7 +144,7 @@ bool Base64Decoder::finalize() BIO *b64, *bmem; size_t len = m_input.size(); - SafeBuffer buffer(len); + RawBuffer buffer(len); if (!buffer.data()) { LogError("Error in malloc."); @@ -158,7 +158,7 @@ bool Base64Decoder::finalize() ThrowMsg(Exception::InternalError, "Couldn't create BIO object."); } BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - SafeBuffer tmp(m_input); + RawBuffer tmp(m_input); m_input.clear(); bmem = BIO_new_mem_buf(tmp.data(), len); @@ -193,7 +193,7 @@ bool Base64Decoder::finalize() return status; } -SafeBuffer Base64Decoder::get() const +RawBuffer Base64Decoder::get() const { if (!m_finalized) { LogWarning("Not finalized."); diff --git a/src/manager/common/base64.h b/src/manager/common/base64.h index fd48349..70169cb 100644 --- a/src/manager/common/base64.h +++ b/src/manager/common/base64.h @@ -19,7 +19,8 @@ #include #include #include -#include + +#include struct bio_st; typedef bio_st BIO; @@ -38,9 +39,9 @@ class Base64Encoder : public CKM::Noncopyable DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized) }; Base64Encoder(); - void append(const SafeBuffer &data); + void append(const RawBuffer &data); void finalize(); - SafeBuffer get(); + RawBuffer get(); void reset(); ~Base64Encoder(); @@ -62,22 +63,22 @@ class Base64Decoder : public CKM::Noncopyable DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized) }; Base64Decoder(); - void append(const SafeBuffer &data); + void append(const RawBuffer &data); /* * Function will return false when BIO_read fails * (for example: when string was not in base64 format). */ bool finalize(); - SafeBuffer get() const; + RawBuffer get() const; void reset(); ~Base64Decoder() { } private: - SafeBuffer m_input; - SafeBuffer m_output; + RawBuffer m_input; + RawBuffer m_output; bool m_finalized; }; } // namespace CKM diff --git a/src/manager/common/buffer-conversion.h b/src/manager/common/buffer-conversion.h deleted file mode 100644 index ba97d4d..0000000 --- a/src/manager/common/buffer-conversion.h +++ /dev/null @@ -1,23 +0,0 @@ -#pragma once - -#include - -#include -#include - -namespace CKM { - -inline RawBuffer toRawBuffer(const SafeBuffer &safe) { - RawBuffer output(safe.size()); - memcpy(output.data(), safe.data(), safe.size()); - return output; -} - -inline SafeBuffer toSafeBuffer(const RawBuffer &raw) { - SafeBuffer output(raw.size()); - memcpy(output.data(), raw.data(), raw.size()); - return output; -} - -} // namespace CKM - diff --git a/src/manager/common/certificate-impl.cpp b/src/manager/common/certificate-impl.cpp index ef20d4f..10d818a 100644 --- a/src/manager/common/certificate-impl.cpp +++ b/src/manager/common/certificate-impl.cpp @@ -24,7 +24,6 @@ #include -#include #include #include #include @@ -36,47 +35,7 @@ CertificateImpl::CertificateImpl(const RawBuffer &der, DataFormat format) { int size; const unsigned char *ptr; - SafeBuffer tmp; - - LogDebug("Certificate to parse. Size: " << der.size()); - - if (DataFormat::FORM_DER_BASE64 == format) { - Base64Decoder base64; - base64.reset(); - base64.append(toSafeBuffer(der)); - base64.finalize(); - tmp = base64.get(); - ptr = reinterpret_cast(tmp.data()); - size = static_cast(tmp.size()); - m_x509 = d2i_X509(NULL, &ptr, size); - } else if (DataFormat::FORM_DER == format) { - ptr = reinterpret_cast(der.data()); - size = static_cast(der.size()); - m_x509 = d2i_X509(NULL, &ptr, size); - } else if (DataFormat::FORM_PEM == format) { - BIO *buff = BIO_new(BIO_s_mem()); - BIO_write(buff, der.data(), der.size()); - m_x509 = PEM_read_bio_X509(buff, NULL, NULL, NULL); - BIO_free_all(buff); - } else { - // TODO - LogError("Unknown certificate format"); - } - - if (!m_x509) { - // TODO - LogError("Certificate could not be parsed."); -// ThrowMsg(Exception::OpensslInternalError, -// "Internal Openssl error in d2i_X509 function."); - } -} - -CertificateImpl::CertificateImpl(const SafeBuffer &der, DataFormat format) - : m_x509(NULL) -{ - int size; - const unsigned char *ptr; - SafeBuffer tmp; + RawBuffer tmp; LogDebug("Certificate to parse. Size: " << der.size()); @@ -162,21 +121,6 @@ RawBuffer CertificateImpl::getDER(void) const { return output; } -SafeBuffer CertificateImpl::getDERSB(void) const { - unsigned char *rawDer = NULL; - int size = i2d_X509(m_x509, &rawDer); - if (!rawDer || size <= 0) { - LogError("i2d_X509 failed"); - return SafeBuffer(); - } - - SafeBuffer output( - reinterpret_cast(rawDer), - reinterpret_cast(rawDer) + size); - OPENSSL_free(rawDer); - return output; -} - bool CertificateImpl::empty() const { return m_x509 == NULL; } diff --git a/src/manager/common/certificate-impl.h b/src/manager/common/certificate-impl.h index fb20b0e..4dc6fc1 100644 --- a/src/manager/common/certificate-impl.h +++ b/src/manager/common/certificate-impl.h @@ -34,7 +34,6 @@ class CertificateImpl : public Certificate { public: CertificateImpl(){} CertificateImpl(X509* x509); - CertificateImpl(const SafeBuffer &data, DataFormat format); CertificateImpl(const RawBuffer &data, DataFormat format); CertificateImpl(const CertificateImpl &); CertificateImpl(CertificateImpl &&); @@ -45,8 +44,6 @@ public: virtual bool empty() const; virtual X509* getX509() const; - SafeBuffer getDERSB() const; - GenericKey::EvpShPtr getEvpShPtr() const; GenericKey getGenericKey() const; diff --git a/src/manager/common/crypto.h b/src/manager/common/crypto.h index 7103250..0a5e22b 100644 --- a/src/manager/common/crypto.h +++ b/src/manager/common/crypto.h @@ -24,7 +24,8 @@ #include -#include +#include +#include namespace CKM { @@ -121,8 +122,8 @@ public: \ {} \ } -DEFINE_CIPHER(AesCbcEncryption, SafeBuffer, EVP_aes_256_cbc(), true); -DEFINE_CIPHER(AesCbcDecryption, SafeBuffer, EVP_aes_256_cbc(), false); +DEFINE_CIPHER(AesCbcEncryption, RawBuffer, EVP_aes_256_cbc(), true); +DEFINE_CIPHER(AesCbcDecryption, RawBuffer, EVP_aes_256_cbc(), false); #undef DEFINE_CIPHER diff --git a/src/manager/common/digest.cpp b/src/manager/common/digest.cpp index 9e4847f..0bec6fc 100644 --- a/src/manager/common/digest.cpp +++ b/src/manager/common/digest.cpp @@ -61,7 +61,7 @@ void Digest::reset() m_initialized = true; } -void Digest::append(const SafeBuffer &data, std::size_t len) +void Digest::append(const RawBuffer &data, std::size_t len) { int ret = -1; @@ -82,7 +82,7 @@ void Digest::append(const SafeBuffer &data, std::size_t len) } } -SafeBuffer Digest::finalize() +RawBuffer Digest::finalize() { int ret = -1; unsigned int dlen; @@ -104,12 +104,12 @@ SafeBuffer Digest::finalize() return m_digest; } -SafeBuffer Digest::get() +RawBuffer Digest::get() { if (m_finalized) return m_digest; else - return SafeBuffer(); + return RawBuffer(); } unsigned int Digest::length() diff --git a/src/manager/common/digest.h b/src/manager/common/digest.h index bd3fc11..e890329 100644 --- a/src/manager/common/digest.h +++ b/src/manager/common/digest.h @@ -16,7 +16,6 @@ #pragma once -#include #include #include #include @@ -42,16 +41,16 @@ class Digest : public CKM::Noncopyable }; Digest(); ~Digest(); - void append(const SafeBuffer &data, std::size_t len = 0); - SafeBuffer finalize(void); - SafeBuffer get(void); + void append(const RawBuffer &data, std::size_t len = 0); + RawBuffer finalize(void); + RawBuffer get(void); void reset(void); unsigned int length(void); private: EVP_MD_CTX *m_ctx; const EVP_MD *m_md; - SafeBuffer m_digest; + RawBuffer m_digest; bool m_initialized; bool m_finalized; }; diff --git a/src/manager/common/generic-key.cpp b/src/manager/common/generic-key.cpp index 368dcb9..b4931c4 100644 --- a/src/manager/common/generic-key.cpp +++ b/src/manager/common/generic-key.cpp @@ -34,20 +34,10 @@ #include #include -#include namespace CKM { namespace { -//void printDER(const SafeBuffer &key) { -// std::stringstream ss; -// for (auto &e : key) { -// ss << std::hex << " " << (int)e; -// } -// ss << std::dec; -// LogError(ss.str()); -//} - typedef std::unique_ptr> BioUniquePtr; int passcb(char *buff, int size, int rwflag, void *userdata) { @@ -65,31 +55,31 @@ int passcb(char *buff, int size, int rwflag, void *userdata) { typedef int(*I2D_CONV)(BIO*, EVP_PKEY*); -CKM::SafeBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) { +CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) { BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all); if (NULL == pkey) { LogDebug("You are trying to read empty key!"); - return SafeBuffer(); + return RawBuffer(); } if (NULL == bio.get()) { LogError("Error in memory allocation! Function: BIO_new."); - return SafeBuffer(); + return RawBuffer(); } if (1 != fun(bio.get(), pkey)) { LogError("Error in conversion EVP_PKEY to der"); - return SafeBuffer(); + return RawBuffer(); } - CKM::SafeBuffer output(8196); + CKM::RawBuffer output(8196); int size = BIO_read(bio.get(), output.data(), output.size()); if (size <= 0) { LogError("Error in BIO_read: " << size); - return SafeBuffer(); + return RawBuffer(); } output.resize(size); @@ -108,7 +98,7 @@ GenericKey::GenericKey(const GenericKey &second) { m_type = second.m_type; } -GenericKey::GenericKey(const SafeBuffer &buf, const std::string &pass) +GenericKey::GenericKey(const RawBuffer &buf, const std::string &pass) : m_pkey(NULL, EVP_PKEY_free) , m_type(KeyType::KEY_NONE) { @@ -197,29 +187,25 @@ KeyType GenericKey::getType() const { return m_type; } -SafeBuffer GenericKey::getDERPRV() const { +RawBuffer GenericKey::getDERPRV() const { return i2d(i2d_PrivateKey_bio, m_pkey.get()); } -SafeBuffer GenericKey::getDERPUB() const { +RawBuffer GenericKey::getDERPUB() const { return i2d(i2d_PUBKEY_bio, m_pkey.get()); } -SafeBuffer GenericKey::getDERSB() const { +RawBuffer GenericKey::getDER() const { if (m_type == KeyType::KEY_ECDSA_PRIVATE || m_type == KeyType::KEY_RSA_PRIVATE) { return getDERPRV(); } else if (m_type == KeyType::KEY_RSA_PUBLIC || m_type == KeyType::KEY_ECDSA_PUBLIC) { return getDERPUB(); } - return SafeBuffer(); -} - -RawBuffer GenericKey::getDER() const { - return toRawBuffer(getDERSB()); + return RawBuffer(); } KeyShPtr Key::create(const RawBuffer &raw, const std::string &password) { - KeyShPtr output(new GenericKey(toSafeBuffer(raw), password)); + KeyShPtr output(new GenericKey(raw, password)); if (output->empty()) output.reset(); return output; diff --git a/src/manager/common/generic-key.h b/src/manager/common/generic-key.h index 4f1cd5b..69526c0 100644 --- a/src/manager/common/generic-key.h +++ b/src/manager/common/generic-key.h @@ -22,8 +22,6 @@ #include -#include - #include #include #include @@ -36,17 +34,14 @@ public: GenericKey(); GenericKey(const GenericKey &second); - GenericKey(const SafeBuffer& buffer, const std::string &pass = std::string()); + GenericKey(const RawBuffer& buffer, const std::string &pass = std::string()); GenericKey(EvpShPtr pkey, KeyType type); virtual KeyType getType() const; virtual RawBuffer getDER() const; - - SafeBuffer getDERSB() const; - SafeBuffer getDERPUB() const; - SafeBuffer getDERPRV() const; - EvpShPtr getEvpShPtr() const; - + virtual RawBuffer getDERPUB() const; + virtual RawBuffer getDERPRV() const; + virtual EvpShPtr getEvpShPtr() const; virtual ElipticCurve getCurve() const { // TODO return ElipticCurve::prime192v1; diff --git a/src/manager/common/message-buffer.cpp b/src/manager/common/message-buffer.cpp index d756f34..bfecf37 100644 --- a/src/manager/common/message-buffer.cpp +++ b/src/manager/common/message-buffer.cpp @@ -29,13 +29,13 @@ namespace CKM { -void MessageBuffer::Push(const SafeBuffer &data) { +void MessageBuffer::Push(const RawBuffer &data) { m_buffer.AppendCopy(&data[0], data.size()); } -SafeBuffer MessageBuffer::Pop() { +RawBuffer MessageBuffer::Pop() { size_t size = m_buffer.Size(); - SafeBuffer buffer; + RawBuffer buffer; buffer.resize(size + sizeof(size_t)); memcpy(&buffer[0], &size, sizeof(size_t)); m_buffer.FlattenConsume(&buffer[sizeof(size_t)], size); diff --git a/src/manager/common/message-buffer.h b/src/manager/common/message-buffer.h index 47f3326..6fc459c 100644 --- a/src/manager/common/message-buffer.h +++ b/src/manager/common/message-buffer.h @@ -26,12 +26,14 @@ #ifndef _CENT_KEY_MNG_SOCKET_BUFFER_ #define _CENT_KEY_MNG_SOCKET_BUFFER_ -#include +#include #include #include #include +#include + namespace CKM { class MessageBuffer : public CKM::IStream { @@ -47,9 +49,9 @@ public: : m_bytesLeft(0) {} - void Push(const SafeBuffer &data); + void Push(const RawBuffer &data); - SafeBuffer Pop(); + RawBuffer Pop(); bool Ready(); diff --git a/src/manager/dpl/core/include/dpl/raw-buffer.h b/src/manager/dpl/core/include/dpl/raw-buffer.h new file mode 100644 index 0000000..5eb1391 --- /dev/null +++ b/src/manager/dpl/core/include/dpl/raw-buffer.h @@ -0,0 +1,23 @@ +/* Copyright (c) 2014 Samsung Electronics Co. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file safe-buffer.h + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @version 1.0 + * @brief Custom allocator for std + */ +#pragma once +#include + diff --git a/src/manager/dpl/core/include/dpl/serialization.h b/src/manager/dpl/core/include/dpl/serialization.h index 5c120f3..5140acf 100644 --- a/src/manager/dpl/core/include/dpl/serialization.h +++ b/src/manager/dpl/core/include/dpl/serialization.h @@ -28,7 +28,7 @@ #include #include -#include +#include namespace CKM { // Abstract data stream buffer @@ -215,14 +215,14 @@ struct Serialization { Serialize(stream, *p); } - static void Serialize(IStream& stream, const SafeBuffer& vec) + static void Serialize(IStream& stream, const RawBuffer& vec) { int length = vec.size(); stream.Write(sizeof(length), &length); stream.Write(length, vec.data()); } - static void Serialize(IStream& stream, const SafeBuffer* const vec) + static void Serialize(IStream& stream, const RawBuffer* const vec) { Serialize(stream, *vec); } @@ -409,7 +409,7 @@ struct Deserialization { Deserialize(stream, *map); } - static void Deserialize(IStream& stream, SafeBuffer& vec) + static void Deserialize(IStream& stream, RawBuffer& vec) { int length; stream.Read(sizeof(length), &length); @@ -417,9 +417,9 @@ struct Deserialization { stream.Read(length, vec.data()); } - static void Deserialize(IStream& stream, SafeBuffer*& vec) + static void Deserialize(IStream& stream, RawBuffer*& vec) { - vec = new SafeBuffer; + vec = new RawBuffer; Deserialize(stream, *vec); } diff --git a/src/manager/dpl/db/include/dpl/db/sql_connection.h b/src/manager/dpl/db/include/dpl/db/sql_connection.h index 561879b..513137a 100644 --- a/src/manager/dpl/db/include/dpl/db/sql_connection.h +++ b/src/manager/dpl/db/include/dpl/db/sql_connection.h @@ -33,9 +33,7 @@ #include #include #include -#include - -#include +#include namespace CKM { namespace DB { @@ -167,7 +165,7 @@ class SqlConnection * @param position Index of argument to bind value to * @param value Value to bind */ - void BindBlob(ArgumentIndex position, const SafeBuffer &value); + void BindBlob(ArgumentIndex position, const RawBuffer &value); /** * Bind optional int to the prepared statement argument. @@ -248,8 +246,7 @@ class SqlConnection * @param position Index of argument to bind value to * @param value Value to bind */ - void BindBlob(ArgumentIndex position, - const boost::optional &value); + void BindBlob(ArgumentIndex position, const boost::optional &value); /** * Execute the prepared statement and/or move @@ -332,7 +329,7 @@ class SqlConnection * * @throw Exception::InvalidColumn */ - SafeBuffer GetColumnBlob(ColumnIndex column); + RawBuffer GetColumnBlob(ColumnIndex column); /** * Get optional integer value from column in current row. @@ -395,7 +392,7 @@ class SqlConnection * * @throw Exception::InvalidColumn */ - boost::optional GetColumnOptionalBlob(ColumnIndex column); + boost::optional GetColumnOptionalBlob(ColumnIndex column); }; // Move on copy constructor. No copy semantics @@ -492,7 +489,7 @@ class SqlConnection * * @param rawPass password given in raw binary format */ - void SetKey(const SafeBuffer &rawPass); + void SetKey(const RawBuffer &rawPass); /** * ResetKey is used for changing key used for database encryption. @@ -506,8 +503,8 @@ class SqlConnection * @param rawPassNew new password for encryption in raw binary format * */ - void ResetKey(const SafeBuffer &rawPassOld, - const SafeBuffer &rawPassNew); + void ResetKey(const RawBuffer &rawPassOld, + const RawBuffer &rawPassNew); /** * Execute SQL command without result diff --git a/src/manager/dpl/db/src/sql_connection.cpp b/src/manager/dpl/db/src/sql_connection.cpp index edd9aab..d9bf3a4 100644 --- a/src/manager/dpl/db/src/sql_connection.cpp +++ b/src/manager/dpl/db/src/sql_connection.cpp @@ -35,8 +35,6 @@ #include #include -#include - namespace CKM { namespace DB { namespace // anonymous @@ -233,7 +231,7 @@ void SqlConnection::DataCommand::BindString( void SqlConnection::DataCommand::BindBlob( SqlConnection::ArgumentIndex position, - const SafeBuffer &raw) + const RawBuffer &raw) { if (raw.size() == 0) { BindNull(position); @@ -345,7 +343,7 @@ void SqlConnection::DataCommand::BindString( void SqlConnection::DataCommand::BindBlob( SqlConnection::ArgumentIndex position, - const boost::optional &value) + const boost::optional &value) { if (!!value) { BindBlob(position, *value); @@ -514,7 +512,7 @@ std::string SqlConnection::DataCommand::GetColumnString( return std::string(value); } -SafeBuffer SqlConnection::DataCommand::GetColumnBlob( +RawBuffer SqlConnection::DataCommand::GetColumnBlob( SqlConnection::ColumnIndex column) { LogPedantic("SQL data command get column blog: [" << column << "]"); @@ -524,13 +522,13 @@ SafeBuffer SqlConnection::DataCommand::GetColumnBlob( sqlcipher3_column_blob(m_stmt, column)); if (value == NULL) { - return SafeBuffer(); + return RawBuffer(); } int length = sqlcipher3_column_bytes(m_stmt, column); LogPedantic("Got blob of length: " << length); - return SafeBuffer(value, value + length); + return RawBuffer(value, value + length); } boost::optional SqlConnection::DataCommand::GetColumnOptionalInteger( @@ -647,14 +645,14 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalString( return boost::optional(s); } -boost::optional SqlConnection::DataCommand::GetColumnOptionalBlob( +boost::optional SqlConnection::DataCommand::GetColumnOptionalBlob( SqlConnection::ColumnIndex column) { LogPedantic("SQL data command get column blog: [" << column << "]"); CheckColumnIndex(column); if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { - return boost::optional(); + return boost::optional(); } const unsigned char *value = reinterpret_cast( sqlcipher3_column_blob(m_stmt, column)); @@ -662,8 +660,8 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalBlob( int length = sqlcipher3_column_bytes(m_stmt, column); LogPedantic("Got blob of length: " << length); - SafeBuffer temp(value, value + length); - return boost::optional(temp); + RawBuffer temp(value, value + length); + return boost::optional(temp); } void SqlConnection::Connect(const std::string &address, @@ -700,12 +698,12 @@ const std::size_t SQLCIPHER_RAW_DATA_SIZE = 32; void rawToHexString(TransitoryString& str, std::size_t offset, - const SafeBuffer &raw) { + const RawBuffer &raw) { for (std::size_t i = 0; i < raw.size(); i++) sprintf(&str[offset + i*2], "%02X", raw[i]); } -TransitoryString createHexPass(const SafeBuffer &rawPass){ +TransitoryString createHexPass(const RawBuffer &rawPass){ TransitoryString pass = TransitoryString('0', SQLCIPHER_RAW_PREFIX.length() + //We are required to pass 64byte //long hex password made out of @@ -722,7 +720,7 @@ TransitoryString createHexPass(const SafeBuffer &rawPass){ } -void SqlConnection::SetKey(const SafeBuffer &rawPass){ +void SqlConnection::SetKey(const RawBuffer &rawPass){ if (m_connection == NULL) { LogPedantic("Cannot set key. No connection to DB!"); return; @@ -744,9 +742,8 @@ void SqlConnection::SetKey(const SafeBuffer &rawPass){ m_isKeySet = true; }; -void SqlConnection::ResetKey(const SafeBuffer &rawPassOld, - const SafeBuffer &rawPassNew) -{ +void SqlConnection::ResetKey(const RawBuffer &rawPassOld, + const RawBuffer &rawPassNew) { if (m_connection == NULL) { LogPedantic("Cannot reset key. No connection to DB!"); return; diff --git a/src/manager/main/generic-socket-manager.h b/src/manager/main/generic-socket-manager.h index d24c397..6066ccb 100644 --- a/src/manager/main/generic-socket-manager.h +++ b/src/manager/main/generic-socket-manager.h @@ -31,11 +31,10 @@ #include -#include - #include #include +#include extern "C" { struct msghdr; @@ -96,7 +95,7 @@ struct GenericSocketService { struct ReadEvent : public GenericEvent { ConnectionID connectionID; - SafeBuffer rawBuffer; + RawBuffer rawBuffer; }; struct CloseEvent : public GenericEvent { @@ -123,7 +122,7 @@ struct GenericSocketManager { virtual void MainLoop() = 0; virtual void RegisterSocketService(GenericSocketService *ptr) = 0; virtual void Close(ConnectionID connectionID) = 0; - virtual void Write(ConnectionID connectionID, const SafeBuffer &rawBuffer) = 0; + virtual void Write(ConnectionID connectionID, const RawBuffer &rawBuffer) = 0; virtual ~GenericSocketManager(){} }; diff --git a/src/manager/main/key-manager-util.cpp b/src/manager/main/key-manager-util.cpp index 3fb3fa4..04f424d 100644 --- a/src/manager/main/key-manager-util.cpp +++ b/src/manager/main/key-manager-util.cpp @@ -117,14 +117,14 @@ char *read_exe_path_from_proc(pid_t pid) return exe; } -void rawBufferToX509(X509 **ppCert, SafeBuffer rawCert) { +void rawBufferToX509(X509 **ppCert, RawBuffer rawCert) { BIO *bio = BIO_new(BIO_s_mem()); BIO_write(bio, rawCert.data(), rawCert.size()); d2i_X509_bio(bio, ppCert); BIO_free_all(bio); } -void x509ToSafeBuffer(SafeBuffer &buf, X509 *cert) { +void x509ToRawBuffer(RawBuffer &buf, X509 *cert) { int len = i2d_X509(cert, NULL); unsigned char tmpBuff[len]; unsigned char *p = tmpBuff; diff --git a/src/manager/main/key-manager-util.h b/src/manager/main/key-manager-util.h index f0ceb93..b43b3fa 100644 --- a/src/manager/main/key-manager-util.h +++ b/src/manager/main/key-manager-util.h @@ -22,7 +22,6 @@ #ifndef CENT_KEY_MNG_UTIL_H #define CENT_KEY_MNG_UTIL_H -#include #include #include #include @@ -34,8 +33,8 @@ namespace CKM { int util_smack_label_is_valid(const char *smack_label); char *read_exe_path_from_proc(pid_t pid); -void rawBufferToX509(X509 **ppCert, SafeBuffer rawCert); -void x509ToSafeBuffer(SafeBuffer &buf, X509 *cert); +void rawBufferToX509(X509 **ppCert, RawBuffer rawCert); +void x509ToRawBuffer(RawBuffer &buf, X509 *cert); STACK_OF(X509) *loadSystemCerts( const char * dirpath); X509 *loadCert(const char *file); diff --git a/src/manager/main/socket-manager.cpp b/src/manager/main/socket-manager.cpp index 42559b8..73e90e4 100644 --- a/src/manager/main/socket-manager.cpp +++ b/src/manager/main/socket-manager.cpp @@ -582,7 +582,7 @@ void SocketManager::Close(ConnectionID connectionID) { NotifyMe(); } -void SocketManager::Write(ConnectionID connectionID, const SafeBuffer &rawBuffer) { +void SocketManager::Write(ConnectionID connectionID, const RawBuffer &rawBuffer) { WriteBuffer buffer; buffer.connectionID = connectionID; buffer.rawBuffer = rawBuffer; diff --git a/src/manager/main/socket-manager.h b/src/manager/main/socket-manager.h index 922567d..978dbee 100644 --- a/src/manager/main/socket-manager.h +++ b/src/manager/main/socket-manager.h @@ -52,7 +52,7 @@ public: virtual void RegisterSocketService(GenericSocketService *service); virtual void Close(ConnectionID connectionID); - virtual void Write(ConnectionID connectionID, const SafeBuffer &rawBuffer); + virtual void Write(ConnectionID connectionID, const RawBuffer &rawBuffer); protected: void CreateDomainSocket( @@ -79,7 +79,7 @@ protected: InterfaceID interfaceID; GenericSocketService *service; time_t timeout; - SafeBuffer rawBuffer; + RawBuffer rawBuffer; int counter; SocketDescription() @@ -97,7 +97,7 @@ protected: struct WriteBuffer { ConnectionID connectionID; - SafeBuffer rawBuffer; + RawBuffer rawBuffer; }; struct Timeout { diff --git a/src/manager/service/CryptoService.cpp b/src/manager/service/CryptoService.cpp index 4d73ce1..39908a3 100644 --- a/src/manager/service/CryptoService.cpp +++ b/src/manager/service/CryptoService.cpp @@ -274,15 +274,15 @@ int CryptoService::createKeyPairECDSA(ElipticCurve type, } int CryptoService::createSignature(const GenericKey &privateKey, - const SafeBuffer &message, + const RawBuffer &message, const HashAlgorithm hashAlgo, const RSAPaddingAlgorithm padAlgo, - SafeBuffer &signature) + RawBuffer &signature) { EVP_MD_CTX *mdctx = NULL; EVP_PKEY_CTX *pctx = NULL; int rsa_padding = NOT_DEFINED; - SafeBuffer data; + RawBuffer data; const EVP_MD *md_algo = NULL; // check the parameters of functions @@ -403,8 +403,8 @@ int CryptoService::createSignature(const GenericKey &privateKey, } int CryptoService::verifySignature(const GenericKey &publicKey, - const SafeBuffer &message, - const SafeBuffer &signature, + const RawBuffer &message, + const RawBuffer &signature, const HashAlgorithm hashAlgo, const RSAPaddingAlgorithm padAlgo) { @@ -515,7 +515,7 @@ int CryptoService::verifyCertificateChain(const CertificateImpl &certificate, X509 *cert = X509_new(); X509 *tempCert; - rawBufferToX509(&cert, certificate.getDERSB()); + rawBufferToX509(&cert, certificate.getDER()); std::vector trustedCerts; std::vector userTrustedCerts; @@ -557,7 +557,7 @@ int CryptoService::verifyCertificateChain(const CertificateImpl &certificate, LogError("Error in X509_new function"); ThrowMsg(CryptoService::Exception::opensslError, "Error in X509_new function"); } - rawBufferToX509(&tempCert, userTrustedCertificates[i].getDERSB()); + rawBufferToX509(&tempCert, userTrustedCertificates[i].getDER()); userTrustedCerts.push_back(tempCert); } @@ -566,16 +566,16 @@ int CryptoService::verifyCertificateChain(const CertificateImpl &certificate, LogError("Error in X509_new function"); ThrowMsg(CryptoService::Exception::opensslError, "Error in X509_new function"); } - rawBufferToX509(&tempCert, untrustedCertificates[i].getDERSB()); + rawBufferToX509(&tempCert, untrustedCertificates[i].getDER()); untrustedChain.push_back(tempCert); } std::vector chain = verifyCertChain(cert, trustedCerts, userTrustedCerts, untrustedChain); - SafeBuffer tmpBuf; + RawBuffer tmpBuf; for(unsigned int i=0;i(key.size()), key }; + 0, RawBuffer(), static_cast(key.size()), key }; auto &handler = m_userDataMap[cred.uid]; DBCrypto::Transaction transaction(&handler.database); if (!handler.crypto.haveKey(cred.smackLabel)) { - SafeBuffer key; + RawBuffer key; auto key_optional = handler.database.getKey(cred.smackLabel); if(!key_optional) { LogDebug("No Key in database found. Generating new one for label: " @@ -202,12 +202,12 @@ int CKMLogic::saveDataHelper( return CKM_API_SUCCESS; } -SafeBuffer CKMLogic::saveData( +RawBuffer CKMLogic::saveData( Credentials &cred, int commandId, DBDataType dataType, const Alias &alias, - const SafeBuffer &key, + const RawBuffer &key, const PolicySerializable &policy) { int retCode = CKM_API_SUCCESS; @@ -240,7 +240,7 @@ SafeBuffer CKMLogic::saveData( return response.Pop(); } -SafeBuffer CKMLogic::removeData( +RawBuffer CKMLogic::removeData( Credentials &cred, int commandId, DBDataType dataType, @@ -320,7 +320,7 @@ int CKMLogic::getDataHelper( } if (!handler.crypto.haveKey(row.smackLabel)) { - SafeBuffer key; + RawBuffer key; auto key_optional = handler.database.getKey(row.smackLabel); if(!key_optional) { LogError("No key for given label in database"); @@ -335,7 +335,7 @@ int CKMLogic::getDataHelper( return CKM_API_SUCCESS; } -SafeBuffer CKMLogic::getData( +RawBuffer CKMLogic::getData( Credentials &cred, int commandId, DBDataType dataType, @@ -372,7 +372,7 @@ SafeBuffer CKMLogic::getData( return response.Pop(); } -SafeBuffer CKMLogic::getDataList( +RawBuffer CKMLogic::getDataList( Credentials &cred, int commandId, DBDataType dataType) @@ -431,7 +431,7 @@ int CKMLogic::createKeyPairRSAHelper( retCode = saveDataHelper(cred, toDBDataType(prv.getType()), aliasPrivate, - prv.getDERSB(), + prv.getDER(), policyPrivate); if (CKM_API_SUCCESS != retCode) @@ -440,7 +440,7 @@ int CKMLogic::createKeyPairRSAHelper( retCode = saveDataHelper(cred, toDBDataType(pub.getType()), aliasPublic, - pub.getDERSB(), + pub.getDER(), policyPublic); if (CKM_API_SUCCESS != retCode) @@ -451,7 +451,7 @@ int CKMLogic::createKeyPairRSAHelper( return retCode; } -SafeBuffer CKMLogic::createKeyPairRSA( +RawBuffer CKMLogic::createKeyPairRSA( Credentials &cred, int commandId, int size, @@ -520,7 +520,7 @@ int CKMLogic::createKeyPairECDSAHelper( retCode = saveDataHelper(cred, toDBDataType(prv.getType()), aliasPrivate, - prv.getDERSB(), + prv.getDER(), policyPrivate); if (CKM_API_SUCCESS != retCode) @@ -529,7 +529,7 @@ int CKMLogic::createKeyPairECDSAHelper( retCode = saveDataHelper(cred, toDBDataType(pub.getType()), aliasPublic, - pub.getDERSB(), + pub.getDER(), policyPublic); if (CKM_API_SUCCESS != retCode) @@ -540,7 +540,7 @@ int CKMLogic::createKeyPairECDSAHelper( return retCode; } -SafeBuffer CKMLogic::createKeyPairECDSA( +RawBuffer CKMLogic::createKeyPairECDSA( Credentials &cred, int commandId, int type, @@ -581,18 +581,18 @@ SafeBuffer CKMLogic::createKeyPairECDSA( return response.Pop(); } -SafeBuffer CKMLogic::getCertificateChain( +RawBuffer CKMLogic::getCertificateChain( Credentials &cred, int commandId, - const SafeBuffer &certificate, - const SafeBufferVector &untrustedRawCertVector) + const RawBuffer &certificate, + const RawBufferVector &untrustedRawCertVector) { (void)cred; CertificateImpl cert(certificate, DataFormat::FORM_DER); CertificateImplVector untrustedCertVector; CertificateImplVector chainVector; - SafeBufferVector chainRawVector; + RawBufferVector chainRawVector; for (auto &e: untrustedRawCertVector) untrustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER)); @@ -603,7 +603,7 @@ SafeBuffer CKMLogic::getCertificateChain( if (retCode == CKM_API_SUCCESS) { for (auto &e : chainVector) - chainRawVector.push_back(e.getDERSB()); + chainRawVector.push_back(e.getDER()); } MessageBuffer response; @@ -614,14 +614,14 @@ SafeBuffer CKMLogic::getCertificateChain( return response.Pop(); } -SafeBuffer CKMLogic::getCertificateChain( +RawBuffer CKMLogic::getCertificateChain( Credentials &cred, int commandId, - const SafeBuffer &certificate, + const RawBuffer &certificate, const AliasVector &aliasVector) { int retCode = CKM_API_SUCCESS; - SafeBufferVector chainRawVector; + RawBufferVector chainRawVector; try { CertificateImpl cert(certificate, DataFormat::FORM_DER); CertificateImplVector untrustedCertVector; @@ -648,7 +648,7 @@ SafeBuffer CKMLogic::getCertificateChain( goto senderror; for (auto &i: chainVector) - chainRawVector.push_back(i.getDERSB()); + chainRawVector.push_back(i.getDER()); } catch (const CryptoLogic::Exception::Base &e) { LogError("DBCyptorModule failed with message: " << e.GetMessage()); @@ -669,18 +669,18 @@ senderror: return response.Pop(); } -SafeBuffer CKMLogic::createSignature( +RawBuffer CKMLogic::createSignature( Credentials &cred, int commandId, const Alias &privateKeyAlias, const std::string &password, // password for private_key - const SafeBuffer &message, + const RawBuffer &message, const HashAlgorithm hash, const RSAPaddingAlgorithm padding) { DBRow row; CryptoService cs; - SafeBuffer signature; + RawBuffer signature; int retCode = CKM_API_SUCCESS; @@ -720,13 +720,13 @@ SafeBuffer CKMLogic::createSignature( return response.Pop(); } -SafeBuffer CKMLogic::verifySignature( +RawBuffer CKMLogic::verifySignature( Credentials &cred, int commandId, const Alias &publicKeyOrCertAlias, const std::string &password, // password for public_key (optional) - const SafeBuffer &message, - const SafeBuffer &signature, + const RawBuffer &message, + const RawBuffer &signature, const HashAlgorithm hash, const RSAPaddingAlgorithm padding) { diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index c42a478..661a6a7 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -50,48 +50,48 @@ public: CKMLogic& operator=(CKMLogic &&) = delete; virtual ~CKMLogic(); - SafeBuffer unlockUserKey(uid_t user, const std::string &password); + RawBuffer unlockUserKey(uid_t user, const std::string &password); - SafeBuffer lockUserKey(uid_t user); + RawBuffer lockUserKey(uid_t user); - SafeBuffer removeUserData(uid_t user); + RawBuffer removeUserData(uid_t user); - SafeBuffer changeUserPassword( + RawBuffer changeUserPassword( uid_t user, const std::string &oldPassword, const std::string &newPassword); - SafeBuffer resetUserPassword( + RawBuffer resetUserPassword( uid_t user, const std::string &newPassword); - SafeBuffer saveData( + RawBuffer saveData( Credentials &cred, int commandId, DBDataType dataType, const Alias &alias, - const SafeBuffer &key, + const RawBuffer &key, const PolicySerializable &policy); - SafeBuffer removeData( + RawBuffer removeData( Credentials &cred, int commandId, DBDataType dataType, const Alias &alias); - SafeBuffer getData( + RawBuffer getData( Credentials &cred, int commandId, DBDataType dataType, const Alias &alias, const std::string &password); - SafeBuffer getDataList( + RawBuffer getDataList( Credentials &cred, int commandId, DBDataType dataType); - SafeBuffer createKeyPairRSA( + RawBuffer createKeyPairRSA( Credentials &cred, int commandId, int size, @@ -100,7 +100,7 @@ public: const PolicySerializable &policyPrivate, const PolicySerializable &policyPublic); - SafeBuffer createKeyPairECDSA( + RawBuffer createKeyPairECDSA( Credentials &cred, int commandId, int type, @@ -109,34 +109,34 @@ public: const PolicySerializable &policyPrivate, const PolicySerializable &policyPublic); - SafeBuffer getCertificateChain( + RawBuffer getCertificateChain( Credentials &cred, int commandId, - const SafeBuffer &certificate, - const SafeBufferVector &untrustedCertificates); + const RawBuffer &certificate, + const RawBufferVector &untrustedCertificates); - SafeBuffer getCertificateChain( + RawBuffer getCertificateChain( Credentials &cred, int commandId, - const SafeBuffer &certificate, + const RawBuffer &certificate, const AliasVector &aliasVector); - SafeBuffer createSignature( + RawBuffer createSignature( Credentials &cred, int commandId, const Alias &privateKeyAlias, const std::string &password, // password for private_key - const SafeBuffer &message, + const RawBuffer &message, const HashAlgorithm hash, const RSAPaddingAlgorithm padding); - SafeBuffer verifySignature( + RawBuffer verifySignature( Credentials &cred, int commandId, const Alias &publicKeyOrCertAlias, const std::string &password, // password for public_key (optional) - const SafeBuffer &message, - const SafeBuffer &signature, + const RawBuffer &message, + const RawBuffer &signature, const HashAlgorithm hash, const RSAPaddingAlgorithm padding); @@ -146,7 +146,7 @@ private: Credentials &cred, DBDataType dataType, const Alias &alias, - const SafeBuffer &key, + const RawBuffer &key, const PolicySerializable &policy); int getDataHelper( diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index 441f767..39f8339 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -77,7 +77,7 @@ bool CKMService::processOne( ConnectionInfo &info) { LogDebug ("process One"); - SafeBuffer response; + RawBuffer response; Try { if (!info.buffer.Ready()) @@ -103,7 +103,7 @@ bool CKMService::processOne( return false; } -SafeBuffer CKMService::processControl(MessageBuffer &buffer) { +RawBuffer CKMService::processControl(MessageBuffer &buffer) { int command; uid_t user; ControlCommand cc; @@ -137,7 +137,7 @@ SafeBuffer CKMService::processControl(MessageBuffer &buffer) { } } -SafeBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ +RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ int command; int commandId; int tmpDataType; @@ -152,7 +152,7 @@ SafeBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ switch(static_cast(command)) { case LogicCommand::SAVE: { - SafeBuffer rawData; + RawBuffer rawData; PolicySerializable policy; Deserialization::Deserialize(buffer, tmpDataType); Deserialization::Deserialize(buffer, alias); @@ -241,8 +241,8 @@ SafeBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ } case LogicCommand::GET_CHAIN_CERT: { - SafeBuffer certificate; - SafeBufferVector rawBufferVector; + RawBuffer certificate; + RawBufferVector rawBufferVector; Deserialization::Deserialize(buffer, certificate); Deserialization::Deserialize(buffer, rawBufferVector); return m_logic->getCertificateChain( @@ -253,7 +253,7 @@ SafeBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ } case LogicCommand::GET_CHAIN_ALIAS: { - SafeBuffer certificate; + RawBuffer certificate; AliasVector aliasVector; Deserialization::Deserialize(buffer, certificate); Deserialization::Deserialize(buffer, aliasVector); @@ -267,7 +267,7 @@ SafeBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ { Alias privateKeyAlias; std::string password; // password for private_key - SafeBuffer message; + RawBuffer message; int padding, hash; Deserialization::Deserialize(buffer, privateKeyAlias); Deserialization::Deserialize(buffer, password); @@ -288,8 +288,8 @@ SafeBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ { Alias publicKeyOrCertAlias; std::string password; // password for public_key (optional) - SafeBuffer message; - SafeBuffer signature; + RawBuffer message; + RawBuffer signature; //HashAlgorithm hash; //RSAPaddingAlgorithm padding; int padding, hash; diff --git a/src/manager/service/ckm-service.h b/src/manager/service/ckm-service.h index 09011dd..f305a05 100644 --- a/src/manager/service/ckm-service.h +++ b/src/manager/service/ckm-service.h @@ -58,10 +58,10 @@ private: const ConnectionID &conn, ConnectionInfo &info); - SafeBuffer processControl( + RawBuffer processControl( MessageBuffer &buffer); - SafeBuffer processStorage( + RawBuffer processStorage( Credentials &cred, MessageBuffer &buffer); diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index a9d8d63..4b71210 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -60,7 +60,7 @@ bool CryptoLogic::haveKey(const std::string &smackLabel) } void CryptoLogic::pushKey(const std::string &smackLabel, - const SafeBuffer &applicationKey) + const RawBuffer &applicationKey) { if (smackLabel.length() == 0) { ThrowMsg(Exception::InternalError, "Empty smack label."); @@ -75,9 +75,9 @@ void CryptoLogic::pushKey(const std::string &smackLabel, m_keyMap[smackLabel] = applicationKey; } -std::size_t CryptoLogic::insertDigest(SafeBuffer &data, const int dataSize) +std::size_t CryptoLogic::insertDigest(RawBuffer &data, const int dataSize) { - SafeBuffer digest; + RawBuffer digest; try { Digest dig; @@ -92,7 +92,7 @@ std::size_t CryptoLogic::insertDigest(SafeBuffer &data, const int dataSize) return digest.size(); } -void CryptoLogic::removeDigest(SafeBuffer &data, SafeBuffer &digest) +void CryptoLogic::removeDigest(RawBuffer &data, RawBuffer &digest) { unsigned int dlen = Digest().length(); @@ -105,36 +105,36 @@ void CryptoLogic::removeDigest(SafeBuffer &data, SafeBuffer &digest) data.erase(data.begin(), data.begin() + dlen); } -SafeBuffer CryptoLogic::encryptData( - const SafeBuffer &data, - const SafeBuffer &key, - const SafeBuffer &iv) const +RawBuffer CryptoLogic::encryptData( + const RawBuffer &data, + const RawBuffer &key, + const RawBuffer &iv) const { Crypto::Cipher::AesCbcEncryption enc(key, iv); - SafeBuffer result = enc.Append(data); - SafeBuffer tmp = enc.Finalize(); + RawBuffer result = enc.Append(data); + RawBuffer tmp = enc.Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); return result; } -SafeBuffer CryptoLogic::decryptData( - const SafeBuffer &data, - const SafeBuffer &key, - const SafeBuffer &iv) const +RawBuffer CryptoLogic::decryptData( + const RawBuffer &data, + const RawBuffer &key, + const RawBuffer &iv) const { Crypto::Cipher::AesCbcDecryption dec(key, iv); - SafeBuffer result = dec.Append(data); - SafeBuffer tmp = dec.Finalize(); + RawBuffer result = dec.Append(data); + RawBuffer tmp = dec.Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); return result; } -SafeBuffer CryptoLogic::passwordToKey( +RawBuffer CryptoLogic::passwordToKey( const std::string &password, - const SafeBuffer &salt, + const RawBuffer &salt, size_t keySize) const { - SafeBuffer result(keySize); + RawBuffer result(keySize); if (1 != PKCS5_PBKDF2_HMAC_SHA1( password.c_str(), @@ -150,8 +150,8 @@ SafeBuffer CryptoLogic::passwordToKey( return result; } -SafeBuffer CryptoLogic::generateRandIV() const { - SafeBuffer civ(EVP_MAX_IV_LENGTH); +RawBuffer CryptoLogic::generateRandIV() const { + RawBuffer civ(EVP_MAX_IV_LENGTH); if (1 != RAND_bytes(civ.data(), civ.size())) { ThrowMsg(Exception::InternalError, @@ -165,9 +165,9 @@ void CryptoLogic::encryptRow(const std::string &password, DBRow &row) { try { DBRow crow = row; - SafeBuffer key; - SafeBuffer result1; - SafeBuffer result2; + RawBuffer key; + RawBuffer result1; + RawBuffer result2; crow.algorithmType = DBCMAlgType::AES_CBC_256; @@ -217,8 +217,8 @@ void CryptoLogic::decryptRow(const std::string &password, DBRow &row) { try { DBRow crow = row; - SafeBuffer key; - SafeBuffer digest, dataDigest; + RawBuffer key; + RawBuffer digest, dataDigest; if (row.algorithmType != DBCMAlgType::AES_CBC_256) { ThrowMsg(Exception::DecryptDBRowError, "Invalid algorithm type."); @@ -278,10 +278,10 @@ void CryptoLogic::decryptRow(const std::string &password, DBRow &row) } } -void CryptoLogic::encBase64(SafeBuffer &data) +void CryptoLogic::encBase64(RawBuffer &data) { Base64Encoder benc; - SafeBuffer encdata; + RawBuffer encdata; benc.append(data); benc.finalize(); @@ -294,10 +294,10 @@ void CryptoLogic::encBase64(SafeBuffer &data) data = std::move(encdata); } -void CryptoLogic::decBase64(SafeBuffer &data) +void CryptoLogic::decBase64(RawBuffer &data) { Base64Decoder bdec; - SafeBuffer decdata; + RawBuffer decdata; bdec.reset(); bdec.append(data); @@ -315,7 +315,7 @@ void CryptoLogic::decBase64(SafeBuffer &data) data = std::move(decdata); } -bool CryptoLogic::equalDigests(SafeBuffer &dig1, SafeBuffer &dig2) +bool CryptoLogic::equalDigests(RawBuffer &dig1, RawBuffer &dig2) { unsigned int dlen = Digest().length(); diff --git a/src/manager/service/crypto-logic.h b/src/manager/service/crypto-logic.h index 12aa0e1..00eed7f 100644 --- a/src/manager/service/crypto-logic.h +++ b/src/manager/service/crypto-logic.h @@ -53,35 +53,35 @@ public: bool haveKey(const std::string &smackLabel); void pushKey(const std::string &smackLabel, - const SafeBuffer &applicationKey); + const RawBuffer &applicationKey); private: static const int ENCR_BASE64 = 1 << 0; static const int ENCR_APPKEY = 1 << 1; static const int ENCR_PASSWORD = 1 << 2; - std::map m_keyMap; + std::map m_keyMap; - SafeBuffer generateRandIV() const; - SafeBuffer passwordToKey(const std::string &password, - const SafeBuffer &salt, + RawBuffer generateRandIV() const; + RawBuffer passwordToKey(const std::string &password, + const RawBuffer &salt, size_t keySize) const; - SafeBuffer encryptData( - const SafeBuffer &data, - const SafeBuffer &key, - const SafeBuffer &iv) const; + RawBuffer encryptData( + const RawBuffer &data, + const RawBuffer &key, + const RawBuffer &iv) const; - SafeBuffer decryptData( - const SafeBuffer &data, - const SafeBuffer &key, - const SafeBuffer &iv) const; + RawBuffer decryptData( + const RawBuffer &data, + const RawBuffer &key, + const RawBuffer &iv) const; - void decBase64(SafeBuffer &data); - void encBase64(SafeBuffer &data); - bool equalDigests(SafeBuffer &dig1, SafeBuffer &dig2); - std::size_t insertDigest(SafeBuffer &data, const int dataSize); - void removeDigest(SafeBuffer &data, SafeBuffer &digest); + void decBase64(RawBuffer &data); + void encBase64(RawBuffer &data); + bool equalDigests(RawBuffer &dig1, RawBuffer &dig2); + std::size_t insertDigest(RawBuffer &data, const int dataSize); + void removeDigest(RawBuffer &data, RawBuffer &digest); }; } // namespace CKM diff --git a/src/manager/service/db-crypto.cpp b/src/manager/service/db-crypto.cpp index 984d5af..daced42 100644 --- a/src/manager/service/db-crypto.cpp +++ b/src/manager/service/db-crypto.cpp @@ -25,8 +25,6 @@ #include #include -#include - #pragma GCC diagnostic push #pragma GCC diagnostic warning "-Wdeprecated-declarations" @@ -127,7 +125,7 @@ namespace { namespace CKM { using namespace DB; DBCrypto::DBCrypto(const std::string& path, - const SafeBuffer &rawPass) { + const RawBuffer &rawPass) { m_connection = NULL; m_inUserTransaction = false; Try { @@ -436,7 +434,7 @@ using namespace DB; void DBCrypto::saveKey( const std::string& label, - const SafeBuffer &key) + const RawBuffer &key) { Try { Transaction transaction(this); @@ -456,7 +454,7 @@ using namespace DB; "Couldn't save key for label " << label); } - DBCrypto::SafeBufferOptional DBCrypto::getKey( + DBCrypto::RawBufferOptional DBCrypto::getKey( const std::string& label) { Try { @@ -467,11 +465,11 @@ using namespace DB; if (selectCommand->Step()) { transaction.commit(); - return SafeBufferOptional( + return RawBufferOptional( selectCommand->GetColumnBlob(0)); } else { transaction.commit(); - return SafeBufferOptional(); + return RawBufferOptional(); } } Catch (SqlConnection::Exception::InvalidColumn) { diff --git a/src/manager/service/db-crypto.h b/src/manager/service/db-crypto.h index 5a72c57..9ff5c10 100644 --- a/src/manager/service/db-crypto.h +++ b/src/manager/service/db-crypto.h @@ -39,7 +39,7 @@ namespace CKM { class DBCrypto { public: typedef boost::optional DBRowOptional; - typedef boost::optional SafeBufferOptional; + typedef boost::optional RawBufferOptional; class Exception { public: @@ -53,7 +53,7 @@ namespace CKM { m_inUserTransaction(false) {}; //user name instead of path? - DBCrypto(const std::string &path, const SafeBuffer &rawPass); + DBCrypto(const std::string &path, const RawBuffer &rawPass); DBCrypto(const DBCrypto &other) = delete; DBCrypto(DBCrypto &&other); @@ -81,8 +81,8 @@ namespace CKM { const Alias& alias, const std::string &label); - void saveKey(const std::string& label, const SafeBuffer &key); - SafeBufferOptional getKey( + void saveKey(const std::string& label, const RawBuffer &key); + RawBufferOptional getKey( const std::string& label); void deleteKey(const std::string& label); diff --git a/src/manager/service/db-row.h b/src/manager/service/db-row.h index 1de73a0..0a03e25 100644 --- a/src/manager/service/db-row.h +++ b/src/manager/service/db-row.h @@ -2,8 +2,6 @@ #include -#include - #include #include @@ -16,9 +14,9 @@ namespace CKM { DBDataType dataType; // cert/key/data DBCMAlgType algorithmType; // Algorithm type used for row data encryption int encryptionScheme; // for example: (ENCR_BASE64 | ENCR_PASSWORD) - SafeBuffer iv; // encoded in base64 + RawBuffer iv; // encoded in base64 int dataSize; // size of information without hash and padding - SafeBuffer data; + RawBuffer data; }; } // namespace CKM diff --git a/src/manager/service/file-system.cpp b/src/manager/service/file-system.cpp index 47a3b7e..c77da10 100644 --- a/src/manager/service/file-system.cpp +++ b/src/manager/service/file-system.cpp @@ -28,9 +28,6 @@ #include #include -#include -#include - #include #include @@ -62,15 +59,18 @@ std::string FileSystem::getDKEKPath() const { return ss.str(); } -SafeBuffer FileSystem::getDomainKEK() const +RawBuffer FileSystem::getDomainKEK() const { std::ifstream is(getDKEKPath()); std::istreambuf_iterator begin(is),end; - RawBuffer buffer(begin, end); - return toSafeBuffer(buffer); + std::vector buff(begin,end); // This trick does not work with boost vector + + RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + return buffer; } -bool FileSystem::saveDomainKEK(const SafeBuffer &buffer) const +bool FileSystem::saveDomainKEK(const RawBuffer &buffer) const { std::ofstream os(getDKEKPath(), std::ios::out | std::ofstream::binary); std::copy(buffer.begin(), buffer.end(), std::ostreambuf_iterator(os)); diff --git a/src/manager/service/file-system.h b/src/manager/service/file-system.h index 847aa5e..197cc96 100644 --- a/src/manager/service/file-system.h +++ b/src/manager/service/file-system.h @@ -31,8 +31,8 @@ public: FileSystem(uid_t uid); std::string getDBPath() const; - SafeBuffer getDomainKEK() const; - bool saveDomainKEK(const SafeBuffer &buffer) const; + RawBuffer getDomainKEK() const; + bool saveDomainKEK(const RawBuffer &buffer) const; int removeUserData() const; static int init(); diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h index 77f5a3e..3c8285c 100644 --- a/src/manager/service/key-provider.h +++ b/src/manager/service/key-provider.h @@ -1,7 +1,5 @@ #pragma once -#include - #include #include #include @@ -54,7 +52,7 @@ public: // if (keyInWrapForm.size() != sizeof(WrappedKeyMaterial)) // throw exception; // buffer does not have proper size to store WrappedKeyMaterial // WrappedKeyMaterial *wkm = static_cast(keyInWrapForm.data()); - KeyProvider(const SafeBuffer &domainKEKInWrapForm, const std::string &password); + KeyProvider(const RawBuffer &domainKEKInWrapForm, const std::string &password); KeyProvider(KeyProvider &&); KeyProvider(const KeyProvider &) = delete; @@ -64,31 +62,31 @@ public: bool isInitialized(); // Returns Key used to decrypt database. - SafeBuffer getPureDomainKEK(); + RawBuffer getPureDomainKEK(); // Returns Key in form used to store key in file - // Requied by Control::resetPassword(const SafeBuffer &newPassword); + // Requied by Control::resetPassword(const RawBuffer &newPassword); // This api should be used only on Tizen 2.2.1 - SafeBuffer getWrappedDomainKEK(const std::string &password); + RawBuffer getWrappedDomainKEK(const std::string &password); // EncryptedKey key extracted from database. Used to encrypt application data. // This key will be used to decrypt/encrypt data in ROW - SafeBuffer getPureDEK(const SafeBuffer &DEKInWrapForm); + RawBuffer getPureDEK(const RawBuffer &DEKInWrapForm); // Returns WRAPPED DEK. This will be written to datbase. // This key will be used to encrypt all application information. // All application are identified by smackLabel. - SafeBuffer generateDEK(const std::string &smackLabel); + RawBuffer generateDEK(const std::string &smackLabel); // used by change user password. On error -> exception - static SafeBuffer reencrypt( - const SafeBuffer &domainKEKInWrapForm, + static RawBuffer reencrypt( + const RawBuffer &domainKEKInWrapForm, const std::string &oldPass, const std::string &newPass); // First run of application for some user. DomainKEK was not created yet. We must create one. // This key will be used to encrypt user database. - static SafeBuffer generateDomainKEK(const std::string &user, const std::string &userPassword); + static RawBuffer generateDomainKEK(const std::string &user, const std::string &userPassword); // This will be called by framework at the begin of the program static int initializeLibrary(); diff --git a/src/manager/service/ocsp-logic.cpp b/src/manager/service/ocsp-logic.cpp index 814acb2..a12867f 100644 --- a/src/manager/service/ocsp-logic.cpp +++ b/src/manager/service/ocsp-logic.cpp @@ -31,7 +31,7 @@ namespace CKM { -SafeBuffer OCSPLogic::ocspCheck(int commandId, const SafeBufferVector &rawChain) { +RawBuffer OCSPLogic::ocspCheck(int commandId, const RawBufferVector &rawChain) { CertificateImplVector certChain; OCSPModule ocsp; int retCode = CKM_API_SUCCESS; diff --git a/src/manager/service/ocsp-logic.h b/src/manager/service/ocsp-logic.h index dded072..f0dcab4 100644 --- a/src/manager/service/ocsp-logic.h +++ b/src/manager/service/ocsp-logic.h @@ -33,7 +33,7 @@ public: OCSPLogic& operator=(const OCSPLogic &) = delete; OCSPLogic& operator=(OCSPLogic &&) = delete; - SafeBuffer ocspCheck(int commandId, const SafeBufferVector &rawChain); + RawBuffer ocspCheck(int commandId, const RawBufferVector &rawChain); virtual ~OCSPLogic(){} }; diff --git a/src/manager/service/ocsp-service.cpp b/src/manager/service/ocsp-service.cpp index 3e7f0c2..4a3884a 100644 --- a/src/manager/service/ocsp-service.cpp +++ b/src/manager/service/ocsp-service.cpp @@ -83,11 +83,11 @@ bool OCSPService::processOne( auto &buffer = info.buffer; int commandId; - SafeBufferVector chainVector; + RawBufferVector chainVector; Deserialization::Deserialize(buffer, commandId); Deserialization::Deserialize(buffer, chainVector); - SafeBuffer response = m_logic->ocspCheck(commandId, chainVector); + RawBuffer response = m_logic->ocspCheck(commandId, chainVector); m_serviceManager->Write(conn, response); return true; diff --git a/tests/test-key-provider.cpp b/tests/test-key-provider.cpp index 590907d..04c0d9c 100644 --- a/tests/test-key-provider.cpp +++ b/tests/test-key-provider.cpp @@ -41,7 +41,7 @@ BOOST_AUTO_TEST_CASE(KeyDomainKEK){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); CKM::KeyProvider keyProvider; - CKM::SafeBuffer rb_test; + CKM::RawBuffer rb_test; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD)); @@ -53,7 +53,7 @@ BOOST_AUTO_TEST_CASE(KeyDomainKekInvalidPassword){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); CKM::KeyProvider keyProvider; - CKM::SafeBuffer rb_test; + CKM::RawBuffer rb_test; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_THROW(keyProvider = CKM::KeyProvider(rb_test, INCORRECT_PASSWORD), @@ -66,7 +66,7 @@ BOOST_AUTO_TEST_CASE(KeygetPureDomainKEK){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); CKM::KeyProvider keyProvider; - CKM::SafeBuffer rb_test; + CKM::RawBuffer rb_test; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, std::string(PASSWORD))); @@ -79,7 +79,7 @@ BOOST_AUTO_TEST_CASE(KeyGetWrappedDomainKEK){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); CKM::KeyProvider keyProvider; - CKM::SafeBuffer rb_test; + CKM::RawBuffer rb_test; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD)); @@ -92,8 +92,8 @@ BOOST_AUTO_TEST_CASE(KeyGenerateDEK){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); CKM::KeyProvider keyProvider; - CKM::SafeBuffer rb_test; - CKM::SafeBuffer rb_DEK1; + CKM::RawBuffer rb_test; + CKM::RawBuffer rb_DEK1; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD)); @@ -106,9 +106,9 @@ BOOST_AUTO_TEST_CASE(KeyGetPureDEK){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); CKM::KeyProvider keyProvider; - CKM::SafeBuffer rb_pureDEK1; - CKM::SafeBuffer rb_DEK1; - CKM::SafeBuffer rb_test; + CKM::RawBuffer rb_pureDEK1; + CKM::RawBuffer rb_DEK1; + CKM::RawBuffer rb_test; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD)); @@ -121,7 +121,7 @@ BOOST_AUTO_TEST_CASE(KeyGetPureDEK){ BOOST_AUTO_TEST_CASE(KeyReencrypt){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); - CKM::SafeBuffer rb_test; + CKM::RawBuffer rb_test; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_NO_THROW(CKM::KeyProvider::reencrypt(rb_test, PASSWORD, @@ -131,7 +131,7 @@ BOOST_AUTO_TEST_CASE(KeyReencrypt){ BOOST_AUTO_TEST_CASE(KeyReencrypt_incorrect_password){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); - CKM::SafeBuffer rb_test; + CKM::RawBuffer rb_test; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_THROW((rb_test = CKM::KeyProvider::reencrypt(rb_test, INCORRECT_PASSWORD, @@ -142,8 +142,8 @@ BOOST_AUTO_TEST_CASE(KeyGetPureDEK_after_reencrypt){ BOOST_REQUIRE_MESSAGE(isLibInitialized, "Library is not initialized!"); CKM::KeyProvider keyProvider; - CKM::SafeBuffer rb_DEK1; - CKM::SafeBuffer rb_test; + CKM::RawBuffer rb_DEK1; + CKM::RawBuffer rb_test; BOOST_REQUIRE_NO_THROW(rb_test = CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD)); BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD)); diff --git a/tests/test_common.cpp b/tests/test_common.cpp index 999f608..f1727a3 100644 --- a/tests/test_common.cpp +++ b/tests/test_common.cpp @@ -3,18 +3,27 @@ using namespace CKM; -SafeBuffer createDefaultPass() { - SafeBuffer raw; +RawBuffer createDefaultPass() { + RawBuffer raw; for(unsigned char i =0; i < RAW_PASS_SIZE; i++) raw.push_back(i); return raw; } -SafeBuffer createBigBlob(std::size_t size) { - SafeBuffer raw; +RawBuffer createBigBlob(std::size_t size) { + RawBuffer raw; for(std::size_t i = 0; i < size; i++) { raw.push_back(static_cast(i)); } return raw; } +//raw to hex string conversion from SqlConnection +std::string rawToHexString(const RawBuffer &raw) { + std::string dump(raw.size()*2, '0'); + for(std::size_t i = 0; i < raw.size(); i++){ + sprintf(&dump[2*i], "%02x", raw[i]); + } + return dump; +} + diff --git a/tests/test_common.h b/tests/test_common.h index 8f2b33e..681bd4d 100644 --- a/tests/test_common.h +++ b/tests/test_common.h @@ -1,6 +1,5 @@ #pragma once #include -#include #include #include #include @@ -17,22 +16,15 @@ struct TestConfig { private: }; -CKM::SafeBuffer createDefaultPass(); -CKM::SafeBuffer createBigBlob(std::size_t size); +CKM::RawBuffer createDefaultPass(); +CKM::RawBuffer createBigBlob(std::size_t size); -const CKM::SafeBuffer defaultPass = createDefaultPass(); +const CKM::RawBuffer defaultPass = createDefaultPass(); const std::string pattern = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"; const std::size_t RAW_PASS_SIZE = 32; const std::size_t HEX_PASS_SIZE = RAW_PASS_SIZE * 2; -template -std::string rawToHexString(const T &raw) { - std::string dump(raw.size()*2, '0'); - for(std::size_t i = 0; i < raw.size(); i++) { - sprintf(&dump[2*i], "%02x", static_cast(raw[i])); - } - return dump; -} +std::string rawToHexString(const CKM::RawBuffer &raw); diff --git a/tests/test_db_crypto.cpp b/tests/test_db_crypto.cpp index 215e691..4933e6a 100644 --- a/tests/test_db_crypto.cpp +++ b/tests/test_db_crypto.cpp @@ -90,7 +90,7 @@ BOOST_AUTO_TEST_CASE(DBtestSimple) { BOOST_REQUIRE_NO_THROW(db = DBCrypto(crypto_db, defaultPass)); DBRow rowPattern = createDefaultRow(); - rowPattern.data = SafeBuffer(32, 1); + rowPattern.data = RawBuffer(32, 1); rowPattern.dataSize = rowPattern.data.size(); checkDBIntegrity(rowPattern, db); @@ -112,7 +112,7 @@ BOOST_AUTO_TEST_CASE(DBtestGlobal) { BOOST_REQUIRE_NO_THROW(db = DBCrypto(crypto_db, defaultPass)); DBRow rowPattern = createDefaultRow(restricted_global); - rowPattern.data = SafeBuffer(1024, 2); + rowPattern.data = RawBuffer(1024, 2); rowPattern.dataSize = rowPattern.data.size(); BOOST_REQUIRE_NO_THROW(db.saveDBRow(rowPattern)); @@ -129,7 +129,7 @@ BOOST_AUTO_TEST_CASE(DBtestTransaction) { BOOST_REQUIRE_NO_THROW(db = DBCrypto(crypto_db, defaultPass)); DBRow rowPattern = createDefaultRow(0); - rowPattern.data = SafeBuffer(100, 20); + rowPattern.data = RawBuffer(100, 20); rowPattern.dataSize = rowPattern.data.size(); DBCrypto::Transaction transaction(&db); diff --git a/tests/test_sql.cpp b/tests/test_sql.cpp index d1f5f12..984504c 100644 --- a/tests/test_sql.cpp +++ b/tests/test_sql.cpp @@ -25,7 +25,7 @@ const char *insert_table = "INSERT INTO t1(a,b) VALUES (" " 'two for the show');"; const char *select_table = "SELECT * FROM t1"; -CKM::SafeBuffer raw_password = createDefaultPass(); +CKM::RawBuffer raw_password = createDefaultPass(); BOOST_AUTO_TEST_SUITE(SQL_TEST) BOOST_AUTO_TEST_CASE(sqlTestConversion){ @@ -43,7 +43,7 @@ BOOST_AUTO_TEST_CASE(sqlTestSetKeyTooShort) { BOOST_CHECK(unlink(encrypt_me_not) == 0 || errno == ENOENT); SqlConnection connection(encrypt_me_not, SqlConnection::Flag::CRW); - CKM::SafeBuffer wrong_key(RAW_PASS_SIZE - 1, 1); + CKM::RawBuffer wrong_key(RAW_PASS_SIZE - 1, 1); BOOST_REQUIRE_THROW(connection.SetKey(wrong_key), SqlConnection::Exception::InvalidArguments); } @@ -53,7 +53,7 @@ BOOST_AUTO_TEST_CASE(sqlTestSetKeyTooLong) { BOOST_CHECK(unlink(encrypt_me_not) == 0 || errno == ENOENT); SqlConnection connection(encrypt_me_not, SqlConnection::Flag::CRW); - CKM::SafeBuffer wrong_key(RAW_PASS_SIZE + 1, 1); + CKM::RawBuffer wrong_key(RAW_PASS_SIZE + 1, 1); BOOST_REQUIRE_THROW(connection.SetKey(wrong_key), SqlConnection::Exception::InvalidArguments); } @@ -118,7 +118,7 @@ BOOST_AUTO_TEST_CASE(sqlTestConnectionEncryptedNegative) { { SqlConnection encrypting_you(encrypt_me, SqlConnection::Flag::RW); - CKM::SafeBuffer wrong_password; + CKM::RawBuffer wrong_password; for(std::size_t i = 0; i < RAW_PASS_SIZE; i++) { wrong_password.push_back(raw_password[i] + 1); } -- 2.7.4