From ea43f2088832df7a4bdda3714bc595b14d46af2c Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Mon, 4 May 2015 14:31:27 +0200 Subject: [PATCH] New class hierarchy (multiple backends support). Current implemantion my use only one crypto library. The target is to use at least two libraries at the same time (openssl and trustzone library for arm devices). Change-Id: I3563fb1c89f3603a927b8b19f6358b4fc3f5c7cf --- src/CMakeLists.txt | 6 +- src/manager/crypto/generic-backend/exception.h | 38 +++++++++ src/manager/crypto/generic-backend/gkey.h | 63 ++++++++++++++ src/manager/crypto/generic-backend/gstore.h | 51 ++++++++++++ src/manager/crypto/generic-backend/id.h | 33 ++++++++ src/manager/crypto/generic-backend/token.h | 43 ++++++++++ src/manager/crypto/platform/decider.cpp | 19 +++++ src/manager/crypto/platform/decider.h | 22 +++++ .../sw-backend/crypto-service.cpp} | 9 +- .../sw-backend/crypto-service.h} | 6 +- .../{service => crypto/sw-backend}/crypto.h | 18 ++-- src/manager/crypto/sw-backend/key.cpp | 96 ++++++++++++++++++++++ src/manager/crypto/sw-backend/key.h | 66 +++++++++++++++ src/manager/crypto/sw-backend/store.cpp | 71 ++++++++++++++++ src/manager/crypto/sw-backend/store.h | 42 ++++++++++ src/manager/main/key-manager-main.cpp | 8 +- src/manager/service/ckm-logic.cpp | 17 ++-- src/manager/service/crypto-logic.cpp | 11 +-- 18 files changed, 588 insertions(+), 31 deletions(-) create mode 100644 src/manager/crypto/generic-backend/exception.h create mode 100644 src/manager/crypto/generic-backend/gkey.h create mode 100644 src/manager/crypto/generic-backend/gstore.h create mode 100644 src/manager/crypto/generic-backend/id.h create mode 100644 src/manager/crypto/generic-backend/token.h create mode 100644 src/manager/crypto/platform/decider.cpp create mode 100644 src/manager/crypto/platform/decider.h rename src/manager/{service/CryptoService.cpp => crypto/sw-backend/crypto-service.cpp} (99%) rename src/manager/{service/CryptoService.h => crypto/sw-backend/crypto-service.h} (97%) rename src/manager/{service => crypto/sw-backend}/crypto.h (96%) create mode 100644 src/manager/crypto/sw-backend/key.cpp create mode 100644 src/manager/crypto/sw-backend/key.h create mode 100644 src/manager/crypto/sw-backend/store.cpp create mode 100644 src/manager/crypto/sw-backend/store.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ed6db61..f0420c1 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -29,7 +29,6 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/service/key-provider.cpp ${KEY_MANAGER_PATH}/service/ocsp.cpp ${KEY_MANAGER_PATH}/service/crypto-logic.cpp - ${KEY_MANAGER_PATH}/service/CryptoService.cpp ${KEY_MANAGER_PATH}/service/file-system.cpp ${KEY_MANAGER_PATH}/service/db-crypto.cpp ${KEY_MANAGER_PATH}/service/ocsp-service.cpp @@ -38,6 +37,10 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c + ${KEY_MANAGER_PATH}/crypto/sw-backend/key.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/store.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/crypto-service.cpp + ${KEY_MANAGER_PATH}/crypto/platform/decider.cpp ) # -fPIE and -pie flag is added for ASLR @@ -59,6 +62,7 @@ INCLUDE_DIRECTORIES( ${KEY_MANAGER_PATH}/dpl/core/include ${KEY_MANAGER_PATH}/dpl/log/include ${KEY_MANAGER_PATH}/dpl/db/include + ${KEY_MANAGER_PATH}/crypto ) ADD_EXECUTABLE(${TARGET_KEY_MANAGER} ${KEY_MANAGER_SOURCES}) diff --git a/src/manager/crypto/generic-backend/exception.h b/src/manager/crypto/generic-backend/exception.h new file mode 100644 index 0000000..647f9e9 --- /dev/null +++ b/src/manager/crypto/generic-backend/exception.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file exception.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +#include + +namespace CKM { +namespace Crypto { +namespace Exception { + +DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) +DECLARE_EXCEPTION_TYPE(Base, InternalError) +DECLARE_EXCEPTION_TYPE(Base, KeyNotSupported) +DECLARE_EXCEPTION_TYPE(Base, OperationNotSupported) +DECLARE_EXCEPTION_TYPE(Base, WrongBackend) + +} // namespace Exception +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/generic-backend/gkey.h b/src/manager/crypto/generic-backend/gkey.h new file mode 100644 index 0000000..5d03c8d --- /dev/null +++ b/src/manager/crypto/generic-backend/gkey.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file gkey.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once +#include + +#include +#include + +#include + +namespace CKM { +namespace Crypto { + +class GKey { +protected: + GKey(){} +public: + virtual RawBuffer getBinary() { + Throw(Exception::OperationNotSupported); + } + + virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &) { + Throw(Exception::OperationNotSupported); + } + + virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &) { + Throw(Exception::OperationNotSupported); + } + + virtual RawBuffer sign(const CryptoAlgorithm &, const RawBuffer &) { + Throw(Exception::OperationNotSupported); + } + + virtual bool verify(const CryptoAlgorithm &, const RawBuffer &, const RawBuffer &) { + Throw(Exception::OperationNotSupported); + } + + virtual ~GKey () {} +}; + +typedef std::shared_ptr GKeyShPtr; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h new file mode 100644 index 0000000..a3c76fd --- /dev/null +++ b/src/manager/crypto/generic-backend/gstore.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file gstore.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +#include + +#include +#include +#include +#include +#include + +namespace CKM { +namespace Crypto { + +class GStore { +protected: + GStore(){} +public: + virtual Id getBackendId() const { Throw(Exception::OperationNotSupported); } + virtual GKeyShPtr getKey(const Token &) { Throw(Exception::OperationNotSupported); } + virtual TokenPair generateAKey(const CryptoAlgorithm &) { Throw(Exception::OperationNotSupported); } + virtual Token generateSKey(const CryptoAlgorithm &) { Throw(Exception::OperationNotSupported); } + virtual Token import(KeyType, const RawBuffer &) { Throw(Exception::OperationNotSupported); } + virtual void destroy(const Token &) { Throw(Exception::OperationNotSupported); } + virtual ~GStore() {} +}; + +typedef std::shared_ptr GStoreShPtr; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/generic-backend/id.h b/src/manager/crypto/generic-backend/id.h new file mode 100644 index 0000000..4086d57 --- /dev/null +++ b/src/manager/crypto/generic-backend/id.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file id.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +namespace CKM { +namespace Crypto { + +enum class Id { + OpenSSL = 0, + TrustZone = 1 +}; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/generic-backend/token.h b/src/manager/crypto/generic-backend/token.h new file mode 100644 index 0000000..a91dfdb --- /dev/null +++ b/src/manager/crypto/generic-backend/token.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file gstore.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +#include + +#include +#include + +#include + +namespace CKM { +namespace Crypto { + +struct Token { + RawBuffer buffer; + Id backendId; + KeyType keyType; +}; + +typedef std::pair TokenPair; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/platform/decider.cpp b/src/manager/crypto/platform/decider.cpp new file mode 100644 index 0000000..995a6e7 --- /dev/null +++ b/src/manager/crypto/platform/decider.cpp @@ -0,0 +1,19 @@ +#include + +#include + +namespace CKM { +namespace Crypto { + +Decider::Decider() + : m_store(new SW::Store) +{} + +GStoreShPtr Decider::getStore(const Token &) { + // This the place where we should choose backend bases on token information. + return m_store; +}; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/platform/decider.h b/src/manager/crypto/platform/decider.h new file mode 100644 index 0000000..535722a --- /dev/null +++ b/src/manager/crypto/platform/decider.h @@ -0,0 +1,22 @@ +#pragma once + +#include + +#include +#include + +namespace CKM { +namespace Crypto { + +class Decider { +public: + Decider(); + GStoreShPtr getStore(const Token &token); + virtual ~Decider(){} +private: + GStoreShPtr m_store; +}; + +} // Crypto +} // CKM + diff --git a/src/manager/service/CryptoService.cpp b/src/manager/crypto/sw-backend/crypto-service.cpp similarity index 99% rename from src/manager/service/CryptoService.cpp rename to src/manager/crypto/sw-backend/crypto-service.cpp index c57c840..c98b52f 100644 --- a/src/manager/service/CryptoService.cpp +++ b/src/manager/crypto/sw-backend/crypto-service.cpp @@ -21,7 +21,7 @@ #include #include #include -#include +#include #include #include @@ -29,6 +29,8 @@ #define OPENSSL_FAIL 0 // DO NOTCHANGE THIS VALUE namespace CKM { +namespace Crypto { +namespace SW { CryptoService::CryptoService(){ } @@ -721,4 +723,7 @@ int CryptoService::digestVerifyMessage(EVP_PKEY *pubKey, return ret; } -} + +} // namespace SW +} // namespace Crypto +} // namespace CKM diff --git a/src/manager/service/CryptoService.h b/src/manager/crypto/sw-backend/crypto-service.h similarity index 97% rename from src/manager/service/CryptoService.h rename to src/manager/crypto/sw-backend/crypto-service.h index 6828ddb..f98764d 100644 --- a/src/manager/service/CryptoService.h +++ b/src/manager/crypto/sw-backend/crypto-service.h @@ -29,6 +29,8 @@ #define NOT_DEFINED -1 namespace CKM { +namespace Crypto { +namespace SW { // typedef std::vector RawData; this must be defined in common header. // This is internal api so all functions should throw exception on errors. @@ -99,6 +101,8 @@ private: const EVP_MD *md_algo, const int rsa_padding); }; -} +} // namespace SW +} // namespace Crypto +} // namespace CKM diff --git a/src/manager/service/crypto.h b/src/manager/crypto/sw-backend/crypto.h similarity index 96% rename from src/manager/service/crypto.h rename to src/manager/crypto/sw-backend/crypto.h index a7f7519..cd05da5 100644 --- a/src/manager/service/crypto.h +++ b/src/manager/crypto/sw-backend/crypto.h @@ -20,28 +20,21 @@ */ #pragma once -#include +#include #include -#include -#include +#include #include +#include + // TODO move it to static const int #define AES_GCM_TAG_SIZE 16 namespace CKM { - namespace Crypto { - -class Exception -{ -public: - DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, InternalError) -}; - +namespace SW { namespace Cipher { template @@ -140,6 +133,7 @@ DEFINE_CIPHER(AesGcmDecryption, RawBuffer, EVP_aes_256_gcm(), false); #undef DEFINE_CIPHER } // namespace Cipher +} // namespace SW } // namespace Crypto } // namespace CKM diff --git a/src/manager/crypto/sw-backend/key.cpp b/src/manager/crypto/sw-backend/key.cpp new file mode 100644 index 0000000..c83a86f --- /dev/null +++ b/src/manager/crypto/sw-backend/key.cpp @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file key.cpp + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#include + +#include +#include +#include + +#include + +#include +#include + +#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE +#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE + +namespace CKM { +namespace Crypto { +namespace SW { + +typedef std::unique_ptr> BioUniquePtr; + +RawBuffer AKey::sign( + const CryptoAlgorithm &alg, + const RawBuffer &message) +{ + (void) alg; + (void) message; + + auto key = getEvpShPtr(); + return RawBuffer(); +} + +bool AKey::verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign) { + (void) alg; + (void) message; + (void) sign; + + auto key = getEvpShPtr(); + return false; +} + +EvpShPtr AKey::getEvpShPtr() { + if (m_evp) + return m_evp; + + EVP_PKEY *pkey = NULL; + BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all); + + LogDebug("Start to parse key:"); + + if (!pkey) { + (void)BIO_reset(bio.get()); + BIO_write(bio.get(), m_key.data(), m_key.size()); + pkey = d2i_PrivateKey_bio(bio.get(), NULL); + LogDebug("Trying d2i_PrivateKey_bio Status: " << (void*)pkey); + } + + if (!pkey) { + (void)BIO_reset(bio.get()); + BIO_write(bio.get(), m_key.data(), m_key.size()); + pkey = d2i_PUBKEY_bio(bio.get(), NULL); + LogDebug("Trying d2i_PUBKEY_bio Status: " << (void*)pkey); + } + + if (!pkey) { + LogError("Failed to parse key"); + ThrowMsg(Exception::InternalError, "Failed to parse key"); + } + + m_evp.reset(pkey, EVP_PKEY_free); + return m_evp; +} + +} // namespace SW +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/sw-backend/key.h b/src/manager/crypto/sw-backend/key.h new file mode 100644 index 0000000..9a9338c --- /dev/null +++ b/src/manager/crypto/sw-backend/key.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file key.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once +#include + +#include + +#include + +namespace CKM { +namespace Crypto { +namespace SW { + +typedef std::unique_ptr> ContextUPtr; +typedef std::shared_ptr EvpShPtr; + +class SKey : public GKey { +public: + SKey(RawBuffer buffer, KeyType keyType) + : m_key(std::move(buffer)) + , m_type(keyType) + {} +protected: + RawBuffer m_key; + KeyType m_type; +}; + +class AKey : public GKey { +public: + AKey(RawBuffer buffer, KeyType keyType) + : m_key(std::move(buffer)) + , m_type(keyType) + {} + virtual RawBuffer sign(const CryptoAlgorithm &alg, const RawBuffer &message); + virtual bool verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign); + virtual ~AKey(){} +protected: + virtual EvpShPtr getEvpShPtr(); + + EvpShPtr m_evp; + RawBuffer m_key; + KeyType m_type; +}; + +} // namespace SW +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp new file mode 100644 index 0000000..38d36c3 --- /dev/null +++ b/src/manager/crypto/sw-backend/store.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file store.cpp + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#include + +#include + +#include +#include +#include + +namespace CKM { +namespace Crypto { +namespace SW { + +Id Store::getBackendId() const { return Id::OpenSSL; } + +GKeyShPtr Store::getKey(const Token &token) { + if (token.backendId != getBackendId()) { + LogDebug("Decider choose wrong backend!"); + ThrowMsg(Exception::WrongBackend, "Decider choose wrong backend!"); + } + + switch (token.keyType) { + case KeyType::KEY_RSA_PUBLIC: + case KeyType::KEY_RSA_PRIVATE: + case KeyType::KEY_DSA_PUBLIC: + case KeyType::KEY_DSA_PRIVATE: + case KeyType::KEY_ECDSA_PUBLIC: + case KeyType::KEY_ECDSA_PRIVATE: + return std::make_shared(token.buffer, token.keyType); + case KeyType::KEY_AES: + return std::make_shared(token.buffer, token.keyType); + default: + LogDebug( + "This type of key is not supported by openssl backend: " << (int)token.keyType); + ThrowMsg(Exception::KeyNotSupported, + "This type of key is not supported by openssl backend: " << (int)token.keyType); + } + +} + +Token Store::import(KeyType keyType, const RawBuffer &buffer) { + Token token; + token.buffer = buffer; + token.keyType = keyType; + token.backendId = getBackendId(); + return token; +} + +} // namespace SW +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h new file mode 100644 index 0000000..31247ab --- /dev/null +++ b/src/manager/crypto/sw-backend/store.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file store.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +#include +#include +#include + +namespace CKM { +namespace Crypto { +namespace SW { + +class Store : public GStore { +public: + virtual Id getBackendId() const; + virtual GKeyShPtr getKey(const Token &token); + virtual Token import(KeyType keyType, const RawBuffer &buffer); + virtual void destroy(const Token &){} +}; + +} // namespace SW +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/main/key-manager-main.cpp b/src/manager/main/key-manager-main.cpp index a92f8d3..5e17a3a 100644 --- a/src/manager/main/key-manager-main.cpp +++ b/src/manager/main/key-manager-main.cpp @@ -36,9 +36,11 @@ #include #include -#include #include +/* TODO remove this include */ +#include + #define REGISTER_SOCKET_SERVICE(manager, service) \ registerSocketService(manager, #service) @@ -94,7 +96,9 @@ int main(void) { OPENSSL_config(NULL); CKM::KeyProvider::initializeLibrary(); - CKM::CryptoService::initialize(); + + /* ToDO remove it */ + CKM::Crypto::SW::CryptoService::initialize(); { LogInfo("Start!"); diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 8e25c1e..e8e7f0c 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -25,12 +25,13 @@ #include #include #include -#include #include #include #include #include +#include + namespace { const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs"; @@ -976,17 +977,17 @@ int CKMLogic::createKeyPairHelper( { case KeyType::KEY_RSA_PUBLIC: case KeyType::KEY_RSA_PRIVATE: - retCode = CryptoService::createKeyPairRSA(additional_param, prv, pub); + retCode = Crypto::SW::CryptoService::createKeyPairRSA(additional_param, prv, pub); break; case KeyType::KEY_DSA_PUBLIC: case KeyType::KEY_DSA_PRIVATE: - retCode = CryptoService::createKeyPairDSA(additional_param, prv, pub); + retCode = Crypto::SW::CryptoService::createKeyPairDSA(additional_param, prv, pub); break; case KeyType::KEY_ECDSA_PUBLIC: case KeyType::KEY_ECDSA_PRIVATE: - retCode = CryptoService::createKeyPairECDSA(static_cast(additional_param), prv, pub); + retCode = Crypto::SW::CryptoService::createKeyPairECDSA(static_cast(additional_param), prv, pub); break; default: @@ -1268,7 +1269,7 @@ RawBuffer CKMLogic::createSignature( const RSAPaddingAlgorithm padding) { DB::Row row; - CryptoService cs; + Crypto::SW::CryptoService cs; RawBuffer signature; int retCode = CKM_API_SUCCESS; @@ -1322,7 +1323,7 @@ RawBuffer CKMLogic::verifySignature( try { do { - CryptoService cs; + Crypto::SW::CryptoService cs; DB::Row row; KeyImpl key; @@ -1349,10 +1350,10 @@ RawBuffer CKMLogic::verifySignature( retCode = cs.verifySignature(key, message, signature, hash, padding); } while(0); - } catch (const CryptoService::Exception::Crypto_internal &e) { + } catch (const Crypto::SW::CryptoService::Exception::Crypto_internal &e) { LogError("KeyProvider failed with message: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; - } catch (const CryptoService::Exception::opensslError &e) { + } catch (const Crypto::SW::CryptoService::Exception::opensslError &e) { LogError("KeyProvider failed with message: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; } catch (const KeyProvider::Exception::Base &e) { diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index d6eb241..8dc4585 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -34,9 +34,10 @@ #include #include -#include #include +#include + #define AES_CBC_KEY_SIZE 32 namespace CKM { @@ -80,7 +81,7 @@ RawBuffer CryptoLogic::encryptDataAesCbc( const RawBuffer &key, const RawBuffer &iv) const { - Crypto::Cipher::AesCbcEncryption enc(key, iv); + Crypto::SW::Cipher::AesCbcEncryption enc(key, iv); RawBuffer result = enc.Append(data); RawBuffer tmp = enc.Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); @@ -92,7 +93,7 @@ RawBuffer CryptoLogic::decryptDataAesCbc( const RawBuffer &key, const RawBuffer &iv) const { - Crypto::Cipher::AesCbcDecryption dec(key, iv); + Crypto::SW::Cipher::AesCbcDecryption dec(key, iv); RawBuffer result = dec.Append(data); RawBuffer tmp = dec.Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); @@ -105,7 +106,7 @@ std::pair CryptoLogic::encryptDataAesGcm( const RawBuffer &iv) const { RawBuffer tag(AES_GCM_TAG_SIZE); - Crypto::Cipher::AesGcmEncryption enc(key, iv); + Crypto::SW::Cipher::AesGcmEncryption enc(key, iv); RawBuffer result = enc.Append(data); RawBuffer tmp = enc.Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); @@ -122,7 +123,7 @@ RawBuffer CryptoLogic::decryptDataAesGcm( const RawBuffer &iv, const RawBuffer &tag) const { - Crypto::Cipher::AesGcmDecryption dec(key, iv); + Crypto::SW::Cipher::AesGcmDecryption dec(key, iv); if (tag.size() < AES_GCM_TAG_SIZE) { LogError("Error in decryptDataAesGcm. Tag is too short."); ThrowMsg(Exception::DecryptDBRowError, "Error in decryptDataAesGcm. Tag is too short"); -- 2.7.4