From c1fe1e83ca540a1290f73dc077a0f8dcc0e67360 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Mon, 26 Oct 2015 13:10:50 +0100 Subject: [PATCH 01/16] Protocol refactoring. Introduce CryptoAlgorithm in internal socket protocol. Change-Id: I70000a05e0a47d2b12af9b11324adf67da0f5e22 --- .../client-async/client-manager-async-impl.cpp | 12 ++++-------- .../client-async/client-manager-async-impl.h | 6 ++---- src/manager/client-async/client-manager-async.cpp | 10 ++++++++-- src/manager/client/client-manager-impl.cpp | 12 ++++-------- src/manager/client/client-manager-impl.h | 6 ++---- src/manager/client/client-manager.cpp | 12 ++++++++---- src/manager/service/ckm-logic.cpp | 13 ++----------- src/manager/service/ckm-logic.h | 6 ++---- src/manager/service/ckm-service.cpp | 21 ++++++++++----------- 9 files changed, 42 insertions(+), 56 deletions(-) diff --git a/src/manager/client-async/client-manager-async-impl.cpp b/src/manager/client-async/client-manager-async-impl.cpp index fb7bc8a..269ef13 100644 --- a/src/manager/client-async/client-manager-async-impl.cpp +++ b/src/manager/client-async/client-manager-async-impl.cpp @@ -187,8 +187,7 @@ void ManagerAsync::Impl::createSignature(const ObserverPtr& observer, const Alias& privateKeyAlias, const Password& password, const RawBuffer& message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding) + const CryptoAlgorithm &cAlg) { observerCheck(observer); if (privateKeyAlias.empty() || message.empty()) { @@ -204,8 +203,7 @@ void ManagerAsync::Impl::createSignature(const ObserverPtr& observer, helper.getLabel(), password, message, - static_cast(hash), - static_cast(padding)); + CryptoAlgorithmSerializable(cAlg)); }, [&observer](int error) {observer->ReceivedError(error);}); } @@ -214,8 +212,7 @@ void ManagerAsync::Impl::verifySignature(const ObserverPtr& observer, const Password& password, const RawBuffer& message, const RawBuffer& signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding) + const CryptoAlgorithm &cAlg) { observerCheck(observer); if (publicKeyOrCertAlias.empty() || message.empty() || signature.empty()) { @@ -232,8 +229,7 @@ void ManagerAsync::Impl::verifySignature(const ObserverPtr& observer, password, message, signature, - static_cast(hash), - static_cast(padding)); + CryptoAlgorithmSerializable(cAlg)); }, [&observer](int error){ observer->ReceivedError(error); } ); } diff --git a/src/manager/client-async/client-manager-async-impl.h b/src/manager/client-async/client-manager-async-impl.h index 02c132d..21013fc 100644 --- a/src/manager/client-async/client-manager-async-impl.h +++ b/src/manager/client-async/client-manager-async-impl.h @@ -65,16 +65,14 @@ public: const Alias& privateKeyAlias, const Password& password, const RawBuffer& message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding); + const CryptoAlgorithm& cAlgorithm); void verifySignature( const ObserverPtr& observer, const Alias& publicKeyOrCertAlias, const Password& password, const RawBuffer& message, const RawBuffer& signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding); + const CryptoAlgorithm& cAlgorithm); void ocspCheck( const ObserverPtr& observer, diff --git a/src/manager/client-async/client-manager-async.cpp b/src/manager/client-async/client-manager-async.cpp index f79d12b..92eb207 100644 --- a/src/manager/client-async/client-manager-async.cpp +++ b/src/manager/client-async/client-manager-async.cpp @@ -230,7 +230,10 @@ void ManagerAsync::createSignature(const ObserverPtr& observer, const HashAlgorithm hash, const RSAPaddingAlgorithm padding) { - m_impl->createSignature(observer, privateKeyAlias, password, message, hash, padding); + CryptoAlgorithm cAlg; + cAlg.setParam(ParamName::SV_HASH_ALGO, hash); + cAlg.setParam(ParamName::SV_RSA_PADDING, padding); + m_impl->createSignature(observer, privateKeyAlias, password, message, cAlg); } void ManagerAsync::verifySignature(const ObserverPtr& observer, @@ -241,7 +244,10 @@ void ManagerAsync::verifySignature(const ObserverPtr& observer, const HashAlgorithm hash, const RSAPaddingAlgorithm padding) { - m_impl->verifySignature(observer, publicKeyOrCertAlias, password, message, signature, hash, padding); + CryptoAlgorithm cAlg; + cAlg.setParam(ParamName::SV_HASH_ALGO, hash); + cAlg.setParam(ParamName::SV_RSA_PADDING, padding); + m_impl->verifySignature(observer, publicKeyOrCertAlias, password, message, signature, cAlg); } void ManagerAsync::ocspCheck(const ObserverPtr& observer, diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index da199d7..790e541 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -631,8 +631,7 @@ int Manager::Impl::createSignature( const Alias &privateKeyAlias, const Password &password, // password for private_key const RawBuffer &message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding, + const CryptoAlgorithm &cAlgorithm, RawBuffer &signature) { int my_counter = ++m_counter; @@ -647,8 +646,7 @@ int Manager::Impl::createSignature( helper.getLabel(), password, message, - static_cast(hash), - static_cast(padding)); + CryptoAlgorithmSerializable(cAlgorithm)); int retCode = m_storageConnection.processRequest(send.Pop(), recv); if (CKM_API_SUCCESS != retCode) @@ -673,8 +671,7 @@ int Manager::Impl::verifySignature( const Password &password, // password for public_key (optional) const RawBuffer &message, const RawBuffer &signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding) + const CryptoAlgorithm &cAlg) { int my_counter = ++m_counter; @@ -688,8 +685,7 @@ int Manager::Impl::verifySignature( password, message, signature, - static_cast(hash), - static_cast(padding)); + CryptoAlgorithmSerializable(cAlg)); int retCode = m_storageConnection.processRequest(send.Pop(), recv); if (CKM_API_SUCCESS != retCode) diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h index eebb7fd..29d381d 100644 --- a/src/manager/client/client-manager-impl.h +++ b/src/manager/client/client-manager-impl.h @@ -99,8 +99,7 @@ public: const Alias &privateKeyAlias, const Password &password, // password for private_key const RawBuffer &message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding, + const CryptoAlgorithm &cAlgorithm, RawBuffer &signature); int verifySignature( @@ -108,8 +107,7 @@ public: const Password &password, // password for public_key (optional) const RawBuffer &message, const RawBuffer &signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding); + const CryptoAlgorithm &cAlgorithm); int ocspCheck(const CertificateShPtrVector &certificateChain, int &ocspCheck); diff --git a/src/manager/client/client-manager.cpp b/src/manager/client/client-manager.cpp index 14927e7..6d8ed4b 100644 --- a/src/manager/client/client-manager.cpp +++ b/src/manager/client/client-manager.cpp @@ -174,12 +174,14 @@ int Manager::createSignature( const RSAPaddingAlgorithm padding, RawBuffer &signature) { + CryptoAlgorithm cAlg; + cAlg.setParam(ParamName::SV_HASH_ALGO, hash); + cAlg.setParam(ParamName::SV_RSA_PADDING, padding); return m_impl->createSignature( privateKeyAlias, password, message, - hash, - padding, + cAlg, signature); } @@ -191,13 +193,15 @@ int Manager::verifySignature( const HashAlgorithm hash, const RSAPaddingAlgorithm padding) { + CryptoAlgorithm cAlg; + cAlg.setParam(ParamName::SV_HASH_ALGO, hash); + cAlg.setParam(ParamName::SV_RSA_PADDING, padding); return m_impl->verifySignature( publicKeyOrCertAlias, password, message, signature, - hash, - padding); + cAlg); } int Manager::ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) { diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 0e33727..2dc20a7 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1574,14 +1574,10 @@ RawBuffer CKMLogic::createSignature( const Label & ownerLabel, const Password &password, // password for private_key const RawBuffer &message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding) + const CryptoAlgorithm &cryptoAlg) { DB::Row row; RawBuffer signature; - CryptoAlgorithm cryptoAlg; - cryptoAlg.setParam(ParamName::SV_HASH_ALGO, hash); - cryptoAlg.setParam(ParamName::SV_RSA_PADDING, padding); int retCode = CKM_API_SUCCESS; @@ -1616,18 +1612,13 @@ RawBuffer CKMLogic::verifySignature( const Password &password, // password for public_key (optional) const RawBuffer &message, const RawBuffer &signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding) + const CryptoAlgorithm ¶ms) { int retCode = CKM_API_ERROR_VERIFICATION_FAILED; try { DB::Row row; - CryptoAlgorithm params; - params.setParam(ParamName::SV_HASH_ALGO, hash); - params.setParam(ParamName::SV_RSA_PADDING, padding); - // try certificate first - looking for a public key. // in case of PKCS, pub key from certificate will be found first // rather than private key from the same PKCS. diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index d3f0c40..472fea2 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -162,8 +162,7 @@ public: const Label & ownerLabel, const Password &password, // password for private_key const RawBuffer &message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding); + const CryptoAlgorithm &cryptoAlgorithm); RawBuffer verifySignature( const Credentials &cred, @@ -173,8 +172,7 @@ public: const Password &password, // password for public_key (optional) const RawBuffer &message, const RawBuffer &signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding); + const CryptoAlgorithm &cryptoAlgorithm); RawBuffer updateCCMode(); diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index 6a744bd..47fef2b 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -338,8 +338,10 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) { Password password; // password for private_key RawBuffer message; - int padding = 0, hash = 0; - buffer.Deserialize(name, label, password, message, hash, padding); + + CryptoAlgorithmSerializable cAlgorithm; + buffer.Deserialize(name, label, password, message, cAlgorithm); + return m_logic->createSignature( cred, msgID, @@ -347,24 +349,22 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) label, password, // password for private_key message, - static_cast(hash), - static_cast(padding)); + cAlgorithm); } case LogicCommand::VERIFY_SIGNATURE: { Password password; // password for public_key (optional) RawBuffer message; RawBuffer signature; - //HashAlgorithm hash; - //RSAPaddingAlgorithm padding; - int padding = 0, hash = 0; + CryptoAlgorithmSerializable cAlg; + buffer.Deserialize(name, label, password, message, signature, - hash, - padding); + cAlg); + return m_logic->verifySignature( cred, msgID, @@ -373,8 +373,7 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) password, // password for public_key (optional) message, signature, - static_cast(hash), - static_cast(padding)); + cAlg); } case LogicCommand::SET_PERMISSION: { -- 2.7.4 From 7372be701ca36747cea699c6d2ecac3524a2cffa Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Tue, 10 Nov 2015 11:53:18 +0900 Subject: [PATCH 02/16] Remove MDFPP related code Change-Id: I4b2078f2f2ebc8ebbd31fb3b7995eb1807fc3a49 Signed-off-by: Kyungwook Tak --- CMakeLists.txt | 7 --- packaging/key-manager.spec | 6 +-- src/CMakeLists.txt | 1 - src/listener/CMakeLists.txt | 2 - src/listener/listener-daemon.cpp | 97 +++++++++------------------------- src/manager/service/access-control.cpp | 54 +++++-------------- tools/ckm_db_tool/CMakeLists.txt | 1 - 7 files changed, 38 insertions(+), 130 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ab1548c..73720b1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -58,13 +58,6 @@ IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG") -IF (DEFINED SECURITY_MDFPP_STATE_ENABLE) - MESSAGE("SECURITY_MDFPP_STATE_ENABLE ENABLED !") - ADD_DEFINITIONS("-DSECURITY_MDFPP_STATE_ENABLE") -ELSE (DEFINED SECURITY_MDFPP_STATE_ENABLE) - MESSAGE("SECURITY_MDFPP_STATE_ENABLE DISABLED !") -ENDIF (DEFINED SECURITY_MDFPP_STATE_ENABLE) - IF (DEFINED SYSTEMD_ENV_FILE) ADD_DEFINITIONS(-DSYSTEMD_ENV_FILE="${SYSTEMD_ENV_FILE}") ENDIF (DEFINED SYSTEMD_ENV_FILE) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index a054ff6..23b89b0 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -17,7 +17,6 @@ BuildRequires: pkgconfig(openssl) BuildRequires: libattr-devel BuildRequires: pkgconfig(libsmack) BuildRequires: pkgconfig(libsystemd-daemon) -BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(libsystemd-journal) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(capi-system-info) @@ -36,8 +35,8 @@ application to sign and verify (DSA/RSA/ECDSA) signatures. %package -n key-manager-listener Summary: Package with listener daemon Group: System/Security -BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(capi-appfw-package-manager) Requires: libkey-manager-client = %{version}-%{release} @@ -120,9 +119,6 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " %cmake . -DVERSION=%{version} \ -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \ -DCMAKE_VERBOSE_MAKEFILE=ON \ -%if "%{sec_product_feature_security_mdfpp_enable}" == "1" - -DSECURITY_MDFPP_STATE_ENABLE=1 \ -%endif -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager" \ -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF} diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 131e6d4..aa72fb7 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -7,7 +7,6 @@ PKG_CHECK_MODULES(KEY_MANAGER_DEP libsystemd-daemon capi-base-common capi-system-info - vconf libxml-2.0 security-manager cynara-client-async diff --git a/src/listener/CMakeLists.txt b/src/listener/CMakeLists.txt index 25e92eb..1518c42 100644 --- a/src/listener/CMakeLists.txt +++ b/src/listener/CMakeLists.txt @@ -3,8 +3,6 @@ PKG_CHECK_MODULES(LISTENER_DEP dlog glib-2.0 capi-appfw-package-manager - libsystemd-daemon - vconf ) SET(LISTENER_SOURCES ${PROJECT_SOURCE_DIR}/src/listener/listener-daemon.cpp) diff --git a/src/listener/listener-daemon.cpp b/src/listener/listener-daemon.cpp index 0568c77..4521bbd 100644 --- a/src/listener/listener-daemon.cpp +++ b/src/listener/listener-daemon.cpp @@ -29,15 +29,10 @@ #include #include -#ifdef SECURITY_MDFPP_STATE_ENABLE -#include -#endif - -#define CKM_LISTENER_TAG "CKM_LISTENER" - -#if defined(SECURITY_MDFPP_STATE_ENABLE) && !defined(VCONFKEY_SECURITY_MDPP_STATE) -#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state" +#ifdef LOG_TAG +#undef LOG_TAG #endif +#define LOG_TAG "CKM_LISTENER" namespace { const char* const CKM_LOCK = "/var/run/key-manager.pid"; @@ -56,30 +51,6 @@ bool isCkmRunning() return (0 != ret); } -#ifdef SECURITY_MDFPP_STATE_ENABLE -void callUpdateCCMode() -{ - if(!isCkmRunning()) - return; - - auto control = CKM::Control::create(); - int ret = control->updateCCMode(); - - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "Callback caller process id : %d\n", getpid()); - - if ( ret != CKM_API_SUCCESS ) - SLOG(LOG_ERROR, CKM_LISTENER_TAG, "CKM::Control::updateCCMode error. ret : %d\n", ret); - else - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "CKM::Control::updateCCMode success.\n"); -} - -void ccModeChangedEventCallback(keynode_t*, void*) -{ - callUpdateCCMode(); -} -#endif - - void packageUninstalledEventCallback( const char *type, const char *package, @@ -96,59 +67,41 @@ void packageUninstalledEventCallback( if (eventType != PACKAGE_MANAGER_EVENT_TYPE_UNINSTALL || eventState != PACKAGE_MANAGER_EVENT_STATE_STARTED || - package == NULL) { - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "PackageUninstalled Callback error of Invalid Param"); - } - else { - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "PackageUninstalled Callback. Uninstalation of: %s", package); - auto control = CKM::Control::create(); - int ret = 0; - if ( CKM_API_SUCCESS != (ret = control->removeApplicationData(std::string(package))) ) { - SLOG(LOG_ERROR, CKM_LISTENER_TAG, "CKM::Control::removeApplicationData error. ret : %d\n", ret); - } - else { - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, - "CKM::Control::removeApplicationData success. Uninstallation package : %s\n", package); - } + package == NULL) + return; + + SLOGD("PackageUninstalled Callback. Uninstalation of: %s", package); + + if (!isCkmRunning()) { + SLOGE("package uninstall event recieved but ckm isn't running!"); + return; } + + auto control = CKM::Control::create(); + int ret = control->removeApplicationData(std::string(package)); + if (ret != CKM_API_SUCCESS) + SLOGE("CKM::Control::removeApplicationData error. ret : %d", ret); + else + SLOGD("CKM::Control::removeApplicationData success. Uninstallation package : %s", package); } -int main(void) { - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "%s", "Start!"); +int main(void) +{ + SLOGD("Start!"); - // Let's start to listen GMainLoop *main_loop = g_main_loop_new(NULL, FALSE); package_manager_h request; package_manager_create(&request); - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register uninstalledApp event callback start"); + SLOGD("register uninstalledApp event callback start"); if (0 != package_manager_set_event_cb(request, packageUninstalledEventCallback, NULL)) { - SLOG(LOG_ERROR, CKM_LISTENER_TAG, "%s", "Error in package_manager_set_event_cb"); + SLOGE("Error in package_manager_set_event_cb"); exit(-1); } - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register uninstalledApp event callback success"); - -#ifdef SECURITY_MDFPP_STATE_ENABLE - int ret = 0; - char *mdpp_state = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE); - if ( mdpp_state ) { // Update cc mode and register event callback only when mdpp vconf key exists - callUpdateCCMode(); - - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register vconfCCModeChanged event callback start"); - if ( 0 != (ret = vconf_notify_key_changed(VCONFKEY_SECURITY_MDPP_STATE, ccModeChangedEventCallback, NULL)) ) { - SLOG(LOG_ERROR, CKM_LISTENER_TAG, "Error in vconf_notify_key_changed. ret : %d", ret); - exit(-1); - } - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register vconfCCModeChanged event callback success"); - } - else - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, - "vconfCCModeChanged event callback is not registered. No vconf key exists : %s", VCONFKEY_SECURITY_MDPP_STATE); -#endif - - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "%s", "Ready to listen!"); + SLOGD("Ready to listen!"); g_main_loop_run(main_loop); + return 0; } diff --git a/src/manager/service/access-control.cpp b/src/manager/service/access-control.cpp index decd92c..e5eba2b 100644 --- a/src/manager/service/access-control.cpp +++ b/src/manager/service/access-control.cpp @@ -25,58 +25,28 @@ #include #include -#ifdef SECURITY_MDFPP_STATE_ENABLE -#include -#endif - -#if defined(SECURITY_MDFPP_STATE_ENABLE) && !defined(VCONFKEY_SECURITY_MDPP_STATE) -#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state" -#endif - namespace { -const char* const MDPP_MODE_ENFORCING = "Enforcing"; -const char* const MDPP_MODE_ENABLED = "Enabled"; -const char* const MDPP_MODE_DISABLED = "Disabled"; -const uid_t SYSTEM_SVC_MAX_UID = (5000 - 1); +const uid_t SYSTEM_SVC_MAX_UID = (5000 - 1); } // anonymous namespace namespace CKM { -void AccessControl::updateCCMode() { - int fipsModeStatus = 0; - int rc = 0; - bool newMode; - -#ifdef SECURITY_MDFPP_STATE_ENABLE - char *mdppState = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE); -#else - char *mdppState = NULL; -#endif - newMode = ( mdppState && (!strcmp(mdppState, MDPP_MODE_ENABLED) || - !strcmp(mdppState, MDPP_MODE_ENFORCING) || - !strcmp(mdppState, MDPP_MODE_DISABLED))); +void AccessControl::updateCCMode() +{ + /* newMode should be extracted from global property like buxton in product */ + bool newMode = false; + if (newMode == m_ccMode) return; - m_ccMode = newMode; + int iNewMode = newMode ? 1 : 0; - fipsModeStatus = FIPS_mode(); - - if(m_ccMode) { - if(fipsModeStatus == 0) { // If FIPS mode off - rc = FIPS_mode_set(1); // Change FIPS_mode from off to on - if(rc == 0) { - LogError("Error in FIPS_mode_set function"); - } - } - } else { - if(fipsModeStatus == 1) { // If FIPS mode on - rc = FIPS_mode_set(0); // Change FIPS_mode from on to off - if(rc == 0) { - LogError("Error in FIPS_mode_set function"); - } - } + if (FIPS_mode_set(iNewMode) == 0) { + LogError("Error to FIPS_mode_set with param " << iNewMode); + return; } + + m_ccMode = newMode; } bool AccessControl::isCCMode() const diff --git a/tools/ckm_db_tool/CMakeLists.txt b/tools/ckm_db_tool/CMakeLists.txt index c8fb53c..8309d5d 100644 --- a/tools/ckm_db_tool/CMakeLists.txt +++ b/tools/ckm_db_tool/CMakeLists.txt @@ -8,7 +8,6 @@ PKG_CHECK_MODULES(CKM_DB_TOOL_DEP libcrypto capi-base-common capi-system-info - vconf libxml-2.0 cynara-client-async cynara-creds-socket -- 2.7.4 From 69d43d7fa2230899f677c88f8d1e1b52071408dc Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 13 Nov 2015 17:54:10 +0900 Subject: [PATCH 03/16] try-catch enclosed to be exception safe of CAPI Change-Id: I8c88402c6ed8f73bb1e5510389fec2aa07cfd48c Signed-off-by: Kyungwook Tak --- src/manager/client-capi/ckmc-manager.cpp | 890 +++++++++++++++++-------------- src/manager/client/client-manager.cpp | 6 +- 2 files changed, 482 insertions(+), 414 deletions(-) diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index 6565dc9..d668f51 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -20,6 +20,7 @@ * @brief provides conversion methods to C from C++ for key-manager control functions. */ +#include #include #include #include @@ -153,41 +154,58 @@ int _cryptoOperation(cryptoFn operation, return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout); } +int try_catch_enclosure(const std::function &func) +{ + try { + return func(); + } catch (const std::bad_alloc &e) { + LogError("memory allocation exception: " << e.what()); + return CKMC_ERROR_OUT_OF_MEMORY; + } catch (const std::exception &e) { + LogError("std exception occured: " << e.what()); + return CKMC_ERROR_UNKNOWN; + } catch (...) { + LogError("Unknown exception occured."); + return CKMC_ERROR_UNKNOWN; + } } +} KEY_MANAGER_CAPI int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) { - CKM::ManagerShPtr mgr = CKM::Manager::create(); + return try_catch_enclosure([&]()->int { + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::Alias ckmAlias(alias); - - if(key.raw_key == NULL || key.key_size <= 0) { - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); + if(alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); - CKM::KeyShPtr ckmKey; - if(key.key_type == CKMC_KEY_AES) - { - if(key.password) + if(key.raw_key == NULL || key.key_size <= 0) { return CKMC_ERROR_INVALID_PARAMETER; - ckmKey = CKM::Key::createAES(buffer); - } - else - ckmKey = CKM::Key::create(buffer, _tostring(key.password)); - if(ckmKey.get() == NULL) { - return CKMC_ERROR_INVALID_FORMAT; - } + } + CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); + + CKM::KeyShPtr ckmKey; + if(key.key_type == CKMC_KEY_AES) + { + if(key.password) + return CKMC_ERROR_INVALID_PARAMETER; + ckmKey = CKM::Key::createAES(buffer); + } + else + ckmKey = CKM::Key::create(buffer, _tostring(key.password)); + if(ckmKey.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } - CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); - int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy); - return to_ckmc_error(ret); + int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy); + return to_ckmc_error(ret); + }); } @@ -200,337 +218,357 @@ int ckmc_remove_key(const char *alias) KEY_MANAGER_CAPI int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key) { - int ret; - CKM::KeyShPtr ckmKey; + return try_catch_enclosure([&]()->int { + int ret; + CKM::KeyShPtr ckmKey; - if(alias == NULL || key == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(alias == NULL || key == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - CKM::RawBuffer buffer = ckmKey->getDER(); - ckmc_key_type_e keyType = static_cast(static_cast(ckmKey->getType())); + CKM::RawBuffer buffer = ckmKey->getDER(); + ckmc_key_type_e keyType = static_cast(static_cast(ckmKey->getType())); - ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key); + ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key); - return to_ckmc_error(ret); + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list) { - int ret; + return try_catch_enclosure([&]()->int { + int ret; - if (alias_list == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if (alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::AliasVector aliasVector; - CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - ckmc_alias_list_s *plist = NULL; + ckmc_alias_list_s *plist = NULL; - for (const auto it : aliasVector) { - char *alias = strndup(it.c_str(), it.size()); + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); - if (plist == NULL) { // first - ret = ckmc_alias_list_new(alias, &plist); - *alias_list = plist; // save the pointer of the first element - } else { - ret = ckmc_alias_list_add(plist, alias, &plist); - } + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } - if (ret != CKMC_ERROR_NONE) { - free(alias); - ckmc_alias_list_all_free(*alias_list); - return ret; + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } } - } - if(plist == NULL) { // if the alias_list size is zero - return CKMC_ERROR_DB_ALIAS_UNKNOWN; - } + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } - return CKMC_ERROR_NONE; + return CKMC_ERROR_NONE; + }); } KEY_MANAGER_CAPI int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) { - if(alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::Alias ckmAlias(alias); - - if(cert.raw_cert == NULL || cert.cert_size <= 0) { + return try_catch_enclosure([&]()->int { + if(alias == NULL) { return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert); - if(ckmCert.get() == NULL) { - return CKMC_ERROR_INVALID_FORMAT; - } + } + CKM::Alias ckmAlias(alias); - CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); + if(cert.raw_cert == NULL || cert.cert_size <= 0) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert); + if(ckmCert.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } - CKM::ManagerShPtr mgr = CKM::Manager::create(); - int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy); + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); - return to_ckmc_error(ret); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy); + + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI int ckmc_remove_cert(const char *alias) { - return ckmc_remove_alias(alias); + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert) { - CKM::CertificateShPtr ckmCert; - int ret; + return try_catch_enclosure([&]()->int { + CKM::CertificateShPtr ckmCert; + int ret; - if(alias == NULL || cert == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(alias == NULL || cert == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - CKM::RawBuffer buffer = ckmCert->getDER(); - ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert); + CKM::RawBuffer buffer = ckmCert->getDER(); + ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert); - return ret; + return ret; + }); } KEY_MANAGER_CAPI int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) { - int ret; + return try_catch_enclosure([&]()->int { + int ret; - if (alias_list == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if (alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - *alias_list = NULL; + *alias_list = NULL; - CKM::AliasVector aliasVector; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - ckmc_alias_list_s *plist = NULL; + ckmc_alias_list_s *plist = NULL; - for (const auto it : aliasVector) { - char *alias = strndup(it.c_str(), it.size()); + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); - if (plist == NULL) { // first - ret = ckmc_alias_list_new(alias, &plist); - *alias_list = plist; // save the pointer of the first element - } else { - ret = ckmc_alias_list_add(plist, alias, &plist); - } + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } - if (ret != CKMC_ERROR_NONE) { - free(alias); - ckmc_alias_list_all_free(*alias_list); - return ret; + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } } - } - if(plist == NULL) { // if the alias_list size is zero - return CKMC_ERROR_DB_ALIAS_UNKNOWN; - } + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } - return CKMC_ERROR_NONE; + return CKMC_ERROR_NONE; + }); } KEY_MANAGER_CAPI int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy) { - CKM::KeyShPtr private_key; - CKM::CertificateShPtr cert; - CKM::CertificateShPtrVector ca_cert_list; + return try_catch_enclosure([&]()->int { + CKM::KeyShPtr private_key; + CKM::CertificateShPtr cert; + CKM::CertificateShPtrVector ca_cert_list; - if(alias==NULL || ppkcs==NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::Alias ckmAlias(alias); - private_key = _toCkmKey(ppkcs->priv_key); - cert = _toCkmCertificate(ppkcs->cert); - ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain); + if(alias==NULL || ppkcs==NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + private_key = _toCkmKey(ppkcs->priv_key); + cert = _toCkmCertificate(ppkcs->cert); + ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain); - CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable); - CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable); + CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable); + CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable); - CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list)); + CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list)); - CKM::ManagerShPtr mgr = CKM::Manager::create(); - int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy); - return to_ckmc_error(ret); + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12) { - int ret; - CKM::PKCS12ShPtr pkcs; - CKM::Password keyPass, certPass; - ckmc_key_s *private_key = NULL; - ckmc_cert_s *cert = NULL; - ckmc_cert_list_s *ca_cert_list = 0; - - if(!alias || !pkcs12) { - return CKMC_ERROR_INVALID_PARAMETER; - } + return try_catch_enclosure([&]()->int { + int ret; + CKM::PKCS12ShPtr pkcs; + CKM::Password keyPass, certPass; + ckmc_key_s *private_key = NULL; + ckmc_cert_s *cert = NULL; + ckmc_cert_list_s *ca_cert_list = 0; - if (key_password) - keyPass = key_password; + if(!alias || !pkcs12) { + return CKMC_ERROR_INVALID_PARAMETER; + } - if (cert_password) - certPass = cert_password; + if (key_password) + keyPass = key_password; - auto mgr = CKM::Manager::create(); + if (cert_password) + certPass = cert_password; - if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + auto mgr = CKM::Manager::create(); - if(!pkcs) - return CKMC_ERROR_BAD_RESPONSE; + if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - auto pkcsKey = pkcs->getKey(); - if(pkcsKey) - { - CKM::RawBuffer buffer = pkcsKey->getDER(); - ckmc_key_type_e keyType = static_cast(pkcsKey->getType()); - ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key); - if(ret != CKMC_ERROR_NONE) - return ret; - } + if(!pkcs) + return CKMC_ERROR_BAD_RESPONSE; + + auto pkcsKey = pkcs->getKey(); + if(pkcsKey) + { + CKM::RawBuffer buffer = pkcsKey->getDER(); + ckmc_key_type_e keyType = static_cast(pkcsKey->getType()); + ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key); + if(ret != CKMC_ERROR_NONE) + return ret; + } - auto pkcsCert = pkcs->getCertificate(); - if(pkcsCert) - { - CKM::RawBuffer buffer = pkcsCert->getDER(); - ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert); - if(ret != CKMC_ERROR_NONE) { - ckmc_key_free(private_key); - return ret; + auto pkcsCert = pkcs->getCertificate(); + if(pkcsCert) + { + CKM::RawBuffer buffer = pkcsCert->getDER(); + ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert); + if(ret != CKMC_ERROR_NONE) { + ckmc_key_free(private_key); + return ret; + } } - } - ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()); + ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()); - ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12); - if(ret != CKMC_ERROR_NONE) - { - ckmc_key_free(private_key); - ckmc_cert_free(cert); - ckmc_cert_list_free(ca_cert_list); - } - return ret; + ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12); + if(ret != CKMC_ERROR_NONE) + { + ckmc_key_free(private_key); + ckmc_cert_free(cert); + ckmc_cert_list_free(ca_cert_list); + } + return ret; + }); } KEY_MANAGER_CAPI int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) { - if(alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::Alias ckmAlias(alias); - - if(data.data == NULL || data.size <= 0) { + return try_catch_enclosure([&]()->int { + if(alias == NULL) { return CKMC_ERROR_INVALID_PARAMETER; - } - CKM::RawBuffer buffer(data.data, data.data + data.size); + } + CKM::Alias ckmAlias(alias); - CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); + if(data.data == NULL || data.size <= 0) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::RawBuffer buffer(data.data, data.data + data.size); - CKM::ManagerShPtr mgr = CKM::Manager::create(); - int ret = mgr->saveData(ckmAlias, buffer, storePolicy); + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); - return to_ckmc_error(ret); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->saveData(ckmAlias, buffer, storePolicy); + + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI int ckmc_remove_data(const char *alias) { - return ckmc_remove_alias(alias); + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data) { - CKM::RawBuffer ckmBuff; - int ret; + return try_catch_enclosure([&]()->int { + CKM::RawBuffer ckmBuff; + int ret; - if(alias == NULL || data == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(alias == NULL || data == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data); + ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data); - return ret; + return ret; + }); } KEY_MANAGER_CAPI int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){ - int ret; + return try_catch_enclosure([&]()->int { + int ret; - if(alias_list == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - *alias_list = NULL; + *alias_list = NULL; - CKM::AliasVector aliasVector; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - ckmc_alias_list_s *plist = NULL; + ckmc_alias_list_s *plist = NULL; - for (const auto it : aliasVector) { - char *alias = strndup(it.c_str(), it.size()); + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); - if (plist == NULL) { // first - ret = ckmc_alias_list_new(alias, &plist); - *alias_list = plist; // save the pointer of the first element - } else { - ret = ckmc_alias_list_add(plist, alias, &plist); - } + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } - if (ret != CKMC_ERROR_NONE) { - free(alias); - ckmc_alias_list_all_free(*alias_list); - return ret; + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } } - } - if(plist == NULL) { // if the alias_list size is zero - return CKMC_ERROR_DB_ALIAS_UNKNOWN; - } + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } - return CKMC_ERROR_NONE; + return CKMC_ERROR_NONE; + }); } KEY_MANAGER_CAPI @@ -540,20 +578,22 @@ int ckmc_create_key_pair_rsa(const size_t size, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); + return try_catch_enclosure([&]()->int { + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); - CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); - ret = mgr->createKeyPairRSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); - return to_ckmc_error(ret); + ret = mgr->createKeyPairRSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI @@ -563,20 +603,22 @@ int ckmc_create_key_pair_dsa(const size_t size, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); + return try_catch_enclosure([&]()->int { + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); - CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); - ret = mgr->createKeyPairDSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); - return to_ckmc_error(ret); + ret = mgr->createKeyPairDSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI @@ -586,20 +628,22 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) { - CKM::ManagerShPtr mgr = CKM::Manager::create(); + return try_catch_enclosure([&]()->int { + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::ElipticCurve ckmType = static_cast(static_cast(type)); - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); - CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); + CKM::ElipticCurve ckmType = static_cast(static_cast(type)); + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); - int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); - return to_ckmc_error(ret); + int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI @@ -607,16 +651,18 @@ int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_policy) { - CKM::ManagerShPtr mgr = CKM::Manager::create(); + return try_catch_enclosure([&]()->int { + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(key_alias == NULL) - return CKMC_ERROR_INVALID_PARAMETER; + if(key_alias == NULL) + return CKMC_ERROR_INVALID_PARAMETER; - CKM::Alias ckmKeyAlias(key_alias); - CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable); + CKM::Alias ckmKeyAlias(key_alias); + CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable); - int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy); - return to_ckmc_error(ret); + int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy); + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI @@ -627,32 +673,34 @@ int ckmc_create_signature(const char *private_key_alias, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **signature) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - CKM::RawBuffer ckmSignature; + return try_catch_enclosure([&]()->int { + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::RawBuffer ckmSignature; - if(private_key_alias == NULL || signature == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(private_key_alias == NULL || signature == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::RawBuffer ckmMessage(message.data, message.data + message.size); - CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); - CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - - if( (ret = mgr->createSignature( - ckmPrivakeKeyAlias, - _tostring(password), - ckmMessage, - ckmHashAlgo, - ckmPadding, - ckmSignature)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::RawBuffer ckmMessage(message.data, message.data + message.size); + CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); + CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); + + if( (ret = mgr->createSignature( + ckmPrivakeKeyAlias, + _tostring(password), + ckmMessage, + ckmHashAlgo, + ckmPadding, + ckmSignature)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature); + ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature); - return ret; + return ret; + }); } KEY_MANAGER_CAPI @@ -663,84 +711,90 @@ int ckmc_verify_signature(const char *public_key_alias, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); + return try_catch_enclosure([&]()->int { + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(public_key_alias == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::RawBuffer ckmMessage(message.data, message.data + message.size); - CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size); - CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); - CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - - if( (ret = mgr->verifySignature( - ckmPublicKeyAlias, - _tostring(password), - ckmMessage, - ckmSignature, - ckmHashAlgo, - ckmPadding)) != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::RawBuffer ckmMessage(message.data, message.data + message.size); + CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size); + CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); + CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); + + if( (ret = mgr->verifySignature( + ckmPublicKeyAlias, + _tostring(password), + ckmMessage, + ckmSignature, + ckmHashAlgo, + ckmPadding)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - return CKMC_ERROR_NONE; + return CKMC_ERROR_NONE; + }); } KEY_MANAGER_CAPI int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - CKM::CertificateShPtrVector ckmCertChain; + return try_catch_enclosure([&]()->int { + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain; - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); + CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); - CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts); + CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts); - ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain); - if( ret != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - *cert_chain_list = _toNewCkmCertList(ckmCertChain); + *cert_chain_list = _toNewCkmCertList(ckmCertChain); - return CKMC_ERROR_NONE; + return CKMC_ERROR_NONE; + }); } KEY_MANAGER_CAPI int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - CKM::CertificateShPtrVector ckmCertChain; + return try_catch_enclosure([&]()->int { + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain; - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); - if(ckmCert.get() == NULL) { - return CKMC_ERROR_INVALID_FORMAT; - } + CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); + if(ckmCert.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } - CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts); + CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts); - ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain); - if( ret != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - *cert_chain_list = _toNewCkmCertList(ckmCertChain); + *cert_chain_list = _toNewCkmCertList(ckmCertChain); - return CKMC_ERROR_NONE; + return CKMC_ERROR_NONE; + }); } KEY_MANAGER_CAPI @@ -750,92 +804,104 @@ int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert, const bool sys_certs, ckmc_cert_list_s** ppcert_chain_list) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - CKM::CertificateShPtrVector ckm_cert_chain; + return try_catch_enclosure([&]()->int { + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckm_cert_chain; - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert); - if(ckm_cert.get() == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert); + if(ckm_cert.get() == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts); - CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts); + CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts); + CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts); - ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain); - if( ret != CKM_API_SUCCESS) { - return to_ckmc_error(ret); - } + ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain); + *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain); - return CKMC_ERROR_NONE; + return CKMC_ERROR_NONE; + }); } KEY_MANAGER_CAPI int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status) { - if (pcert_chain_list == NULL - || pcert_chain_list->cert == NULL - || pcert_chain_list->cert->raw_cert == NULL - || pcert_chain_list->cert->cert_size <= 0 - || ocsp_status == NULL) { - return CKMC_ERROR_INVALID_PARAMETER; - } + return try_catch_enclosure([&]()->int { + if (pcert_chain_list == NULL + || pcert_chain_list->cert == NULL + || pcert_chain_list->cert->raw_cert == NULL + || pcert_chain_list->cert->cert_size <= 0 + || ocsp_status == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - int tmpOcspStatus = -1; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list); + int tmpOcspStatus = -1; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list); - int ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus); - *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus); - return to_ckmc_error(ret); + int ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus); + *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus); + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted) { - int ec, permissionMask; - ec = access_to_permission_mask(granted, permissionMask); - if(ec != CKMC_ERROR_NONE) - return ec; + return try_catch_enclosure([&]()->int { + int ec, permissionMask; + ec = access_to_permission_mask(granted, permissionMask); + if(ec != CKMC_ERROR_NONE) + return ec; - return ckmc_set_permission(alias, accessor, permissionMask); + return ckmc_set_permission(alias, accessor, permissionMask); + }); } KEY_MANAGER_CAPI int ckmc_set_permission(const char *alias, const char *accessor, int permissions) { - if (!alias || !accessor) - return CKMC_ERROR_INVALID_PARAMETER; + return try_catch_enclosure([&]()->int { + if (!alias || !accessor) + return CKMC_ERROR_INVALID_PARAMETER; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - return to_ckmc_error(mgr->setPermission(alias, accessor, permissions)); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return to_ckmc_error(mgr->setPermission(alias, accessor, permissions)); + }); } KEY_MANAGER_CAPI int ckmc_deny_access(const char *alias, const char *accessor) { - if (!alias || !accessor) - return CKMC_ERROR_INVALID_PARAMETER; + return try_catch_enclosure([&]()->int { + if (!alias || !accessor) + return CKMC_ERROR_INVALID_PARAMETER; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE)); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE)); + }); } KEY_MANAGER_CAPI int ckmc_remove_alias(const char *alias) { - if(!alias) - return CKMC_ERROR_INVALID_PARAMETER; + return try_catch_enclosure([&]()->int { + if(!alias) + return CKMC_ERROR_INVALID_PARAMETER; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - int ret = mgr->removeAlias(alias); - return to_ckmc_error(ret); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->removeAlias(alias); + return to_ckmc_error(ret); + }); } KEY_MANAGER_CAPI @@ -845,12 +911,14 @@ int ckmc_encrypt_data(ckmc_param_list_h params, const ckmc_raw_buffer_s decrypted, ckmc_raw_buffer_s **ppencrypted) { - return _cryptoOperation(&CKM::Manager::encrypt, - params, - key_alias, - password, - decrypted, - ppencrypted); + return try_catch_enclosure([&]()->int { + return _cryptoOperation(&CKM::Manager::encrypt, + params, + key_alias, + password, + decrypted, + ppencrypted); + }); } KEY_MANAGER_CAPI @@ -860,10 +928,12 @@ int ckmc_decrypt_data(ckmc_param_list_h params, const ckmc_raw_buffer_s encrypted, ckmc_raw_buffer_s **ppdecrypted) { - return _cryptoOperation(&CKM::Manager::decrypt, - params, - key_alias, - password, - encrypted, - ppdecrypted); + return try_catch_enclosure([&]()->int { + return _cryptoOperation(&CKM::Manager::decrypt, + params, + key_alias, + password, + encrypted, + ppdecrypted); + }); } diff --git a/src/manager/client/client-manager.cpp b/src/manager/client/client-manager.cpp index 6d8ed4b..275b545 100644 --- a/src/manager/client/client-manager.cpp +++ b/src/manager/client/client-manager.cpp @@ -239,12 +239,10 @@ int Manager::decrypt( ManagerShPtr Manager::create() { try { return std::make_shared(); - } catch (const std::bad_alloc &) { - LogDebug("Bad alloc was caught during Manager::Impl creation."); } catch (...) { - LogError("Critical error: Unknown exception was caught during Manager::Impl creation!"); + LogError("Exception occured in Manager::create"); + throw; } - return ManagerShPtr(); } } // namespace CKM -- 2.7.4 From 84ffd8d75c83103bf2b7c9809297b111445f7a5d Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 19 Nov 2015 11:43:20 +0100 Subject: [PATCH 04/16] Fix bug found by Klocwork [Problem] The command received from encryption service is deserialized into a variable hiding function argument of the same name. Also the received command was ignored. [Solution] Check if received command is equal to requested one. [Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION Change-Id: I16e14dbc8497a9b6ea11d93c8c0a48071562d684 --- src/manager/client/client-manager-impl.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index 790e541..d6a464e 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -794,11 +794,11 @@ int Manager::Impl::crypt(EncryptionCommand command, if (CKM_API_SUCCESS != retCode) return retCode; - int command; + int retCommand; int counter; - recv.Deserialize(command, counter, retCode, output); + recv.Deserialize(retCommand, counter, retCode, output); - if (my_counter != counter) { + if (my_counter != counter || retCommand != static_cast(command)) { return CKM_API_ERROR_UNKNOWN; } -- 2.7.4 From 6477378a7699be3e9c497a0d6fde41001e17eed3 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 16 Nov 2015 15:06:48 +0100 Subject: [PATCH 05/16] Fix character trimming in xml parser [Problem] ASCII tag content is being trimmed and it shouldn't be. [Solution] Don't trim tag content in Characters() callback. If trimming is necessary it can be done in End() callback. Exception will be thrown only if non-whitespace characters are found within tags that shouldn't have any character content (InitialValueHandler, PermissionHandler). [Verification] Run ckm-tests --group=T60_INITIAL_VALUES Change-Id: I39a928bf15be29ade96986d619c9023fb4cd3234 --- src/CMakeLists.txt | 1 + src/manager/initial-values/InitialValueHandler.cpp | 5 --- src/manager/initial-values/InitialValueHandler.h | 4 +- src/manager/initial-values/NoCharactersHandler.cpp | 44 ++++++++++++++++++++++ src/manager/initial-values/NoCharactersHandler.h | 39 +++++++++++++++++++ src/manager/initial-values/PermissionHandler.cpp | 5 +-- src/manager/initial-values/PermissionHandler.h | 4 +- src/manager/initial-values/parser.cpp | 2 +- tools/ckm_db_tool/CMakeLists.txt | 1 + 9 files changed, 91 insertions(+), 14 deletions(-) create mode 100644 src/manager/initial-values/NoCharactersHandler.cpp create mode 100644 src/manager/initial-values/NoCharactersHandler.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index aa72fb7..8faf006 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -60,6 +60,7 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/initial-values/PermissionHandler.cpp ${KEY_MANAGER_PATH}/initial-values/InitialValueHandler.cpp ${KEY_MANAGER_PATH}/initial-values/InitialValuesFile.cpp + ${KEY_MANAGER_PATH}/initial-values/NoCharactersHandler.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp diff --git a/src/manager/initial-values/InitialValueHandler.cpp b/src/manager/initial-values/InitialValueHandler.cpp index 43f9ef3..88fbb78 100644 --- a/src/manager/initial-values/InitialValueHandler.cpp +++ b/src/manager/initial-values/InitialValueHandler.cpp @@ -58,11 +58,6 @@ void InitialValueHandler::Start(const XML::Parser::Attributes &attr) } } -void InitialValueHandler::Characters(const std::string &) -{ - throw std::runtime_error("error: value handler detected raw data outside data-specific tag"); -} - void InitialValueHandler::End() { if(m_bufferHandler) diff --git a/src/manager/initial-values/InitialValueHandler.h b/src/manager/initial-values/InitialValueHandler.h index 7d23fa9..cd36293 100644 --- a/src/manager/initial-values/InitialValueHandler.h +++ b/src/manager/initial-values/InitialValueHandler.h @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -34,7 +35,7 @@ namespace CKM { namespace InitialValues { -class InitialValueHandler : public XML::Parser::ElementHandler +class InitialValueHandler : public NoCharactersHandler { public: typedef std::shared_ptr InitialValueHandlerPtr; @@ -46,7 +47,6 @@ public: BufferHandler::BufferHandlerPtr CreateBufferHandler(EncodingType type); PermissionHandler::PermissionHandlerPtr CreatePermissionHandler(); virtual void Start(const XML::Parser::Attributes &); - virtual void Characters(const std::string & data); virtual void End(); protected: diff --git a/src/manager/initial-values/NoCharactersHandler.cpp b/src/manager/initial-values/NoCharactersHandler.cpp new file mode 100644 index 0000000..8c3f969 --- /dev/null +++ b/src/manager/initial-values/NoCharactersHandler.cpp @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file NoCharactersHandler.cpp + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @version 1.0 + */ + +#include + +#include +#include +#include + +namespace CKM { +namespace InitialValues { + +void NoCharactersHandler::Characters(const std::string & data) +{ + auto f = find_if(data.begin(), data.end(), [](char c){ return std::isspace(c) == 0;}); + if(f != data.end()) + throw std::runtime_error( + "error: value handler detected raw data outside data-specific tag"); +} + +NoCharactersHandler::~NoCharactersHandler() +{ +} + +} // namespace InitialValues +} // namespace CKM diff --git a/src/manager/initial-values/NoCharactersHandler.h b/src/manager/initial-values/NoCharactersHandler.h new file mode 100644 index 0000000..2a9a418 --- /dev/null +++ b/src/manager/initial-values/NoCharactersHandler.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file NoCharactersHandler.h + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @version 1.0 + */ + +#pragma once + +#include +#include + +namespace CKM { +namespace InitialValues { + +class NoCharactersHandler : public XML::Parser::ElementHandler +{ +public: + void Characters(const std::string & data); + + virtual ~NoCharactersHandler(); +}; + +} // namespace InitialValues +} // namespace CKM diff --git a/src/manager/initial-values/PermissionHandler.cpp b/src/manager/initial-values/PermissionHandler.cpp index ea97c6d..63e9ee0 100644 --- a/src/manager/initial-values/PermissionHandler.cpp +++ b/src/manager/initial-values/PermissionHandler.cpp @@ -39,10 +39,7 @@ void PermissionHandler::Start(const XML::Parser::Attributes & attr) if(attr.find(XML_ATTR_ACCESSOR) != attr.end()) m_accessor = Label(attr.at(XML_ATTR_ACCESSOR)); } -void PermissionHandler::Characters(const std::string &) -{ - throw std::runtime_error("error: value handler detected raw data while none allowed"); -} + void PermissionHandler::End() { } diff --git a/src/manager/initial-values/PermissionHandler.h b/src/manager/initial-values/PermissionHandler.h index 7980ba8..9eb3ca4 100644 --- a/src/manager/initial-values/PermissionHandler.h +++ b/src/manager/initial-values/PermissionHandler.h @@ -23,13 +23,14 @@ #ifndef PERMISSIONHANDLER_H_ #define PERMISSIONHANDLER_H_ +#include #include #include namespace CKM { namespace InitialValues { -class PermissionHandler : public XML::Parser::ElementHandler +class PermissionHandler : public NoCharactersHandler { public: typedef std::shared_ptr PermissionHandlerPtr; @@ -37,7 +38,6 @@ public: virtual ~PermissionHandler(); virtual void Start(const XML::Parser::Attributes &); - virtual void Characters(const std::string &); virtual void End(); const Label & getAccessor() const { diff --git a/src/manager/initial-values/parser.cpp b/src/manager/initial-values/parser.cpp index 4693728..535281a 100644 --- a/src/manager/initial-values/parser.cpp +++ b/src/manager/initial-values/parser.cpp @@ -204,7 +204,7 @@ void Parser::EndElement(const xmlChar *name) void Parser::Characters(const xmlChar *ch, size_t chLen) { - std::string chars = trim(std::string(reinterpret_cast(ch), chLen)); + std::string chars(reinterpret_cast(ch), chLen); if(chars.empty()) return; diff --git a/tools/ckm_db_tool/CMakeLists.txt b/tools/ckm_db_tool/CMakeLists.txt index 8309d5d..c040cad 100644 --- a/tools/ckm_db_tool/CMakeLists.txt +++ b/tools/ckm_db_tool/CMakeLists.txt @@ -58,6 +58,7 @@ SET(CKM_DB_TOOL_SOURCES ${KEY_MANAGER_PATH}/initial-values/PermissionHandler.cpp ${KEY_MANAGER_PATH}/initial-values/InitialValueHandler.cpp ${KEY_MANAGER_PATH}/initial-values/InitialValuesFile.cpp + ${KEY_MANAGER_PATH}/initial-values/NoCharactersHandler.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp -- 2.7.4 From c960d5d61979802933b7cc44b66a118b5861edf7 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Fri, 20 Nov 2015 11:55:02 +0900 Subject: [PATCH 06/16] Add PASSWORD_PROTECTION_DISABLE feature Change-Id: I58a8bde0e4424168a61590d6a5f12fb8e28f50b2 Signed-off-by: Dongsun Lee --- CMakeLists.txt | 5 +++++ packaging/key-manager.spec | 5 +++++ src/manager/service/key-provider.cpp | 20 +++++++++++++++----- src/manager/service/key-provider.h | 1 + 4 files changed, 26 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 73720b1..bc0aab1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -62,6 +62,11 @@ IF (DEFINED SYSTEMD_ENV_FILE) ADD_DEFINITIONS(-DSYSTEMD_ENV_FILE="${SYSTEMD_ENV_FILE}") ENDIF (DEFINED SYSTEMD_ENV_FILE) +IF (DEFINED PASSWORD_PROTECTION_DISABLE) + MESSAGE("PASSWORD_PROTECTION_DISABLE ENABLED !") + ADD_DEFINITIONS("-DPASSWORD_PROTECTION_DISABLE") +ENDIF (DEFINED PASSWORD_PROTECTION_DISABLE) + SET(TARGET_KEY_MANAGER "key-manager") SET(TARGET_KEY_MANAGER_CLIENT "key-manager-client") SET(TARGET_KEY_MANAGER_CONTROL_CLIENT "key-manager-control-client") diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 23b89b0..6cdffd4 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -113,6 +113,8 @@ cp -a %{SOURCE1005} . export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE" %endif +# password protection enabled +%define ckm_password_protection_disable 1 export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " @@ -121,6 +123,9 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " -DCMAKE_VERBOSE_MAKEFILE=ON \ -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager" \ +%if 0%{?ckm_password_protection_disable} + -DPASSWORD_PROTECTION_DISABLE=1 \ +%endif -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF} make %{?jobs:-j%jobs} diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp index 23ca201..ce6e72b 100644 --- a/src/manager/service/key-provider.cpp +++ b/src/manager/service/key-provider.cpp @@ -140,7 +140,7 @@ KeyProvider::KeyProvider( concat_user_pass = concat_password_user( wkmcDKEK.getWrappedKeyAndInfo().keyInfo.label, - password.c_str()); + getConvertedStr(password)); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, @@ -223,7 +223,7 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password) concat_user_pass = concat_password_user( m_kmcDKEK->getKeyAndInfo().keyInfo.label, - password.c_str()); + getConvertedStr(password)); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, @@ -393,7 +393,7 @@ RawBuffer KeyProvider::reencrypt( concat_user_pass = concat_password_user( wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.label, - oldPass.c_str()); + getConvertedStr(oldPass)); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, @@ -425,7 +425,7 @@ RawBuffer KeyProvider::reencrypt( concat_user_pass = concat_password_user( kmcDKEK.getKeyAndInfo().keyInfo.label, - newPass.c_str()); + getConvertedStr(newPass)); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, @@ -477,7 +477,7 @@ RawBuffer KeyProvider::generateDomainKEK( int wrappedKeyLength; char *concat_user_pass = NULL; - concat_user_pass = concat_password_user(user.c_str(), userPassword.c_str()); + concat_user_pass = concat_password_user(user.c_str(), getConvertedStr(userPassword)); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, strlen(concat_user_pass), @@ -645,3 +645,13 @@ char * KeyProvider::concat_password_user(const char *user, const char *password) delete[] resized_user; return concat_user_pass; } + +const char* KeyProvider::getConvertedStr(const Password &password) +{ +#ifdef PASSWORD_PROTECTION_DISABLE + (void ) password; + return ""; +#else + return password.c_str(); +#endif +} diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h index 918a622..dd22c32 100644 --- a/src/manager/service/key-provider.h +++ b/src/manager/service/key-provider.h @@ -169,6 +169,7 @@ private: const char *user, const char *password); + static const char* getConvertedStr(const Password &password); }; } // namespace CKM -- 2.7.4 From b5239c092b038e65edccd76ddac4c76f753c2920 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Mon, 23 Nov 2015 16:59:34 +0100 Subject: [PATCH 07/16] CKMLogic will not depend from InitialValues. Change-Id: I91ce4dcadd49ae813c1ca59418ea8f730110718b --- src/CMakeLists.txt | 1 + .../initial-values/initial-value-loader.cpp | 82 ++++++++++++++++++++++ src/manager/initial-values/initial-value-loader.h | 35 +++++++++ src/manager/service/ckm-logic.cpp | 42 ----------- src/manager/service/ckm-service.cpp | 5 +- 5 files changed, 122 insertions(+), 43 deletions(-) create mode 100644 src/manager/initial-values/initial-value-loader.cpp create mode 100644 src/manager/initial-values/initial-value-loader.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8faf006..fa31106 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -62,6 +62,7 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/initial-values/InitialValuesFile.cpp ${KEY_MANAGER_PATH}/initial-values/NoCharactersHandler.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp + ${KEY_MANAGER_PATH}/initial-values/initial-value-loader.cpp ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp diff --git a/src/manager/initial-values/initial-value-loader.cpp b/src/manager/initial-values/initial-value-loader.cpp new file mode 100644 index 0000000..01bb79c --- /dev/null +++ b/src/manager/initial-values/initial-value-loader.cpp @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file initial-value-loader.cpp + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief + */ +#include + +#include + +#include +#include + +namespace { +const char * const INIT_VALUES_DIR = "/opt/data/ckm/initial_values/"; +const char * const INIT_VALUES_XSD = "/usr/share/ckm/initial_values.xsd"; +const char * const INIT_VALUES_FILE_SUFFIX = ".xml"; +} // namespace anonymous + +namespace CKM { +namespace InitialValues { + +void LoadFiles(CKMLogic &logic) { + try { + std::vector filesToParse; + DIR *dp = opendir(INIT_VALUES_DIR); + if(dp) + { + struct dirent *entry; + while ((entry = readdir(dp))) + { + std::string filename = std::string(entry->d_name); + + // check if XML file + std::string lowercaseFilename = filename; + std::transform(lowercaseFilename.begin(), lowercaseFilename.end(), lowercaseFilename.begin(), ::tolower); + if(lowercaseFilename.find(INIT_VALUES_FILE_SUFFIX) == std::string::npos) + continue; + + filesToParse.push_back(std::string(INIT_VALUES_DIR) + filename); + } + closedir(dp); + } + + // parse + for(const auto & file : filesToParse) + { + InitialValues::InitialValuesFile xmlFile(file.c_str(), logic); + int rc = xmlFile.Validate(INIT_VALUES_XSD); + if(rc == XML::Parser::PARSE_SUCCESS) + { + rc = xmlFile.Parse(); + if(rc != XML::Parser::PARSE_SUCCESS) + LogError("invalid initial values file: " << file << ", parsing code: " << rc); + } + else + LogError("invalid initial values file: " << file << ", validation code: " << rc); + unlink(file.c_str()); + } + } catch (...) { + LogError("The implementation of exception handling in xml parser is broken!"); + } +} + +} // namespace InitialValues +} // namespace CKM + diff --git a/src/manager/initial-values/initial-value-loader.h b/src/manager/initial-values/initial-value-loader.h new file mode 100644 index 0000000..a558e43 --- /dev/null +++ b/src/manager/initial-values/initial-value-loader.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file ckm-logic.cpp + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief + */ +#pragma once + +namespace CKM { + +// forward declaration +class CKMLogic; + +namespace InitialValues { + +void LoadFiles(CKMLogic &); + +} // namespace InitialValues +} // namespace CKM + diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 2dc20a7..8a5e396 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -30,17 +30,12 @@ #include #include #include -#include #include -#include #include #include namespace { const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs"; -const char * const INIT_VALUES_DIR = "/opt/data/ckm/initial_values/"; -const char * const INIT_VALUES_XSD = "/usr/share/ckm/initial_values.xsd"; -const char * const INIT_VALUES_FILE_SUFFIX = ".xml"; const char * const SYSTEM_DB_PASSWD = "cAtRugU7"; bool isLabelValid(const CKM::Label &label) { @@ -66,43 +61,6 @@ CKMLogic::CKMLogic() CertificateConfig::addSystemCertificateDir(CERT_SYSTEM_DIR); m_accessControl.updateCCMode(); - - // make initial file list - std::vector filesToParse; - DIR *dp = opendir(INIT_VALUES_DIR); - if(dp) - { - struct dirent *entry; - while ((entry = readdir(dp))) - { - std::string filename = std::string(entry->d_name); - - // check if XML file - std::string lowercaseFilename = filename; - std::transform(lowercaseFilename.begin(), lowercaseFilename.end(), lowercaseFilename.begin(), ::tolower); - if(lowercaseFilename.find(INIT_VALUES_FILE_SUFFIX) == std::string::npos) - continue; - - filesToParse.push_back(std::string(INIT_VALUES_DIR) + filename); - } - closedir(dp); - } - - // parse - for(const auto & file : filesToParse) - { - InitialValues::InitialValuesFile xmlFile(file.c_str(), *this); - int rc = xmlFile.Validate(INIT_VALUES_XSD); - if(rc == XML::Parser::PARSE_SUCCESS) - { - rc = xmlFile.Parse(); - if(rc != XML::Parser::PARSE_SUCCESS) - LogError("invalid initial values file: " << file << ", parsing code: " << rc); - } - else - LogError("invalid initial values file: " << file << ", validation code: " << rc); - unlink(file.c_str()); - } } CKMLogic::~CKMLogic(){} diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index 47fef2b..a830cf8 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -27,6 +27,7 @@ #include #include +#include namespace { const CKM::InterfaceID SOCKET_ID_CONTROL = 0; @@ -37,7 +38,9 @@ namespace CKM { CKMService::CKMService() : m_logic(new CKMLogic) -{} +{ + InitialValues::LoadFiles(*m_logic); +} CKMService::~CKMService() { delete m_logic; -- 2.7.4 From 2fe537fa54c272ac3cd18dc75fa369425dea84f6 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 16 Nov 2015 14:57:49 +0100 Subject: [PATCH 08/16] Move call to xmlCleanupParser [Problem] xmlCleanupParser should be called only before program exit. [Solution] Moved to global object constructor. [Verification] Successfull compilation Change-Id: Id2fedd8b99c9b598eaef14f7c12d37282e74814a --- src/manager/initial-values/parser.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/manager/initial-values/parser.cpp b/src/manager/initial-values/parser.cpp index 535281a..6d6cd1e 100644 --- a/src/manager/initial-values/parser.cpp +++ b/src/manager/initial-values/parser.cpp @@ -34,6 +34,14 @@ namespace CKM { namespace XML { +namespace { + +struct LibXmlCleanup { + ~LibXmlCleanup() { xmlCleanupParser(); } +} cleanup; + +} // namespace anonymous + Parser::Parser(const std::string &XML_filename) : m_errorCb(0) { @@ -47,7 +55,6 @@ Parser::Parser(const std::string &XML_filename) } Parser::~Parser() { - xmlCleanupParser(); } int Parser::Validate(const std::string &XSD_schema) -- 2.7.4 From 7d24744edd8f92af52c7631af5b1a0feccfc3248 Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Mon, 24 Aug 2015 10:52:09 +0200 Subject: [PATCH 09/16] Add DataContainer class to contain data, its type and encryption details. [Problem] Encrypted data details are kept separately to the data. [Solution] Store provides an interface to handle data, type and encryption details in a single object. Change-Id: Ic35a0a6205670c2a41a183e56b884be87179ebab --- src/manager/crypto/generic-backend/gstore.h | 20 ++++- src/manager/crypto/sw-backend/store.cpp | 9 ++- src/manager/crypto/sw-backend/store.h | 4 +- src/manager/crypto/tz-backend/store.cpp | 7 +- src/manager/crypto/tz-backend/store.h | 4 +- src/manager/initial-values/BufferHandler.h | 2 +- src/manager/initial-values/InitialValueHandler.cpp | 3 +- src/manager/service/ckm-logic.cpp | 86 ++++++++++------------ src/manager/service/ckm-logic.h | 21 ++---- src/manager/service/ckm-service.cpp | 3 +- 10 files changed, 81 insertions(+), 78 deletions(-) diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h index bcb3a57..88a99a5 100644 --- a/src/manager/crypto/generic-backend/gstore.h +++ b/src/manager/crypto/generic-backend/gstore.h @@ -31,6 +31,20 @@ namespace CKM { namespace Crypto { +// Data is very generic and does not say anything about content. +struct Data { + Data() {}; + Data(const DataType& t, RawBuffer d) : type(t), data(std::move(d)) {} + DataType type; + RawBuffer data; // buffer will be better? +}; + +// Too generic. The name does not say anything aobut content. +struct DataEncryption { + RawBuffer encryptedKey; + RawBuffer iv; +}; + class GStore { public: virtual GObjUPtr getObject(const Token &, const Password &) { @@ -42,7 +56,10 @@ public: virtual Token generateSKey(const CryptoAlgorithm &, const Password &) { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual Token import(DataType, const RawBuffer &, const Password &) { + virtual Token import(const Data &, const Password &) { + ThrowErr(Exc::Crypto::OperationNotSupported); + } + virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &) { ThrowErr(Exc::Crypto::OperationNotSupported); } virtual void destroy(const Token &) { @@ -58,4 +75,3 @@ protected: } // namespace Crypto } // namespace CKM - diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index 4e944ad..e1ca362 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -190,13 +190,14 @@ Token Store::generateSKey(const CryptoAlgorithm &algorithm, const Password &pass return Token(m_backendId, ret.type, pack(ret.buffer, pass)); } -Token Store::import(DataType dataType, const RawBuffer &input, const Password &pass) { +Token Store::import(const Data &data, const Password &pass) { + return Token(m_backendId, data.type, pack(data.data, pass)); +} - RawBuffer data = pack(input, pass); - return Token(m_backendId, dataType, std::move(data)); +Token Store::importEncrypted(const Data &, const Password &, const DataEncryption &) { + ThrowErr(Exc::Crypto::OperationNotSupported, "Importing encrypted data not yet implemented!"); } } // namespace SW } // namespace Crypto } // namespace CKM - diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h index f39d0c5..03d69ff 100644 --- a/src/manager/crypto/sw-backend/store.h +++ b/src/manager/crypto/sw-backend/store.h @@ -34,11 +34,11 @@ public: virtual GObjUPtr getObject(const Token &, const Password &); virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &, const Password &); virtual Token generateSKey(const CryptoAlgorithm &, const Password &); - virtual Token import(DataType, const RawBuffer &, const Password &); + virtual Token import(const Data &data, const Password &); + virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &); virtual void destroy(const Token &){} }; } // namespace SW } // namespace Crypto } // namespace CKM - diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index 1c5d58a..4dd2b21 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -38,11 +38,14 @@ TokenPair Store::generateAKey(const CryptoAlgorithm &, const Password &, const P ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!"); } -Token Store::import(DataType, const RawBuffer &, const Password &) { +Token Store::import(const Data &, const Password &) { + ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!"); +} + +Token Store::importEncrypted(const Data &, const Password &, const DataEncryption &) { ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!"); } } // namespace TZ } // namespace Crypto } // namespace CKM - diff --git a/src/manager/crypto/tz-backend/store.h b/src/manager/crypto/tz-backend/store.h index 85e193d..2182ab5 100644 --- a/src/manager/crypto/tz-backend/store.h +++ b/src/manager/crypto/tz-backend/store.h @@ -33,11 +33,11 @@ public: virtual GObjUPtr getObject(const Token &, const Password &); virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &, const Password &); - virtual Token import(DataType dataType, const RawBuffer &buffer, const Password &); + virtual Token import(const Data &data, const Password &); + virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &); virtual void destroy(const Token &){} }; } // namespace TZ } // namespace Crypto } // namespace CKM - diff --git a/src/manager/initial-values/BufferHandler.h b/src/manager/initial-values/BufferHandler.h index 4961bd0..eaef9d0 100644 --- a/src/manager/initial-values/BufferHandler.h +++ b/src/manager/initial-values/BufferHandler.h @@ -46,7 +46,7 @@ public: return m_data; } private: - EncodingType m_encoding; + EncodingType m_encoding; RawBuffer m_data; }; diff --git a/src/manager/initial-values/InitialValueHandler.cpp b/src/manager/initial-values/InitialValueHandler.cpp index 88fbb78..00ea520 100644 --- a/src/manager/initial-values/InitialValueHandler.cpp +++ b/src/manager/initial-values/InitialValueHandler.cpp @@ -68,8 +68,7 @@ void InitialValueHandler::End() Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM), m_name, OWNER_ID_SYSTEM, - m_bufferHandler->getData(), - getDataType(), + Crypto::Data(getDataType(), m_bufferHandler->getData()), PolicySerializable(policy)); if(CKM_API_SUCCESS == ec) { diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 8a5e396..5b8f1a3 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -371,56 +371,53 @@ DB::Row CKMLogic::createEncryptedRow( CryptoLogic &crypto, const Name &name, const Label &label, - DataType dataType, - const RawBuffer &data, + const Crypto::Data &data, const Policy &policy) const { - Crypto::GStore& store = m_decider.getStore(dataType, policy.extractable); + Crypto::GStore& store = m_decider.getStore(data.type, policy.extractable); // do not encrypt data with password during cc_mode on - Token token = store.import(dataType, data, m_accessControl.isCCMode() ? "" : policy.password); + Token token = store.import(data, m_accessControl.isCCMode() ? "" : policy.password); DB::Row row(std::move(token), name, label, static_cast(policy.extractable)); crypto.encryptRow(row); return row; } -int CKMLogic::verifyBinaryData(DataType dataType, RawBuffer &input_data) const +int CKMLogic::verifyBinaryData(Crypto::Data &input) const { - RawBuffer dummy; - return toBinaryData(dataType, input_data, dummy); + Crypto::Data dummy; + return toBinaryData(input, dummy); } -int CKMLogic::toBinaryData(DataType dataType, - const RawBuffer &input_data, - RawBuffer &output_data) const +int CKMLogic::toBinaryData(const Crypto::Data &input, Crypto::Data &output) const { // verify the data integrity - if (dataType.isKey()) + if (input.type.isKey()) { KeyShPtr output_key; - if(dataType.isSKey()) - output_key = CKM::Key::createAES(input_data); + if(input.type.isSKey()) + output_key = CKM::Key::createAES(input.data); else - output_key = CKM::Key::create(input_data); + output_key = CKM::Key::create(input.data); if(output_key.get() == NULL) { LogDebug("provided binary data is not valid key data"); return CKM_API_ERROR_INPUT_PARAM; } - output_data = output_key->getDER(); + output = std::move(Crypto::Data(input.type, output_key->getDER())); } - else if (dataType.isCertificate() || dataType.isChainCert()) + else if (input.type.isCertificate() || input.type.isChainCert()) { - CertificateShPtr cert = CKM::Certificate::create(input_data, DataFormat::FORM_DER); + CertificateShPtr cert = CKM::Certificate::create(input.data, DataFormat::FORM_DER); if(cert.get() == NULL) { LogDebug("provided binary data is not valid certificate data"); return CKM_API_ERROR_INPUT_PARAM; } - output_data = cert->getDER(); + output = std::move(Crypto::Data(input.type, cert->getDER())); } else - output_data = input_data; + output = input; // TODO: add here BINARY_DATA verification, i.e: max size etc. return CKM_API_SUCCESS; } @@ -429,19 +426,18 @@ int CKMLogic::verifyAndSaveDataHelper( const Credentials &cred, const Name &name, const Label &label, - const RawBuffer &data, - DataType dataType, + const Crypto::Data &data, const PolicySerializable &policy) { int retCode = CKM_API_ERROR_UNKNOWN; try { // check if data is correct - RawBuffer binaryData; - retCode = toBinaryData(dataType, data, binaryData); + Crypto::Data binaryData; + retCode = toBinaryData(data, binaryData); if(retCode == CKM_API_SUCCESS) { - retCode = saveDataHelper(cred, name, label, dataType, binaryData, policy); + retCode = saveDataHelper(cred, name, label, binaryData, policy); } } catch (const DB::Crypto::Exception::InternalError &e) { LogError("DB::Crypto failed with message: " << e.GetMessage()); @@ -489,15 +485,14 @@ RawBuffer CKMLogic::saveData( int commandId, const Name &name, const Label &label, - const RawBuffer &data, - DataType dataType, + const Crypto::Data &data, const PolicySerializable &policy) { - int retCode = verifyAndSaveDataHelper(cred, name, label, data, dataType, policy); + int retCode = verifyAndSaveDataHelper(cred, name, label, data, policy); auto response = MessageBuffer::Serialize(static_cast(LogicCommand::SAVE), commandId, retCode, - static_cast(dataType)); + static_cast(data.type)); return response.Pop(); } @@ -514,33 +509,31 @@ int CKMLogic::extractPKCS12Data( if( !pkcs.getKey() ) return CKM_API_ERROR_INVALID_FORMAT; Key* keyPtr = pkcs.getKey().get(); - DataType keyType = DataType(keyPtr->getType()); - RawBuffer keyData = keyPtr->getDER(); - int retCode = verifyBinaryData(keyType, keyData); + Crypto::Data keyData(DataType(keyPtr->getType()), keyPtr->getDER()); + int retCode = verifyBinaryData(keyData); if(retCode != CKM_API_SUCCESS) return retCode; - output.push_back(createEncryptedRow(crypto, name, ownerLabel, keyType, keyData, keyPolicy)); + output.push_back(createEncryptedRow(crypto, name, ownerLabel, keyData, keyPolicy)); // certificate is mandatory if( !pkcs.getCertificate() ) return CKM_API_ERROR_INVALID_FORMAT; - RawBuffer certData = pkcs.getCertificate().get()->getDER(); - retCode = verifyBinaryData(DataType::CERTIFICATE, certData); + Crypto::Data certData(DataType::CERTIFICATE, pkcs.getCertificate().get()->getDER()); + retCode = verifyBinaryData(certData); if(retCode != CKM_API_SUCCESS) return retCode; - output.push_back(createEncryptedRow(crypto, name, ownerLabel, DataType::CERTIFICATE, certData, certPolicy)); + output.push_back(createEncryptedRow(crypto, name, ownerLabel, certData, certPolicy)); // CA cert chain unsigned int cert_index = 0; for(const auto & ca : pkcs.getCaCertificateShPtrVector()) { - DataType chainDataType = DataType::getChainDatatype(cert_index ++); - RawBuffer caCertData = ca->getDER(); - int retCode = verifyBinaryData(chainDataType, caCertData); + Crypto::Data caCertData(DataType::getChainDatatype(cert_index ++), ca->getDER()); + int retCode = verifyBinaryData(caCertData); if(retCode != CKM_API_SUCCESS) return retCode; - output.push_back(createEncryptedRow(crypto, name, ownerLabel, chainDataType, caCertData, certPolicy)); + output.push_back(createEncryptedRow(crypto, name, ownerLabel, caCertData, certPolicy)); } return CKM_API_SUCCESS; @@ -774,7 +767,7 @@ Crypto::GObjUPtr CKMLogic::rowToObject( store.destroy(row); // import it to store with new scheme: data -> pass(data) - Token token = store.import(row.dataType,row.data, pass); + Token token = store.import(Crypto::Data(row.dataType, row.data), pass); // get it from the store (it can be different than the data we imported into store) obj = store.getObject(token, pass); @@ -1103,8 +1096,7 @@ int CKMLogic::saveDataHelper( const Credentials &cred, const Name &name, const Label &label, - DataType dataType, - const RawBuffer &data, + const Crypto::Data &data, const PolicySerializable &policy) { auto &handler = selectDatabase(cred, label); @@ -1121,7 +1113,7 @@ int CKMLogic::saveDataHelper( return retCode; // save the data - DB::Row encryptedRow = createEncryptedRow(handler.crypto, name, ownerLabel, dataType, data, policy); + DB::Row encryptedRow = createEncryptedRow(handler.crypto, name, ownerLabel, data, policy); handler.database.saveRow(encryptedRow); transaction.commit(); @@ -1199,7 +1191,6 @@ int CKMLogic::createKeyAESHelper( return CKM_API_SUCCESS; } - int CKMLogic::createKeyPairHelper( const Credentials &cred, const CryptoAlgorithmSerializable & keyGenParams, @@ -1240,10 +1231,11 @@ int CKMLogic::createKeyPairHelper( int retCode; retCode = checkSaveConditions(cred, handlerPriv, namePrivate, ownerLabelPrv); - if(retCode != CKM_API_SUCCESS) + if (CKM_API_SUCCESS != retCode) return retCode; - retCode = checkSaveConditions(cred, handlerPub, namePrivate, ownerLabelPub); - if(retCode != CKM_API_SUCCESS) + + retCode = checkSaveConditions(cred, handlerPub, namePublic, ownerLabelPub); + if (CKM_API_SUCCESS != retCode) return retCode; // save the data diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 472fea2..610fb7f 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -80,8 +80,7 @@ public: int commandId, const Name &name, const Label &label, - const RawBuffer &data, - DataType dataType, + const Crypto::Data &data, const PolicySerializable &policy); RawBuffer savePKCS12( @@ -196,8 +195,7 @@ public: const Credentials &cred, const Name &name, const Label &label, - const RawBuffer &data, - DataType dataType, + const Crypto::Data &data, const PolicySerializable &policy); int getKeyForService(const Credentials &cred, @@ -227,14 +225,11 @@ private: uid_t user, const Password &password); - int verifyBinaryData( - DataType dataType, - RawBuffer &input_data) const; + int verifyBinaryData(Crypto::Data &input_data) const; int toBinaryData( - DataType dataType, - const RawBuffer &input_data, - RawBuffer &output_data) const; + const Crypto::Data &input_data, + Crypto::Data &output_data) const; int checkSaveConditions( const Credentials &cred, @@ -246,8 +241,7 @@ private: const Credentials &cred, const Name &name, const Label &label, - DataType dataType, - const RawBuffer &data, + const Crypto::Data &data, const PolicySerializable &policy); int saveDataHelper( @@ -262,8 +256,7 @@ private: CryptoLogic &crypto, const Name &name, const Label &label, - DataType dataType, - const RawBuffer &data, + const Crypto::Data &data, const Policy &policy) const; int getPKCS12Helper( diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index a830cf8..c87a443 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -198,8 +198,7 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) msgID, name, label, - rawData, - DataType(tmpDataType), + Crypto::Data(DataType(tmpDataType), std::move(rawData)), policy); } case LogicCommand::SAVE_PKCS12: -- 2.7.4 From d3e24f2ecde5aa23aa7b2aed806725350f490629 Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Tue, 14 Jul 2015 11:31:28 +0200 Subject: [PATCH 10/16] Encrypted Initial Values: re-factoring the schema to support new requirements. New requirements are: support for encrypting data and certificate objects. This requires providing hybrid encryption: device key encrypts AES key, which is used to encrypt the values. Device key cannot directly encrypt values due to block size limitation of RSA OAEP algorithm. Change-Id: I61f52bad74d7cf2f6018a1e0e38cc852a932619e --- doc/example.xml | 142 ++++++++++++++++++++++++++ doc/example_device_key.xml | 4 +- doc/initial_values.xsd | 24 ++++- doc/sw_key.xsd | 2 +- packaging/key-manager.spec | 12 +++ tests/XML_3_encrypted.xml | 244 +++++++++++++++++++++++++++++++++++++++++++++ tests/XML_3_encrypted.xsd | 154 ++++++++++++++++++++++++++++ tests/XML_4_device_key.xml | 32 ++++++ tests/XML_4_device_key.xsd | 41 ++++++++ tests/test_xml-parser.cpp | 31 +++++- 10 files changed, 679 insertions(+), 7 deletions(-) create mode 100644 tests/XML_3_encrypted.xml create mode 100644 tests/XML_3_encrypted.xsd create mode 100644 tests/XML_4_device_key.xml create mode 100644 tests/XML_4_device_key.xsd diff --git a/doc/example.xml b/doc/example.xml index 7b07961..9c0917c 100644 --- a/doc/example.xml +++ b/doc/example.xml @@ -1,5 +1,18 @@ + + + QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp + UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s + CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj + bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss + Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC + ZVOanzc0euaenw1q9b+yEQ== + -----BEGIN PUBLIC KEY----- @@ -71,4 +84,133 @@ + + + + BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da + 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF + 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ + tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do + +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY + xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v + FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8 + vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r + 54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy + Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz + wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo + j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s + bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14 + + + + + + H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH + N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE + W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf + 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B + ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk + QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi + w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL + /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ + VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 + W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO + 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk + 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg + q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr + GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ + SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX + SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX + RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn + yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ + +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 + xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm + /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy + 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq + 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx + j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD + /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + + + + + zuBDjp8ptFthrU69Ua5cfg== + + + + + weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 + Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x + sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn + 6HYQe7ibU2oQJYr166ZI8WviLFsEVOWOgi+EFulVyn5vUHXjyCIlKi9xOfE7opMh + qeciELIFZCb6gFLmp//P2C8BRnkJ2bIdem+Z+l72W+jLmhdQx70y6toZS6YuK+TD + LGdD8AFH4rFlkFUcp1O/MQinS3w67dBj6/KniYUH5OurOJFTDt446LwctYujshTQ + IgPHT0uREoxQKbf+Sw5FGR2alXLntzeW/r7OG9oOLuXh0jOVM1z+hifxC87y20L+ + 0EHcCL7yB5q1ggs9sucLXKq3WrKz8nLXmeWB5zUi8LPRGM+avcNnlfB+OAXUAeB9 + Z1xeJwmva3eIG0GCu+pVD3O7dSHfCAZpZfvsqxkhOrZKBUJ5prg/0Qy3S326xYCk + z41oKF4KlGVTj46f7CxvC/4KLSLzhHdu1LGIKleaU+5ITSAUu8AUxRg4Jl9NjblW + 3ZOqV0Rd7jkheOg5WlSdyD9Ku2pIg9A8uWylUNMgyFIhep23S3/JVC0fUa3Sj3Gq + 7EqI3EPl5tAjXs23kndfz/9iHstsRpVlH1A9iilBRJlUKHsiN9H3/lGQ5BjU0lVr + v33X1BJhMc4f3F52AQMvCPLvTbpqqJwGKJ2A++ok9mZdxeR4ZapKWhiw+N2bbOWQ + I+Oil9f1KC2XKBB9QDK0bBQsOn39PaZkrIztD4pyhMduoohX1BP1KmLQ7RohLJc+ + aVg/OuYub3D1aw0F3r5TJGGbrxmrYA1p6i+JktwUnBYw8vaPM8Ucf5rw4LI/18PQ + fkdSc6J4z/ExxVvSOFMyZQiK+YDSVKtVw/3lZSzLyNx/pyZbX785rqn7zPfsT81k + mK8fwcrTW3KPf+cdrGzL3y/TIXCGwIX59fXsjhS9R8JT7eO1NcggEwT/jCIei1Lo + FawJolBSguIQxLZjpAQ8qfbghU6HvSJHcKq+ZDZ/sM4EGaPd1y33WBYp6ivEHFhu + TODFB2wa+vCmhQqybAXg5HCVUsimq3zru84/67uP0sbMz6mWMevR2nW+CUP1DV5C + XaPiJe223zD7wBh+M+FxIb1zufh21if0NxyJtt7vfZNRxUC1LQ8SpwCTRTqKoZ/m + KCDPm8EyL+xuVL1IYU3U5DYv6JEzpiyRoMIHQrZ1QPc4G8SwU4cyxqlyGHDMDUGk + 7uIC18lu1qVeVzz1B/E894q7aE00kkmBG5gtyoPeBUM68EYZy/xL9HtCgF8dUgsD + ryx2lZC/V5A/7nbHWiGffqaoNRP8VIQjgtxUQHHqKRP1E6VKpcTqr/D8oRm8nVuU + ZhvUkmNSZmV/pnM+s75/I0Z1hWu0atTa0Xo2B7bvzz0gIcGG+YhCzVZ/Lj/7BfDL + fqqrIoYW4XGrbkSYHiNPmHip5A9FNkZHhxzFKKlRHfrQUO95j7qhAZkpdxSen6Td + Ba1xqpykFJ5tFCl9nXioNEdxPfMaHgrGwPy4TILKh4hW6rlfvMB1ZxRxVDjcRoKf + EPwcFm78nSwtt+7Z5wII0XXG2pkD8PiabFTZGCn/7VtQiEM0mcwYvCJTt9dD2Tms + fbjannZ2L55xYPLquFVBZ/Xn6RxG45qArjJjAT9vOPg84XRtYbwVPvcMzzUpEHFU + TctcNVnus+1eXqPdJ/tpJLeoHl7KQY1AoQAfhGXwnnvyKOuX0niYcFMJMdSzwA11 + IDlb05CAunySC87Jy7I7dZ5riCYh3cWJ3t+rkARXzjKYkXqwfvkbjiGNMU5cds/w + IaCIgNiOi9FqvUYMWfiG9CdiVm6fcHvfZur2Vq3lCBlq6LhYi1rcXR+0Ghc0NFcT + HNuk8qdmBEUrjd3T4qLp0b7pniaF+7rqup0FU3eAW+X4gGkYA1YT8DY5XW0N702b + A2OJkwLi08GiemQjJgtyaA5VQblWEPlkTHpEBqsqb1JpcFWD+Sp1Yabzxr8bXp1h + GxizqXPyMOxJby5YscGm2UwepFW9BPxsrFSU1k7wTCq1Yu9tEFM1Qv9lMo1+Qhhs + BXK6uP/+TMJhREENxtBsq0faGC1f8qNJGc/W3SbUrbVmwaE3jMU+5hYRV7MpYAFD + +T6ka2BbNqMp/WlNjeX8Z4smtpKuwhLdcyVzCU0hm7E+3RBhSlVtacrqGt3i6Wo/ + 8wfNo7IsEYEDd2U6JP9AOZ1Gu5LMCiKpM5NBNCUiBNuUUkgVK8w2YxmF1WBYiXOk + KF4W0+iwUnl7iyDTv2StXT4CqGPApz5Zs1MUTsakH+T9dl/95hjy86TSStV6Hn9p + 788QZ3P7++ML5F1J9hj1Yo8NyZbecOr0EKTSigIWdcnJQ1t9stUQOsnsUqrKdvkd + RpQ30LMrtOGRa9qGYZHl5IjfvGJMRBzemI7i10AcKRM7ntfGUOP/lmDUofBfajPe + JyC1aoLhwr3G84eWf5ZlYc3HB+o4EU3EloHY3re3TnFUsbNlp2u9hMcsZttZ4FQY + Bg44RJnoshVCgiUztLNwFddpmY9IT/aX0I9FRd4076S0YiCemdksetKwC662y3kP + iGTIeHys/6RmxSePJw60LcQyfVst11J8o67z4d3C9qi6N91m+Vdwz+1qs7MM6uPw + SAoy1HPeUleshGydRzaKd01lIMPwNZhgi9Uvo6tVqBuOEkxPyX9HAbbaAhvNTnMC + Dcl/eQEqbIdwUAv2iscE62w4sEUngHYHibpo57kJ9pMVioI5yuPXCITojDtSjYwH + O92VlE+C49Df1beIyN8wTF5yllIBnEPwUZmN1pYFWUL4x3BI7HRbW6+e50dXx946 + k4iKFRknFCXtDnOzWBw4wUfZENilbEOxI2mVvnJtuj2lDgVLYnrnpoLmfjFUZ7l/ + d6ett+7qJuZ+dHSIPlj+BhfnRFhu4w9bt+J55qh/8qs93SWvFd3xQ3eRUlmKERwu + 3GYIdv4S4X4VHVxiS55AnclWBivpoHl+pEDRpDuOCy+siQ2Gz+rYHbC7Dy5By6uF + m/8WiVT+d5ea05B86fcyWj3hB/t/lkJiHDMdPzSyk6Zf9ghXRb5elvPZv3y9H7Yr + 2/inakeNW7uhzdNwtmIfZUwjo3nppScq5JRkMUnpnBPT3RPDwMPg7pInz/VSosTT + dmpwKFIFdHdQdUJDLqyJpduhR7wvDU+hHcaEo9u1jodMMOE2duBKyaYOoqz027yt + dKztGmYtqlTHuSVirDJ9osqIpA9EWPXgJ4222b1/FfoE+pOON59BRcsW4/E2i68v + tGDji+mdzLGBpKoz1gaWzal5wDcceUzU6Eeaa9nqyYI3zXoTpiKrzZ58hB13l6Xy + QVuY8jfU1av9BV5VdnyBeuJ/mQz2lms1LhFtRRF/0oS7LeeAxX9JUPchdMOiXcfo + KQNTRAxR/+CXh4YFH9aP/JQJM2c5YL7qppalhbavWVHlzOCc0bepiAQlKfq5VMox + ZZBjy/xZ7SVhGEYK+ycwd/gCB04E7H6gMzlP1xJLpi7hfW7iXJgW9AHPeIqJI4no + o1arl4uFQwS9Rw2o6Q6GK3uFf7TMdKOPmx0efHSi7yIC+WhUpS2MrG68/UsQZPkc + LigR1b1QEUmXVIh6szYJSlAuDdy9VKo3W1A6xdFUXmzxG9yOloZh9IsxOdLRfLOE + bJLgabgKes8mWaph3PHgNPFK8rjsX1iINu2/pTvP2YsZEXg8RHY2y2fXGp+SAx6x + XcW1kl+xITjKJOVxmafFKYDTc+yWdJsLdup6rznnQuqTKqcZaKDOoDDXQPlZW6n1 + ZvHHOIRez1UcLw9kmKOmVyiTGow1GWkuYk71dE1a+JylpIlp99uH1+Tt1eqNRQEC + myfG5NajUBNc+GA1FZCB1Lm3S2noMymg11NF6dZ1evLevD6JCKVQuojGIdx28zz6 + MX1Xb08aRm3zEX/oY2IPuFxvNbLmnJMtnFn+6/Kboe5pXAI5CChqyL0zSlx2z/hJ + /KZQkps7G4V/Mno59Qb2F5BE4as2uyhr0dGLAOlVRE9AabU5Ci0QbzDzZhvnOcg8 + HJeOY13+8zfxpDZrw3ZORuVR9/+xv1ItFlu++wb9BHtBxiWAu3hxQk7RE3AleAoB + avTuLW6BLgtjqDmJKF9sKpBBCMkqzYTQdcEw9FNInc0= + + diff --git a/doc/example_device_key.xml b/doc/example_device_key.xml index e191221..dbf6b85 100644 --- a/doc/example_device_key.xml +++ b/doc/example_device_key.xml @@ -1,7 +1,7 @@ - + MIIEpAIBAAKCAQEAyJjUHY2pJJUBRBCrlerrgcS7aBiWlY3594dufu3m4qy48b9hsw1R/AHSNUPU 11vzQ+kUcXkEZOby5SHRHBAXIJ1dLbTPtRwsVwgf1nmc/ZGGV/XOrOaKi7nSKgYHaglPgc9dLPuu osRHs/EdIWh3o59MdY6rA6y+QTJrQm3axRKdT7unX3kFS3SsId02GWBkLtrw+yQVtvhCYlY/n2/T @@ -23,6 +23,6 @@ MG+ueiqvxWRJCy1PHbPTWUmPQtsbUkOMqtJZLpzZjXO5pkkCgYA9uyQ8os9yfjALc1VDZ4HtGxaC Uq8zy0jJEJxchRn1JUNHop/skaRA65x613lWDygfNCuakozjP5x+GA5WEIuxIE8V7JPac1zpEZW4 5nwmxoR1l3HUDT8kRYkLzMIo55PpLG9arNLwH9mSRh/taG8020aGg3nFSNCJNDs12x/9RA== - + diff --git a/doc/initial_values.xsd b/doc/initial_values.xsd index c28c33c..9a836fa 100644 --- a/doc/initial_values.xsd +++ b/doc/initial_values.xsd @@ -4,6 +4,7 @@ + @@ -52,8 +53,8 @@ - + @@ -86,6 +87,9 @@ + + @@ -104,6 +108,12 @@ + + + + @@ -123,6 +133,16 @@ + + + + + + + + + + diff --git a/doc/sw_key.xsd b/doc/sw_key.xsd index d4434b4..27f3d7e 100644 --- a/doc/sw_key.xsd +++ b/doc/sw_key.xsd @@ -19,7 +19,7 @@ - + + + + QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp + UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s + CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj + bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss + Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC + ZVOanzc0euaenw1q9b+yEQ== + + + + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3 + +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui + tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB + x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 + QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8 + 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4 + m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA + +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp + f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4 + +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ + 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+ + 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ== + -----END PUBLIC KEY----- + + + + + + MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17 + jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA + 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 + QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S + GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp + xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ + TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf + VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji + wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi + BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1 + 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23 + 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8 + pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT + 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK + 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee + RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O + bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE + jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH + 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H + 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO + GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO + UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD + /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB + AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As + ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9 + TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ + ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e + v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu + xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp + 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8 + eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk + 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a + xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL + sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew + WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i + gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH + W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY + G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x + oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub + yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD + 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+ + Vx676FQrM4EzjSSqgA== + + + + + + MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw + EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD + VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy + MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ + MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN + BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1 + 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm + 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x + 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY + +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID + AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1 + PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ + 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy + 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU + wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7 + 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK + kOg11TpPdNDkhb1J4ZCh2gupDg== + + + + + My secret data + + + + + + MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE + + + + + + + + BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da + 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF + 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ + tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do + +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY + xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v + FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8 + vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r + 54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy + Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz + wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo + j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s + bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14 + + + + + + H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH + N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE + W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf + 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B + ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk + QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi + w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL + /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ + VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 + W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO + 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk + 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg + q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr + GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ + SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX + SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX + RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn + yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ + +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 + xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm + /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy + 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq + 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx + j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD + /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + + + + + zuBDjp8ptFthrU69Ua5cfg== + + + + + weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 + Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x + sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn + 6HYQe7ibU2oQJYr166ZI8WviLFsEVOWOgi+EFulVyn5vUHXjyCIlKi9xOfE7opMh + qeciELIFZCb6gFLmp//P2C8BRnkJ2bIdem+Z+l72W+jLmhdQx70y6toZS6YuK+TD + LGdD8AFH4rFlkFUcp1O/MQinS3w67dBj6/KniYUH5OurOJFTDt446LwctYujshTQ + IgPHT0uREoxQKbf+Sw5FGR2alXLntzeW/r7OG9oOLuXh0jOVM1z+hifxC87y20L+ + 0EHcCL7yB5q1ggs9sucLXKq3WrKz8nLXmeWB5zUi8LPRGM+avcNnlfB+OAXUAeB9 + Z1xeJwmva3eIG0GCu+pVD3O7dSHfCAZpZfvsqxkhOrZKBUJ5prg/0Qy3S326xYCk + z41oKF4KlGVTj46f7CxvC/4KLSLzhHdu1LGIKleaU+5ITSAUu8AUxRg4Jl9NjblW + 3ZOqV0Rd7jkheOg5WlSdyD9Ku2pIg9A8uWylUNMgyFIhep23S3/JVC0fUa3Sj3Gq + 7EqI3EPl5tAjXs23kndfz/9iHstsRpVlH1A9iilBRJlUKHsiN9H3/lGQ5BjU0lVr + v33X1BJhMc4f3F52AQMvCPLvTbpqqJwGKJ2A++ok9mZdxeR4ZapKWhiw+N2bbOWQ + I+Oil9f1KC2XKBB9QDK0bBQsOn39PaZkrIztD4pyhMduoohX1BP1KmLQ7RohLJc+ + aVg/OuYub3D1aw0F3r5TJGGbrxmrYA1p6i+JktwUnBYw8vaPM8Ucf5rw4LI/18PQ + fkdSc6J4z/ExxVvSOFMyZQiK+YDSVKtVw/3lZSzLyNx/pyZbX785rqn7zPfsT81k + mK8fwcrTW3KPf+cdrGzL3y/TIXCGwIX59fXsjhS9R8JT7eO1NcggEwT/jCIei1Lo + FawJolBSguIQxLZjpAQ8qfbghU6HvSJHcKq+ZDZ/sM4EGaPd1y33WBYp6ivEHFhu + TODFB2wa+vCmhQqybAXg5HCVUsimq3zru84/67uP0sbMz6mWMevR2nW+CUP1DV5C + XaPiJe223zD7wBh+M+FxIb1zufh21if0NxyJtt7vfZNRxUC1LQ8SpwCTRTqKoZ/m + KCDPm8EyL+xuVL1IYU3U5DYv6JEzpiyRoMIHQrZ1QPc4G8SwU4cyxqlyGHDMDUGk + 7uIC18lu1qVeVzz1B/E894q7aE00kkmBG5gtyoPeBUM68EYZy/xL9HtCgF8dUgsD + ryx2lZC/V5A/7nbHWiGffqaoNRP8VIQjgtxUQHHqKRP1E6VKpcTqr/D8oRm8nVuU + ZhvUkmNSZmV/pnM+s75/I0Z1hWu0atTa0Xo2B7bvzz0gIcGG+YhCzVZ/Lj/7BfDL + fqqrIoYW4XGrbkSYHiNPmHip5A9FNkZHhxzFKKlRHfrQUO95j7qhAZkpdxSen6Td + Ba1xqpykFJ5tFCl9nXioNEdxPfMaHgrGwPy4TILKh4hW6rlfvMB1ZxRxVDjcRoKf + EPwcFm78nSwtt+7Z5wII0XXG2pkD8PiabFTZGCn/7VtQiEM0mcwYvCJTt9dD2Tms + fbjannZ2L55xYPLquFVBZ/Xn6RxG45qArjJjAT9vOPg84XRtYbwVPvcMzzUpEHFU + TctcNVnus+1eXqPdJ/tpJLeoHl7KQY1AoQAfhGXwnnvyKOuX0niYcFMJMdSzwA11 + IDlb05CAunySC87Jy7I7dZ5riCYh3cWJ3t+rkARXzjKYkXqwfvkbjiGNMU5cds/w + IaCIgNiOi9FqvUYMWfiG9CdiVm6fcHvfZur2Vq3lCBlq6LhYi1rcXR+0Ghc0NFcT + HNuk8qdmBEUrjd3T4qLp0b7pniaF+7rqup0FU3eAW+X4gGkYA1YT8DY5XW0N702b + A2OJkwLi08GiemQjJgtyaA5VQblWEPlkTHpEBqsqb1JpcFWD+Sp1Yabzxr8bXp1h + GxizqXPyMOxJby5YscGm2UwepFW9BPxsrFSU1k7wTCq1Yu9tEFM1Qv9lMo1+Qhhs + BXK6uP/+TMJhREENxtBsq0faGC1f8qNJGc/W3SbUrbVmwaE3jMU+5hYRV7MpYAFD + +T6ka2BbNqMp/WlNjeX8Z4smtpKuwhLdcyVzCU0hm7E+3RBhSlVtacrqGt3i6Wo/ + 8wfNo7IsEYEDd2U6JP9AOZ1Gu5LMCiKpM5NBNCUiBNuUUkgVK8w2YxmF1WBYiXOk + KF4W0+iwUnl7iyDTv2StXT4CqGPApz5Zs1MUTsakH+T9dl/95hjy86TSStV6Hn9p + 788QZ3P7++ML5F1J9hj1Yo8NyZbecOr0EKTSigIWdcnJQ1t9stUQOsnsUqrKdvkd + RpQ30LMrtOGRa9qGYZHl5IjfvGJMRBzemI7i10AcKRM7ntfGUOP/lmDUofBfajPe + JyC1aoLhwr3G84eWf5ZlYc3HB+o4EU3EloHY3re3TnFUsbNlp2u9hMcsZttZ4FQY + Bg44RJnoshVCgiUztLNwFddpmY9IT/aX0I9FRd4076S0YiCemdksetKwC662y3kP + iGTIeHys/6RmxSePJw60LcQyfVst11J8o67z4d3C9qi6N91m+Vdwz+1qs7MM6uPw + SAoy1HPeUleshGydRzaKd01lIMPwNZhgi9Uvo6tVqBuOEkxPyX9HAbbaAhvNTnMC + Dcl/eQEqbIdwUAv2iscE62w4sEUngHYHibpo57kJ9pMVioI5yuPXCITojDtSjYwH + O92VlE+C49Df1beIyN8wTF5yllIBnEPwUZmN1pYFWUL4x3BI7HRbW6+e50dXx946 + k4iKFRknFCXtDnOzWBw4wUfZENilbEOxI2mVvnJtuj2lDgVLYnrnpoLmfjFUZ7l/ + d6ett+7qJuZ+dHSIPlj+BhfnRFhu4w9bt+J55qh/8qs93SWvFd3xQ3eRUlmKERwu + 3GYIdv4S4X4VHVxiS55AnclWBivpoHl+pEDRpDuOCy+siQ2Gz+rYHbC7Dy5By6uF + m/8WiVT+d5ea05B86fcyWj3hB/t/lkJiHDMdPzSyk6Zf9ghXRb5elvPZv3y9H7Yr + 2/inakeNW7uhzdNwtmIfZUwjo3nppScq5JRkMUnpnBPT3RPDwMPg7pInz/VSosTT + dmpwKFIFdHdQdUJDLqyJpduhR7wvDU+hHcaEo9u1jodMMOE2duBKyaYOoqz027yt + dKztGmYtqlTHuSVirDJ9osqIpA9EWPXgJ4222b1/FfoE+pOON59BRcsW4/E2i68v + tGDji+mdzLGBpKoz1gaWzal5wDcceUzU6Eeaa9nqyYI3zXoTpiKrzZ58hB13l6Xy + QVuY8jfU1av9BV5VdnyBeuJ/mQz2lms1LhFtRRF/0oS7LeeAxX9JUPchdMOiXcfo + KQNTRAxR/+CXh4YFH9aP/JQJM2c5YL7qppalhbavWVHlzOCc0bepiAQlKfq5VMox + ZZBjy/xZ7SVhGEYK+ycwd/gCB04E7H6gMzlP1xJLpi7hfW7iXJgW9AHPeIqJI4no + o1arl4uFQwS9Rw2o6Q6GK3uFf7TMdKOPmx0efHSi7yIC+WhUpS2MrG68/UsQZPkc + LigR1b1QEUmXVIh6szYJSlAuDdy9VKo3W1A6xdFUXmzxG9yOloZh9IsxOdLRfLOE + bJLgabgKes8mWaph3PHgNPFK8rjsX1iINu2/pTvP2YsZEXg8RHY2y2fXGp+SAx6x + XcW1kl+xITjKJOVxmafFKYDTc+yWdJsLdup6rznnQuqTKqcZaKDOoDDXQPlZW6n1 + ZvHHOIRez1UcLw9kmKOmVyiTGow1GWkuYk71dE1a+JylpIlp99uH1+Tt1eqNRQEC + myfG5NajUBNc+GA1FZCB1Lm3S2noMymg11NF6dZ1evLevD6JCKVQuojGIdx28zz6 + MX1Xb08aRm3zEX/oY2IPuFxvNbLmnJMtnFn+6/Kboe5pXAI5CChqyL0zSlx2z/hJ + /KZQkps7G4V/Mno59Qb2F5BE4as2uyhr0dGLAOlVRE9AabU5Ci0QbzDzZhvnOcg8 + HJeOY13+8zfxpDZrw3ZORuVR9/+xv1ItFlu++wb9BHtBxiWAu3hxQk7RE3AleAoB + avTuLW6BLgtjqDmJKF9sKpBBCMkqzYTQdcEw9FNInc0= + + + diff --git a/tests/XML_3_encrypted.xsd b/tests/XML_3_encrypted.xsd new file mode 100644 index 0000000..38b1d17 --- /dev/null +++ b/tests/XML_3_encrypted.xsd @@ -0,0 +1,154 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/XML_4_device_key.xml b/tests/XML_4_device_key.xml new file mode 100644 index 0000000..e90850f --- /dev/null +++ b/tests/XML_4_device_key.xml @@ -0,0 +1,32 @@ + + + + + MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll + 1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr + S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g + OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R + DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl + yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr + MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK + koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay + IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO + HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM + mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv + l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD + u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K + 4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m + Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP + IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ + hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM + 38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91 + 2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir + XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1 + ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI + n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/ + upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG + RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI + tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT + + + diff --git a/tests/XML_4_device_key.xsd b/tests/XML_4_device_key.xsd new file mode 100644 index 0000000..27f3d7e --- /dev/null +++ b/tests/XML_4_device_key.xsd @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/test_xml-parser.cpp b/tests/test_xml-parser.cpp index 8782ae8..b12cbd6 100644 --- a/tests/test_xml-parser.cpp +++ b/tests/test_xml-parser.cpp @@ -34,7 +34,10 @@ const char *XSD_1_okay = "XML_1_okay.xsd"; const char *XML_1_wrong = "XML_1_wrong.xml"; const char *XSD_1_wrong = "XML_1_wrong.xsd"; const char *XML_2_structure = "XML_2_structure.xml"; -const char *XML_3_structure = "XML_3_structure.xml"; +const char *XML_3_encrypted = "XML_3_encrypted.xml"; +const char *XSD_3_encrypted = "XML_3_encrypted.xsd"; +const char *XML_4_device_key = "XML_4_device_key.xml"; +const char *XSD_4_device_key = "XML_4_device_key.xsd"; std::string format_test_path(const char *file) { @@ -117,7 +120,6 @@ BOOST_AUTO_TEST_CASE(XmlParserTest_XML1_correct_parse) BOOST_REQUIRE(endCallbackFlag == true); } - class StructureTest { public: @@ -289,4 +291,29 @@ BOOST_AUTO_TEST_CASE(XmlParserTest_XML2_structure) "got sum: " << parser.getSum() << " while expected: " << parser.getExpectedSum()); } +BOOST_AUTO_TEST_CASE(XmlParserTest_XML3_encrypted_correct_parse) +{ + XML::Parser parser(format_test_path(XML_3_encrypted).c_str()); + BOOST_REQUIRE(0 == parser.Validate(format_test_path(XSD_3_encrypted).c_str())); + + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.RegisterElementCb("Key", dummyStartCallback, NULL)); + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.RegisterElementCb("Cert", NULL, dummyEndCallback)); + startCallbackFlag = false; + endCallbackFlag = false; + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.Parse()); + BOOST_REQUIRE(startCallbackFlag == true); + BOOST_REQUIRE(endCallbackFlag == true); +} + +BOOST_AUTO_TEST_CASE(XmlParserTest_XML4_device_key_correct_parse) +{ + XML::Parser parser(format_test_path(XML_4_device_key).c_str()); + BOOST_REQUIRE(0 == parser.Validate(format_test_path(XSD_4_device_key).c_str())); + + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.RegisterElementCb("RSAPrivateKey", dummyStartCallback, NULL)); + startCallbackFlag = false; + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.Parse()); + BOOST_REQUIRE(startCallbackFlag == true); +} + BOOST_AUTO_TEST_SUITE_END() -- 2.7.4 From d4505025de280c090bb54264da5597e311d94af3 Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Mon, 20 Jul 2015 11:31:29 +0200 Subject: [PATCH 11/16] Encrypted Initial Values: parsing key values. Change-Id: Iecebe5cba1ce716e43fff09ddc442a57dcfdf976 --- src/CMakeLists.txt | 1 + src/manager/crypto/sw-backend/store.cpp | 41 ++++++- src/manager/crypto/sw-backend/store.h | 3 + src/manager/initial-values/InitialValuesFile.cpp | 35 +++++- src/manager/initial-values/InitialValuesFile.h | 24 ++++ src/manager/initial-values/SWKeyFile.cpp | 146 +++++++++++++++++++++++ src/manager/initial-values/SWKeyFile.h | 98 +++++++++++++++ src/manager/initial-values/xml-utils.cpp | 54 ++++++--- src/manager/initial-values/xml-utils.h | 2 + tools/ckm_db_tool/CMakeLists.txt | 1 + 10 files changed, 386 insertions(+), 19 deletions(-) create mode 100644 src/manager/initial-values/SWKeyFile.cpp create mode 100644 src/manager/initial-values/SWKeyFile.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index fa31106..ceb976e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -61,6 +61,7 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/initial-values/InitialValueHandler.cpp ${KEY_MANAGER_PATH}/initial-values/InitialValuesFile.cpp ${KEY_MANAGER_PATH}/initial-values/NoCharactersHandler.cpp + ${KEY_MANAGER_PATH}/initial-values/SWKeyFile.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp ${KEY_MANAGER_PATH}/initial-values/initial-value-loader.cpp ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index e1ca362..d59cea1 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -27,6 +27,8 @@ #include #include #include +#include +#include #include @@ -142,9 +144,31 @@ RawBuffer pack(const RawBuffer& data, const Password& pass) } // namespace anonymous +namespace +{ +const char * const DEVICE_KEY_XSD = "/usr/share/ckm/sw_key.xsd"; +const char * const DEVICE_KEY_SW_FILE = "/opt/data/ckm/device_key.xml"; +} + Store::Store(CryptoBackend backendId) : GStore(backendId) { + // get the device key if present + InitialValues::SWKeyFile keyFile(DEVICE_KEY_SW_FILE); + int rc = keyFile.Validate(DEVICE_KEY_XSD); + if(rc == XML::Parser::PARSE_SUCCESS) + { + rc = keyFile.Parse(); + if(rc == XML::Parser::PARSE_SUCCESS) + m_deviceKey = keyFile.getPrivKey(); + else + { + // do nothing, bypass encrypted elements + LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", parsing code: " << rc); + } + } + else + LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", validation code: " << rc); } GObjUPtr Store::getObject(const Token &token, const Password &pass) { @@ -194,8 +218,21 @@ Token Store::import(const Data &data, const Password &pass) { return Token(m_backendId, data.type, pack(data.data, pass)); } -Token Store::importEncrypted(const Data &, const Password &, const DataEncryption &) { - ThrowErr(Exc::Crypto::OperationNotSupported, "Importing encrypted data not yet implemented!"); +Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc) { + if(!m_deviceKey) + ThrowErr(Exc::Crypto::InternalError, "No device key present"); + + // decrypt the AES key using device key + CryptoAlgorithm algorithmRSAOAEP; + algorithmRSAOAEP.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP); + Crypto::SW::SKey aesKey(m_deviceKey->decrypt(algorithmRSAOAEP, enc.encryptedKey), DataType::KEY_AES); + + // decrypt the buffer using AES key + CryptoAlgorithm algorithmAESCBC; + algorithmAESCBC.setParam(ParamName::ALGO_TYPE, AlgoType::AES_CBC); + algorithmAESCBC.setParam(ParamName::ED_IV, enc.iv); + RawBuffer rawData = aesKey.decrypt(algorithmAESCBC, data.data); + return Token(m_backendId, data.type, pack(rawData, pass)); } } // namespace SW diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h index 03d69ff..860e393 100644 --- a/src/manager/crypto/sw-backend/store.h +++ b/src/manager/crypto/sw-backend/store.h @@ -37,6 +37,9 @@ public: virtual Token import(const Data &data, const Password &); virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &); virtual void destroy(const Token &){} + +private: + Crypto::GObjShPtr m_deviceKey; }; } // namespace SW diff --git a/src/manager/initial-values/InitialValuesFile.cpp b/src/manager/initial-values/InitialValuesFile.cpp index bc5fbec..166f158 100644 --- a/src/manager/initial-values/InitialValuesFile.cpp +++ b/src/manager/initial-values/InitialValuesFile.cpp @@ -29,11 +29,13 @@ #include #include #include +#include #include namespace { const int XML_CURRENT_VERSION = 1; const char * const XML_TAG_INITIAL_VALUES = "InitialValues"; +const char * const XML_TAG_ENCRYPTION_KEY = "EncryptionKey"; const char * const XML_TAG_KEY = "Key"; const char * const XML_TAG_DATA = "Data"; const char * const XML_TAG_CERT = "Cert"; @@ -48,9 +50,11 @@ const char * const XML_ATTR_VERSION = "version"; namespace CKM { namespace InitialValues { -InitialValuesFile::InitialValuesFile(const std::string &XML_filename, CKMLogic & db_logic) +InitialValuesFile::InitialValuesFile(const std::string &XML_filename, + CKMLogic & db_logic) : m_parser(XML_filename), m_db_logic(db_logic), - m_header(std::make_shared(*this)) + m_header(std::make_shared(*this)), + m_encryptionKeyHandler(std::make_shared(*this)) { m_parser.RegisterErrorCb(InitialValuesFile::Error); m_parser.RegisterElementCb(XML_TAG_INITIAL_VALUES, @@ -59,6 +63,15 @@ InitialValuesFile::InitialValuesFile(const std::string &XML_filename, CKMLogic & return m_header; }, [this](const XML::Parser::ElementHandlerPtr &) {}); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTION_KEY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return m_encryptionKeyHandler; + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + m_encryptedAESkey = m_encryptionKeyHandler->getEncryptedKey(); + }); } void InitialValuesFile::registerElementListeners() @@ -226,6 +239,24 @@ void InitialValuesFile::ReleasePermissionHandler() } +InitialValuesFile::EncryptionKeyHandler::EncryptionKeyHandler(InitialValuesFile & parent) : m_parent(parent) {} +void InitialValuesFile::EncryptionKeyHandler::Characters(const std::string &data) { + m_encryptedKey.reserve(m_encryptedKey.size() + data.size()); + m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end()); +}; +void InitialValuesFile::EncryptionKeyHandler::End() { + std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end())); + Base64Decoder base64; + base64.reset(); + base64.append(RawBuffer(trimmed.begin(), trimmed.end())); + base64.finalize(); + m_encryptedKey = base64.get(); +}; + +CKM::RawBuffer InitialValuesFile::EncryptionKeyHandler::getEncryptedKey() const { + return m_encryptedKey; +} + InitialValuesFile::HeaderHandler::HeaderHandler(InitialValuesFile & parent) : m_version(-1), m_parent(parent) {} void InitialValuesFile::HeaderHandler::Start(const XML::Parser::Attributes & attr) diff --git a/src/manager/initial-values/InitialValuesFile.h b/src/manager/initial-values/InitialValuesFile.h index 8226822..1572e2f 100644 --- a/src/manager/initial-values/InitialValuesFile.h +++ b/src/manager/initial-values/InitialValuesFile.h @@ -26,10 +26,16 @@ #include #include #include +#include +#include +#include +#include +#include namespace CKM { namespace InitialValues { + class InitialValuesFile { public: @@ -74,8 +80,26 @@ private: int m_version; InitialValuesFile & m_parent; }; + + class EncryptionKeyHandler : public XML::Parser::ElementHandler + { + public: + explicit EncryptionKeyHandler(InitialValuesFile & parent); + virtual void Start(const XML::Parser::Attributes &) {}; + virtual void Characters(const std::string &data); + virtual void End(); + + CKM::RawBuffer getEncryptedKey() const; + private: + CKM::RawBuffer m_encryptedKey; + InitialValuesFile & m_parent; + }; + typedef std::shared_ptr HeaderHandlerPtr; + typedef std::shared_ptr EncryptionKeyHandlerPtr; HeaderHandlerPtr m_header; + EncryptionKeyHandlerPtr m_encryptionKeyHandler; + CKM::RawBuffer m_encryptedAESkey; void registerElementListeners(); static void Error(const XML::Parser::ErrorType errorType, diff --git a/src/manager/initial-values/SWKeyFile.cpp b/src/manager/initial-values/SWKeyFile.cpp new file mode 100644 index 0000000..f614185 --- /dev/null +++ b/src/manager/initial-values/SWKeyFile.cpp @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file SWKeyFile.cpp + * @author Maciej Karpiuk (m.karpiuk2@samsung.com) + * @version 1.0 + * @brief SWKeyFile class implementation. + */ + +#include +#include +#include +#include +#include +#include + +namespace { +const int XML_SW_KEY_CURRENT_VERSION = 1; +const char * const XML_TAG_DEVICE_KEY = "DeviceKey"; +const char * const XML_TAG_RSA_KEY = "RSAPrivateKey"; +const char * const XML_TAG_PEM = "PEM"; +const char * const XML_TAG_DER = "DERBase64"; +const char * const XML_TAG_BASE64 = "Base64"; +const char * const XML_ATTR_VERSION = "version"; +} + +namespace CKM { +namespace InitialValues { + +SWKeyFile::SWKeyFile(const std::string &XML_filename) + : m_parser(XML_filename), + m_header(std::make_shared(*this)), + m_RSAKeyHandler(std::make_shared(*this)) +{ + m_parser.RegisterErrorCb(SWKeyFile::Error); + m_parser.RegisterElementCb(XML_TAG_DEVICE_KEY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return m_header; + }, + [this](const XML::Parser::ElementHandlerPtr &) {}); +} + +void SWKeyFile::registerElementListeners() +{ + m_parser.RegisterElementCb(XML_TAG_RSA_KEY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return m_RSAKeyHandler; + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + m_deviceKey = m_RSAKeyHandler->getPrivKey(); + }); +} + +void SWKeyFile::Error(const XML::Parser::ErrorType errorType, + const std::string & log_msg) +{ + switch(errorType) + { + case XML::Parser::VALIDATION_ERROR: + LogWarning("validating error: " << log_msg); + break; + case XML::Parser::PARSE_WARNING: + LogWarning("parsing warning: " << log_msg); + break; + case XML::Parser::PARSE_ERROR: + LogWarning("parsing error: " << log_msg); + break; + } +} + +int SWKeyFile::Validate(const std::string &XSD_file) +{ + return m_parser.Validate(XSD_file); +} + +int SWKeyFile::Parse() +{ + int ec = m_parser.Parse(); + if(!m_header || !m_header->isCorrectVersion()) { + LogError("bypassing XML file: " << m_filename << " - wrong file version!"); + ec = XML::Parser::ERROR_INVALID_VERSION; + } + return ec; +} + + + +SWKeyFile::RSAKeyHandler::RSAKeyHandler(SWKeyFile & parent) + : m_parent(parent) +{} + +void SWKeyFile::RSAKeyHandler::Characters(const std::string &data) { + //m_encryptedKey.reserve(m_encryptedKey.size() + data.size()); + //m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end()); + std::copy(data.begin(), data.end(), std::back_inserter(m_encryptedKey)); +} + +void SWKeyFile::RSAKeyHandler::End() { +// std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end())); + + Base64Decoder base64; + base64.reset(); + base64.append(XML::removeWhiteChars(m_encryptedKey)); + base64.finalize(); + m_encryptedKey = base64.get(); +}; + +Crypto::GObjShPtr SWKeyFile::RSAKeyHandler::getPrivKey() { + return std::make_shared(m_encryptedKey, DataType::KEY_RSA_PRIVATE); +} + +SWKeyFile::HeaderHandler::HeaderHandler(SWKeyFile & parent) + : m_version(-1), m_parent(parent) {} +void SWKeyFile::HeaderHandler::Start(const XML::Parser::Attributes & attr) +{ + // get key type + if(attr.find(XML_ATTR_VERSION) != attr.end()) + { + m_version = atoi(attr.at(XML_ATTR_VERSION).c_str()); + + if(isCorrectVersion()) + m_parent.registerElementListeners(); + } +} +bool SWKeyFile::HeaderHandler::isCorrectVersion() const { + return m_version == XML_SW_KEY_CURRENT_VERSION; +} + +} +} diff --git a/src/manager/initial-values/SWKeyFile.h b/src/manager/initial-values/SWKeyFile.h new file mode 100644 index 0000000..887c0a9 --- /dev/null +++ b/src/manager/initial-values/SWKeyFile.h @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file SWKeyFile.h + * @author Maciej Karpiuk (m.karpiuk2@samsung.com) + * @version 1.0 + * @brief SWKeyFile class. + */ + +#ifndef SWKEYFILE_H_ +#define SWKEYFILE_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +namespace CKM { +namespace InitialValues { + + +class SWKeyFile +{ +public: + explicit SWKeyFile(const std::string &XML_filename); + + int Validate(const std::string &XSD_file); + int Parse(); + + Crypto::GObjShPtr getPrivKey() { + return m_deviceKey; + } + +private: + class HeaderHandler : public XML::Parser::ElementHandler + { + public: + explicit HeaderHandler(SWKeyFile & parent); + virtual void Start(const XML::Parser::Attributes & attr); + virtual void Characters(const std::string &) {}; + virtual void End() {}; + + bool isCorrectVersion() const; + + private: + int m_version; + SWKeyFile & m_parent; + }; + + class RSAKeyHandler : public XML::Parser::ElementHandler + { + public: + explicit RSAKeyHandler(SWKeyFile & parent); + virtual void Start(const XML::Parser::Attributes &) {}; + virtual void Characters(const std::string &data); + virtual void End(); + + Crypto::GObjShPtr getPrivKey(); + private: + CKM::RawBuffer m_encryptedKey; + SWKeyFile & m_parent; + }; + + std::string m_filename; + XML::Parser m_parser; + typedef std::shared_ptr HeaderHandlerPtr; + typedef std::shared_ptr RSAKeyHandlerPtr; + HeaderHandlerPtr m_header; + RSAKeyHandlerPtr m_RSAKeyHandler; + Crypto::GObjShPtr m_deviceKey; + + void registerElementListeners(); + static void Error(const XML::Parser::ErrorType errorType, + const std::string & logMsg); + +}; + +} +} +#endif /* SWKEYFILE_H_ */ diff --git a/src/manager/initial-values/xml-utils.cpp b/src/manager/initial-values/xml-utils.cpp index 8b1abdb..0553c01 100644 --- a/src/manager/initial-values/xml-utils.cpp +++ b/src/manager/initial-values/xml-utils.cpp @@ -28,7 +28,7 @@ namespace { const char * const WHITESPACE = " \n\r\t\v"; -const char * const LINE_WHITESPACE = " \t"; +const char * const LINE_WHITESPACE = " \r\t\v"; std::string trim_left(const std::string& s, const char *whitespaces) { @@ -46,27 +46,51 @@ std::string trim(const std::string& s, const char *whitespaces) { return trim_right(trim_left(s, whitespaces), whitespaces); } + } namespace CKM { namespace XML { -std::string trim(const std::string& s) + +template +T removeChars(const T& input, const char *what) { - return ::trim(s, WHITESPACE); + T out(input); + auto endit = std::remove_if(out.begin(), out.end(), + [what](char c) + { + for (const char *ptr = what; *ptr; ++ptr) + if (*ptr == c) + return true; + return false; + }); + + out.erase(endit, out.end()); + return out; } -std::string trimEachLine(const std::string& s) -{ - std::istringstream stream(s); - size_t line_cnt = 0; - std::string line, output; - while(std::getline(stream, line)) { - if(line_cnt>0) - output += "\n"; - output += ::trim(line, LINE_WHITESPACE); - line_cnt ++; - } - return output; +RawBuffer removeWhiteChars(const RawBuffer &buffer) { + return removeChars(buffer, WHITESPACE); } + +std::string trimEachLine(const std::string& input) { + std::stringstream ss(input); + std::stringstream output; + std::string line; + + while(std::getline(ss, line, '\n')) { + auto afterTrim = ::trim(line, LINE_WHITESPACE); + if (!afterTrim.empty()) + output << afterTrim << std::endl; + } + + return output.str(); } + +std::string trim(const std::string &s) { + return removeChars(s, WHITESPACE); } + +} // namespace XML +} // namespace CKM + diff --git a/src/manager/initial-values/xml-utils.h b/src/manager/initial-values/xml-utils.h index c385598..8ef94fd 100644 --- a/src/manager/initial-values/xml-utils.h +++ b/src/manager/initial-values/xml-utils.h @@ -24,10 +24,12 @@ #define XML_UTILS_H_ #include +#include namespace CKM { namespace XML { +RawBuffer removeWhiteChars(const RawBuffer &buffer); std::string trim(const std::string& s); std::string trimEachLine(const std::string &s); diff --git a/tools/ckm_db_tool/CMakeLists.txt b/tools/ckm_db_tool/CMakeLists.txt index c040cad..9513b80 100644 --- a/tools/ckm_db_tool/CMakeLists.txt +++ b/tools/ckm_db_tool/CMakeLists.txt @@ -33,6 +33,7 @@ SET(CKM_DB_TOOL_SOURCES ${PROJECT_SOURCE_DIR}/tools/ckm_db_tool/ckm_db_tool.cpp ${PROJECT_SOURCE_DIR}/tools/ckm_db_tool/db-crypto-ext.cpp ${PROJECT_SOURCE_DIR}/tools/ckm_db_tool/ckm-logic-ext.cpp + ${KEY_MANAGER_PATH}/initial-values/SWKeyFile.cpp ${KEY_MANAGER_PATH}/main/cynara.cpp ${KEY_MANAGER_PATH}/main/generic-socket-manager.cpp -- 2.7.4 From 96a0c8de39f676bdd88c23ac7aef6b82a02d7c3f Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Tue, 21 Jul 2015 14:53:27 +0200 Subject: [PATCH 12/16] Encrypted Initial Values: decrypting items from XML files. Change-Id: I08d53475401407c76d8aafbefc0b4d2f4fd82204 --- doc/example.xml | 236 +++++++++++++-------- src/manager/crypto/generic-backend/gstore.h | 5 + src/manager/crypto/platform/decider.cpp | 10 +- src/manager/crypto/platform/decider.h | 2 +- src/manager/initial-values/BufferHandler.cpp | 18 +- src/manager/initial-values/BufferHandler.h | 14 +- src/manager/initial-values/CertHandler.h | 3 +- src/manager/initial-values/DataHandler.h | 3 +- src/manager/initial-values/EncodingType.h | 4 +- src/manager/initial-values/InitialValueHandler.cpp | 61 +++--- src/manager/initial-values/InitialValueHandler.h | 5 +- src/manager/initial-values/InitialValuesFile.cpp | 45 +++- src/manager/initial-values/InitialValuesFile.h | 12 +- src/manager/initial-values/KeyHandler.h | 4 +- src/manager/service/ckm-logic.cpp | 32 +++ src/manager/service/ckm-logic.h | 27 ++- tests/XML_3_encrypted.xml | 52 ++--- 17 files changed, 349 insertions(+), 184 deletions(-) diff --git a/doc/example.xml b/doc/example.xml index 9c0917c..2be09cf 100644 --- a/doc/example.xml +++ b/doc/example.xml @@ -79,7 +79,7 @@ - MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE + QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY= @@ -110,31 +110,24 @@ - H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH - N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE - W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf - 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B - ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk - QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi - w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL - /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ - VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 - W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO - 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk - 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg - q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr - GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ - SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX - SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX - RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn - yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ - +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 - xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm - /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy - 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq - 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx - j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD - /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw + /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv + l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7 + XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2 + /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d + osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU + 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf + TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e + ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL + oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG + ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ + tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos + kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC + DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo + LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO + XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi + 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk + a+r+N4lsYPKJbX2ywUvDHg== @@ -144,73 +137,130 @@ - weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 - Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x - sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn - 6HYQe7ibU2oQJYr166ZI8WviLFsEVOWOgi+EFulVyn5vUHXjyCIlKi9xOfE7opMh - qeciELIFZCb6gFLmp//P2C8BRnkJ2bIdem+Z+l72W+jLmhdQx70y6toZS6YuK+TD - LGdD8AFH4rFlkFUcp1O/MQinS3w67dBj6/KniYUH5OurOJFTDt446LwctYujshTQ - IgPHT0uREoxQKbf+Sw5FGR2alXLntzeW/r7OG9oOLuXh0jOVM1z+hifxC87y20L+ - 0EHcCL7yB5q1ggs9sucLXKq3WrKz8nLXmeWB5zUi8LPRGM+avcNnlfB+OAXUAeB9 - Z1xeJwmva3eIG0GCu+pVD3O7dSHfCAZpZfvsqxkhOrZKBUJ5prg/0Qy3S326xYCk - z41oKF4KlGVTj46f7CxvC/4KLSLzhHdu1LGIKleaU+5ITSAUu8AUxRg4Jl9NjblW - 3ZOqV0Rd7jkheOg5WlSdyD9Ku2pIg9A8uWylUNMgyFIhep23S3/JVC0fUa3Sj3Gq - 7EqI3EPl5tAjXs23kndfz/9iHstsRpVlH1A9iilBRJlUKHsiN9H3/lGQ5BjU0lVr - v33X1BJhMc4f3F52AQMvCPLvTbpqqJwGKJ2A++ok9mZdxeR4ZapKWhiw+N2bbOWQ - I+Oil9f1KC2XKBB9QDK0bBQsOn39PaZkrIztD4pyhMduoohX1BP1KmLQ7RohLJc+ - aVg/OuYub3D1aw0F3r5TJGGbrxmrYA1p6i+JktwUnBYw8vaPM8Ucf5rw4LI/18PQ - fkdSc6J4z/ExxVvSOFMyZQiK+YDSVKtVw/3lZSzLyNx/pyZbX785rqn7zPfsT81k - mK8fwcrTW3KPf+cdrGzL3y/TIXCGwIX59fXsjhS9R8JT7eO1NcggEwT/jCIei1Lo - FawJolBSguIQxLZjpAQ8qfbghU6HvSJHcKq+ZDZ/sM4EGaPd1y33WBYp6ivEHFhu - TODFB2wa+vCmhQqybAXg5HCVUsimq3zru84/67uP0sbMz6mWMevR2nW+CUP1DV5C - XaPiJe223zD7wBh+M+FxIb1zufh21if0NxyJtt7vfZNRxUC1LQ8SpwCTRTqKoZ/m - KCDPm8EyL+xuVL1IYU3U5DYv6JEzpiyRoMIHQrZ1QPc4G8SwU4cyxqlyGHDMDUGk - 7uIC18lu1qVeVzz1B/E894q7aE00kkmBG5gtyoPeBUM68EYZy/xL9HtCgF8dUgsD - ryx2lZC/V5A/7nbHWiGffqaoNRP8VIQjgtxUQHHqKRP1E6VKpcTqr/D8oRm8nVuU - ZhvUkmNSZmV/pnM+s75/I0Z1hWu0atTa0Xo2B7bvzz0gIcGG+YhCzVZ/Lj/7BfDL - fqqrIoYW4XGrbkSYHiNPmHip5A9FNkZHhxzFKKlRHfrQUO95j7qhAZkpdxSen6Td - Ba1xqpykFJ5tFCl9nXioNEdxPfMaHgrGwPy4TILKh4hW6rlfvMB1ZxRxVDjcRoKf - EPwcFm78nSwtt+7Z5wII0XXG2pkD8PiabFTZGCn/7VtQiEM0mcwYvCJTt9dD2Tms - fbjannZ2L55xYPLquFVBZ/Xn6RxG45qArjJjAT9vOPg84XRtYbwVPvcMzzUpEHFU - TctcNVnus+1eXqPdJ/tpJLeoHl7KQY1AoQAfhGXwnnvyKOuX0niYcFMJMdSzwA11 - IDlb05CAunySC87Jy7I7dZ5riCYh3cWJ3t+rkARXzjKYkXqwfvkbjiGNMU5cds/w - IaCIgNiOi9FqvUYMWfiG9CdiVm6fcHvfZur2Vq3lCBlq6LhYi1rcXR+0Ghc0NFcT - HNuk8qdmBEUrjd3T4qLp0b7pniaF+7rqup0FU3eAW+X4gGkYA1YT8DY5XW0N702b - A2OJkwLi08GiemQjJgtyaA5VQblWEPlkTHpEBqsqb1JpcFWD+Sp1Yabzxr8bXp1h - GxizqXPyMOxJby5YscGm2UwepFW9BPxsrFSU1k7wTCq1Yu9tEFM1Qv9lMo1+Qhhs - BXK6uP/+TMJhREENxtBsq0faGC1f8qNJGc/W3SbUrbVmwaE3jMU+5hYRV7MpYAFD - +T6ka2BbNqMp/WlNjeX8Z4smtpKuwhLdcyVzCU0hm7E+3RBhSlVtacrqGt3i6Wo/ - 8wfNo7IsEYEDd2U6JP9AOZ1Gu5LMCiKpM5NBNCUiBNuUUkgVK8w2YxmF1WBYiXOk - KF4W0+iwUnl7iyDTv2StXT4CqGPApz5Zs1MUTsakH+T9dl/95hjy86TSStV6Hn9p - 788QZ3P7++ML5F1J9hj1Yo8NyZbecOr0EKTSigIWdcnJQ1t9stUQOsnsUqrKdvkd - RpQ30LMrtOGRa9qGYZHl5IjfvGJMRBzemI7i10AcKRM7ntfGUOP/lmDUofBfajPe - JyC1aoLhwr3G84eWf5ZlYc3HB+o4EU3EloHY3re3TnFUsbNlp2u9hMcsZttZ4FQY - Bg44RJnoshVCgiUztLNwFddpmY9IT/aX0I9FRd4076S0YiCemdksetKwC662y3kP - iGTIeHys/6RmxSePJw60LcQyfVst11J8o67z4d3C9qi6N91m+Vdwz+1qs7MM6uPw - SAoy1HPeUleshGydRzaKd01lIMPwNZhgi9Uvo6tVqBuOEkxPyX9HAbbaAhvNTnMC - Dcl/eQEqbIdwUAv2iscE62w4sEUngHYHibpo57kJ9pMVioI5yuPXCITojDtSjYwH - O92VlE+C49Df1beIyN8wTF5yllIBnEPwUZmN1pYFWUL4x3BI7HRbW6+e50dXx946 - k4iKFRknFCXtDnOzWBw4wUfZENilbEOxI2mVvnJtuj2lDgVLYnrnpoLmfjFUZ7l/ - d6ett+7qJuZ+dHSIPlj+BhfnRFhu4w9bt+J55qh/8qs93SWvFd3xQ3eRUlmKERwu - 3GYIdv4S4X4VHVxiS55AnclWBivpoHl+pEDRpDuOCy+siQ2Gz+rYHbC7Dy5By6uF - m/8WiVT+d5ea05B86fcyWj3hB/t/lkJiHDMdPzSyk6Zf9ghXRb5elvPZv3y9H7Yr - 2/inakeNW7uhzdNwtmIfZUwjo3nppScq5JRkMUnpnBPT3RPDwMPg7pInz/VSosTT - dmpwKFIFdHdQdUJDLqyJpduhR7wvDU+hHcaEo9u1jodMMOE2duBKyaYOoqz027yt - dKztGmYtqlTHuSVirDJ9osqIpA9EWPXgJ4222b1/FfoE+pOON59BRcsW4/E2i68v - tGDji+mdzLGBpKoz1gaWzal5wDcceUzU6Eeaa9nqyYI3zXoTpiKrzZ58hB13l6Xy - QVuY8jfU1av9BV5VdnyBeuJ/mQz2lms1LhFtRRF/0oS7LeeAxX9JUPchdMOiXcfo - KQNTRAxR/+CXh4YFH9aP/JQJM2c5YL7qppalhbavWVHlzOCc0bepiAQlKfq5VMox - ZZBjy/xZ7SVhGEYK+ycwd/gCB04E7H6gMzlP1xJLpi7hfW7iXJgW9AHPeIqJI4no - o1arl4uFQwS9Rw2o6Q6GK3uFf7TMdKOPmx0efHSi7yIC+WhUpS2MrG68/UsQZPkc - LigR1b1QEUmXVIh6szYJSlAuDdy9VKo3W1A6xdFUXmzxG9yOloZh9IsxOdLRfLOE - bJLgabgKes8mWaph3PHgNPFK8rjsX1iINu2/pTvP2YsZEXg8RHY2y2fXGp+SAx6x - XcW1kl+xITjKJOVxmafFKYDTc+yWdJsLdup6rznnQuqTKqcZaKDOoDDXQPlZW6n1 - ZvHHOIRez1UcLw9kmKOmVyiTGow1GWkuYk71dE1a+JylpIlp99uH1+Tt1eqNRQEC - myfG5NajUBNc+GA1FZCB1Lm3S2noMymg11NF6dZ1evLevD6JCKVQuojGIdx28zz6 - MX1Xb08aRm3zEX/oY2IPuFxvNbLmnJMtnFn+6/Kboe5pXAI5CChqyL0zSlx2z/hJ - /KZQkps7G4V/Mno59Qb2F5BE4as2uyhr0dGLAOlVRE9AabU5Ci0QbzDzZhvnOcg8 - HJeOY13+8zfxpDZrw3ZORuVR9/+xv1ItFlu++wb9BHtBxiWAu3hxQk7RE3AleAoB - avTuLW6BLgtjqDmJKF9sKpBBCMkqzYTQdcEw9FNInc0= + weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC + Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF + oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf + kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk + KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy + iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8 + gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju + yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC + Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps + ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod + v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW + NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti + udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0 + FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx + IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h + ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx + asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0 + +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA + Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI + Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK + XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT + gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg + g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8 + DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4 + T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q + MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0 + CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz + traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c + q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP + ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n + Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t + gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3 + 7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW + YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx + pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys + nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9 + pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI + 2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY + hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp + VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka + lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP + 2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32 + LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk + UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2 + rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/ + sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY + 631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1 + H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv + e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt + ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW + MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP + zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J + 89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un + TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb + aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS + eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09 + +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ + 43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo + p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO + fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT + mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ + ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA + YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3 + aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC + jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK + vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T + INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA + wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3 + Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf + ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR + 9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu + Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm + q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O + eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ + USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx + qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk + p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL + 1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS + orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY + BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL + YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5 + ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm + HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h + TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9 + jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ + ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B + Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU + V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5 + RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc + Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc + Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh + PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1 + zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV + e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt + eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz + zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c + 6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw + eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV + HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu + by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT + n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50 + mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL + PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe + xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg + wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0 + ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp + EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr + d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb + 7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi + F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7 + HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM + yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC + Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV + lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw + xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm + LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi + eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A + CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb + U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB + +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw + IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx + 4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe + FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD + yYRBt5UqwGovABM08jYkuA== diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h index 88a99a5..6eee7a3 100644 --- a/src/manager/crypto/generic-backend/gstore.h +++ b/src/manager/crypto/generic-backend/gstore.h @@ -41,6 +41,11 @@ struct Data { // Too generic. The name does not say anything aobut content. struct DataEncryption { + DataEncryption() {}; + DataEncryption(RawBuffer encKey, RawBuffer ivector) + : encryptedKey(std::move(encKey)) + , iv(std::move(ivector)) + {} RawBuffer encryptedKey; RawBuffer iv; }; diff --git a/src/manager/crypto/platform/decider.cpp b/src/manager/crypto/platform/decider.cpp index 6c63c49..2f73b1f 100644 --- a/src/manager/crypto/platform/decider.cpp +++ b/src/manager/crypto/platform/decider.cpp @@ -32,7 +32,11 @@ namespace CKM { namespace Crypto { namespace { -CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable) { +CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encrypted) { +// Only software backend supports device encyption key + if (encrypted) + return CryptoBackend::OpenSSL; + // The list of items that MUST be support by OpenSSL if (dataType.isCertificate()) return CryptoBackend::OpenSSL; @@ -77,8 +81,8 @@ GStore& Decider::getStore(CryptoBackend cryptoBackend) const { "Backend not available. BackendId: ", (int)cryptoBackend); } -GStore& Decider::getStore(DataType data, bool exportable) const { - return getStore(chooseCryptoBackend(data, exportable)); +GStore& Decider::getStore(DataType data, bool exportable, bool encrypted) const { + return getStore(chooseCryptoBackend(data, exportable, encrypted)); } } // namespace Crypto diff --git a/src/manager/crypto/platform/decider.h b/src/manager/crypto/platform/decider.h index 6be147c..81ad3d0 100644 --- a/src/manager/crypto/platform/decider.h +++ b/src/manager/crypto/platform/decider.h @@ -36,7 +36,7 @@ class Decider { public: Decider(); GStore& getStore(const Token &token) const; - GStore& getStore(DataType data, bool exportable) const; + GStore& getStore(DataType data, bool exportable, bool encrypted = false) const; virtual ~Decider(){} protected: diff --git a/src/manager/initial-values/BufferHandler.cpp b/src/manager/initial-values/BufferHandler.cpp index 1ce108c..0ceff74 100644 --- a/src/manager/initial-values/BufferHandler.cpp +++ b/src/manager/initial-values/BufferHandler.cpp @@ -27,14 +27,28 @@ #include #include +namespace +{ +const char * const XML_ATTR_IV = "IV"; +} + namespace CKM { namespace InitialValues { BufferHandler::BufferHandler(EncodingType type) : m_encoding(type) {} BufferHandler::~BufferHandler() {} -void BufferHandler::Start(const XML::Parser::Attributes &) +void BufferHandler::Start(const XML::Parser::Attributes &attr) { + // get key type + if(attr.find(XML_ATTR_IV) != attr.end()) { + std::string IVstring = attr.at(XML_ATTR_IV); + Base64Decoder base64; + base64.reset(); + base64.append(RawBuffer(IVstring.begin(), IVstring.end())); + base64.finalize(); + m_IV = base64.get(); + } } @@ -46,6 +60,7 @@ void BufferHandler::Characters(const std::string & data) void BufferHandler::End() { + // decoding section switch(m_encoding) { // PEM requires that "----- END" section comes right after "\n" character @@ -59,6 +74,7 @@ void BufferHandler::End() // Base64 decoder also does not accept any whitespaces case DER: case BASE64: + case ENCRYPTED: { std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end())); Base64Decoder base64; diff --git a/src/manager/initial-values/BufferHandler.h b/src/manager/initial-values/BufferHandler.h index eaef9d0..ef4d2cf 100644 --- a/src/manager/initial-values/BufferHandler.h +++ b/src/manager/initial-values/BufferHandler.h @@ -26,6 +26,7 @@ #include #include #include +#include namespace CKM { namespace InitialValues { @@ -45,9 +46,18 @@ public: const RawBuffer & getData() const { return m_data; } + bool isEncrypted() const { + if(m_encoding == EncodingType::ENCRYPTED) + return true; + return false; + } + const RawBuffer & getIV() const { + return m_IV; + } private: - EncodingType m_encoding; - RawBuffer m_data; + EncodingType m_encoding; + RawBuffer m_IV; + RawBuffer m_data; }; } diff --git a/src/manager/initial-values/CertHandler.h b/src/manager/initial-values/CertHandler.h index 4050411..e31cbfa 100644 --- a/src/manager/initial-values/CertHandler.h +++ b/src/manager/initial-values/CertHandler.h @@ -32,7 +32,8 @@ namespace InitialValues { class CertHandler : public InitialValueHandler { public: - explicit CertHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic) {} + explicit CertHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey) {} virtual ~CertHandler(); virtual DataType getDataType() const; diff --git a/src/manager/initial-values/DataHandler.h b/src/manager/initial-values/DataHandler.h index 1ccc4e8..cb5987b 100644 --- a/src/manager/initial-values/DataHandler.h +++ b/src/manager/initial-values/DataHandler.h @@ -32,7 +32,8 @@ namespace InitialValues { class DataHandler : public InitialValueHandler { public: - explicit DataHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic) {} + explicit DataHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey) {} virtual ~DataHandler(); virtual DataType getDataType() const; diff --git a/src/manager/initial-values/EncodingType.h b/src/manager/initial-values/EncodingType.h index b7f513d..d40e2dd 100644 --- a/src/manager/initial-values/EncodingType.h +++ b/src/manager/initial-values/EncodingType.h @@ -30,7 +30,9 @@ enum EncodingType { PEM, DER, ASCII, - BASE64 + BASE64, + // encrypted + ENCRYPTED }; } diff --git a/src/manager/initial-values/InitialValueHandler.cpp b/src/manager/initial-values/InitialValueHandler.cpp index 00ea520..7118624 100644 --- a/src/manager/initial-values/InitialValueHandler.cpp +++ b/src/manager/initial-values/InitialValueHandler.cpp @@ -60,37 +60,48 @@ void InitialValueHandler::Start(const XML::Parser::Attributes &attr) void InitialValueHandler::End() { - if(m_bufferHandler) + if (!m_bufferHandler) { + LogError("Invalid data with name: " << m_name << ", reason: no key data!"); + return; + } + + // save data + Policy policy(m_password, m_exportable); + + Crypto::DataEncryption de; + if(m_bufferHandler->isEncrypted()) { + de.encryptedKey = m_encryptedKey; + de.iv = m_bufferHandler->getIV(); + } + + int ec = m_db_logic.importInitialData(m_name, + Crypto::Data(getDataType(), m_bufferHandler->getData()), + de, + policy); + + if(CKM_API_SUCCESS != ec) { + LogError("Saving type: " << getDataType() << " with params: name(" << + m_name << "), exportable(" << m_exportable<< ") failed, code: " << ec); + return; + } + + // save permissions + for(const auto & permission : m_permissions) { - // save data - Policy policy(m_password, m_exportable); - int ec = m_db_logic.verifyAndSaveDataHelper( + ec = m_db_logic.setPermissionHelper( Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM), m_name, OWNER_ID_SYSTEM, - Crypto::Data(getDataType(), m_bufferHandler->getData()), - PolicySerializable(policy)); - if(CKM_API_SUCCESS == ec) - { - // save permissions - for(const auto & permission : m_permissions) - { - ec = m_db_logic.setPermissionHelper( - Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM), - m_name, - OWNER_ID_SYSTEM, - permission->getAccessor(), - Permission::READ); - if(CKM_API_SUCCESS != ec) - LogError("Saving permission to: " << m_name << " with params: accessor("<getAccessor()<<") failed, code: " << ec); - } + permission->getAccessor(), + Permission::READ); + if (CKM_API_SUCCESS != ec) { + LogError("Saving permission to: " << m_name << + " with params: accessor(" << permission->getAccessor() << + ") failed, code: " << ec); } - else - LogError("Saving type: " << getDataType() << " with params: name("< InitialValueHandlerPtr; - explicit InitialValueHandler(CKMLogic & db_logic) : m_exportable(false), - m_db_logic(db_logic) {} + explicit InitialValueHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : m_exportable(false), m_db_logic(db_logic), m_encryptedKey(encryptedKey) {} virtual ~InitialValueHandler() {}; BufferHandler::BufferHandlerPtr CreateBufferHandler(EncodingType type); @@ -56,6 +56,7 @@ protected: Password m_password; bool m_exportable; CKMLogic & m_db_logic; + const CKM::RawBuffer & m_encryptedKey; BufferHandler::BufferHandlerPtr m_bufferHandler; std::vector m_permissions; diff --git a/src/manager/initial-values/InitialValuesFile.cpp b/src/manager/initial-values/InitialValuesFile.cpp index 166f158..31cebb0 100644 --- a/src/manager/initial-values/InitialValuesFile.cpp +++ b/src/manager/initial-values/InitialValuesFile.cpp @@ -43,6 +43,9 @@ const char * const XML_TAG_PEM = "PEM"; const char * const XML_TAG_DER = "DER"; const char * const XML_TAG_ASCII = "ASCII"; const char * const XML_TAG_BASE64 = "Base64"; +const char * const XML_TAG_ENCRYPTED_DER = "EncryptedDER"; +const char * const XML_TAG_ENCRYPTED_ASCII = "EncryptedASCII"; +const char * const XML_TAG_ENCRYPTED_BINARY = "EncryptedBinary"; const char * const XML_TAG_PERMISSION = "Permission"; const char * const XML_ATTR_VERSION = "version"; } @@ -79,7 +82,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_KEY, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::KEY); + return GetObjectHandler(ObjectType::KEY, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -88,7 +91,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_CERT, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::CERT); + return GetObjectHandler(ObjectType::CERT, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -97,7 +100,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_DATA, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::DATA); + return GetObjectHandler(ObjectType::DATA, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -140,6 +143,33 @@ void InitialValuesFile::registerElementListeners() { ReleaseBufferHandler(EncodingType::BASE64); }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_DER, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_ASCII, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_BINARY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); m_parser.RegisterElementCb(XML_TAG_PERMISSION, [this]() -> XML::Parser::ElementHandlerPtr { @@ -183,20 +213,21 @@ int InitialValuesFile::Parse() return ec; } -XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type) +XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type, + const CKM::RawBuffer &encryptedKey) { switch(type) { case KEY: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; case CERT: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; case DATA: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; default: diff --git a/src/manager/initial-values/InitialValuesFile.h b/src/manager/initial-values/InitialValuesFile.h index 1572e2f..c3cccbb 100644 --- a/src/manager/initial-values/InitialValuesFile.h +++ b/src/manager/initial-values/InitialValuesFile.h @@ -52,7 +52,7 @@ protected: DATA }; - XML::Parser::ElementHandlerPtr GetObjectHandler(ObjectType type); + XML::Parser::ElementHandlerPtr GetObjectHandler(ObjectType type, const CKM::RawBuffer &encryptedKey); void ReleaseObjectHandler(ObjectType type); XML::Parser::ElementHandlerPtr GetBufferHandler(EncodingType type); @@ -60,12 +60,8 @@ protected: XML::Parser::ElementHandlerPtr GetPermissionHandler(); void ReleasePermissionHandler(); -private: - std::string m_filename; - XML::Parser m_parser; - InitialValueHandler::InitialValueHandlerPtr m_currentHandler; - CKMLogic & m_db_logic; +private: class HeaderHandler : public XML::Parser::ElementHandler { public: @@ -95,6 +91,10 @@ private: InitialValuesFile & m_parent; }; + std::string m_filename; + XML::Parser m_parser; + InitialValueHandler::InitialValueHandlerPtr m_currentHandler; + CKMLogic & m_db_logic; typedef std::shared_ptr HeaderHandlerPtr; typedef std::shared_ptr EncryptionKeyHandlerPtr; HeaderHandlerPtr m_header; diff --git a/src/manager/initial-values/KeyHandler.h b/src/manager/initial-values/KeyHandler.h index c26e429..b921b47 100644 --- a/src/manager/initial-values/KeyHandler.h +++ b/src/manager/initial-values/KeyHandler.h @@ -33,8 +33,8 @@ namespace InitialValues { class KeyHandler : public InitialValueHandler { public: - explicit KeyHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic), - m_keyType(KeyType::KEY_NONE) {} + explicit KeyHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey), m_keyType(KeyType::KEY_NONE) {} virtual ~KeyHandler(); virtual void Start(const XML::Parser::Attributes &); diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 5b8f1a3..4819857 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1092,6 +1092,38 @@ RawBuffer CKMLogic::getDataList( return response.Pop(); } +int CKMLogic::importInitialData( + const Name &name, + const Crypto::Data &data, + const Crypto::DataEncryption &enc, + const Policy &policy) +{ + if (CKM_API_SUCCESS != unlockSystemDB() ) + ThrowErr(Exc::DatabaseLocked, "can not unlock system database"); + auto &handler = m_userDataMap[SYSTEM_DB_UID]; + + if (!isNameValid(name)) + return CKM_API_ERROR_INPUT_PARAM; + + Crypto::GStore& store = + m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); + + Token token; + if (enc.encryptedKey.empty()) + token = store.import(data, m_accessControl.isCCMode() ? "" : policy.password); + else + token = store.importEncrypted(data, m_accessControl.isCCMode() ? "" : policy.password, enc); + + DB::Row row(std::move(token), name, OWNER_ID_SYSTEM, static_cast(policy.extractable)); + handler.crypto.encryptRow(row); + + DB::Crypto::Transaction transaction(&handler.database); + handler.database.saveRow(row); + transaction.commit(); + + return CKM_API_SUCCESS; +} + int CKMLogic::saveDataHelper( const Credentials &cred, const Name &name, diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 610fb7f..3c1cb3a 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -185,11 +185,11 @@ public: const PermissionMask permissionMask); int setPermissionHelper( - const Credentials &cred, - const Name &name, - const Label &ownerLabel, - const Label &accessorLabel, - const PermissionMask permissionMask); + const Credentials &cred, + const Name &name, + const Label &ownerLabel, + const Label &accessorLabel, + const PermissionMask permissionMask); int verifyAndSaveDataHelper( const Credentials &cred, @@ -198,11 +198,18 @@ public: const Crypto::Data &data, const PolicySerializable &policy); - int getKeyForService(const Credentials &cred, - const Name &name, - const Label &label, - const Password& pass, - Crypto::GObjShPtr& key); + int getKeyForService( + const Credentials &cred, + const Name &name, + const Label &label, + const Password& pass, + Crypto::GObjShPtr& key); + + int importInitialData( + const Name &name, + const Crypto::Data &data, + const Crypto::DataEncryption &enc, + const Policy &policy); protected: int unlockSystemDB(); diff --git a/tests/XML_3_encrypted.xml b/tests/XML_3_encrypted.xml index b82b20d..2e452a8 100644 --- a/tests/XML_3_encrypted.xml +++ b/tests/XML_3_encrypted.xml @@ -115,11 +115,12 @@ - + BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ @@ -137,41 +138,34 @@ - - H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH - N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE - W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf - 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B - ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk - QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi - w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL - /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ - VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 - W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO - 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk - 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg - q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr - GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ - SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX - SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX - RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn - yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ - +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 - xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm - /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy - 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq - 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx - j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD - /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + + pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw + /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv + l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7 + XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2 + /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d + osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU + 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf + TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e + ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL + oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG + ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ + tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos + kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC + DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo + LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO + XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi + 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk + a+r+N4lsYPKJbX2ywUvDHg== - zuBDjp8ptFthrU69Ua5cfg== + zuBDjp8ptFthrU69Ua5cfg== - + weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn -- 2.7.4 From d4f99fea8ba5ee3ffe06b04cc0b61e0d9cba327d Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 16 Nov 2015 15:18:01 +0100 Subject: [PATCH 13/16] Load app key when importing initial values [Problem] Missing app key. [Solution] Fixed. [Verification] Run tests Change-Id: If1a156094bb81a349af41f077443c6503b9cea04 --- src/manager/service/ckm-logic.cpp | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 4819857..2a6e9b1 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1098,12 +1098,16 @@ int CKMLogic::importInitialData( const Crypto::DataEncryption &enc, const Policy &policy) { - if (CKM_API_SUCCESS != unlockSystemDB() ) - ThrowErr(Exc::DatabaseLocked, "can not unlock system database"); - auto &handler = m_userDataMap[SYSTEM_DB_UID]; + // Inital values are always imported with root credentials. Label is not important. + Credentials rootCred(0,""); - if (!isNameValid(name)) - return CKM_API_ERROR_INPUT_PARAM; + auto &handler = selectDatabase(rootCred, OWNER_ID_SYSTEM); + + // check if save is possible + DB::Crypto::Transaction transaction(&handler.database); + int retCode = checkSaveConditions(rootCred, handler, name, OWNER_ID_SYSTEM); + if(retCode != CKM_API_SUCCESS) + return retCode; Crypto::GStore& store = m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); @@ -1117,7 +1121,6 @@ int CKMLogic::importInitialData( DB::Row row(std::move(token), name, OWNER_ID_SYSTEM, static_cast(policy.extractable)); handler.crypto.encryptRow(row); - DB::Crypto::Transaction transaction(&handler.database); handler.database.saveRow(row); transaction.commit(); -- 2.7.4 From 106b8c24ffc7eff3e44d7ea60ef9c56e6ac9ca68 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Mon, 23 Nov 2015 11:09:34 +0100 Subject: [PATCH 14/16] Conversion PEM -> DER moved to store. Change-Id: Ia748520a828f1dfcb3097dbde0ac28aaf22a8c52 --- src/manager/crypto/sw-backend/internals.cpp | 36 ++++++++++++++++++++++++++--- src/manager/crypto/sw-backend/internals.h | 2 ++ src/manager/crypto/sw-backend/store.cpp | 6 +++-- 3 files changed, 39 insertions(+), 5 deletions(-) diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp index 6239c66..861f623 100644 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -788,7 +788,7 @@ RawBuffer signMessage(EVP_PKEY *privKey, const int rsa_padding) { EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(privKey, NULL), EVP_PKEY_CTX_free); - + if(!pctx.get()) { ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function"); } @@ -836,7 +836,7 @@ RawBuffer digestSignMessage(EVP_PKEY *privKey, const int rsa_padding) { EvpMdCtxUPtr mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_destroy); - + EVP_PKEY_CTX *pctx = NULL; // Create the Message Digest Context @@ -948,7 +948,7 @@ int verifyMessage(EVP_PKEY *pubKey, if(EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), signature.size(), message.data(), message.size())) { return CKM_API_SUCCESS; - } + } LogError("EVP_PKEY_verify Failed"); return CKM_API_ERROR_VERIFICATION_FAILED; @@ -990,7 +990,37 @@ int digestVerifyMessage(EVP_PKEY *pubKey, return CKM_API_ERROR_VERIFICATION_FAILED; } +RawBuffer toBinaryData(DataType dataType, const RawBuffer &buffer) +{ + // verify the data integrity + if (dataType.isKey()) + { + KeyShPtr output_key; + if(dataType.isSKey()) + output_key = CKM::Key::createAES(buffer); + else + output_key = CKM::Key::create(buffer); + if(output_key.get() == NULL) + ThrowErr(Exc::Crypto::InputParam, "Provided data is not valid key data"); + + return output_key->getDER(); + } + else if (dataType.isCertificate() || dataType.isChainCert()) + { + CertificateShPtr cert = CKM::Certificate::create(buffer, DataFormat::FORM_DER); + + if(cert.get() == NULL) + ThrowErr(Exc::Crypto::InputParam, "Provided data is not valid certificate"); + + return cert->getDER(); + } + + // TODO: add here BINARY_DATA verification, i.e: max size etc. + return buffer; +} + } // namespace Internals } // namespace SW } // namespace Crypto } // namespace CKM + diff --git a/src/manager/crypto/sw-backend/internals.h b/src/manager/crypto/sw-backend/internals.h index ecf52d4..eac23ee 100644 --- a/src/manager/crypto/sw-backend/internals.h +++ b/src/manager/crypto/sw-backend/internals.h @@ -122,6 +122,8 @@ int digestVerifyMessage(EVP_PKEY *pubKey, const EVP_MD *md_algo, const int rsa_padding); +RawBuffer toBinaryData(DataType dataType, const RawBuffer &buffer); + } // namespace Internals } // namespace SW } // namespace Crypto diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index d59cea1..29cf08a 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -215,7 +215,8 @@ Token Store::generateSKey(const CryptoAlgorithm &algorithm, const Password &pass } Token Store::import(const Data &data, const Password &pass) { - return Token(m_backendId, data.type, pack(data.data, pass)); + RawBuffer converted = Internals::toBinaryData(data.type, data.data); + return Token(m_backendId, data.type, pack(converted, pass)); } Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc) { @@ -232,7 +233,8 @@ Token Store::importEncrypted(const Data &data, const Password &pass, const DataE algorithmAESCBC.setParam(ParamName::ALGO_TYPE, AlgoType::AES_CBC); algorithmAESCBC.setParam(ParamName::ED_IV, enc.iv); RawBuffer rawData = aesKey.decrypt(algorithmAESCBC, data.data); - return Token(m_backendId, data.type, pack(rawData, pass)); + RawBuffer converted = Internals::toBinaryData(data.type, rawData); + return Token(m_backendId, data.type, pack(converted, pass)); } } // namespace SW -- 2.7.4 From faf87d6274d1c616fcd137124e0d5f54ee8e84cd Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 19 Nov 2015 13:50:20 +0100 Subject: [PATCH 15/16] License date updated [Problem] Wrong date in LICENSE file [Solution] Date fixed [Verification] Compare with current year Change-Id: Ia9a4d2da70d6f01d5f036c376e220b9637f81870 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 247c97d..8534b2c 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved. +Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd. All rights reserved. Apache License Version 2.0, January 2004 -- 2.7.4 From 984a58ab8ca99964d8be0ba36549d518988c9f34 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Wed, 25 Nov 2015 10:19:17 +0100 Subject: [PATCH 16/16] Detailed documentation for encryption/decryption API [Problem] The encryption/decryption API documentation in header file wasn't detailed enough. [Solution] Add more more details. [Verification] Rate intelligibility of documentation Change-Id: I2695651928ccf294e94fed2e4c2d0a4019365582 --- src/include/ckmc/ckmc-manager.h | 22 +++++++++++++----- src/include/ckmc/ckmc-type.h | 50 ++++++++++++++++++++++++++++++----------- 2 files changed, 54 insertions(+), 18 deletions(-) diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index d7ccd59..35a3413 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -1095,12 +1095,16 @@ int ckmc_remove_alias(const char *alias); * * @remarks Key identified by @a key_alias should exist. * - * @param[in] params Algorithm parameter list handle + * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details * @param[in] key_alias Alias of the key to be used for encryption * @param[in] password The password used in decrypting a key value \n * If password of policy is provided in ckmc_save_key(), the same * password should be provided - * @param[in] decrypted Data to be encrypted + * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no + * restrictions on the size of data. For RSA the size must be smaller + * or equal to - 42. Example: for 1024 RSA key the + * maximum data size is 1024/8 - 42 = 86. * @param[out] ppencrypted Encrypted data (some algorithms may return additional information * embedded in encrypted data. AES GCM is an example) \n * The caller is responsible for freeing @a encrypted with @@ -1109,7 +1113,9 @@ int ckmc_remove_alias(const char *alias); * @return @c 0 on success, otherwise a negative error value * * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, decrypted = NULL, + * ppencrypted = NULL) * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged * in) * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason @@ -1128,6 +1134,7 @@ int ckmc_remove_alias(const char *alias); * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_encrypt_data(ckmc_param_list_h params, const char *key_alias, @@ -1142,7 +1149,9 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * * @remarks Key identified by @a key_alias should exist. * - * @param[in] params Algorithm parameter list handle + * @param[in] params Algorithm parameter list handle. You should use the same parameters + * that were used for encryption. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details * @param[in] key_alias Alias of the key to be used for encryption * @param[in] password The password used in decrypting a key value \n * If password of policy is provided in ckmc_save_key(), the same @@ -1156,7 +1165,9 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * @return @c 0 on success, otherwise a negative error value * * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, encrypted = NULL, + * ppdecrypted = NULL) * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged * in) * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason @@ -1175,6 +1186,7 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_decrypt_data(ckmc_param_list_h params, const char *key_alias, diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h index 507d223..997ed96 100644 --- a/src/include/ckmc/ckmc-type.h +++ b/src/include/ckmc/ckmc-type.h @@ -264,6 +264,19 @@ typedef enum __ckmc_param_name { /** * @brief Handle for algorithm parameter list. * @since_tizen 3.0 + * + * Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the + * algorithm. See #ckmc_algo_type_e for available algorithms and additional parameters they support. + * + * @see ckmc_generate_new_params() + * @see ckmc_param_list_new() + * @see ckmc_param_list_set_integer() + * @see ckmc_param_list_set_buffer() + * @see ckmc_param_list_get_integer() + * @see ckmc_param_list_get_buffer() + * @see ckmc_param_list_free() + * @see #ckmc_algo_type_e + * @see #ckmc_param_name_e */ typedef struct __ckmc_param_list *ckmc_param_list_h; @@ -276,31 +289,35 @@ typedef struct __ckmc_param_list *ckmc_param_list_h; typedef enum __ckmc_algo_type { CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_IV - - CKMC_PARAM_ED_CTR_LEN (128 only) */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) + - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits + (optional, only 128b is supported at the moment) */ CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_IV */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_IV - - CKMC_PARAM_ED_TAG_LEN - - CKMC_PARAM_ED_AAD */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), + - CKMC_PARAM_ED_IV = initialization vector(mandatory) + - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of + {32, 64, 96, 104, 112, 120, 128} (optional, if not present the + length 128 is used) + - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_IV */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_LABEL */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), + - CKMC_PARAM_ED_LABEL = label to be associated with the message + (optional, not supported at the moment) */ } ckmc_algo_type_e; /** @@ -746,6 +763,7 @@ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_new(ckmc_param_list_h *pparams); @@ -778,6 +796,7 @@ int ckmc_param_list_new(ckmc_param_list_h *pparams); * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_set_integer(ckmc_param_list_h params, ckmc_param_name_e name, @@ -813,6 +832,7 @@ int ckmc_param_list_set_integer(ckmc_param_list_h params, * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_set_buffer(ckmc_param_list_h params, ckmc_param_name_e name, @@ -845,6 +865,7 @@ int ckmc_param_list_set_buffer(ckmc_param_list_h params, * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_get_integer(ckmc_param_list_h params, @@ -880,6 +901,7 @@ int ckmc_param_list_get_integer(ckmc_param_list_h params, * @see ckmc_buffer_free() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_get_buffer(ckmc_param_list_h params, ckmc_param_name_e name, @@ -900,6 +922,7 @@ int ckmc_param_list_get_buffer(ckmc_param_list_h params, * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ void ckmc_param_list_free(ckmc_param_list_h params); @@ -931,6 +954,7 @@ void ckmc_param_list_free(ckmc_param_list_h params); * @see ckmc_param_list_free() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_generate_new_params(ckmc_algo_type_e type, ckmc_param_list_h *pparams); -- 2.7.4