From 347436394d4b72938c055a489a86a0b7aeb4d8ae Mon Sep 17 00:00:00 2001 From: Seok Hong Date: Fri, 11 Nov 2016 16:13:19 +0900 Subject: [PATCH] Add KeyStore Change-Id: Iebc1f757b1bd492ebf6b25465c95c67455363e0e Signed-off-by: Seok Hong --- server/key-manager/key-store.cpp | 144 +++++++++++++++++++++++++++++++-------- server/key-manager/key-store.h | 22 +++--- 2 files changed, 125 insertions(+), 41 deletions(-) diff --git a/server/key-manager/key-store.cpp b/server/key-manager/key-store.cpp index 98b9d52..435e5c5 100644 --- a/server/key-manager/key-store.cpp +++ b/server/key-manager/key-store.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,19 +13,102 @@ * See the License for the specific language governing permissions and * limitations under the License */ +#include +#include + +#include + #include #include +#include +#include "key-generator.h" #include "key-store.h" +#ifndef DEBUG #define FOOTER_FILE_PATH "/opt/etc/.ode_footer" -#define KEY_SIZE (256 / 8) +#else +#define FOOTER_FILE_PATH "/tmp/.ode_footer" +#endif + +#define KEY_SIZE (256 / 8) +#define KEY_ENTRY_SIZE (KEY_SIZE * 4) + +#define KEY_HNAME_OFFSET (KEY_SIZE * 0) +#define KEY_EDK_OFFSET (KEY_SIZE * 1) +#define KEY_EMK_OFFSET (KEY_SIZE * 2) +#define KEY_SALT_OFFSET (KEY_SIZE * 3) namespace ode { -KeyStore::KeyStore(const std::string& name) : - file(FOOTER_FILE_PATH) +/* + * Design: store fixed size 4 elements (NAME, EDK, EMK, Salt) + * <------------------ 32 byte ---------------------> + * 00h |----------- Hashed KeyStore Name ---------------| + * 40h |--------------------- EDK ----------------------| + * 100h |--------------------- EMK ----------------------| + * 140h |--------------------- SALT ---------------------| + */ + +runtime::File file(FOOTER_FILE_PATH); +int index; +off_t offset; // Current KeyStore offset +bool isNewKeyStore; // Current KeyStore has been initialized/saved +ode::KeyStore::data HNAME(KEY_SIZE); // MD5 Hashed key entry name +ode::KeyStore::data EDK(KEY_SIZE); // Encrypted Device Encryption Key +ode::KeyStore::data EMK(KEY_SIZE); // Encrypted Master Key +ode::KeyStore::data SALT(KEY_SIZE); // Salt + +KeyStore::KeyStore(const std::string &name) { + isNewKeyStore = true; + + KeyGenerator keygen(KEY_SIZE); + HNAME = keygen.MD5(data(name.begin(), name.end())); + + if (file.exists()) { + if (file.size() % KEY_ENTRY_SIZE) + throw runtime::Exception("Footer file size couldn't be divided well"); + + file.open(O_RDONLY); + + // Try to find the keyStore using hashed store name. + // even if we couldn't find offset/index from footer file using the 'name', + // we will use final index/offset to store the new store for the given 'name'. + int keyCnt = file.size() / KEY_ENTRY_SIZE; + for (offset = 0, index = 0; index < keyCnt; offset += KEY_ENTRY_SIZE, index++) { + file.lseek(offset, SEEK_SET); + + data CUR_HNAME(KEY_SIZE); + file.read(CUR_HNAME.data(), KEY_SIZE); + + if (std::equal(HNAME.begin(), HNAME.begin() + MD5_DIGEST_LENGTH, CUR_HNAME.begin())) { + file.read(EDK.data(), KEY_SIZE); + file.read(EMK.data(), KEY_SIZE); + file.read(SALT.data(), KEY_SIZE); + isNewKeyStore = false; + break; + } + } + + file.close(); + // + } else { + file.create(0644); + index = 0; + offset = 0; + } + + // expand new key store area + if (isNewKeyStore) { + file.open(O_WRONLY); + file.lseek(offset, SEEK_SET); + file.write(HNAME.data(), KEY_SIZE); + file.write(EDK.data(), KEY_SIZE); + file.write(EMK.data(), KEY_SIZE); + file.write(SALT.data(), KEY_SIZE); + file.close(); + } } KeyStore::~KeyStore() @@ -37,53 +120,58 @@ size_t KeyStore::getKeySize() const return KEY_SIZE; } +/* + * @brief When KeyStore(name) hasn't been initialized, + * User should call getKeySize() and create new keys to store using KeyManager + */ bool KeyStore::isInitialized() { - //TODO - - return false; + return (isNewKeyStore != true); } KeyStore::data KeyStore::getEDK() { - data ret; - - //TODO - - return ret; + return EDK; } KeyStore::data KeyStore::getEMK() { - data ret; - - //TODO - - return ret; + return EMK; } KeyStore::data KeyStore::getSalt() { - data ret; - - //TODO - - return ret; + return SALT; } -void KeyStore::setEDK(const KeyStore::data& key) +void KeyStore::setEDK(const KeyStore::data &key) { - //TODO + EDK = key; + + file.open(O_WRONLY); + file.lseek(offset + KEY_EDK_OFFSET, SEEK_SET); + file.write(EDK.data(), KEY_SIZE); + file.close(); } -void KeyStore::setEMK(const KeyStore::data& key) +void KeyStore::setEMK(const KeyStore::data &key) { - //TODO + EMK = key; + + file.open(O_WRONLY); + file.lseek(offset + KEY_EMK_OFFSET, SEEK_SET); + file.write(EMK.data(), KEY_SIZE); + file.close(); } -void KeyStore::setSalt(const KeyStore::data& key) +void KeyStore::setSalt(const KeyStore::data &key) { - //TODO + SALT = key; + + file.open(O_WRONLY); + file.lseek(offset + KEY_SALT_OFFSET, SEEK_SET); + file.write(SALT.data(), KEY_SIZE); + file.close(); } } // namespace ode diff --git a/server/key-manager/key-store.h b/server/key-manager/key-store.h index 125accd..2673d09 100644 --- a/server/key-manager/key-store.h +++ b/server/key-manager/key-store.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,13 +26,13 @@ namespace ode { class KeyStore final { public: - KeyStore(const std::string& name); - KeyStore(const KeyStore&) = delete; - KeyStore(KeyStore&&) = delete; + KeyStore(const std::string &name); + KeyStore(const KeyStore &) = delete; + KeyStore(KeyStore &&) = delete; ~KeyStore(); - KeyStore& operator=(const KeyStore&) = delete; - KeyStore& operator=(KeyStore&&) = delete; + KeyStore &operator=(const KeyStore &) = delete; + KeyStore &operator=(KeyStore &&) = delete; size_t getKeySize() const; @@ -44,13 +44,9 @@ public: data getEMK(); data getSalt(); - void setEDK(const data& key); - void setEMK(const data& key); - void setSalt(const data& key); - -private: - runtime::File file; - int index; + void setEDK(const data &key); + void setEMK(const data &key); + void setSalt(const data &key); }; } // namespace ode -- 2.7.4