From 96a0c8de39f676bdd88c23ac7aef6b82a02d7c3f Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Tue, 21 Jul 2015 14:53:27 +0200 Subject: [PATCH] Encrypted Initial Values: decrypting items from XML files. Change-Id: I08d53475401407c76d8aafbefc0b4d2f4fd82204 --- doc/example.xml | 236 +++++++++++++-------- src/manager/crypto/generic-backend/gstore.h | 5 + src/manager/crypto/platform/decider.cpp | 10 +- src/manager/crypto/platform/decider.h | 2 +- src/manager/initial-values/BufferHandler.cpp | 18 +- src/manager/initial-values/BufferHandler.h | 14 +- src/manager/initial-values/CertHandler.h | 3 +- src/manager/initial-values/DataHandler.h | 3 +- src/manager/initial-values/EncodingType.h | 4 +- src/manager/initial-values/InitialValueHandler.cpp | 61 +++--- src/manager/initial-values/InitialValueHandler.h | 5 +- src/manager/initial-values/InitialValuesFile.cpp | 45 +++- src/manager/initial-values/InitialValuesFile.h | 12 +- src/manager/initial-values/KeyHandler.h | 4 +- src/manager/service/ckm-logic.cpp | 32 +++ src/manager/service/ckm-logic.h | 27 ++- tests/XML_3_encrypted.xml | 52 ++--- 17 files changed, 349 insertions(+), 184 deletions(-) diff --git a/doc/example.xml b/doc/example.xml index 9c0917c..2be09cf 100644 --- a/doc/example.xml +++ b/doc/example.xml @@ -79,7 +79,7 @@ - MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE + QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY= @@ -110,31 +110,24 @@ - H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH - N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE - W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf - 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B - ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk - QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi - w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL - /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ - VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 - W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO - 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk - 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg - q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr - GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ - SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX - SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX - RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn - yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ - +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 - xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm - /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy - 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq - 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx - j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD - /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw + /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv + l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7 + XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2 + /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d + osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU + 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf + TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e + ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL + oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG + ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ + tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos + kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC + DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo + LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO + XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi + 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk + a+r+N4lsYPKJbX2ywUvDHg== @@ -144,73 +137,130 @@ - weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 - Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x - sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn - 6HYQe7ibU2oQJYr166ZI8WviLFsEVOWOgi+EFulVyn5vUHXjyCIlKi9xOfE7opMh - qeciELIFZCb6gFLmp//P2C8BRnkJ2bIdem+Z+l72W+jLmhdQx70y6toZS6YuK+TD - LGdD8AFH4rFlkFUcp1O/MQinS3w67dBj6/KniYUH5OurOJFTDt446LwctYujshTQ - IgPHT0uREoxQKbf+Sw5FGR2alXLntzeW/r7OG9oOLuXh0jOVM1z+hifxC87y20L+ - 0EHcCL7yB5q1ggs9sucLXKq3WrKz8nLXmeWB5zUi8LPRGM+avcNnlfB+OAXUAeB9 - Z1xeJwmva3eIG0GCu+pVD3O7dSHfCAZpZfvsqxkhOrZKBUJ5prg/0Qy3S326xYCk - z41oKF4KlGVTj46f7CxvC/4KLSLzhHdu1LGIKleaU+5ITSAUu8AUxRg4Jl9NjblW - 3ZOqV0Rd7jkheOg5WlSdyD9Ku2pIg9A8uWylUNMgyFIhep23S3/JVC0fUa3Sj3Gq - 7EqI3EPl5tAjXs23kndfz/9iHstsRpVlH1A9iilBRJlUKHsiN9H3/lGQ5BjU0lVr - v33X1BJhMc4f3F52AQMvCPLvTbpqqJwGKJ2A++ok9mZdxeR4ZapKWhiw+N2bbOWQ - I+Oil9f1KC2XKBB9QDK0bBQsOn39PaZkrIztD4pyhMduoohX1BP1KmLQ7RohLJc+ - aVg/OuYub3D1aw0F3r5TJGGbrxmrYA1p6i+JktwUnBYw8vaPM8Ucf5rw4LI/18PQ - fkdSc6J4z/ExxVvSOFMyZQiK+YDSVKtVw/3lZSzLyNx/pyZbX785rqn7zPfsT81k - mK8fwcrTW3KPf+cdrGzL3y/TIXCGwIX59fXsjhS9R8JT7eO1NcggEwT/jCIei1Lo - FawJolBSguIQxLZjpAQ8qfbghU6HvSJHcKq+ZDZ/sM4EGaPd1y33WBYp6ivEHFhu - TODFB2wa+vCmhQqybAXg5HCVUsimq3zru84/67uP0sbMz6mWMevR2nW+CUP1DV5C - XaPiJe223zD7wBh+M+FxIb1zufh21if0NxyJtt7vfZNRxUC1LQ8SpwCTRTqKoZ/m - KCDPm8EyL+xuVL1IYU3U5DYv6JEzpiyRoMIHQrZ1QPc4G8SwU4cyxqlyGHDMDUGk - 7uIC18lu1qVeVzz1B/E894q7aE00kkmBG5gtyoPeBUM68EYZy/xL9HtCgF8dUgsD - ryx2lZC/V5A/7nbHWiGffqaoNRP8VIQjgtxUQHHqKRP1E6VKpcTqr/D8oRm8nVuU - ZhvUkmNSZmV/pnM+s75/I0Z1hWu0atTa0Xo2B7bvzz0gIcGG+YhCzVZ/Lj/7BfDL - fqqrIoYW4XGrbkSYHiNPmHip5A9FNkZHhxzFKKlRHfrQUO95j7qhAZkpdxSen6Td - Ba1xqpykFJ5tFCl9nXioNEdxPfMaHgrGwPy4TILKh4hW6rlfvMB1ZxRxVDjcRoKf - EPwcFm78nSwtt+7Z5wII0XXG2pkD8PiabFTZGCn/7VtQiEM0mcwYvCJTt9dD2Tms - fbjannZ2L55xYPLquFVBZ/Xn6RxG45qArjJjAT9vOPg84XRtYbwVPvcMzzUpEHFU - TctcNVnus+1eXqPdJ/tpJLeoHl7KQY1AoQAfhGXwnnvyKOuX0niYcFMJMdSzwA11 - IDlb05CAunySC87Jy7I7dZ5riCYh3cWJ3t+rkARXzjKYkXqwfvkbjiGNMU5cds/w - IaCIgNiOi9FqvUYMWfiG9CdiVm6fcHvfZur2Vq3lCBlq6LhYi1rcXR+0Ghc0NFcT - HNuk8qdmBEUrjd3T4qLp0b7pniaF+7rqup0FU3eAW+X4gGkYA1YT8DY5XW0N702b - A2OJkwLi08GiemQjJgtyaA5VQblWEPlkTHpEBqsqb1JpcFWD+Sp1Yabzxr8bXp1h - GxizqXPyMOxJby5YscGm2UwepFW9BPxsrFSU1k7wTCq1Yu9tEFM1Qv9lMo1+Qhhs - BXK6uP/+TMJhREENxtBsq0faGC1f8qNJGc/W3SbUrbVmwaE3jMU+5hYRV7MpYAFD - +T6ka2BbNqMp/WlNjeX8Z4smtpKuwhLdcyVzCU0hm7E+3RBhSlVtacrqGt3i6Wo/ - 8wfNo7IsEYEDd2U6JP9AOZ1Gu5LMCiKpM5NBNCUiBNuUUkgVK8w2YxmF1WBYiXOk - KF4W0+iwUnl7iyDTv2StXT4CqGPApz5Zs1MUTsakH+T9dl/95hjy86TSStV6Hn9p - 788QZ3P7++ML5F1J9hj1Yo8NyZbecOr0EKTSigIWdcnJQ1t9stUQOsnsUqrKdvkd - RpQ30LMrtOGRa9qGYZHl5IjfvGJMRBzemI7i10AcKRM7ntfGUOP/lmDUofBfajPe - JyC1aoLhwr3G84eWf5ZlYc3HB+o4EU3EloHY3re3TnFUsbNlp2u9hMcsZttZ4FQY - Bg44RJnoshVCgiUztLNwFddpmY9IT/aX0I9FRd4076S0YiCemdksetKwC662y3kP - iGTIeHys/6RmxSePJw60LcQyfVst11J8o67z4d3C9qi6N91m+Vdwz+1qs7MM6uPw - SAoy1HPeUleshGydRzaKd01lIMPwNZhgi9Uvo6tVqBuOEkxPyX9HAbbaAhvNTnMC - Dcl/eQEqbIdwUAv2iscE62w4sEUngHYHibpo57kJ9pMVioI5yuPXCITojDtSjYwH - O92VlE+C49Df1beIyN8wTF5yllIBnEPwUZmN1pYFWUL4x3BI7HRbW6+e50dXx946 - k4iKFRknFCXtDnOzWBw4wUfZENilbEOxI2mVvnJtuj2lDgVLYnrnpoLmfjFUZ7l/ - d6ett+7qJuZ+dHSIPlj+BhfnRFhu4w9bt+J55qh/8qs93SWvFd3xQ3eRUlmKERwu - 3GYIdv4S4X4VHVxiS55AnclWBivpoHl+pEDRpDuOCy+siQ2Gz+rYHbC7Dy5By6uF - m/8WiVT+d5ea05B86fcyWj3hB/t/lkJiHDMdPzSyk6Zf9ghXRb5elvPZv3y9H7Yr - 2/inakeNW7uhzdNwtmIfZUwjo3nppScq5JRkMUnpnBPT3RPDwMPg7pInz/VSosTT - dmpwKFIFdHdQdUJDLqyJpduhR7wvDU+hHcaEo9u1jodMMOE2duBKyaYOoqz027yt - dKztGmYtqlTHuSVirDJ9osqIpA9EWPXgJ4222b1/FfoE+pOON59BRcsW4/E2i68v - tGDji+mdzLGBpKoz1gaWzal5wDcceUzU6Eeaa9nqyYI3zXoTpiKrzZ58hB13l6Xy - QVuY8jfU1av9BV5VdnyBeuJ/mQz2lms1LhFtRRF/0oS7LeeAxX9JUPchdMOiXcfo - KQNTRAxR/+CXh4YFH9aP/JQJM2c5YL7qppalhbavWVHlzOCc0bepiAQlKfq5VMox - ZZBjy/xZ7SVhGEYK+ycwd/gCB04E7H6gMzlP1xJLpi7hfW7iXJgW9AHPeIqJI4no - o1arl4uFQwS9Rw2o6Q6GK3uFf7TMdKOPmx0efHSi7yIC+WhUpS2MrG68/UsQZPkc - LigR1b1QEUmXVIh6szYJSlAuDdy9VKo3W1A6xdFUXmzxG9yOloZh9IsxOdLRfLOE - bJLgabgKes8mWaph3PHgNPFK8rjsX1iINu2/pTvP2YsZEXg8RHY2y2fXGp+SAx6x - XcW1kl+xITjKJOVxmafFKYDTc+yWdJsLdup6rznnQuqTKqcZaKDOoDDXQPlZW6n1 - ZvHHOIRez1UcLw9kmKOmVyiTGow1GWkuYk71dE1a+JylpIlp99uH1+Tt1eqNRQEC - myfG5NajUBNc+GA1FZCB1Lm3S2noMymg11NF6dZ1evLevD6JCKVQuojGIdx28zz6 - MX1Xb08aRm3zEX/oY2IPuFxvNbLmnJMtnFn+6/Kboe5pXAI5CChqyL0zSlx2z/hJ - /KZQkps7G4V/Mno59Qb2F5BE4as2uyhr0dGLAOlVRE9AabU5Ci0QbzDzZhvnOcg8 - HJeOY13+8zfxpDZrw3ZORuVR9/+xv1ItFlu++wb9BHtBxiWAu3hxQk7RE3AleAoB - avTuLW6BLgtjqDmJKF9sKpBBCMkqzYTQdcEw9FNInc0= + weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC + Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF + oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf + kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk + KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy + iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8 + gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju + yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC + Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps + ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod + v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW + NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti + udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0 + FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx + IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h + ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx + asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0 + +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA + Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI + Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK + XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT + gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg + g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8 + DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4 + T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q + MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0 + CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz + traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c + q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP + ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n + Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t + gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3 + 7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW + YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx + pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys + nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9 + pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI + 2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY + hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp + VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka + lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP + 2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32 + LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk + UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2 + rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/ + sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY + 631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1 + H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv + e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt + ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW + MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP + zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J + 89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un + TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb + aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS + eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09 + +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ + 43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo + p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO + fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT + mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ + ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA + YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3 + aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC + jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK + vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T + INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA + wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3 + Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf + ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR + 9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu + Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm + q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O + eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ + USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx + qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk + p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL + 1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS + orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY + BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL + YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5 + ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm + HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h + TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9 + jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ + ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B + Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU + V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5 + RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc + Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc + Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh + PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1 + zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV + e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt + eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz + zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c + 6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw + eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV + HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu + by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT + n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50 + mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL + PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe + xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg + wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0 + ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp + EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr + d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb + 7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi + F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7 + HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM + yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC + Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV + lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw + xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm + LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi + eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A + CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb + U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB + +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw + IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx + 4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe + FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD + yYRBt5UqwGovABM08jYkuA== diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h index 88a99a5..6eee7a3 100644 --- a/src/manager/crypto/generic-backend/gstore.h +++ b/src/manager/crypto/generic-backend/gstore.h @@ -41,6 +41,11 @@ struct Data { // Too generic. The name does not say anything aobut content. struct DataEncryption { + DataEncryption() {}; + DataEncryption(RawBuffer encKey, RawBuffer ivector) + : encryptedKey(std::move(encKey)) + , iv(std::move(ivector)) + {} RawBuffer encryptedKey; RawBuffer iv; }; diff --git a/src/manager/crypto/platform/decider.cpp b/src/manager/crypto/platform/decider.cpp index 6c63c49..2f73b1f 100644 --- a/src/manager/crypto/platform/decider.cpp +++ b/src/manager/crypto/platform/decider.cpp @@ -32,7 +32,11 @@ namespace CKM { namespace Crypto { namespace { -CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable) { +CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encrypted) { +// Only software backend supports device encyption key + if (encrypted) + return CryptoBackend::OpenSSL; + // The list of items that MUST be support by OpenSSL if (dataType.isCertificate()) return CryptoBackend::OpenSSL; @@ -77,8 +81,8 @@ GStore& Decider::getStore(CryptoBackend cryptoBackend) const { "Backend not available. BackendId: ", (int)cryptoBackend); } -GStore& Decider::getStore(DataType data, bool exportable) const { - return getStore(chooseCryptoBackend(data, exportable)); +GStore& Decider::getStore(DataType data, bool exportable, bool encrypted) const { + return getStore(chooseCryptoBackend(data, exportable, encrypted)); } } // namespace Crypto diff --git a/src/manager/crypto/platform/decider.h b/src/manager/crypto/platform/decider.h index 6be147c..81ad3d0 100644 --- a/src/manager/crypto/platform/decider.h +++ b/src/manager/crypto/platform/decider.h @@ -36,7 +36,7 @@ class Decider { public: Decider(); GStore& getStore(const Token &token) const; - GStore& getStore(DataType data, bool exportable) const; + GStore& getStore(DataType data, bool exportable, bool encrypted = false) const; virtual ~Decider(){} protected: diff --git a/src/manager/initial-values/BufferHandler.cpp b/src/manager/initial-values/BufferHandler.cpp index 1ce108c..0ceff74 100644 --- a/src/manager/initial-values/BufferHandler.cpp +++ b/src/manager/initial-values/BufferHandler.cpp @@ -27,14 +27,28 @@ #include #include +namespace +{ +const char * const XML_ATTR_IV = "IV"; +} + namespace CKM { namespace InitialValues { BufferHandler::BufferHandler(EncodingType type) : m_encoding(type) {} BufferHandler::~BufferHandler() {} -void BufferHandler::Start(const XML::Parser::Attributes &) +void BufferHandler::Start(const XML::Parser::Attributes &attr) { + // get key type + if(attr.find(XML_ATTR_IV) != attr.end()) { + std::string IVstring = attr.at(XML_ATTR_IV); + Base64Decoder base64; + base64.reset(); + base64.append(RawBuffer(IVstring.begin(), IVstring.end())); + base64.finalize(); + m_IV = base64.get(); + } } @@ -46,6 +60,7 @@ void BufferHandler::Characters(const std::string & data) void BufferHandler::End() { + // decoding section switch(m_encoding) { // PEM requires that "----- END" section comes right after "\n" character @@ -59,6 +74,7 @@ void BufferHandler::End() // Base64 decoder also does not accept any whitespaces case DER: case BASE64: + case ENCRYPTED: { std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end())); Base64Decoder base64; diff --git a/src/manager/initial-values/BufferHandler.h b/src/manager/initial-values/BufferHandler.h index eaef9d0..ef4d2cf 100644 --- a/src/manager/initial-values/BufferHandler.h +++ b/src/manager/initial-values/BufferHandler.h @@ -26,6 +26,7 @@ #include #include #include +#include namespace CKM { namespace InitialValues { @@ -45,9 +46,18 @@ public: const RawBuffer & getData() const { return m_data; } + bool isEncrypted() const { + if(m_encoding == EncodingType::ENCRYPTED) + return true; + return false; + } + const RawBuffer & getIV() const { + return m_IV; + } private: - EncodingType m_encoding; - RawBuffer m_data; + EncodingType m_encoding; + RawBuffer m_IV; + RawBuffer m_data; }; } diff --git a/src/manager/initial-values/CertHandler.h b/src/manager/initial-values/CertHandler.h index 4050411..e31cbfa 100644 --- a/src/manager/initial-values/CertHandler.h +++ b/src/manager/initial-values/CertHandler.h @@ -32,7 +32,8 @@ namespace InitialValues { class CertHandler : public InitialValueHandler { public: - explicit CertHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic) {} + explicit CertHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey) {} virtual ~CertHandler(); virtual DataType getDataType() const; diff --git a/src/manager/initial-values/DataHandler.h b/src/manager/initial-values/DataHandler.h index 1ccc4e8..cb5987b 100644 --- a/src/manager/initial-values/DataHandler.h +++ b/src/manager/initial-values/DataHandler.h @@ -32,7 +32,8 @@ namespace InitialValues { class DataHandler : public InitialValueHandler { public: - explicit DataHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic) {} + explicit DataHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey) {} virtual ~DataHandler(); virtual DataType getDataType() const; diff --git a/src/manager/initial-values/EncodingType.h b/src/manager/initial-values/EncodingType.h index b7f513d..d40e2dd 100644 --- a/src/manager/initial-values/EncodingType.h +++ b/src/manager/initial-values/EncodingType.h @@ -30,7 +30,9 @@ enum EncodingType { PEM, DER, ASCII, - BASE64 + BASE64, + // encrypted + ENCRYPTED }; } diff --git a/src/manager/initial-values/InitialValueHandler.cpp b/src/manager/initial-values/InitialValueHandler.cpp index 00ea520..7118624 100644 --- a/src/manager/initial-values/InitialValueHandler.cpp +++ b/src/manager/initial-values/InitialValueHandler.cpp @@ -60,37 +60,48 @@ void InitialValueHandler::Start(const XML::Parser::Attributes &attr) void InitialValueHandler::End() { - if(m_bufferHandler) + if (!m_bufferHandler) { + LogError("Invalid data with name: " << m_name << ", reason: no key data!"); + return; + } + + // save data + Policy policy(m_password, m_exportable); + + Crypto::DataEncryption de; + if(m_bufferHandler->isEncrypted()) { + de.encryptedKey = m_encryptedKey; + de.iv = m_bufferHandler->getIV(); + } + + int ec = m_db_logic.importInitialData(m_name, + Crypto::Data(getDataType(), m_bufferHandler->getData()), + de, + policy); + + if(CKM_API_SUCCESS != ec) { + LogError("Saving type: " << getDataType() << " with params: name(" << + m_name << "), exportable(" << m_exportable<< ") failed, code: " << ec); + return; + } + + // save permissions + for(const auto & permission : m_permissions) { - // save data - Policy policy(m_password, m_exportable); - int ec = m_db_logic.verifyAndSaveDataHelper( + ec = m_db_logic.setPermissionHelper( Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM), m_name, OWNER_ID_SYSTEM, - Crypto::Data(getDataType(), m_bufferHandler->getData()), - PolicySerializable(policy)); - if(CKM_API_SUCCESS == ec) - { - // save permissions - for(const auto & permission : m_permissions) - { - ec = m_db_logic.setPermissionHelper( - Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM), - m_name, - OWNER_ID_SYSTEM, - permission->getAccessor(), - Permission::READ); - if(CKM_API_SUCCESS != ec) - LogError("Saving permission to: " << m_name << " with params: accessor("<getAccessor()<<") failed, code: " << ec); - } + permission->getAccessor(), + Permission::READ); + if (CKM_API_SUCCESS != ec) { + LogError("Saving permission to: " << m_name << + " with params: accessor(" << permission->getAccessor() << + ") failed, code: " << ec); } - else - LogError("Saving type: " << getDataType() << " with params: name("< InitialValueHandlerPtr; - explicit InitialValueHandler(CKMLogic & db_logic) : m_exportable(false), - m_db_logic(db_logic) {} + explicit InitialValueHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : m_exportable(false), m_db_logic(db_logic), m_encryptedKey(encryptedKey) {} virtual ~InitialValueHandler() {}; BufferHandler::BufferHandlerPtr CreateBufferHandler(EncodingType type); @@ -56,6 +56,7 @@ protected: Password m_password; bool m_exportable; CKMLogic & m_db_logic; + const CKM::RawBuffer & m_encryptedKey; BufferHandler::BufferHandlerPtr m_bufferHandler; std::vector m_permissions; diff --git a/src/manager/initial-values/InitialValuesFile.cpp b/src/manager/initial-values/InitialValuesFile.cpp index 166f158..31cebb0 100644 --- a/src/manager/initial-values/InitialValuesFile.cpp +++ b/src/manager/initial-values/InitialValuesFile.cpp @@ -43,6 +43,9 @@ const char * const XML_TAG_PEM = "PEM"; const char * const XML_TAG_DER = "DER"; const char * const XML_TAG_ASCII = "ASCII"; const char * const XML_TAG_BASE64 = "Base64"; +const char * const XML_TAG_ENCRYPTED_DER = "EncryptedDER"; +const char * const XML_TAG_ENCRYPTED_ASCII = "EncryptedASCII"; +const char * const XML_TAG_ENCRYPTED_BINARY = "EncryptedBinary"; const char * const XML_TAG_PERMISSION = "Permission"; const char * const XML_ATTR_VERSION = "version"; } @@ -79,7 +82,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_KEY, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::KEY); + return GetObjectHandler(ObjectType::KEY, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -88,7 +91,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_CERT, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::CERT); + return GetObjectHandler(ObjectType::CERT, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -97,7 +100,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_DATA, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::DATA); + return GetObjectHandler(ObjectType::DATA, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -140,6 +143,33 @@ void InitialValuesFile::registerElementListeners() { ReleaseBufferHandler(EncodingType::BASE64); }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_DER, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_ASCII, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_BINARY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); m_parser.RegisterElementCb(XML_TAG_PERMISSION, [this]() -> XML::Parser::ElementHandlerPtr { @@ -183,20 +213,21 @@ int InitialValuesFile::Parse() return ec; } -XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type) +XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type, + const CKM::RawBuffer &encryptedKey) { switch(type) { case KEY: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; case CERT: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; case DATA: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; default: diff --git a/src/manager/initial-values/InitialValuesFile.h b/src/manager/initial-values/InitialValuesFile.h index 1572e2f..c3cccbb 100644 --- a/src/manager/initial-values/InitialValuesFile.h +++ b/src/manager/initial-values/InitialValuesFile.h @@ -52,7 +52,7 @@ protected: DATA }; - XML::Parser::ElementHandlerPtr GetObjectHandler(ObjectType type); + XML::Parser::ElementHandlerPtr GetObjectHandler(ObjectType type, const CKM::RawBuffer &encryptedKey); void ReleaseObjectHandler(ObjectType type); XML::Parser::ElementHandlerPtr GetBufferHandler(EncodingType type); @@ -60,12 +60,8 @@ protected: XML::Parser::ElementHandlerPtr GetPermissionHandler(); void ReleasePermissionHandler(); -private: - std::string m_filename; - XML::Parser m_parser; - InitialValueHandler::InitialValueHandlerPtr m_currentHandler; - CKMLogic & m_db_logic; +private: class HeaderHandler : public XML::Parser::ElementHandler { public: @@ -95,6 +91,10 @@ private: InitialValuesFile & m_parent; }; + std::string m_filename; + XML::Parser m_parser; + InitialValueHandler::InitialValueHandlerPtr m_currentHandler; + CKMLogic & m_db_logic; typedef std::shared_ptr HeaderHandlerPtr; typedef std::shared_ptr EncryptionKeyHandlerPtr; HeaderHandlerPtr m_header; diff --git a/src/manager/initial-values/KeyHandler.h b/src/manager/initial-values/KeyHandler.h index c26e429..b921b47 100644 --- a/src/manager/initial-values/KeyHandler.h +++ b/src/manager/initial-values/KeyHandler.h @@ -33,8 +33,8 @@ namespace InitialValues { class KeyHandler : public InitialValueHandler { public: - explicit KeyHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic), - m_keyType(KeyType::KEY_NONE) {} + explicit KeyHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey), m_keyType(KeyType::KEY_NONE) {} virtual ~KeyHandler(); virtual void Start(const XML::Parser::Attributes &); diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 5b8f1a3..4819857 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1092,6 +1092,38 @@ RawBuffer CKMLogic::getDataList( return response.Pop(); } +int CKMLogic::importInitialData( + const Name &name, + const Crypto::Data &data, + const Crypto::DataEncryption &enc, + const Policy &policy) +{ + if (CKM_API_SUCCESS != unlockSystemDB() ) + ThrowErr(Exc::DatabaseLocked, "can not unlock system database"); + auto &handler = m_userDataMap[SYSTEM_DB_UID]; + + if (!isNameValid(name)) + return CKM_API_ERROR_INPUT_PARAM; + + Crypto::GStore& store = + m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); + + Token token; + if (enc.encryptedKey.empty()) + token = store.import(data, m_accessControl.isCCMode() ? "" : policy.password); + else + token = store.importEncrypted(data, m_accessControl.isCCMode() ? "" : policy.password, enc); + + DB::Row row(std::move(token), name, OWNER_ID_SYSTEM, static_cast(policy.extractable)); + handler.crypto.encryptRow(row); + + DB::Crypto::Transaction transaction(&handler.database); + handler.database.saveRow(row); + transaction.commit(); + + return CKM_API_SUCCESS; +} + int CKMLogic::saveDataHelper( const Credentials &cred, const Name &name, diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 610fb7f..3c1cb3a 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -185,11 +185,11 @@ public: const PermissionMask permissionMask); int setPermissionHelper( - const Credentials &cred, - const Name &name, - const Label &ownerLabel, - const Label &accessorLabel, - const PermissionMask permissionMask); + const Credentials &cred, + const Name &name, + const Label &ownerLabel, + const Label &accessorLabel, + const PermissionMask permissionMask); int verifyAndSaveDataHelper( const Credentials &cred, @@ -198,11 +198,18 @@ public: const Crypto::Data &data, const PolicySerializable &policy); - int getKeyForService(const Credentials &cred, - const Name &name, - const Label &label, - const Password& pass, - Crypto::GObjShPtr& key); + int getKeyForService( + const Credentials &cred, + const Name &name, + const Label &label, + const Password& pass, + Crypto::GObjShPtr& key); + + int importInitialData( + const Name &name, + const Crypto::Data &data, + const Crypto::DataEncryption &enc, + const Policy &policy); protected: int unlockSystemDB(); diff --git a/tests/XML_3_encrypted.xml b/tests/XML_3_encrypted.xml index b82b20d..2e452a8 100644 --- a/tests/XML_3_encrypted.xml +++ b/tests/XML_3_encrypted.xml @@ -115,11 +115,12 @@ - + BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ @@ -137,41 +138,34 @@ - - H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH - N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE - W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf - 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B - ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk - QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi - w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL - /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ - VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 - W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO - 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk - 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg - q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr - GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ - SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX - SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX - RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn - yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ - +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 - xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm - /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy - 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq - 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx - j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD - /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + + pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw + /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv + l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7 + XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2 + /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d + osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU + 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf + TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e + ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL + oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG + ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ + tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos + kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC + DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo + LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO + XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi + 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk + a+r+N4lsYPKJbX2ywUvDHg== - zuBDjp8ptFthrU69Ua5cfg== + zuBDjp8ptFthrU69Ua5cfg== - + weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn -- 2.7.4